N+I: security attempts to steal show

Under fire for relentless network security breaches, IDS (intrusion detection system) vendors are readying new wares to boost speed and narrow anomaly-determination methods.

At the Network+Interop conference in Las Vegas this month, Cisco Systems Inc., Enterasys Networks Inc., Intruvert Networks Inc. and Recourse Technologies Inc. all unveiled products armed with improved performance to flag and thwart complex attacks that sift easily through network defences.

The problem was illustrated in a 2001 survey released by the U.S. Federal Bureau of Investigations and the Computer Science Institute last month: 74 per cent of respondents said their external Internet connection was a point of attack.

Hoping to reverse that trend, Cisco announced several new extensions to its IDS and a security-based Safe blueprint at the conference.

Despite its struggles, Cisco appliance competitor Enterasys also made noise in Las Vegas, pulling the covers off its upgraded Dragon IDS product line due in August. The four-product Dragon 6.0 family will feature a new pay-per-performance licensing model that offers customers three separate pricing schemes to choose from based upon network size and bandwidth speeds, said Chris Petersen, product marketing manager for Portsmouth, N.H.-based Enterasys.

Petersen said the need to bolster performance is often overemphasized in many cases compared to other problems that exist within an IDS framework.

“I think more important to performance is overall information management and helping an organization make decisions based upon the [security and network] events they see,” Petersen said. “If you can’t do that effectively, more performance doesn’t give you anything, it just gives you more information you can’t handle.”

San Jose, Calif.-based Intruvert introduced its IntruShield product line, which features integrated signature, anomaly, and DoS (denial-of-service) analysis within a single platform. Available this summer, IntruShield 4000 and its smaller scale IntruShield 2600 products include Web-based updates and management.

Recourse Technologies tried to shore up criticized shortcomings of its IDS through its new ManTrap 3.0 and ManTrap 2.1 releases at N+I.

Melding IDS with a “honeypot” approach, new aspects of ManTrap include Session Watch to monitor an attacker’s keystrokes in real time for playback; Scheduled Console Reporting for threat trending and primary at-risk resources; and Policy Based Response to send alerts via e-mail or SNMP, said Fred Kost, vice president of marketing at Redwood City, Calif.-based Recourse.

Getting a firm grip on managing the massive influx of false positives accrued by IDS devices and moving away from signature-based methodologies remains a serious challenge, said Richard Mogull, research director for Stamford, Conn.-based Gartner Group.

“The successes in that area are kind of limited right now,” Mogull said. “No one has really gotten their hands around this behavioural-based protection system yet.”