InstaGate Intrusion Prevention Service (IPS)
Automatically detect and block malicious network intrusions, Worms and Trojans that occur at the network and application layers. In addition, policy controls allow administrators to block Instant Messaging (IM) and Peer-to-Peer (P2P) applications. Intrusion Prevention blocks attacks in real-time, logs the attack for reporting or regulation requirements and notifies the administrator by email if further action is required. Signature updates are automatically downloaded to ensure protection from the latest threats. Intrusion Prevention is critical for IT managers trying to provide complete network and application protection.
Key Features:
Protect the network from a wide array of application level attacks targeting services such as web, FTP, email, IM/P2P and database/storage. IPS uses deep packet inspection to scan network traffic for Worms, Trojans and application vulnerabilities such as browser vulnerabilities, buffer overflows, site cross-scripting, back-door exploits and SQL injection. IPS can detect active attacks in real-time and block them before they can do damage on the network.
Intrusion Prevention also monitors outbound traffic to identify and block backdoor exploits and infected computers. Policy controls are created to block access to Instant Messaging and Peer-to-Peer applications that create security risks, lower productivity, and waste bandwidth.
Logging and reporting allows the administrator to view information by the threat, severity, source or destination address and port, or network protocol. Statistical graphs and top threat views give administrators a quick view of items that need attention. Email alerts notify administrators for high priority threats.
Administration Features:
Simple first-time configuration and automatic thresholds for false positives give IT managers a secure network environment without the high overhead associated with many IDS/IPS systems. Quick tuning through the web based administration tool allows administrators to protect their network in just a few minutes. eSoft's Threat Prevention Team classifies each new rule so that when it is deployed to your eSoft appliance it can automatically be associated with a profile and assigned appropriate actions.
Custom rule configurations and action profiles may be set at a granular level, making it ideal for even complex network environments. Several criteria are applied to every Action Profile so that administrators can fine tune rules and actions that will be used to analyze traffic and automatically take action on threats.
IPS Rules are filtered into action profiles that take action on network traffic that is deemed a threat. Rules are updated in real time by the SoftPak Director and automatically categorized into the appropriate action profile to take immediate effect.
|
