redborder is probably the best solution based on Open Source available on the market for managing IPS probes based on Snort, Suricata and Bro or our own redborder IPS probes. The management inherits all of our platform’s advantages based on Big-data, enabling larger scaling for large deployments on a global scale and applying administration to multi-tenant technology.
With redborder you can fully manage the IDS/IPS Open Sources of the organisation, making it possible to integrate redborder IPS sensors or even Snort probes.
Thanks to the information gathered by the probes and sensors, the security status of our organisation can be supervised, enabling a thorough and detailed security analysis which allows for action to be taken should possible attacks against our technology infrastructure be detected.
The redborder IPS sensor has different operating modes which adapt to the requirements of the infrastructure.
The device behaves like a standard IDS network in which the specific role of one or several of the interfaces is to monitor the network traffic in order to detect malicious activity.
This is a mode that enables you to simulate a TAP with software. Traffic passes in both directions through the two network interfaces which make up the inspection segment and a copy of said traffic is sent to the detection engine so that it can be analysed.
The device works like a standard IPS. The traffic is inspected and resent by the detection engine only if it is established that it is not a threat. If an attack is detected, the bundle can be blocked according to the configuration of the security policy in application.
If the action to be applied when correspondence requires a signature is to reject the bundle, this is done and a “should be rejected” alert is generated. This is useful for evaluating the mode and the set of rules without affecting traffic.
Can be installed in devices which meet some minimum connectivity and capacity requirements.
We have devices which are specifically designed for inspecting different volumes of information and which are equipped with frontal connectivity and bypass by hardware.
Can be installed in virtualized systems without any special adaptation in IDS SPAN mode. In other modes, the virtual networks which make up the segment must be isolated.
Equally, a previously-prepared image can be used to install in OpenStack (vIPS VNF) cloud deployments.
Download the brochure of IPS