Next Generation Intrusion Prevention System
First Generation Network-based IPS was designed to place at the premier of a network, defending against DoS/DDoS attacks and accurately blocking a broad range of exploits. The primary goal of it was to effectively protect vulnerable hosts from external treats and exploitation. However, today’s network security architecture requires more than intrusion prevention capability. Numerous applications are running on an organization’s network each day, and threats may be embedded across these applications. Network visibility, bandwidth and traffic quota control, multiple cross-query capability, Botnets detection and blocking, User Identification, and Gateway Antivirus are crucial today, yet a traditional IPS does not have enough sophistication and capability to address them.
Broadweb EnforcerX is the Next Generation IPS, that can effectively help organizations to deal with these current and emerging threats.
In addition to the superior intrusion prevention capabilities that BroadWeb has offered in her IPS series products, the Next Generation IPS EnforcerX features these new functions:
Visibility and Controls Over ApplicationsIn recent years, the growth in popularity of Web 2.0, social networking sites, P2P fire sharing, instant messaging, streaming media, file download accelerators, etc, has been phenomenal. Some of these applications use stealthy protocols, which often encrypt transmissions or tunneling themselves through well-known ports such as HTTP or HTTPS. A traditional IPS employs DPI (Deep Packet Inspection) to identify application. DPI relies on known, static string patterns. This fact makes a traditional IPS fail to identify encrypted application traffics accurately. As a result, most networks are inundated with enormous volumes of traffics generated by evasive applications.
- Deep Visibility into Network Traffics
DPI alone has limitation in recognizing applications. Thus, requirements for deep visibility into network application are on the rise. EnforcerX employs patented EABSM techniques to establish unique Status for each evasive or encrypted application. It identifies a specific application only when an encrypted transmission is matched with multiple characters and statuses.
EnforcerX offers the industry leading capability in identifying more than 1800 applications, including Web, file transmission, email, P2P, IM, Streaming Media, VoIP, network gaming, stock and security, database, encrypted channel, remote terminal, and network management.
After you have gained full visibility into network traffics, controlling applications is then possible. You may choose to forbid the use of certain applications. For example: allowing instant messaging, but disable file sharing. Or you can block the use of tunneling applications to prevent leakage of classified documents.
Bandwidth and traffic quota control
When an organization fails to visualize application traffics, she is further faced with these security concerns:
Network bandwidth is largely occupied by bandwidth-hungry applications; simply expanding the bandwidth still does not help.
Businesses-critical applications are servicing at poor level of quality due to lack of network traffic control.
Since EnforcerX provides visibility and controls over applications, it provides powerful traffic control against specific host, application, and host segment. With the powerful capability, you can restrict bandwidth occupied by bandwidth-hungry applications while reclaim and guarantee bandwidth for business-critical applications.
Multiple Cross-query for Security Association Analysis
The Interactive Monitor function of Enforcer X system provides a variety of interactive query functions for you to pin point causes of events by drilling down their layers.
Such capability is crucial as it helps network administrators and information security risk auditors to make management decisions on risks while maintaining network performances of mission critical networking applications.
Botnets Detection and Blocking
Broadweb’s next generation IPS EnforcerX offers advanced features to guard against botnets:
- C&C detection: C&C is the abbreviation of Command & Control. When a bot-infected host is connecting with a C&C server, special signature may exist in the communication packets. When these signatures are detected, the host will be recorded as a C&C activity participant.
- RBL detection: RBL is the abbreviation of Real-time Blacklist. EnforcerX keeps a BotNet blacklist containing suspected IPs and URLs. When a host machine is connecting with these RBL IPs or URLs, the host will be recorded as a RBL activity participant.
User Identification/ Authentication
A traditional IPS shows source/destination of an attack in terms of IP address. This practice makes it difficult for a network administrator to know exactly who is in danger or who is the source of the danger. EnforcerX supports User Identification/ Authentication that maps Active Directory and LDAP users to security events. This feature helps improve audit controls and regulatory compliance by linking events directly to individual users.
Gateway Anti-Virus (HTTP, FTP, POP3, IMAP, SMTP)
A traditional IPS does not support antivirus. But it is an essential part to deploy anti-virus capabilities at the gateway. Equipped with Kaspersky’s virus database, EnforcerX supports gateway-level, stream-based malware scanning. HTTP, FTP, POP3, IMAP, and SMTP are supported. EnforcerX scans both inbound and outbound traffics of these protocols for malware including viruses, worms, spyware, backdoors, Trojans and keyloggers.
Web Application Firewall
EnforcerX provides a Web Application Firewall module that protects web applications from common attacks, including SQL injections, cross-site scripting attacks, OS command injections, web server scanning, directory traversal, malicious crawlers, buffer overflows, and web server attacks. It also offers functions of URL keyword filtering and blocking particular file type files from uploading to a web server.
NGIPS vs. IPS
Today’s network security architecture requires more than intrusion prevention capability. Organizations need to deploy NGIPSes to guard against blended attacks and maintain high levels of security. What set a NGIPS apart are application awareness and control, bandwidth and traffic quota control, advanced cross-query capability, anti-botnet capability, user identification, and gateway anti-virus. BroadWeb is proud to announce the release of EnforcerX, which is the Next Generation IPS that can effectively help organizations to deal with these current and emerging threats.