Intrusion Prevention

All networks are not created equal and the same can be said of intrusion prevention systems. eSoft's Intrusion Prevention System (IPS) rises head and shoulders above the rest by providing maximum protection while allowing full customizability. eSoft's Intrusion Prevention is included with both the Email ThreatPak and the Web ThreatPak and can be added to both the InstaGate and the ThreatWall.

IPS automatically detects and blocks malicious network intrusions that occur at the network and application layers. It blocks attacks in real-time, automatically logging the attack for reporting or forensic analysis. Signature updates are automatically downloaded to ensure protection from the latest threats.

eSoft's IPS uses deep packet inspection to scan network traffic for worms, Trojans and application vulnerabilities such as browser vulnerabilities, buffer overflows, cross-site scripting, back-door exploits and SQL injection. IPS detects active attacks in real-time and blocks them before they can do damage on the network.

Full Protection

eSoft's Threat Prevention Team works around the clock, 24 x 7, monitoring new threats. As vulnerabilities are disclosed and exploits are released, the Threat Prevention Team creates signatures to detect and stop the threats that matter most, such as those that can be exploited remotely.

There are several classes of threats including Denial of Service attacks, server vulnerabilities such as those found in mail and web servers, client vulnerabilities such as those found in web browsers and FTP clients, and file format vulnerabilities, such as those image files that could compromise a computer simply by being viewed. eSoft protects against all of these vulnerabilities and in addition has detection for breaches such as botnet infections, worms, and more.

Simple customization

Some networks have a public-facing webserver or mail server, others are Microsoft Windows only networks, while still others are a mix of Mac and Linux. Further, Microsoft's IIS web server is vulnerable to different attacks than the Apache web server. In order for an intrusion prevention system to appropriately protect a network, it needs to have knowledge of what it's protecting. eSoft's IPS settings screen makes this process easy. And every intrusion prevention signature has meta data concerning what applications and operating systems are affected, the nature of the threat, whether it signifies an attack, reconnaissance, a breach, etc.

Action profiles

Most users never need to bother with action profiles, but for advanced administrators, they make eSoft's action profiles make its IPS one of the best in the industry.

Most intrusion prevention systems allow administrators to enable or disable rules individually or by category. eSoft's IPS provides not just the basic, but also more advanced capabilities. Because every rule has a number of attributes including category, class, priority, and operating system, administrators can define how to respond to different types of attacks affecting different parts of the network. High priority attacks, for example, might be blocked and an administrator notified. Reconnaissance might be logged or just silently dropped. As the Threat Prevention Team adds new signatures for eSoft customers, those signatures will automatically be automatically associated with their Action Profile and if the rule is triggered, the appropriate action will be taken.

High speed and low false positives

eSoft's intrusion prevention system has been optimized for speed. Unnecessary rules aren't used and rules that are released are thoroughly tested in a testbed that checks for false positives, speed, and ability to stop real-world attacks. Any rule released is first certified by the Threat Prevention Team to have a low false positive rate, high speed, and, of course, the best possible protection.