Intrusion Prevention Systems

  • Next Generation Intrusion Prevention System
  • Wireless Intrusion Prevention System

The network intrusion prevention system (IPS) appliance solution is composed of stand-alone appliances that inspects all network traffic that has passed through frontline security devices, such as firewalls, Web security gateways and email security gateways. IPS devices are deployed in line and perform full stream reassembly of network traffic. They provide detection via several methods — signatures, protocol anomaly detection, behavioral or heuristics. By being in-line, IPSs can also use various techniques to block attacks that are identified with high confidence. The capabilities of IPS products need to adapt to changing threats, and next-generation IPSs (NGIPSs) have evolved in response to advanced targeted threats evading first-generation IPSs.

Next-generation IPS (NGIPS) products are being put through their paces in real-world IT environments, the question is whether IPS will maintain its relevance in the enterprise or fade away as organizations put less emphasis on perimeter security and look to bundle similar feature in unified threat management and next-generation firewall deployments.

Security threats and attacks at the application layer are becoming more complex and more sophisticated. More than ever, you need to achieve the highest level of effective network intrusion security; it's critical to maintaining the high level of protection that keeps your business running.

Cyber attackers have access to some of the smartest people and sophisticated, clever attack tools and malware. In many respects, they appear to have the upper hand in the continuous battle against security countermeasures. Attackers employ armies of infected computers (known as bots or zombies) in botnets that launch massive, automated attacks that scan enterprises for vulnerabilities and exploit them, usually to steal information.

Increasingly, criminals, unscrupulous competitors, hacktivists and unfriendly nation states are launching targeted attacks against high-profile targets. Attackers breached security giant RSA, obtaining data to compromise its flagship SecurID authentication products. The so-called Aurora attacks successfully breached Google, Adobe and a number of other major companies.

The firewall is an important cornerstone of network security. Traditional firewalls are generally easy to operate and maintain, but are also relatively unsophisticated and therefore ineffective against many of todays advanced Internet threats. Because traditional firewalls aren't designed to inspect application content, an attack from an allowed IP address or port can often simply pass through a firewall.

Endpoint antimalware detects and blocks many attacks, but its effectiveness has decreased in the face of extremely sophisticated obfuscation techniques, polymorphism and the sheer volume of new malware - millions of unique samples every year.

Next generation IPS solutions provide flexible and modular security for defending your applications, networks and data from today's advanced persistent threats and high-profile attacks.

The IPS operates in-line in the network, blocking malicious and unwanted traffic, while allowing good traffic to pass unimpeded. In fact, IPS optimizes the performance of good traffic by continually cleansing the network and prioritizing applications that are mission critical. Appliance based IPS high performance and extraordinary intrusion prevention accuracy has redefined network security, and fundamentally changed the way people protect their organization. It is no longer necessary to clean up after cyber attacks have compromised network servers and workstations. No more ad-hoc and emergency patching and no more out of control, rogue applications like Peer-to-Peer and Instant Messaging running rampant throughout the network. Denial-of-Service (DoS) attacks that choke Internet connections or crash mission critical applications are a thing of the past. IPS solutions decrease IT security cost by eliminating ad-hoc patching and alert response, while simultaneously increasing IT productivity and profitability through bandwidth savings and protection of critical applications.

Key benefits of NX IPS System

  • Stops remote exploits of critical vulnerabilities
  • Keeps spyware, viruses, botnet programs and other malware out of the network
  • Thwarts advanced hybrid and application-level attacks
  • Provides P2P security
  • Protects VoIP infrastructure
  • Blocks DDoS and botnet-based attacks
  • Prevents undesired access
  • Proactively protects against threats while patches are being tested and deployed
  • Improves security posture through acceptable application usage enforcement
  • Enables regulatory compliance through protection of confidential data
  • Protects against theft of intellectual property because of undesired access
  • Reduces IT hours devoted to fixing/remediating systems infected by viruses, botnets and malware
  • Reduces downtime and impairment of business systems and websites from DDoS attacks and botnet threats

The HP TippingPoint Intrusion Prevention System (IPS) delivers the most powerful network protection in the world. The TippingPoint IPS is an in-line device that is inserted seamlessly and transparently into the network. As packets pass through the IPS, they are fully inspected to determine whether they are legitimate or malicious. This instantaneous form of protection is the most effective means of preventing attacks from ever reaching their targets.

TippingPoint's Intrusion Prevention Systems provide Application Protection, Performance Protection and Infrastructure Protection at gigabit speeds through total packet inspection. Application Protection capabilities provide fast, accurate, reliable protection from internal and external cyber attacks. Through its Infrastructure Protection capabilities, the TippingPoint IPS protects VoIP infrastructure, routers, switches, DNS and other critical infrastructure from targeted attacks and traffic anomalies. TippingPoint's Performance Protection capabilities enable customers to throttle non-mission critical applications that hijack valuable bandwidth and IT resources, thereby aligning network resources and business-critical application performance.

To know more about TippingPoint CLICK HERE

The built-in security capabilities of wireless LANs (WLANs) have improved and stabilized with Wi- Fi Protected Access 2 (WPA2) Enterprise, but WLANs continue to be compromised. WLAN exploits are not headline news in the media anymore, but represent security incidents that can be difficult and expensive to remediate. Reasons for compromise include continued use of legacy equipment, weak authentication protocol choices, unencrypted guest networks and public hot spots, other configuration mistakes, and the onslaught of personal wireless devices. Since manual sniffing methods have proven to be operationally expensive and insufficient, enterprises deploying WLAN infrastructure must give due consideration to WLAN intrusion prevention systems (WLAN IPSs).

Wi-Fi support is a standard extension of corporate networks, and enterprises must ensure that vulnerability management and intrusion prevention processes are extended to cover wireless and wired networks. WLAN security monitoring in the form of WLAN IPSs is required to ensure that supported WLAN performance is not impeded by interference or denial-of-service attacks, WLAN traffic is kept private and secure, users are prevented from installing unauthorized WLANs, and unsupported/unauthorized WLAN technologies are barred from operation. Strong regulatory requirements in government and retail have increasing influence on WLAN IPS purchases.

Wireless networks are still operated by people who sometimes make mistakes, and wireless network access points are frequently misconfigured in ways that introduce vulnerabilities. Just like wired networks, wireless networks need to be monitored to both proactively detect vulnerabilities to accelerate mitigation and to quickly detect security incidents to support rapid incident response. Also, while the basic Wi-Fi technology is mature, what Gartner calls the "consumerization of IT" is driving demand for increased use of employee-owned devices with wireless access, such as iPhones and iPads. This increases the need for WLAN monitoring to support network access control (NAC) functions for allowing wireless access to users who are allowed to use unmanaged devices. Demands for increased mobility have also led to pressure to use technologies, such as 802.11n, Long Term Evolution (LTE) and third generation (3G)/fourth generation (4G), in data devices before equipment security capabilities and company security practices have matured. All this adds up to a continuing need for wireless monitoring and intrusion prevention to mitigate risk.

To deal with the risks of wireless use, the demand for WLAN IPS continues to evolve and the primary use cases for WLAN IPS are:

  • Intrusion detection and prevention
  • Overall WLAN health/operations infrastructure monitoring
  • Vulnerability management

WLAN IPS is an increasingly important component of WLAN infrastructure. Security has become "table stakes" for vendors in the WLAN infrastructure market — enterprises expect their WLANs to include some basic security monitoring capabilities. For many enterprises, what is built-in will be good enough, but just as in the wired network security market, many enterprises will require a separate security monitoring infrastructure. Enterprises have several architectural choices for WLAN IPS

  • Infrastructure-based
  • Overlay
  • Hybrid
  • Provides high performance wireless networking that scales to meet the demands of any enterprise.
  • Next generation controller-less Wi-Fi architecture eliminates the cost and complexity of legacy WLAN solutions.
  • Plug and play deployment and template based configuration simplifies WLAN implementation while embedded WIPS technology eliminates network disruptions and blocks wireless threats.
  • Addresses PCI requirements for Wi-Fi rogue monitoring are a primary demand driver in businesses that accept or process credit card payments.
  • Automatically detects, blocks and locates all types of wireless threats
  • Secure BYOD policy enforcement
  • 24/7 Spectrum analysis
  • Detects and locates ‘non Wi-Fi’ interference & RF jamming
  • Smart Forensics™ for quick resolution of wireless incidents
  • Remote troubleshooting including remote “live packet capture”

AirTight WIPS provides enterprises with continuous and the most comprehensive protection against current and emerging wireless threats. Also provides a cost effective, secure and hassle-free wireless LAN (WLAN) solution that is ideal for distributed enterprises with a small IT staff and a limited budget.

It offers a next generation intelligent edge WLAN architecture, software configurable plug-and-play access points (APs), all-inclusive enterprise grade Wi-Fi features, the best-in-class wireless intrusion prevention system (WIPS), an HTML5 management console that makes it equally easy to manage ten or tens of thousands of sites or devices, and flexible deployment and pricing options.

AirTight Wi-Fi delivers the only enterprise grade 802.11n Wi-Fi access solution embedded with the industry's top-rated wireless intrusion detection and prevention (WIPS) capabilities in a single AP platform. By embedding the industry's most robust WIPS security capabilities in every AirTight AP, enterprises now have a truly secure enterprise class Wi-Fi solution without the incremental cost and complexity of deploying a dedicated overlay WIPS solution for full time detection and prevention of wireless threats. Additional capabilities include integrated firewall, traffic shaping and QoS capabilities for optimal security, bandwidth management, and application delivery.

AirTight Wi-Fi offers multiple deployment options and a customizable HTML management interface, giving enterprises complete control and maximum flexibility in deploying and securing their Wi-Fi networks. Network administrators can monitor and managed all Wi-Fi networks including those in remote officer from a centralized console.

To know more about AirTight CLICK HERE

Our Technology Partners