CounterSnipe’s Active Protection System (APS) is Intrusion Detection and Prevention Software (IDS/IPS) with a number of additional network security management features. Once the software has been installed, the CounterSnipe implementation results in a powerful multimode IDS/IPS system that can be used either in Intrusion Detection (IDS) “online or tap mode” (listening passively to network traffic) or Intrusion Protection (IPS) “in-line mode”, (as a gateway through which all traffic must pass). Intrusion Prevention Systems (IPS) devices are deployed in-line to detect and drop any bad traffic, such as port scans, SQL injection attacks or other policy driven prohibitions.
CounterSnipe APS can be installed on a single piece of hardware and includes the Threat Management Console (TMC). Additional Active Protection Devices (APDs) can be remotely deployed and managed IDS/IPS devices in a multiple-node deployment.
The Active Protection System offers Enterprises a combination of Asset Management, Intrusion Detection and Prevention, Network Access Control (NAC) and always-on threat protection. APS is a cost effective solution for both enterprises and midmarket organizations, as its modular approach, flexible licensing and ease of upgrading, eliminates huge costs associated with dedicated appliances. Various modules from APS may be installed to fit an organizations current infrastructure, and expanded and/or reconfigured as the organizations’ needs change. All modules communicate with CounterSnipe’s Threat Management Console.
• Highly flexible deployments, requiring no modification to existing network infrastructure.
• Centralized Management (Threat Management Console)
• Automated Asset and Application Discovery & Change Monitoring
• End point discovery and blocking
• Active Port Scanning – manual or scheduled
• Malware Prevention
• Vulnerability Identification
• Application aware IPS Rule Set
• Automated risk data updates and auto deployment
• Intrusion Detection and Prevention (IDS/IPS) Event Analysis
• Discovery and removal of malicious data from your network.
• Data Loss Prevention with Forensics
• Common Vulnerability Exploit (CVE) Detection
• Event-Asset Vulnerability Correlation
• Intelligent Alert Management (missing or new asset alerts or threshold based)
CounterSnipe’s Threat Management Console (TMC) is the GUI front end for user administration and configuration functions. In a standalone single-hardware system, both the TMC and APD are installed on the same appliance. In multiple device deployments, TMC is used to manage any remote Active Protection Device (ADPs).
CounterSnipe’s Active Protection System takes in alerts from the IDS/IPS engine. It looks up the hosts/applications list. It logs the IDS/IPS alerts, but does not alert on them. It looks up the settings in the SAK (Surrounding Asset Knowledge Base) alert window, which assesses:
• the location of the attack (internal network or external network)
• source of the attack
• type of the attack
• destination of the attack
• application at the destination
• severity of the attack
• criticality of the vulnerability present in the application