Intrusion Prevention

The character of today's security threats clearly shows us the professionalism and cunning with which systematic intrusions into corporate networks are planned and rolled out. Despite considerable investments in security systems, it is evident that conventional packet filters and proxies provide insufficient protection from attacks at application level or from vulnerability exploits. Therefore, there is a need for systems that combine various detection mechanisms in order to ensure identification and automatic prevention of derivatives of known and previously unknown attacks (zero-day attacks).

Protect your data

Ascertain what information is being transmitted over your network and might exit your network. With a modern intrusion prevention system that filters malware from the data stream and adjusts itself, you can ensure effective protection of your corporate assets.

• Internet data Customers, business partners, employees
• E-mail data Customers, business partners, employees
• Data of application and Web services Customers, business partners, internal data
• VPN data External and mobile users
• Internal security threats Suppliers, external employees, disgruntled employees

Intrusion detection (IDS) vs intrusion prevention (IPS)

Intrusion detection systems are responsible for detecting attacks on or within your network. In contrast, the ability to react to threats by analysing the network traffic is referred to as intrusion prevention. Though the approach is basically the same as that of the intrusion detection system, there are additional mechanisms that can be used to interfere with the network traffic. Thus, the intrusion prevention system blocks attacks that would compromise your system.

The sensitivity of an intrusion prevention system ("what is to be blocked?") is reciprocal to the criticality of your system ("what is the objective of the attack?") and can be configured individually. In this way, you can handle different areas of your network differently.

Precision ‒ a precondition for prevention

Intrusion detection with countless false positives is a phenomenon that belongs to the past. Automated defence against attacks without human intervention, i.e. active intrusion prevention, automatic detection of malware, and correlation with existing vulnerabilities, is technically mature and ready for deployment. Investing in intelligent IPS solutions truly pays off!  

The highly available Computer Emergency Response Team (CERT) of the past has been replaced by the more reliable and cost-efficient lean virtual Security Operations Centre (SOC). Thanks to the combination of diverse detection methods (heuristic procedures, multi-stage analysis, deep packet inspection, signature-based detection, protocol anomaly detection, traffic anomaly detection, DoS detection), precisely functioning IPS solutions of various vendors are capable of filtering attack packets even from gigabit data streams without impairing mission-critical applications and generating false positives.

Even the analysis of SSL-encrypted traffic has become a reality, since especially HTTPS gives attackers the possibility to camouflage attacks with tunnelling. This is possible due to a number of important further developments: 

• ASIC/FPGA-based system architecture for wire-speed performance
• Greatly improved detection accuracy
• Failure tolerance for in-line operation
• Finer granularity in the definition of policies

Thinking means comparing ...

In recent years, the security experts of iT-CUBE SYSTEMS have implemented numerous IDS/IPS solutions for customers with diverse requirements.We have a wealth of practical know-how and review our product portfolio every year. We conduct intensive tests to analyse the features of various IPS solutions. On the basis of these results, we offer our customers state-of-the-art technology whose value propositions can be verified in practice.