Sun, Symantec team on IDS appliance

Sun Microsystems Inc. and antivirus company Symantec Corp. are releasing a "no hassles" intrusion detection system (IDS) appliance targeted at the enterprise and service provider markets, the two companies announced at the RSA Conference in San Francisco.

The iForce IDS Appliance is a 1U rack-mounted hardware appliance based on Sun's LX50 server platform. The device runs Sun's enterprise-class Solaris OS x86 operating system and will come outfitted with Symantec's ManHunt intrusion detection software.

The iForce is capable of performing intrusion detection analysis at speeds up to 2G bits per second, according to Sanjay Sharma, security segment manager at Sun.

The ManHunt software uses distributed network sensors and a variety of methods to identify threats including protocol anomaly detection, signature detection, traffic state profiling and statistical flow analysis.

The new appliance will offer features that are attractive to a wide range of enterprise customers such as protection of new "zero-day attacks" and four levels of failover, Sharma said.

While ManHunt has long been available on the Solaris platform, the new appliance offers customers simpler installation and management, as well as a more secure deployment than before, according to Fred Klein, senior manager of business development at Symantec of Cupertino, Calif.

For the new appliance, Sun, based in Santa Clara, Calif., and Symantec worked together to fine tune and optimize all components of the appliance for high speed intrusion detection, Klein said.

The device's drivers, network card and operating systems were optimized for use with ManHunt. In addition, a special build of the ManHunt software was created specifically for deployment on the LX50 platform, according to Sharma and Klein.

Finally, the Solaris operating system was hardened by Sun engineers, with all components not required by the ManHunt software removed to eliminate possible avenues of attack against the device, Sharma said.

"The fewer lines of code there are, the fewer ways there are to get into the box," he said.

While much of the fine tuning and hardening of the operating system are things that any Solaris customer could do, in theory, limited technical resources and the reality of systems management in many companies often prohibits it, making iForce's streamlined configuration a valuable commodity, according to Sharma.

"It's a unique process that we go through and that we recommend customers go through, but in past getting the box up and running, getting the right card and drivers installed, getting the OS hardened and getting ManHunt installed on top of that was 'non trivial'," Klein, said.

"In most IT departments, it's hard to have that level of expertise. Yeah, you probably have a couple people in each organization to that could do this, but do you want them to?" he said.