Intrusion Detection Systems (IDS) can’t usually handle high-speed data traffic as they have quite a lot of work to do examining each packet looking for suspicious activity. When there is a high throughput of data, IDS simply do not examine every packet. So, it is quite possible for an attack to succeed by overwhelming the IDS.
IDS Balancer 3500 is designed to solve this problem by carrying out load balancing between a number of IDS units. Housed in a standard 19-inch rack-mountable enclosure, the IDS Balancer has twelve 10/100BaseT ports on the front panel. Typically one of these is used for management and another for linking the unit to the SPAN, tap or mirror port on your backbone switch, leaving ten for IDS sensors. Optionally, it can have an additional two Gigabit fibre port for the SPAN links. LEDs on the front panel provide important status information.
There are a number of different topologies that can be adopted when connecting the IDS Balancer to your network. The simplest is load balancing between up to ten IDS sensors. But the unit can be configured for circumstances where a company uses two different types of IDS and wants every packet examined by both banks of IDS sensors. There are further configuration options that enable you to specify which groups of IDS sensors monitor traffic for which hosts. You can also aggregate traffic from separate networks and VLANs to consolidate IDS sensors and facilitate management. Finally, should you have a high-speed IDS sensor, you can aggregate traffic from several 10/100Mbps segments to make best use of that IDS investment.
There is a serial port on the front panel and this can be used for basic configuration or out-of band remote access to the IDS Balancer using a modem. Full configuration and management are carried out over Ethernet via the Java-based web interface. There is a 'Getting Started' wizard that makes initial configuration easy. The IDS Balancer can be managed using SNMP if you wish. You can specify up to eight servers to receive SNMP trap messages.
You can monitor all hosts or just selected hosts by entering their IP address ranges. You can also monitor all application traffic or select those applications that are important to you. A large library of applications is included in the IDS Balancer, which understands which protocols, ports and packet types are used by these applications. You can select applications either positively or negatively - in other words, you can choose which applications to monitor or you can choose all applications and then select which applications to exclude. You can also add your own applications to the library.
Resource usage graphs provide a visual representation of activity. These can be displayed as a traditional line graph, bar chart, or pie chart. So, reporting is good - and there is an event log.
Obviously, the IDS Balancer is a potential single point of failure in your IDS installation, so it has the option of having a redundant power supply as power supplies are usually the most unreliable component in any piece of hardware these days. 
The IDS Balancer fulfils a badly needed requirement in making best use of valuable IDS resources. It is easy to configure and manage. It offers a wide range of connection topologies to allow it to be used in a manner that best supports the IDS policy of the enterprise. Compared with generic load balancing products, it offers a particularly good understanding of IDS issues and configuration options to suit application-specific IDS monitoring. NC