Sporting an "in-line" packet traffic viewing approach that some security experts say resembles a firewall, IntruVert Networks Inc. this week announced its IntruShield product line.
IntruShield combines signature, DoS (denial-of-service) analysis, and anomaly searching capabilities into a management console, said Parveen Kain, CEO and president of San Jose, Calif.-based IntruVert. The product features IDS (intrusion detection system) sensor appliances focused on proactive intrusion prevention and the reduction of false positives and false negatives.
Kain said IntruShield is constructed to carry deep-packet inspection at speeds of as fast as 2Gbps. This allows customers to leverage the sensor's high throughput to support multiple network segments in order to inspect file packet paths from endpoint to endpoint across an enterprise, he added.
Analyst Pete Lindstrom, director of security strategies at The Hurwitz Group Inc., in Framingham, Mass., said the first questions IDS customers are asking their security vendors concern high availability and fail-over requirements, typically in response to false positives and false negatives. A false positive occurs when a nontrusted packet or entity is allowed to enter a system. A false negative is a legitimate packet that is incorrectly refused access.
Lindstrom said innocuous threats can lead to such a sheer number of alerts that nonthreatening traffic may be in jeopardy or stalled.
"That as a business issue is one of the critical components of any security architecture. The risk is you're going to block legitimate traffic. If you block legitimate users from your systems, you're in big trouble," Lindstrom said.
"The big challenge here is: How can you go from a plethora of false positives to actively blocking traffic?"
By acting as a "bump on the wire," rather than passively watching traffic, Lindstrom said IntruVert is following suit of other IDS and firewall vendors by getting smarter about protocol activity and anomaly detection to make changes or modify rules when warranted.
The IntruShield 4000 sensor appliance, designed to support large networks capable of detection rates as fast as 2Gbps, is available at a cost of US$99,995.
The IntruShield 2600 sensor appliance, designed to support midsize-to-large networks, scales to detection rates as fast as 600Mbps, is shipping for $34,995.