Trio of IDS vendors show latest wares

Choice in intrusion-detection systems gets wider this week as start-up NetContinuum makes its debut with a Web security appliance, while ForeScout Technologies and Top Layer Networks expand their product lines for thwarting network attacks.

Choice in intrusion-detection systems gets wider this week as start-up NetContinuum makes its debut with a Web security appliance, while ForeScout Technologies and Top Layer Networks expand their product lines for thwarting network attacks.

NetContinuum will unveil the Web Security Gateway NC-1000, an application-layer gateway appliance that sits behind a firewall and in front of a Web server to block HTTP-based attacks and serve as a proxy for access control and Secure Sockets Layer (SSL) encryption processes.

NC-1000 is intended to perform application-intrusion prevention like competitors Sanctum, KaVaDo and Stratum8 perform with their software-based products, but also offers an encryption engine and access control based on passwords or certificates.

NC-1000 can reach near-gigabit speed to process 6,000 encrypted sessions per second or 1 million unencrypted sessions. The gateway also can hide information about the Web site, making it harder for hackers to determine the Web server platform.

“We wanted to ‘masquerade’ our front-end systems,” says Mike O’Connell, systems architect at Ross Stores in Newark, Calif., who’s been beta-testing the NC-1000 as a core security component for the retail chain’s Web-based business-to-business site.

“But we were also looking to solve three or four problems at once with this, including SSL encryption and intrusion detection,”he says.

Ross Stores is opting to use the public-key digital certificate capability in NC-1000 to provide these trading partners with a certificate for secure access to the Ross Stores Web site. NC-1000 also can provide a log of Web-based transactions and time-stamp them.

According to Pete Lindstrom, research director at Spire Security, there is no other product comparable to NC-1000. “This represents a convergence between the IDS and trust capabilities in one security appliance,” he says.

NetContinuum was founded by two network engineers, Peter Roman, vice president of engineering, and Jan Bialkowski, CTO, with $36 million in venture capital funding, primarily from Menlo Ventures, according to Wes Wasson, NetContinuum’s vice president of marketing.

The interest in stopping attacks rather than simply monitoring them has other IDS vendors stepping up their own efforts.

ForeScout, which last year introduced ActiveScout Site Solution for stopping network-based attacks outside the perimeter firewall, now has a version of the IDS that can be managed more effectively across a large company.

Unlike the first version of ActiveScout, where Scout devices had to report to its own management console, the new version available this week, called ActiveScout Enterprise, lets a central console manage up to 50 Scouts.

The Scout device doesn’t block attacks but instead thwarts connections from attackers through techniques such as TCP re-set, says Nancy Blair, ForeScout’s vice president of marketing.

Meanwhile, Top Layer will announce products aimed at letting customers block HTTP Port 80 attacks. Top Layer’s previous Attack Mitigator products focused on stopping denial-of-service attacks.

The new products, called Attack Mitigator IPS, look at HTTP traffic and other Web server vulnerabilities. Top Layer’s four in-line IDS products can operate in active-blocking or passive-monitoring mode.

The $15,000 Attack Mitigator IPS 100, for use on a 100M bit/sec link, has a physical bypass capability in the event the in-line active-blocking device goes down. The $25,000 gigabit-speed Enterprise 1000, with up to seven 100M bit/sec ports, is for use on the Internet perimeter and inside the corporate network.

The IPS 2400 and the IPS 2800, costing from $125,000 to $250,000, are for data centers where four to eight of the appliances can be clustered to meet routing requirements common in Web-hosting facilities.

An early adopter of the Attack Mitigator IPS, Larry Pfeifer, network engineer at Widener University in Philadelphia, says the IDS appliance can block attacks against the university’s network without impeding legitimate flow. But Widener, which also uses the RealSecure passive-monitoring IDS from Internet Security Systems, has no plans to abandon this second IDS behind Attack Mitigator.

“I want this there to catch anything Attack Mitigator IPS doesn’t see and to have an IDS available if the in-line Attack Mitigator goes down,” Pfeifer says.

ForeScout, NetContinuum and Top Layer are taking the wraps off new wares this week.