 |
|
» |
|
|
|
|
|
|
» |
|
|
» |
|
|
» |
|
|
» |
|
|
|
|
|
|
» |
|
|
» |
|
|
» |
|
|
|
|
|
|
» |
|
|
|
|
|
|
» |
|
|
|
|
|
|
» |
|
|
» |
|
|
|
|
|
|
» |
|
|
|
|
|
|
|
|
|
|
|
|
|
 |
|
|
|
|
|
|
|
|
|
| |
Additional information
-
Intrusion detection:
-
Network visibility
monitor traffic for internal network threats across wired and wireless networks using sFlow data from ProCurve devices
-
Multiple intrusion detection methods
detect intrusions using virus throttle alerts from select ProCurve switches, NBAD (Network Behavior Anomaly Detection) performed by Network Immunity Manager, and security alerts from signature-based third-party IDS/IPS security devices
-
Remote monitoring for deeper analysis of traffic
mirrors suspect traffic to select third-party IDS/IPS/UTM devices for signature file matching for high-confidence detection of known viruses; leverages one IDS/IPS/UTM device across the network
-
Offender tracking
identifies the offender (IP, and MAC and DNS name) responsible for the network attack and displays their location; additional information can be displayed, such as the offender's name and network access information when Identity Driven Manager is installed
-
Security heat map
real-time view of security activities across the network; displays devices where attacks occur using visual color-coding
-
Intrusion response:
-
Internal threat protection
discover the switch port where the offender connects and mitigate the attack at the port where the attack originates (Per-Port-Response)
-
Location-based policy enforcement
set and enforce security policies based on the network location of the offender and the time of attack
-
Multiple threat mitigation responses
mitigate internal network attacks by putting the offender in a Quarantine VLAN or using offender bandwidth rate limiting, offender MAC lockout, offender port shutdown, or IT administrator e-mail alert notification only
-
Chain of actions
provides a prioritized list of mitigation actions, so when a response to the attack fails, an alternate response can be triggered
-
Wireless support
mitigate threats from wireless LAN by blocking offender MAC address
-
Security management:
-
Policy management
create and manage mitigation policies based on event source, location, time, action, and other alert parameters
-
Security dashboard
real-time view of security activities, mitigation actions taken, and offender details across the network over various time intervals
-
White list (exempt list)
set of IP address and MAC and DNS names that are exempt from mitigation actions
-
Configuration cleanup
automatic rollback of response configurations from ProCurve switches and wireless access points after the policy expires
-
Reporting:
-
Data mining
generate network-based, offender-based, and alert-based tabular reports
-
Flexible deployment:
-
Network Behavior Anomaly Detection and response
detect attacks using NBAD analysis of sampled traffic and Virus Throttle attack alerts from select ProCurve switches, and mitigate threats at the ProCurve network edge using intrusion-response capabilities
-
Passive intrusion prevention and response
remotely mirror suspect traffic identified by NBAD analysis to an offline IDS/IPS/UTM device for a signature file match to detect attacks and mitigate threats at the ProCurve network edge using Network Immunity Manager's intrusion-response capabilities
-
Active intrusion prevention and response
prevent attacks using inline IDS/IPS/UTM device and mitigate threats at the ProCurve network edge using Network Immunity Manager's intrusion-response capabilities
-
Third-party IDS/IPS/UTM device support:
-
Cisco
Cisco IPS 4200 series sensor
-
Fortinet
Fortinet UTM appliances (estimated support date: June 1, 2007)
-
Sonicwall
Sonicwall UTM Pro series appliances (estimated support date: July 1, 2007)
»
Return to top
|
|
|
|
|
|
|
