* NeoWatcher@ ESM
| Overview |
NeoWatcher@ESM, a network-based intrusion detection system, provides an overall strategy to enhance enterprise-wide security by offering blueprints, as well as detailed information in order to deal with potential attack attempts over the Internet or other networks. NeoWatcher@ESM detects intrusions over the network and responds without reducing network speed.
In addition, to support wide area networks, it allows detailed environment configuration, supports multiple Intrusion Detection Engines, and provides integrated security management functions with Secuplat Manager.
- Features
NeoWatcher@ESM provides an overall strategy to enhance enterprise-wide security. It offers blueprints, as well as detailed information to deal with potential attack attempts over the Internet or other networks.
- stateful Inspection
- Stealth Monitoring
- Application-layer analysis
- DoS, DDoS Detection
- Buffer Overflow Detection
- Email, Messenger, FTP Monitoring
- Real-time Session Monitoring
- SSL support
- Secure Data Communication
- Self-Guard
• Innovative Technologies
- The installation of multiple agents is allowed to monitor and control internal network through sub-networks,
and diverse control functions without network delay.
- The information from multiple agents is collected to provide consistently within a wide area network.
• Enhanced Security
- NeoWatcher@ESM provides functions to collect intrusion related information, alarm intrusion, and restrict
network access to protect a server from external and internal attacks.
- NeoWatcher@ESM provides the best strategies to enhance security in an Internet business environment with
an easy-to-use interface, intrusion detection, intrusion interception, intrusion alarm, and intrusion log functions.
NeoWatcher@ESM is intended for entities that require superior network security, such as: security auditors,
security consultants, security law enforcement offices, large enterprises, ISPs, training institutes, and
government agencies.
| Functions |
NeoWatcher@ESM provides the following functions: network monitoring, intrusion detection, and response to intrusion of a network.
- Detection of intrusion
- Detection of illegal access attempts based on security policy
- Restriction of communication protocol or service over the network such as Telnet, FTP, or HTTP service
- Diverse responses to intrusion attempts
• Intrusion Detection
NeoWatcher@ESM, equipped with over 1300 types of intrusion data, can detect hundreds of types of intrusion attempts derived from actual intrusion patterns. Various types of invasion detection provided by NeoWatcher@ESM can be classified into the following four types:
- Detection of sub-network protocol attack attempts using diverse and sensitive intrusion Detection Engine.
- Detection of denial of Service (DoS) attack attempts using the richest information of this type of attack
attempt in currently available products.
- Detection of super user privilege acquisition of a system user.
- Detection of non-generalized intrusion attempts such as access attempts of a specific user, access attempts
to a specific server, and access attempts to a specific service with user-defined functions.
Security policy activation can also be configured based on a specified period of time.
• Response to Intrusion Attempts
NeoWatcher@ESM responds to detected intrusion attempts and activities that violate specified security policies with diverse response procedures. Responses to intrusion attempts include the following operations.
- Close intrusion related sessions
- Send alarm message to cellular phone
- Send alarm via E-mail
- Record alarm in NT event log
- Save intrusion related information in a database
• Intrusion Interception
NeoWatcher@ESM can interrupt access to a specific server or service from a specific user. Interruptible services are as follows.
- E-Mail (POP, IMAP, SMTP)
- Web Browsing (HTTP)
- News (NNTP)
- Telnet
- FTP
- NFS
- Other: All TCP/IP-based services
