The Client/Server IDS

By Eric Griffith

June 29, 2004

By de-coupling the analysis portion of its product from the interface, Network Chemistry hopes to interest a wider swath of customers in its 'intrusion protection.'

So what if 802.11i/WPA2 is finalized? That doesn't mean the security headaches for big businesses are over. Intrusion Detection Systems (IDS) will continue to be a necessary factor as companies try to be proactive in knowing who's on the network -- and who's trying to be on the network.

Network Chemistry, which got its launch in this space last year with a sensor unit for monitoring and analyzing 802.11 packets, is now launching a full family of radio frequency (RF) IDS products under the umbrella name of RFprotect.

Company CEO Rob Markovich calls what his company does "intrusion protection -- it's beyond just reactive detection. We try to identify holes before hackers can exploit them."

Using the existing Neutrino 802.11a/b/g sensors, RFprotect comes in a desktop version that's all inclusive, and also in a client/server architecture that breaks apart the graphical user interface (GUI) and the analysis portion. This way, multiple users can get access to data, not just one workstation. The previous sensor software ran only on a single desktop.

"This is a capability all or most enterprises are demanding -- anyone with more than one IT person needs this capability," says Markovich.

The RFprotect analysis engine is also being marketed toward original equipment manufacturers (OEMs) who might want to build an IDS and for big corporations that might want the analysis it can provide but without Network Chemistry's GUI. (Enterprises with the know how can build it into their systems as well.) The engine can integrate with third party reporting applications such as Crystal Reports.

Markovich says time will tell if the company decides to go with the OEM model exclusively. For now they intend to continue to market and promote products under the Network Chemistry name. However, he claims that some "pretty significant" OEM companies are interested in licensing the RFprotect architecture.

He says that by decoupling the analysis and GUI aspects, the architecture can now support thousands of sensors running at once, with a single console showing data from multiple servers (one server per every 100 wireless sensors). This can be scaled up to support multiple-site organizations, with one or more sensors bringing data back to a network operations center (NOC), but is also suitable for a single site.

"Wireless security is not just for large enterprises," says Markovich. He says a quarter of his customers include those with a "No Wireless" policy. "A doctor's office, a hedge fund... we've seen it all, from the small to the large that want to look for vulnerabilities and attacks."

To that end, he thinks his company has the price point to beat: $1900 for a three sensor pilot system.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.