The ProtectPoint™ high-speed IDS/IPS detects anomalous, inappropriate, or other unauthorized data attempting to enter your network. The system captures and inspects all network traffic, regardless of whether it's permitted or not. When harmful or potentially harmful traffic is detected—at either the IP or application level—protective actions are automatically triggered.

A single deployment can monitor up to 4 network segments simultaneously with aggregate throughput 4 Gbps. Available models and their performance are shown in the table below:

Performance Options

The throughput shown in the table applies to inline IPS deployment. Higher throughput is available in out-of-band IDS deployment.

Our IDS/IPS service is non-intrusive to your network and includes the ability to detect and block more than 17,000 attack signatures. The system is automatically updated with new rules as new threats are identified.

Features

• High-speed, multi-segment coverage: Price and performance options suited to your environment and business needs.
• Comprehensive attack prevention: Prevents buffer overflows, stealth port scans, CGI attacks, SMB probes and NetBIOS queries, NMAP and other port scanners, backdoors, Trojans, and operating system and application system vulnerabilities, DDoS clients, and much more.
• Zero-day protection: Signatures are rapidly developed and deployed by the StillSecure Security Alert Team.
• Attack capture and forensics: Captures attack packets in their human-readable form from the offending IP address in a hierarchical directory structure and stores payload on encrypted security server for future analysis or prosecution.
• Stealth mode deployment: Deploys as a "passive trap" to record and report on the presence of unauthorized traffic such as NFS or Napster connections.
• Defends against the inside threat: Detects incidents originating from inside and outside the network perimeter.
• Anomalous Traffic Pattern Detection: Creates a trouble ticket if a host on your network exceeds average usage patterns for investigation and followup.

Reporting

Through our RADAR secure customer web portal, you query and extract stored information from our database of incidents generated and correlated by our alert system. Available reports document traffic and alerts by:

• Traffic Profile by Protocol shows the most common protocols that are directly associated with the alerts by percentage. It breaks down the different alerts and shows which protocols were utilized for the majority of alerts triggered from the network.
• Most Frequent Alerts section of the report shows the most frequently triggered signatures. The total number of alerts for each signature is displayed.
• Most Frequent Source and Destination IP Addresses displays the most frequent Source IP addresses that have triggered alerts upon entering or leaving the network.
• History of blocked IPs shows all IPs that have been blocked from the network in the past. It displays the blocked IP, the classification of the block by the analyst, the signature, and the timestamp of the block.