intrusion

Produced by McAfee, and the only Host-based IPS (HIPS) tested, Entercept monitors events at the operating system or application server level. As it does not deal with network-based exploits, it is very complementary to existing solutions that deal with attacks on that level, such as firewalls and network-based IDS or IPS products. The latest version adds welcome new features such as a new licensing scheme, key backup capabilities, additional reports, OS lockdown and custom signatures, as well as numerous improvements "under the hood."

Based on standard and custom-designed processors, the NAI IntruShield system is a high-performance appliance that offers real-time network intrusion detection and prevention against known and unknown, denial-of-service (DoS) attacks for enterprise networks.

Proventia G Series is a new range of turnkey intrusion prevention appliances from ISS. They are designed to proactively block malicious attacks from entering the network, including denial-of-service (DoS), intrusions and malicious code, backdoors and hybrid threats like MS Blaster or SQL Slammer. Proventia G Series blocks attacks in real-time, minimizing the need for active administrator involvement in most security events.

The IDP-500 is a turnkey appliance-based system which uses as many as eight detection methods to detect malicious network traffic. This Intrusion Detection and Prevention (IDP) System is capable of operating in in-line mode as an Intrusion Prevention System (IPS) or as a passive Intrusion Detection System (IDS) attached to a span or mirror port on a switch.

Based on custom-designed high-speed security processors, the UnityOne network-based Intrusion Prevention Appliances (IPA) and Intrusion Prevention Systems (IPS) are designed to stop cyberattacks in the network before such attacks can infect, damage or destroy core IT assets.

Top Layer's Attack Mitigator IPS is actually a family of ASIC-based Network Intrusion Prevention Systems (NIPS), with blocking and control against certain types of cyber attacks. The product tested is the Attack Mitigator IPS 2400, a combination of multiple Attack Mitigator IPS 1000 and load-balancer units.

The Entercept system, now acquired by Network Associat-es, has in its latest version bought a major revision to how software runs in the enterprise.

Accomplished hackers will always perform some sort of reconnaissance on a target network before mounting an attack - finding out details such as operating system types, application version, etc. The idea behind ActiveScout is that if the application can detect this activity it can later prevent it. Bogus host or port data traffic is marked, and the application responds to any future activity it thinks is coming from an attacker with such marked data. It then blocks the packets and stops any damage ever occurring.

Top Layer Networks' Attack Mitigator lies at the traditional end of intrusion prevention. It aims to defend against both internal and external hackers using denial-of- service (DoS) and distributed denial-of-service (DDoS), as well as giving broad protection against other well-known attacks. This is done using a mixture of stateful inspection hardware and packet inspection software.

Primary Response is the first product to come from Sana Security (formerly Company 51). The software is based on research that began in the mid-nineties and uses techniques more akin to the human immune system than conventional network security.

This product essentially takes over from where BlackICE Guard left off. The current version offers greater protocol analysis pattern-based detection and a few bug fixes thrown in for good measure.