As the threat landscape continues to evolve aggressively, an increasing number of network protection technologies have quickly emerged. Among these various technologies, Intrusion Prevention System (IPS) remains one of the most widely deployed solutions, regardless of platform or form factor.

Hillstone Network-based IPS (NIPS) appliance operates in-line, and at wire speed, performing deep packet inspection, and assembling inspection of all network traffic. It also applies rules based on several methodologies, including protocol anomaly analysis and signature analysis to block threats. Hillstone NIPS can be deployed in the network to inspect traffic left undetected by perimeter solutions, and is an integral part of network security systems for its high-performance, no compromise, best-of-breed protection capability and broad and flexible deployment scenarios.

Unparalleled Threat Protection without performance compromise

The Hillstone NIPS platform has the most comprehensive high performance inspection engine, combined with the best-of-breed signature partnering with leading technology partners, providing customers the highest threat detection rate with the lowest total cost of ownership (TCO). Moreover, it provides high throughput, low latency and maximum availability to maintain efficient security operations without compromising network performance.

Granular Reporting with User Targeted Viewpoints

Bringing multiple sources together, Hillstone NIPS can identify contextual information to make proper blocking decisions. With a granular and robust reporting function, it offers visibility across different views, based on whether you are a business system administrator, a security administrator or the CIO or executive.

Ease of Deployment

Deploying and managing the Hillstone NIPS is simple, with minimum overhead. It can be deployed in the following modes to meet security requirements and ensure optimal network connectivity: Active protection (intrusion prevention mode), real time monitoring and blocking; Passive detection (intrusion detection mode), real time monitoring and alert.

Centralized Management

The Hillstone NIPS can be managed by the Hillstone Security Management Platform (HSM). Administrators can centrally register, monitor, upgrade NIPS devices deployed in different branches or locations, with a unified management policy across the network for maximum efficiency.

Key features

  • 8,000+ signatures, protocol anomaly detection, rate-based detection, custom signatures, manual, automatic push or pull signature updates, integrated threat encyclopedia
  • IPS actions: default, monitor, block, reset (attackers IP or attackers IP and victim IP, incoming interface) with expiry time
  • Packet logging option
  • Filter based selection: severity, target, OS, application and/or protocol
  • IP exemption from specific IPS signatures
  • IDS sniffer mode
  • IPv4 and IPv6 rate based DOS protection with threshold settings against TCP Syn flood, TCP/UDP/SCTP port scan, ICMP sweep, TCP/UDP/SCIP/ICMP session flooding (source/destination)
  • Active bypass with bypass interfaces
  • Predefined prevention configuration
  • Behavior-based advanced malware detection
  • Detection of more than 2000 known and unknown malware families including Virus, Worm, Trojan, Overflow etc.
  • Real-time, online, malware behavior model database update
  • Behavior modeling based on L3-L7 baseline traffic to reveal anomalous network behavior, such as HTTP scanning, Spider, SPAM, SSH/FTP weak password
  • Detection of DDoS including Flood, Sockstress, zip of death, reflect, DNS query, SSL DDos and application DDoS
  • Supports inspection of encrypted tunneling traffic for unknown applications
  • Real-time, online, abnormal behavior model database update
  • Upload malicious files to cloud sandbox for analysis, including HTTPS encrypted traffic
  • Provide complete behavior analysis report for malicious files
  • Over 13 million AV signatures
  • Flow-based Antivirus: protocols include HTTP, SMTP, POP3, IMAP, FTP/SFTP
  • Supports compressed file virus scanning
  • Flow-based web filtering inspection
  • Dynamic web filtering with cloud-based real-time categorization database: over 140 million URLs with 64 categories (8 of which are security related)
  • Web filtering profile override: allows administrator to temporarily assign different profiles to user/group/IP
  • Web filter local categories and category rating override
  • Proxy avoidance prevention: proxy site category blocking, rate URLs by domain and IP address, block redirects from cache and translation sites, proxy avoidance application blocking, proxy behavior blocking (IPS)
  • Over 3,000 applications that can be filtered by name, category, subcategory, technology and risk
  • Each application contains a description, risk factors, dependencies, typical ports used, and URLs for additional reference
  • Actions: block, monitor
  • Provide multi-dimensional monitoring and statistics for applications running in the cloud, including risk category and characteristics
  • Redundant heartbeat interfaces
  • Active/Active and Active/Passive
  • Standalone session synchronization
  • HA reserved management interface
  • Failover:
    • Port, local & remote link monitoring
    • Stateful failover
    • Sub-second failover
    • Failure notification
  • Deployment options:
    • HA with link aggregation
    • Full mesh HA
    • Geographically dispersed HA
  • Management access: HTTP/HTTPS, SSH, telnet, console
  • Central Management: Hillstone Security Manager (HSM), web service APIs
  • Two-factor authentication: username/password, HTTPS certificates file
  • System Integration: SNMP, syslog, alliance partnerships
  • Rapid deployment: USB auto-install, local and remote script execution
  • Dynamic real-time dashboard status and drill-in monitoring widgets
  • Storage device management: storage space threshold customization and alarm, old data overlay, stop recording.
  • Language support: English
  • Logging facilities: local memory and storage (if available), multiple syslog servers and multiple Hillstone Security Audit (HSA) platforms
  • Encrypted logging and log integrity with HSA scheduled batch log uploading
  • Reliable logging using TCP option (RFC 3195)
  • Detailed traffic logs: forwarded, violated sessions, local traffic, invalid packets
  • Comprehensive event logs: system and administrative activity audits, routing & networking, VPN, user authentications, WiFi related events
  • IP and service port name resolution option
  • Brief traffic log format option
  • Granular Reporting with User Targeted Viewpoints
    • HA Management/C-level View
    • Business System Owner View
    • Network Security Administrator View

Resources