COUNTERSNIPE
COUNTERSNIPE SYSTEMS LLC
RELEASE 7.0
CounterSnipe’s version 7.0 is their next major release and includes a completely new IDS/IPS leveraging high performance scalability of the Ubuntu 12.04 (LTS) OS, a Suricata engine and the incorporation of the Emerging Threats ET Pro Ruleset.
This new development takes CounterSnipe to the fore front of Next Generation IDS/IPS technology to address ongoing protection required by customers against Advanced Persistent Threats and Malware. Release 7.0 provides the latest research & technology required to combat the most current cyber security threats.
SURICATA
Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine.
Suricata’s multi-threaded architecture can support high performance multi-core and multi-processor systems. The major
benefits of a multi-threaded design is that it offers increased speed and efficiency in network traffic analysis and can also help divide up the IDS/IPS workload based on where the processing needs are. The engine is built to utilize the increased processing power offered by the latest multi-core CPU chip sets.
ETPRO™ RULESET
Emerging Threats developed
comprehensive IDS/IPS rules to combat Advanced persistent Threats & Malware. The ETPro Ruleset Research Team pushes ruleset updates daily, not weekly or less like most vendors to CounterSnipe engines. Daily Updates with ETPro Ruleset
averaging 20 to 30 new malware and vulnerability rules each day gives
customers more than twenty times the rules each week than any other vendor.
ETPro ™ and the ET design are trademarks of Emerging Threats Pro, LLC.
Suricata is Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). CounterSnipe Systems LLC. All rights reserved.
PRODUCT SET
IDS/IPS
CounterSnipe is Intrusion Detection and Prevention Software (IDS/IPS) with a number of additional network security management features. Once the software has been installed the CounterSnipe implementation results in a powerful multimode IDS/IPS system that can be used either in tap mode (listening passively to network traffic) or in in-line mode just like a firewall (as a gateway through which all traffic must pass).
There are 3 possible software installations: 1) Standalone Active Protection System (APS) 2) Active Protection Device (APD)
3) Threat Management Console (TMC) CounterSnipe Systems LLC. All rights reserved.
APS
The Active Protection System (APS) offers Enterprises a combination of Asset Management, Intrusion Prevention (IDS/IPS), Network Access Control (NAC) and always-on threat protection. The integration and correlation of all of these various modules meets various security, accountability and compliance requirements.
APS is a cost effective solution for organizations of all sizes as its modular approach, flexible licensing and ease of upgrading eliminates huge costs associated with dedicated appliances.
Various modules from APS may be installed to create one of the desired solutions. All modules communicate with the central Management Console
TMC
Threat Management Center (TMC) is the GUI front end CounterSnipe Systems use to drive all the administration and configuration functions. In a multiple device deployment TMC is used to manage all of the remote devices (APDs) Active Protection Device. The actual working components of the CounterSnipe suite.
In a multiple device deployment refers to remotely
managed IDS/IPS devices. In a standalone single hardware system both the TMC and APD are installed on the same appliance. The workings of the system are exactly same as if the two were installed on two separate pieces of hardware.
TECHNOLOGY
UBUNTU 12.04 LTS
The Ubuntu Linux distribution is the CounterSnipe Systems OS of choice. Ubuntu 12.04. LTS is a long-term support release. It has continuous server hardware support improvements as well as
guaranteed security and support updates until April 2017.
SURICATA
The Suricata engine offers increased speed and efficiency in network traffic analysis. In addition to hardware acceleration (within hardware and network card limitations), the engine is built to utilise the increased processing power offered by the latest multi-core CPU chip sets.
EMERGING THREATS
The ETPro Ruleset Research Team pushes ruleset updates daily, not weekly or less like most vendors. Daily Updates with ETPro Ruleset averaging 20 to 30 new malware and vulnerability rules each day gives the Countersnipe IPS more than twenty times the rules each week than any other vendor.
