The Enterasys Intrusion Prevention System (IPS) is unique in its ability to gather evidence of an attacker's activity, remove the attacker's access to the network, and reconfigure the network to resist the attacker's penetration technique. The IPS stops attacks at the source of the threat and can proactively protect against future threats and vulnerabilities. Offering an extensive range of detection capabilities, host-based and network-based deployment options, a portfolio of IPS appliances, and seamless integration with the Enterasys Secure Networks architecture, the IPS utilizes a state-of-the-art high-performance, multi-threaded architecture with virtual sensor technology that scales to protect even the largest enterprise networks.
The Intrusion Prevention System is a core component of the Enterasys Secure Networks architecture. When deployed in combination with Enterasys SIEM and NMS Automated Security Manager (ASM), it facilitates the automatic identification, location, isolation, and remediation of security threats. Enterasys IPS also integrates seamlessly with Enterasys Network Access Control (NAC) for post-connect monitoring of behavior once network access has been granted.
Enterasys advanced in-line Intrusion Prevention is designed to block attackers, mitigate Denial of Service (DoS) attacks, prevent information theft, and ensure the security of Voice over IP (VoIP) communications - while remaining transparent to the network. Built upon the award-winning intrusion prevention technology, Enterasys IPS can alert on the attack, drop the offending packets, terminate the session for TCP and UDP-based attacks, and dynamically establish firewall or Secure Networks policy rules. Enterasys IPS leverages thousands of vulnerability and exploit-based signatures.
Host-based threat prevention
Enterasys host sensors are security applications used to detect attacks on a network server in real time. Host intrusion detection is particularly valuable in environments where AES, SSL, IPsec, or other encryption schemes are deployed because the sensor analyzes the decrypted data. Enterasys host sensors monitor individual systems running today's most common operating systems for evidence of malicious or suspicious activity in real time. Host sensors use a variety of techniques to detect attacks and misuse, including analyzing the security event log, checking the integrity of critical configuration files, and checking for kernel level compromises. This hybrid approach helps organizations meet compliance requirements mandated by regulations including PCI, HIPAA and Sarbanes-Oxley.
Enterprise Management Server (EMS)
Enterasys Enterprise Management Server (EMS), with its client-server architecture, offers efficient, centralized management for all of the components offered with Enterasys IPS. The EMS provides reporting and management services for all deployed network and host sensors. The EMS provides in-depth reporting and archiving of security event and network activity.
Enterasys IPS virtual appliances
Enterasys IDS network sensor and Enterprise Management Server (EMS) can be deployed on VMware ESX servers. With these virtual machine options, enterprises gain additional, cost-efficient, network threat protection and the ability to monitor both the physical and virtual network. Leverage the enterprise's virtual environment for added security with the benefits of cost savings from using existing hardware, and reduced time to value.
Event Flow ProcessorProduct Highlights
Event Flow Processor (EFP) is a security appliance used to scale Intrusion Prevention deployments for very large networks. Event flow processors are strategically placed on the network to aggregate event data from multiple network and host sensors, and report to the centralized Enterprise Management Server. This is particularly useful for organizations with multiple high traffic remote sites.
- Protect networked resources by removing an attacker's ability to continue an attack or to mount an attack
- Real-time dynamic attacker containment limits security incident impact
- Works with multi-vendor enterprise edge switching products
- Protection against emerging Voice over IP vulnerabilities, Day Zero threats, and advanced Denial of Service attacks
- Flexibly deployed as an appliance and/or virtual appliance enabling cost efficient threat detection and monitoring for both the physical and virtual networks
- Supports inspection and reporting for IPv6 networks extending IPS/IDS capabilities into next generation networks
- Unmatched threat detection and containment that leverages sophisticated signature, application, protocol, and behavioral analysis
- Ready to protect out-of-the-box with powerful configuration tools for customization and advanced control