ISS improves intrusion detection system
- 17 June, 2002 08:00
Internet Security Systems Inc. on Wednesday released a version of its IDS (intrusion detection system) software that combines previously owned and acquired technologies.
Featuring several components from the company's June 2001 acquisition of Network ICE, Version 7.0 of the RealSecure Network Sensor software suite includes enhancements in the areas of protocol analysis, signature-based detection, and filtering of packets, according to the company.
Employing the company's existing engine, the new version of RealSecure Network Sensor processes packets at gigabit speed and now has the ability to grab packets and inspect them through technology devised by Network ICE.
"The result of combining the two technologies is a product that is fast and provides detailed protocol analysis," said Dan Nadir, director of protection solutions at Atlanta-based ISS. He added that the product is unique from competitors because of its ability to examine all types of traffic without a decrease in performance.
"We're not limited by what we are looking for," said Nadir. "I think we're the only company that can say this." Nadir said that that as additional functions are added to a competitor's product, it almost always means decreased performance.
Rather than solely relying on a signature-based engine, ISS claims its system strips away the extraneous code hackers add to an attack in order to bypass or trick competing IDS products.
In addition, the new version can also determine the success of a given attack by looking at the string returned form the server under attack.
In an attempt to win new customers using the open-source IDS, Snort, ISS has also added the ability to import user-created signatures created for Snort to Version 7.0. This, Nadir said, is beneficial for those who no longer want to maintain their own IDS by creating new signatures.
Future releases of the product will focus on usability improvements as well as increasing the speed at which packets are processed.
"By year's end we expect to do protocol processing at speeds greater than a Gigabit," said Nadir.
RealSecure Network Sensor Version 7.0 is available immediately and starts in price at $8,995.