CIO

Idappcom seeks to displace penetration testers

Idappcom's software checks to see if security products are really catching exploits and malware
  • Jeremy Kirk (IDG News Service)
  • 28 September, 2010 23:37

A U.K. company is seeking to displace penetration testing companies with an appliance and software that can frequently test whether security devices are catching bad network traffic and exploits.

Idappcom's product, called Traffic IQ, runs traffic through two virtual machines configured the same as an organization's live network but isolated from it, said Anthony Haywood, chief technology officer.

Traffic IQ is loaded with the latest exploits and threats and can then see if commonly used network-based intrusion protection systems from vendors such as Sourcefire, McAfee, Juniper, Cisco, IBM and more are catching attacks.

Network intrusion detection systems can miss new exploits if the companies behind those products aren't doing the right research. Haywood said Idappcom engineers incorporate new exploits into its product from sources such as Metasploit, Packetstorm and SecurityFocus forums. About 50 to 60 exploits are added to Traffic IQ monthly, he said.

If a product does not detect a certain kind of exploit, Traffic IQ has an ability to create a Snort rule, which allows a security product to detect a type of malicious traffic.

"We are saying we can measure and fine tune and optimize your security to give the maximum level of protection and use the equipment that you use today," Haywood said. "You don't need to spend lots of money."

Security vendors often focus more on the throughput of their products rather than how many pieces of malware or exploits they can detect.

"A lot of vendors are focusing on who has got the biggest box," Haywood said. "Our customers are telling us it's not about who's got the biggest box -- it's all about the recognition and response capability."

Idappcom sells a perpetual license for its appliance, which means that security administrators can run it as many times as they like. Haywood contends this is better than penetration testing, which only shows a snapshot in time of what the network is capable of defending against.

Traffic IQ can also do an audit of change control procedures and regulatory compliance, Haywood said.

Idappcom has a free version of Traffic IQ that launched earlier in the month. Administrators will need to have some knowledge of scripts and packet capturing, however.

Idappcom's customers include Barclays bank, First Capital, AT&T and BT along with government organizations, among others, Haywood said.

Send news tips and comments to jeremy_kirk@idg.com