Bricata Next Generation Intrusion Prevention System A New, Evolved Breed of Threat Mitigation



Similar documents
Next-Generation Firewalls: Critical to SMB Network Security

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

How to Build a Massively Scalable Next-Generation Firewall

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

Open Source Software for Cyber Operations:

Open Source in Government: Delivering Network Security, Flexibility and Interoperability

Non-Geeks Guide to. Network Threat Prevention

SourceFireNext-Generation IPS

How To Buy Nitro Security

White Paper A10 Thunder and AX Series Load Balancing Security Gateways

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

TIBCO Cyber Security Platform. Atif Chaughtai

Virtualized Security: The Next Generation of Consolidation

COUNTERSNIPE

Radware s Attack Mitigation Solution On-line Business Protection

Introducing IBM s Advanced Threat Protection Platform

White Paper. Innovate Telecom Services with NFV and SDN

WHITE PAPER. Extending Network Monitoring Tool Performance

Flash Memory Arrays Enabling the Virtualized Data Center. July 2010

Requirements When Considering a Next- Generation Firewall

Enterprise Security and Risk Management

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Solving Monitoring Challenges in the Data Center

Load Balancing Security Gateways WHITE PAPER

Five Steps For Securing The Data Center: Why Traditional Security May Not Work

IBM Security IBM Corporation IBM Corporation

IBM SECURITY QRADAR INCIDENT FORENSICS

How To Speed Up A Flash Flash Storage System With The Hyperq Memory Router

Achieve Deeper Network Security and Application Control

McAfee Network Security Platform Services solutions for Managed Service Providers (MSPs)

TBR. IBM x86 Servers in the Cloud: Serving the Cloud. February 2012

BUSINESS INTELLIGENCE ANALYTICS

Achieve Deeper Network Security

The Purview Solution Integration With Splunk

Cisco Cyber Threat Defense - Visibility and Network Prevention

First Line of Defense to Protect Critical Infrastructure

The Benefits of an Integrated Approach to Security in the Cloud

Data Center and Cloud Computing Market Landscape and Challenges

High-Performance Network Data Capture: Easier Said than Done

REMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION

Best Practices for Network Monitoring How a Network Monitoring Switch Helps IT Teams Stay Proactive

Technical Brief. DualNet with Teaming Advanced Networking. October 2006 TB _v02

NitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring

Securing the Intelligent Network

Advanced Core Operating System (ACOS): Experience the Performance

Top Ten Questions. to Ask Your Primary Storage Provider About Their Data Efficiency. May Copyright 2014 Permabit Technology Corporation

Six Days in the Network Security Trenches at SC14. A Cray Graph Analytics Case Study

Accelerating UTM with Specialized Hardware WHITE PAPER

McAfee Next Generation Firewall Optimize your defense, resilience, and efficiency.

Suricata IDS. What is it and how to enable it

Analyzing HTTP/HTTPS Traffic Logs

QRadar Security Intelligence Platform Appliances

Securing the Internet of Things OEM capabilities assure trust, integrity, accountability, and privacy.

HyperQ Remote Office White Paper

Win the race against time to stay ahead of cybercriminals

EMC VFCACHE ACCELERATES ORACLE

Advanced Threat Protection with Dell SecureWorks Security Services

1. Securing Untrusted Layer 2 Networks The Different Processing Approaches to Implementing Network Encryption... 3

The Emergence of Security Business Intelligence: Risk

Database Security, Virtualization and Cloud Computing

Obtaining Enterprise Cybersituational

HyperQ Storage Tiering White Paper

T a c k l i ng Big Data w i th High-Performance

Database Security in Virtualization and Cloud Computing Environments

Unified Computing Systems

The Evolution of Application Acceleration:

White Paper: Leveraging Web Intelligence to Enhance Cyber Security

BlackStratus for Managed Service Providers

Cloud Security Primer MALICIOUS NETWORK COMMUNICATIONS: WHAT ARE YOU OVERLOOKING?

Pluribus Netvisor Solution Brief

Sourcefire Next-Generation IPS

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

IBM Advanced Threat Protection Solution

Threat-Centric Security for Service Providers

Extreme Networks Security Analytics G2 Vulnerability Manager

7 Ways OpenStack Enables Automation & Agility for KVM Environments

Next Generation Firewalls and Sandboxing

nfx One for Managed Service Providers

Cloud Based Application Architectures using Smart Computing

HP ENTERPRISE SECURITY. Protecting the Instant-On Enterprise

The Hillstone and Trend Micro Joint Solution

Endpoint Threat Detection without the Pain

File Integrity Monitoring: A Critical Piece in the Security Puzzle. Challenges and Solutions

Elastic Application Platform for Market Data Real-Time Analytics. for E-Commerce

Transcription:

Bricata Next Generation Intrusion Prevention System A New, Evolved Breed of Threat Mitigation Iain Davison Chief Technology Officer Bricata, LLC WWW.BRICATA.COM

The Need for Multi-Threaded, Multi-Core IDPS solutions Intrusion Detection & Prevention Systems (IDPS) analyze network traffic for malicious activities and report findings from events that intend to compromise the security of computers and other equipment. IDPS looks into both headers and payloads of the network packets to identify possible intrusions. Bricata makes vast improvements in the way network traffic is analyzed and in how it can scale to large throughputs reaching as high as 300 Gbps. IDPS models that only use Central Processing Units (CPU), such as Snort, have in the last decade struggled as the CPU has become a system bottleneck. Network traffic has increased more rapidly than CPU clock-speed. Although CPUs have gained more cores, they lack a method for multi-core implementation and are unable to cope with the increase in bandwidth and content rich applications. This requires advanced hardware modifications designed to adapt to the constant changes within any given infrastructure. Increased bandwidth and content rich applications overload the IDPS and lead to packet loss, allowing malware, exploits and intrusion attempts to pass by unchecked, leading to an increased false-negative rate. The main cause of these detection failures is the throughput limitation imposed by single-threaded processing on the deep packet inspection (DPI) module in the IDPS detection engine. By designing an architecture that can take advantage of today s advanced processing power using multiple core CPU s and multi-threaded processing, IDPS systems could perform massive amounts of parallel calculations and gain high performance boosts to reduce or completely eliminate packet loss. Bricata, through extensive research to determine how to segment data for efficient and parallel processing, has created architecture and algorithms for fast and reliable intrusion prevention performance. By understanding how different hardware components interact and how to exploit the components and their APIs in new ways to create high-performance algorithm solutions, Bricata has made significant strides in Next Generation Intrusion Prevention System (NGIPS) technology. In this white paper, we present data on Bricata s implementation of known string search algorithms. Bricata makes vast improvements in the way network traffic is analyzed and in how it can scale to large throughputs reaching as high as 300 Gbps. Multi-Threaded Parallel Processing Model Many approaches have attempted to take parts of IDPS and split them into elements for basic multi-threading parallelism realized by normal CPU multi-core processors. Attempts at accelerating IDPS through special hardware other than a CPU have also been made for years. Application-Specific Integrated Circuits 2

(ASIC) or Field-Programmable Gate Arrays (FPGA) chips designed and programmed solely to run a single algorithm or a small system. Both methods were quite fast, but found to be extremely expensive in implementation and speed limitations allow them to only provide a single fast lane of processing, even when placed in a distributed model where an aggregator would essentially spray the traffic across multiple FPGAs to gain more speed. Chip circuits such as FPGAs also have the downside that when changing a rule or adding a new rule set, one must program a whole new circuit and then recompile the whole automaton, thus limiting the overall life span of a device that is often sold at a premium. Through the use of innovative programming techniques, Bricata has been capable of harnessing computational power in an extremely efficient parallel processing model using various techniques. The Bricata programming model gives direct access to the hardware natively without the need of other APIs and has proven to provide the fastest and most consistent operating speeds. After performing many tests, we discovered that the delta between Bricata NGIPS and existing IDPS solutions becomes the difference between dropping traffic vs not dropping any traffic: In comparison, Bricata NGIPS has achieved performance levels that far exceed the capabilities of existing IDPS technology. After performing many tests, we Bricata Performance Comparison 3

discovered that the delta between Bricata NGIPS and existing IDPS solutions becomes the difference between dropping traffic vs not dropping any traffic: Bricata s approach was to offload traffic, where possible, to multiple CPU cores. This allowed us to address large amounts of traffic in a short period of time while maintaining the state of the traffic and applying policy and rules to it. Bricata was built on the Suricata engine, re-engineered in new ways to make it better, faster and more reliable. matching detection. Not only has Bricata included this NGIPS technology on its entire product portfolio, it has also included custom algorithms that enable the inspection to be turned up a few steps higher to process more traffic while providing deeper analysis. Many people have asked if this is just a fancy Deep Packet Inspection (DPI) engine that can process traffic at high speeds. The answer is that behind every good IDPS is an even better deep packet inspection engine. Not to say that is all this system does! Ignite Your Security with Bricata Bricata was built on the Suricata engine, re-engineered in new ways to make it better, faster and more reliable. Our engine can detect not just a list of rule sets for testing but also provide more anomalous detection combined with a hybrid blend of pattern matching detection. Many have asked how this stacks up against other solutions in the IDPS market place. According to Gartner and NSS Labs, Snort-based solution SourceFire is the most accurate and has been leader in the industry for the past two years. Bricata s solution is a fraction of the cost, provides double the performance in a single appliance, and is based on a technology that has proven that it is more accurate, scalable and faster than the technology supporting the market leader. Bricata: What s Missing from Today s Cyber Security Solution Sets? After looking closer into what is missing from the total cyber security equation, Bricata found a large delta in interoperability of security applications and devices. This issue brought more focus on how it equates to real life security operations centers and how people were managing their environments. Bricata looked hard at the overall issues and not just found that the cyber security industry as a whole isn t focused on being a solution, they are focused on being the only solution. This is where Bricata disagrees. It s about being a part of the solution. For example, in a world where technology is moving to cloud infrastructure and virtual environments, we need to provide technology to support those environments. Being available for cloud allows us to offer greater security to all custom- 4

ers, while being flexible enough to offer a virtualized solution with the ability to move the solution across data center environments to other existing supported platforms. This also allows us to support the traditional data centers and small businesses that require hardware solutions. Bricata will have differing implementation models that allow for flexibility in cloud environments, enabling the customer to purchase Bricata directly from the market place to add to their pool of available resources. This allows growth along with customer needs so that, for example, the customer with small amounts of data over limited connectivity who suddenly grows has access to the functionality needed for expanded cloud resource capability. What s also missing from today s cyber security is event visibility across all security tools, commonality in logging, intelligence sharing, and the ability to share that information across platforms in such a way that it doesn t lose meaning or representation. Bricata has spent a significant amount of time working to close these gaps and provide enterprise as well as small and medium sized businesses ways to interoperate without having to rip and replace all security equipment. With the use of dedicated data bus memory, Bricata is able perform direct I/O and achieve a fast fast data path solution Bricata is closing these gaps by introducing methods for threat/network intelligence sharing between peers and by using the spare cycles on the tier 1 IDPS sensors to perform some of the analytics using dynamic cryptographic tables, which works not only for a single entity or organization solving a correlation problem of a large dataset, but also for organizations that have may have partnering agreements and need to share the larger correlation analysis across external entities. This also allows for a community blog and threat analysis community to assist and aid with correlation assistance. Bricata also provides a log correlation tool for those entities that don t currently have one to provide additional visibility across the organizations network. For those organizations that have an existing SIEM, Bricata has created integration commands for several market-leading SIEM technologies. Our professional services team will be more than happy to perform automation integrations for any SIEM for which we don t have pre-existing interoperability. Bricata also addresses the issue of attribute based access controls (ABAC) and role base access controls (RBAC) correlated events. These events are often overlooked by many other technologies. We provide a decision engine that sits on top of the correlated events and can make decisions based on events, traffic and data exfiltration to outbound sources including GEOIP-defined locations that be customized based on net blocks and ranges as defined by the customer. With the use of dedicated data bus memory, Bricata is able to perform direct I/O and achieve a fast fast data path solution while many other solutions can only achieve a fast or a fast slow path. The fast fast path enables Bricata to not only 5

perform amazing speed and performance in the form of IDPS, it also allows for the seamless integration of future technology. In the first release there will be support of network access control that will also take on the retrieval of the attribute access controls and will add the capability to better work with existing privileged identity access management, or identity broker tools, for validation of a user s credentials feeding into the greater decision engine for automated actions. For more information info@bricata.com www.bricata.com In short, Bricata is clearly not your everyday next generation IDPS but a new, evolved breed of threat prevention technology designed to handle greater network throughput and deeper packet inspection that ensures a more complete cyber threat defense envisioned by NGIPS. About Bricata Bricata is a leading developer of innovative, high-throughput network security and data protection solutions. Our Bricata ProAccel Appliances are based on Next Generation Intrusion Prevention Systems (NGIPS) technology, enabling both small and large enterprises to secure and protect data and networks cost effectively, without sacrificing performance or creating bottlenecks that inhibit productivity. Using our high-speed solutions to automate the capture, analysis and disposition of threats to network security at the core, Bricata offers more efficient threat protection across network and cloud-based devices. Built on the open source Suricata engine, and augmented with proprietary software and hardware to make it faster, more reliable and more user friendly, Bricata delivers double the throughput and detection performance in a single appliance at roughly half the cost of traditional IPS solutions.now deployed across both the public and private sectors, Bricata s security products are enabling its clients to do more with less, providing the means for customers to minimize the time, risk and expense of maintaining a reliable intrusion prevention infrastructure so that they can be more productive, competitive and compliant at a dramatically reduced cost. Bricata is a trademark of Bricata, LLC. All other brands or products are trademarks or registered trademarks of their respective holders. Copyright 2015 Bricata, LLC. Bricata, LLC 8000 Towers Crescent Dr., Suite 1350 Vienna, VA 22182 703.847.3650 info@bricata.com WWW.BRICATA.COM

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information