|
|
|
|
|
|
| ISP Resources |
| ISP-Lists ISP Glossary ISP News The List ISPCON Events Free Newsletters |
|
|
|
||
| internet.commerce | ||
|
Partner With Us |
Intrusion
Detection Systems:
Crossbeam Systems
Crossbeam Systems' X40S brings together best-of-breed security
solutions making the sum of its parts increase performance and allow the
whole application to work in concert detecting and stopping attacks.
[May 8, 2002] |
 |
The founders of Crossbeam Systems got together two years ago to develop a product that would help organizations increase their efficiency in deploying software solutions on their networks. According to Throop Wilder, Crossbeam vice-president of marketing, the options available at the time were extremely limiting.
"Many of us had come out of the networking space, where if you tried
to add services on the network, you had two choices," Wilder said. "One
was to put a blade in a router and watch the performance of the router
completely crash. The other was to deploy servers: whereas servers were
very good initially in the 10 meg scale, as you started getting into 100
meg and up, they just couldn't handle the traffic."
|
Crossbeam
Systems |
 |
Crossbeam's founders discussed security issues with enterprises and service providers, all of whom shared the same basic concerns. "They were having to stack gazillions of single-purpose appliances to service the traffic they had," Wilder said. "And with security functions expanding rapidly, they had a plethora of distinct devices, all of which were managed differently. There was a big complexity issue."
The result, Wilder says, was a focus on simplicity. "We said, let's do just enough of the network piece so that we can handle good throughput and do very granular classification on traffic that you need to service," he said. "But don't do all the routing, switching, and heavy-duty stuff that everybody else has done: really focus on what it takes to deliver services at wire speed so they don't get in the way of the user experience."
Another key concern in developing the product was freedom of choice. "People in security want best of breed, so you have to consolidate these functions while preserving technology choice," Wilder said. "All these technologies like intrusion detection and denial of service are new, and there isn't a leader. There's a lot of risk in betting on a particular IDS vendor, and a device like ours can mitigate that technology risk."
Many of the members of Crossbeam's engineering team had helped to build the frame relay switches for MCI's worldwide data network-so they had experience in developing high-performance equipment. "We took their experience and built the product, and designed it for high end data centers and service provider data centers," he said.
Strength
in numbers
Crossbeam's flagship product is the X40S
(left), which allows a range of best-of-breed applications to be
run in parallel at wire speed on the same appliance. Wilder recalls that
when the company's sales people began pitching the idea to potential customers,
most initial responses were extremely cautious.
"What we learned was that if it was pitched to them as this cesspool into which you would throw applications, of course people don't want that," Wilder said. "But where it resonates is that if you take applications that have natural affinities, they make each other stronger. If you run a firewall together with denial of service protection, the denial of service protection makes the firewall stronger."
For IDS, Wilder notes, the benefits are particularly significant. "You can define the paths that traffic flows take through our box, so you can have it go through an intrusion detection blade, then through a firewall blade, then back through an intrusion detection blade," he said. "From what customers tell us, it's a good way to eliminate false positives, which have been a big problem with intrusion detection systems."
Ease of management is another focus. "We've added a bunch of supports to make it easier to integrate into operational support systems," Wilder said. "If you have a GUI, that's fine, but it doesn't really help you integrate into your automated systems: you need something that's more programmatic. We provide a huge range of configuration and maintenance options through a secure command line interface."
The company calls the X40S an Open Security Appliance because of the flexibility it provides—and Wilder suggests that the product is best seen as something between a server and an appliance. "It has the simplicity, reliability, and performance of an appliance, but it has the openness, the freedom to choose, that today's servers give you to select the applications that you want," he said.
The X40S currently works with Enterasys' Dragon IDS and Check Point's Firewall-1. Wilder says that support for many more products is planned, but that Crossbeam is determined to integrate only with the best of breed in each area. "We already have another five applications that we're going to be rolling out, but we want to do it in a controlled fashion," he said.
Potent platform
The X40S was originally announced at $52,600, but the price has been reduced
to $40,000 for a starter system. Additional blades can be purchased for
about $9,500 each, and support is available for approximately 10 percent
of the purchase price. For an additional fee, Crossbeam will handle the
support for all applications being run on the X40S as well.
Richard Stiennon, Research Director for Gartner Research, says the flexibility of the X40S will help it to stand out from multi-purpose devices like OneSecure's IDP. "OneSecure is specifically an inline intrusion detection and prevention system, whereas Crossbeam has a robust platform that can manage multiple security applications on multiple blades," he said.
In fact, Stiennon says, the best answer might be a combination of the two. "The ideal solution would be to see a OneSecure or an IntruVert operating on one of those blades," he said. "Just the combination of anti-virus and IDS and firewall isn't nearly as powerful as the ability to do something with the traffic based on its maliciousness. And I wouldn't be surprised if we see that coming out soon."
One of Crossbeam's greatest strengths, Stiennon adds, is the speed of implementation. "My understanding is that they started talking to Enterasys, the techs got together, and in under an hour, they had ported Dragon to the new platform," he said. "That shouldn't be surprising if it's running standard Linux, but it's still pretty impressive."
Ultimately, Stiennon suggests, this is where the security space is headed. "We need something that can do a better just than the packet filtering type firewalls," he said. "We need to look deeper into the content, and that's hard to do in the appliances that are out there now. We need more processing power, and you've got to be able to offload that into separate processors. This platform does that for you. I'm excited about it."
— End
Online Resources:
Intrusion
Detection Systems Directory
IDS
Quick Reference Chart
| Related articles: | ||
| [Dec. 24, 2001] | White Paper: Reducing Network Security Risk | |
| [Sept. 25, 2001] | Physical Security Augments Logical Security | |
| [July 11, 2001] | ISP-Planet Survey: MSSPs | |
|
|
|
| Best of ISP-Planet | ||
|---|---|---|
|
ISP-Planet
Guide
ISP-Planet's Principal Studies Directories:
Q2 2008 Top U.S. ISPs by Subscriber (Updated 08/29/2008)
ISP-Planet's Blogroll | ||
ISP-Planet's
RSS feed
