UK company launches tool to monitor other network security audit tools

Idappcom Ltd. says its new tool can gauge the effectiveness of other network security audit tools or monitoring devices.

You may have intrusion prevention or unified threat management systems installed, but how well are they catching the latest threats?

It is probably best suited to high-security organisations and can be used to prove the effectiveness of your existing security. It is also able to fix any new vulnerabilities it identifies.

Andy Kellett,
analystOvum Ltd.

Kent-based Idappcom Ltd. believes it can provide the answer with its latest product, Traffic IQ version 2.0, which is designed to enable organisations to test the effectiveness of their security systems.

Traffic IQ v2.0 is an automated auditing and vulnerability assessment testing tool. It includes a large traffic library with thousands of real, existing threats, plus corresponding security rules to enable detection of the latest threats. It can test existing security products by providing them with sample threats, and report back on which ones the products blocked and which they missed. Traffic IQ v2.0 is also able to provide new code that augments the ruleset of a third-party IPS in order to mitigate a new or emerging threat.

Additionally, said Idappcom's CTO Anthony Haywood, the product can be used to assist in configuration of security devices and to boost their effectiveness.

Haywood added that new Internet threats emerge faster than many of the IPS and UTM vendors can develop fixes for them. "We identified 56 new threats during June 2010," Haywood said, "and found that 20 of these were not blocked by major IPS vendors."

Idappcom researchers in the UK and Bangalore search for new network vulnerabilities by tracking activity on "black hat" websites. When they discover a new threat, they add it to Idappcom's database of known threats and write new code that customers can add to their IPS rulesets in order to mitigate the threat.

The vulnerability assessment tool comes as a full version -- either in software or in an appliance -- as well as a new freeware version, which is available on a renewable six-month licence. Called Traffic IQ Replay, the freeware version is also able to analyse the blocking capabilities of network-based IPS, and performs a similar function to free tools such as Tcpreplay and Tomahawk. But unlike those tools, it comes with a graphical user interface, allowing a customer to perform testing without having to learn a command-line interface. Users can replay their own or Web-downloaded pcaps through security appliances and test the mitigation capabilities of those appliances. However, to access the Idappcom threat library that lists mitigation codes for the latest threats, a customer must buy the commercial product, Traffic IQ Pro, which is sold via resellers.

Although a relatively new company -- founded by Haywood in 2004 -- Idappcom has managed to notch up some large and powerful customers, including Hewlett Packard Co., Microsoft, Cisco Systems Inc., Juniper Networks Inc., Check Point Software Technologies Inc., plus several foreign government and military agencies in North America and Asia.

Andy Kellett, an analyst with IT analysis and consulting firm Ovum Ltd., said that although Idappcom is a small company, it has interesting technology. "You don't get to sell into government agencies in the US unless you have something that is pretty useful," Kellett said. "It is probably best suited to high-security organisations and can be used to prove the effectiveness of your existing security. It is also able to fix any new vulnerabilities it identifies. And putting out a free version means they are prepared to put their reputation on the line."

Read more on Hackers and cybercrime prevention