NFR brings a new look to IPS

NFR Security’s IPS product is largely what you’d expect for an enterprise-class IPS, with some nice touches, but the one thing that sets Sentivist apart from the competition is its presentation of data. The newly released Sentivist 5.0 helps you immediately visualize security events of magnitude, essentially giving you a vulnerability-driven network operations center.

A new front-end component called the Timeline view presents a right-to-left scrolling line of events along with a color-coded severity rating, providing an extremely useful 10,000-foot view of overall security posture. Not only could I drill from the top-level view down to the actual packet causing the alert in a few mouse clicks, but I could also create filtered Timeline views relevant to my organization. I could even pull out a specific event for later investigation.

As you would expect from an IPS today, NFR combines several methods for detecting threats and policy violations, including signature analysis, anomaly, protocol anomaly, and rate-based techniques. NFR also has what the company calls a hybrid detection engine, meaning that Sentivist can detect attacks of one protocol that are hidden in another protocol. And it can correlate seemingly unrelated events and present them as a more severe “meta alert.” NFR’s color-coding scheme makes it very easy to zero in on events of interest.

Sentivist 5.0 also adds firewall functionality and the ability to incorporate active vulnerability scans from Nessus and other assessment tools. The use of vulnerability data allows Sentivist to deploy signatures and prioritize attacks based on critical vulnerabilities known to be on your network.

NFR Sentivist 5.0
NFR Security
Cost: Starts at $7,500
Availability: Now