Free Trial
Price Quote
866-670-5554


CounterSnipe Technology

Active Protection System (APS) Version 8

counersnipe-logo-t.png

CounterSnipe’s Active Protection System (APS) Version 8, released in April 2015, is a state-of-the-industry IDS/IPS System that leverages the Suricata Engine, the high performance scalability of the Ubuntu 14.04 (LTS) Operating System, and the incorporation of the Emerging Threats ET Pro Ruleset. This new development takes CounterSnipe to the forefront of Next Generation IDS/IPS technology to address ongoing information protection.

Suricata

suri-400x400
Suricata
is a high performance Network IDS/IPS Engine. Suricata gathers and compares all attack data within the database of rules and signatures and raises alerts accordingly.   Suricata’s multi-threaded architecture can support high performance multi-core and multi-processor systems.  The major benefit of a multi-threaded design is that it offers increased speed and efficiency in network traffic analysis and can also help divide the IDS/IPS workload, based on where the processing needs are. The engine is built to utilize the increased processing power offered by the latest multi-core CPU chip sets. Suricata is Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF).  Amar Rathore, SVP CounerSnipe is an OISF Board Member.

UBUNTU 14.04 LTS

logo-ubuntu_st_no®-black_orange-hex
UBUNTU 14.04 LTS
:  The Ubuntu Linux distribution is CounterSnipe’s Operating System of choice. Ubuntu 14.04. LTS is a long-term support release. It has continuous server hardware support improvements as well as guaranteed security and support updates until April 2019.

ETPRO™ RULESET

ETPRO™ RULESET:  Both IDS and IPS software appliances rely on a set of signatures/rules that define bad network traffic. Emerging Threats developed comprehensive IDS/IPS rules to combat Advanced Persistent Threats & Malware. The ETPro Ruleset Research Team pushes 20 to 30 new malware and vulnerability ruleset updates, each day, to CounterSnipe engines.   ETPro™ and the ET design are trademarks of Emerging Threats Pro, LLC.

Surrounding Asset Knowledge (SAK)

Surrounding Asset Knowledge (SAK):  CounterSnipe introduced a new capability called Surrounding Asset Knowledge (SAK).  Its purpose is to gather information about what hosts, applications and vulnerabilities are present on your network and to use this information to dramatically reduce the number of false and irrelevant alerts that might otherwise be generated for a given set of hosts and signatures. In practice, this is not so much about reducing the total number of events that you process, but about arranging for the alerts that are generated to be about actual exploits of installed software. This becomes even more important in the case of Intrusion Prevention Systems (IPS), where devices are deployed in-line to detect and drop any bad traffic such as port scans, SQL injection attacks or other policy driven prohibitions.

Asset Database

Asset Database:  This database contains a list of hosts detected on the network, applications detected on those hosts and, where relevant, information about whether the host is believed to be compromised and whether to suppress alerts for specific signatures. Hosts and applications can only enter the database through automatic detection, while the compromise flag and signature suppressions are set either automatically through alert handling, or by hand through the web interface where desired. The host database can be browsed by clicking on ’Hosts’ in the ’Analysis’ menu. In addition to providing access  to  the  accumulated  state  information that is used by the alert mitigator,  this interface provides a means to find a list of hosts on your network that are in urgent need of attention.

MAC Based Asset Blocking

MAC Based Asset Blocking:  Once enabled, this function will block any access by a MAC address that is not already known to the system. This is in addition to the IP based blocking.

AWS (Amazon Web Services)

AmazonWebservices_Logo.svg
AWS:
 CounterSnipe sensors for AWS will operate on any cloud based server, currently running on Centos or Ubuntu. The sensors are designed to monitor a single or multiple local interfaces for all network access to and from the AWS server, and report those logs back to a CounterSnipe APS.


© 2016 Secure InfoSolutions, LLC. All rights reserved.
Terms of Service
Privacy Policy