A sophisticated software and appliance-based network intrusion defense system, the Dragon Network Sensor identifies misuse and attacks across the network.
Placed at network aggregation points, the Dragon Network Sensor is unmatched in detecting intrusions via signature, protocol, and anomaly-based techniques. Application-based event detection detects non-signature-based attacks against commonly targeted applications including HTTP, RPC and FTP. These multimethod detection techniques, combined with an extensive, frequently updated signature database and false-positive tuning capabilities, ensure that no intrusion goes undetected.
When an attack is detected, Dragon Network Sensor employs a variety of Active Response techniques to block the would-be intruder, including taking action to stop the sessions and reconfiguring firewall policies or switch and router Access Control Lists.
Dragon Network Sensor offers market-leading deep Forensics capabilities, including flexible packet capture, complete session reconstruction, and highly configurable Session VCR (collects all session information for services such as HTTP, FTP, POP and certain IPs or networks) that is needed to analyze network-based attacks.
Intrusion Prevention sensors come ready to use "out-of-the-box" and easily integrate with your existing network infrastructure and security appliances. Enterasys Intrusion Prevention ships with a comprehensive set of pre-installed signatures, VoIP protocol decoders for SIP, MGCP, and H. 323 protocols, and advanced detection of malformed messages to help prevent Dos attacks.
GE500 Network Sensors appliances support 500 Mbps data rates and include two onboard ports plus one dual-port fiber or one dual-port 10/100/1000 copper LAN interfaces.
Open tunable signatures
Implementation, modification, and custom creation of signatures to detect the attacks unique to each environment.
Combines multiple network interfaces into a single traffic stream, enabling dual-tap - without a switch.
IP defragmentation and TCP/UDP stream reassembly
Identifies attackers who attempt to evade an IDS by distributing attacks over multiple packets.
Identifies attackers who hide an attack within an application protocol.
IDS denial of service
Countermeasures defeat tools such as "stick" and "snort".
Terminates an attack session via a TCP reset or ICMP unreachable message.
Stops attacks through Checkpoint firewalls and blocks hackers on most commercial switches and routers.
Defeats or confuses scanning techniques with false responses.