Under fire for relentless network security breaches, IDS (intrusion detection system) vendors are readying new wares to boost speed and narrow anomaly-determination methods.
At the Networld+Interop conference in Last Vegas this week, Cisco Systems Inc., Enterasys Networks Inc., Intruvert Networks Inc., and Recourse Technologies Inc. will unveil products armed with improved performance to flag and thwart complex attacks that sift easily through network defenses.
The problem was illustrated in a 2001 survey released by the U.S. Federal Bureau of Investigations and the Computer Science Institute last month: 74 percent of respondents said their external Internet connection was a point of attack.
Hoping to reverse that trend, at N+I Cisco will announce several new extensions to its IDS and a security-based Safe blueprint, according to officials of the San Jose, Calif.-based networking giant.
Despite its struggles, Cisco appliance competitor Enterasys will make noise in Las Vegas as well, pulling the covers off its upgraded Dragon IDS product line due in August. The four-product Dragon 6.0 family will feature a new pay-per-performance licensing model that offers customers three separate pricing schemes to choose from based upon network size and bandwidth speeds, said Chris Petersen, product marketing manager for Enterasys.
Enhancements surrounding the Dragon 6.0 family include Dragon Network Sensor, which boasts improved performance via a new analysis algorithm; the redesigned, host-based Dragon Host Sensor, which offers a new modular architecture; user-interface improvements via Dragon Policy Manager; and Dragon Security Information Manager, Enterasys' back-end IDS technology that helps customers analyze and correlate security event information from numerous devices across an enterprise.
Petersen said the need to bolster performance is often overemphasized in many cases compared to other problems that exist within an IDS framework.
"I think more important to performance is overall information management and helping an organization make decisions based upon the [security and network] events they see," Petersen said. "If you can't do that effectively, more performance doesn't give you anything, it just gives you more information you can't handle."
Meanwhile at N+I, Intruvert will introduce its IntruShield product line, which features integrated signature, anomaly, and DoS (denial-of-service) analysis within a single platform. Available this summer, IntruShield 4000 and its smaller scale IntruShield 2600 products include Web-based updates and management; perform packet inspection up to 2Gbps and 600Mbps, respectively; and can create custom intrusion policies, said Raj Dhingra, vice president of marketing at San Jose, Calif.-based Intruvert.
Recourse Technologies will also try to shore up criticized shortcomings of its IDS through its new ManTrap 3.0 and ManTrap 2.1 releases at N+I.
Melding IDS with a "honeypot" approach, new aspects of ManTrap include Session Watch to monitor an attackers keystrokes in real time for playback; Scheduled Console Reporting for threat trending and primary at-risk resources; and Policy Based Response to send alerts via e-mail or SNMP, said Fred Kost, vice president of marketing at Redwood City, Calif.-based Recourse.
ManHunt 2.1 has been beefed up to perform network traffic monitoring up to 2Gbps. Kost said ManHunt's protocol anomaly detection has also been extended to routing protocols, including BGP (border gateway protocol) and HSRP (hot standby reliability protocol).
Getting a firm grip on managing the massive influx of false positives accrued by IDS devices and moving away from signature-based methodologies remains a serious challenge, said Richard Mogull, research director for Stamford, Conn.-based Gartner Group.
"The successes in that area are kind of limited right now," Mogull said. "No one has really gotten their hands around this behavioral-based protection system yet."
Meanwhile, anti-virus vendors are also feeling the sting of blended threats barreling through their defenses with ease.
To remedy the situation, last week Network Associates (NAI) joined with Internet Security Systems (ISS) in a three-year pact to integrate products and research efforts to support new offerings. As part of the pact, ISS will combine its RealSecure IDS and SiteProtector management console with NAI's Sniffer network detection and analysis software, McAfee anti-virus software, and ePolicy Orchestrator management system, company officials said.