Intrusion Prevention

Intrusion Detection and Prevention (IDS/IPS) Software

IDS/IPS Software | Port Scanning | Asset Detection | MAC based control | Threat Analysis | Suricata based | Advanced Alert Management

Sanapptx offers a Single software, single-licensing, IDS/IPS. 

Key features include:

  • Intrusion prevention
  • Intrusion detection
  • Malware Protection
  • IPS event analysis
  • Passive Application discovery
  • Asset discovery
  • Asset change discovery
  • Missing Asset Alert
  • New Asset Alert
  • Automatic port scanning
  • Threshold based alerting
  • Timed scanning
  • Application aware IPS rule set
  • Event-Asset-Vulnerability correlation
  • One click policy creation and deployment
  • Much More…

The Sanapptx IDS system consists of an Intrusion Detection Rules, Rule Management System, Alert Management System, and all other components to make all of that effective.

 

Sanapptx Intrusion Prevention Software Includes:

Suricata as an IDE – Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). 

 

Top 3 Reasons why we chose Suricata – (in addition to the fact that our Head of Product Development, Amar Rathore, is a Suricata Board Member):

  1. Highly Scalable

Suricata is multi threaded. This means you can run one instance and it will balance the load of processing across every processor on a sensor Suricata is configured to use. This allows commodity hardware to achieve 10 gigabit speeds on real life traffic without sacrificing ruleset coverage.

  1. Protocol Identification

The most common protocols are automatically recognized by Suricata as the stream starts, thus allowing rule writers to write a rule to the protocol, not to the port expected. This makes Suricata a Malware Command and Control Channel hunter like no other. Off port HTTP CnC channels, which normally slide right by most IDS systems, are child’s play for Suricata! Furthermore, thanks to dedicated keywords you can match on protocol fields which range from http URI to a SSL certificate identifier.

  1. File Identification, MD5 Checksums, and File Extraction

Suricata can identify thousands of file types while crossing your network! Not only can you identify it, but should you decide you want to look at it further you can tag it for extraction and the file will be written to disk with a meta data file describing the capture situation and flow. The file’s MD5 checksum is calculated on the fly, so if you have a list of md5 hashes you want to keep in your network, or want to keep out, Suricata can find it.

“According to Gartner 70% of the security breaches occur due to intentional or unintentional misconfigurations.” 

Sanapptx Intrusion Software helps you detect those changes in real time and adjust the protection accordingly.

Key Benefits:

  • Active protection from Malware and Intrusion
  • Control and monitor access with bespoke rules/policies for your own specific requirements.
  • Wider security implementation by multiple sensor deployment
  • Better security by correlation of network based security events as opposed to a single point.
  • Easy to review security by asset grouping
  • Enhanced compliance by automated scanning of assets(pcs/servers) and real time security.
  • Detailed and automated IDS/IPS event management by correlating IPS events with auto discovered change in networked assets.
  • Automated Risk Data updates with IPS and Malware rules
  • Automated deployment ( eg can set it to deploy new rules at mid-night every night)
  • Real time network security by daily updates of Vulnerability Database including links to NIST CVE information.

 

Get a Vulnerability Assessment