Technology
Microfine™ Granularity
Adaptive Threshold Estimation
Virtual Identifiers
Scan Prevention
Source Tracking
Protocol Anomaly
Custom ASICs
White Papers
FAQs
Overview Presentation
DoS Articles
 

Virtual Identifiers

To reduce the need for duplicated network elements and further increase accuracy, the IG200/2000 devices provide support for up to “eight gateways in one”. Through the use of Virtual Identifiers (VID), these appliances can segment the traffic into up to eight zones.

These zones can each be a server, subnet or network, whether on-site or remote. This allows one gateway to secure eight network segments and thus leverage the cost over a large infrastructure. When the gateway is placed in the network,l this can substantially reduce duplicated these other network elements. VLAN tags, IP, or MAC addresses identify zones.

To further refine traffic flow analysis and increase accuracy, these zones each have their own set of parameters. Each of the traffic threshold parameters and their corresponding thresholds are automatically monitored to spot malicious traffic. This adds another dimension of granularity to traffic analysis. As different zones should be expected to have unique traffic patterns, the use of VIDs improves accuracy and prevents false positives.

For example, in case of a bank, Virtual Identifiers can be used to partition services for Personal Banking, Private Banking, Loans, Credit Cards etc.

In case of a hosting environment, VID feature can be used to segregate networks or services so that attacks on one customer or server does not do collateral damage to the others.