Ids Sensor

Improvements in IDS Sensor Technology 

Improvements in IDS Sensor Technology

By Chris Hinshaw, Senior Software Engineer

There is an old saying that a chain is only as strong as its weakest link. The same adage can be applied to any system, and especially in a Network Intrusion Detection System. If any part of the system is not working effectively, it can have an adverse effect on the system. Recent improvements in the PacketSled testing methodology have improved reliability to the IDS Sensor portion of the PacketSled system. These changes include a single command installer for setting up a new sensor; enhanced packet filtering of known safe protocols; enhanced evaluation of memory and cpu usage within the sensor application itself.

In the last year, PacketSled identified the need to present a single installation method to streamline the setup of new IDS Sensors, as well as upgrading a fielded one. After a new sensor has performed the initial setup to ensure the network is setup correctly, the PacketSled UI will walk the customer through a few steps to copy/paste and run on the sensor command line. The same steps can be followed when upgrading a fielded sensor, and with the streamlined process, the task of Security Analytics is minimized during the upgrade.

The PacketSled Network Forensics tools will capture and store every file sent across the network. While this is a vital feature, a server running backups over the network can cause the sensor to store an excessive number of files that are not needed for Threat Hunting. If a customer so choses, they can enable a new set of scripts to eclipse the file extraction feature during configurable times for specific protocols (i.e., SMB). This will reduce the number of stored files, ensuring that the sensor will retain the file or files that may contain a threat.

As the IDS Sensor itself is its own system, there are weaker links to be improved upon.  One such identified and addressed is the use of a single memory management library throughout the entire sensor system. With this change, the sensor is better able to ensure that memory is available when needed, and is properly released when no longer needed. Previously, there were multiple memory management methods utilized, which caused memory allocation to not be in sync with the system.

These are by no means the only improvements made in the IDS Sensor as PacketSled is constantly looking for ways to ensure the quality, reliability and usability of the PacketSled Intrusion Detection System for our customers.

About PacketSled

PacketSled is the network analytics platform of choice for security teams globally. Used by enterprises and MSSPs for real-time data analysis, threat hunting and incident response, the platform leverages continuous internal network monitoring and retrospection to provide network forensics and security analytics. Security teams can integrate PacketSled into their orchestration engine, SIEM, or use PacketSled independently to dramatically reduce the resources required to respond to persistent threats, malware, insider attacks, and nation state espionage efforts.

The company has been named an innovator in leading publications and by security analysts, including SC Magazine, earning a finalist award in 2018 for network visibility. For continuous product updates and industry news, please visit us at www.packetsled.com or follow us @packetsled.