Endace, a provider of security and IT offerings based on its data acquisition and generation packet capture technology, launched carrier grade Intrusion Detection System (IDS), an IT offering that identifies potential vulnerabilities by analysing network traffic.
According to Endace, the new offering, based on analysis of 100% of network traffic, combines multiple critical (and typically independently purchased) IT security systems into a single, fully integrated workflow. It supports threat detection, rules policy management, alerting and forensic analysis based on the product’s ability to capture and replay traffic.
The company claims that the foundation for the new offering is a network traffic packet-analysis engine that is capable of 100% packet inspection at any speed, up to 40Gb/s. The Endace probes have been purpose-built to replace failing IPS/IDS sensors that are part of existing security implementations and can be easily integrated with all major SIM / SIEM vendors.
The IDS uses the open source SNORT inspection engine for packet analysis and the Endace Security Manager (ESM) alerts appropriate personnel to threats with a graphical interface, while also enabling centralised control of the IDS rule sets, policies and configurations, the company said.
In addition, the new offering also includes 32 terabyte onboard traffic buffer that enables back-in-time contextual analysis of events with the ability to record, store and playback all traffic.
Neil Livingston, chief product officer of Endace, said: “Without 100 percent packet capture, there is a very real risk of anomalous traffic getting through. In our view, an IDS that misses a single packet cannot be trusted. Our research shows that competitive IDS solutions can miss up to 40 percent of traffic, which is shocking. Our 100 percent packet capture technology is the foundation for our IDS approach.”