The Extreme Networks Intrusion Prevention System (IPS) is unique in its ability to gather evidence of an attacker’s activity, remove the attacker’s access to the network, and reconfigure the network to resist the attacker’s penetration technique. The IPS stops attacks at the source of the threat and can proactively protect against future threats and vulnerabilities. Offering an extensive range of detection capabilities, host-based and network-based deployment options, a portfolio of IPS appliances, and seamless integration with the Extreme Networks Secure Networks™ architecture, our IPS utilizes a state-of-the-art high-performance, multi-threaded architecture with virtual sensor technology that scales to protect even the largest enterprise networks.
The Intrusion Prevention System is a core component of the Extreme Networks Secure Networks architecture. When deployed in combination with Extreme Networks SIEM and NMS Automated Security Manager (ASM), it facilitates the automatic identification, location, isolation, and remediation of security threats. Extreme Networks IPS also integrates seamlessly with Extreme Networks Network Access Control (NAC) for post-connect monitoring of behavior once network access has been granted.
Extreme Networks advanced in-line Intrusion Prevention is designed to block attackers, mitigate Denial of Service (DoS) attacks, prevent information theft, and ensure the security of Voice over IP (VoIP) communications - while remaining transparent to the network. Built upon our award-winning intrusion prevention technology, Extreme Networks IPS can alert on the attack, drop the offending packets, terminate the session for TCP and UDP-based attacks, and dynamically establish firewall or Secure Networks™ policy rules. Extreme Networks IPS leverages a comprehensive library of vulnerability and exploit-based signatures.
Extreme Networks Distributed Intrusion Prevention (US Patent 7581249) and threat containment can block attackers at the source physical port for most multi-vendor edge switches. More granular business-oriented visibility and control based on user and application policy is provided when Extreme Networks switching products are deployed at the network edge. Effective threat containment requires the removal of the attacker’s ability to continue the attack or to mount a new attack. The Extreme Networks Distributed Intrusion Prevention System identifies a threat or security event, locates the exact physical source of the event, and mitigates the threat through the use of enforceable bandwidth rate limiting policies, quarantine policies, or other port level controls.
Extreme Networks out-of-band Intrusion Detection is unmatched in detecting and reporting security events, including external intrusions, network misuse, system exploits, and virus propagations. It utilizes the industry’s most sophisticated multi-method detection technologies by integrating vulnerability pattern matching, protocol analysis, and anomaly-based detection with specific support for VoIP environments. Application-based event detection detects non-signature-based attacks against commonly targeted applications such as HTTP, RPC, and FTP.
Intrusion Prevention sensors come ready to use "out-of-the-box" and easily integrate with your existing network infrastructure and security appliances. Extreme Networks Intrusion Prevention ships with a comprehensive set of pre-installed signatures, VoIP protocol decoders for SIP, MGCP, and H.323 protocols, and advanced detection of malformed messages to help prevent DoS attacks. Extreme Networks IPS supports both IPv4 and IPv6 networks