Security with Snort Intrusion Detection System

Endace platforms are an integral but complementary part of network security solutions. Leveraging the SNORT® Intrusion Detection System (IDS), Endace platforms can be used as high performance IDS platforms at speeds of up 10Gb/s. These platforms can function as a stand alone IDS (NinjaBox Z) or multi-function network probes and sensors (NinjaProbe).

The choice of Snort® is a logical one. Snort® aficionados are accustomed to its powerful intrusion detection capabilities and its open-source affordability. But as individual network segment interface speeds continue to increase, commercial off-the-shelf (COTS) computing hardware used to support these intrusion detection system (IDS) sensors has failed to perform. As a result, operators often feel the need to upgrade to a more expensive, proprietary solution.

Endace’s NinjaBox-Z eliminates this problem by delivering a COTS solution for IDS without the poor performance and manageability typically associated with such implementations. By removing the bottlenecks surrounding packet copying between memory spaces and CPU interrupts, and simultaneously load-balancing incoming traffic, NinjaBox-Z delivers dramatic (16x) Snort acceleration - even on highly congested, high-speed segments with a large number of positive rule matches. CPUs are free to help Snort® to perform the processor intensive functions of stream reassembly (preprocessing) and context (ruleset / signature) matching, while the single-threaded IDS application is effectively multi-threaded across multi-core CPUs.

Endace’s NinjaProbe embeds these capabilities into a multi-function network probe and sensor. NinjaProbe uses Snort® as a powerful rule matching engine, performing critical IDS functions while simultaneously supporting a broad range of additional network monitoring applications. Both NinjaProbe and NinjaBox-Z work seamlessly with the Endace Applied Watch Command Center (EAWCC) – a powerful graphical user application that removes the complexity of managing Snort® sensors.

Unique to inter-operation with NinjaProbe, the EAWCC provides powerful data mining capabilities for retrieval of relevant network traffic that is stored before, during and after an alert condition.