NetScreen Technologies Inc. plans to announce a new version of intrusion detection and prevention (IDP) software for its NetScreen-IDP line of hardware products, the company said.
The company will unveil IDP 3.0 on Monday. The new software includes new features for analyzing network and application traffic, as well as for thwarting Internet worm outbreaks and spotting rogue applications such as the Kazaa peer to peer (P-to-P) file sharing program, said Ajit Sancheti, product line manager for emerging technologies at NetScreen.
NetScreen, of Sunnyvale, California, is a leading maker of network security products such as firewalls and VPN (virtual private network) technology. In January, network equipment maker Juniper Networks Inc. announced its intention to buy NetScreen for US$4 billion.
Central to the new product is what NetScreen is calling the Enterprise Security Profiler, or ESP, a bundle of vulnerability assessment, security incident management and network profiling tools that allow security managers to analyze traffic flows.
"We've taken functionality from three different classes of products and integrated them into one IDP platform," Sancheti said. "These were things that, in the past, customers had to buy separately."
The idea behind the ESP is to cut response time to attacks and outbreaks by consolidating analysis and response tools on a single device.
Practically, the new features will make it easier to manage network security by correlating disparate information such as details from event logs with known attack exploits and network security policies, Sancheti said.
For example, IDP 3.0 can integrate anomaly and signature detection features so that a buffer overflow condition on a system followed by administrator "root" level access to the system in the same connection will be recognized as a likely attempt to hack into a device, he said.
IDP 3.0 devices will also store network and application data in their own database, allowing administrators to trace the history of activity associated with an IP (Internet Protocol) address on a network. Administrators can also drill down into application-level traffic to discover what user authentication information and commands were passed in a suspicious transaction, he said.
NetScreen is partnering with TruSecure Corp. to integrate IDP 3.0 with TruSecure's Intellishield Alert Manager. That will allow the product to link attack activity to TruSecure's database of software vulnerabilities and links to software patches, he said.
In addition to allowing administrators to do a better job of responding to attacks, the new feature will make it easier to spot traffic associated with unwanted software applications, such as instant messenger and P-to-P file sharing programs, he said.
New features that spot "worm like" behavior, such as attempts to open many connections to other machines simultaneously, will also slow the spread of those threats and keep networks from being saturated with traffic, as they were with the SQL Slammer and Blaster worms, he said.
The 3.0 software will run on the full line of NetScreen-IDP products, from the US$8,000 NetScreen-IDP 10 appliance for small networks to the IDP 1000 hardware, which supports 1G bps (bits per second) of throughput and sells for around $50,000, NetScreen said.
The new software is being released immediately and will ship to customers in early April 2004.