Enterasys Intrusion Prevention System (IPS) (also known as Dragon® IPS) ensures the confidentiality, integrity, and availability of business critical resources with industry-leading Intrusion Prevention capabilities, including:

• Threat containment that leverages existing network investments
• In-line Intrusion Prevention to provide advanced security in a specific location
• Patented Distributed Intrusion Prevention to automate response to threats in real-time
• Out-of-band Intrusion Detection that simultaneously utilizes multiple response technologies
• Forensics tools for session reconstruction to simplify threat mitigation and resolution

Enterasys IPS is unique in its ability to gather evidence of an attacker’s activity, remove the attacker’s access to the network, and reconfigure the network to resist the attacker’s penetration technique. Enterasys IPS stops attacks at the source of the threat and can proactively protect against future threats and vulnerabilities. Enterasys IPS offers an extensive range of detection capabilities, host-based and network-based deployment options, a portfolio of IPS appliances, and seamless integration with the Enterasys Secure Networks™ architecture. Enterasys IPS utilizes a state-of-the-art high-performance, multi-threaded architecture with virtual sensor technology that scales to protect even the largest enterprise networks.

Enterasys IPS is a core component of the Enterasys Secure Networks architecture. When deployed in combination with Enterasys Security Information & Event Manager (SIEM) and Enterasys NMS Automated Security Manager, it facilitates the automatic identification, location, isolation and remediation of security threats. Enterasys IPS integrates seamlessly with Enterasys Network Access Control (NAC) for post-connect monitoring of behavior once network access has been granted.

Enterasys Network Access Control (NAC) is a complete standards-based, multi-vendor interoperable pre-connect and post-connect Network Access Control solution. Using Enterasys NAC Inline Controller and/or NAC Out-of-Band Gateway appliances with Enterasys NMS NAC Manager configuration and reporting software, IT administrators can deploy a leading-edge NAC solution to ensure only the right users have access to the right information from the right place at the right time. Existing investments are protected since no new switching hardware needs to be deployed, and no agent needs to be installed on all of your computers. The Enterasys NAC solution performs multi-user, multi-method authentication, vulnerability assessment and assisted remediation. You have the flexibility of choosing whether or not to restrict access for guests/contractors to public Internet services only—and how to handle authenticated internal users/devices that do not pass the security posture assessment.

The Enterasys NAC advantage is business-oriented granular visibility and control over individual users and applications. Enterasys NAC policies permit, deny, prioritize, rate-limit, tag, re-direct and audit network traffic based on user identity, time and location, device type and other environmental variables. Enterasys NAC supports RFC 3580 port and VLAN-based quarantine for Enterasys and third-party switches, plus more powerful Secure Networks™ isolation policies (which prevent compromised endpoints from launching attacks while in the quarantine state) on Enterasys switches.

The Enterasys Security Information and Event Manager (SIEM) product (also known as DSCC) combines best-in-class detection methodologies with behavioral analysis and information from third party vulnerability assessment tools to provide the industry’s most intelligent security management solution. Enterasys SIEM delivers actionable information to effectively manage the security posture for organizations of all sizes.

The challenge created by most threat detection systems is the volume of information they generate — making it difficult to determine which vulnerabilities require an immediate, high priority response. The Enterasys SIEM solution addresses this challenge and provides powerful tools that enable the security operations team to proactively manage complex IT security infrastructures.

Enterasys Security Information and Event Manager:

• Goes beyond traditional security information and event managers and network behavioral analysis products to deliver threat management, log management, compliance reporting, and increased operational efficiency
• Collects and combines network activity data, security events, logs, vulnerability data, and external threat data into a powerful management dashboard that intelligently correlates, normalizes, and prioritizes—greatly improving remediation and response times, and greatly enhancing the effectiveness of IT staff
• Baselines normal network behavior by collecting, analyzing, and aggregating network flows from a broad range of networking and security appliances including JFlow, NetFlow, and SFlow records. It then discerns network traffic patterns that deviate from this norm, flagging potential attacks or vulnerabilities—anomalous behavior is captured and reported for correlation and remediation
• Tracks extensive logging and trend information, and generates a broad range of reports for network security, network optimization, and regulatory compliance purposes; report templates are provided for COBIT, GLB, HIPAA, PCI, and Sarbanes Oxley

The Enterasys SIEM solution portfolio is appliance based for quick and easy setup. Available hardware components include:

• SIEM Appliance
• Event Processor
• Flow Anomaly Processor
• Behavioral Flow Sensors