Product Features

packetalarm NG: Optimized for Performance

As a result of many years of experience even in very large environments, the new generation of the packetalarm IDS/IPS systems have been optimized for optimum scalability and the requirements of their particular role.

The packetalarm NG Sensors and Sensor/Managers have been developed for fast processing of high data volumes.

The packetalarm NG Managers have been specially designed for the storage of a high number of events and for fast processing of the data accrued. All the appliances include integrated fault tracking of the hardware components. The appliances of the model series 500 NG and higher are equipped with RAID, as well as with redundant fans and hard disks.

packetalam IDS NGx High-Speed-Sensors

The packetalarm IDS 1000 NGx Sensors have been specially designed for operation in networks with extremely high data volumes. This has been accomplished by the packetalarm NG Stream Distribution Technology. A further acceleration in data analysis is accomplished through the parallel use of multiple IDS cores.

High Availability

All Sensors, Sensor/Managers and Managers of the packetalarm Next Generation come with HA support. The function of the High Availability feature here is to monitor a parallel, redundant system and to take over all functions from the master in case of failure. This failover happens instantly, automatically and without interruption. This kind of redundant setup is also possible when the two systems are at distant locations, as for example in a remote backup data center.

Central management of packetalarm IDS/IPS systems with sensor/manager operation

All packetalarm NG products can be operated as a distributed system. Individual sensors are distributed over the entire infrastructure and are configured, managed and monitored centrally using a manager. The sensors can communicate with the manager locally, but also in branch offices via the Internet or VPNs.

Grafik_verteiltes_System_700x311_en

Different Characteristics between packetalarm IDS NG and packetalarm IPS NG

Both product lines – packetalarm IDS NG and packetalarm IPS NG – have many similarities as regards their basic functionality due to their common development. Many of the following features described below can be found in both product lines.

IDS IPS
Integration
Layer 2 (bridging Mode)
Passive (Sniffing Mode)
Dynamic Intrusion Detection and Intrusion Prevention
IDS / IPS signatures > 22.000 > 22.000
Individual signatures
Correlation
Auto Prevention
Forensic Analysis
Anomaly detection
Traffic Trace
Port Scans
DoS
Buffer Overflow
Packet fragmentation attack
UDP attack
Application anomalie attack
Application protocol attack
RFC compliance check

 

IDS IPS
Sytem Management
Sensor Management
Number of sensors
Monitoring via SNMP
Hardware diagnosis via SNMP (v1, v2, v3)
High Availability
Logging
Internal hard disc
Log to remote Syslog server
Log to SNMP server
Attack reporting via eMail
Administration
Auto-Reporting
Automatic Real-Time Update
Console interface
Web-GUI (HTTPS)
Firewall modes and features
Layer 2 / Layer 3 Firewall
NAT, PAT
Threshold Analyse
Stateful Pattern Matching