|
Strata Guard® is an award-winning family of network-based intrusion detection/prevention systems (IDS/IPS) that provide real-time, zero-day protection from network attacks and malicious traffic. Strata Guard protects your enterprise from the network perimeter to the core, including remote and internal segments.
Strata Guard employs six distinct attack-detection technologies for comprehensive network protection. With signature-based and behavior-based attack detection, deep packet inspection, and protocol anomaly analysis, Strata Guard terminates network-, application-, and service-level attacks including worms, Trojans, spyware, port scans, DoS and DDoS attacks, server exploit attempts, and viruses before they infiltrate the network and cause real damage.
Beyond blocking malicious attacks, Strata Guard enforces your network usage polices and can block peer-to-peer file sharing, instant messaging, chat, prohibited browsing activity, and worm propagation. It detects anomalous activity such as spoofed attack source addresses, TCP state verification, and rogue services running on the network.
 Highly automated, Strata Guard is designed for ease of use and streamlined administration and management. Through its multi-layered Dynamic Attack Qualification™ technologies, Strata Guard eliminates false-positives. Its multi-node, multi-user management capabilities allow for enterprise-wide deployments and provide appropriate levels of control for the full range of users requiring access to security data.
Strata Guard is available as software or as a preconfigured hardware appliance.
Deployment for attack detection and attack prevention
Strata Guard can be installed anywhere the potential for attack exists: at the perimeter, internally, in the DMZ, and between strategic segments (e.g., remote offices, partners) where organizations need to control direct links to un-trusted networks.
Strata Guard is deployable in both in-line and out of band configurations:
In-line deployment:
- True IPS functionality
- React instantaneously to attacks; drop offending packets (i.e., Pre-emptive policies™)
- Highest level of protection—attacks can't penetrate the network
- Allows you to move from IDS to IPS functionality at your own comfort level
Out-of-band deployment:
- Blocks attacks by inserting rules into firewall (i.e., Responsive policies)
- Provides history of attack events
- Forensic tracking
Multi-level attack detection
 Strata Guard’s Dynamic Attack Detection™ technology applies a combination of detection methods with the goal of identifying all possible malicious traffic. Dynamic Attack Detection includes:
Layer 2 analysis – detects invalid and malicious activity at the layer 2 level including duplicate and spoofed Ethernet addresses.
Protocol anomaly/behavior analysis – creates models of TCP/IP protocols using their specifications/request for comments (RFCs). This ensures that events within a session conform to the proper state as defined by the protocol; it is used to detect a wide range of known and unknown attacks.
TCP stream reassembly analysis – reassembles packet fragments and examines complete sessions. Strata Guard maintains state on more than 64,000 simultaneous sessions, which increases accuracy and reduces IDS/IPS evasion.
Stateful packet analysis – prevents IDS/IPS evasion and increases accuracy of alerts. Strata Guard’s flexible rule language provides a content-matching system that can describe anomalies within application layer protocols, allowing certain anomalies to be detected, like buffer overflows, without having specific signatures for the attack.
Signature analysis – provides pattern matching and content analysis to detect any known attack signatures. Strata Guard provides 3500+ signatures that are updated as often as every hour.
DoS and DDoS detection – identifies DoS and DDoS conditions automatically, and reacts appropriately.
Comprehensive signature database
Strata Guard attack rules—or signatures—are created, tested, and released by the StillSecure Security Alert Team (SAT), which operates on a 24x7 basis to monitor and respond to network threats. In addition to writing and releasing GPL rules in-house, SAT compiles rules from other sources including Open Source Snort Rules Consortium, Bleeding Snort, SourceFire VRT, and other sources
Strata Guard rules conform to the industry-standard Snort format. Strata Guard can be configured to check for updated SAT rules as frequently as every hour, or users can download rule updates on demand, ensuring up-to-the-minute protection against newly released threats. Custom rules can be easily created to address organization-specific threats and policy compliance.
Qualifying attacks
 Strata Guard qualifies attacks through its Dynamic Attack Qualification™ technology. This combination of powerful qualifying techniques isolates the real threats to your network, and eliminates the overwhelming majority of attacks as false-positives. Your IT resources stay focused on responding to legitimate threats. Dynamic Attack Qualification includes:
- Accessible Device Protection™ (ADP) – Scans the network, discovering all devices and open ports; as a result, attacks aimed at inaccessible devices or ports are ignored.
- Vulnerable Device Protection™ (VDP) – Creates a protective, attack-blocking shield around devices with known vulnerabilities. Vulnerabilities can be imported from the StillSecure VAM vulnerability management platform or entered manually.
- Quick Tune™ – Eliminates attacks based on the types of devices and operating systems on your network.
- Intelligent Attack Profiling™ (IAP) – Allows you to define the attack-specific
profile that qualifies an attack as a legitimate threat within your business environment. Configurable profile parameters include: attack type, attack severity, source and destination IP address, source and destination port, number of attack occurrences, attack time of day. Attacks not conforming to a given profile are ignored.
| |
Flexible attack response options
Strata Guard’s multiple attack-blocking options provide flexibility and control over how you respond to attacks. You can implement a default blocking strategy to ensure a base level of protection, and create custom blocking strategies for specific attacks. Strata Guard can be set to automatically block attacks upon detection, or it can prompt you, allowing you to investigate the attack before committing to a specific course of action. Attack blocking techniques include:
- Dropping attack packets (in-line deployment only) – Prevents any part of an attack from infiltrating the network. Combines packet payload analysis with traditional packet header analysis at the kernel level.
- Block attack source IP/ port – Blocks the current attack from progressing and ensures that the attacker cannot launch future attacks. Traffic from the source IP / port or session is temporarily prohibited from entering the network.
- Secure TCP reset – Terminates traffic without letting it pass through to the target and resets the offending session. Unlike other IPS tools, Strata Guard does not send a reset command back to the originating host, so the attacker receives no indication that the session has been actively terminated.
- Execute a custom command script – Allows administrators to create custom responses for specific attack types.
- Notifications – Alerts users of an attack via SNMP trap and/or email; logs the attack event
DoS/DDoS attack prevention
Strata Guard takes a multi-tiered approach to defending against DoS/DDoS attacks. Strata Guard’s onboard stateful IPS firewall continually monitors all incoming and outgoing traffic for anomalous conditions that indicate a DoS/DDoS attack. Using a threshold-based detection mechanism, the onboard IPS firewall will apply two levels of DoS/DDoS suppression. In the first level, traffic is regulated. In the second, traffic is rate-limited to a pre-defined level for the duration of the attack. Valid sessions are unaffected by the IPS firewall's actions and are given priority over the offending DoS/DDoS attack.
Additional approaches leverage Strata Guard’s Snort IPS engine. Strata Guard maintains more than 60 rules for identifying and blocking DoS/DDoS attacks, the majority of which have been custom-authored by SAT security engineers. These rules detect specific attacks—such as Ping of Death, Tear Drop, LAND, and other TCP-based malicious traffic—and prohibit them from entering the network and impacting the flow of traffic.
Multi-node, multi-user management
Strata Guard’s Multi-node manager centrally manages an unlimited number of Strata Guard instances, making it an ideal solution for managed security service providers (MSSPs) and for enterprise networks of any size and complexity.
 Through the Multi-node manager (shown in the graphic at left), attack rules can be shared among all or a subset managed nodes, thereby simplifying administration and ensuring a consistent security posture network wide. Likewise, reporting can be consolidated across multiple Strata Guard nodes, or reports can be run on individual nodes to view segment-specific attack data. Users can be assigned read-only access to specific nodes, allowing them to monitor and report activity but not alter node configuration.
Multi-node manager is included with Strata Guard Enterprise and GigE at no additional charge.
Regulatory compliance and reporting
Strata Guard plays a key role helping organizations comply with the information security provisions of regulations such as Sarbanes-Oxley, HIPAA, GLBA, FISMA, Safe Harbor, and others. Strata Guard contributes to compliance on multiple levels:
- Provides access compliance checking
- Monitors and verifies adherence to encryption and privacy policies
- Produces range of actionable reports for auditors, managers, and IT staff
- Deployment of an IDS/IPS is considered a best practice and demonstrates an organizational commitment to safe guarding sensitive data
Strata Guard includes a comprehensive, full-featured reporting and analysis engine for insightful views into the state of security across your network. Sorting by types, frequencies, source and destination of attacks, and actions taken, these actionable reports are appropriate for all stakeholders. With both on-demand and automated scheduled reporting, Strata Guard satisfies compliance guidelines and enables efficient security monitoring and management.
Product versions
Strata Guard™ is available in a variety of versions designed to meet the needs of businesses of all sizes, from small organizations to global enterprises:
- SMB (small-medium business) — ideal for small organizations with modest throughput requirements.
- Enterprise — for mid to enterprise-sized organizations.
- GigE — designed for organizations with high throughput requirements; provides true gigabit-level performance.
|
| |
SMB |
Enterprise |
GigE |
| Performance |
< 10 mbps |
< 200 mbps |
> 1 gig |
| |
|
|
|
| Key technologies |
|
|
|
| Dynamic Attack Detection™ |
X |
X |
X |
| Dynamic Attack Response™ |
X |
X |
X |
| Dynamic Attack Qualification™ |
X |
X |
X |
| Accessible Device Protection™ |
X |
X |
X |
| Vulnerable Device Protection™ |
X |
X |
X |
| Custom reporting |
X |
X |
X |
| Database |
Unlimited |
Unlimited |
Unlimited |
| Rule updates |
Automated |
Automated |
Automated |
| |
|
|
|
| Enterprise functionality |
|
|
|
| Multi-node manager |
|
X |
X |
| Centralized rule management |
|
X |
X |
| Centralized reporting |
|
X |
X |
| User permissions |
|
X |
X |
| |
|
|
|
| Support |
|
|
|
| Number of incidents |
3 incidents |
Unlimited |
Unlimited |
| Training included |
None |
Upon request/fee based |
Upon request/fee based |
| |
|
|
|
| Hardware |
|
|
|
| Optional hardware appliance |
X |
X |
X |
| Optional bypass unit |
X |
X |
X |
Availability
 Strata Guard is available as software or as preconfigured hardware appliance.
For more information, contact StillSecure.
View  End-User License Agreement.
* Snort is a registered trademark of Sourcefire, Inc. Latis Networks, Inc. is not affiliated with, connected to, or sponsored by Sourcefire, Inc.
|
Products
Request a Strata Guard trial »