Intoto´s IntruPro™

Next-Generation IPS (Intrusion Prevention System) for Networking OEMs

Home Technology Products Partners F.A.Q.Contact

IntruPro IPS Frequently Asked Questions

Q: What is IntruPro IPS solution?

A: IntruPro provides enterprise-class IPS capability. The IntruPro solution includes both software pieces and value-added services. The platform software includes both the IntruPro integrated sensor that runs embedded in a network security appliance and the IntruPro manager package which is a sophisticated configuration and forensic analysis tool. Real-time signature updates from a central server and system certification are two services that complete the IntruPro solution.

Q: How is IntruPro different from other IDS/IPS solutions?

A: IntruPro represents the next generation in intrusion prevention systems and is based on Intoto's unique patent-pending, application-aware Inline IPSTM technology. The Inline IPS architecture uses stateful application engines and a combination of advanced detection techniques to provide greater intrusion detection accuracy for reduced false alarms and higher performance than traditional IDS and IPS approaches. Furthermore, the Inline IPS architecture leverages the benefits of both signature based techniques and anomaly based detection.

Q: Why are the intrusion signature updates superior to others?

A: IntruPro signature updates do not rely solely on publicly available open source signatures as many SNORT-based IDS/IPS systems do. Intoto’s team of dedicated engineers continually develops signatures for new attacks by combining custom-developed signatures with hand-optimized, open-source signatures.

Q: How does application-aware technology assist with detection accuracy and performance?

A: The Inline IPS technology uses sophisticated application intelligence to classify traffic based on state, service and direction. The architecture tracks the state of the session by employing network, transport and application protocol engines. Application intelligence minimizes packet processing because only relevant rules need to be checked. This dramatically boosts the performance over traditional pattern matching and anomaly correlation techniques. The result is high detection accuracy with a minimum to zero false positives.

Q: How are new rules added to the signature database?

A: Intoto constantly updates the signature file on the central signature server which can be directly downloaded to the IntruPro™ Manager. In addition to the signature updates, IntruPro™ Manager allows users to manually add new entries using the user friendly graphical user interface wizard.

Q: What configuration can optimize the performance of the IntruPro™ solution?

A: IntruPro™ Sensor allows tuning of rules files to maximize the performance without compromising the security. By applying rules relevant to the network requirements, processing overhead can be reduced to offer greater performance.

Q: How does IntruPro™ Manager allow an administrator to customize log information?

A: Most of the intrusion detection/prevention systems generate a large number of logs making it virtually impossible for an administrator to go through each and every one of it and identify the attack. IntruPro™ Manager is designed to help administrators to efficiently look through logs by generating special event alerts. This customized information generates a message on conditions defined by the administrator.

Q: Can I buy IntruPro™ for my home computer to protect against intrusions?

A: No. IntruPro™ is an inline Network Intrusion Prevention System. It is a software that runs on the network equipment such as a router or a Firewall.