NFR Security Unveils Sentivist IPS Bringing Greater Confidence to Intrusion Prevention
Rockville, MD – July 19, 2004 – NFR Security, Inc., a leader in Intrusion Defense and Management, today launched its new Sentivist IPS appliance, an Intrusion Prevention System that combines a unique confidence indexing and fine-tuned control mechanisms to give customers a needed level of trust in deploying prevention systems in their networks. NFR Security’s new IPS product is a key component of the company’s Intrusion Defense and Management Suite that combines smart detection, trusted prevention and active management to reliably block unwanted traffic at the perimeter level. Available immediately, Sentivist IPS also offers application specific protection and is delivered as a complete turn-key appliance requiring no software installation or operating system configuration.
“IPS holds a tremendous amount of promise in helping companies stop malicious attacks, but there has been a consistent lack of trust in the technology. NFR Security has taken a critical first step in solving this problem,” said Brian Philips, Director of Technical Operations for NST, Inc., a Chicago-based full service network integrator. “By giving users the ability to index attack characteristics against network assets, NFR allows customers to measure threats and drop traffic based on a confidence level that they predetermine. Not only does this boost their confidence, but it also reduces their risk.”
Patent-Pending Confidence Indexing Increases Control and Trust
Unique to NFR Security’s Sentivist IPS is a new patent-pending Confidence Index technology, which allows prevention decisions to be configured by the user based on the risk profile of the organization. Using heuristics, the Confidence Index assigns a qualitative score to each detected event. This score denotes the system’s confidence in the veracity of the detected event. For example, for a known attack like MS03-026 or “Blaster”, the system can identify the malicious MS-RPC traffic based upon the actual malformation of a legitimate request, independent of whether or not it arrives on port 135 (MS-RPC) or port 445 (MS-RPC over SMB). In this case, the system will assign a high confidence score to the alert. However, in the case of a protocol anomaly, such as an unusually long FTP command, a lower confidence score would be assigned since the anomaly may indicate either a possible attack or benign misuse of the protocol by an application. Naturally the user can override the system assigned Index value and assign their own values as desired.
The security administrator can then set prevention levels such that only malicious traffic that can be detected with a high percentage of certainty will be dropped. Once comfortable with that level of accuracy, the administrator can adjust the percentage of certainty to increase prevention without compromising the risk of dropping legitimate traffic.
Greater Protection Across All Networking Layers
The Sentivist IPS uniquely offers users the flexibility to customize existing signatures and create new ones, including specific signatures for applications like Voice over IP, Instant Messaging, Peer-to-Peer, and more. It also offers White List capabilities to help users prevent self-inflicted denial of service to legitimate network users. Sentivist IPS is built on the company’s hybrid detection engine that gives users the most advanced methods for identifying attacks, including advanced signatures, protocol anomaly, state tracking and data context analysis.
With this level of sophistication, network and application-layer prevention can be configured to stop not only distributed DoS, backdoors and hybrid threats such as MS Blaster and SQL Slammer, but also SQL injection, command tampering and polymorphic buffer overflows.
Future of Intrusion Defense and Management
Sentivist IPS is a key component in NFR Security’s Intrusion Defense and Management product suite. As security architectures evolve to meet the needs of the next decade, conventional views of intrusion detection and intrusion prevention must similarly change. NFR Security’s new generation of Intrusion Defense and Management, incorporating critical elements of both IDS and IPS and adding a new layer of manageability and intelligence, provides reliable network protection at the perimeter and application layer. “NFR Security has been known in the industry for its robust technology, offering sophisticated levels of attack detection, customization of signatures and advanced tuning of the system,” said Andre Yee, president and CEO of NFR Security. “This deep strength and technical understanding enabled us to build a trusted prevention system that helps organizations better protect their networks while minimizing the time, cost and staff requirements associated with intrusion defense.”
Availability of Sentivist IPS
Available immediately, Sentivist IPS is delivered as a complete turn-key appliance requiring no software installation or operating system configuration.
About NFR Security, Inc.
NFR Security develops and markets a range of information security products that protect IT assets from external and internal attacks. NFR Security’s Intrusion Defense and Management solution combines smart detection, trusted prevention and active management to provide reliable network protection at the perimeter and application layer. NFR Security operates worldwide via an extensive network of channel partners and direct sales. Customers include Fortune 1000, utilities, pharmaceuticals, energy, telecommunications, financials and government agencies. The company is headquartered in Rockville, Maryland. Additional information about NFR Security can be found at www.nfr.com or by calling 1-800-234-8419.