Enterasys Delivers Industry-Leading Distributed Intrusion Prevention System
Enterasys is excited to introduce our new Distributed Intrusion Prevention System (IPS) – the industry’s first and only method to identify and automatically contain threats on every wired and wireless network connection in multi-vendor environments. The Enterasys Distributed Intrusion Prevention System cost-effectively address real-world operational requirements by:
- Identifying a vulnerability, threat or security event
- Mitigating an attack by dropping the attack packet(s)
- Reporting the details of the attack
- Locating the exact physical source of the attack
- Containing the threat by removing the source from the network
Extending IPS Protection to Every Edge Access Port
Traditional IPS and firewalls fall short of providing effective threat containment and can expose the enterprise to unacceptable levels of risk. A traditional IPS can stop an attack from reaching its target but it leaves the source of the attack connected to the network, free to attempt another attack against another target. Firewalls offer threat containment for attacks originating from the Internet but offer no help for the 80% of all threats that originate from the network access edge.
By extending proactive protections to every LAN edge access port, deploying Enterasys Distributed IPS can avoid the performance bottlenecks and scalability limitations inherent with traditinal in-line IPS. Enterasys Distributed IPS allows IT Operations to react quickly and effectively in mitigating a threat to prevent critical business processes from being impacted - ensuring continuity of operations and reducing overall risk to the business.
Automatic, Proactive Containment and Removal of Threats
Unlike traditional IPS solutions that cannot provide critical threat identification, location, containment, and removal capabilities; the Enterasys Distributed IPS solution removes the source of the attack’s access to the network and reconfigures network devices from Cisco, Enterasys, Foundry, HP ProCurve, Juniper, Nortel, and other vendors to prevent future access.
Depending on the capabilities of existing switches, automatic responses can range from throttling inappropriate traffic and/or blocking individual user/device access (for Enterasys policy-enabled switches), assigning packets to a quarantine VLAN (for all RFC 3580 compliant switches) or turning off the port (for any SNMP MIB II compliant switches). Enterasys Distributed IPS can also play a key role in post-connect Network Access Control (NAC) for continuous threat analysis, network behavioural analysis and deep packet inspection to assist in data leakage protection.
Pricing and Availability
The Enterasys Distributed Intrusion Prevention System solution is composed of Dragon® IDS/IPS and NetSight® Automated Security Manager software which can be deployed as appliances or embedded inside the Matrix N-Series flow switch. It is available immediately from authorized Enterasys distributors and value-added resellers worldwide. For more information please read the solution brief.
What they are saying...
“Network security needs to be built-in everywhere, rather than bolted-on somewhere. Enterasys advanced security software delivers fully distributed protection from both internal and external threats without having to deploy appliances on every wire. Rather than just telling you that a threat exists – we make it easy to immediately remove the threat from any multi-vendor network without impacting performance.”
Mike Fabiaschi, Enterasys President and CEO.
“Self-securing networks are one step closer to reality with this cost-effective approach. As network security evolves from access control to content control, enterprises need a way to dynamically protect the network infrastructure from accidental and malicious attacks – without deploying expensive security appliances everywhere.”
Charlotte Dunlap, Current Analysis Senior Analyst
“Assume an attacker has penetrated a network and corrupted some hosts. The ideal response gathers evidence of the attacker’s activity, removes the attacker’s access to the network, undoes the damage, and reconfigures the network to resist the attacker’s penetration technique.”
NIST Interim Report (IR) – 6416