Scalable and Effective IPS Technology
Soft IPS is ground-breaking Software-based Intrusion Prevention technology that shuts down threats with zero impact on performance or reliability. Soft IPS does this by injecting spoofed TCP packets into the network to disrupt unwanted communications. This idea is coupled with a proprietary algorithm that will safely predict which traffic to block based on observed communication patterns. Soft IPS has the following benefits:
Unique Benefits of SoftIPS
- Runs entirely in software and can scale to 10 Gbps of network traffic on commodity hardware.
- Runs in passive mode (not inline). This can be a huge advantage because traditional, inline IPS configurations pose a higher risk to a network's availability.
- Uses powerful active response technology to block unwanted traffic (bots, spyware, P2P, etc.) and actively learns which flows need to be blocked proactively.
The sensor software detects unwanted traffic using a variety of functional elements which include IPS signature detection, Network Antivirus and other user defined block classifications (which my include Multi-session rules). Any of these components can trigger a block signal to the Soft IPS subsystem. The block signal is a flow specification of the form:
<srca/mask> <srcp> <dsta/mask> <dstp>
Each of the fields sent over from the detection components can be a wildcard. Wildcards are specified as 0 or 0.0.0.0/0 if they are a protocol/port or address respectively.
Each of the block signals is then processed by an invariant extraction algorithm that identifies repeated attempts to block similar flows. Once a certain threshold is reached (for example there are more than 5 attempts to block the same 2 IP addresses and the same source port), the invariant extraction will automatically change one or more fields of the block signal to a wildcard.
Comparison with traditional IPS
|Inline IPS||Soft IPS|
|Blocks UDP and ICMP||
|Software Failure||All Traffic Stops||All Traffic Through|
|Hardware Failure||All Traffic Stops||All Traffic Through|
|Power Loss||Depends on Device||All Traffic Through|
|Performance Impact||~200 µs latency||None|