The Net-IPS IntruPro platform represents the next generation in intrusion prevention systems and is based on Intoto's unique application-aware Inline IPS appliance. The Net-IPS IntruPro appliance platform includes integrated sensor software, a sophisticated management package and online real-time signature updates. Net-IPS IntruPro is tested and certified by NSS, a leading independent security products testing organization.

Net-IPS IntruPro's inline IPS appliance employs stateful application engines and a combination of advanced detection techniques, enabling highly accurate intrusion detection with a minimum of false alarms. The inline IPS appliance provides both intrusion detection and intrusion prevention, and enables greater accuracy and higher performance than traditional IPS systems.

Net-IPS IntruPro sensor software (integrated in the appliance)

• Advanced detection techniques with stateful application intelligence
• Configurable intrusion prevention capabilities
• Hardware acceleration support for high performance

• Comprehensive configuration capabilities with support for multiple appliances
• Real time monitors and alert functionality
• Extensive reporting capabilities

• Real-time signature updates
• Provides centralized provisioning capabilities

• Raw packet analysis
• Context based packet analysis

• Reduces false alarms by signature detection based on the state of the connection

• Port scan detection
• Probe detection
• OS finger printing

• Pattern less attack detection (ICMP, UDP Smurf, DNS spoofing)

• Rules classification based on intrusion family and protocol category
• Application of selected rules based on the multiple sensors

• Configurable alert generation for event notification
• Real time attack graphs to monitor intrusions

• Report generation based on user configured parameters
• Intuitive charts and logs for forensic analysis

• Reduced false alarms with stateful application engine
• IPS signatures detection and prevention based on
  • Raw packet analysis
  • Context based packet analysis
  • Application intelligence

• Traffic anomaly
  • Port scan detection, probe detection
  • OS finger printing
  • Attacks spanning across multiple connections
• Protocol anomaly
  • Pattern-less attack detection (ICMP, UDP Smurf, DNS spoofing)

• URL encoding (Unicode processing)
• Reverse traversal, self-referencing directories
• Parameter hiding, multiple slashes
• Premature request ending, mis-formatting
• DOS directory syntax, case sensitivity
• TCP session splicing, fragmentation, null method processing

• Defense for over 60 DoS attacks ( a complete list of these attacks can be provided upon request)

• Inline IPS Manager
• Dynamic rule updates
• API definition and interface for custom management interface
  • Add/delete/get statistics on rule
• Global statistics
  • Number of intrusions
  • Number of intrusions prevented
  • Alerts
  • Logs

• Reports generation based on different selectors such as, priority, attack time and attack family
• CVE ID's in the log message for identification using third party tools