NitroSecurity Solution Brochure (14.3 Mb)

Intrusion Prevention

NitroSecurity invented Snort-based Intrusion Protection: contributing a major advancement to Snort IDS that allowed the popular detection engine to operate as an IPS. Since then, NitroSecurity has branched from Snort, developing a custom IPS engine that surpasses open-source Snort in detection & prevention capabilities, as well as in performance.

Using our unsurpassed experience in Snort-based Intrusion Prevention, we've developed a custom engine and a custom set of powerful signatures, based upon our own in-depth vulnerability research. Every one of over 4,500 signatures is fine-tuned, taking advantage of NitroGuard's performance advantages to provide maximum protection against vulnerabilities, exploits, and other threats. New signatures are updated continually, and pushed to NitroGuard automatically, making it easy to stay current with the latest threats and vulnerabilities. We've also maintained full compatibility with the Snort signature syntax—allowing you to repurpose existing Snort signatures or create your own new rules with our integrated signature editor. With this degree of flexibility, NitroGuard is the ideal platform when migrating away from lower-performance Snort solutions.

Read more about the history of NitroGuard, and the benefits of the NitroGuard IPS engine.

Vendors that invested in their own primary vulnerability research, detection engines and signature creation fared best in our evaluation

Gartner, IPS Magic Quadrant, Feb. 2008

Beyond Snort

NitroGuard is more than a high-powered Intursion Detection and Prevention engine. NitroSecurity combined our experience with Snort (IDS) and Snort_inline (IPS) with new innovations in network security and data management to develop NitroGuard — a powerful network-based Intrusion Prevention System (IPS). These innovations include native network flow collection, flow/event correlation, anomaly detection, and a device manager that also happens to be a complete Security Information and Event Management system.

Benefits of NitroGuard:

  • A powerful, custom IPS engine, from the original developers of Snort_Inline. The engine provides performance improvements up to 250% over Snort.
  • A powerful and lean library of custom IPS signatures, tuned for performance, and fully editable using standard Snort syntax.
  • Virtual IPS support for signature flexibility and even greater performance. Virtual IPS allows each NitroGuard to run multiple simultaneous instances of the NitroGuard IPS engine, providing specific rule profiles to a network interface, a VLAN, or simply providing additional performance through multi-tasking.
  • Stealth operation, making NitroGuard invisible to intruders, providing added security
  • Integrated Network flow collection for network / event correlation.
  • On-board event and flow storage using the super-high-performance NitroEDB database
  • NitroView — the IPS manager that doubles as a full Unified Security Management system.

Innovations in IPS


Innovative Intrusion Prevention from the creators of Snort IPS

snort_inlineNitroSecurity created the first Snort-based IPS technology: Snort_Inline, which is widely used today. We've combined that experience with further innovations in IPS, as well in data collection, network flow, and security information analysis technology in order to provide a highly efficient, highly protective IPS. Interested in Snort_Inline? Visit them at Snort_Inline's SourceForge page.


Virtual IPS

snort_inlineNitroGuard is more than a powerful IPS — it's several powerful IPS's in one box. Using Virtual IPS technology, each NitroGuard can simultaneously operate individual IPS rule-sets across multiple physical gigabit Ethernet ports, or even by VLAN. Virtual IPS increases flexibility by applying specific rules to specific areas of the network, and also improves performance through multi-tasking.


Why use an IPS?

Intrusion Prevention Systems provide two important functions in your network:

  • to provide a solid line of defense, to detect and block attacks as they occur
  • to provide valuable data to a higher-level security management system such as NitroView ESM, for in depth forensic analysis

NitroSecurity's NitroGuard IPS is a powerful intrusion prevention system, which may be used on its own or tightly integrated with the NitroView Unified Security Management solution.

Deploying one or more NitroGuard IPS devices in your network can provide a critical defensive layer to your infrastructure. Every packet on the network will be inspected by the IPS, and compared against a set of security rules. NitroGuard supports a default set of over 4,500 unique security rules, with provisions to add new rules — providing a high level of protection.

Alone, NitroGuard supports:

  • Native flow collection
  • Virtual IPS operation
  • Highly-tuned rules to block:
    • Worms, Trojans, spyware and other malicious content
    • Port scans, buffer overflow, DoS, and other attacks
    • Protocol & traffic anomalies
    • Malformed traffic, Invalid headers, a fragmentation attacks
    • Obfuscations & evasions
    • Zero-day attacks
  • Built-in Analysis for:
    • Event Management
    • Anomaly Detection
    • Event & flow compression

When used with NitroGuard Database Activity Monitor (DBM), the system provides:

  • Edge-to-core network protection
    • Edge Defense - to prevent breaches at the network perimeter (IPS)
    • Network visibility - to catch anomalies and determine vectors through the trusted network(IPS)
    • Core Defense - to prevent breaches at the database itself (DBM)

    NitroSecurity's NitroGuard IPS also stores histories of security events as they occur, including relevant network information, any actions taken, and what time an event occurred. This information is useful when managing security events, performing forensic analysis of past events, or—perhaps more importantly—compiling security data for compliance audits, such as is demanded by PCI, HIPAA, SOX, and other industry regulations.

    When used with NitroView ESM, the total solution provides even more:

    • Simple management of rules across all NitroGuard IPS devices
    • Precise network- and event- information collection
    • Forensic analysis
    • Network flow analysis
    • Physical event mapping, pinpointing events within your network topology
    • Correlation of NitroGuard flow & event data to other host, application, and third party event data collected by NitroView receivers
    • Automated remediation, including black-list capabilities