Saturday, December 02, 2006

Intrusion Detector delivers open-source network security

Using proprietary Meta Traffic Processor, MTP-1G wire-speed Gigabit Ethernet Network Intrusion Detection and Prevention System supports open-source network security and monitoring applications. Cards pass Gigabit Ethernet traffic between system's 2 ports with 400 ns latency while performing wire-speed, stateful, packet inspection. When determining whether to capture or block packets, cards can apply up to 1,500 wire-speed stateful policies per packet.

Los Gatos, California - Metanetworks Technologies, Inc. (metanetworks.org), a leading provider of high-speed network security and monitoring hardware, announces its MTP-1G - the world's first wire-speed Gigabit Ethernet Network Intrusion Detection and Prevention System (IDPS) specifically designed to support open-source network security and monitoring applications. The MTP-1G uses Metanetworks' Meta Traffic Processor (MTP), a unique network processor that was partially developed using research grants from the National Science Foundation and the US Air Force Rome Laboratories. The MTP is specifically designed to exploit massive, fine-grain, instruction-level parallelism, which is intrinsic to IDPS processing loads. Livio Ricciulli, Metanetworks Technologies' chief scientist, states that, "our MTP cards offer the lowest IPS filtering latency in the world because of our breakthrough processing architecture."

Metanetworks' MTP-1G cards routinely pass Gigabit Ethernet traffic between its two ports with 400 ns latency while performing wire-speed, stateful, packet inspection. When determining whether to capture or block packets, the cards can apply up to 1500 wire-speed stateful policies per packet. When the MTP-1G captures packets, it presents them to the operating system as a standard NIC in promiscuous mode.

The MTP-1G cards support existing, open-source network security and monitoring applications. They accomplish this by specifying capture and filtering policies using public-domain IDS signatures or standard network monitoring libraries. Metanetworks' MTP technology also provides developers a rich API for creating custom network security and monitoring applications.

Because the MTP-1G cards interface with the host operating system as standard NICs, they can seamlessly run a variety of standard application software at much faster speeds. For example, open-source Snort IDS software can monitor a few hundred megabits of traffic with a standard NIC. With the MTP-1G card, Snort can monitor a full gigabit of traffic without modification. The MTP-1G cards are also compatible with other popular libpcap-based network monitoring applications such as tcpdump.

The University of California, Santa Cruz (UCSC) will present the impressive capabilities of the MTP-1G PCI cards at the upcoming North American Network Operators' Group (NANOG) Conference from January 30th to February 1st in Las Vegas, Nevada. UCSC integrated a Metanetworks MTP into one of its production networks and has confirmed that it greatly enhanced their existing IDS capabilities. "The MTP enables a whole range of open source security applications that were not possible before," says Paul Tartarsky, the UCSC consultant network security engineer in charge of integrating the MTP-1G. "As far as I can tell, the MTP has eliminated a huge roadblock to developing high performance IDPS applications at a low cost."