Intrusion Prevention Service (IPS)

Intrusion Prevention is the next generation beyond Intrusion Detection (IDS). SecureWorks' Intrusion Prevention Service integrates the best of both IDS technology and firewall technology with the added dimension of intrusion filtering to bring network security to a new level, Intrusion Prevention.

CERT/CC, the Computer Emergency Response Team/Coordination Center, has been a clearinghouse for reporting Computer Security Incidents. In 2000 there were 21,756 reported incidents and in 2001 52,658 Internet Incidents had been reported. The 1999 CSI/FBI Computer Crime and Security Survey reported more than 90% of reported hacker attacks have occurred through an existing firewall. Facts such as these have led CSI Director Patrice Rapalus to say, "The survey results over the years offer compelling evidence that intrusions take place despite the presence of firewalls." 

The primary reason is that firewalls are not designed to identify and stop the newer more sophisticated intrusion techniques and the few IDS systems that can identify the more sophisticated techniques generally are not equipped to deal with them effectively. This document will introduce a comprehensive solution to intrusions with real time filtering of all types of intrusions, including but not limited to; the malicious virus, propagating worms, Trojans and the deadly silent hacker techniques that firewalls and IDS systems can not stop.

The iSensor information security appliance is the key component of SecureWorks' dynamic, 24x7 security monitoring and prevention service. Installed between the customer's local area network and Internet connection, the iSensor provides intelligent network activity monitoring and allows the SecureWorks' security operations center specialists to examine and respond to security threats in real-time. The iSensor's advanced design makes the device transparent to normal network traffic while monitoring for security threats. The integrated intrusion prevention system enables the iSensor to check traffic continually for a variety of potential intrusions, including port scans, viruses and denial of service attacks. The intrusion prevention system monitors for telltale signs of security violations by checking against known "attack signatures," data sequences that can be matched against a database of known attack types. 

Automatic iSensor Updates
Security is an on going process, not a static tool or software package. You need to be protected from the very latest attacks. As new attacks are identified, attack signatures are immediately pushed out to the iSensor. This proactive approach assures that you have the latest updates and protection. You no longer have to wait until you have the time to download the updates yourself. The iSensor is updated automatically and on a continual basis.

Monitoring and Response
New attacks are created and discovered everyday. There are also known vulnerabilities in networks and operating systems. SecureWorks addresses these issues through its a 24 x 7 monitoring and response service. SecureWorks' team of security experts monitors your network 24 hours a day, 7 days a week. In the event of a mid-level security threat, the iSensor sends an alert to SecureWorks' security specialists, who begin an analysis and make on-the-spot decisions that only a trained expert can make.

Reporting
The results of the filtering and 24 x 7 monitoring and response are recorded for your information. Daily emails are sent to provide management reporting of the day's activity. Management and detailed history reporting can be accessed through SecureHub, a secure web site.   Learn More >>