SecurityMetrics Appliance Benefits
Intrusion Detection System (IDS), Intrusion Prevention System (IPS) and Vulnerability Assessment
| Tools Included | |
|---|---|
| Intrusion Detection System | Simplifies management of intrusion monitoring, analysis and remediation. |
| Intrusion Prevention System | Stops attackers by IP address in real-time 24x7x365. |
| Network Check (Internal Vulnerability Assessment) |
Reduces administrator time and efforts in identifying and fixing internal security weaknesses. |
| Port Scanner | Allows complete port scanning of all internal devices. |
| IP Research Tool | Expedites communication with other IP administrators when attacks occur. |
| General | |
| Interface | Easy to use browser interface. No operating system knowledge required. |
| Setup & Installation | Appliance comes preconfigured. No software installation is required. To begin, connect to network and boot the machine. |
Intrusion Detection and Prevention
| General | |
|---|---|
| IDS Type | Network Sensor |
| Capacity | 100 Mbps - 1Gbps network traffic capacity depending on purchased model |
| Attack Detection & Prevention | |
| Attack Recognition | 4400 + attack signatures and growing constantly |
| Updates | An automated process will update your system daily through a secure connection to SecurityMetrics Servers. |
| Attack Prevention | Allows automatic real-time filtering of unwanted traffic 24x7x365. |
| Real-time Attack Notification | Immediate email or email/pager notification of attacks. |
| Selective Notification Levels | The administrator may select the attack severity level for which they would like to be notified. |
| Reporting | |
| Recent Attacks | Lists all the latest individual attacks. |
| Recent Attackers | Lists the latest source IPs of attacks. |
| Recent Attacked IPs | Lists the latest destination IPs of attacks. |
| Attack Types | Ranks the attack types. |
Network Check (Internal Vulnerability Assessment)
| Security Tests | |||||||
|---|---|---|---|---|---|---|---|
| Services | All 65,000 TCP services/ports are tested plus common UDP ports. | ||||||
| Vulnerabilities | 1,000+ vulnerabilities are being tested. Issues include but are not limited to backdoors, buffer overflows, bad cgi
scripts, denial of service and a myriad of issues related to unauthorized access and control. Some vendors & applications affected by vulnerabilities include:
|
||||||
| General | Information leakage, open shares, and password problems are checked. Abbreviated brute force attempts are made with common id/password combinations on multiple services and applications. | ||||||
| Output | |||||||
| Results Area | Each user has their own secure results web page to review their Network Checks. Unneeded results can be deleted. Multiple results may be deleted, printed, viewed or emailed as a group. | ||||||
| Rating System | Each vulnerability is given a risk rating from 0 to 9, 9 being high risk and 0 being informational only. | ||||||
| Pass/Fail System | Any vulnerability discovered with rating of 4 or greater will fail the test for that IP. | ||||||
| Resolution Assistance | Information is provided on how to turn off services for most ports. Identified vulnerabilities include step by step resolution instructions or links to the official sites regarding that specific vulnerability. | ||||||
| Individual Report | Each individual report includes three well organized sections of information: The Summary Table includes a pass/fail rating, the total risk, the date run, start and stop times with a calculated duration time, target IP, DNS entry and the estimated operating system. The Services Table or port scan results includes the service family name, port number, port status, program or service name, security summary discussion and most times a link to "how to" turn this service off. The Vulnerabilities Table includes the service family name, port number, program name, risk rating and summary information briefly explaining the nature of the vulnerability and the solution instructions or links. External links are also provided to the current list of vulnerabilities, an OS patch database and further footprinting options. (Sample Windows / Solaris reports) |
||||||
| Summary Report | Each Network Check is run against a "Network Check List". Initial results are presented per executed Network Check List. The summary report will list the tested IPs in order of descending risk. Each line includes the SecurityMetrics test ID, IP or DNS of the computer tested, start date, start time, finish time, status of test and pass/fail rating with a link to the full individual IP report. | ||||||
| Function/Operation | |||||||
| Network Check Lists | Each user can create their own collection of Network Check Lists (IPs to be tested). A Network Check List is created by entering the IPs or DNS entries of the computers to be tested. Users can also use an auto-discover feature which will automatically find all the live computers in a class C sebnet and run the Network Check. | ||||||
| Scheduler | Users can schedule their Network Check lists to run immediately, once on an appointed date and time, daily, weekly, twice monthly, monthly, and quarterly. | ||||||
| Technical Support | |||||||
| Available | Free telephone support for functional issues. | ||||||
| Consulting Available | Fee-based security consulting assistance also available. | ||||||
