Firewalls, IDS, IPS

Distributed Denial of Service (DDoS) attacks are weapons of mass disruption. Unlike access attacks that penetrate security perimeters to steal information, DDoS attacks paralyze Internet systems by swamping servers, network links and network devices (routers, firewalls, etc.) with bogus traffic.

DDoS is emerging as the weapon of choice for hackers, political "hacktivists" and international cyber-terrorists. Easily launched against limited defenses, DDoS attacks not only target individual Web sites or other servers at the edge of the network - they subdue the network itself. In recent months, massive DDoS attacks have significantly impacted mission-critical systems at large scale retailers, e-commerce,and government offices around the world.

Growing dependence on the Internet makes the impact of successful DDoS attacks - financial and otherwise - increasingly painful for service providers, enterprises and government agencies. More complex, challenging DDoS tools are always on the horizon requiring a constant state of vigilance to effectively mitigate risk and cost.

The solution - Macrolevel's DDoS protection services

Macrolevel delivers a complete DDoS protection solution based on the principles of detection, diversion, verification and forwarding to ensure total protection. When a DDoS attack is launched against a client protected by the solution, business continuity is maintained by:

  • Detecting the DDoS attack
  • Diverting the data traffic destined for the target device to a Riverhead appliance for treatment
  • Analyzing and filtering the bad data packets from the good data packets, preventing malicious traffic from impacting performance while allowing legitimate transactions to complete
  • Forwarding the good traffic to maintain business continuity

Securing data is a paramount concern for businesses in every industry. Findings from a recent Harris Interactive Poll revealed the top IT security priority for CIOs is the protection of customer and company data. A key part of Macrolevel's comprehensive set of managed security services are managed firewall and VPN services.

Managed Firewall Services

Places a layer of security between your organization and the Internet. All inbound data traffic flows to a firewall(s), which filters traffic based on your specified requirements, detecting and deflecting unwanted attempts to penetrate your server security. We provide a variety of standard security policies, and we will work with you to develop custom policies that address the specific requirements of your solution.

Managed VPN (Virtual Private Network) Services

The VPN encrypts all traffic between two internet points, providing secure communication channels for individual users, user groups, contractors, vendors and remote offices. Our managed VPN also aids in providing a high level of data integrity and protects key corporate information assets.

Intrusion Detection Services

Behind every effort to increase the security of today's networks is the realization that security products rarely produce any measurable results. Even as companies of all sizes invest billions of dollars into security, the rates of security incidents and breaches continue to rise year after year.

The primary cause for this gap is the belief that security problems can be solved by continuously adding security infrastructure. In reality, security is a business management problem, requiring similar decision making support and risk management tools used in the financial industry today.


Benefits of Macrolevel's IDS Service:

  • Provides integrated attack detection and vulnerability assessment
  • Target aware and able to intelligently adapt to each network
  • Accurately identifies real incidents, with fewer false alarms
  • Dynamically scores the threat level of all attacks through Network Threat Management
  • Automates the IDS analysis process through correlation and heuristic methods
  • Always tuned and configured for your solution
  • 24/7 monitoring of advanced threats by a team of trained IDS experts

 

Intrusion Prevention Services

Our service performs network traffic reconstruction and protocol analysis and is able to detect and block 'zero-day' attacks that bypass standard signature checking solutions. It is also able to detect and block unknown attacks using pattern matching analysis.

Features:

  • Malicious Application Control Prevention protects against Application Hijacking via DLL control hooking
  • Application Policy Control prevents abusive user behavior within applications, such as downloading files via P2P or Instant Messenger applications
  • Buffer Overflow Protection protects against known and unknown buffer overflow attacks against network applications
  • Non-Signature Based Attack Prevention detects and blocks attacks without the need or use of attack signatures. This translates into complete protection, even when an attack is circulating, but the vendor has not yet created signatures or patches. This also removes the administrative burden associated with updating signatures files
  • Inbound and Outbound Port Blocking: service controls all aspects of network traffic including all inbound and outbound connections, also controls traffic based on protocol, port, and communicating host address
  • Configurable rules: policies are customizable by the administrator and can be tailored to each particular worker's access or configuration requirement
  • Operating System Hardening: service acts as Windows hardening solution, preventing attacks from modifying critical OS binary files or configuration settings

System and Application Firewall Technology

Performing analysis of each packet of network traffic entering the system, service is able to allow or deny traffic based on a set of predetermined firewall rules. IPS also monitors the source of network traffic in real time and will only allow traffic only from authorized applications.

Non-Intrusive Protocol Analysis

IPS's non-intrusive protocol analysis technology examines network traffic before it reaches the application layer, preventing malicious activity before it is allowed to execute. This allows the service to remain non-intrusive and support business continuity, unlike other end-point solutions which resort to stopping services or processes as a means of protection.