packetalarm NG: Optimized for Performance
As a result of many years of experience even in very large environments, the new generation of the packetalarm IDS/IPS systems have been optimized for optimum scalability and the requirements of their particular role.
The packetalarm NG Sensors and Sensor/Managers have been developed for fast processing of high data volumes.
The packetalarm NG Managers have been specially designed for the storage of a high number of events and for fast processing of the data accrued. All the appliances include integrated fault tracking of the hardware components. The appliances of the model series 500 NG and higher are equipped with RAID, as well as with redundant fans and hard disks.
packetalam IDS NGx High-Speed-Sensors
The packetalarm IDS 1000 NGx Sensors have been specially designed for operation in networks with extremely high data volumes. This has been accomplished by the packetalarm NG Stream Distribution Technology. A further acceleration in data analysis is accomplished through the parallel use of multiple IDS cores.
All Sensors, Sensor/Managers and Managers of the packetalarm Next Generation come with HA support. The function of the High Availability feature here is to monitor a parallel, redundant system and to take over all functions from the master in case of failure. This failover happens instantly, automatically and without interruption. This kind of redundant setup is also possible when the two systems are at distant locations, as for example in a remote backup data center.
Central management of packetalarm IDS/IPS systems with sensor/manager operation
All packetalarm NG products can be operated as a distributed system. Individual sensors are distributed over the entire infrastructure and are configured, managed and monitored centrally using a manager. The sensors can communicate with the manager locally, but also in branch offices via the Internet or VPNs.
Different Characteristics between packetalarm IDS NG and packetalarm IPS NG
Both product lines – packetalarm IDS NG and packetalarm IPS NG – have many similarities as regards their basic functionality due to their common development. Many of the following features described below can be found in both product lines.
|Layer 2 (bridging Mode)||–||•|
|Passive (Sniffing Mode)||•||–|
|Dynamic Intrusion Detection and Intrusion Prevention|
|IDS / IPS signatures||> 22.000||> 22.000|
|Packet fragmentation attack||•||•|
|Application anomalie attack||•||•|
|Application protocol attack||•||•|
|RFC compliance check||•||•|
|Number of sensors||•||•|
|Monitoring via SNMP||•||•|
|Hardware diagnosis via SNMP (v1, v2, v3)||•||•|
|Internal hard disc||•||•|
|Log to remote Syslog server||•||•|
|Log to SNMP server||•||•|
|Attack reporting via eMail||•||•|
|Automatic Real-Time Update||•||•|
|Firewall modes and features|
|Layer 2 / Layer 3 Firewall||–||•|
|Stateful Pattern Matching||•||•|