Welcome to Secure Datacom Inc.  

Perimeter Security
Network Security
Data Security
Security Services



. : Perimeter Security Solutions – Intrusion Prevention


McAfee®, Inc.

McAfee, www.mcafee.com

Solution Overview:

McAfee IntruShield Network IPS Appliances - Defend your network from threats and attacks

Proactively protect your network infrastructures and endpoints from zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention, available only in the McAfee IntruShield Network IPS Appliance

  • Risk-aware  intrusion prevention - Delivers prioritized risk management by identifying and blocking your most relevant alerts and attacks; integrates with market-leading vulnerability management solutions like McAfee Foundstone by importing and correlating risk assessment information
  • Advanced Web client protection - Proactively protects web browsers and desktops from spyware, malware, phishing and cyber attacks; prevents downloading of unwanted programs and stops unauthorized network access
  • Next-generation DoS prevention - Advanced real-time protection against sophisticated denial-of-service attacks, including DoS, DDoS and SYN Floods.
  • Encrypted attack prevention - Proactively protects critical e-commerce infrastructure against encrypted attacks with real-time SSL decryption and inspection technology
  • Infrastructure protection - Preemptive, zero-day vulnerability protection against attacks targeting mission-critical routers, switches, perimeter firewalls and DNS servers 
  • Block botnets - Proactively blocks the installation, communication and activation of malicious distributed botnets
  • VoIP vulnerability protection - Proactively protects against underlying VoIP protocol vulnerabilities, while preserving VoIP application and voice-quality integrity

McAfee Host Intrusion Prevention for servers

Your corporate servers are critical to your operation. They house your most valuable information assets and keep your business alive. Don’t let your servers go down or succumb to identity theft and corporate espionage. With McAfee Host Intrusion Prevention, you get multiple layers of protection to keep your servers up and running and secure.

  • Web and database server protection - Protect Web and database servers from attacks like directory traversal and SQL injection attacks by using unique McAfee Host Intrusion Prevention protection technology
  • Vulnerability shielding - Automatic security content updates target specific vulnerabilities and recognize unknown exploits and stop them from executing; security content updates do not require system reboots
  • Advanced application protection - McAfee Host Intrusion Prevention puts an “envelope” around an application to prevent it from communicating with other applications; this prevents applications from being leveraged in any type of attack
  • Prevents buffer-overflow exploits - McAfee Host Intrusion Prevention uses a patented host intrusion technology to prevent buffer-overflow attacks, one of the most common methods of attacking servers and desktops
  • Firewall protection - The firewall enables monitoring of both inbound and outbound network traffic on a servers and also provides the ability to monitor and protect the applications that are installed on a server

For more information:

IntruShield Brochure:

http://www.mcafee.com/us/local_content/datasheets/
ds_intrushieldsecuritymanagement_ent.pdf

Other document resources: http://www.mcafee.com/us/enterprise/products/library.html

 

Radware Application Delivery

Radware, www.radware.com

Solution Overview:

Responding to this challenge, from the core to the perimeter, Radware’s DefensePro provides your enterprise with comprehensive inline intrusion prevention, anomaly detection and denial of service (DoS) protection from a wide variety of known attacks and unknown, zero-day attacks. Protecting against worms, viruses, spyware, pre-attack probes and other threats, this easy-to-use, scalable solution proactively prevents both network- and application-level attacks while ensuring high performance for legitimate application traffic, even when under attack. DefensePro’s customized, ASIC-based hardware architecture ensures unparalleled security, availability and performance. Software-based throughput upgrades maximize investment protection, allowing you to scale your solution easily and affordably. The real-time dashboard offers an intrusion like radar defense view and drilldown for identifying threat activity in process.

Radware’s DefensePro integrates multiple layers of security, including signature-based protection, protocol anomaly protection, encrypted SSL attack protection, access control, and bandwidth management. Moreover, it is the industry’s first solution to fully integrate adaptive, behavior-based protection capabilities to provide unparalleled security. The solution employs adaptive behavioral analysis to immediately identify and mitigate a wide range of threats – including zero-day attacks - without requiring human intervention.

For more information:

Radware DefensePro Brochure:

http://www.radware.com/content/document.asp?_v=about&document=7016

Radware DefensePro IPS/Dos Brochure:

http://www.radware.com/content/document.asp?_v=about&document=7156

Radware Customers:

http://www.radware.com/content/company/customers/default.asp

 

StillSecure - Network security software

StillSecure, www.stillsecure.com

Solution Overview:

Strata Guard™ is an award-winning family of network-based intrusion detection/prevention systems (IDS/IPS) that provide real-time, zero-day protection from network attacks and malicious traffic. With four different models and two deployment options, Strata Guard protects your enterprise from the network perimeter to the core, including remote and internal segments (shown in the graphic below).

Strata Guard employs six distinct attack-detection technologies for comprehensive network protection. With signature-based and behavior-based attack detection, deep packet inspection, and protocol anomaly analysis, Strata Guard terminates network-, application-, and service-level attacks including worms, Trojans, spyware, port scans, DoS and DDoS attacks, server exploit attempts, and viruses before they infiltrate the network and cause real damage.

Beyond blocking malicious attacks, Strata Guard enforces your network usage polices and can block peer-to-peer file sharing, instant messaging, chat, prohibited browsing activity, and worm propagation. It detects anomalous activity such as spoofed attack source addresses, TCP state verification, and rogue services running on the network.

Deployment for attack detection and attack prevention - Strata Guard can be installed anywhere the potential for attack exists: at the perimeter, internally, in the DMZ, and between strategic segments (e.g., remote offices, partners) where organizations need to control direct links to un-trusted networks.

Strata Guard is deployable in both in-line and out of band configurations:

In-line deployment:

  • True IPS functionality
  • React instantaneously to attacks; drop offending packets (i.e., Pre-emptive policies™)
  • Highest level of protection—attacks can't penetrate the network
  • Allows you to move from IDS to IPS functionality at your own comfort level

Out-of-band deployment:

  • Blocks attacks by inserting rules into firewall (i.e., Responsive policies)
  • Provides history of attack events
  • Forensic tracking
  • Multi-level attack detection
  • Strata Guard’s Dynamic Attack Detection™ technology applies a combination of detection methods with the goal of identifying all possible malicious traffic. Dynamic Attack Detection includes:

Strata Guard rules conform to the industry-standard Snort format. Strata Guard can be configured to check for updated SAT rules as frequently as every hour, or users can download rule updates on demand, ensuring up-to-the-minute protection against newly released threats. Custom rules can be easily created to address organization-specific threats and policy compliance.

Strata Guard qualifies attacks through its Dynamic Attack Qualification™ technology. This combination of powerful qualifying techniques isolates the real threats to your network, and eliminates the overwhelming majority of attacks as false-positives.

Dynamic Attack Qualification includes:

  • Accessible Device Protection™ (ADP) – Scans the network, discovering all devices and open ports; as a result, attacks aimed at inaccessible devices or ports are ignored.
  • Vulnerable Device Protection™ (VDP) – Creates a protective, attack-blocking shield around devices with known vulnerabilities. Vulnerabilities can be imported from the StillSecure VAM vulnerability management platform or entered manually.
  • Quick Tune™ – Eliminates attacks based on the types of devices and operating systems on your network.
  • Intelligent Attack Profiling™ (IAP) – Allows you to define the attack-specific profile that qualifies an attack as a legitimate threat within your business environment. Configurable profile parameters include: attack type, attack severity, source and destination IP address, source and destination port, number of attack occurrences, attack time of day. Attacks not conforming to a given profile are ignored.

Strata Guard’s multiple attack-blocking options provide flexibility and control over how you respond to attacks. You can implement a default blocking strategy to ensure a base level of protection, and create custom blocking strategies for specific attacks. Strata Guard can be set to automatically block attacks upon detection, or it can prompt you, allowing you to investigate the attack before committing to a specific course of action. Attack blocking techniques include:

  • Dropping attack packets (in-line deployment only) – Prevents any part of an attack from infiltrating the network. Combines packet payload analysis with traditional packet header analysis at the kernel level.
  • Block attack source IP/ port – Blocks the current attack from progressing and ensures that the attacker cannot launch future attacks. Traffic from the source IP / port or session is temporarily prohibited from entering the network.
  • Secure TCP reset – Terminates traffic without letting it pass through to the target and resets the offending session. Unlike other IPS tools, Strata Guard does not send a reset command back to the originating host, so the attacker receives no indication that the session has been actively terminated.
  • Execute a custom command script – Allows administrators to create custom responses for specific attack types.
  • Notifications – Alerts users of an attack via SNMP trap and/or email; logs the attack event

For more information:

StillSecure - Network security software

StillSecure, www.stillsecure.com

Solution Overview:

Strata Guard™ is an award-winning family of network-based intrusion detection/prevention systems (IDS/IPS) that provide real-time, zero-day protection from network attacks and malicious traffic. With four different models and two deployment options, Strata Guard protects your enterprise from the network perimeter to the core, including remote and internal segments (shown in the graphic below).

Strata Guard employs six distinct attack-detection technologies for comprehensive network protection. With signature-based and behavior-based attack detection, deep packet inspection, and protocol anomaly analysis, Strata Guard terminates network-, application-, and service-level attacks including worms, Trojans, spyware, port scans, DoS and DDoS attacks, server exploit attempts, and viruses before they infiltrate the network and cause real damage.

Beyond blocking malicious attacks, Strata Guard enforces your network usage polices and can block peer-to-peer file sharing, instant messaging, chat, prohibited browsing activity, and worm propagation. It detects anomalous activity such as spoofed attack source addresses, TCP state verification, and rogue services running on the network.

Deployment for attack detection and attack prevention - Strata Guard can be installed anywhere the potential for attack exists: at the perimeter, internally, in the DMZ, and between strategic segments (e.g., remote offices, partners) where organizations need to control direct links to un-trusted networks.

Strata Guard is deployable in both in-line and out of band configurations:

In-line deployment:

  • True IPS functionality
  • React instantaneously to attacks; drop offending packets (i.e., Pre-emptive policies™)
  • Highest level of protection—attacks can't penetrate the network
  • Allows you to move from IDS to IPS functionality at your own comfort level

Out-of-band deployment:

  • Blocks attacks by inserting rules into firewall (i.e., Responsive policies)
  • Provides history of attack events
  • Forensic tracking
  • Multi-level attack detection
  • Strata Guard’s Dynamic Attack Detection™ technology applies a combination of detection methods with the goal of identifying all possible malicious traffic. Dynamic Attack Detection includes:

Strata Guard rules conform to the industry-standard Snort format. Strata Guard can be configured to check for updated SAT rules as frequently as every hour, or users can download rule updates on demand, ensuring up-to-the-minute protection against newly released threats. Custom rules can be easily created to address organization-specific threats and policy compliance.

Strata Guard qualifies attacks through its Dynamic Attack Qualification™ technology. This combination of powerful qualifying techniques isolates the real threats to your network, and eliminates the overwhelming majority of attacks as false-positives.

Dynamic Attack Qualification includes:

  • Accessible Device Protection™ (ADP) – Scans the network, discovering all devices and open ports; as a result, attacks aimed at inaccessible devices or ports are ignored.
  • Vulnerable Device Protection™ (VDP) – Creates a protective, attack-blocking shield around devices with known vulnerabilities. Vulnerabilities can be imported from the StillSecure VAM vulnerability management platform or entered manually.
  • Quick Tune™ – Eliminates attacks based on the types of devices and operating systems on your network.
  • Intelligent Attack Profiling™ (IAP) – Allows you to define the attack-specific profile that qualifies an attack as a legitimate threat within your business environment. Configurable profile parameters include: attack type, attack severity, source and destination IP address, source and destination port, number of attack occurrences, attack time of day. Attacks not conforming to a given profile are ignored.

Strata Guard’s multiple attack-blocking options provide flexibility and control over how you respond to attacks. You can implement a default blocking strategy to ensure a base level of protection, and create custom blocking strategies for specific attacks. Strata Guard can be set to automatically block attacks upon detection, or it can prompt you, allowing you to investigate the attack before committing to a specific course of action. Attack blocking techniques include:

  • Dropping attack packets (in-line deployment only) – Prevents any part of an attack from infiltrating the network. Combines packet payload analysis with traditional packet header analysis at the kernel level.
  • Block attack source IP/ port – Blocks the current attack from progressing and ensures that the attacker cannot launch future attacks. Traffic from the source IP / port or session is temporarily prohibited from entering the network.
  • Secure TCP reset – Terminates traffic without letting it pass through to the target and resets the offending session. Unlike other IPS tools, Strata Guard does not send a reset command back to the originating host, so the attacker receives no indication that the session has been actively terminated.
  • Execute a custom command script – Allows administrators to create custom responses for specific attack types.
  • Notifications – Alerts users of an attack via SNMP trap and/or email; logs the attack event

For more information:
Strata Guard technical summary More »
Strata Guard product datasheet More »
Strata Guard feature list More »
Case Study: UCH Hospital More »
Case Study: Red Cliff MSSP More »

Reflex Security, www.reflexsecurity.com

Solution Overview:

Reflex Security’s ThreatIQ™ suite (threat inspection and quarantine) is unique to the industry, combining network intrusion prevention, network discovery and host quarantine into one solution.

The ThreatIQ suite features the Reflex IPS platform, Network Discovery module, Network Defender module and Reflex Command Center. This comprehensive system provides enterprises with a solution for network visibility and accurate threat inspection/ mitigation, assuring that their network defense is always one step ahead of today’s dynamic and evolving threat environment and collapsing perimeter defense.

Intrusion Prevention - The cornerstone of the ThreatIQ suite is Reflex's industry-leading Intrusion Prevention system (v5.0). Reflex’s signature, anomaly, and rate-based algorithms facilitate automated defenses against a wide range of attack vectors – malicious content, DoS, anomalies, access violations, viruses, and spyware. By operating inline and performing deep packet inspection on all network traffic, the Reflex IPS can block and filter illegitimate traffic flows with pinpoint precision.

Network Discovery - Integrated into the Reflex IPS sensor, Reflex’s Network Discovery technology passively records all existing hosts and their services, and gives context to potential threats by correlating them in realtime with the Reflex IPS engine. Reflex Security’s Network Discovery makes inspection more precise and less prone to false positives. Even if no immediate anomaly or threat is detected, changes of service or an appearance of a new device on the network can trigger an action depending on the organization’s policy.

Network Defender - The Reflex Network Defender module has the ability to quarantine a host from a network by communicating with a switch and blocking the host’s port, surgically removing it from the LAN. By extending its protective umbrella beyond the network segment the IPS sensor operates on, Network Defender enables preventative measures anywhere on the network.

Reflex Command Center - The Reflex Command Center combines a powerful, centralized configuration and management console, comprehensive reporting tools and ease-of-use in a unified solution. Features include real-time security event correlation and aggregation with adaptable correlation algorithms, centralized security dashboard with simple, easy-to-use GUI and unique user profiles, and comprehensive management reporting with automatic report delivery via email and web publishing.

For more information:

Reflex datasheet: http://www.reflexsecurity.com/products/ReflexIPS.pdf

Reflex press releases: http://www.reflexsecurity.com/news/index.php

To know more about any of Secure Datacom’s Security Solutions, contact your SDI salesperson or email us.

SDI ©Copyright 2005 home | partners | security | IP telephony | networking | professional services | training | contact
Security Incident Management Web Application Security Content Filtering Load Balancing Traffic Optimization Intrusion Prevention Wireless Security Firewall & VPN Vulnerability Assessment Patch Management NAC, End Point Security Authentication, SSO, & Access Control A/V, Spyware, Internet & Email Security Data Backup & Recovery Data, Email & Portable Device Encryption