Quick Links:
IDP
Intrusion Prevention versus Active Response
While similar in their goals, there are significant differences between Intrusion Detection systems with active response capability and true Intrusion Prevention systems (such as that provided by the Network Box). The difference is summed up as "active response systems experience latency delays, and cannot 100% guarantee to stop an attack (they can merely mitigate the affects of the attack), while an Intrusion Prevention system can both stop an attack with suitable counter-measures and also prevent an attack from compromising a system". Intrusion Detection systems operate in parallel to, but separate from, a firewall. When operating in "active response" mode, they tell the firewall to close down connections and optionally to block future attacks from that source IP address. It is this latency of communication between the IDS and firewall that permit the initial attack packets through, and compromise of the target. Intrusion Prevention systems operate in-line and are tightly-coupled to the firewall. These systems (such as that provided in the Network Box) operate with zero latency, and are capable of blocking even single packet attacks (such as SQL Slammer).
Intrusion Detection and Prevention
Integrated with the firewall, the Network Box IDP (Intrusion Detection and Prevention) module scans network traffic at the application level, and seamlessly blocks malicious behaviour with zero latency.
A comprehensive database of IDP signatures precisely matches and actively blocks known exploits. Protection against newly emerging threats is provided by a database of vulnerability-class based signatures and heuristic (expert system) anomaly-based behavioural analysis.
The Network Box IDP system is updated in real-time, using high speed PUSH technology, from the global network of Network Box Operation Centres.
Features
- Intrusion detection engine: Zero latency, hybrid, multi-level, tightly integrated with firewall.
- Action: Active (blocks network traffic) and/or passive (logs intrusion attempts)
- Reporting: Real time (on demand), and periodic (summary) by SMTP e-mail
- Types of intrusion detected:ICMP/IP, Denial of Service (DoS), portscans, protocol level, application level.
- Just-In-time and heuristic engines: Used to block uncharacterised attacks before they have a signature.
- Signatures: Depends on configuration, but normally in excess of 2,500 (IDS) / 350 (IDP)
View Demo
View the Network Box product demonstration
Wyboston Lakes Conference and Training Centre
"We have specialist experts managing our firewall, ensuring our system is up to date, and managing our security policies. It is also more cost-effective to implement Network Box than manage everything ourselves."
Mark Jennings, Information and Communication Systems Manager
Network Box urges UK government to focus on cybercrime as Britain climbs the virus charts
28th Jul 10
June saw the UK become the fourth largest producer of spam in the world, and it is now also the fourth largest producer of viruses, according to July threat statistics from managed security company, Network Box.
The number one virus producer remains the US, which has increased production by around one per cent (to 14.6 per cent). But India’s slight increase in production (from 9.2 to 9.5 per cent) was enough to move it to number two in the charts and see Korea drop to third place, with a decline in production of more than three per cent.
View all comment and analysis articles
Receive more news from Network Box
Subscribe to RSS Feed