IDS / IPS
What to do if the attacker got behind the firewall?
No problem. Now your Intrusion Detection and Prevention System from Enginsight takes care of that.
Over 10.000+ secured systems by hidden champions, SMEs and our partners.
Enginsight is the most comprehensive and simple security solution for all sizes of companies , Made in Germany.
With Enginsight you are always one step ahead
No matter from where an attack starts. Keep your cool at all times thanks to Intrusion Detection and Prevention System.
Simplify your workday by keeping an eye on your traffic. Knowabout network activity at all times and stop attackers, no matter where the threat is located.
Make even hidden threats visible and get all relevant informationabout the attack clearly prepared. Automate your workflows individually and let us take the work off your hands.
While Enginsight scans your systems for possible threatsand blocksthem for you, you can take a break. With just a few clicks you can achieve more automationand thus more time and less effort.
QSil AG, quartz glass manufacturer
Detect and block attacks
With an intrusion detection system, you scan network traffic for attacks – the intrusion prevention system then blocks them. In combination, they make the invisible visible – and the insecure secure.
Detect threats even behind the firewall and stop attacks before they bring your systems to their knees. Focus on a holistic protection of your IT landscape and enrich your security measures with further precautions.
Would you like to know a little more? Then you are exactly right here! Find out what Enginsight does for you in detail on the subject of IDS / IPS completely automatically.
The technical basis of Enginsight’s intrusion detection and prevention system is the Pulsar agents installed on all servers and clients. The IDS/IPS is therefore host-based. This is where Enginsight differs from network-based systems where the sensor is integrated at the switch, behind the firewall or in the firewall. This means that the IDS/IPS can be scaled hardware-independently for any size of company and remains active even if a client leaves the company network, e.g. to the home office.
The decentralized approach also makes it possible to detect and block attacks from within the internal network or even within a network segment. Attempts by hackers to spread further in the network after successful infiltration can thus be effectively prevented.
- Detect and block attacks from internal network
Enginsight examines the content of network traffic for a variety of suspicious activities. By targeting very basic attack types, the IDS covers all major categories of network-based attacks. This already makes it almost impossible for the attacker to spy out information, gain access or spread further into the systems unnoticed.
- Port Scan (TCP, UDP)
- Spoofing (ARP, DNS)
- Bruteforce (e.g. on SSH, FTP, RDP, HTTP)
- Cross Site Scripting
- SQL Injection
- … and much more!
The scope of attacks that Enginsight detects and blocks can be extended to include those described in the SNORT Communiy Rules. Thus, the IDS/IPS also covers more specific attacks, for example on certain applications. For example, attacks on Microsoft IIS or Exchange Server, attempts to access sensitive data on a web server or CGI attacks can be identified. With just one click, SNORT Community Rules can be activated to benefit from advanced detection capabilities.
- Detect and block attacks on specific software
- benefit from the large scope of SNORT Community Rules
Detection and blocking levels can be assigned to all servers and clients according to their protection needs. This brings security, performance and availability into the ideal balance. By grouping servers and clients beforehand using the tag system, the user can then set the desired levels for the groups using a simple slider.
- Easy configuration
- Take over risk assessments
- Align security, performance and availability
In the platform, Enginsight consolidates the network attacks detected on all servers and clients. IP addresses, origin and attack vectors used can be viewed here. Each attack is rated according to urgency (high, medium, low).
In addition, Enginsight analyzes the stage the attacker has already reached: from information gathering, to trying to gain access, to spreading to other systems in the network. Responsible persons can be informed about critical conditions with an alarm.
- An overview of all attacks in the IT environment
- Analysis and evaluation of the attacks
- Inform responsible persons automatically
Customized whitelist entries can be used to define unusual but harmless behavior to ensure availability and smooth operation. For example, a whitelist entry is the right choice to allow the software component of Enginsight’s penetration testing to work properly. But other harmless activities on the network can also be handled specifically by IP address, attack vector, protocol and software.