Intrusion Detection and Prevention

The Detection + Prevention (IDS/IPS) modules utilize an intelligent packet inspection and capture system that selects suspicious packets for further behavior analysis. Employing deep-packet inspection of layers 1–7 and tunable signatures on a 24x7 basis, this module provides you with:

• Automatic alert analysis and correlation, as well as alert escalation and prioritization;
• Detection of unauthorized access to network resources;
• Countermeasures for denial-of-service attacks;
• Termination of attack sessions via a TCP reset or ICMP unreachable message;
• Probe prevention (defeats or confuses scanning techniques with false responses); and
• Enterprise and global threat correlation.

The Global DataGuard IDS/IPS module provides:

CORELATION WITH DETECTED VULNERAVILITIES

• Automatically correlates alerts with vulnerabilities detected by the V-3001-G Vulnerability Scanner Module
• Alerts correlating with detected vulnerabilities will be flagged on the monitoring console for visualization

SIGNATURE DETECTION AND PREVENTION

• Deep-packet inspection of layers 1-7
• Tunable Signatures 24/7

IP DEFRAGMENTATION AND TCP/UDP STREAM REASSEMBLY

• Identifies attackers who attempt to evade an IDS by distributing attacks over multiple packets

PROTOCOL DECODING

• Identifies attackers who hide an attack within an application protocol

IDS DENIAL OF SERVICE

• Countermeasures defeat tools such as “stick” and “snot”

EVENT SNIPING

• Terminates an attack session via a TCP reset or ICMP unreachable message

PROBE PREVENTION

• Defeats or confuses scanning techniques with false responses

BACKDOOR AND ROGUE SERVER DETECTION

• Identifies attackers who attempt to evade an IDS by distributing attacks over multiple packets