Hillstone S-Series
Inteligentny system ochrony wewnątrz sieci (NIPS)

Transparentna ochrona przed zagrożeniami
bez obniżenia wydajności oraz opóźnień pakietów

Login:GuesT
Password:GuesT*1

Ochrona przed zagrożeniami bez obniżenia wydajności

Platforma Hillstone NIPS ma najbardziej wszechstronny silnik inspekcji o wysokiej wydajności w połączeniu z najlepszym w swojej klasie podpisem partnerów z wiodącymi partnerami technologicznymi, zapewniając klientom najwyższy wskaźnik wykrywania zagrożeń przy najniższym całkowitym koszcie posiadania (TCO). Ponadto zapewnia wysoką przepustowość, małe opóźnienia i maksymalną dostępność w celu utrzymania wydajnych operacji bezpieczeństwa bez obniżania wydajności sieci.

Specyfikacje modeli:

Hillstone Seria S

Seria Hillstone S odgrywa integralną część systemów bezpieczeństwa sieci ze względu na jego wysoką wydajność, brak kompromisów, najlepsze w swojej klasie możliwości ochrony oraz szerokie i elastyczne scenariusze wdrażania.

Urządzenie IPS działające w linii z prędkością drutu

Ponieważ krajobraz zagrożeń ewoluuje agresywnie, szybko pojawiła się rosnąca liczba technologii ochrony sieci. Spośród tych różnych technologii system zapobiegania włamaniom (IPS) pozostaje jednym z najczęściej wdrażanych rozwiązań, niezależnie od platformy i formy.

Urządzenie IPS (NIPS) firmy Hillstone Network działa w trybie ciągłym i przewodowym, wykonując głęboką kontrolę pakietów i kontrolę całego ruchu sieciowego. Stosuje również reguły oparte na kilku metodach, w tym analizie anomalii protokołu i analizie sygnatur w celu blokowania zagrożeń. Hillstone NIPS może zostać wdrożony w sieci w celu kontroli ruchu pozostawionego niezauważonym przez rozwiązania obwodowe i jest integralną częścią systemów bezpieczeństwa sieci ze względu na jego wysoką wydajność, bezkompromisowość, najlepsze w swojej klasie możliwości ochrony oraz szerokie i elastyczne scenariusze wdrażania.

DashBoard

NIPS hillstone networks 4 - Kopia

Łańcuch włamania

NIPS hillstone networks 2 - Kopia

Analiza ryzyka

NIPS hillstone networks 5

Lista włamań

NIPS hillstone networks 3 - Kopia

Device monitor

NIPS hillstone networks7

Konfiguracja profilu

NIPS hillstone networks9

Systemy ochrony i usługi

Intrusion Prevention
  • 8,000+ signatures, protocol anomaly detection, rate-based detection, custom signatures, manual, automatic push or pull signature updates, integrated threat encyclopedia
  • IPS actions: default, monitor, block, reset (attackers IP or attackers IP and victim IP, incoming interface) with expiry time
  • Packet logging option
  • Filter based selection: severity, target, OS, application and/or protocol
  • IP exemption from specific IPS signatures
  • IDS sniffer mode
  • IPv4 and IPv6 rate based DOS protection with threshold settings against TCP Syn flood, TCP/UDP/SCTP port scan, ICMP sweep, TCP/UDP/SCIP/ICMP session flooding (source/destination)
  • Active bypass with bypass interfaces
  • Predefined prevention configuration
Threat Correlation Analytics
  • Correlation among unknown threats, abnormal behavior and application behavior to discover potential threat or attacks
  • Multi-dimension correlation rules, automatic daily update from the cloud
Advanced Threat Detection
  • Behavior-based advanced malware detection
  • Detection of more than 2000 known and unknown malware families including Virus, Worm, Trojan, Overflow etc.
  • Real-time, online, malware behavior model database update
Abnormal Behavior Detect
  • Behavior modeling based on L3-L7 baseline traffic to reveal anomalous network behavior, such as HTTP scanning, Spider, SPAM, SSH/FTP weak password
  • Detection of DDoS including Flood, Sockstress, zip of death, reflect, DNS query, SSL DDos and application DDoS
    Supports inspection of encrypted tunneling traffic for unknown applications
  • Real-time, online, abnormal behavior model database update
Antivirus
  • Over 13 million AV signatures
  • Flow-based Antivirus: protocols include HTTP, SMTP, POP3, IMAP, FTP/SFTP
  • Supports compressed file virus scanning
Attack Defense
  • Abnormal protocol attack defense
  • Anti-DoS/DDoS, including SYN Flood, DNS Query Flood defense
  • ARP attack defense
URL Filtering
  • Flow-based web filtering inspection
  • Manually defined web filtering based on URL, web content and MIME header
  • Dynamic web filtering with cloud-based real-time categorization database: over 140 million URLs with 64 categories (8 of which are security related)
  • Web filtering profile override: allows administrator to temporarily assign different profiles to user/group/IPAdditional web filtering features:
    • Filter Java Applet, ActiveX and/or cookie
    • Block HTTP Post
    • Log search keywords
    • Exempt scanning encrypted connections on certain categories for privacy
  • Web filter local categories and category rating override
Anti-Spam
  • Real-time Spam Classification and Prevention
  • Confirmed Spam, Suspected Spam, Bulk Spam, Valid Bulk
  • Protection Regardless of the language, format, or content of the message
  • Support both SMTP and POP3 email protocols
  • Inbound and outbound detection
  • White lists to allow emails from trusted domains
Cloud-Sandbox
  • Upload malicious files to cloud sandbox for analysis
  • Support protocols including HTTP/HTTPS, POP3, IMAP, SMTP and FTP
  • Support file types including PE,ZIP, RAR, Office, PDF, APK, JAR and SWF
  • File transfer direction and file size control
  • Provide complete behavior analysis report for malicious files
  • Global threat intelligence sharing, real-time threat blocking
  • Support detection only mode without uploading files
Botnet C&C Prevention
  • Discover intranet botnet host by monitoring C&C connections and block further advanced threats such as botnet and ransomware
  • Regularly update the botnet server addresses
  • prevention for C&C IP and domain
  • Support TCP, HTTP, and DNS traffic detection
  • IP and domain whitelists
IP Reputation
  • Identify and filter traffic from risky IPs such as botnet hosts, spammers, Tor nodes, breached hosts, and brute force attacks
  • Logging, dropping packets, or blocking for different types of risky IP traffic
  • Regular IP reputation signature database upgrade
Application control
  • Over 3,000 applications that can be filtered by name, category, subcategory, technology and risk
  • Each application contains a description, risk factors, dependencies, typical ports used, and URLs for additional reference
  • Actions: block, reset session, monitor, traffic shaping
  • Identify and control applications in the cloud
  • Provide multi-dimensional monitoring and statistics for applications running in the cloud, including risk category and characteristics
Quality of Service (QoS)
  • Max/guaranteed bandwidth tunnels or IP/user basis
  • Tunnel allocation based on security domain, interface, address, user/user group, server/server group, application/app group, TOS, VLAN
  • Bandwidth allocated by time, priority, or equal bandwidth sharing
  • Type of Service (TOS) and Differentiated Services (DiffServ) support
  • Prioritized allocation of remaining bandwidth
  • Maximum concurrent connections per IP
  • Bandwidth allocation based on URL category
  • Bandwidth limit by delaying access for user or IP
  • Automatic expiration cleanup and manual cleanup of user used traffic
IPv6
  • Management over IPv6, IPv6 logging and HA
  • IPv6 tunneling, DNS64/NAT64 etc.
  • IPv6 routing including static routing, policy routing, ISIS, RIPng, OSPFv3 and BGP4+
  • IPS, Application identification, URL filtering, Anti-Virus, Access control, ND attack defense
  • Track address detection
VSYS
  • System resource allocation to each VSYS
  • CPU virtualization
  • Non-root VSYS support firewall, IPSec VPN, SSL VPN, IPS, URL filtering
  • VSYS monitoring and statistic
High availability
  • Redundant heartbeat interfaces
  • Active/Active and Active/Passive
  • Standalone session synchronization
  • HA reserved management interface
  • Failover:
    • Port, local & remote link monitoring
    • Stateful failover
    • Sub-second failover
    • Failure notification
  • Deployment options:
    • HA with link aggregation
    • Full mesh HA
    • Geographically dispersed HA
Visible Administration
  • Management access: HTTP/HTTPS, SSH, telnet, console
  • Central Management: Hillstone Security Manager (HSM), web service APIs
  • Two-factor authentication: username/password, HTTPS certificates file
  • System Integration: SNMP, syslog, alliance partnerships
  • Rapid deployment: USB auto-install, local and remote script execution
  • Dynamic real-time dashboard status and drill-in monitoring widgets
  • Storage device management: storage space threshold customization and alarm, old data overlay, stop recording.
  • Language support: English
Logs & reporting
  • Logging facilities: local memory and storage (if available), multiple syslog servers and multiple Hillstone Security Audit (HSA) platforms
  • Encrypted logging and log integrity with HSA scheduled batch log uploading
  • Reliable logging using TCP option (RFC 3195)
  • Detailed traffic logs: forwarded, violated sessions, local traffic, invalid packets
  • Comprehensive event logs: system and administrative activity audits, routing & networking, VPN, user authentications, WiFi related events
  • IP and service port name resolution option
  • Brief traffic log format option
  • Three predefined reports: Security, Flow and network reports
  • User defined reporting
  • Reports can be exported in PDF, Word and HTML via Email and FTP
Statistics and Monitoring
  • Application, URL, threat events statistic and monitoring
  • Real-time traffic statistic and analytics
  • System information such as concurrent session, CPU, Memory and temperature
  • iQOS traffic statistic and monitoring, link status monitoring
  • Support traffic information collection and forwarding via Netflow (v9.0)
CloudView
  • Cloud-based security monitoring
  • 7/24 access from web or mobile application
  • Device status, traffic and Threat monitoring
  • Cloud-based log retention and reporting