IntruGuard Products
Products Overview
Key Capabilities
Benefits
Technical Specs
Product Datasheet
 

Request Further Information

Click the icon below to:
  • Request a price quotation.
  • Request Competitive Analysis of DDoS mitigation solutions available in the market.
  • Request a Webinar.
  • Request a technical call to discuss your DDoS mitigation needs.
Request Further Information from IntruGuard

IntruGuard Products

IG200

IG200 is IntruGuard's entry level Network Behavior Analysis (NBA) System for Enterprise Data Centers and Service Providers.  It supports 100 Mbps full duplex line-rate. To protect the customer's investment, through a license upgrade, this appliance can be field-upgraded to support up to 2000 Mbps and 8 VIDs.

 

IntruGuard IG200

There is a version of IG200 that you can buy through our website: IG200L-4. Configured for four Virtual Identifiers (VID). 100 Mbps Full Duplex version. 1-U Appliance. The above appliances can be licensed for up to 8 VIDs and 1000 Mbps Full Duplex capacity should you require them, at an additional license fee.

IG2000

IG2000 is IntruGuard's premium NBA system for Enterprise Data Centers and Service Providers.  It supports 1000 Mbps full duplex line-rate.

IntruGuard IG2000

For buying IntruGuard products, please contact sales@intruguard.com

Feature Analysis of IG200-L, IG200-H, IG200-U and IG2000, IG2000-U

(Differences are highlighted)

Feature

IG200-L

IG200-H/IG200-U

IG2000, IG2000-U

Submodels

IG200-L-4

IG200-L-8

IG200-H-4 IG200-U-4

IG200-H-8 IG200-U-8

IG2000-4, IG2000-U-4

IG2000-8, IG2000-U-8

Packet Inspection Technology

Granular Packet Inspection

Stateful Analysis Firewall

Chip(ASIC, FPGA)

Continuous, Adaptive rate limiting

 

Granular Packet Inspection

Stateful Analysis Firewall

Chip(ASIC, FPGA)

Continuous, Adaptive rate limiting

 

Granular Packet Inspection

Stateful Analysis Firewall

Chip(ASIC, FPGA)

Continuous, Adaptive rate limiting

 

Multi-Verification Process

• Dynamic Filtering
• Active Verification
• Anomaly Recognition
• Protocol Analysis
• Rate Limiting
• White-list, Black-list, Non-tracked subnets

• Geo-location based ACL
• State Anomaly Recognition
• Stealth Attack filtering
• Dark address scan prevention
• Source Tracking
• Legitimate IP address Matching (for anti-spoofing)

• Dynamic Filtering
• Active Verification
• Anomaly Recognition
• Protocol Analysis
• Rate Limiting
• White-list, Black-list, Non-tracked subnets

• Geo-location based ACL
• State Anomaly Recognition
• Stealth Attack filtering
• Dark address scan prevention
• Source Tracking
• Legitimate IP address Matching (for anti-spoofing)

• Dynamic Filtering
• Active Verification
• Anomaly Recognition
• Protocol Analysis
• Rate Limiting
• White-list, Black-list, Non-tracked subnets

• Geo-location based ACL
• State Anomaly Recognition
• Stealth Attack filtering
• Dark address scan prevention
• Source Tracking
• Legitimate IP address Matching (for anti-spoofing)

Flood Prevention Schemes

• SYN Cookie, ACK Cookie, SYN Retransmission

• Geo-location based ACL
• Connection Limiting
• Aggressive Aging
• Legitimate IP Address Matching
• Source Rate Limiting
• Source Tracking
• Granular Rate-limiting

• SYN Proxy, ACK Cookie, SYN Retransmission

• Geo-location based ACL
• Connection Limiting
• Aggressive Aging
• Legitimate IP Address Matching
• Source Rate Limiting
• Source Tracking
• Granular Rate-limiting

• SYN Proxy, ACK Cookie, SYN Retransmission

• Geo-location based ACL
• Connection Limiting
• Aggressive Aging
• Legitimate IP Address Matching
• Source Rate Limiting
• Source Tracking
• Granular Rate-limiting

Packet Inspection Depth

Layer 3, Layer 4, Layer 7

 

Layer 3, Layer 4, Layer 7

Layer 3, Layer 4, Layer 7

Layer 3 Floods Handled

Protocol Flood (all 256), Fragment Flood, Source Flood, Destination Flood, Dark Address Scan

Protocol Flood (all 256), Fragment Flood, Source Flood, Destination Flood, Dark Address Scan

Protocol Flood (all 256), Fragment Flood, Source Flood, Destination Flood, Dark Address Scan

Layer 4 Floods Handled

TCP Ports  (all 64K), UDP Ports (all 64K), ICMP Type/Codes (all 64K),. Port Scan, Connection Flood, SYN Flood,

Excessive SYNs/Source/Second, Excessive Connections Establishment/second, Zombie Flood, Excessive Connection/Source flood, Excessive Connections/Destination flood, TCP state violation floods

TCP Ports  (all 64K), UDP Ports (all 64K), ICMP Type/Codes (all 64K), Connection Flood, SYN Flood,

Excessive SYNs/Source/Second, Excessive Connections Establishment/second, Zombie Flood, Excessive Connection/Source flood, Excessive Connections/Destination flood, TCP state violation floods

TCP Ports  (all 64K), UDP Ports (all 64K), ICMP Type/Codes (all 64K),Connection Flood, SYN Flood,

Excessive SYNs/Source/Second, Excessive Connections Establishment/second, Zombie Flood, Excessive Connection/Source flood, Excessive Connections/Destination flood, TCP state violation floods

Layer 7 Floods Handled

Opcode Flood, HTTP URL GET Flood,Cookie Flood, User-agent flood, Hostname Flood, Referer Flood, Associated Resource Access, Mandatory HTTP Headers, Too many URLs/Source

 

Opcode Flood, HTTP URL GET Flood,Cookie Flood, User-agent flood, Hostname Flood, Referer Flood, Associated Resource Access, Mandatory HTTP Headers, Too many URLs/Source

Opcode Flood, HTTP URL GET Flood, Cookie Flood, User-agent flood, Hostname Flood, Referer Flood, Associated Resource Access, Mandatory HTTP Headers, Too many URLs/Source

Realtime diagnostics

Top 100 Servers
Top 100 Tuples

Top 100 Ports, URLs, User-Agents, Hosts, Referers

Top 100 Currently Denied Sources

Top 100 Sources

Top 100 Servers
Top 100 Tuples

Top 100 Ports, URLs, User-Agents, Hosts, Referers

Top 100 Currently Denied Sources

Top 100 Sources

Top 100 Servers
Top 100 Tuples

Top 100 Ports, URLs, User-Agents, Hosts, Referers

Top 100 Currently Denied Sources

Top 100 Sources

Visibility, ACLs, Bandwidth Controls

Yes

Yes

Yes

Traffic and Event Analysis

Yes

Yes

Yes

Reconnaissance and

Header and State Anomaly Prevention

Yes

Yes

Yes

No. of Virtual Identifiers

4, 8

4, 8

4, 8

Aggregate Throughput

200 Mbps (100 Mbps Full Duplex)

2000 Mbps (1000 Mbps Full Duplex)

2000 Mbps (1000 Mbps Full Duplex)

Simultaneous Connections

1,000,000

1,000,000

1,000,000

Session Setup/Teardown Rate

100,000/second

100,000/second

100,000/second

SYN Flood Handling capacity

300,000/second

3,000,000/second

3,000,000/second

Latency

Under 50 microseconds

Under 50 microseconds

Under 50 microseconds

DDoS Attack Mitigation

Response Time

Under 2 seconds

Under 2 seconds

Under 2 seconds

Physical Interfaces

4x10/100 Mbps Copper

(2 can be used for HA or for Forensics)

1x10/100 Mbps Copper for Management

4x10/100/1000 Mbps Copper/fiber

(2 can be used for HA or for Forensics)

1x10/100 Mbps Copper for Management

4x10/100/1000 Mbps Copper/fiber

(2 can be used for HA or for Forensics)

1x10/100 Mbps Copper for Management

Redundancy

Single Power Supply
Single Hard Disk

Single Power Supply
Single Hard Disk

Redundant Power Supply Redundant Hard Disks

Propgate Link State Change (PLSC)/ Link Down Synchronization

 Yes Yes Yes

Chassis

2-U rack mountable

2-U rack mountable

2-U rack mountable

Field Upgradability

Can be upgraded in field through a license file to support 2000  Mbps (1000 Mbps Full Duplex) and up to 8 VIDs

Can be upgraded in field through a license file to support up to 8 VIDs

Can be upgraded in field through a license file to support up to 8 VIDs

Management

SSL Management, CLI

SSL Management, CLI

SSL Management, CLI

Centralized Event Reporting

GUI, SNMP, Email/Pager

Support for MRTG, Cacti

GUI, SNMP, Email/Pager

Support for MRTG, Cacti

GUI, SNMP, Email/Pager

Support for MRTG, Cacti
Audit and Access Trails Login trail, GUI access trail, Audit trail for configuration changes Login trail, GUI access trail, Audit trail for configuration changes Login trail, GUI access trail, Audit trail for configuration changes
Links Protected One Internet Link is protected by default. Second link is protected on payment of additional license fees. One Internet Link is protected by default. Second link is protected on payment of additional license fees. One Internet Link is protected by default. Second link is protected on payment of additional license fees.
Country Based Access Control List (Coming soon) Deny packets from one or more countries or simply allow traffic from countries that you want. Deny packets from one or more countries or simply allow traffic from countries that you want. Deny packets from one or more countries or simply allow traffic from countries that you want.

 

Capacity Analysis of IG200-L, IG200-H, IG200-U and IG2000, IG2000-U

(Differences are highlighted).

Model

Feature

 IG200-L-4 IG200-L-8
IG200-H-4 IG200-H-8 IG200-U-4

IG200-U-8

 IG2000-4 IG2000-8 IG2000-U-4 IG2000-U-8
Power Supply Single Single Single Single Single Single Redundant Redundant Redundant Redundant
Hard Disk Single Single Single Single Single Single Redundant Redundant Redundant Redundant
Hard Disk Space (GB) 750 750 750 750 750 750 750 750 750 750
Interface speed Mbps 100 100 1000 1000 1000 1000 1000 1000 1000 1000
Interface Type Copper Copper

Copper

+ Optional Fiber

Copper

+ Optional Fiber

Copper

+ Optional Fiber

Copper

+ Optional Fiber

Copper

+ Optional Fiber

Copper

+ Optional Fiber

Copper

+ Optional Fiber

Copper

+ Optional Fiber

Packets per second handling capability under attack 300 K PPS 300 K PPS 3 M PPS 3 M PPS 3 M PPS 3 M PPS 3 M PPS 3 M PPS 3 M PPS 3 M PPS
Attack Mitigation Time <2 seconds <2 seconds <2 seconds <2 seconds <2 seconds <2 seconds <2 seconds <2 seconds <2 seconds <2 seconds

VIDs

(Independent policy sets)

4 8 4 8 4 8 4 8 4 8
Networks/ VID 64 64 64 64 512 512 64 64 512 512

Dark Address Subnets

(for blocking continents, countries, subnets)

64 64 64 64 512 512 64 64 512 512

Non-tracked Subnets

(For whitelisting networks)

64 64 64 64 512 512 64 64 512 512
No. of Sources monitored 1M 1M 1M 1M 1M 1M 1M 1M 1M 1M
No. of Destinations monitored 1M 1M 1M 1M 1M 1M 1M 1M 1M 1M

No. of Concurrent Connections monitored

1M 1M 1M 1M 1M 1M 1M 1M 1M 1M
No. of concurrent three-way handshakes monitored 2M 2M 2M 2M 2M 2M 2M 2M 2M 2M
No. of TCP/UDP ports , ICMP type/code combinations monitored 64Kx4 64Kx8 64Kx4 64Kx8 64Kx4 64Kx8 64Kx4 64Kx8 64Kx4 64Kx8

Layer 7 Floods

HTTP URLs tracked

8,192x4 8,192x8 8,192x4 8,192x8 65,536x4 65,536x8 8,192x4 8,192x8 65,536x4 65,536x8

Layer 7 Floods

Cookie Flood, User-agent flood, Hostname Flood, Referer Flood

64x4 64x8 64x4 64x8 512x4 512x8 64x4 64x8 512x4 512x8

Upgrade Paths Available Through License (Remote upgrade based on additional payments)

Following license upgrades can protect your initial investment as the appliances can be remotely upgraded to increase their functionality and performance.

Starting Model Upgraded Model
IG200-L-4 (4 VID, 100 Mbps full duplex) IG200-L-8 (8 VID, 100 Mbps full duplex)
IG200-L-4 (4 VID, 100 Mbps full duplex) IG200-H-4 (4 VID, 1000 Mbps full duplex)
IG200-L-4 (4 VID, 100 Mbps full duplex) IG200-H-8 (8 VID, 1000 Mbps full duplex)
IG200-H-4 (4 VID, 1000 Mbps full duplex) IG200-H-8 (8 VID, 1000 Mbps full duplex)
IG200-U-4 (4 VID, 1000 Mbps full duplex, higher capacity) IG200-U-8 (8 VID, 1000 Mbps full duplex, higher capacity)
IG2000-4 (4 VID, 1000 Mbps full duplex, redundant hardware) IG2000-8 (8 VID, 1000 Mbps full duplex, redundant hardware)
IG2000-U-4 (4 VID, 1000 Mbps full duplex, higher capacity, redundant hardware) IG2000-U-8 (8 VID, 1000 Mbps full duplex, higher capacity, redundant hardware)

Comparative Analysis of DDoS Mitigation Solutions

Ask us for a comparative study with all the vendors in the DDoS mitigation space. You will learn the advantages and disadvantages of deploying each solution. The study includes Cisco, Top Layer, Radware, and Riorey among others.

See also:

Frequently Asked Questions About DDoS, Botnets and IntruGuard

5 Steps to Website Security

Customer Testimonials

White Papers on DDoS mitigation

Seven Fundamental (Really!) Criteria For DDoS Mitigation

Granual Packet Inspection for DDoS Mitigation