REFLEX INTRUSION PREVENTION SYSTEM. - PowerPoint PPT Presentation

1 / 11
About This Presentation
Title:

REFLEX INTRUSION PREVENTION SYSTEM.

Description:

The Interceptor Management Console consists of two components: ... ProtoEval module is an anomaly-based module used to evaluate packets for gross ... – PowerPoint PPT presentation

Number of Views:65
Avg rating:3.0/5.0
Slides: 12
Provided by: Far4151
Category:

less

Transcript and Presenter's Notes

Title: REFLEX INTRUSION PREVENTION SYSTEM.


1
REFLEX INTRUSION PREVENTION SYSTEM.
2
OVERVIEW
  • The Reflex Interceptor appliance is an
    enterprise-level Network Intrusion Prevention
    System.
  • It is designed to operate within an
    organizations internal corporate network or
    outside the network firewalls.
  • It is capable of protecting the network by
    proactively identifying and responding to attacks
    in real-time with or without human intervention.

3
PRODUCT DESCRIPTION
  • The Interceptor Management Console consists of
    two components
  • the Core (which collects and correlates attack
    information from the Interceptors)
  • the Client (the User Interface for monitoring
    attacks and managing the Interceptors).

4
PRODUCT DESCRIPTION
  • The Core consists of a Receiver and an Analyzer.
  • The Receiver collects the communications from the
    remote Interceptor(s).
  • The alerts are then sent to the analyzer, which
    aggregates and correlates all the alerts so that
    they can be displayed
  • The second part of the IMC is the Client, the
    Graphical User Interface (GUI) that displays
    alerts and messages.

5
PRODUCT DESCRIPTION
  • Interceptor analysis includes the following
    areas
  • Data/Payload Signature Analysis
  • Port Scan Detection
  • Packet Flood or Denial of Service (DoS)
    Detection.
  • SYN Flood Detection
  • Packet Header Signature Analysis
  • Stateful Fragmentation Analysis
  • Network-level Access Control

6
PRODUCT DESCRIPTION
  • Modular Approach
  • The DataEval module analyzes packet headers and
    payloads, matching them against known attack
    signatures.
  • The FloodEval module is an anomaly-based module
    that detects flood-based Denial-of-Service (DoS)
    and Distributed DoS (DDoS) attacks.
  • The PermEval module provides comprehensive
    permission validation for all network traffic.

7
PRODUCT DESCRIPTION
  • Modular Approach
  • The ProtoEval module is an anomaly-based module
    used to evaluate packets for gross malformations
    resulting from improper values in various
    protocol headers.
  • ScanEval detects port scans using a proprietary
    trending cache.
  • The SynEval module analyzes TCP SYN packets and
    patterns for anomalies.

8
LIVE DEMO AT CNC
9
REPORTS
  • ALERTS PER NAME OVER THE PERIOD OF TIME CAUGHT
    AND FILTERED BY IPS.

10
REPORTS
11
REPORTS
Write a Comment
User Comments (0)
About PowerShow.com