A software-based product that looks more closely at the content coming into the network than a firewall can. It also looks for known methods of attack and can be fine-tuned to look for attacks targeting only the platforms and applications used by your organization. This helps them operate most efficiently. The greatest benefit an IPS provides is prevention of new or previously unknown methods of attack before anti-virus signatures are available. Cisco IBM McAfee

• Cisco IPS 4200 Series IPS Edition
• Cisco ASA 5500 Series IPS Edition
• IDS Services Module-2

Go Top

Proventia Network Intrusion Prevention System (IPS)

The IBM Proventia Network Intrusion Prevention System (IPS) stops Internet threats before they impact your business and delivers protection to all three layers of the network: core, perimeter and remote segments. Preemptive protection, or protection that works ahead of the threat, is available from IBM Internet Security Systems through its proprietary combination of line-speed performance, security intelligence and a modular protection engine that enables security convergence.

The IBM Proventia Network Intrusion Prevention System (IPS) delivers network protection that is designed to:

• Stop threats before impact without sacrificing high-speed network performance.
• Provide a platform for security convergence that helps reduce the cost of deploying and managing point solutions.
• Protect networks, servers, desktops and revenue-generating applications from malicious threats.
• Conserve network bandwidth and prevents network misuse/abuse from instant messaging and peer-to-peer file sharing.
• Prevent data loss and aids compliance efforts.

The Proventia protection engine employs multiple intrusion prevention technologies working in tandem to monitor, detect or block these classes of network threats:

Blocking network threats and delivering security convergence at the core, perimeter and remote segments
By consolidating network security demands for data loss prevention and protection for Web applications, IBM Proventia Network IPS serves as the security platform that reduces the costs and complexity of deploying and managing point solutions for the network core, perimeter and remote segments.

When evaluating intrusion prevention technology, businesses often struggle to balance and optimize the following six areas:

• Performance
• Security
• Reliability
• Deployment
• Management
• Confidence

Proventia Network IPS delivers on all six counts, with performance, preemptive protection, high availability, simple deployment and management, and excellent customer support. Organizations that want to transfer the burden of protecting their network to a trusted security partner can rely on IBM to manage the Proventia product family. Proventia customers also benefit from a range of complementary consulting services for assessment, design, deployment, management and education.

Consolidating network security with preemptive protection

With its modular product architecture, IBM Proventia Network IPS drives security convergence by adding entirely new modules of protection as threats evolve. From worms to botnets to data security to Web applications, Proventia Network IPS delivers the protection demanded for business continuity, data security and compliance.

The IBM Internet Security Systems X-Force® research and development team designed the Proventia IPS protection engine and provide the content updates that maintain ahead of the threat protection. X-Force also designed the protection modules, which include:

• Virtual Patch® Management
• Threat Detection & Prevention
• Data Loss Protection
• Web Application Protection
• Network Security Enforcement

Monthly security effectiveness testing by NSS Labs
IBM is the first vendor to conduct monthly product testing to measure the security effectiveness across its entire product portfolio. These monthly tests are conducted by NSS Labs, a leading global independent testing lab that focuses on security product testing and certification, through its Security Update Monitor (SUM) program, a recurring monthly test of security effectiveness. IBM Internet Security Systems began measuring the effectiveness of its security products in 2002 to ensure that its strong research and development arm was keeping up with the ever-evolving threat landscape. In late 2008, the company chose to test its entire portfolio of products, from its unified threat management tool to host and network security, for third-party validation across its product portfolio.

Intrusion prevention at every layer
Learn how IBM Proventia Network IPS protects your network from unwanted traffic at every layer.

• Perimeter: IBM Proventia Network IPS blocks external threats at your network perimeter, before they affect your business.
• Core: IBM Proventia Network IPS delivers high throughput, maximum scalability and low latency to help secure the network core.
• Remote and Branch Office: IBM Proventia Network IPS extends IBM ISS' industry-leading intrusion prevention technology to the remote segments of your network.

Go Top

Host Intrusion Prevention for Servers

DataSheet

Benefits

• An aggressive, comprehensive defense strategy for your servers
  Three layers of protection—behavioral rules, signatures analysis, and stateful firewall for Microsoft Windows—prevent intrusions, protect assets, and keep your servers up and running; it defends your servers against unknown zero-day exploits.
• Protect enterprise servers worldwide
  McAfee Host Intrusion Prevention is centrally managed and scalable, so that you can deploy it across your entire enterprise for complete global protection with multiple language support.
• Stay ahead of threats with prioritized patch management
  Use the power of McAfee Host Intrusion Prevention against new vulnerabilities and exploits when they hit for more time to research, test, and deploy patches.
• Lower your costs and simplify management
  Reduce the frequency and urgency of patching systems; and, with its centralized streamlined management, you also lower system maintenance costs.

Features

• Web and database server protection
  Protect web and database servers from attacks like directory traversal and SQL injection attacks by using unique McAfee Host Intrusion Prevention protection technology.
• Vulnerability shielding
  Automatic security content updates target specific vulnerabilities and recognize unknown exploits and stop them from executing; security content updates do not require system reboots.
• Advanced application protection
  McAfee Host Intrusion Prevention puts an “envelope” around an application to prevent it from communicating with other applications; this prevents applications from being leveraged in any type of attack.
• Prevents buffer-overflow exploits
  McAfee Host Intrusion Prevention uses a patented host intrusion technology to prevent buffer-overflow attacks, one of the most common methods of attacking servers and desktops.
• Firewall protection
  Monitor both inbound and outbound network traffic on servers with the stateful Windows firewall; keep an eye on and protect applications that are installed on a server.

Go Top

Testimonials

"McAfee Host Intrusion Prevention is vital to protecting critical systems that run our databases, including human resource applications, operating room schedules, financial systems, and patient records."

—Ash Shehata - Director of Information Security and Telecom.

Host Intrusion Protection For Desktops

DataSheet

Benefits

• Guard desktops against rampant complex threats with layered protection
  Three layers of protection—behavioral and signature-based intrusion prevention (IPS), stateful firewall, and application control—prevent loss of confidential data by securing desktops from targeted attacks; it also defends against known and unknown zero-day exploits
• Security for workers on the go
  Protect your mobile workforce with nonstop security that travels with the laptops
• Patch less frequently and less urgently
  Have more time to research, prioritize, test, and deploy patches by using the power of McAfee Host Intrusion Prevention against new vulnerabilities and exploits: your IT staff maintain a high level of security but patch less frequently, less urgently, and on their own schedule
• Manage centrally—easily and more effectively
  Optimize and simplify management with McAfee ePolicy Orchestrator, our single, centralized console, which helps you oversee and administer all your protection; full integration with McAfee ePolicy Orchestrator® saves you money and time with significant operational efficiencies
• Integrated protection for your desktops and laptops
  McAfee Host Intrusion Prevention is an integral part of Total Protection for Endpoint, McAfee's comprehensive endpoint security solution; it’s also fully integrated into McAfee ePolicy Orchestrator®, the centralized, unified security risk management console that saves organizations money and time with significant operational efficiencies
• Simplify compliance efforts with greater visibility and control
  Monitor your security status and prove to stakeholders that all host intrusion prevention measures are in place for internal and regulatory compliance

Features

• Broadest intrusion prevention coverage
  Behavioral protection secures endpoints against unknown attacks; signature protection identifies and blocks known attacks; stateful firewall applies policies, bars unsolicited inbound traffic, and controls outbound traffic: application control specifies which applications can or cannot be run
• Custom, connection-based policies safeguard laptops when they’re off the network
  Apply different levels of security using rules based on the endpoint’s connection—on the corporate network, over VPN, or from a public network—with connection-aware protection; use quarantine mode to block remote users that fail security checks and prevent them from accessing the network
• Award-winning management technology
  Access centralized event monitoring reports, dashboard, and workflow with ePolicy Orchestrator; deploy, manage, and update agents and policies across various operating system and administer endpoint protection with one web-based console
• Gather all the details you need for compliance processes
  Collect attack details, complete with timestamps, for prompt compliance reporting, auditing, investigations, and response; customized dashboards deliver real-time compliance status and produce clear, easy-to-read reports for auditors and other stakeholders
• Vulnerability shielding
  Automatic security content updates target specific vulnerabilities and recognize unknown exploits and stop them from executing; security content updates do not require system reboots; updating signatures is similar to updating .DAT files

Testimonials

“McAfee's is the most complete offering of the three we examined. McAfee also has the easiest-to-use management suite of these products, something we feel is important.”

—Don MacVittie

A software-based product that looks more closely at the content coming into the network than a firewall can. It also looks for known methods of attack and can be fine-tuned to look for attacks targeting only the platforms and applications used by your organization. This helps them operate most efficiently. The greatest benefit an IPS provides is prevention of new or previously unknown methods of attack before anti-virus signatures are available.     Cisco IBM McAfee

• Cisco IPS 4200 Series IPS Edition
• Cisco ASA 5500 Series IPS Edition
• IDS Services Module-2

Go Top

Proventia Network Intrusion Prevention System (IPS)

The IBM Proventia Network Intrusion Prevention System (IPS) stops Internet threats before they impact your business and delivers protection to all three layers of the network: core, perimeter and remote segments. Preemptive protection, or protection that works ahead of the threat, is available from IBM Internet Security Systems through its proprietary combination of line-speed performance, security intelligence and a modular protection engine that enables security convergence.

The IBM Proventia Network Intrusion Prevention System (IPS) delivers network protection that is designed to:

• Stop threats before impact without sacrificing high-speed network performance.
• Provide a platform for security convergence that helps reduce the cost of deploying and managing point solutions.
• Protect networks, servers, desktops and revenue-generating applications from malicious threats.
• Conserve network bandwidth and prevents network misuse/abuse from instant messaging and peer-to-peer file sharing.
• Prevent data loss and aids compliance efforts.

The Proventia protection engine employs multiple intrusion prevention technologies working in tandem to monitor, detect or block these classes of network threats:

Blocking network threats and delivering security convergence at the core, perimeter and remote segments
By consolidating network security demands for data loss prevention and protection for Web applications, IBM Proventia Network IPS serves as the security platform that reduces the costs and complexity of deploying and managing point solutions for the network core, perimeter and remote segments.

When evaluating intrusion prevention technology, businesses often struggle to balance and optimize the following six areas:

• Performance
• Security
• Reliability
• Deployment
• Management
• Confidence

Proventia Network IPS delivers on all six counts, with performance, preemptive protection, high availability, simple deployment and management, and excellent customer support. Organizations that want to transfer the burden of protecting their network to a trusted security partner can rely on IBM to manage the Proventia product family. Proventia customers also benefit from a range of complementary consulting services for assessment, design, deployment, management and education.

Consolidating network security with preemptive protection

With its modular product architecture, IBM Proventia Network IPS drives security convergence by adding entirely new modules of protection as threats evolve. From worms to botnets to data security to Web applications, Proventia Network IPS delivers the protection demanded for business continuity, data security and compliance.

The IBM Internet Security Systems X-Force® research and development team designed the Proventia IPS protection engine and provide the content updates that maintain ahead of the threat protection. X-Force also designed the protection modules, which include:

• Virtual Patch® Management
• Threat Detection & Prevention
• Data Loss Protection
• Web Application Protection
• Network Security Enforcement

Monthly security effectiveness testing by NSS Labs
IBM is the first vendor to conduct monthly product testing to measure the security effectiveness across its entire product portfolio. These monthly tests are conducted by NSS Labs, a leading global independent testing lab that focuses on security product testing and certification, through its Security Update Monitor (SUM) program, a recurring monthly test of security effectiveness. IBM Internet Security Systems began measuring the effectiveness of its security products in 2002 to ensure that its strong research and development arm was keeping up with the ever-evolving threat landscape. In late 2008, the company chose to test its entire portfolio of products, from its unified threat management tool to host and network security, for third-party validation across its product portfolio.

Intrusion prevention at every layer
Learn how IBM Proventia Network IPS protects your network from unwanted traffic at every layer.

• Perimeter: IBM Proventia Network IPS blocks external threats at your network perimeter, before they affect your business.
• Core: IBM Proventia Network IPS delivers high throughput, maximum scalability and low latency to help secure the network core.
• Remote and Branch Office: IBM Proventia Network IPS extends IBM ISS' industry-leading intrusion prevention technology to the remote segments of your network.

Go Top

Host Intrusion Prevention for Servers

DataSheet

Benefits

• An aggressive, comprehensive defense strategy for your servers
  Three layers of protection—behavioral rules, signatures analysis, and stateful firewall for Microsoft Windows—prevent intrusions, protect assets, and keep your servers up and running; it defends your servers against unknown zero-day exploits.
• Protect enterprise servers worldwide
  McAfee Host Intrusion Prevention is centrally managed and scalable, so that you can deploy it across your entire enterprise for complete global protection with multiple language support.
• Stay ahead of threats with prioritized patch management
  Use the power of McAfee Host Intrusion Prevention against new vulnerabilities and exploits when they hit for more time to research, test, and deploy patches.
• Lower your costs and simplify management
  Reduce the frequency and urgency of patching systems; and, with its centralized streamlined management, you also lower system maintenance costs.

Features

• Web and database server protection
  Protect web and database servers from attacks like directory traversal and SQL injection attacks by using unique McAfee Host Intrusion Prevention protection technology.
• Vulnerability shielding
  Automatic security content updates target specific vulnerabilities and recognize unknown exploits and stop them from executing; security content updates do not require system reboots.
• Advanced application protection
  McAfee Host Intrusion Prevention puts an “envelope” around an application to prevent it from communicating with other applications; this prevents applications from being leveraged in any type of attack.
• Prevents buffer-overflow exploits
  McAfee Host Intrusion Prevention uses a patented host intrusion technology to prevent buffer-overflow attacks, one of the most common methods of attacking servers and desktops.
• Firewall protection
  Monitor both inbound and outbound network traffic on servers with the stateful Windows firewall; keep an eye on and protect applications that are installed on a server.

Go Top

Testimonials

"McAfee Host Intrusion Prevention is vital to protecting critical systems that run our databases, including human resource applications, operating room schedules, financial systems, and patient records."

—Ash Shehata - Director of Information Security and Telecom.

Host Intrusion Protection For Desktops

DataSheet

Benefits

• Guard desktops against rampant complex threats with layered protection
  Three layers of protection—behavioral and signature-based intrusion prevention (IPS), stateful firewall, and application control—prevent loss of confidential data by securing desktops from targeted attacks; it also defends against known and unknown zero-day exploits
• Security for workers on the go
  Protect your mobile workforce with nonstop security that travels with the laptops
• Patch less frequently and less urgently
  Have more time to research, prioritize, test, and deploy patches by using the power of McAfee Host Intrusion Prevention against new vulnerabilities and exploits: your IT staff maintain a high level of security but patch less frequently, less urgently, and on their own schedule
• Manage centrally—easily and more effectively
  Optimize and simplify management with McAfee ePolicy Orchestrator, our single, centralized console, which helps you oversee and administer all your protection; full integration with McAfee ePolicy Orchestrator® saves you money and time with significant operational efficiencies
• Integrated protection for your desktops and laptops
  McAfee Host Intrusion Prevention is an integral part of Total Protection for Endpoint, McAfee's comprehensive endpoint security solution; it’s also fully integrated into McAfee ePolicy Orchestrator®, the centralized, unified security risk management console that saves organizations money and time with significant operational efficiencies
• Simplify compliance efforts with greater visibility and control
  Monitor your security status and prove to stakeholders that all host intrusion prevention measures are in place for internal and regulatory compliance

Features

• Broadest intrusion prevention coverage
  Behavioral protection secures endpoints against unknown attacks; signature protection identifies and blocks known attacks; stateful firewall applies policies, bars unsolicited inbound traffic, and controls outbound traffic: application control specifies which applications can or cannot be run
• Custom, connection-based policies safeguard laptops when they’re off the network
  Apply different levels of security using rules based on the endpoint’s connection—on the corporate network, over VPN, or from a public network—with connection-aware protection; use quarantine mode to block remote users that fail security checks and prevent them from accessing the network
• Award-winning management technology
  Access centralized event monitoring reports, dashboard, and workflow with ePolicy Orchestrator; deploy, manage, and update agents and policies across various operating system and administer endpoint protection with one web-based console
• Gather all the details you need for compliance processes
  Collect attack details, complete with timestamps, for prompt compliance reporting, auditing, investigations, and response; customized dashboards deliver real-time compliance status and produce clear, easy-to-read reports for auditors and other stakeholders
• Vulnerability shielding
  Automatic security content updates target specific vulnerabilities and recognize unknown exploits and stop them from executing; security content updates do not require system reboots; updating signatures is similar to updating .DAT files

Testimonials

“McAfee's is the most complete offering of the three we examined. McAfee also has the easiest-to-use management suite of these products, something we feel is important.”

—Don MacVittie