|
Sentivist IPS |
|
|
NFR
Security |
http://www.nfr.com/solutions/sentivist-ips.php |
|
Sentivist IPS identifies and blocks known and unknown malicious
attacks to the network and hosts on the network - before they can
impact your organization. It features full protocol decoding and
application prevention for not only common protocols such as HTTP,
SMTP, DNS, FTP, SMB, MSRPC, etc, but also some of the lesser used
protocols such as SIP
(VoIP) and many P2P and IM protocols. In addition to application
layer
detection and prevention, Sentivist IPS detects and prevents Floods,
BruteForce attacks, Trojans, Worms, and other types of attacks. To
top it off, NFR's IPS can also be configured as a standard stateful
firewall for customers looking to kill two birds with one stone on
their internal network segments. NFR's unique Confidence Indexing
and Impact Assessments make it easy for admins to quickly enable and
disable prevention on various classes of attacks
|
|
COMMERCIAL |
Information Updated:21 Nov 2004 |
|
DefensePro |
|
Appliance |
Radware
Ltd. |
http://www.radware.com/content/products/dp/default.asp |
|
DefensePro features inline security switching and accelerated,
stateful, deep-packet inspection to bi-directionally scan and protect
all network traffic against application level attacks.
DefensePro immediately isolates attacks by dynamically managing
bandwidth to stop propagation across users and resources while
ensuring the complete continuity and performance of all secure traffic
to proactively control impact and limit damage. DefensePro intercepts
over 1,200 malicious signatures, hidden worms and viruses, blocking
application attacks at an unmatched speed of 3-Gigabits/Sec.
Identifying and mitigating protocol and traffic anomalies in
real-time, DefensePro prevents DoS/DDoS and SYN floods, safeguarding
against all illicit traffic patterns and hacking.
Combining ultra-high processing power with plug-and-defend advanced
application security services DefensePro secures mission critical
applications across high-speed/high capacity environments. |
|
COMMERCIAL |
Information Updated:29 Jan 2004 |
|
 |
|
UnityOne
|
|
Appliance |
TippingPoint Technologies, Inc. |
http://www.tippingpoint.com/products.html |
|
As packets pass through the IPS, they are fully
inspected to determine whether they are legitimate or malicious.
Through its Infrastructure Protection capabilities, UnityOne
protects routers, switches, DNS and other critical infrastructure
from targeted attacks and traffic anomalies. UnityOne Performance
Protection capabilities enable customers to throttle non-mission
critical applications that hijack valuable bandwidth and IT
resources, thereby aligning network resources and business-critical
application performance. |
|
Commercial |
Information Updated: 09 Nov 2004 |
|
Border
Guard |
|
Linux RedHat |
Latis Networks |
http://www.stillsecure.com/index.jsp?sector=products&sub_sector=
bg&cur_page=bg_gateway |
|
Border Guard Gateway, our in-line
intrusion prevention system (IPS), instantly terminates attacks,
ensuring harmful traffic never reaches your network.
Border Guard Gateway contains the exclusive Pre-emptive policies™
technology that responds to attacks by instantaneously dropping the
harmful packets. Pre-emptive policies are one of the many
user-configurable options Gateway provides for blocking and generating
alerts about network attacks. |
|
COMMERCIAL |
Information Updated: 03 Jan 2004
|
|
Hogwash
Pretty much superseded
by snort_inline |
|
Linux |
|
http://hogwash.sourceforge.net
|
|
Hogwash is designed to take out 95% of the stock attacks thrown at
your network. Hogwash lives inline like a firewall, but it works
differently. Instead of closing ports like a traditional firewall,
it drops or modifies specific packets based on a signature match.
Hogwash lives directly on top of the network driver, so it doesn't
require an IP stack to work. It stops attacks that can't be blocked
by a traditional firewall and can be used to protect systems that
are unpatchable for one reason or another. The signature matching
engine is based on Snort.
|
|
Freeware |
Information Updated: 25 Jan 2002 |
|
StoneGate IPS
(Not Inline) |
|
Appliance |
StoneSoft Corporation |
http://www.stonesoft.com/en/products_and_solutions/products/ips/ |
StoneGate IPS is an intrusion
detection and analysis system that detects malicious or
inappropriate traffic, accurately identifies them, and
responds accordingly. It has sensors for accurate
detection in gigabit environments and separate
analyzer(s) for intelligent event correlation,
With StoneGate IPS, accurate event detection is enabled
through the context-sensitive use of multiple detection
methods. A Sensor rule base allows administrators to
predetermine and automatically apply the best
combination of detection methods for each traffic type.
|
|
Commercial |
Information Updated: 16 Dec 2004 |
|
IntruShield |
|
Appliance |
Network Associates Technology, Inc |
http://www.mcafeesecurity.com/us/products
/mcafee/network_ips/category.htm?cid=10355 |
|
The IntruShield architecture integrates
signature, anomaly and Denial of Service (DoS) analysis techniques,
enabling attack detection and prevention at multi-gigabit speeds.
This networks from the threat of known, first-strike (unknown), and
DoS attacks. The IntruShield product family includes the IntruShield
4000, IntruShield 2600 and IntruShield 1200—three network intrusion
detection and prevention sensor appliances that provide the
performance and functionality required to protect high availability
networks |
|
COMMERCIAL |
Information Updated: 04 Jan 2004 |
|
|
|
iPolicy Intrusion Prevention Firewall |
|
Appliance |
iPolicy Networks |
http://www.ipolicynetworks.com/products/ipf.html |
|
Intrusion Detection and Prevention
The iPolicy Intrusion Prevention Firewall integrates an Intrusion
Detection and an Intrusion Prevention engine that provide
comprehensive, high performance, real-time attack detection and
prevention.
iPolicy Networks’ Intrusion Detection System (IDS) utilizes multiple
detection techniques to identify attacks to form a comprehensive
real-time wire speed detection engine. It employs signature-based
detection to identify known network-based attacks. Signatures are the
most accurate mechanism for positively identifying attacks and iPolicy
IDS/IPS signature database has over 2000 entries. In addition, an
application-aware protocol anomaly engine detects Day Zero type of
attacks and a statistical traffic anomaly engine provides the ability
to detect suspicious behavior and Distributed Denial of Service (DDoS)
attacks. Furthermore, the iPolicy IDS engine overcomes many forms of
attack obfuscation, such as attacks spread over several packets,
Unicode encoding, and other tricks used by hackers to foil detection.
The Intrusion Prevention capability builds on the Intrusion Detection
by triggering a select set of protective actions when an intrusion or
attack is detected. The dynamic nature of the iPolicy Intrusion
Prevention Firewall IDS enables the network security administrator to
configure proactive real time responses to attacks. Multiple response
actions can be supported concurrently: silent drop of malicious
packet, reset of session, use firewall to close a port or to disallow
all traffic from offending source IP address for a defined duration
(dynamic firewall hardening), session and bandwidth rate control to
mitigate DDoS attacks, send an alarm message, log an event.
iPolicy Networks’ default IPS configuration is factory-set to
automatically block attacks characterized with unambiguous signatures.
Users may configure automated actions for any signature match or
attack detection. To prevent or minimizing false positives they should
first assess their network vulnerabilities and fine tune intrusion
detection to match their network and traffic environment. |
|
COMMERCIAL |
Information Updated:
05 June 2006 |
|
Netscreen |
|
Appliance |
Netscreen Technologies
Inc, |
http://www.juniper.net/products/intrusion/ |
|
NetScreen-IDP was built from the
ground up to combine all available detection methods in a single
solution. The NetScreen-IDP Multi-Method Detection (MMD™)
mechanism integrates Stateful Signature, Protocol
Anomaly,Backdoor,Traffic Anomaly, IP Spoofing, Layer 2 and Denial of
Service Detection, as well as a Network Honeypot, to provide
the broadest and most efficient attack detection coverage available. |
|
COMMERCIAL |
Information Updated: 03 Jan 2004
|
|
RealSecure Guard |
|
NT4.0 SP6a
Windows 2000 |
Internet Security Systems |
http://www.iss.net/products/RealSecure_Guard_10_/product_main_page.html
|
|
RealSecure® Guard 10/100, an inline
network intrusion prevention system (IPS), actively protects network
segments, including mission critical systems by automatically blocking
malicious attacks. Unlike most inline intrusion detection and response
systems, RealSecure Guard 10/100 reduces the amount of administrator
intervention by immediately responding to attacks as they occur.
RealSecure Guard 10/100 ensures accurate detection and prevention
capabilities without decelerating network links or otherwise slowing
down traffic. |
|
Proventia G Appliance |
|
provides
the same market-leading intrusion prevention technology in an
integrated appliance format that reduces acquisition, deployment, and
management costs. |
|
COMMERCIAL |
Information Updated: 04 Jan 2004
|
|
|
|
SecureNet IDS/IPS
|
|
|
Intrusion inc |
http://www.intrusion.com/Default.aspx?DN=bee1192e-5a5b-4a44-b653-efce9f846523 |
|
Beyond firewalls, making your network secure requires visibility into the nature and characteristics of network traffic
for identifying and controlling threats from unauthorized users, back-door attackers, and worms and other network malware.
The Intrusion SecureNet System provides critical deep-packet analysis and application awareness, and can be deployed passively
for intrusion detection (IDS) or actively for intrusion prevention (IPS). In both deployment scenarios, the SecureNet System
gives you unsurpassed intelligence about the traffic on your network and removes all of the guesswork involved with establishing
perimeter defenses.
The SecureNet System can be deployed with the broadest range of network configurations. Passive intrusion detection deployments
are possible without costly switch and router resources or reconfiguration, and without creating a failure point in the network.
Intrusion prevention deployments can be configured to block or pass network traffic on failure, with the option for hot-standby
and high availability.
* Software and hardware appliance options
* Available for 10, 100, 250, 1000 Mbit/s networks
* Industry leading price / performance metrics
* Tweak, tune, and create pattern-matching and protocol-decode signatures
* Highly scalable and flexible management with Provider interface
When used for detection, prevention, or both, the Intrusion SecureNet technology is peerless in accurately detecting attacks and
proactively reporting indicators of future information loss or service interruption. By using pattern matching for performance
and protocol decoding for detecting intentional evasion, polymorphic attacks, as well as protocol and network anomalies, the
SecureNet System is ideal for protecting critical networks and valuable information assets. The SecureNet family uses a hybrid
detection model allowing quick and easy updating of network signatures. It also has a scripting language and graphical interface
for tuning, tweaking and creating highly accurate and very specific protocol decode detection signatures. |
|
COMMERCIAL |
Information Updated: 01 Nov 2006 |
|
Snort_inline |
|
*nix |
|
http://sourceforge.net/projects/snort-inline/ |
|
snort_inline is basically a
modified version of Snort. It accepts packets from iptables, via
libipq, instead of libpcap. It then uses new rule types to tell
iptables if the packet should be dropped or allowed to pass based on
the snort rule set.
[talisker]
check out
http://www.honeynet.org/tools/-
[Modifications to Snort that can block or
modify attacks based on matching signatures. Works with rc.firewall
script to inspect, then act upon, inbound and outbound packets.
Based on Snort 2.0.] |
|
Freeware |
Information Updated: 29 Sep 2003 |
|
Last page update: 06
Sep 2007 |
|
