Network Intrusion Detection
A Network Intrusion Detection System (NIDS) will help detect, in real time, malicious attacks from external systems, infected internal servers or user workstations, incorrect service configurations, or local security policy breaches. Among standard detection capabilities of a network IDS are:
- Detection of new systems in the network.
- Detection of hidden systems that are using spoofing.
- Detection of unauthorized use of services.
- Prevention mode. Running in Intrusion Prevention System (IPS) mode, a Network IDS may also act by stopping, blocking, or discarding a bad connection as soon as it is detected.
Network Packet Analytics
Sometimes when you have network issues, you can solve them with metrics. Other times you have to dive into packet details. That’s where network packet analysis comes into picture.
ISMAC’s full network packet capture feature speeds network pack analysis and reporting of large trace files using an intuitive graphical user interface and a broad selection of pre-defined analysis views and quickly identify and troubleshoot complex network and application performance issues down to the bit level through full integration with ISMAC.
Network Threat Detection
Using network IDS rulesets will help you detect the most common attacks and malicious network behavior. Vendors update rulesets periodically and ISMAC will help you keep your current rulesets synchronized with your NIDS.
ISMAC will help monitor your network wherever it reaches. We have solutions to collect traffic in different environments as ISMAC supports different configuration scenarios that can work together.
- Software Test Access Point (TAP): for cloud or isolated systems. Make your servers part of the network analysis process, collect traffic locally on your server and forward it to a central NIDS for analysis.
- Virtual Environment: for cloud or isolated systems. Make your servers part of the network analysis process, collect traffic locally on your server and forward it to a central NIDS for analysis.
- On-Premises: listen to traffic directly from your network. Usually, you will perform the typical deployment and configure your NIDS probes to listen to a portMirror or portSpan interface in your network.