|
contents | products | |||||||
| Foundry Networks' New Products Foundry Networks has announced a network-wide closed loop solution for network intrusion detection and prevention. The solution is built upon three key elements - sFlow, an industry standard for real-time traffic monitoring supported on Foundry's switch and router product lines, Foundry's IronView Network Manager and Snort, an open source industry standard for intrusion detection and prevention. Snort is a network intrusion detection technology for monitoring network traffic in real time and detecting dangerous payloads and suspicious anomalies. Supporting a database of over 4, 900 attack signatures, Snort provides coverage against a wide range of attack types. With IronView's sFlow preprocessor and advanced event management capabilities, sFlow data collected from the network is piped to the Snort engine, where attack vectors identified by Snort can be readily isolated and acted upon by IT network and security managers. This provides a fast resolution for network security, and immediately isolates users who may be in the process of attacking valuable resources and applications. Foundry's integrated architecture provides a scalable, network-wide intrusion detection and prevention system without the cost or performance penalties of external sensors. Foundry's IronView Network Manager allows network operators to effectively track and perform configuration changes and software updates, and identify and resolve network failures. Changes to complex network-wide features such as Access Control Lists and VLANs, software and configuration updates, and network alarms and events, are becoming impossible to track and deploy consistently without intelligent centralized network management applications. IronView Network Manager empowers network operators to seamlessly control software and configuration updates for all Foundry products from a centralized location, dramatically simplifying network provisioning, network diagnostics and problem resolution. sFlow packets are logged for every switch and router port in the network and sent to INM. INM pre-processes the sFlow packets and sends the formatted samples to the Snort intrusion detection engine. The Snort engine searches the packets for matches with signatures it has defined in its intrusion signature file. Upon a successful search, the Snort engine reports the match to INM. INM alerts the network operator to the detected intrusion for immediate action. Snort is an open source network intrusion prevention and detection system utilizing a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods. Currently there are over 4, 900 rules defined in the Snort database, with new rules being added daily. sFlow is an industry standard technology for monitoring high speed switched networks. It gives complete visibility into the use of networks enabling performance optimization, accounting/billing for usage, and defense against security threats. write your comments about the article :: © 2006 Networking News :: home page |