Intrusion Detection and Prevention

Intrusion Detection and Prevention

 

INTRUSION DETECTION

 

& PREVENTION (IDP)

 

Tightly integrated with the firewall, the Network Box Intrusion Detection and Prevention (IDP) system monitors and analyzes your network for signs of intrusion. If an intrusion attempt is detected, it is logged, and the system can be set to actively block the threat.

 

Protection against newly emerging threats is provided by a database of vulnerability-class based behaviour anomalies and heuristic (expert system) anomaly-based behavioural analysis. This is updated in real-time, using Network Box's patented PUSH Technology.

 

 

 

There are four IDP modes offered by

Network Box:

 

4 IDP modes

 

Frontline IPS

Inline with the data-stream, offers extremely light-weight, high-speed protection with zero-latency. Operating in conjunction with the firewall, the Frontline IPS adds packet content inspection, rate limiting and traffic analysis to the base firewall capabilities.

 

Passive IDS

Side-by-side with the data stream, alerting and logging of traffic only. Useful for policy enforcement and more aggressive rules.

 

Active IDS

Side-by-side with the data stream, alerting and logging of traffic but with the ability to actively teardown connections, once malicious traffic has been identified.

 

Inline IPS

Inline with the data stream and tightly coupled to the firewall, alerting and logging of traffic. The Inline IPS is able to automatically drop malicious traffic before the remote system even sees it.

 

 

 

Key Features

Engine and Signatures

3 Firewall Engines

16,027 IDP Signatures*

Firewall integration

Tightly integrated with the Firewall.

Active/passive mode

2 optional modes:

Active Mode - blocks malicious traffic.

Passive Mode - only logs intrusion attempts.

 

 

*For more information and real-time statistics:

Go to Security Response site