Technology
Microfine™ Granularity
Adaptive Threshold Estimation
Virtual Identifiers
Scan Prevention
Source Tracking
Protocol Anomaly
Custom ASICs
White Papers
FAQs
Overview Presentation
DoS Articles
 

Adaptive Threshold Estimation

Most security products provide either fixed thresholds or threshold profiles. However, traffic is rarely fixed. Every server has unique traffic patterns, trends and seasonality. Aggregation leads to loss of accuracy in determining rate-aberrations, as an attack detected today due to a high rate may not be attack a year from now as traffic gradually increases to that level.

The IG200/IG2000 continually learn about traffic patterns and seasonality, critical to providing rate-based intrusion prevention. Offering the widest range of rate-based detection/prevention parameters in the industry, IG200/IG2000 thresholds can be set for any protocol on Layer 2-4, for packet counts per protocol, per TCP port, or per IP address. In addition, thresholds exist for TCP SYN connections/sec, and total active connections. Multiple thresholds are continuously monitored by the system, and alarms are set when any are violated.