IPS - IDS Reinforcement

The Challenge

Commercial Off-The-Shelf (COTS) products such as Intrusion Prevention and Detection Systems (IPS/IDS) are not always able to detect fraudulent behavior or data leakage which use Web-based applications (Gmail, etc.) or anonymization mechanisms such as Web proxies (Glype).

Qosmos Solution

Qosmos ixMachine provides complete visibility over network traffic and feeds IPS/IDS solutions with IPDRs according to predefined rules, so that suspicious traffic can be mitigated as required.

Benefits

  • Reinforced IPS/IDS solution thanks to additional traffic information provided by Qosmos
  • Enhanced protection against malicious activity data leakage over all type of IP communications: IP telephony, email, instant messaging, Web, etc.
  • Less downtime: no need to quarantine entire routers (instead e.g. specific IP addresses can be blocked)

Example of Implementation

Qosmos Intrusion Prevention Detection Systems

Information Extracted

Recognized Applications and Protocols (sample)

  • Instant Messaging: AIM, msn, Skype, Yahoo, Google Talk, QQ, etc.
  • Webmail: Gmail, Hotmail, Livemail, Squiremail, Yahoo mail, etc.
  • Network: IP, TCP, FTP, Ethernet, DNS, DHCP, UDP, etc.)

Extracted Information (sample)

  • User ID
  • IP address
  • Date & time of login / logoff
  • Subject of email
  • Content of email
  • Attached documents
  • Data transfer sessions (type, content, time)