Network Intrusion Prevention capabilities are part of the Cloud Edge base functionality. An Intrusion Prevention System
(IPS) identifies and stops many threats, exploits, back-door programs, and other attacks
as they
pass through the device. An IPS can bolster a firewalls security policy by ensuring
that traffic
allowed by the firewall rule policy is further inspected to make sure it does not
contain
threats.
IPS profiles determine the
level of protection against buffer overflows, illegal code execution, and other attempts
to
exploit system vulnerabilities. The default profile protects clients and servers from
known
threats.
Patterns used to detect threats are released before official updates or
patches become available—protecting businesses during this crucial period. Cloud Edge IPS is a deep-packet-inspection system which peers
inside the traffic packets and removes certain packets which contain undesired contents
that are
compared against a deployable rules list of several hundred patterns. This signature
list of
patterns is live-updated every few minutes and constantly adapts and evolves to keep
you
protected from threats as soon as they emerge or spread.
IPS provides support for the common attack types such as:
-
DoS/DDoS attacks
-
Protocol attacks
-
OS attacks
-
Application attacks
-
Malformed traffic/Invalid header attacks
-
Malware and blended attacks
-
TCP Segmentation and IP Fragmentation attacks
-
Port Scans
To assist you in understanding what threats Cloud Edge IPS profiles detect and provide protection against,
Cloud Edge provides the BID/CVE number for a detected IPS
violation where possible. See Where to Find IPS BID/CVE Information for details about where to find this information.
Use customized profiles to minimize vulnerability checking for traffic
between trusted security zones and to maximize protection for traffic received from
untrusted
zones (Internet) as well as the traffic sent to highly sensitive destinations (server
farms).
 |
Note
|