Intrusion Prevention

Use of the Internet continues to evolve rapidly. Where once traffic was limited to the exchange of multimedia-related data, today it consists of large volumes of application-based data and interactive content. Data transactions are increasingly complex and it is no longer enough to simply use a firewall to block forbidden traffic.

Intrusion Prevention

Most network attacks primarily use web pages or authorized services such as email, instant messaging or IP telephony. Each of these applications uses a unique communications protocol. To block such attacks without affecting a company’s day to day business activity, it is necessary to provide protocol analysis. In evaluating intrusion prevention technologies, inspection performance and detection quality are key considerations. Optimal efficiency is achieved by the IPS sharing synergies with other technologies. Integrating an IPS with an application firewall, user recognition or vulnerability audit delivers improvements in its relevance. An IPS system can lie at the heart of a multifunctional firewall deployed at segmentation points. It can also operate in transparent mode without the need to modify an existing network infrastructure.

NETASQ’s solution

Every NETASQ firewall comes with IPS as standard.

NETASQ’s IPS is the result of 10 years of research. It combines several protocol and compartment analysis technologies to offer Zero-Day protection, detecting and blocking most threats even before they are published.

NETASQ’s IPS signature lists are updated automatically and NETASQ security monitoring devices add large numbers of signatures to their lists every day. NETASQ chooses the most effective protection technology to address each new security loophole.

Because the IPS function provides uniquely high levels of efficiency, it is included in performance statements for all NETASQ products. NETASQ’s combination of technologies allows you to choose the most appropriate protection for each threat, rather than being totally dependent upon signatures.

The result is optimum security levels which meet all your needs. Every NETASQ firewall comes with IPS as standard. Different configuration profiles are automatically selected, depending which is the most appropriate for the nature of the traffic flow. The result is higher security levels for all.

Developed within NETASQ’s operating system, the IPS engine offers real-time analysis of different traffic flows. It does not cut or copy either the data or the exchanges between the operating system and the detection software. The architecture is tailored to optimize performance and is particularly effective at high throughput levels or where absence of latency is a critical factor, such as in VoIP applications.

Zero-Day protection

Zero-Day protection eliminates the period of vulnerability for your enterprise. Protection is available, even when vulnerabilities are exploited before public notification. Every Zero-Day protection signature targets an abnormal behavior. The database is updated frequently to enable immediate detection of new threats.

Needs

Network security is a race against time in which attack often leads defence. Some attacks, known as Zero-Day exploits, spread before any official communication can be issued. Hackers take advantage of them before they can be notified to the software company or the world at large.

Once a threat is identified protection signatures are created and deployed as rapidly as possible. This is far more effective than waiting for days or even weeks for corrective action to be taken. But however short the period, the vulnerability is real. Anyone who is responsible for network security has to be constantly on the lookout for effective Zero-Day protection to counter Zero-Day exploits.

NETASQ’s solution

NETASQ’s intrusion prevention engine has been designed to maximize its Zero-Day protection capabilities. A number of complementary technologies are deployed:

  • protocol inspection
  • abnormal behavior detection
  • and pro-active creation of protection signatures

These three forms of analysis are effective because they don’t have to wait for a vulnerability to appear. The cornerstone of NETASQ Zero-Day protection is protocol inspection. NETASQ’s security monitoring teams anticipate future attacks by continuously adding new inspections for each protocol. Thus, the SIP voice protocol already incorporates various levels of protection against identity theft and denial of service. These effective analyses are activated on all.

Communation Channel Protection

IP telephony is a dual mode communications medium, employing one control channel and one data channel. NETASQ Firewalls deliver simultaneous protection to both channels and guarantee automatic management of communications ports for real-time data routing.

Needs

The implementation of IP telephony has seen enormous growth in recent years. Maturing technology and falling costs have coincided with the convergence of voice and data. Ceci conduit à une double interaction

  • The ability of the phone system to now carry network data enables resource optimization.
  • The network can also manage the telephony system and carry voice data.

However, these developments have been accompanied by a rise in malicious attacks exposing vulnerabilities associated with both technologies. IP networks and voice protocol weaknesses can be exploited by denial of service attacks at both the application and protocol levels.

Identity theft and unauthorised recording of telephone conversations can lead to malicious data access. SQL injection attacks result in the theft of confidential information. An effective security system is now a prerequisite for any organization wishing to protect its telephony and network assets.

NETASQ’s solution

NETASQ’s network protection solutions allow customers to secure all of their network assets. They guarantee the security of IP telephony systems, while their advanced functionality enables them to deal with the special requirements of real-time data and all aspects of converged voice and data networks.

Real-time IP telephony system performance

To ensure that security concerns do not prejudice performance levels, all standard NETASQ devices are supplied with the Intrusion Prevention Engine pre-activated. In addition, quality of service parameters are configured and managed to address problems such as latency and jitter.

IP Telephony

The vulnerabilities inherent in any IP telephony system represent a risk to security. Attacks can lead to denial of service, remote code vulnerability and hijacking of sensitive data. NETASQ solutions contain the NETASQ Vulnerability Manager.

The service delivers specific reports, seeks vulnerable devices and suggests appropriate corrective measures. Effective procedures can then be implemented to manage the vulnerability risks within an IP telephony system.