Real-Time Network Solution detects and prevents intrusions
Closed-loop solution provides architecture for detecting, reporting, and thwarting attacks across entire network infrastructure. It combines benefits of sFlow real-time traffic monitoring solution, IronView Network Manager (INM), and Snort[R] open source intrusion detection and prevention system. INM tracks and performs configuration changes and software updates, while sFlow packets are logged for every switch and router port in network and sent to INM.
Integrated Solution Binds sFlow(R) Network Monitoring and Snort(R) Intrusion Detection to Secure Entire Network
SAN JOSE, Calif., Dec. 20 - Foundry Networks(R), Inc. (NASDAQ:FDRY), a performance and total solutions leader for end-to-end switching and routing, today announced a network-wide closed loop solution for network intrusion detection and prevention. The solution is built upon three key elements -- sFlow, an industry standard for real-time traffic monitoring supported on Foundry's switch and router product lines, Foundry's IronView Network Manager (INM) and Snort, an open source industry standard for intrusion detection and prevention. The complete solution provides a powerful and cost-effective architecture for detecting, reporting and thwarting network attacks across the entire network infrastructure.
Snort is an industry leading network intrusion detection technology for monitoring network traffic in real time and detecting dangerous payloads and suspicious anomalies. Supporting a database of over 4,900 attack signatures, Snort provides coverage against a wide range of attack types. With IronView's sFlow preprocessor and advanced event management capabilities, sFlow data collected from the network is piped to the Snort engine, where attack vectors identified by Snort can be readily isolated and acted upon by IT network and security managers. This provides a fast resolution for network security, and immediately isolates users who may be in the process of attacking valuable resources and applications. Foundry's integrated architecture provides a scalable, network-wide intrusion detection and prevention system without the cost or performance penalties of external sensors.
"In today's environment, network security is a top priority for all IT managers," said Bob Schiff, vice president and general manager of the enterprise business unit for Foundry Networks. "A huge challenge has been deploying scalable security solutions that are cost-effective and do not degrade or interfere with network performance. In the latest release of our IronView Network Manager, we are leveraging the power of sFlow's scalability and wire-speed operation and the strengths of Snort intrusion detection systems to deliver a network-wide solution for detecting and stopping network attacks without impacting application performance. This is a significant advantage over alternative solutions that are limited in their scope and scale and can impact performance when implemented as in-line appliances."
About IronView Network Manager (INM)
Foundry's IronView Network Manager allows network operators to effectively track and perform configuration changes and software updates, and identify and resolve network failures. Changes to complex network-wide features such as Access Control Lists (ACL) and VLANs, software and configuration updates, and network alarms and events, are becoming impossible to track and deploy consistently without intelligent centralized network management applications. IronView Network Manager empowers network operators to seamlessly control software and configuration updates for all Foundry products from a centralized location, dramatically simplifying network provisioning, network diagnostics and problem resolution.
sFlow packets are logged for every switch and router port in the network and sent to INM. INM pre-processes the sFlow packets and sends the formatted samples to the Snort intrusion detection engine. The Snort engine searches the packets for matches with signatures it has defined in its intrusion signature file. Upon a successful search, the Snort engine reports the match to INM. INM alerts the network operator to the detected intrusion for immediate action.
About Snort
Snort(R) is an open source network intrusion prevention and detection system utilizing a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods. With millions of downloads to date, Snort is the most widely deployed intrusion detection and prevention technology worldwide and has become the de facto standard for the industry. Currently there are over 4,900 rules defined in the Snort database, with new rules being added
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home