Intrusion Detection and Prevention
 
The Network Box IDP scans network traffic at the application level, and seamlessly blocks malicious behavior with zero latency. Protection against newly emerging threats is provided by a database of vulnerability-class based behavior anomalies and heuristic (expert system) anomaly-based behavioral analysis. This is updated in real-time, using Network Box's patented PUSH Technology.  
   
Features:
- 16,000+ Signatures.
- Zero latency, hybrid, multi-level, tightly integrated with Firewall.
- Active (blocks network traffic) and / or Passive (logs intrusion attempts).
- Real time (on demand), and periodic (summary) by SMTP e-mail.
- Blocks uncharacterized attacks before they have a signature.
- Types of intrusion detected: ICMP / IP, DoS, portscans, protocol level, application level.
 
   

There are four IDP modes offered by Network Box:


Front-Line IPS
Extremely light-weight, high-speed service, offering zero-latency protection, inline with the data-stream, against network worms, exploits and other such attacks. Operating in conjunction with the firewall, at the individual packet level (after fragment reassembly), the front-line IPS adds packet content inspection, rate limiting and traffic analysis to the base firewall capabilities.


Passive IDS
Alerting and logging of traffic, side-by-side with the data stream – useful for policy enforcement and more aggressive rules.


Active IDS
Alerting and logging of traffic, side-by-side with the data stream, but with the ability to actively teardown connections once malicious traffic has been identified.


Inline IPS
Alerting and logging of traffic, inline with the data stream; tightly coupled to the firewall, this is able to drop traffic before the remote system even sees it.