A new player in the intrusion detection field announced Monday it will soon deliver a product that combines three distinct techniques to ferret out network attacks, works over gigabit-speed links and is simple to deploy and maintain.

IntruVert Networks' IntruShield security architecture combines traditional signature-based intrusion detection technology with application anomaly and denial-of-service (DoS) detection techniques, according to Parveen Jain, cofounder, president and CEO of the firm, based in San Jose, Calif. IntruVert next month will begin beta testing an appliance that performs all three types of intrusion detection for multiple gigabit-speed links simultaneously, with no packet loss, Jain says.

Signature analysis is the most common form of intrusion detection. It relies on identifying known patterns, or signatures, that denote various forms of intrustions. In addition to relying on an up-to-date signature database, the systems often struggle to keep up with high-speed links and can deliver a raft of false positive alerts.

IntruVert will include a dynamic signature update technique that allows new signatures to be distributed to IntruVert sensors without human intervention, says Raj Dhingra, vice president of marketing for the company. Most other vendors require customers to manually download signatures.

Additional IntruVert intrusion detection techniques include application anomaly detection, which is meant to prevent attacks that result from hackers sending information that a Web application doesn't expect. One such technique is entering too many characters in a Web form field, which can lead to a buffer overflow attack. From that perspective, IntruVert will compete with companies like Sanctum and KaVaDo that have products intended to prevent such attacks against Web applications.

DoS prevention features include a self-learning statistical technique that examines typical traffic patterns by time of day and according to different network segments. IntruVert will be able to identify patterns that fall outside the norm and trigger an alert when predefined thresholds are met, Dhingra says.

IntruVert's product will also look for anomalies in 18 protocol stacks, to detect exploits that focus on changing certain bits in a packet to crash a protocol stack. The product will also correlate alarms received across the various intrusion detection methods, to weed out those that are likely false positives and bubble up the ones deemed most serious.

While IntruVert did not yet disclose pricing for its platform, Dhingra says it will cost between one-third and one-half of what it would cost to buy separate signature-based IDS, application anomaly and DoS detection products. Additionally, a single appliance will be able to monitor a gigabit-speed link that may support multiple servers, reducing the number of boxes required.

The company will beta test the product with nine companies, all of which are Fortune 50 firms, Jain says.