Captus Announces Advanced Intrusion Detection Technology for Stopping Denial-of-Service Attacks While Sparing Legitimate High-Volume Network Traffic.Business Editors/High-Tech Writers
LAS VEGAS--(BUSINESS WIRE)--May 7, 2001
Traffic Limiting Intrusion Detection System This article is about the computing term. For other uses, see Burglar alarm.
An intrusion detection system (IDS) generally detects unwanted manipulations of computer systems, mainly through the Internet. Enables Service
Providers and Data Centers to Remain Operational During DoS Attacks
Captus Networks, the world leader in protecting against Denial of Service attacks An assault on a network that floods it with so many additional requests that regular traffic is either slowed or completely interrupted. Unlike a virus or worm, which can cause severe damage to databases, a denial of service attack interrupts network service for some period. , today announced a major software enhancement to its CaptIO(TM) family of network security solutions that greatly simplifies the task of systems administrators for ensuring the security and availability of their Internet networks.
With Captus' new Traffic Limiting Intrusion Detection System (TLIDS(TM)), CaptIO devices now have a "fine grain" capability for distinguishing between legitimate high-volume network traffic and malicious DoS attacks that attempt to overwhelm network servers and other points of exposure with a flood of bogus network packets.
Integral to TLIDS is an advanced network traffic profiling capability that marks an important breakthrough in the network security marketplace. It makes the CaptIO family the only network security solution that effectively integrates a policy-based Intrusion Detection System (IDS) with adaptive firewall technology to enable service providers and data centers to keep servers and networks operational during malicious DoS attacks. Some companies attempt to integrate an IDS and a firewall to stop these attacks, but experience too many "false positives" making it impossible to automatically stop true attacks. As a result, a network administrator must investigate each alarm to ensure that it is not a false alarm, but an actual DoS attack.
False positives are costly for companies. The CaptIO device eliminates the false positives caused when high levels of legitimate traffic are mistaken as a DoS attack through flexible TLIDS policies.
"Our new Traffic Limiting Intrusion Detection System enables network administrators to get the most out of their CaptIO investment by giving them the industry's leading implementation of integrated IDS and firewall technology for protecting their networks against DoS attacks," said Richard Helgeson, CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. and president of Captus Networks. "The addition of TLIDS further helps service providers ensure continuous availability of services to meet service level agreements and protect the brand image of their customers."
Network Traffic Profiling Enables Sophisticated Policies Defining
At the heart of the TLIDS feature is an advanced network traffic profiling capability for use in identifying DoS attacks. This enables network administrators using the CaptIO to establish individual policies using parameters such as data traffic thresholds and transfer protocols, as well as source and destination Internet Protocol See Internet and TCP/IP.
(networking) Internet Protocol - (IP) The network layer for the TCP/IP protocol suite widely used on Ethernet networks, defined in STD 5, RFC 791. IP is a connectionless, best-effort packet switching protocol. (IP) addresses and ports. Network administrators using a CaptIO device can now also create sophisticated policies with multiple parameters for defining allowable traffic. These policies can describe both aggregate traffic as well as specific application traffic such as File Transfer Protocol A communications protocol used to transmit files without loss of data. A file transfer protocol can handle all types of files including binary files and ASCII text files. See Kermit, Zmodem and FTP. (FTP FTP
in full file transfer protocol
Internet protocol that allows a computer to send files to or receive files from another computer. Like many Internet resources, FTP works by means of a client-server architecture; the user runs client software to connect to ) for file transfers, Hypertext Transfer Protocol See HTTP.
(protocol) Hypertext Transfer Protocol - (HTTP) The client-server TCP/IP protocol used on the World-Wide Web for the exchange of HTML documents. It conventionally uses port 80.
Latest version: HTTP 1.1, defined in RFC 2068, as of May 1997. (HTTP HTTP
in full HyperText Transfer Protocol
Standard application-level protocol used for exchanging files on the World Wide Web. HTTP runs on top of the TCP/IP protocol. ) for accessing Web pages, and streaming media See streaming audio, streaming video and digital media hub. formats. The CaptIO device dynamically applies and removes policies to ensure that services remain operating throughout an active attack.
Captus' profiling technology, called TRaP Technology(TM) for Traffic Restriction and Profiling, can be used by network administrators not only to eliminate false positive notifications for a DoS attack, but also to create policies that optimize network services for users. For example, a policy can limit the bandwidth available on a network for Napster-type traffic from a particular source or to a particular destination. Flexible policies can also be established for allocating more or less bandwidth on the fly to a particular type of traffic as those traffic volumes increase or decrease.
"There are many possibilities for managing network traffic using our Traffic Restriction and Profiling technology, Helgeson said. "Network administrators now have a powerful set of controls for defining acceptable levels of network usage -- for example, ensuring that mission-critical traffic between specific sources and destinations is never delayed due to heavy traffic involving lower-priority users, addresses, and traffic types."
The Traffic Limiting Intrusion Detection System is now available as a standard feature on all CaptIO devices, and as an upgrade at no cost for current Captus customers.
About the CaptIO family
Unique in the network security device marketplace, the family of CaptIO network security devices can identify and immediately stop Denial of Service A condition in which a system can no longer respond to normal requests. See denial of service attack. (DoS) and Distributed DoS (DDoS) attacks that originate from outside or inside a network, without disrupting legitimate traffic.
The DoS attacks that Captus products defend against are becoming increasingly common -- and devastating dev·as·tate
tr.v. dev·as·tat·ed, dev·as·tat·ing, dev·as·tates
1. To lay waste; destroy.
2. To overwhelm; confound; stun: was devastated by the rude remark. . They can shut down a service provider or e-business Web site by making it impossible to respond to legitimate users. DoS attacks have been much in the news -- since the beginning of 2000, they have disrupted several of the largest sites on the Internet, including Yahoo!, eBay, E*Trade, Amazon.com, Microsoft, and CNN.com.
The CaptIO devices use proprietary and patent-pending technology to identify and stop DoS attacks within seconds of detection, without disrupting legitimate network traffic. As a result, Captus customers have a world-class security solution for creating a secure, highly available network that can mean the difference between their success and failure as e-business companies.
Captus Networks Corp. is an innovative, privately held company privately held company
A firm whose shares are held within a relatively small circle of owners and are not traded publicly. that designs, manufactures and markets integrated hardware and software security devices. As the leader in Denial in denial Psychiatry To be in a state of denying the existence or effects of an ego defense mechanism. See Denial. of Service prevention, Captus Networks' vision is to be the preeminent supplier of high performance, network security devices and services for the e-business marketplace. The company's executive offices are located in Woodland, Calif., near Sacramento. Captus Networks is funded by leading venture capital firms Name Location Founding date Managing Partners/Directors Specialty Capital managed
5AM Ventures Menlo Park, CA; Waltham, MA 2002 John Diekman, PhD (managing partner), Scott Rocklage, PhD (managing partner), Andrew Schwab (managing partner) life sciences $200M  such as GMS GMS Greater Mekong Subregion
GMS Global Mobile (Communications) System
GMS Guild Management System
GMS General Medical Services
GMS Global Management System (Sonicwall)
GMS GroupWise Mobile Server Capital Partners, L.P. and St. Paul St. Paul
as a missionary he fearlessly confronts the “perils of waters, of robbers, in the city, in the wilderness.” [N.T.: II Cor. 11:26]
See : Bravery Venture Capital. Captus Networks can be contacted on the World Wide Web at www.captusnetworks.com or by calling (877) 9-CAPTUS.
CaptIO, TLIDS and TRaP Technology are trademarks of Captus Networks. All other company and product names may be trademarks of the company with which they are associated.
VISIT CAPTUS AT NETWORLD+INTEROP 2001, BOOTH 7937