SAN JOSE - Start-up IntruVert Networks last week took the wraps off a new line of intrusion-detection systems that can reliably inspect high-speed IP traffic flowing through a system without encountering problems such as inaccurately replicating traffic or missing attack streams.
Packet loss and other failures are not uncommon with high-speed intrusion-detection systems, which have to duplicate traffic to analyze it. However, beta-test users who deployed IntruVert's IntruShield 4000 appliance, which supports a maximum 2.2G bit/sec of traffic, and the IntruShield 2600 appliance, which reaches 600M bit/sec, say the intrusion-detection system doesn't falter at high speeds looking for about 800 different types of hacker or denial-of-service attacks.
Although vendors of gigabit-speed intrusion-detection systems continue to improve product performance, the track record of the way a gigabit intrusion-detection system behaves at high speed has not been good. Most products have simply not worked as intended over a particular speed, perhaps 600M bit/sec or even as low as 200M bit/sec (see review).
The fact that IntruVert is demonstrating through lab tests and in beta customer's production networks that its 2.2G bit/sec appliance can do the intrusion-detection system's job at up to 1.5G bit/sec puts the company - with 70 employees and $15 million in venture-capital backing - in the running with other intrusion-detection system makers in the high-speed race. These vendors include Internet Security Systems (ISS), TippingPoint Technologies, Intrusion, iPolicy Networks and Recourse Technologies, just acquired by Symantec.
"IntruVert has an ASIC-driven platform that lets it get this high performance," says Larry Holt, senior security architect at Computer Sciences Corp. (CSC), which manages network security for the National Library of Medicine, which is part of the National Institutes of Health in Bethesda, Md.
|
This 2,400-employee federal government facility, which shares journals and advanced research with other institutions, uses two 155M bit/sec OC-3 links to the Internet and a separate 622M bit/sec OC-12 link for research.
After testing the IntruVert intrusion-detection appliances in the CSC lab earlier this year, Holt installed them outside the firewall at the National Library of Medicine and inside it to monitor traffic, which can come in high burst rates, such as when the library sends information updates to Stanford University or NASA, for example.
"When you go to gigabit speeds, there's still the limit of actually getting the packets onto the wire, but the IntruVert [intrusion-detection system] is detecting at near-gigabit speed with 100% accuracy," Holt says. He says the National Security Agency has successfully tested the IntruVert appliances at well over gigabit speeds.
IntruVert CEO Parveen Jain says eight beta customers have been testing the product for four months. He vouches for its 1.5G bit/sec rate without packet loss or degradation in intrusion-detection system attack recognition.
"A lot of customers are saying they need gigabit performance," Holt says. He swapped out the ISS RealSecure 6.0 intrusion-detection system sensors for the IntruVert sensors because the ISS sensors, even in load-balancing mode, were dropping packets at high speeds. Holt says he hasn't tried out the new ISS RealSecure 7.0 sensor yet.
RELATED LINKS
