That is just a fancy method of recognizing common exploits. As I understand it, the most common way of detecting attempts at cracking computers is to look for somebody doing common exploit step 1 which looks like X followed by step 2 which looks like Y. This just checks if they are connected to an FTP server (which is part of the exploit), and, if they are, are they trying step 1 which looks like X. If they aren't are they trying step 2 (which is also a possible first step, but they have to be connected to an FTP server to do it). This makes it so that their NIDS can still find the exploit even if steps 2 and 3 are switched around. I think this is called "signature matching" and so they do "context-sensitive signature matching".
I haven't seen any other network intrusion detection programs that do that either, but then again I haven't looked and it isn't that huge of a deal. If you were really desperate for this functionality, you could whip something together with tcpdump.
Of course, it could be that it does more and I'm just misunderstanding their marketing-speak, but if it causes zero lag (as they say in their FAQ), then all that the "emulation" can be for is watching, and I assume all they could do that would be useful is network-grepping (unless it is maybe for showing the admins easy to understand summaries of what the crackers did). I don't know, this is just my take on what they say, but I have never really played with any NIDS's and am basing this just on what I have read and played with sniffer-wise.
As to my comment of sniffit being able to do the stuff mentioned in the article, I was refering to the ability to log all email sent to/from a server, etc. through simple filters. I meant that the "digital 1984" mentioned in the write-up was already possible, and that this program didn't make it any easier.
[ Parent ]