Overview

Bluedon’s Intrusion Prevention System (BD-IPS) is a network security appliance; it monitors network and system activities for malicious activity and provides users the maximum security against emerging threats in real time. BD-IPS protects against network and application-level attacks, securing organizations against intrusion attempts, malware, Trojans, DoS and DDoS attacks, malicious code transmission, zero-day attack, Botnet attack, backdoor activity and blended threats.

Advantages

l         Monitor network traffic flows in real time

l         Overall monitor, collect, analysis information effectively

l         Easily set traffic flow of the monitored IP address, the port, total flows

l         Accurately show the intrusion behavior and related data, real-time alarm in a various ways

l         Bypass, transparent, gateway, hybrid access and etc. deployment mode

l         Context-based, protocol-based, abnormal-traffic-based detection

l         Support detection of IP, ICMP, TCP, UDP, Telnet, HTTP, etc.

l         Combine with the other switches, internal/external firewall together for the overall defense.

Features

Features

Description

Deployment

★       Bypass, transparent, gateway, hybrid access and etc. deployment mode supported

Multiple Protocol Support

★       ARP, RPC, HTTP, FTP, TELNET, SMTP supported

★       Automatically detects, blocks, drops suspicious traffic

★       Based on signature, protocol analysis, abnormal behavior detection

Analysis and Detection

★       IP fragment reorganization, TCP flow reconstruction, port scan detection, BO attack analysis, abnormal profile analysis, ARP treat analysis, UNICODE vulnerability analysis, RPC request analysis, short alarm re-analysis, threshold modification, multi segment detection supported , and etc.

Attack Signature Model Library

★       Virus signature over 8000, including DOS/DDOS, TELNET attack

★       Regular updates by the Bluedon Internet Threat Response Team

★       Customized signatures by organizations

Powerful Worm Detection

★       Strong separation skill

★       Over 1000 rule on worm detection

★       In real time

Based on Service Real-time Attack Detection

★      HTTP, TELNET, SMTP, MS SQL, DNS

Abnormal Detection

★      Self-learning design on analyzing new kinds of attack, variant, abuse

★      Based on information of normal network, detect anomalies in network, and automatically analysis

Violations Detection

★       Custom defined rules

★       Monitor connections among hosts, protect the most important machines, and alarm as requested.

Network Traffic Analysis

★       Statistics, analysis of network traffic flow

★       Discover abnormal and alarm

Flexibly Set Up Strategy

★       Custom strategy

★       Huge amount of strategy patterns to choose

Real-time Updating

★       BD-IPS has a updating module for system updating in real-time

★       Update while working

Update Attack Pattern

★       Regular update attacking pattern library

★       Update attacking pattern library on emergency

★       Custom defined attacking recognize rules

Remote Updating

★       Remote updating supported

★       Remote update signature libraries of attack, modular of the system

Detect, Analysis, Report In Real Time

★       Continuous monitor Network traffic and analysis

★       Once suspicious behavior discovered, BD-IPS accurately alarm on the intrusion behavior and related data in real time

Various Ways of Alarm

★       Ways of alarms supported: sound, graphic, e-mail, message, etc.

★       Via wireless network, wire network, telecommunication, etc.

Multiple Network Segments Detection

★       Detect over several network segments

★       Over 5 network segments per detect engine

Monitor and Manage

★       Hierarchical monitor and centralized Manage

★       Graphic console

★       Power ability in recording and querying

Logging & Reporting

★       Layer-7 Identity-based logging and reporting with username, source, destination, period of activity

★       Dashboard, top alerts, attackers and victims with severity of attacks

★       Report form: TXT, HTML, PDF

Interaction Security

★       BDSEC, OPSEC, etc. protocol supported

★       Interact with Bluedon’s or the other third-party products, eg. Firewall.

2.4     Product parameters

 

Category

Parameters

Product architecture

★     Rack-mounted(hardware) intrusion detection/ Prevention equipment

★     Deployment mode: bypass, transparent, gateway, hybrid access

★     Multiple network segmentation, cross network segmentation, multiway hybrid IPS deployment

★     Hardware support for HA high reliability, hot standby, dual power supply

Network Performance

★      Accelerated 100/1000M Ethernet interfaces>=6

★  1G SFP fiber interface supported

★     The number of simultaneous connections >=1,000,000

★     The number of new connection established per second >=40,000

★     Processing ability>=1Gbps

★     IPS recovery ability >=600Mbps

Network Service

★     DHCP supported

★     IP-MAC overall/partly-bind supported

★     DNS proxy supported, static and dynamic DNS service supported

★     Alarm on ARP cheating and IP address cheating

★     RIP/OSPF/BGP supported

Intrusion detection

★     The integrated use of session state detection, application layer protocol analysis, misuse detection, abnormally detection, custom protocol detect supported

★     VLAN Trunk, SSL encrypted data detection supported

★     IP fragment reorganization, TCP flow reconstruction, short alarm re-analysis, threshold modification, multi segment detection supported

★     Over 5000 rules detection, compatible with CVE, BugTraq

★     Reset security policy based on source, destination, protocol, event, risk level, time, address

Intrusion Prevention

★     Virus signature over 8000

★     Customized signature supported

★     DOS/DDOS attack prevent

★     Data mining, correlation, analysis in real time, reconstruct the intrusion behavior

★     Intercept: online active barrier, bypass blocking interception, firewall intercept

★     Real-time defense: online communication interrupt, firewall, block the packet

System Management

★     Web client management

★     Various kinds of graphical reports, classified by Intrusion sources, target, time, events

★     Log management

★     Various kinds of logs: Local log record (configurable disk), log derived (text, CSV and etc.), automatically backup from remote syslog server;

★     Deliver the log by mail supported

★     Alarm over phone/message supported