|
|
IntruGuard Products
IG200
IG200 is IntruGuard's entry level Network Behavior Analysis (NBA) System for Enterprise Data Centers and Service Providers. It supports 100 Mbps full duplex line-rate. To protect the customer's investment, through a license upgrade, this appliance can be field-upgraded to support up to 2000 Mbps and 8 VIDs.
There is a version of IG200 that you can buy through our website: IG200L-4. Configured for four Virtual Identifiers (VID).
100 Mbps Full Duplex version. 1-U Appliance. The above appliances can be licensed for up to 8 VIDs and 1000 Mbps Full Duplex capacity should you require them, at an additional license fee.
IG2000
IG2000 is IntruGuard's premium NBA system for Enterprise Data Centers and Service Providers. It supports 1000 Mbps full duplex line-rate.
For buying IntruGuard products, please contact sales@intruguard.com
Feature Analysis of IG200-L, IG200-H, IG200-U and IG2000, IG2000-U
Feature |
IG200-L |
IG200-H/IG200-U |
IG2000, IG2000-U |
| Submodels |
IG200-L-4
IG200-L-8 |
IG200-H-4 IG200-U-4
IG200-H-8 IG200-U-8
|
IG2000-4, IG2000-U-4
IG2000-8, IG2000-U-8 |
Packet Inspection Technology |
Granular Packet Inspection
Stateful Analysis Firewall
Chip(ASIC, FPGA)
Continuous, Adaptive rate limiting
|
Granular Packet Inspection
Stateful Analysis Firewall
Chip(ASIC, FPGA)
Continuous, Adaptive rate limiting
|
Granular Packet Inspection
Stateful Analysis Firewall
Chip(ASIC, FPGA)
Continuous, Adaptive rate limiting
|
Multi-Verification Process |
• Dynamic Filtering
• Active Verification
• Anomaly Recognition
• Protocol Analysis
• Rate Limiting
• White-list, Black-list, Non-tracked subnets
• State Anomaly Recognition
• Stealth Attack filtering
• Dark address scan prevention
• Source Tracking
• Legitimate IP address Matching (for anti-spoofing)
|
• Dynamic Filtering
• Active Verification
• Anomaly Recognition
• Protocol Analysis
• Rate Limiting
• White-list, Black-list, Non-tracked subnets
• State Anomaly Recognition
• Stealth Attack filtering
• Dark address scan prevention
• Source Tracking
• Legitimate IP address Matching (for anti-spoofing)
|
• Dynamic Filtering
• Active Verification
• Anomaly Recognition
• Protocol Analysis
• Rate Limiting
• White-list, Black-list, Non-tracked subnets
• State Anomaly Recognition
• Stealth Attack filtering
• Dark address scan prevention
• Source Tracking
• Legitimate IP address Matching (for anti-spoofing)
|
Flood Prevention Schemes |
• SYN Proxy
• Connection Limiting
• Aggressive Aging
• Legitimate IP Address Matching
• Source Rate Limiting
• Granular Rate-limiting
|
• SYN Proxy
• Connection Limiting
• Aggressive Aging
• Legitimate IP Address Matching
• Source Rate Limiting
• Granular Rate-limiting
|
• SYN Proxy
• Connection Limiting
• Aggressive Aging
• Legitimate IP Address Matching
• Source Rate Limiting
• Granular Rate-limiting
|
Packet Inspection Depth |
Layer 2, Layer 3, Layer 4, Layer 7
|
Layer 2, Layer 3, Layer 4, Layer 7 |
Layer 2, Layer 3, Layer 4, Layer 7 |
Layer 2 Floods Handled |
ARP, RARP, Multicast, Broadcast, VLAN, Double Encapsulated VLAN floods
|
ARP, RARP, Multicast, Broadcast, VLAN, Double Encapsulated VLAN floods
|
ARP, RARP, Multicast, Broadcast, VLAN, Double Encapsulated VLAN floods
|
Layer 3 Floods Handled |
Protocol Flood (all 256), Options Flood (32), Fragment Flood, Source Flood, Destination Flood, TOS (all 256), Network Scan, Dark Address Scan |
Protocol Flood (all 256), Options Flood (32), Fragment Flood, Source Flood, Destination Flood, TOS (all 256), Network Scan, Dark Address Scan |
Protocol Flood (all 256), Options Flood (32), Fragment Flood, Source Flood, Destination Flood, TOS (all 256), Network Scan, Dark Address Scan |
Layer 4 Floods Handled |
TCP Ports (all 64K), UDP Ports (all 64K), ICMP Type/Codes (all 64K),. TCP Options (32), Port Scan, Connection Flood, SYN Flood,
Excessive SYNs/Source/Second, Excessive Connections Establishment/second, Zombie Flood, Excessive Connection/Source flood, Excessive Connections/Destination flood, TCP state violation floods |
TCP Ports (all 64K), UDP Ports (all 64K), ICMP Type/Codes (all 64K),. TCP Options (32), Port Scan, Connection Flood, SYN Flood,
Excessive SYNs/Source/Second, Excessive Connections Establishment/second, Zombie Flood, Excessive Connection/Source flood, Excessive Connections/Destination flood, TCP state violation floods |
TCP Ports (all 64K), UDP Ports (all 64K), ICMP Type/Codes (all 64K),. TCP Options (32), Port Scan, Connection Flood, SYN Flood,
Excessive SYNs/Source/Second, Excessive Connections Establishment/second, Zombie Flood, Excessive Connection/Source flood, Excessive Connections/Destination flood, TCP state violation floods |
| Layer 7 Floods Handled |
Opcode Flood, HTTP URL Flood
|
Opcode Flood, HTTP URL Flood |
Opcode Flood, HTTP URL Flood |
| Realtime diagnostics |
Top 100 Servers
Top 100 Tuples
Top 100 Ports
Top 100 Currently Denied Sources
Top 100 Sources |
Top 100 Servers
Top 100 Tuples
Top 100 Ports
Top 100 Currently Denied Sources
Top 100 Sources |
Top 100 Servers
Top 100 Tuples
Top 100 Ports
Top 100 Currently Denied Sources
Top 100 Sources |
Visibility, ACLs, Bandwidth Controls |
Yes |
Yes |
Yes |
Traffic and Event Analysis |
Yes |
Yes |
Yes |
Reconnaissance and
Header and State Anomaly Prevention |
Yes |
Yes |
Yes |
No. of Virtual Identifiers |
4, 8 |
4, 8 |
4, 8 |
Aggregate Throughput |
200 Mbps
(100 Mbps Full Duplex) |
2000 Mbps
(1000 Mbps Full Duplex) |
2000 Mbps
(1000 Mbps Full Duplex) |
Simultaneous Connections |
1,000,000 |
1,000,000 |
1,000,000 |
Session Setup/Teardown Rate |
100,000/second |
100,000/second |
100,000/second |
SYN Flood Handling capacity |
300,000/second |
3,000,000/second |
3,000,000/second |
Latency |
Under 50 microseconds |
Under 50 microseconds |
Under 50 microseconds |
DDoS Attack Mitigation
Response Time |
Under 2 seconds |
Under 2 seconds |
Under 2 seconds |
Physical Interfaces |
4x10/100 Mbps Copper
(2 can be used for HA or for Forensics)
1x10/100 Mbps Copper for Management |
4x10/100/1000 Mbps Copper/fiber
(2 can be used for HA or for Forensics)
1x10/100 Mbps Copper for Management |
4x10/100/1000 Mbps Copper/fiber
(2 can be used for HA or for Forensics)
1x10/100 Mbps Copper for Management |
Redundancy |
Single Power Supply
Single Hard Disk |
Single Power Supply
Single Hard Disk |
Redundant Power Supply Redundant Hard Disks |
Propgate Link State Change (PLSC)/ Link Down Synchronization
|
Yes |
Yes |
Yes |
Chassis |
2-U rack mountable |
2-U rack mountable |
2-U rack mountable |
Field Upgradability |
Can be upgraded in field through a license file to support 2000 Mbps (1000 Mbps Full Duplex) and up to 8 VIDs |
Can be upgraded in field through a license file to support up to 8 VIDs |
Can be upgraded in field through a license file to support up to 8 VIDs |
Management |
SSL Management, CLI |
SSL Management, CLI |
SSL Management, CLI |
Centralized Event Reporting |
GUI, SNMP, Email/Pager
Support for MRTG, Cacti |
GUI, SNMP, Email/Pager
Support for MRTG, Cacti |
GUI, SNMP, Email/Pager
Support for MRTG, Cacti |
| Audit and Access Trails |
Login trail, GUI access trail, Audit trail for configuration changes |
Login trail, GUI access trail, Audit trail for configuration changes |
Login trail, GUI access trail, Audit trail for configuration changes |
| Links Protected |
One Internet Link is protected by default. Second link is protected on payment of additional license fees. |
One Internet Link is protected by default. Second link is protected on payment of additional license fees. |
One Internet Link is protected by default. Second link is protected on payment of additional license fees. |
Capacity Analysis of IG200-L, IG200-H, IG200-U and IG2000, IG2000-U
Model
Feature |
IG200-L-4 |
IG200-L-8
|
IG200-H-4 |
IG200-H-8 |
IG200-U-4 |
IG200-U-8
|
IG2000-4 |
IG2000-8 |
IG2000-U-4 |
IG2000-U-8 |
| Power Supply |
Single |
Single |
Single |
Single |
Single |
Single |
Redundant |
Redundant |
Redundant |
Redundant |
| Hard Disk |
Single |
Single |
Single |
Single |
Single |
Single |
Redundant |
Redundant |
Redundant |
Redundant |
| Hard Disk Space (GB) |
250 |
250 |
250 |
250 |
250 |
250 |
250 |
250 |
750 |
750 |
| Interface speed |
100 |
100 |
1000 |
1000 |
1000 |
1000 |
1000 |
1000 |
1000 |
1000 |
| Interface Type |
Copper |
Copper |
Copper
+ Optional Fiber |
Copper
+ Optional Fiber |
Copper
+ Optional Fiber |
Copper
+ Optional Fiber |
Copper
+ Optional Fiber |
Copper
+ Optional Fiber |
Copper
+ Optional Fiber |
Copper
+ Optional Fiber |
| Packets per second handling capability under attack |
300 K PPS |
300 K PPS |
3 M PPS |
3 M PPS |
3 M PPS |
3 M PPS |
3 M PPS |
3 M PPS |
3 M PPS |
3 M PPS |
| Attack Mitigation Time |
<2 seconds |
<2 seconds |
<2 seconds |
<2 seconds |
<2 seconds |
<2 seconds |
<2 seconds |
<2 seconds |
<2 seconds |
<2 seconds |
VIDs
(Independent policy sets) |
4 |
8 |
4 |
8 |
4 |
8 |
4 |
8 |
4 |
8 |
| Networks/ VID |
64 |
64 |
64 |
64 |
512 |
512 |
64 |
64 |
512 |
512 |
Dark Address Subnets
(for blocking continents, countries, subnets) |
64 |
64 |
64 |
64 |
512 |
512 |
64 |
64 |
512 |
512 |
Non-tracked Subnets
(For whitelisting networks) |
64 |
64 |
64 |
64 |
512 |
512 |
64 |
64 |
512 |
512 |
| HTTP URLs tracked |
8,192x4 |
8,192x8 |
8,192x4 |
8,192x8 |
65,536x4 |
65,536x8 |
8,192x4 |
8,192x8 |
65,536x4 |
65,536x8 |
| No. of Sources monitored |
1M |
1M |
1M |
1M |
1M |
1M |
1M |
1M |
1M |
1M |
| No. of Destinations monitored |
1M |
1M |
1M |
1M |
1M |
1M |
1M |
1M |
1M |
1M |
No. of Concurrent Connections monitored
|
1M |
1M |
1M |
1M |
1M |
1M |
1M |
1M |
1M |
1M |
| No. of concurrent three-way handshakes monitored |
2M |
2M |
2M |
2M |
2M |
2M |
2M |
2M |
2M |
2M |
| No. of ports monitored |
64Kx4 |
64Kx8 |
64Kx4 |
64Kx8 |
64Kx4 |
64Kx8 |
64Kx4 |
64Kx8 |
64Kx4 |
64Kx8 |
Comparative Analysis of DDoS Mitigation Solutions
Ask us for a comparative study with all the vendors in the DDoS mitigation space. You will learn the advantages and disadvantages of deploying each solution. The study includes Cisco, Top Layer, Radware, and Riorey among others.
See also:
Frequently Asked Questions About DDoS, Botnets and IntruGuard
5 Steps to Website Security
Customer Testimonials
White Papers on DDoS mitigation
Seven Fundamental (Really!) Criteria For DDoS Mitigation
Granual Packet Inspection for DDoS Mitigation
|
|
