Intrusion Prevention System - NitroSecurity - Security Information & Event Management

NitroGuard integrates anomaly based detection with rule-based detection and direct network-to-event correlation, in order to provide broader and more accurate threat detection. In addition, NitroSecurity is an active Microsoft MAPP partner, providing advance rule updates to address Windows zero-day vulnerabilities and exploits.

This, combined with the strength of the NitroSecurity Threat Analysis Center (NTAC) allows NitroGuard to detect more threats with fewer false positives, and:

Maintain multiple simultaneous IDS and IPS policies from a single appliance
Facilitate policy tuning with "what if" scenario alerting
Correlate events to network and session activity using a built-in network flow collector & firewall
Utilize exploit, vulnerability & anomaly based detection
Act upon locally-detected threats or network-wide threats detected using optional NitroView appliances

10/100/1000 Mbps copper and both 1Gbps and 10Gbps fiber interfaces

NitroGuard IPS can connect in-line at almost any point in your network thanks to flexible Ethernet connectivity options from 10 Mbps to 10 Gbps, copper or fiber.

Built-in bypass for maximum network reliability

All NitroGuard IPS appliances include network bypass capability for maximum reliability.

Supports multiple policies, per physical or virtual interface

A single NitroGuard appliance can support multiple network segments, subnets, and VLANs simultaneously—and can enforce a different set of protection policies on each.

Captures network flows

While many routers can provide flow information, it's sometimes important to understand flow activity on the same segment as your IPS. That's why NitroGuard collects flow information natively, and correlates those flows to events.

Includes a built-in firewall with dynamic blacklisting capabilities

Using its included state-aware firewall, NitroGuard IPS can block all traffic based on IP address or port, in addition to the normal accept/reject/reset actions offered by most IPSs. These blacklists can operate dynamically to adapt the IPS' defenses to observed network activity.

Fully integrated with NitroView ESM

NitroGuard IPS is fully integrated with NitroView ESM, providing a central resource and interface for all IDS and IPS policies, and enabling all events to be correlated together, regardless of location.

NitroGuard's signature-based detection rules are continuously updated by the NitroSecurity Threat Analysis Center (NTAC), which combines in-house security research with the best outside experts available, including Microsoft's Active Protection Program (MAPP), which provides the NTAC with advanced notice of Windows vulnerabilities. All updates are automatically and securely distributed to active IPSs, ensuring that every NitroGuard is capable of detecting the latest exploits and zero-day threats.

All NitroGuard Intrusion Prevention Systems are fully managed by NItroView, meaning new rules can be centrally reviewed and then easily rolled out to NitroGuard devices. Updates can be performed globally, or to specific groups or even individual devices, making it easy to ensure that every NitroGuard IPS has the most up to date detection capabilities

Model	Description	Throughput	Interfaces
Dedicated NitroGuard IPS Appliances
NS-IPS-5450-R	NitroGuard IPS 5000, 3U IPS appliance supporting approximately 5 Gbps & 1.2m connections. Includes redundant power supply and network bypass capability.	5 Gbps	4 x 10Gbps fiber, or 12 x 1 Gbps copper
NS-IPS-4245-R	NitroGuard IPS 4000, 1U IPS appliance supporting approximately 2 Gbps & 1.2m connections. Includes redundant power supply and network bypass capability.	2 Gbps	2 or 4 x 1Gbps fiber, or 2, 4 or 8 x 1 Gbps copper
NS-IPS-2250-R	NitroGuard IPS 2000, 1U IPS appliance supporting approximately 750 Mbps & 1.2m connections. Includes redundant power supply and network bypass capability.	750 Mbps	2 or 4 x 1Gbps fiber, or 2, 4 or 8 x 1 Gbps copper
NS-IPS-2230-R	NitroGuard IPS 2000, 1U IPS appliance supporting approximately 500 Mbps & 1.2m connections. Includes redundant and network bypass capability.	500 Mbps	2 or 4 x 1Gbps fiber, or 2, 4 or 8 x 1 Gbps copper
NS-IPS-1225	NitroGuard IPS 1000, 1U IPS appliance supporting approximately 250 Mbps & 1.2m connections. Includes single power supply and network bypass capability.	250 Mbps	2 or 4 x 1Gbps fiber, or 2, 4 or 8 x 1 Gbps copper

NitroGuard IPS's intelligent Intrusion Detection and Prevention capabilities support a variety of a use cases, including:

Block unwanted ports and services
Detect malware and other malicious code
Detect network intrusions
Detect exploits / vulnerabilities
Detect advanced threats
Detect network anomalies
Identify open/in-use ports and services
Protect access to sensitive networks
Protect access to sensitive data

For more detail on popular use cases, please visit our Use Cases page, or Contact Us to arrange a personal webinar, and see how NitroView can meet your individual requirements.