Bluedon Intrusion Prevention Systembluedon.com/en/files/BluedonIPS.pdf · 2017-12-28 · monitoring...

1

Bluedon Intrusion Prevention System

2

Content

Background Product Introduction

Product Value

Use Case

3

Product Portfolio Bluedon Perimeter Security Products

• Bluedon Firewall

• Bluedon Unidirectional Information Exchange System

• Bluedon Security Gateway

• Bluedon Intrusion Prevention System

• Bluedon Intrusion Detection System

• Bluedon Vulnerability Scanning System

• Bluedon VPN

• Bluedon Anti-Virus Firewall

• Bluedon Unified Threat Management

• Bluedon Flow Control System

• Bluedon IoT Application Control System

4

Background

5

01

02

03

01

02

03

The security risk is moving to application layer• In 2014, the number of websites being embedded

with backdoors reached 40186• increased by 22.7% compared to that in 2013.

The number of vulnerabilities is continuously increasing

• In 2016, the China National Vulnerability Database (CNVD) has included 10822 common hardware and software vulnerabilities, marking a rise of 34% from 2015.

Increasing security events

Hillary Clinton Email Controversy, 500 million of Yahoo's accounts were hacked, Wannacry

Background

6

Background

Basic Prevention

The traditional firewall provides protection for Layer 2 to Layer 4, but fails to prevent the attack from the application layer.

Proactive Protection

IDS can help to detect the attacks on the application layer but can not block the attack reactively. (Proactiveblocking)

Correlation Problem

TheINTERNET Firewall

IDS

There is no standard protocol for the correlation between firewall and IDS, so docking development is needed when correlating firewalls and IDS.

7

Background Bidirectional detection for contentFocus on the content security sent out by the servers

Network File DetectionStop the transmission of viruses and malware

High-performance on application-layerSecurity Problem will not become the bottleneck of network

Prevent application-layer attacksFocus on protecting application-layer

• High-performance protection from application layer• Cover the functionalities of traditional prevention• Network file detection & Anomalous Traffic Monitor

IPS Solutions• Run above the network layer• Lack protection above application layer• The IDS focuses on status monitoring but lack

reactive defense

Traditional FW/IDS

Monitoring Anomalous TrafficFocus on the risks in external links of servers

8

Product Introduction

9


Bluedon Intrusion Prevention System(IPS) is for real-time intrusion, prevention, and response. It is capable of monitoring the network transmission in real-time, detecting suspicious behaviors automatically, and analyzing the intrusion from the external and internal network . Before the system is compromised, it can block the attacks in real-time and provide remedial measures in order to protect the network .

Real-time & Efficient In-depth Prevention

INTERNET

Bluedon IPS

Hackers

Office Service

Prevention above application layerBuffer

OverflowInformation

Leakage SQL injection

Trojans & Worms

System Vulnerabilities Viruses

Illegalelevated-privileges

Denial of Service Illegal URL

…………………………………

10


Application Layer

Presentation Layer

Session Layer

Transport Layer

Network Layer

Data Link Layer

Physical Layer

The OSI Model Integrated Engine

Integrated Prevention Platform

... ...

Sending& ReceivingMessage

Routing Exchange

Access Control

HistoricalSnapshot

IntrusionDetection

VirusPrevention

SandboxAnalysis

NetworkTraffic

File Detection

Pro

toco

lD

etectionState

Detectio

n

Integrated Engine

Traffic Mo

nito

r

• Reorganization of Application-layer Files

• The application-layer attack detection

(built-in signatures library)

• Virus Detection & Sandbox Analysis

• Traffic Monitoring on the transport layer.

Historical snapshot

• Access control of network layer and

transport layer

• Anti-Copy

• Integrated Engine

• Multi-core processing and memory sharingIn

-dep

th Filter

11

Basic Features

01

02

03

04

05

NetworkBridging & AggregationRouting ServiceDNS Service SNMP Service

Intrusion Prevention

Build-in Signature Customized Signature Network Scanning Flood Attacks

File DetectionFile ReorganizationAnti-VirusSandbox AnalyzeFile Maintenance

Access PolicyPort MappingAccess ControlCustomized BlockCustomized Response

Policy

Real-time monitorReal-time Information DisplayHistorical Snapshot

06

Url FilteringThe URL blacklist URL WHITELIST URL Category Library

12

Basic Features

System Vulnerabilities Prevention 1

• Available for preventing the vulnerbilities of the operating system like Windows, UNIX, Linux, which contain stack and heap buffer overflow, format string error, memory access error, memory corruption, etc.

Trojan Prevention 2

• To detect the vulnerabilities based on the ActiveX, XML, VML, and prevent the Trojan to be embedded in the website when users are browsing;

• To detect the Microsoft Office Files which are embedded in Trojan hidden by Dropper, and prevent users to download and start these documents;

WormsPrevention 3

• The IPS can detect the invasion of worm's, and discard the packets which try to intrude into system to prevent the spreading of worms, such as the Zotobworm, MS SQL Slammer worm.

DDOS/DOS Prevention 4

• Flood attacks: SYN flood, UDP flood, ICMP flood, etc.

• Protocol exception classes: smurf, ping of death, tear drop,Land, etc.

13

Key Features

Event A

Event B

Event C

Event D

Correlated Analysis

Advanced Threat Event

Dig out the signal for the intrusion from the disorder and lower-level port scanning, as well as the intrusion attempts and then inform the network administrator to be in response.

Correlated Analysis

14

Key Features

Tracking the IP address to conduct statistical analysis of the number, type, level of events in the set time range, to block or generate alerts.

Customized Blocking

INTERNET

Smartphone, PAD

Bluedon IPS

Mobile Users

Hacker

3:10 network scan3:12 try to login via default account 3:20 access the user privilege……………………………………

3:10 network scan3:12 try to login via default account 3:20 access the user privilege……………………………………

IP1.1.1.1,generate#ofeventsin60Minutes

IPblockingfor24Hours

Office Service

15

Key Features

Highly customized updates for the signature library, which means to adjust the signature library embedded in the system to avoid false negative and positive rate in a particular scenario. Thus, a closed-loop for attack detection, analysis and response can be established.

Signature Updates

Protection Engine

Signature Library

Application serviceAttack Package Maintenance /AnalysisParticualr access traffic

16

Key Features

Detailed records of traffic monitoring that contain the connection, port, traffic

historical snapshot. Administrator can set up a connection, port, traffic alerts, to

provide evidence for identifying unknown threats.

Monitoring anomalous traffic

17

Deployment

Dedicated Lineof WAN

Security Area of WAN perimeter

Bluedon IPS

INTERNET

ChinaMobile

ChinaUnicom

China Telecom


Official Area

Boundary Area of Internet

Security Area of Data Center

Bluedon IPSOA system

① Support Gateway deployment, transparent bridging deployment, mixed deployment, etc.

② The IPS can be deployed at the perimeter of WAN, Internet perimeter, and data center perimeter, etc.

18

Product Series

BD-M Series BD-G Series BD-T Series

Throughput: 500M-1000M

l 240G SSD Hard Drivel Creat New Connection around 15,000 ~200,000, with concurrent connections around 800,000 to 5 million

Throughput : 1G-8G Throughput : 8G-20G

19

Product Value

20

Product Value

Compliance 1

• The compliance regulation of Information Security Classified Protection requires the application-layer protection of the network to defend attacks.

Protect Business System 2

• In-Depth Intrusion Prevention from layer 2 to layer 7;

• Blocking the attacks like scan, SQL injection, XSS that target servers.

Protect Clients 3

• FTP detection based on the HTTP, FTP, POP3 and SMTP

• Block the attacks that target internet clients, such as Trojan embedded in website

Multi Functions 4

• Mixed-mode deployment of IPS and IDS

• Realizing the multi functions of devices to maximize the value, which is a high return of investment

21

Use Case

22

Government Info CenterNetwork viruses spread and internet speed is slow.The website can not prevent attacks such as SQL injection and XSS, etc.

Successful Result• Block attacks like SQL injection and

XSS attacks

• A successful denial of network viruses, worms, viruses

• The Dos/DDos Attack Prevention

Government Info Center

SolutionsTo deploy a Bluedon Intrusion Prevention System, double IPS can work in parallel.

INTERNET

Protect clients

The FTP server

Protect clients

Protect Business System

Compliance

Protect Business System

Integrated Engine


Use Case. Deployment

23

Use Case. DeploymentFinancial InstituteIt provide external e-banking business, so the system is vulnerable to attack from the Internet. It needs related security products and technology to effectively prevent network intrusion, Trojan horses, viruses, flood attack，etc.

SolutionsTo deploy two Bluedon IPS by the mode of dual hot-standby, to improve the prevention ability of the E-bank system.

Financial Institute

INTERNET


InternetPerimeter

Mobile users

Mobile users(Phone, iPad)

………

E-bank servers web portal

Successful Result

• The Bluedon IPS can detect various viruses;

• The Bluedon IPS successfully defend the SYN flood, UDP flood, ICMP flood attack.

• Detect the anomalous access via traffic monitoring

24

Thank you

Bluedon Intrusion Prevention Systembluedon.com/en/files/BluedonIPS.pdf · 2017-12-28 · monitoring...

Documents

Transcript of Bluedon Intrusion Prevention Systembluedon.com/en/files/BluedonIPS.pdf · 2017-12-28 · monitoring...