NEW INTRUSION PREVENTION (IPS)
The need for speed
The Intrusion Prevention System or IPS is an essential AXS GUARD component which protects your network against cyber attacks and software exploits. The IPS scans all traffic allowed by the firewall in real-time for suspicious content.
Some examples of IPS protection include, but are not limited to the detection and blocking of attempted server exploits, which may be used to break into your network, for privilege escalation or to steal valuable information. The IPS will also detect attempts to turn servers in your network into rogue hosts, which may attack other networks from within your corporate network.
Each network packet undergoes more than 15,000 tests.
As new cyber security threats emerge, the amount of tests (IPS rules) grows by the day. After testing, network packets are classified as OK / NOK. Only legitimate network packets are allowed to pass through the AXS GUARD IPS, which checks both incoming and outgoing traffic. Needless to say this requires a lot of processing power.
In the past, the IPS processing speed was mainly limited by the speed of your internet connection. For example, 64,000 bits / sec for ISDN connections to 1,000,000 bits / sec for xDSL connections. Nowadays, Internet connections of 500,000,000 bits / sec (500 Mbit / sec) and 1,000,000,000 (1 Gbit / sec) are no longer an exception.
With Cloud computing on the rise in recent years, the number of exploits has also risen by a factor of 30, which requires more than 600 additional IPS checks per second compared to the past.
With the latest AXS GUARD release, we thoroughly redesigned the IPS so it can withstand future cyber threats more efficiently. We therefore pushed performance to the current hardware limits.
On our newest AG2XXX & AG3XXX hardware, we were able to increase the IPS processing performance from 80 mbit / sec to 350 mbit / sec.
On the AG5XXX & AG9XXX models, processing speeds well above the 1 gbit / sec can be achieved.