Next Generation IPS (NGIPs)
We offer leading Next-Generation Intrusion Prevention System (NGIPS) capabilities through the Threat Prevention subscription, preventing known vulnerability exploits, malware and command-and-control activity. Next Generation IPS makes real-time decisions to immediately and accurately block malicious traffic that emulates known or unknown malware family characteristics, with minimal impact on network performance.
Protection Beyond a Typical IPS
Traditional IPSs are black boxes that offer little visibility or context into the protection being offered. However, a next-generation IPS — especially one based on an open architecture — is different. The benefits offered by today’s next-generation IPSs include network security capabilities beyond just detection and prevention.
IPSs are simply higher quality products that offer increased effectiveness and peace of mind. With the ability to continually monitor for changes over time, your network can achieve comprehensive coverage.
A benefit of being able to tweak your own rules and call your own shots is that you can adjust the settings based on your specific compliance requirements. Be it federal law, industry regulation, or business partner request, the ability to fine-tune your network security controls helps take some of the pain out of the compliance process
A next-generation IPS puts in the extra effort to construct IPS rules to detect any possible variant of an exploit that targets an operating system or application vulnerability. Now you have the ability to assess new threats and determine which problem areas you need to focus on. This approach provides the best security and offers the greatest zero-day protection. It’s better (more effective and efficient!) to determine and protect for all possible vulnerabilities of a faulty lock than it is to have to detect every possible key pattern that an intruder may try. To continue the analogy, exploit-based approaches attempt to detect only the known keys and may miss other vulnerabilities altogether.
Network behavior analysis
Not all attacks come through the perimeter. Many are hand-carried on mobile computing devices right through the front door, thus bypassing a perimeter IPS. Network behavior analysis technologies baseline “normal” network traffic (using NetFlow or proprietary flow technology) and detect anomalies, including the spread of malware. Sophisticated next-generation IPSs can aid in determining trajectory and root cause of malware, which can help you pinpoint the source and collateral impacts in an organization to avoid reinfection.
Virtual IPS and management console
A typical appliance based IPS can’t inspect traffic between one virtual machine (VM) and another on a VMware or other virtual server. Select a next-generation IPS that offers virtual IPS sensors and management consoles that are deployed with the hypervisor and can protect virtualization environments from within and defend cloud computing infrastructures that are increasingly virtualized.
Data Loss Prevention (DLP)
Data loss prevention (DLP) systems attempt to detect and block data exfiltration attempts. These systems have the capability of scanning data looking for keywords and data patterns. For example, imagine an organization uses data classifications of Confidential, Proprietary, Private, and Sensitive. A DLP system can scan files for these words and detect them.
Pattern-matching DLP systems look for specific patterns. For example, US Social Security numbers have a pattern of nnn-nn-nnnn (three numbers, a dash, two numbers, a dash, and four numbers). The DLP can look for this pattern and detect it. Administrators can set up a DLP system to look for any patterns based on their needs.
A network-based DLP scans all outgoing data looking for specific data. Administrators would place it on the edge of the negative to scan all data leaving the organization. If a user sends out a file containing restricted data, the DLP system will detect it and prevent it from leaving the organization. The DLP system will send an alert, such as an email to an administrator.
Next Generation Firewall (NGFW)
A next-generation firewall functions as a unified threat management (UTM) device and combines several filtering capabilities. It includes traditional functions of a firewall such as a packet filtering and stateful inspection. However, it is able to perform packet inspection techniques, allowing it to identify and block malicious traffic. It can filter malware using definition files and/or whitelists and blacklists. It also includes intrusion detection and/or intrusion prevention capabilities.
Web and email Gateway
Secure Web gateway solutions protect Web-surfing PCs from infection and enforce company policies. A secure Web gateway is a solution that filters unwanted software/malware from user-initiated Web/Internet traffic and enforces corporate and regulatory policy compliance. These gateways must, at a minimum, include URL filtering, malicious-code detection and filtering, and application controls for popular Web-based applications, such as instant messaging (IM) and Skype. Native or integrated data leak prevention is also increasingly included.
Our deployment options include cloud, endpoint and on-Premise solutions.