Example Location A

The companies headquarter and home of the IT-department wants to detect attacks inside the data stream and to react automatically on them. Further requirements of this virtual company are the integration of their locations B, C and D to the new to implement security infrastructure. In addition, a centralized administration and an automated global reporting for all scheduled IDS & IPS systems is required. As the company has already implemented a firewall system in location A, the installation should be done without any changes on existing IP-addresses, and the IT-infrastructure. PacketAlarm IPS operating in bridging mode allows a transparent integration behind the existing firewall. Through the Firewall functionality in PacketAlarm it is easily possible to realize a two stage firewall concept. Integrating PacketAlarm IPS in inline mode can specifically prevent attacks which are currently not identified by the existing firewall. By using the Sensor/Manager functionality, all PacketAlarm systems that are integrated into the company network can be configured, administrated and monitored via a central manager unit. The Auto-Prevention of PacketAlarm supports the administrator actively in his decisions on how an analysed attack should be handled. More than 4.000 signatures are integrated in PacketAlarm and are pre-classified within an expert system. When the Auto-Prevention is activated, there will be an automatic reaction to all found attacks. All new signatures that are delivered by the PacketAlarm software and pattern update will be classified within the expert system by default. Only the PacketAlarm products have an Auto-Prevention function, and the automatic rule update means that they are protected against attacks more quickly than other systems.

Example Location B

Location B is a subsidiary of location A. In course of a network reorganisation, location B shall get the possibility to react actively against attacks. These security improvements need to be in accordance to the headquarters requirement. The new PacketAlarm system with its Auto-Prevention technology will raise the network security, and will replace the formerly used firewall system in location B. PacketAlarm IPS operating in routing mode allows the usage as a gateway. Provided with the IP-address of the former firewall, no further changes of the subsidiaries IT-infrastructure are necessary. The system is managed by, and reports to the central manager at location A. The PacketAlarm IPS Multi-Inspection Firewall is now the first checkpoint for all data traffic in a two-stage security concept. The rules of the firewall can be configured effortlessly and deployed quickly.

The PacketAlarm Vulnerability Scanner analyses all systems inside the protected network. The results of the Vulnerability Scanner are used as basic information for the unique PacketAlarm Event-Correlation, which correlates in real-time vulnerabilities with system information and detected attacks. All the information is submitted to the centralized manager in location A. By generating global vulnerability reports the administrator has a perfect overview on all existing vulnerabilities inside the network. In addition to that PacketAlarm recommends how these vulnerabilities can be fixed.

Example Location C

Location C carries on the webshop of the company as internal hosting and must assure under all circumstances a fail-safe access to the server. PacketAlarm IPS build up as high-availability solution guarantees the availability for the shop users and the operator. In the event of failure, a second PacketAlarm system takes charge of all functions.

Example Location D

Location D has the necessity to monitor the internal data traffic. The performance of the existing network may not be affected under any circumstances. By the operation of PacketAlarm IDS and its installation in sniffing mode, this requirement is fulfilled at any time. The internal data traffic from client to server, from client to client and from client to the Internet can be analysed and controlled. The events and attacks detected by PacketAlarm IDS are all transmitted to the centralized manager in location A, where global reports can be created. Even implemented in sniffing mode, PacketAlarm IDS can actively respond to attacks and prevent them by means of a TCP-Reset or a firewall hardening. As all PacketAlarm products, PacketAlarm IDS contains the Traffic-Trace functionality. By using this function, all communication data during an event or attack can be stored and analyzed.

Overall view

The PacketAlarm product family has been specially developed to protect corporate networks of all sizes. The scalable PacketAlarm product spectrum covers all applications. The combination of gateway monitoring (PacketAlarm UTM), monitoring of traffic between internal network segments (PacketAlarm IPS) and monitoring of traffic in internal network segments (PacketAlarm IDS) means that PacketAlarm is not a “stand-alone” solution, but has the capability to protect the entire enterprise-wide infrastructure. By using multiple PacketAlarm systems, it is possible to build up a cost-effective and comprehensive security solution. The unique PacketAlarm management technology allows straightforward central administration.