 |
 |
 |
 |
|
Sleuth9 Application overview Comprehensive, real time, system management Sleuth9 defines a new perimeter of and front line of defense. As a network-based, in-line solution, it is positioned in front of the router and other strategic network locations such as the IP core, switch borders, dedicated facilities, and enterprise systems. It detects and prevents cyber attacks from entering or leaving a network and minimizes administration resources and costs. Intrusion Prevention As an in-line line speed solution sitting in front of the router, undetectable and independent of any other network device, Sleuth9 inspects 100% of ingress and egress traffic. When DoS, DDoS, port scans, Trojan horses, worms, viruses, protocol anomalies, or malicious traffic are detected, it automatically blocks the offending traffic, generates an alarm, follows a pre-determined disposition course, and writes the specified information to the ForensiX Capture SystemTM (FCS). Sleuth9 combines protocol and traffic anomaly detection, virus and work scanning, and proprietary heuristics and behavior monitors to detect, block and control malicious traffic, while allowing good traffic to pass through the network unhindered. Traffic Manager The Sleuth9 Traffic Manager is an advanced inspection engine that utilizes multiple processes of inspecting inbound and outbound IP-based traffic. This proven five-step methodology is extremely comprehensive and effective in detecting malicious traffic that would otherwise go undetected and can bring networks to a stop. Back to top Benefits summary Complete Protection Sits in-line, in, in front of the router or at other strategic locations within the network. Safeguards the entire network Placing Sleuth9 in front of the router provides a new front line of defense, protecting routers, firewalls,and other critical network devices from attacks that target well-known vulnerabilities. Easy to install and configure Plug-and-play functionality for ease of installation; Java-based management console minimizes setup and administration complexities,guarding against vulnerability-causing configuration errors. Zero Footprint Technology- Maintains transparency to network traffic; cannot be hacked,scanned, or attacked. Intrusion Prevention/Attack Elimination Intelligent analysis of network traffic provides zero-day protection from many different types of attack. Inspects Every Packet: Protocol and traffic anomaly detection increases accuracyand provides zero-day protection. Ingress and Egress: Inspects inbound and outbound traffic, automatically blocking attacks and viruses from entering or exiting a protected network. Multi-Method Testing: Sleuth9 combines stateful and stateless packet inspection, protocol and traffic anomaly detection, and proprietary behavior monitors into an integrated solution.Virus and Worm Scanning: Scans and scrubs email messages for worms and viruses at the perimeter of the network. Powered by McAfee's integrated Olympus Engine VirtualNines: Finely grained configuration options allow administrators to provide in-depth protection to any individual IP address or subnet. Integrated Network Forensics ForensiXTM Capture System allows long-term trend and traffic analysis at very granular levels and eliminates the need for separate forensic software. Easily Configured: Can be configured to capture MAC header, IP header, and/or packet body for any traffic defined within the system.Drag-and-Drop Queries/One-Click Reports: Graphical query tool provides access to forensic data without requiring SQL expertise.Compliance with Security Legislation Requirements: Aids in providing proof of compliance with HIPAA,Gramm-Leach-Bliley, the Corporate Information Security Accountability Act of 2003, and other new or pending security legislation. Back to top Features Summary Intrusion PreventionProtocol anomaly-based detection Traffic anomaly-based detection Behavior monitors and heuristics Stops attacks from embedded worms/Trojan horses Virus and worm scanning at the network perimeter Attack Recognition and Elimination Recognizes and neutralizes DoS and DDoS attacks Recognizes and mitigates attacks based on IP spoofing Zero Footprint Technology (stealth) Automated and customizable threshold parameters Traffic management Automated response Forensic Analysis ForensiX Database for analysis Full packet capture Secured forensic data storage Drag-and-drop queries One-click reports Management and ResponseOut-of-band management Complete access-control functionality Alarm notification Multiple device control Dynamic software upgrades Automatic virus signature updates Deployment In front of router or anywhere else on the network In-line device Throughput: Telco T1 up to OC3, Ethernet 10/100/1000 Linux or Solaris O/S Independent of other security devices (and/or router) Plug-and-play capabilities Easy to deploy and install Minimal training requirements Back to top |
  |
