Endace Accelerates Snort to Gigabit Speeds

Monitoring network traffic can become difficult when traffic loads are high. Intruders know this and can sometimes flood a network with traffic in hopes that any intrusion monitoring systems will begin to drop packets, thereby allowing the intruder to act without detection.

Endace's new NinjaBox Z-Series uses multicore CPU technology to increase the overall performance of the Snort intrusion detection system (IDS) by spreading the overall load across multiple instances of Snort.

"Multi-core CPU technologies have made it possible to significantly increase the processing power of commodity hardware. This presents Snort users with an opportunity to support Gigabit traffic volumes. The key challenges to harnessing this processing capability are the management of captured data and the balancing of processing load across the multiple CPU cores," a company spokesperson said.

Endace said its NinjaBox Z-Series units can be scaled to increase Snort performance up to 800 percent, allowing the unit to process data at up to 10Gbps of throughput without dropping any packets. Such speed is accomplished by splitting incoming data into multiple streams that can then be distributed to different CPUs.

The base unit comes with a dual-core 2GHz Intel Xeon processor, two 10/100/1000 network interfaces, one 120GB SATA IDE drive, and eight 250GB drives in a RAID array. The unit can support up to 2TB of storage as well as 10Gbps Ethernet interfaces and more powerful CPU configurations. Pricing reportedly begins at $15,000.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.