Search

Increase Threat Detection

idappcom's IQ Solutions products and high quality security rules can assist you in increasing network based threat detection, significantly lowering risk to your organisation.

get in touch

Latest News

Increase Threat Detection

Enhance and accelerate your security defences

Regular industry tests like those performed by NSS Labs, show a significant failing by security devices to identify and mitigate the latest threats and security evasion techniques with both a default and vendor tuned policy applied.

threat detection
Threat detection comparison between Snort and idappcom security rules.

The graph above depicts the actual detection results of a security system tested in its maximum blocking mode (Security) using the latest open source security rules from both the Sourcefire Vulnerability Research Team (VRT) and Emerging Threats 'ETOpen Ruleset', and then tested again using the latest security rules from idappcom.

Idappcom threat data is chosen with a view to decrease risks by providing test data and high quality security rules to its customers. The threat data is specifically designed to increase mitigation capabilities of widely deployed IDS/IPS systems. Whilst Traffic IQ is the best tool to test all devices and network types, our published rules are written in the commonly used SNORT format.

(Other formats are available for inclusion in other manufacturer's equipment)

Traffic IQ comes with a large library of exploit traffic which can be complemented with the pcaps from other sources. The rules library is made up of a rule for each exploit since 2007, over 5000 rules and growing.

Idappcom is the only rules provider that supplies a database of threat definitions and reference data with links back to source web sites. When the rules are used with the Traffic IQ application idappcom is the only provider that gives access to the exploit giving the opportunity to edit the exploit and to retest all rules for variations and to the create specific signatures that remove false positives.

Threat Detection Comparison

Significantly increased threat detection

In regular tests, it can be demonstrated that the highest levels of threat detection and mitigation can be achieved by applying high quality security rules to your existing security devices.

The graph depicts the actual detection results of a security system tested using the latest security rules from both the Sourcefire Vulnerability Research Team (VRT), and Emerging Threats 'ETOpen Ruleset', and then tested again using the latest security rules from idappcom.

The lab scenario used during our regular comparisons is very simple and easy to replicate. For example;

  • Run the latest version of the Snort IDS product, configured appropriately
  • Apply the latest security rules from the Sourcefire VRT team
  • Run attacks from the idappcom Traffic IQ Library and record the results
  • Apply the latest security rules from the ETOpen Ruleset
  • Run attacks from the idappcom Traffic IQ Library and record the results

"We always run threats that are at least one month old against the latest Snort rules to give the IDS system the best chances of successful threat identification."

  • Apply the security rules from the idappcom Traffic IQ Library
  • Run the same attacks again and record the results

A simple, direct comparison of the results will clearly demonstrate a "significant" increase in threat detection, with increased accuracy and an extremely low probability of false positive.

"idappcom high quality security rules from the Traffic IQ Library are regression tested against the complete library of attacks to eradicate false positives and ensure accuracy and consistency".

If you would like more information, or to download Traffic IQ Professional and the Traffic IQ Library, please click the a button below.

Open Source IDS Rules Comparison Reports

View all our historical reports here:


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.