Intrusion Prevention & Detection
The Network Box IPS/IDS (Intrusion Prevention System and Intrusion Detection System) is a multilayered module that offers powerful rules languages, extensive stream and protocol decoders without impacting performance. It operates in four modes that work together in combination with the core routing and firewall functions to provide a highly-flexible modular approach to the problem of securing network traffic.
The Network Box IDS/IPS is updated in real-time, using high speed PUSH Technology, from the global network of Network Box Security Operation Centers.
- Zero-latency, hybrid, multi-level approach that is tightly integrated with the firewall
- Blocks network traffic and logs intrusion attempts
- Passive and active IDS engines
- Passive and active IPS engines
- Infected LAN alerting
- Real-time (on demand) and periodic (summary) reports and data export
- Large signature database coupled with all the modern techniques to identify known and unknown threats
Network Box is a member of MAPP (Microsoft Active Protections Program), which notifies us of newly discovered Microsoft vulnerabilities before they are announced. In turn this allows us to create specific protection for our clients using the IPS system.
The architecture of the Network Box IDS/IPS allows the IPS to run on all ports, physical and virtual, including VPNs, while running IDS on specific ports for monitoring purposes only.
Intrusion Detection System
Passive and active IDS engines run separately from the network traffic stream to minimize the performance impact and offer options to limit visibility of the monitoring on the network.
Intrusion Prevention System
Network Box runs three IPSs – frontline, inline, and infected LAN – that are tightly integrated with the firewall. When one of the IPSs finds something malicious during a deep packet inspection, it not only drops the connection, but it also communicates with the firewall, which will then block any packet coming from that same connection.
Advantages of having 3 IPSs that are integrated with the firewall:
- Saves on CPU and Bandwidth because the IPS runs after the firewall, scanning only traffic that the firewall has allowed
- Increases security and efficiency
- Scans all interfaces, physical and virtual, that terminate at the Network Box
The Infected LAN module monitors egress traffic for malicious or potentially harmful activity. When such traffic is identified, the offending machine is quarantined for a configurable period of time, and the IT administrator (or we could say “you”) receives an alert that enables him to take action – be it scan the computer or simply verify if the issue was a false alert.