Executives said the release, due to be announced Tuesday, is particularly timely as a suitably configured IPS 4000 it could have mitigated the effects of the Slammer worm, which caused internet congestion and IT department headaches for much of last week.
The IPS offerings are in-line appliances that constantly scan internet traffic and compare patterns against administrator-created acceptable use policies. The devices can then block, queue, throttle and redirect suspect traffic automatically.
Not all traffic is wanted, but not all unwanted traffic is malicious, said Captus CEO Stephen Schramke, pointing to well-known problems some intrusion detection systems (IDS) have with excess false positives.
The IPS device would not have been able to prevent Slammer from infecting vulnerable servers, but it would have been able to mitigate its damaging denial-of-service side-effects, Schramke said, by identifying sustained periods of unusual UDP traffic.
The key difference between an IDP device and an IDS is that IDS systems are generally passive, sitting outside the data path and merely alerting administrators. Firewalls differ in that they block possible hacks based on signatures of known attacks.
The problem with worms is that they’re very easy to make just slightly different every time. So the message signatures won’t be able to detect them next time, said VP of product management Jack Quinnell. IPS takes a behavior approach he said.
Captus faces competition from the firewall and IDS vendors, Schramke said, as well as NetScreen Technologies Inc, which intends to deliver a combined IDP-firewall this year, and startups including Mazu Networks, Top Layer Networks and IntruVert.
Source: Computerwire
