iForce Partners Shade Against ‘Zero-Day’ Attacks

Hoping to keep ahead of the daily barrage of hacker attacks, two Silicon Valley heavyweights teamed up Wednesday to debut a new intrusion detection appliance (IDS).

iForce partners Symantec and network Sun Microsystems took the wraps off of their new IDS box. The 1U rack-mount unit combines Symantec ManHunt 3.0 with a Sun Fire V60x server running on a hardened version of the Solaris Operating System, x86 Platform Edition. The companies said the units can be installed in a standard 19-inch rack. Faster than its earlier incarnation, which was based on Sun’s LX50 server, the new system has been modified to monitor up to 2 gigabits per second on copper- or fiber-based networks.

The idea behind the iForce IDS Appliance is to profile network traffic and identify intrusions by implementing advanced protocol anomaly detection, traffic state profiling and statistical flow analysis.

Symantec’s ManHunt product offers protocol anomaly detection for known and unknown or “zero day” attacks, signature detection with custom signature support, and behavioral anomaly analysis or statistical flow analysis intrusion detection for denial of service attacks (DoS) . When Cupertino, Calif.-based Symantec originally released the product in September 2002, it was primarily configured to support server platforms running Microsoft Windows 2000.

Symantec has always had a ManHunt version for Solaris, but to two things were necessary to update the new IDS: Santa Clara, Calif.-based Sun needed to build its low-priced Sun Fire V60x. The network software maker also needed to put the finishing touches on Solaris for x86 platforms. Sun recently said it will use the V60x family as its low-cost model to replace its LX50.

For its part, Symantec modified ManHunt to integrate with other Symantec Intrusion Protection solutions, which includes Symantec Host IDS and Symantec Decoy Server, to secure each layer of the network infrastructure.

“The Sun Fire V60x system, running on the Solaris OS x86 Platform Edition, provides enterprise-class security and availability to the iForce IDS Appliance,” said Manish Bhuptani, senior director of Network Services Market Development at Sun Microsystems, Inc. “Working with Symantec, we can provide our joint customers with a pre-tested, configured appliance that helps them secure their network infrastructure at a low cost.”

Sun says the device also reduces the risk of misconfigurations because the software is pre-installed, pre-tested and optimized with appropriate drivers and network interface cards.

In addition, Symantec Security Response, an Internet security response team, backs the new iForce IDS Appliance. The staff monitors and researches security threats, and provides security updates and the latest security context information including exploit and vulnerability information, event descriptions and event refinement tools.

Starting at a suggested price of $12,500, all seven models — 100Mbps, 200Mbps, 500Mbps, 1Gbps fiber, 2Gbps fiber, 1Gbps copper and 2Gbps copper are available and supported in North America through Arrow Electronics’ MOCA division and sold to authorized resellers.

News Around the Web