IntruPro™ Network Diagram
IntruPro™ Manager Software
IntruPro™ Inline IPS: Platform Components
The IntruPro platform represents the next generation in intrusion prevention systems and is based on Intoto's unique application-aware Inline IPS technology. The IntruPro platform includes integrated sensor software, a sophisticated management package, online real-time signature updates and system certification.
IntruPro's Inline IPS technology employs stateful application engines and a combination of advanced detection techniques, enabling highly accurate intrusion detection with a minimum of false alarms. The Inline IPS technology provides both intrusion detection and intrusion prevention, and enables greater accuracy and higher performance than traditional systems. The IntruPro sensor has been pre-integrated with most of the popular SoCs and embedded operating systems, including VxWorks® and embedded Linux®, enabling equipment manufacturers to accelerate time- to-market.
IntruPro sensor software (integrated in the appliance)
- Advanced detection techniques with Stateful application intelligence
- Configurable intrusion prevention capabilities
- Hardware acceleration support for high performance
IntruPro manager (installed on a computer)
- Comprehensive configuration capabilities with support for multiple sensors
- Real time monitors and alert functionality
- Extensive reporting capabilities
Centralized signature update server
- Real-time signature updates
- Provides centralized provisioning capabilities
IntruPro™ Sensor
- Intrusion detection and prevention engine
- Raw packet analysis
- Context based packet analysis
- Application intelligence
- Reduces false alarms by signature detection based on the state of the connection
- Traffic anomaly detection
- Port scan detection
- Probe detection
- OS finger printing
- Protocol anomaly detection
- Pattern less attack detection (ICMP, UDP Smurf, DNS spoofing)
IntruPro™ Manager
The IntruPro manager is a graphical user interface is used to configure and monitor sensors. It has extensive logging and reporting which enables the administrator to efficiently manage and maintain the Inline IPS system. The administrator can tune IntruPro to specific network requirements to increase the effectiveness of the system and reduce the number of false alarms generated.
- Configuration
- Rules classification based on intrusion family and protocol category
- Application of selected rules based on the multiple sensors
- Monitoring
- Configurable alert generation for event notification
- Real time attack graphs to monitor intrusions
- Reporting
- Report generation based on user configured parameters
- Intuitive charts and logs for forensic analysis
IntruPro™ Features Summary
| Stateful Application Engine |
- Reduced false alarms with Stateful application engine
- IPS signatures detection and prevention based on
- Raw packet analysis
- Context based packet analysis
- Application intelligence
|
| Anomaly Engine |
- Traffic anomaly
- Port scan detection, Probe detection
- OS finger printing
- Attacks spanning across multiple connections
- Protocol anomaly
- Pattern-less attack detection (ICMP, UDP Smurf, DNS spoofing)
|
| Anti-NIDS Techniques |
- URL encoding (Unicode processing)
- Reverse traversal, self-referencing directories
- Parameter hiding, multiple slashes
- Premature request ending, mis-formatting
- DOS directory syntax, case sensitivity
- TCP session splicing, fragmentation, Null method processing
|
| DoS Attack Defense |
- Defense for over 60 DoS attacks ( a complete list of these attacks can be provided upon request)
|
| Management and Configuration |
- Inline IPS Manager
- Dynamic Rule updates
- API definition and interface for custom management interface
- Add/delete/get statistics on rule
- Global statistics
- Number of intrusions
- Number of intrusions prevented
- Alerts
- Logs
|
| Logging and Reporting |
- Reports generation based on different selectors such as, priority, attack time and attack family
- CVE tragID in the log message for identification using third party tools
|
