IPS

redborder is probably the best solution based on Open Source available on the market for managing IPS probes based on Snort, Suricata and Bro or our own redborder IPS probes. The management inherits all of our platform’s advantages based on Big-data, enabling larger scaling for large deployments on a global scale and applying administration to multi-tenant technology.

With redborder you can fully manage the IDS/IPS Open Sources of the organisation, making it possible to integrate redborder IPS sensors or even Snort probes.

Thanks to the information gathered by the probes and sensors, the security status of our organisation can be supervised, enabling a thorough and detailed security analysis which allows for action to be taken should possible attacks against our technology infrastructure be detected.

Characteristics

The redborder IPS sensor has different operating modes which adapt to the requirements of the infrastructure.

  IDS SPAN

The device behaves like a standard IDS network in which the specific role of one or several of the interfaces is to monitor the network traffic in order to detect malicious activity.

  IDS FORWARDING

This is a mode that enables you to simulate a TAP with software. Traffic passes in both directions through the two network interfaces which make up the inspection segment and a copy of said traffic is sent to the detection engine so that it can be analysed.

  IPS

The device works like a standard IPS. The traffic is inspected and resent by the detection engine only if it is established that it is not a threat. If an attack is detected, the bundle can be blocked according to the configuration of the security policy in application.

  IPS TEST

If the action to be applied when correspondence requires a signature is to reject the bundle, this is done and a “should be rejected” alert is generated. This is useful for evaluating the mode and the set of rules without affecting traffic.


Installation modes

  Bare metal

Can be installed in devices which meet some minimum connectivity and capacity requirements.

  redborder appliances

We have devices which are specifically designed for inspecting different volumes of information and which are equipped with frontal connectivity and bypass by hardware.

  Virtual on-premise

Can be installed in virtualized systems without any special adaptation in IDS SPAN mode. In other modes, the virtual networks which make up the segment must be isolated.

  Virtual on cloud

Equally, a previously-prepared image can be used to install in OpenStack (vIPS VNF) cloud deployments.


Advantages

  • Centralised, hierarchic and multi-domain administration for local Snort deployments.
  • Integrated graphic management, simple and user friendly.
  • Unbeatable ROI.
  • Real time, scalability, multi-tenant, Cloud ready and Stack based on BigData.
  • Models with integrated SSL traffic inspection.

IPS

Download the brochure of IPS

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read more