V-Secure IPS Version 7.0 adds bi-directional, behavior-based protection, taking aim at internal networks
In an effort to thwart never-before-seen attacks, anomaly-based intrusion prevention systems shun the use of signatures and instead apply fancy algorithms to distinguishing illegitimate network traffic from legitimate activity. In the case of the V-Secure IPS, those techniques include comparing the behavior of individual connections to accepted protocol standards, comparing general traffic characteristics to baselines of normal behavior, and using fuzzy logic to determine degrees of anomaly and make blocking decisions in real time.
In a recent demo at InfoWorld’s offices, V-Secure Technologies’ Avi Chesla and Lou Guia showed off the IPS’s ability to block dangerous traffic — including UDP (User Datagram Protocol) and TCP Syn floods and an IP sweep attack — while allowing legitimate traffic (Web server requests in the demo) from the same source IP. According to Chesla, the secret sauce is a “closed loop” filtering process, through which the IPS continually re-evaluates the parameters (source port, packet size, time to live, and so on) being used to block the attack. The closed loop is designed to avoid false positives and allow the IPS to dynamically adjust filters as attacks change.
The software learns normal network behavior automatically, and it adapts to changes in normal traffic over time. Administrators can set rate limits on inbound and outbound TCP, UDP, and ICMP (Internet Control Message Protocol) traffic, and they can configure security policies for the entire network and for specific hosts.
Until now, V-Secure IPS has been geared to blocking attacks at the network gateway. Version 7.0 introduces bi-directional protection and worm defenses (i.e., protection against abnormal port activity), making a case for deployment on internal LAN segments.
V-Secure IPS Version 7.0
Cost: Appliance: V-10, starts at $15,000; V-100, starts at $25,000; V-1000, starts at $40,000; NetVisor management software, starts at $3,000 per server plus $2,000 per managed device
Available: now shipping
Android 5.1 fixes a lot of what's wrong in 5.0.
Macworld goes hands-on with Apple's thinnest, just-announced laptop. It's so thin, it can only fit a...
With only the third CEO in the company's history, Microsoft did not want to remain complacent and on...
Sponsored by Nuage Networks
Sponsored by Fibre Channel Industry Association
Will Google deliver a solid, modern approach to telephony for a mobile, multipoint, commingled world?
The dreaded mega merger is kaput, but the central problem remains: We need more ISP competition
Your computer's next point of failure might be further up the stack than you think
Enterprises continue to fumble open source, largely because they misunderstand its value