Latest IDSes Surpass First-Gen Solutions

According to Infonetics Research, worldwide revenue for intrusion-detection system (IDS) products will reach $393 million this year. IDS product revenue grew to $94 million in the second quarter of this year and will jump to $135 million in the second quarter of 2003, the firm said.

"We have seen a consistent increase in demand for network-based IDSes since the middle of this year," said Sanjay Kalra, CEO of Icons, a North Brunswick, N.J.-based security firm. "Based on projects in the pipeline and our sales forecasts, we anticipate this trend to continue in 2003." Customers are planning to implement intrusion-detection capabilities on core networks and at remote sites such as regional sales offices, he said.

This week Sourcefire plans to unveil its Intrusion Management System (IMS) and additions to its Network Sensor appliance line. The company's products incorporate the Snort open-source IDS technology. The new Network Sensor 1000 monitors 35-Mbps networks, costs $5,000 and is designed for branch and field offices with smaller networks. The Network Sensor 2100 monitors networks of up to 300 Mbps and costs $13,000. The new sensors allow Sourcefire to meet a broad range of enterprise needs, said Martin Roesch, founder and CTO of the Columbia, Md.-based company.

IMS consists of Network Sensors and Sourcefire Management Consoles and provides advanced data management and event correlation, Roesch said. IMS also leverages the built-in proprietary database of the Management Console to quickly provide information produced by the sensors, enhancing an administrator's ability to respond to events.

Other intrusion-detection management systems don't incorporate a database, which slows the correlation process, Roesch said. Sourcefire Management Consoles start at $15,000. "Our system is designed to give people real hard-core data management built in with the sensing capability," he said.

For Icons, Sourcefire's enhancements fit with customers' growing need for effective data management, Kalra said. "Manageability, performance and ease-of-use are the top priorities for every client that's contemplating a rollout of IDS technologies in a production-grade environment," he said, adding that Sourcefire's support for Gigabit networks and the addition of lower-end sensor appliances will give customers a "wider choice of detection capabilities that meet their business requirements."

On the software side, Okena, Waltham, Mass., boosted the capabilities of its intrusion-prevention products with the recent release of StormTrack. The third product in its StormSystem line, StormTrack uses rules and correlation engines to provide a detailed view of host systems and applications, the company said.

Okena's technology enforces authorized application behavior to block attacks. StormTrack works with StormWatch agents to identify applications running on the hosts, creates security policies for those apps and then protects the apps.

This fall, Entercept Security Technologies, San Jose, Calif., released a new version of its intrusion-prevention software to protect databases from hackers. Entercept Database Edition enforces accepted behavior to prevent attacks commonly used to gain unauthorized access to a database.

Meanwhile, Symantec said it was integrating the ManHunt multi-Gigabit network-based IDS solution it acquired this summer from Recourse Technologies with Symantec Host Intrusion Detection 4.0. The integrated solution, slated for availability this month, will correlate IDS data from the host and the network to provide better attack recognition and response, said Symantec executives.

In general, product integration in the IDS space is a good idea, said Steve Crutchley, chief security officer at 4FrontSecurity, a consulting firm in Reston, Va. For the technology to be truly effective, it needs to be boosted with other solutions such as log analysis and computer forensics, he said.