Presentation on theme: "REFLEX INTRUSION PREVENTION SYSTEM.. OVERVIEW The Reflex Interceptor appliance is an enterprise- level Network Intrusion Prevention System. It is designed."— Presentation transcript:
REFLEX INTRUSION PREVENTION SYSTEM.
OVERVIEW The Reflex Interceptor appliance is an enterprise- level Network Intrusion Prevention System. It is designed to operate within an organizations internal corporate network or outside the network firewalls. It is capable of protecting the network by proactively identifying and responding to attacks in real-time with or without human intervention.
PRODUCT DESCRIPTION The Interceptor Management Console consists of two components: –the Core (which collects and correlates attack information from the Interceptors) –the Client (the User Interface for monitoring attacks and managing the Interceptors).
PRODUCT DESCRIPTION The Core consists of a Receiver and an Analyzer. –The Receiver collects the communications from the remote Interceptor(s). –The alerts are then sent to the analyzer, which aggregates and correlates all the alerts so that they can be displayed The second part of the IMC is the Client, the Graphical User Interface (GUI) that displays alerts and messages.
PRODUCT DESCRIPTION –Interceptor analysis includes the following areas: Data/Payload Signature Analysis Port Scan Detection Packet Flood or Denial of Service (DoS) Detection. SYN Flood Detection Packet Header Signature Analysis Stateful Fragmentation Analysis Network-level Access Control
PRODUCT DESCRIPTION Modular Approach: –The DataEval module analyzes packet headers and payloads, matching them against known attack signatures. –The FloodEval module is an anomaly-based module that detects flood-based Denial-of-Service (DoS) and Distributed DoS (DDoS) attacks. –The PermEval module provides comprehensive permission validation for all network traffic.
PRODUCT DESCRIPTION Modular Approach: –The ProtoEval module is an anomaly-based module used to evaluate packets for gross malformations resulting from improper values in various protocol headers. –ScanEval detects port scans using a proprietary trending cache. –The SynEval module analyzes TCP SYN packets and patterns for anomalies.
LIVE DEMO AT CNC
REPORTS ALERTS PER NAME OVER THE PERIOD OF TIME CAUGHT AND FILTERED BY IPS.