Deploying scalable Intrusion Detection
Endace Probes, running our Intrusion Detection System (IDS) can be deployed on any network link carrying traffic right up to 40Gb/s and can be easily and quickly integrated into your existing security infrastructure thanks to the broad range of standard interfaces supported by our Probe Architecture.
Our range of Probes offer unrivalled functionality, reliability and value for money. A single Probe can monitor up to 20 Gigabit links at full line rate with 100% capture accuracy. The fabric management tools built into our central management server enable simple deployment and management of multiple Probes.
Our Intrusion Detection System consists of the following system components:
- One or more Endace Probes
- An Open Source IDS engine (SNORT® or Suricata) running on all Probes
- A Central Management Server to manage your fabric of Probes
- The Endace Security Manager dashboard, agent and server applications for managing your Intrusion Detection System deployment
Integrating our Intrusion Detection System into your security architecture
The flexible architecture of our Probes lets you configure them to monitor the full range of network types. You can configure ultra high-speed Probes at the core of your network, and more lightly configured Probes at the network edge where speeds are lower but the number of links you need to monitor may be greater.
Integrating our Endace Intrusion Detection System with existing third-party applications is easy using any of these standards:
- SNORT Barnyard - for event log file integration with SIM vendors such as NetForensics.
- NetFlow - a highly configurable NetFlow export module that supports multiple concurrent real-time flow collection and analysis systems.
- Packet Download - selected full-packet data can be downloaded in standard PCAP format for analysis in Wireshark or other applications.
- Event Syslog - support for third-party Security Information Management (SIM) systems with alert export in standard Syslog format.
- SNMP - integrate with a broad range of system and network management tools
Surgical replacement of failing sensors
The highly flexible nature of our Intrusion Detection System makes it the ideal choice if you are looking to replace existing IDS / IPS sensors that are failing under load, without replacing any of the other elements of your security architecture.
Installation of high-performance Endace probes can generally be done without disrupting your existing security infrastructure, and our architecture enables you to continue to scale – either by adding more probes, or by upgrading the DAG™ ports on your existing Endace Probes - as the demands of your network increase.
Scaling to 40Gbps and beyond
For ultra high-speed links, the sophisticated load-balancing capability of our Probes enables them to be 'stacked' or clustered together in order to deliver 100% reliable alerting right up to 40Gpb/s. And with up to 32Tb of local storage onboard each Probe, there's sufficient capacity to monitor and analyse even the fastest links in real time.
If you have already have failing sensors, or want to know what the impact of traffic increase will be on the performance of your existing Intrusion Detection System sensors then contact us about a free IDS/IPS audit.