NetDefender IDS - Intrusion Detection System

What is getting past my Perimeter Defenses and into my LAN?

Do you know?   When do you know it?

 

Every business that leverages the Internet needs advanced security protections, otherwise business operations can be disabled! Organizations may not have the time, interest or technical expertise required to administer and maintain these essential security services. In addition, the cost of popular commercial security products can be prohibitive. The NetDefender appliance, with managed service solves these problems by delivering advanced intrusion detection, malware detection, ARP monitoring at all levels in your LAN and DMZ.

NetDefender Description

The NetDefender appliance provides robust, enterprise-class security services including a state-full inspection firewall, port-scan detection, standards-based IPsec, 3DES Virtual Private Networking (VPN), Intrusion Detection System that utilizes Snort for real-time alert detection, ACID for Reporting of the Snort Database and our own “Bacon” software for Correlation and Escalation of “New” or “Escalating” Critical Alerts. The Snort database is updated, automatically every day. xDefenders provides essential IDS tuning and training to eliminate false-positives.

The NetDefender IDS is a compact, plug-n-play rack-mount appliance that is managed and monitored by xDefenders. Built upon a hardened, Linux operating system. NetDefender provides the highest levels of Internal security and have incorporated industry standards.

 

Administrators can monitor the appliance with a Web-based management interface to centralize and control policy. xDefenders maintains a Secure Shell (SSH) to the appliance for periodic updates and monitoring purposes.

xDefenders has a 24x7x365 Security Operations Center that can manage and monitor firewalls and intrusion detection systems for clients. Escalation Planning and Incident Response is provided with the client.

NetDefender IDS Features:

  • HoneyPot will automatically detect and alert based on the presence of MalWare

  • ARP monitoring reports on changes, updates to prevent Man-in-the-Middle attacks, IP address and MAC address reconciliation

  • Web GUI and extensive IDS and ARP Reporting

  • Daily updates of Snort and Bleeding Edge signatures

  • ACID or BASE Reporting of the MY/SQL Snort Database

  • BACON checks every 5 minutes for NEW & Escalating Alerts

  • Automatic IDS Escalation via email or text messaging

  • Fine-Tuning by xDefenders to your environment

HoneyPot
There is a built-in HoneyPot function into the NetDefender IDS and it is designed to alert, immediately, based on the pressence of MalWare in the network. This means that root-kits, spyware, bots and other dangerous code will be identified and detected. The alert goes to the xDefenders SOC and the SOC staff will contact the customer.

ARP Monitoring
Man-in-the-Middle attacks are the latest attack that can affect the LAN. By watching for changes to the LAN and comparing IP address with MAC address, this kind of attack can be identified. ARP Reporting is extensive and valuable to a Security Administrator. These reports will allow them to identify strange behavior and unplanned or unwanted changes.

Security Operations Center

This 24x7x365 service incorporates real-time monitoring of malicious and suspicious electronic activity within your business. Every 5 minutes, the IDS checks for NEW or ESCALATING Events and alerts the client or the xDefenders Security Operations Center (SOC) in Rochester, NY, where a Trouble Ticket is created and available via the Client Portal. This service includes attack signature database updates, real-time correlation, real-time web reporting (see below), administration support and monitoring with custom escalation/notification procedures. A (6) Month Forensic Database is kept. Escalation Plans w/ Incident Response.