Upload
alexa-cox
View
213
Download
1
Embed Size (px)
Citation preview
REFLEX INTRUSION PREVENTION SYSTEM.
OVERVIEW• The Reflex Interceptor appliance is an enterprise-
level Network Intrusion Prevention System.
• It is designed to operate within an organization’s internal corporate network or outside the network firewalls.
• It is capable of protecting the network by proactively identifying and responding to attacks in real-time with or without human intervention.
PRODUCT DESCRIPTION• The Interceptor Management Console
consists of two components: – the Core (which collects and correlates attack
information from the Interceptors)
– the Client (the User Interface for monitoring attacks and managing the Interceptors).
PRODUCT DESCRIPTION• The Core consists of a Receiver and an Analyzer.
– The Receiver collects the communications from the remote Interceptor(s).
– The alerts are then sent to the analyzer, which aggregates and correlates all the alerts so that they can be displayed
• The second part of the IMC is the Client, the Graphical User Interface (GUI) that displays alerts and messages.
PRODUCT DESCRIPTION– Interceptor analysis includes the following
areas:Data/Payload Signature Analysis
Port Scan Detection
Packet Flood or Denial of Service (DoS) Detection.
SYN Flood Detection
Packet Header Signature Analysis
Stateful Fragmentation Analysis
Network-level Access Control
PRODUCT DESCRIPTION• Modular Approach:
– The DataEval module analyzes packet headers and payloads, matching them against known attack signatures.
– The FloodEval module is an anomaly-based module that detects flood-based Denial-of-Service (DoS) and Distributed DoS (DDoS) attacks.
– The PermEval module provides comprehensive permission validation for all network traffic.
PRODUCT DESCRIPTION• Modular Approach:
– The ProtoEval module is an anomaly-based module used to evaluate packets for gross malformations resulting from improper values in various protocol headers.
– ScanEval detects port scans using a proprietary trending cache.
– The SynEval module analyzes TCP SYN packets and patterns for anomalies.
LIVE DEMO AT CNC
REPORTSALERTS PER NAME OVER THE PERIOD OF TIME CAUGHT AND FILTERED BY IPS.
REPORTS
REPORTS