Are you looking for my non-technical blog?

This is now my technical-only blog, my non-technical blog is here.

16 May 2006

Foundry Integrates Snort with Its Management

Foundry Networks one of the leaders in end-to-end switching and routing equipments has decided to integrate snort - the well known open-source IDS - into its management system. The foundry INM management system can collect sFlow logs from the different switches in the network giving it a complete view of the traffic in this network. The new approach by transforming the sFlow into PCAP format and sending it to snort in order to analyze it will make it able to detect many network attacks and take action by blocking such malicious traffic or even limiting its bandwidth. This is not the first time that Foundry integrates snort in one of its products, they have done it before in their SecureIron by plugging the snort engine in its hardware, giving it the ability to detect and block malicious traffic. But the integration with the management server makes it capable to detect traffic on different switch models and not to be limited to a specific model without any performance degradation in the switch. But the question now, as far as I know, the sFlow doesn't send the whole packet nor even send all the packets that passes by the device, rather than that it takes samples from the traffic, so will this limit the detection capabilities. Finally it is good approach to have layers of security, and not to be limited to single security device in your network. So this is not going to be an alternative to IDS's and IPS's, however it will add an extra layer of security to your network. Tags: , ,