High-Speed Intrusion Detection System for Network Security
Company’s Request
Technology Set
Our team built a tool to look at a lot of network traffic data. Effective and consistent performance was guaranteed by testing and implementing the solution on dedicated servers, making fast big-data analysis possible. The tool optimizes resource usage by operating within the kernel space, allowing for more efficient packet filtering, which makes the system work better. It includes an alert method for spotting harmful network packets, thereby making the infrastructure safer.
Throughout the project, our developers strategically switched between various packet inspection technologies, including Zeek, Suricata, Cosmos, and eBPF parsing, to achieve the most efficient and effective results.
Combined traffic (80% https(tls), 10% http, 3% dns, 3% ssh, 4% ftp) Result: Lower memory usage for nDPI (50 MB) and ~250MB for Zeek
We added a load balancing feature for Zeek and Suricata, doubling Testimony’s performance rates for quicker, safer packet transfer. The Suricata ssh protocol parser was also improved to spot harmful network traffic. As a result, this all-in-one tool met our client’s needs for fast big data analysis, network safety, and better system performance.
Testing setup
While the specifics of how our solution is utilized within the client’s infrastructure remain proprietary to Apple Inc, we maintain an ongoing feedback loop with them to make sure our software continues to meet their needs and can be adapted as required. Our team conducts rigorous testing of the solution on AWS, demonstrating its adaptability and scalability in a cloud environment.