Introducing Threat Detection as an SDK

A Ground-Breaking New Solution for Tighter IDS Integration with Higher Performance

In a relatively short timeframe, the networking landscape has undergone a huge transformation with users and devices moving out of the office as data, applications, and infrastructure have moved to the cloud. To secure this new world, cybersecurity solutions have also migrated to the cloud and they have taken essential security components with them. This includes network-based intrusion detection systems (IDS).

Already an essential element in the network security toolbox, IDS has become even more important as traditional network perimeters – and perimeter defenses – disappear. However, conventional IDS was not natively engineered to meet the scalability and performance demands of the cloud or multifunction security solutions such as UTMs, nor to natively recognize the vast array of applications and protocols used in today’s hybrid IoT/IT, everything-as-a-service world.

As cyber attacks become more sophisticated, cybersecurity solution developers need a new approach to IDS that meets all of today’s technical and functional threat detection needs.

The answer is the groundbreaking Enea Qosmos Threat Detection SDK (TD SDK). Designed with cybersecurity software developers in mind, Qosmos TD SDK is a new type of threat detection tool. It embeds core functionalities from the industry’s best-in-breed IDS, Suricata, in a software development kit (SDK) that tightly integrates with the industry’s best-in-breed traffic visibility engine, Enea Qosmos ixEngine. With this integration, double packet processing is eliminated, parsing speed is accelerated, and traffic insights are vastly expanded to fuel next-generation threat detection and custom rule development.

The result is a threat detection engine that boasts higher technical and functional performance than open source IDS, fewer false negatives, improved accuracy, adaptability, scalability and simplified distribution.

Enea Qosmos TD SDK Benefits:

• Tight Integration into 3rd Party Software

Delivered as a software component (SDK) with an IDS solutions-based approach, Qosmos TD SDK enables easy and tight integration into encompassing cybersecurity solutions while remaining flexible and scalable.

• Up to 2x Better Performance

Qosmos TD SDK eliminates double packet processing for deep packet inspection (DPI) and IDS, optimizing resources and streamlining overheads. Thanks to Enea’s Qosmos ixEngine packet acquisition and parsing library, parsing speed is accelerated, and traffic insights are vastly expanded to fuel next-generation threat detection and custom rule development. There is much higher native throughput than traditional IDS, resulting in important functional performance gains.

• Fewer False Negatives & False Positives

Full traffic visibility, even in encrypted traffic, better parsers, and the ability to customize rulesets reduces the number of false negatives and false positives, delivering more accurate and rapid threat detection.

• Plug & Play Rulesets

Qosmos TD SDK supports standard rulesets with Suricata syntax, facilitating deployment. Qosmos ixEngine metadata is made available in rules syntax further improving threat detection while simplifying integration.

Enea Qosmos Threat Detection SDK helps cybersecurity software developers achieve the extreme scalability, performance, accuracy and innovation required for success in today’s network landscape.

Find out more about Enea’s Qosmos TD SDK: