Corero's Next Generation IPS: Security in an Insecure World

Corero's Intrusion Prevention System (IPS) product family provides a critical component of the strong, layered security infrastructure that enterprises require to assure that their business continues to thrive, and retain the confidence of their customers.

The Internet enables business to engage in commerce at unprecedented speeds and on an unprecedented global scale. Enterprises can engage and serve customers anywhere, at any time, in an instant. Web technologies facilitate global supply chains, partnership activities and financial transactions. Consumers shop for goods and services from their homes, their offices - from anywhere.

The Risk

However, with great opportunity comes great risk. Organized crime, like legitimate business, has gone cyber. It's where the money is. In just a few years, cyber crime has grown into big business. One 2009 report estimated cyber crime cost businesses $1 trillion annually, and that figure is sure to be much higher because of under-reporting and the growth of Internet crime. Cyber crime attacks are now listed as the FBI's third highest priority, behind terrorism and espionage.

Information is the lifeblood of business. In many cases, information is the business. It's invaluable to the enterprise, and very valuable to thieves.

Businesses of all sizes have thousands to many millions of customer records: credit card data; personally identifiable information (PII); medical records and personal financial data. The cost of a data breach can be enormous. The average total cost of a single data breach was more than $7.2 million dollars in 2010, according to a survey by the Ponemon Institute. Companies can suffer irreparable brand damage.

Sensitive business information is also at risk: product designs, business plans, research information and application code are attractive targets for industrial espionage by unscrupulous competitors, nation-states and cyber criminals who will sell to the highest bidder.

The Threat

Cyber attackers have access to some of the smartest people and sophisticated, clever attack tools and malware. In many respects, they appear to have the upper hand in the continuous battle against security countermeasures. Attackers employ armies of infected computers (known as bots or zombies) in botnets that launch massive, automated attacks that scan enterprises for vulnerabilities and exploit them, usually to steal information. Botnets also send billions of spam messages and can be used for crippling distributed denial-of-service (DDoS) attacks.

Increasingly, criminals, unscrupulous competitors, hacktivists and unfriendly nation states are launching targeted attacks against high-profile targets. Attackers breached security giant RSA, obtaining data to compromise its flagship SecurID authentication products. The so-called Aurora attacks successfully breached Google, Adobe and a number of other major companies. These attacks use combinations of exploits of known and previously unknown (zero-day) vulnerabilities; obfuscation and polymorphic techniques to mask themselves and adapt to changing conditions; ingenious propagation methods and devious social engineering that challenge even the strong defenses.

Many smaller businesses are targeted as well, because they are easier targets that yield a high return; criminals obtain banking credentials and clean out bank accounts for tens, often hundreds, of thousands of dollars.

Firewalls and endpoint antimalware products are essential security tools, but are inadequate in the face of these sophisticated onslaughts.

The firewall is an important cornerstone of network security and is generally an organization's first line of defense against Internet-based threats. Traditional firewalls are generally easy to operate and maintain, but are also relatively unsophisticated and therefore ineffective against many of today's advanced Internet threats. Because traditional firewalls aren't designed to inspect application content, an attack from an allowed IP address or port can often simply pass through a firewall.

Endpoint antimalware detects and blocks many attacks, but its effectiveness has decreased in the face of extremely sophisticated obfuscation techniques, polymorphism and the sheer volume of new malware - millions of unique samples every year.

The Solution

Corero Network Security delivers the most comprehensive, most effective intrusion prevention available, detecting and blocking both known and unknown attacks without impacting network performance. Corero's IPS is a transparent, in-line security appliance that provides unmatched intrusion detection capabilities through a unique combination of protocol behavior analysis supplemented by signature-based detection.

Corero's IPS is remarkable for the lowest latency and highest reliability of any IPS on the market. Multiple appliances can be deployed in ProtectionCluster mode, which dramatically boosts performance and provides high availability in the very unlikely event of appliance failure.

IPS Controller software provides central management of multiple Corero IPS appliances, allowing customers to administer policy, updates and granular control in distributed environments.

Corero Three Dimensional Protection (3DP)

IPS Benefits

Corero's IPS:

  • Stops remote exploits of critical vulnerabilities
  • Keeps spyware, viruses, botnet programs and other malware out of the network
  • Thwarts advanced hybrid and application-level attacks
  • Provides P2P security
  • Protects VoIP infrastructure
  • Blocks DDoS and botnet-based attacks
  • Prevents undesired access
  • Proactively protects against threats while patches are being tested and deployed
  • Improves security posture through acceptable application usage enforcement
  • Enables regulatory compliance through protection of confidential data
  • Protects against theft of intellectual property because of undesired access
  • Reduces IT hours devoted to fixing/remediating systems infected by viruses, botnets and malware
  • Reduces downtime and impairment of business systems and websites from DDoS attacks and botnet threats

Superior Technology

Corero's IPS uses a state-of-the-art, multi-tiered architecture that couples our industry-proven protocol validation modules (PVM) with data validation modules (DVM) that inspect file content regardless of the protocol over which the files are being transported. This approach requires fewer filters which means we can deliver new protection more quickly while dramatically reducing the incidence of false positives compared to other IPS technologies.

Corero's IPS provides Three Dimensional Protection (3DP), combining deep packet inspection and analysis, stateful firewall filtering and DDoS defense. The solution is built on the redoubtable Core Platform provides the power, extensibility and flexibility that distinguish Corero's Intrusion Prevention System (IPS) and DDoS Defense (DDS) products in the market. This platform, comprising a powerful Tilera 64-core processor and the CoreOS, is the foundation on which Corero developers and engineers have built and continue to build out a cohesive and integrated suite of network security products.

Corero's Network Security Analyzer (NSA) provides security event management, real-time alerting and flexible reporting, compliance audit lifecycle management, enterprise-wide IPS security intelligence and forensics and investigative root cause analysis. Corero's IPS also supports leading SIEM solutions, so events from Corero's solutions can be seamlessly integrated into enterprise security information management processes.

Unmatched Service

Corero customers are assured they have the latest protection through Corero's Threat Update Service, which provides automated updates against the latest threats to their organizations. Each update includes detailed information about the new threats and recommendations that allow enterprises to make informed decisions about applying the updates in their unique IT environments.

Dedicated to making our customers' successes our success, Corero offers an integrated solution based on technology, services and support to protect the business in a hostile environment, with minimal management overhead and minimal impact on productivity and network performance.