* NeoGuard@ ESM

| Overview |

NeoGuard@ESM, a server-based intrusion detection system, adopts misuse detection to detect illegal access attempts that firewall or network-based intrusion detection systems cannot. It provides detailed information on individual hosts in internal computer networks and provides effective response procedures in order to enhance the stability of a server.

NeoGuard@ESM requires minimal system resources, supports up-to-date OS versions, detects various misuse attempts, and enables a prompt response to illegal access attempts.

- Features
NeoGuard@ESM detects various kinds of illegal access attempts such as Buffer Overflow, Race Condition, and malicious file handling.

NeoGuard@ESM detects internal intrusion attempts that firewall or network-based intrusion detection systems cannot, enables direct response such as process termination to intercept the intrusion attempts.

NeoGuard@ESM requires minimal system resources so it does not affect system performance.


| Functions |

• Real-time intrusion detection
NeoGuard@ESM detects intrusion based on audit data generated by the operating system in real-time.

• Direct and Fundamental Response
NeoGuard@ESM provides automatic responses to detected intrusion attempts based on pre-determined rules and sends an alarm message to the administrator via E-mail or SMS.

• System Resource Usage Monitoring
NeoGuard@ESM monitors system resource usage of corresponding computers in real-time to determine whether a particular computer is overloaded.

• User-Defined Intrusion Detection Rule Configuration
NeoGuard@ESM enables users to configure intrusion detection rules for the specific environment.