Sourcefire Unveils Gigabit IDS Based On Snort

A company founded by the creator of the open source Snort intrusion detection system on Wednesday announced a gigabit-speed IDS that takes Snort to another level.

Sourcefire, Inc.'s Network Sensor 3000 (NS 3000) uses Snort technology to detect both known and unknown forms of attacks.

Snort was originally created by Martin Roesch, the CTO and founder of Sourcefire, based in Columbia, Md. It is an IDS that combines signature-based attack techniques with protocol analysis.

The NS 3000 uses multiple processors and load balancing techniques that enable it to keep up with fully saturated gigabit network links and keep running even in the face of denial-of-service attacks (DoS), the company says. A series of preprocessors enable it to perform complex protocol analysis at high speed, detecting anomalies such as port scans, DoS attacks and ARP spoofing.

Its load balancing feature enables multiple IDS sensors to monitor a single network segment, distributing traffic while maintaining the integrity of a datastream. A fault tolerant design ensures failover to working sensors in case one fails.

NS 3000 also offers forensics capabilities, allowing users to trace and reconstruct sessions that may have resulted in network damage, enabling them to assess the damage done.

The Sourcefire Management Console can aggregate and correlate data from multiple distributed sensors. It uses a proprietary database that can process millions of queries in less than a second, Sourcefire says.

The NS 3000 will be available in the third quarter. Pricing has not yet been determined. Users interested in becoming beta customers can send email to: gig-beta@sourcefire.com. The Management Console is available now for $14,995.