Technology
Microfine™ Granularity
Adaptive Threshold Estimation
Virtual Identifiers
Scan Prevention
Source Tracking
Protocol Anomaly
Custom ASICs
White Papers
FAQs
Overview Presentation
DoS Articles
 

IntruGuard Technology for DDoS and Botnet Attack Mitigation

The IG200 and IG2000 are purpose-built network appliances that provide maximum-security effectiveness. These scalable and high-performance security appliances are completely interoperable with existing solutions and integrate easily into existing user and system management environments. These appliances surgically remove network and application layer DDoS attacks with automated techniques while letting legitimate traffic flow.

To achieve a new threshold in security price/performance, IntruGuard has integrated several critical technologies into the IG200 and IG2000 in hardware logic. No other solution available has any of these capabilities put together to give you the complete protection required.

 

Virtual Partitioning

Appliance logically partitions the traffic based on the subnet masks and you can have up to 8 independent policies for up to 512 subnets depending on the model and license. This ensures that there is no collateral damage when a partition is attacked. Each Partition on its own can be set to prevention or detection mode in either direction.

Country Code/IP Address Filters

(Geo Location Protection)

IntruGuard IG200/2000 feature a unique filtering capability through their hardware logic. This logic enables a network administrator to block a list of entire countries in a few clicks. Just click on a country using the GUI or CLI to either accept or block them in your appliance for both inbound as well as outbound traffic. You can select countries from a list. This Geo-Location feature allows organization to block or to apply additional in-depth application filtering on all traffic from countries that a network does not do business with, or that are known originators of malicious hacking (including US State Department identified terror sponsors). This feature dramatically saves bandwidth and lowers the risks of attacks.

Bogon Filtering, Access Control Lists

IntruGuard's appliances blocks traffic to restricted ports and limits traffic to allowed protocols. IntruGuard can provision an extensive list of known infected hosts which are blocked at appliance’s initial logic.

Packet Flood Mitigation / Protocol Verification

FPGA based hardware then filter packets by verifying Layers 3, 4 and 7 protocols are correctly formed.

Stateful Packet Inspection, Out-of-State Filtering

This layer verifies state by confirming the completion of the three way handshake. SYN Floods or other such attempts to utilize system resources are blocked at
this layer.


Granular Layer 3, 4 Filtering

IntruGuard appliances monitor traffic granularly at layer 3, 4 and 7. They can monitor up to 1 M source IPs, 1 M Connections, 1 M destination, all IP protocols, all TCP, UDP ports, ICMP type/codes. Any behavioral threshold that is violated, is immediately within 2 seconds stopped.

Application Layer Filtering, Get and Resource Flood Filtering

Many attackers have deployed methods to overwhelm system resources by establishing valid connections. IntruGuard appliances work at the application layer to prevent this type of attack. Patented Source Tracking helps isolate botnets that are using the same scripted attack using information such as User-Agent, Referer, URL, Host and Cookie accesses.

Algorithmic Filtering

IntruGuard’s patented system monitors traffic for unusual behavior. Anomalies are “red flagged” by the system. These include access to a URL without accessing images, CSS files. Using abnormal HTTP headers etc.

Heuristic Filtering

At application layer, IntruGuard's hardware logic monitors and prevents accesses that are heuristically known to be botnet oriented. This logic is continuously updated based on current trends.

IntruGuard DDoS Mitigation : Multiple Layers of Defense

Multiple Layers of Defense for DDoS Mitigation

 

Key IntruGuard Technology Elements

· Microfine Granularity
· Adaptive Thresholds
· Virtual Identifiers
· Scan Prevention
· Source Tracking
· Protocol Anomaly
· Custom ASICs
· Taxonomy

IntruGuard's technology is protected through four US patents.

  • 7,626,940 System and method for integrated header, state, rate and content anomaly prevention for domain name service.
  • 7,602,731 System and method for integrated header, state, rate and content anomaly prevention with policy enforcement.
  • 7,426,634 Method and apparatus for rate based denial of service attack detection and prevention.
  • 7,356,663 Layered memory architecture for deterministic finite automaton based string matching useful in network intrusion detection and prevention systems and apparatuses.

Become well-versed with our technology and get certified: