The risk of security breaches are requiring companies to take preventative measures though software development to protect the underlying network infrastructure from unauthorized actions. Northforge provides the software development experience and expertise to help you advance security, speed and intelligent packet processing in your network.
Intrusion Detection Systems (IDS) are network protection techniques that detect attempts by external actors to access “protected” systems through vulnerabilities in the protection mechanisms, such as firewalls, and in the systems themselves. Intrusion Prevention Systems (IPS) are extensions to IDS that are usually placed in-line and are able to actively prevent or block intrusions that are detected. IPS can take such actions as sending an alarm, dropping detected malicious packets, resetting a connection or blocking traffic from the offending IP address.
For our IDS/IPS customers, we can do the following and more:
- Evaluation of open-source packages and suggestions on which is the best for customer needs
- Modification of existing open-source packages and extension with new features
- Optimization of existing design to increase system performance
- Utilization of Deep Packet Inspection (DPI) and User Behavior Analytics (UBA) for efficient and effective detection of attacks using both encrypted and non-encrypted packets
Northforge can take ownership to design and implement your new IDS/IPS products from scratch or from existing frameworks to reduce time-to-market. We can also help you extend and improve the functionality and performance of your existing IDS/IPS products.
A denial of service (DoS) attack is an attack on a website or service with the goal to inhibit access to the target rather than to steal information from the target or infiltrate it. This is done by flooding the target with a huge volume of traffic which will, at worst, cause the site to crash, and at best, make it extremely difficult (or impossible) for valid packets to be delivered. In order to be effective, DoS attacks are driven from many locations, frequently by “bots” that have been maliciously placed into unsuspecting systems around the network. This is called a Distributed Denial of Service attack (DDoS).
For product development, Northforge can design a DDoS detection and protection framework containing state-of-the-art packet processing technologies. This includes the ability to use SDN switches to block DDoS attackers. Northforge can take ownership, and design and implement new DDoS products from scratch. We help our customers to extend or improve functionality and performance of existing DDoS products.
Data attackers are becoming more sophisticated, requiring more data collection and analysis.
UBA monitors patterns of human and entity behavior and applies algorithms and analysis to detect anomalies that indicate potential threats, primarily on the theft of data and use of stolen information.
With UBA, we collect the data and classify it. We use machine-learning techniques to learn the normal and abnormal behavior.
For security analytics, we use different algorithms to detect threats.
Deep Packet Inspection is software and hardware that can inspect packets in real time. Most packet switches only have to process the layer 2 or 3 headers (and a little bit of layer 4) in order to do their packet forwarding job. However, for security functions like Intrusion Detection, this isn’t necessarily enough – it might be necessary to look deeper into each packet. This software must be able to inspect every packet and it must be able to do it very fast. DPI monitors traffic in real time and, using signature and rules databases, detects and mitigates attacks. For some uses of DPI, such as load balancing and performance acceleration, DPI requires tuned embedded software that runs on processors that are designed for this function, such as the Cavium OCTEON series and the Broadcom XLP and StrataXGS series.
At Northforge, we manage the development of new features, implement new signatures, and support end customers for market leading DPI products. Plus, we implement application classification and protocol attribute functionalities. Northforge can provide strong DPI expertise to help you use DPI for many different purposes.