Check Point IPS-1 Overview:
Check Point IPS-1 software only solution is for organizations
that need to combine the proven security of Check Point
IPS-1 with their preferred Check Point certified hardware
platform. For inline deployments that require fail pass-through
function, bypass cards must be purchased and installed
in the hardware platform. Contact info for the bypass
card vendor is available in the table below.
Today’s networks operate in an environment that is
ever changing, with dynamic configurations, policy requirements,
deployment needs, and security threats. Check Point
IPS-1™ is a dedicated intrusion detection and prevention
system (IDS/IPS) that helps organizations secure their
enterprise network, and protect servers and critical
data against worms, automated malware, and blended threats
both known and unknown.
IPS-1 provides the strong, robust, and dynamic security
for which Check Point is known. In addition, IPS-1 features
superior management tools that increase administrator
efficiency and provide unique rapid-response mitigation.
The highly intuitive IPS-1 centralized interface provides
graphical management tools that allow a system administrator
to quickly identify and act on threats to the network.
IPS-1 management and enforcement are unified with the
Check Point security architecture, so administrators
can implement IPS defenses seamlessly across an entire
network security infrastructure. Also, because of this
unification, the familiar, intuitive Check Point interface
helps reduce IPS-1 training costs and increase administrator
effectiveness.
IPS-1 solutions are available both as turnkey Check
Point appliances and software- only versions that can
run on open servers. IPS-1 also offers multiple deployment
modes—inline, bridge, IDS—that add to its flexibility.
Features & Benefits:
Key Benefits
- Robust security to protect your network and
business against increasingly sophisticated attacks
and attack vectors
- Efficient management to overcome data overload
with tools that provide direct, graphical focus
only on important security events associated with
critical business systems
- Flexible deployment to deliver defense configurations
to meet ever-changing network dynamics and policy
requirements
The Security To Protect Your Network:
IPS-1 utilizes multiple methods of defense to protect
your network and business against the multitude of increasingly
sophisticated attacks and attack vectors.
Accurate and granular attack prevention
Designed to provide immediate and reliable blocking
of unwanted network traffic, IPS-1 systems not only
stop backdoor and blended threats (such as Code Red,
MS Blaster, Nimda, and SQL Slammer worms), but also
attacks including SQL injection, command tampering,
and polymorphic buffer overflows—in real time before
they can affect your organization. From its core outward,
IPS-1 is built to deliver trusted intrusion prevention
while minimizing the time, costs, and staff requirements
associated with intrusions.
Hybrid Detection Engine
At the heart of IPS-1 is the Hybrid Detection Engine,
which uses multiple detection and analysis techniques
including vulnerability signatures, exploit signatures,
anomaly detection, protocol analysis, operating system
and application fingerprinting, smart IP reassembly,
multi-element correlation, and dynamic worm mitigation.
This robust detection engine enables broad coverage
across the threat spectrum, ensuring IT assets are protected
against known and unknown threats.
Attack Confidence Indexing
IPS-1 includes a unique feature called Attack Confidence
Indexing that enables administrators to direct and calibrate
prevention enforcement according to factors such as
the threat and asset under attack. Attack Confidence
Indexing allows known exploits to be blocked with no
concern of blocking critical business traffic.
Multi-alert Correlation
Multi-alert Correlation identifies patterns in alert
activity that would otherwise be reported as separate,
unrelated events. For example, a single source IP launching
multiple attacks across a geographically distributed
network would be correlated and raised as a higher priority
correlated alert.
Dynamic Worm Mitigation
Dynamic Worm Mitigation recognizes rapidly propagating
worms and automatically blocks them from proliferating
across your entire network.
Aware, adaptive, and actionable security
IPS-1 automatically recognizes threat points and
dynamically protects them against inevitable attack.
IPS-1 determines critical vulnerabilities and changes
in the network, alerts security managers to these threatened
points, and automatically deploys the proper signature
sets to protect them before they are attacked.
Ongoing security updates via SmartDefense Services
IPS-1 systems are backed by Check Point SmartDefense™
Services, which provide ongoing, real-time updates and
security advisories, helping ensure that Check Point
security solutions are continuously updated to stay
ahead of today’s constantly evolving threats. Security
experts at the SmartDefense Research Center continuously
monitor the Internet for new exploits and vulnerabilities
and rapidly develop and deliver new protections to help
ensure that your network and business are protected
from evolving threats.
An intuitive
Timeline View makes it easy for administrators to analyze
alerts that appeared within a particular time period.
The Management To Solve Data Overload:
Only IPS-1 delivers the management tools required
to keep your administrators from drowning in data and
starving for critical, actionable information.
Situational Visibility
IPS-1 provides instant awareness of only what’s
important—important security events associated with
business-critical systems. A real-time graphical interface
isolates and highlights critical attacks against essential
business systems accelerating the ability to recognize,
evaluate, and act upon truly critical events. This “at
a glance” monitoring not only makes operators of any
skill level more efficient, but a simple mouse click
allows them to quickly and easily evaluate critical
events, set response, and remediation actions.
Advanced forensic analysis
IPS-1 allows you to quickly sort through an overload
of alert information to identify actionable events and
their patterns, including the attack source, attack
methods, severity, targets, frequency, and many others.
From there, a single mouse click provides alert detail
information including attack description, effect, importance,
remediation, third-party information sources, and more.
Packet capture
View deep forensic analysis and packet capture information
of attacks.
Alert flood suppression
Alert flood suppression recognizes and automatically
consolidates bursts of alert floods and presents them
as a single consolidated alert rather than an unmanageable
flood of alerts on your screen.
Top 10 graphs
Delivers quick and exacting graphical views of the
“Top 10” attackers, attack targets, protocols, and so
on.
The IPS-1 Vulnerability
Browser enables vulnerability scanning, viewing, and
management from a single dashboard.
Check Point Eventia Analyzer
Automate event correlation for compliance audits with
EventiaŽ Analyzer integration. Additionally, utilize
Eventia Analyzer to correlate data from IPS-1 and other
security devices to prioritize events for decisive,
intelligent action.
Intuitive, centralized management
IPS-1 centralized management delivers simplicity with
small deployments and intuitive, powerful centralized
control and scalability for large enterprise deployments.
Using graphics, automation, and wizard-driven features,
IPS-1 saves your security staff time by making management
of network security more intuitive and more efficient.
The Flexibility To Meet The Needs Of Today's Dynamic
Networks:
IPS-1 delivers the flexibility to meet the ever-changing
network dynamics, policy requirements, and deployment
needs of today’s network environments.
Multiple deployment modes
IPS-1 sensor appliances have a built-in hardware-level
bypass function and can be deployed in passive IDS mode,
inline bridge mode, or inline blocking mode with fail
severed/unsevered, and can be deployed to meet mixed
IDS and IPS chokepoint requirements.
Software-only option
Build your own sensor for deployment, easy staging,
or as a quick, hot spare with the IPS-1 software-only
option. Leverage the fully hardened and secured Check
Point operating system, SecurePlatform™, which combines
the simplicity and builtin security of an appliance
with the flexibility of an open server. Then you can
turn an off-the-shelf server into a high-performance
IPS-1 sensor in less than 30 minutes.
Open Signatures and Signature Language:
IPS-1 signatures and its signature language are open,
thus allowing you to see how IPS-1 works, and, more
importantly, enabling you to meet any special, unforeseen
security requirements such as supporting nonstandard
protocols.
The IPS-1 intrusion
prevention system is based on a three-tier architecture,
providing reliability and scalability.
Check
Point IPS-1
