Threat Management
Antivirus
Content Inspection
Intrusion Detection
IDS Verification
Firewall
Firewall Verification
Policy Audit
Policy Compliance
Policy Development
Log File Management
Security Event Management

Identity Management
Biometric Authentication
Password Management
Single Sign-On
User Provisioning

Access Management
Access Control
Web Access Control

IDS Informer has been designed from the ground up to help security, network and audit teams test and confirm that intrusion detection systems deployed as a key and critical line of defense are working correctly, are running the correct policy, are monitoring the correct network segment, are picking up the latest attacks and are responding in the correct manner.

IDS Informer is designed for use in live production environments, utilizing a unique method of injecting attacks in a controlled, safe and repeatable manner. IDS Informer is the ideal solution for fully testing an intrusion detection system and can be used in the 3 stages of IDS deployment listed below:

Vendor Selection
IDS Informer can be used to easily test the differences of the various IDS products available, testing attack recognition, performance and load testing, testing the management interface for "useability" in a real world environment. All of the tests are easily repeatable so that you can be sure that each product being tested is looked at under the same conditions.

IDS Deployment
Before an IDS goes "live," the connections to the management system should be verified, the policy should be extensively tested to ensure that it is configured correctly and in accordance with the organizations security policies, attack signatures are finely tuned to reduce false positives, any user defined responses and actions are tested and verified.

Live System Verification
When the IDS is in production, it should be tested after every policy change and update to confirm all functionality is still operational, random fire drill tests should be undertaken to confirm escalation policies are working effectively, repeated testing and simulation needs to be undertaken when investigating events, service level agreements should be tested if the management of the IDS has been outsourced to a 3rd party.

If a managed security company is providing the monitoring capabilities, generally they will have tight service level agreements to state that when an attack is picked up the customer will be notified within a certain time frame, if the customer is not notified within that timeframe then discounts can be applied to the monthly management fees incurred. By using IDS Informer, the customer can run random tests against their managed IDS devices to test the service level agreements in place.

Partnering with BLADE software allows us to use IDS Informer to provide specific regular audits of our customer's IDS system to confirm that it is still functional. This process was very time-consuming before the availability of IDS Informer as it was mainly a manual process, downloading exploits, building scripts, not being able to repeat the same tests exactly, etc. By using IDS Informer, we have been able to massively reduce the time to complete the tests and therefore maximize revenue earning potential.

So how does it work?
IDS Informer uses pre-captured network traffic of an attack from start to finish. Using the advanced replay options the traffic is transmitted through a single network card simulating the original transmission. the advanced replay options allow IDS Informer to:

• Spoof source and destination IP addresses
• Source MAC addresses
• Control the rate of transmission on a per attack and per packet basis
• Transmit in both a stateful and stateless manner and loop attack continuously.

As IDS Informer replaces the relative fields in each packet of the original capture with the new information, it recalculates the IP and TCP pseudo headers and creates new sequence numbers in accordance with the standards used for each source and destination operating system before transmitting the packets. This ensures that when looping attacks each iteration of the loop is transmitted as a unique data stream.

It is important to fully understand the inspection techniques used by the IDS being tested to ensure an accurate test. To an IDS that incorporates bi-directional inspection, a stateful transmission from IDS Informer is identical to the real attack. As a number if IDS solutions currently available use uni-directional inspection techniques, a routed or stateless transmission will still appear to be identical to the original attack.