Technology
Microfine™ Granularity
Adaptive Threshold Estimation
Virtual Identifiers
Scan Prevention
Source Tracking
Protocol Anomaly
Custom ASICs
White Papers
FAQs
Overview Presentation
DoS Articles
 

Why Buy IntruGuard Products?

You can Centralize monitoring

IntruGuard appliances allow you to centrally monitor all DDoS events and traffic.
You can use SNMP, Cacti, MRTG to monitor traffic and attack levels and attack events.
You can configure Syslog to get all attack events on a centralized server as well.


You can understand normal network traffic patterns

IntruGuard appliances allow you to get extremely granular visibility into your network traffic. They give you a 12 month round robin view of what normal traffic looks like and incorporate this information into a correlation engine for threat detection, alerts, and reporting


You get DDoS-specific alerting, logging, & reporting

IntruGuard appliances give you a threshold based alerting mechanism for DDoS specific events. You can set threshold for different people to get alerts depending on the quantum of attack. All these attacks are logged in a database which can be queried for Top Attacks, Top Attackers, Top Attacked Destination, etc. In addition, you can create custom queries in your custom applications/reports.

You can use Layered Filtering

IntruGuard appliances filter traffic in layers as they inspect incoming packets using dynamic profiling (based on monitoring and analysis of normal behavior), anti-spoofing algorithms, and other technology to progressively filter harmful traffic upstream of the network.

You can forward legitimate traffic to the network with minimal latency

Even during attack, IntruGuard appliances maintain a latency under 50 micro seconds.
These appliances are built using application specific hardware logic and do not run on Intel or AMD CPUs.

You can apply filters at multiple levels of the OSI stack

IntruGuard appliance hardware logic operates at Layer 2, 3, 4 and 7 of OSI stack. They selectively mitigate attacks at highest possible layer so that attacks are stopped at most specific layer. This reduces the false positives.

You can rate limit traffic, as needed

IntruGuard appliances can rate limit traffic at multiple granular levels.
You can set the rate limits on concurrent connections/source, concurrent connections/destinations, packets/source/second, SYN packets/source/second, etc. There are thousands of such thresholds for rate limits.

You will be able to change and customize filters quickly

IntruGuard appliances give you a command line interface that you can program quickly using your own scripts running on external servers with data from app server, database servers etc. Such scripts can customized filters quickly

You will be able to enhance rule sets over time

IntruGuard appliances give you the ability to start with a very simple rule set to begin with. As time passes, you can tune these rulesets to improve DDoS mitigation.
In addition, the appliance learns traffic pattern, base, trend and seasonality and adjusts some of the parameters automatically as well.

You will build in scalability

IntruGuard appliances start at 100 Mbps Full Duplex for smaller networks. They can go up to 1 Gbps Full Duplex performance today. You can start of 4 virtualized policies to have independent subnets protected with independent policies. You can grow up to 8 policy sets over time.

You will build in redundancy

IntruGuard appliances can be used in active-active failover configuration to protect multiple links. The higher end models have redundant hard-disk arrays and redundant power supply. By using a bypass switch for failover you can ensure connectivity even during power failure.

 

Why You Should Not Buy Other Products?