IPS Optimization

WiJungle IPS now supports :

1. Intrusion Prevention System: WiJungle IDPS have signature and anomaly base intrusion detection and prevention system with more than 98000+ signatures. It can detect, respond to and alert any unauthorized activityas well as detect incidents that originate from inside the network perimeter as well as from outside the network perimeter and shall be able to take action on the basis of configured policies. Signatures are automatically updated through our threat cloud. It is capable to detect and block all known high risk exploits and the underlying vulnerability and block all known high risk exploits, callback activities using FFSN, pdf & flash emulation etc  and the underlying vulnerability (not just one exploit of that vulnerability) and is able to working in asymmetric traffic environment.

2. Out of Band Programming : Support out of band programming for control plane along with data plane scripting for function like content inspection and traffic management. Also support SQL-based querying for the various databases.

3. Dual Processor: Higher end models like  U2500, U3500, U5000, U5000HX, U7500, U7500V etc have dual processor having multiple cores on their motherboard where some NIC are connected with CPU 1 and other with CPU 2 enhancing the processing capability and increasing the throughput & can scale against dynamic latest security threats.

4. Multi Factor Authentication: With Admin & User authentication(AD,LDAP,Radius,Kerberos,Local DB etc), you can enable 2/3FA with email/sms/hw token/google/twilio etc authenticators for all the platforms like windows/Mac/Linux/Android/Ios etc.

5. Port Agnostic Inspection: appliances are now capable of automatically detecting & inspecting the different protocols over non-standard communication ports and apply protecting policies according to them.

6. Deep Learning based Rule Inspection: access rules can now be inspected with our machine learning models to give proper suggestion for optimization. It has an ability to remove all the active content, macros, block the malicious contents while sending document to the end user as clean document and not to legitimate destination.

7. Tap Mode: It allows you to passively monitor traffic flows across a network.

8. Virtual Wire Mode: A Wire Mode interface does not take any IP address and it is typically configured as a bridge between a pair of interfaces and can apply policies. Underneath it copies packet from one interface, apply policies over it and paste it to other interface & vice-versa, acting as inline and without disturbing the existing topology.

9. 65+ Predefined IPS Categories: Our appliance supports 65+ predefined catgories including ActiveX, Adware-PUP, Attack Response, Bot, Chatservers, Coinminers, Corpotate Policy Violations, Privilega Gain like unauthorized access attempts, Exploits, FTP, Games, Malware, Databases, Web Client, Web Server, Web Specific Apps, P2P, Tor, POP3, SCADA, RPC, Reconnaisance & Probing, Shellcodes, DoS, DDoS, Network Devices, Telnet, Trojan, SMB, VOIP, SMTP, Proxy, Dynamic DNS, Abused TLD, Known Blackholes, Remote Access Services, Mobile Malwares, EXE Sources etc

10. Terminal & Citrix Support: We have added terminal services and citrix support for authentication.

11. REST API: We have added resta api support for mangement.

12. Certificate Management & Validation: You can add Certificate Authority, Generate CSR, Generate Self Signed Certificate or can upload custom certificates & CRL. Also you can block invalid certificates.

13. Access Control List: Granular policies can be created based on Src/Dst IP Objects, Services, Applications,Physical/Virtual Interface and IPS Policy. Here IPS policy can be further edited and individual signature based exemption and action can be applied. Supporting more than 1L+ objects and 10K+ access rules.

14. Central Management: This feature has been added and can be integrated via our cloud console or hardware form factor management console. Our hardware appliances support upto 100 appliance managmeent. You can segment the rule base in a sub-policy structure in which only relevant traffic is being forwarded to relevant policy segment for an autonomous system and provides integrated Logging & Reporting with Automated Management and Event Correlation System. Communication is encrypted and authenticated with PKI Certificates.

15. Advanced Anti-Bot: It uses a multi-tiered detection engine, which includes the reputation of IPS, URLs and DNS addresses and detect patterns of bot communications and find C&C traffic patterns.

16. DNS Interceptor: It intercepts the dns traffic transparently and apply web filtering policies, block dns tunneling, bot communications, command and control etc.

17. Compatible with SNORT Signature: IDPS engine is compatible with SNORT signatures.

18. Enhanced Reports: Admin can now generate instant and periodic drill-down reports with the option to export in various formats like xls,csv,pdf,html etc or can be scheduled for FTP/NAS Server or email. Reports can be on per user, application, internet traffic, network flow, web content, malwares, incidents etc basis.

19. Management & HA Port: Supports dedicated management & HA interfaces.

20. Hardware Fail Open Bypass Paur: WiJungle now supports hardware fail open bypass pairs which in unforseen circumstances where appliance is down, can bypass trffic

21. Latency: It is <=60 micro seconds.

Please note WiJungle IPS OS has not reported any vulnerability in last 3 years from 2018-2022 and our global threat intelligence with our AI-native cloud is built with the help of sensors deployed across 25+ countries.

Was this article helpful?