Subukan Sensor - what is it??

The Subukan Sensor is a complete Network Intrusion Detection System (NIDS) platform. It is not simply an application one can install on an existing operating system. Rather, Subukan is a total software solution including both an Operating System and a unique compilation of the industries top Open Source security tools. The Subukan Sensor is based on a single file image or firmware which transforms most any hardware equipment into a fully functional NIDS appliance. Appliance-based technology simplifies administration and provides the capability for remote upgrades, essential in todays modern network equipment.

Product Objective

"A simple yet powerful network traffic sensor platform."

Subukan is built by Security Engineers, for Security Engineers with the goal of providing a product that will function not only as a state-of-the-art Network Intrusion Detection sensor platform, but also provide the additional functionality Information Assurance professionals and alike demand in order to excel in there respective capacities. Like many NIDS solutions, Subukan is good at detecting suspicious network traffic. However, in addition, Subukan provides the the very important cohesive research and correlation capabilities needed by Security Engineers when confirming or validating possible malicious network traffic. This helps in keeping within the scope of the Security Analyst's life cycle (detect, confirm, correlate, and report). Simply put, the Subukan sensor platform is designed to better equip Information Assurance professionals with the right tools needed to make sound judgments, accurate recommendations, and to adequately facilitate their network security and monitoring mandates.

In addition to the application capabilities of Subukan, we also aimed at developing a platform that functions more like an appliance, that is easy to use, easy to administrate, easy to upgrade, and can be scaled on an enterprise level. The sensor software is base on "Firmware" image technology which means the Operating System and supporting applications exist on a single file allowing for painless, even remotely executed upgrades. This and other capabilities are accomplished by providing Security Engineers with an easy-to-use information and research console or Web-Graphical User Interface (WebGUI). The WebGUI offers both administrative and traffic analysis functionality for the operator, seamlessly allowing the instant cross referencing of various informational network gathering resources to help the operator better understand the nature of the network traffic in question. If you need more than one sensor, Subukan's client/server topology also allows for sensor clustering on an enterprise level.

Product Highlights

Using a unique compilation of Open Source applications, coupled with custom software solutions; below you'll find a few of the highlights in the Subukan Sensor's capabilities:

• Packet-level data capture (TCPdump) - record every byte on the network
• Signature-based intrusion detection (Snort) - identify known traffic patterns
• Network traffic patterns (IPAudit) - peer-to-peer conversation analysis
• Packet Anomalous Statistical Tracking (PAST)* - adaptive network behavioral models
• Appliance OS - remote firmware image upgradeable
• Unified sensor policy configurations updates
• Dual-purpose roles [Sensor / Collector]
• Web-based data retrieval and analysis tools
• IDS Signature rule repository

* Note: PAST is not yet available and is still in the development/testing stages.

To Learn more, please refer to the Subukan Handbook, or simply download and try Subukan for yourself!