NetScreen has announced a new version of intrusion detection and prevention (IDP) software for its NetScreen-IDP line of hardware products.
IDP 3.0 includes new features for analysing network and application traffic, as well as for thwarting Internet worm outbreaks and spotting rogue applications, such as the Kazaa peer-to-peer file sharing program, said Ajit Sancheti, product line manager for emerging technologies at NetScreen.
NetScreen is a leading maker of network security products such as firewalls and VPN (virtual private network) technology. In January, network equipment maker Juniper Networks announced its intention to buy NetScreen for $4 billion (£2.2bn).
Central to the new product is what NetScreen is calling the Enterprise Security Profiler, or ESP, a bundle of vulnerability assessment, security incident management and network profiling tools that allow security managers to analyse traffic flows.
"We've taken functionality from three different classes of products and integrated them into one IDP platform," Sancheti said. "These were things that, in the past, customers had to buy separately."
The idea behind the ESP is to cut response time to attacks and outbreaks by consolidating analysis and response tools on a single device. Practically, the new features will make it easier to manage network security by correlating disparate information such as details from event logs with known attack exploits and network security policies, Sancheti said.
For example, IDP 3.0 can integrate anomaly and signature detection features so that a buffer overflow condition on a system followed by administrator "root" level access to the system in the same connection will be recognized as a likely attempt to hack into a device.
IDP 3.0 devices will also store network and application data in their own database, allowing administrators to trace the history of activity associated with an IP address on a network. Administrators can also drill down into application-level traffic to discover what user authentication information and commands were passed in a suspicious transaction.
NetScreen is partnering with TruSecure Corp. to integrate IDP 3.0 with TruSecure's Intellishield Alert Manager. That will allow the product to link attack activity to TruSecure's database of software vulnerabilities and links to software patches.
In addition to allowing administrators to do a better job of responding to attacks, the new feature will make it easier to spot traffic associated with unwanted software applications, such as instant messenger and P-to-P file sharing programs, he said.
New features that spot "worm like" behavior, such as attempts to open many connections to other machines simultaneously, will also slow the spread of those threats and keep networks from being saturated with traffic, as they were with the SQL Slammer and Blaster worms.
The 3.0 software will run on the full line of NetScreen-IDP products, from the $8,000 (£4,430) NetScreen-IDP 10 appliance for small networks to the IDP 1000 hardware, which supports 1Gbit/s of throughput and sells for around $50,000 (£27,700), NetScreen said.
The new software is being released globally immediately and will ship to customers in early April 2004. A UK spokeswoman told us that it will form the centrepiece of NetScreen's Cebit exhibition later this week.