Cyberoam Intrusion Prevention System (IPS)
Cyberoam Intrusion Prevention System provides protection by blocking intrusion attacks, malware, Trojan and malicious code transmission. It supports multiple protocols like HTTP, FTP, SMTP, POP3, IMAP, P2P and IM which detects, blocks and drops suspicious traffic.It allows enterprises to create their own signatures for protection and prevent targeted attacks to the enterprise. The IPS signature database includes HTTP proxy signatures that prevent masking of users surfing through an anonymous open proxy.
To detect such activities, IPSs uses Signatures. Whenever the matching traffic pattern with Signature is found, IPS triggers the alarm and blocks the traffic in reaching its destination. This global policy can be modified or tuned as per the requirement but cannot be tailored per network or per host. Enterprises can create custom signatures for branch offices through the Cyberoam Central Console(CCC). These enable enterprises with protection at branch offices by emerging network attacks despite of the lack of technical resources.
Cyberoam uses two modes for Signatures:
As per the network requirements, it allows to define multiple policies instead of one global policy to decrease packet latency and reduce false positives. This security management system gathers and analyzes information from a network to identify security breaches, which includes misuse of attacks from outside the organization and misuse of attacks from within the organization. IPS prevents malicious activity like denial of service attacks, port-scans or attempts to crack into computers.
Once the policies and rules are in place, IPS examines all incoming and outgoing packets looking for matching signatures. All the detected signatures are logged and identified as IPS alerts.