INTRUSION PREVENTION
Intrusion Prevention System (IPS) solution protects the network from policy violations, vulnerability exploitations, and anomalous activity through detailed inspection of traffic at Layers 2 through 7-across your network. IPS solutions accurately identify, classify, and stop malicious traffic, including worms and application abuse, before they affect business continuity.
Threat Intelligence
IPS solution provides network wide threat intelligence. This protects the network from:
 Policy violations
Provide strict control of application usage and policy conformance through traffic inspection. The solutions also provide user and endpoint contextual information.
Vulnerability exploitations
Stops exploitation of known vulnerabilities in a wide array of operating systems, network services, applications, and protocols, and provide protection from new worms and viruses prior to their vulnerabilities becoming known or published.
Anomalous activity
Anomaly detection feature detects worms by learning the "normal" traffic patterns of the network, and then scanning for anomalous behavior.
Behavioral analysis
Provide the ability to detect infection characteristics based on dynamic learning capabilities of network usage.
ˆ TOP
Threat Identification
IPS solution contains numerous methods for the inspection and analysis of traffic in Layers 2 through 7. These methods provide comprehensive multivector threat identification that supports signatures to a vulnerability prior to the release of an exploit to provide day-zero protection. Examples of identifiable threats are shown.
Traffic Anomaly Detection |
Provides anomaly identification for attacks that may cover multiple sessions and connections, using techniques based on identifying changes in normal network traffic patterns |
| Evasion Techniques |
» Traffic normalization
» IP defragmentation
» TCP stream reassembly
» De-obfuscation |
| Protocol Anomaly Protection |
Identifies attacks based on observed deviations in the normal RFC behaviour of a protocol or service (i.e. HTTP response without an HTTP request |
Stateful Pattern Recognition |
Identifies vulnerability-based attacks through the use of multi-packet inspection across all protocols, thwarting attacks that hide within a data stream. |
| Protocol Analysis |
» Provide protocol decoding and validation for network traffic
» Monitors all major TCP/IP protocols
» Provides stateful decoding of application-layer protocols such as SMTP etc |
ˆ TOP
Adaptive Behavior
Assessing suspicious attacks based on their malicious nature without prior knowledge of those attacks. IPS solution adapt to the network, providing protection that is specific and unique to every individual network.
Anomaly detection/behavioral analysis
Protection of your network from malicious worms and DoS attacks can be automated, based on the IPS sensor's ability to learn network behavior, and alarm when traffic patterns deviate from determined normal patterns. Although normal traffic can be configured statically, the sensor's ability to protect from day-zero attacks using these intelligent engines delivers unprecedented protection, beyond traditional policy-based network security.
Malicious activity classification
IPS solution detects malicious activity and classifies them. This provides a mechanism that allows for corresponding actions to deliver network wide containment of worm and virus injection vectors, as well as worm propagation.
ˆ TOP |
