SoftIPS is ground-breaking Software-based Intrusion Prevention technology that shuts down threats with 0 impact on performance or reliability. Soft IPS does this by injecting spoofed TCP packets into the network to disrupt unwanted communications. This idea is coupled with a proprietary algorithm that will safely predict which traffic to block based on observed communication patterns. Soft IPS has the following benefits:
The sensor software detects unwanted traffic using a variety of functional elements which include IPS signature detection, Network Antivirus and other user defined block classifications (which my include Multi-session rules). Any of these components can trigger a block signal to the Soft IPS subsystem. The block signal is a flow specification of the form:
<srca/mask> <srcp> <dsta/mask> <dstp>
Each of the fields sent over from the detection components can be a wildcard. Wildcards are specified as 0 or 0.0.0.0/0 if they are a protocol/port or address respectively.
Each of the block signals is then processed by an invariant extraction algorithm that identifies repeated attempts to block similar flows. Once a certain threshold is reached (for example there are more than 5 attempts to block the same 2 IP addresses and the same source port), the invariant extraction will automatically change one or more fields of the block signal to a wildcard.
|Inline IPS||Soft IPS|
|Block Specific IPs in Real-Time|
|Blocks UDP and ICMP||
|Software Failure||All Traffic Stops||All Traffic Through|
|Hardware Failure||All Traffic Stops||All Traffic Through|
|Power Loss||All Traffic Through||All Traffic Through|
|Performance Impact||200 µs latency||None|