|
PacketAlarm Intrusion Prevention
Pure firewall systems without an integrated intrusion prevention system are inconceivable today. Worms, Trojans, hackers and so on are just too numerous and too clever to eliminate using decisions based solely on IP and port addresses. But is a simple intrusion prevention add-on to a firewall sufficient to avert the many threats systems now face?
PacketAlarm IPS employs a quite different strategy in dealing with this problem. It focuses not on simply reducing the communication options, but on a detailed examination of each individual packet and the possibilities that this offers for specifically identifying attacks. At the heart of this solution is the intrusion prevention engine based on the technology of the proven PacketAlarm IDS intrusion detection system. A Stateful Inspection Firewall is certainly integrated in the solution. After all, whether it’s a matter of event correlation, vulnerability scanner, anomaly detection or Auto-Prevention, cutting-edge security technology is crucial and is constantly being enhanced.
Intrusion prevention in routing and bridging mode
The PacketAlarm IPS intrusion prevention system can be operated inline in routing mode on layer 3, but also in bridging mode on layer 2. Although PacketAlarm IPS in bridging mode is „invisible“ between communication, the firewall and prevention engine remain active. PacketAlarm IPS can also be employed in front of WLAN hotspots, server farms or individual servers. The network configuration does not need to be changed in any way. DHCP, Bootp, NT domain logins and other broadcast communications continue to function properly without intervention by an administrator.
PacketAlarm IPS Appliance has a demilitarised zone and the PacketAlarm IPS Software has any number of demilitarised zones - known as DMZs - and this in both routing and bridging mode. This enables systems with sensitive data or applications to be fenced off and protected.
 Stateful Inspection Firewall
The PacketAlarm IPS Multi-Inspection Firewall is the first checkpoint for all data traffic. It monitors all data packets between the protected network and external networks in real time. Only the data traffic actually wanted flows unhindered. The rules of the firewall can be configured effortlessly and easily and can be deployed quickly.
Intrusion Prevention
The PacketAlarm Intrusion Prevention Engine uses over 4000 rules and signatures to identify attacks. The system actively intervenes in the data stream and blocks attacks before they can infiltrate the network. A special Auto-Prevention function simplifies configuration and enables rules and rule groups to be quickly adapted to different security needs in the protected systems. Only PacketAlarm products have an Auto-Prevention function, and the automatic rule update means that they are protected against attacks more quickly than other systems.
Vulnerability Scanner
The powerful PacketAlarm IPS Vulnerability Scanner specifically checks systems for vulnerabilities. PacketAlarm continuously runs tests and lists the vulnerabilities it finds. In addition to being well structured, these lists present detailed information on any vulnerability found and recommend how they can be removed.
Event Correlation
PacketAlarm IPS uses a special function known as Event Correlation to check whether each specific attack that is identified could be carried out on the target system. This decision is based on defined system attributes or the vulnerabilities detected by the vulnerability scanner. Each correlation increases the probability that an attack will be successful. Attacks with a low probability rating can be filtered from the output, thereby preventing false alarms. The administrator can naturally also create his own system attributes, establish correlations between rules and attributes or vulnerabilities and determine the extent to which this will increase or decrease the probability of a successful attack.
Anomaly Detection
Attacks and the effects of attacks often cause irregularities in data traffic. A sudden increase in data volume or the shutdown of an Internet service can be signs of an attack. PacketAlarm IPS’s anomaly detection displays and notifies deviations from “normal” data volumes. PacketAlarm can learn what data volume is considered “normal”, and this can also be configured by administrators. Anomalies can be defined for networks, individual machines and even individual ports on machines. If a value deviates from a normal value by a specified percentage for a defined time range, this is reported.
Optimum monitoring, forensic analysis and auto-reporting
PacketAlarm IPS supports a detailed forensic analysis of attacks on the network. A user-friendly query and display option lists the incidents occurring in a freely definable period into various categories. The risk by the events is shown (High, Medium, Low, Info). All attacks are displayed – and are displayed, even by default including the entire attack packet. PacketAlarm IPS displays attacks sorted by attack target and attacker and thus creates an optimum overview of the attacked systems. All data required for the analysis can be exported easily.
A special Auto Report function automatically reports the most important attacks and rule violations in a clearly structured e-mail report. The question of whether reports are to be sent daily, weekly or monthly can be freely configured. Output of diagrams and tables can also be combined to suit individual needs. This ensures that management, IT managers and administrators have the means to display precisely that data that is most important to them.
 |
All PacketAlarm products can be combined at will in a distributed system. Administration, configuration and analysis are performed via a central manager.
|
|
The automatic software and pattern update ensures users always have the very latest version of PacketAlarm IPS.
|
|
PacketAlarm IPS provides users with a fast and straightforward means to create their own intrusion prevention signatures using a user-friendly rule editor.
|
|
