Sun Microsystems Inc. and antivirus company Symantec Corp. are releasing a “no hassles” intrusion detection system (IDS) appliance targeted at the enterprise and service provider markets, the two companies announced at the RSA Conference in San Francisco.
The iForce IDS Appliance is a 1U rack-mounted hardware appliance based on Sun’s LX50 server platform. The device runs Sun’s enterprise-class Solaris OS x86 operating system and will come outfitted with Symantec’s ManHunt intrusion detection software.
The iForce is capable of performing intrusion detection analysis at speeds up to 2Gbps, according to Sanjay Sharma, security segment manager at Sun.
The ManHunt software uses distributed network sensors and a variety of methods to identify threats including protocol anomaly detection, signature detection, traffic state profiling and statistical flow analysis.
The new appliance will offer features that are attractive to a wide range of enterprise customers such as protection of new “zero-day attacks” and four levels of failover, Sharma said.
While ManHunt has long been available on the Solaris platform, the new appliance offers customers simpler installation and management, as well as a more secure deployment than before, according to Fred Klein, senior manager of business development at Symantec of Cupertino, Calif.
For the new appliance, Sun, based in Santa Clara, Calif., and Symantec worked together to fine tune and optimize all components of the appliance for high speed intrusion detection, Klein said.
The device’s drivers, network card and operating systems were optimized for use with ManHunt. In addition, a special build of the ManHunt software was created specifically for deployment on the LX50 platform, according to Sharma and Klein.
Finally, the Solaris operating system was hardened by Sun engineers, with all components not required by the ManHunt software removed to eliminate possible avenues of attack against the device, Sharma said.
“The fewer lines of code there are, the fewer ways there are to get into the box,” he said.
While much of the fine tuning and hardening of the operating system are things that any Solaris customer could do, in theory, limited technical resources and the reality of systems management in many companies often prohibits it, making iForce’s streamlined configuration a valuable commodity, according to Sharma.
“It’s a unique process that we go through and that we recommend customers go through, but in past getting the box up and running, getting the right card and drivers installed, getting the OS hardened and getting ManHunt installed on top of that was ‘non trivial’,” Klein said.
“In most IT departments, it’s hard to have that level of expertise. Yeah, you probably have a couple people in each organization to that could do this, but do you want them to?” he said.
A single install procedure loads both the Solaris operating system and the ManHunt software. Once installed, a single management console can be used to control both the appliance and the ManHunt software.
By taking the vagaries of hardware and software installation and configuration out of the equation, Sun and Symantec are hoping that the iForce will find a home in smaller branch offices where IT resources and technical expertise are in shorter supply, Klein said.
IForce will also meet the needs of Symantec customers who wanted ManHunt ported to an appliance platform while allowing Symantec and Sun to compete in the hot market for intrusion detection and prevention appliances against companies such as Cisco Systems Inc., Klein said.
“ManHunt never had a problem competing technically. The form factor is what we’re addressing,” Klein said.
The iForce IDS Appliance will retail for US$21,995 and will be available in April, according to the two companies.