Idappcom Traffic IQ Professional
Strengths: Targeted tool for replaying attacks against network components such as firewalls. Excellent functionality in that regard, but really a bit of a “one trick pony.”
Weaknesses: Website needs to be a bit more user-friendly. We searched for references that we expected to be in a support section – there are none that we could find – and found it in the Products section. Documentation is limited, but what there is one can find on the website. On the plus side, this tool is so simple and intuitive, lots of docs aren’t really necessary.
Verdict: Very interesting tool and, for large organisations that need to validate whether their vulnerability and penetration testing tools are doing the job, it’s a must-have.
If you ever have been performing a pen test on the perimeter and just when you thought everything was going well you find that you no longer can touch devices that you were quite sure you'd already checked, Traffic IQ Professional may be just the thing you need. What we've described is automatic traffic blocking. The firewall or IPS has decided that you are trying to do naughty things and has blocked your address. Or what about that exploit you are not sure whether it got past your IPS or not? Again, Traffic IQ Professional may be just what the doctor ordered.
Traffic IQ Professional is not, per se, a pen testing tool. What it does is gauge the effectiveness of your safeguards against specific malicious traffic. Using pre-captured attacks, the tool plays them back against your protective devices and figures out how that device would respond if at all. So the example of having your address blocked for a specific suite of attacks is just what you want to happen. But you don't want it to happen simply because you have been beating on it for the past three hours. You want it to recognise malicious traffic and stop it cold.
Because it no longer is enough to see the response to a single vulnerability probe, a tool such as this puts some reality into the game. The tool comes with a year of subscription to traffic files. Of course you can edit your own as well. That should not become necessary, however, with a library of over 11,000 exploit files that updates at rates up to 200 per month, as well as a library of over 15,000 malware files. If that still seems like too much for your internal resources, Idappcom has a managed service to do it for you. You place a sensor in your enterprise and Idappcom manages it remotely.
We received the product as a file on a USB key. The executable is small - just a bit over 97MB - and it took very little time to load it and set it up. As for a platform, just about any will do. We used an old notebook running Windows 2000, but you can use just about any relatively recent Windows box. Minimum requirements are XP SP3, 256MB RAM, 500MB of disk and two NICs. This is not a particularly demanding application.
Reporting is very good and includes a lot of detail.
When we were up and online we set up a target - a firewall - and unloaded on it. Since we had opened some ports, we got pretty much what we expected. Certain attacks that used the ports that we opened were successful.
Support is about what you'd expect. It is no-cost during the trial period and after that there is a charge. The charge can be £822 per year without the traffic file subscription - although we question why anyone would do that with such a rich resource available - or £3,564 per year with the traffic files. Both phone and email support are available. The trouble is, for the US anyway, support only is available during UK business hours. If you're in the middle of testing at 2 p.m. EST and you need support right then you're out of luck.
We found the website to be lacking in resources. There are no white papers, FAQs or other user aids generally found on vendor websites. You can download the product or its sister products directly from the site. There are, for registered users, over 11,000 articles documenting exploits, vulnerabilities, security rules, threat mitigation and all of the most popular and trusted industry vulnerability references, such as CVE, ISVDB, Security Focus, etc. These are available on the website, but you have to look for them. Pricing is quite reasonable, although we are not quite sure what the difference is between the £1,370 to £7,537 versions.