Network Intrusion Detection as an SDK? Yes! Sometimes Dreams Do Come True

Developed by and for product managers, the Enea Qosmos Threat Detection SDK (aka TD SDK) is a software component that simplifies network intrusion detection integration while raising global solution performance.

The Enea Qosmos Threat Detection SDK embeds core functionalities from the industry’s best-in-breed network intrusion detection system (NIDS), Suricata, in a software development kit (SDK) that tightly integrates with the industry’s best-in-breed traffic visibility engine, Enea Qosmos ixEngine.

It is a marriage that meets four key product management needs in a way that integrating a full stack IDS or developing a custom IDS from scratch cannot. Specifically, it enhances:

• Roadmap control,
• Product differentiation,
• Time to market, and
• Performance.

NIDS play an invaluable role in combatting known and unknown (zero day) threats as well as rooting out advanced persistent threats (APTs). But a NIDS is just one functional tool among many that must come together to deliver holistic security solutions, whether those solutions are large, multifunction security platforms like Secure Access Service Edge (SASE), Security Service Edge (SSE) and Zero Trust Edge (ZTE) platforms, a secure SD-WAN solution, or a specialized Network Threat Detection and Response (NDR) or Extended Threat Detection and Response (XDR) platform.

However, NIDS are monolithic applications that are not natively engineered for OEM use. Thus, Enea Qosmos ixEngine Product Management and R&D staff began exploring development of an alternative, OEM-specific form factor to provide a better NIDS path for customers, while simultaneously supporting tight integration with Qosmos ixEngine. Given that the Enea team pioneered the development of an OEM form factor for deep packet inspection, it was a natural avenue of exploration. Following a partnership with the OISF and iterative feedback from a lighthouse customer, the Enea Qosmos Threat Detection SDK was born. Now let’s return to the key advantages it offers to product managers.

The Qosmos TD SDK component form factor enables product managers to tightly integrate IDS functions into their applications, and to align these functions with their unique architecture and roadmap. At the same time, they can benefit from support for the same standard commercial and open source rulesets that are supported by standalone Suricata instances. Moreover, the tight integration with Qosmos ixEngine, the market’s number one deep packet inspection (DPI) library, supports a second key product manager need: product differentiation.

Enea Qosmos ixEngine recognizes over 4600 protocols and extracts up to 5900 types of metadata across enterprise, cloud/SaaS, M2M (ICS/SCADA) and IoT domains, together with unique security-related indicators of anomaly.

This deep traffic visibility helps reduce false negatives and false positives, and makes threat analysis and forensics more precise, accurate and rapid. Importantly, the high-quality source data it delivers provides a superfuel for ML and AI innovations that can truly distinguish a product in the marketplace.

Coming up with innovative new capabilities can only generate maximum value if you are the first to market with those innovations. Whether you are working to bring enhanced threat detection capabilities to market or beginning from square one to integrate IDS functionality into your solution, the Qosmos TD SDK cuts the time from conception to release. It streamlines integration and customization processes and supports plug’n’play standard rulesets.

Of all these benefits, the one cited to-date as the most appreciated by product managers is the dramatic performance gain it offers. These significant performance improvements are derived from the elimination of double packet processing, highly efficient packet parsing, optimization of resources and streamlining of overheads.

Curious to learn more?

For more information on the Qosmos TD SDK click here.

To request a demo, click here.