Technology
Microfine™ Granularity
Adaptive Threshold Estimation
Virtual Identifiers
Scan Prevention
Source Tracking
Protocol Anomaly
Custom ASICs
White Papers
FAQs
Overview Presentation
DoS Articles
 

Virtual Identifiers

 

IntruGuard Virtualization

To reduce the need for duplicated network elements and further increase accuracy, the IG200/2000 devices provide support for up to "eight gateways in one". Through the use of Virtual Identifiers (VID), these appliances can segment the traffic into up to eight zones.

These zones can each be a server, subnet or network, whether on-site or remote. This allows one gateway to secure eight network segments and thus leverage the cost over a large infrastructure. When the gateway is placed in the network, it can substantially reduce duplicated network elements. IP addresses and network masks identify zones/VIDs.

To further refine traffic flow analysis and increase accuracy, these zones each have their own set of parameters. Each of the traffic threshold parameters and their corresponding thresholds are automatically monitored to spot malicious traffic.

This adds another dimension of granularity to traffic analysis. As different zones should be expected to have unique traffic patterns, the use of VIDs improves accuracy and further prevents false positives.

For example, in case of a bank, Virtual Identifiers can be used to partition services for Personal Banking, Private Banking, Loans, Credit Cards etc. In case of a hosting environment, VID feature can be used to segregate networks or services so that attacks on one customer or server does not do collateral damage to the others.

Key Benefits of Virtualization Using IntruGuard appliances

  • Collateral damage avoidance
    • Attack on one subnet/server doesn't affect the others
  • Multiple independent policies for multi-tenant DDoS attack mitigation
    • Each VID can be independently managed with its own policy.
    • Each VID can be independently in Detection or Prevention Mode.
  • Reduced cost
    • An appliance can protect multiple customers/servers independently. No need for a separate purchase.
  • Independent Reports
    • Each customer/server/subnet can have its own independent attack/traffic report.

Analyst Comments

"IntruGuard appliances support virtual instances. This feature is not only beneficial in supporting multiple layers of defense but also is a cost containment and administration-friendly feature for organizations that have multiple web properties to protect, and that need unique policies for each. Virtual instances can also be effectively used in defense escalation. Rather than have a single set of policies, multiple sets can be defined in advance, such that the organization can apply a more stringent set of policies if the preceding policies were inadequate." - Michael Suby, Stratecast Vice President of Research