Distributed Intrusion Prevention System
Automatically Sense and Respond to Threats in Real-Time
Extending IPS Protection to Every Edge Access Port
Traditional IPS and firewalls fall short of providing effective threat containment and can expose the enterprise to unacceptable levels of risk. As the majority of threats now originate from inside the organization rather than outside, security needs to be everywhere, rather than just at select perimeter locations. Network access layer threats can come from malicious employees; however, the more likely scenario is compromised end systems accidentally infected with malware. In either case, the best practice response to a threat must include containing or removing the source of the attack. An IPS can stop an attack from reaching its target but it leaves the source of the attack connected to the network, free to attempt another attack against another target. Firewalls offer threat containment for attacks originating from the Internet but offer no help for the 80% of all threats that originate from the network access edge.
“ Assume an attacker has penetrated a network and corrupted some hosts. The ideal response gathers evidence of the attacker’s activity, removes the attacker’s access to the network, undoes the damage, and reconfigures the network to resist the attacker’s penetration technique.”
NIST Interim Report (IR) – 6416
In order to meet the National Institute of Science and Technology (NIST) recommendation, the IPS must detect the attack, mitigate or stop the attack and, most importantly, it must contain or remove the source of the threat. The simplest and most effective way to do this is to remove the source of the attack’s access to the network and to reconfigure the network to prevent future access. Traditional solutions fail to provide these critical location, containment, and removal capabilities.
The Distributed Intrusion Prevention System is the industry’s first comprehensive IPS solution to cost-effectively address real-world operational requirements.
