“The Arkoon solution has allowed us to deliver access to our information systems for external users.”
La Rochelle city council
Intrusion detection system
Intrusion detection system, Arkoon.
Against threats coming at various levels: transport networks (levels
3 & 4), inter-application communications (level 7) and content, ARKOON
developed the concept of multi-level security in order to offer maximum
protection to businesses.
Thanks to the SSA architecture, ARKOON solutions integrate various security
functions, including a detection and intrusion
prevention system (IPS). The ARKOON IPS is
an active in line protection system and actually block
the attacks (as opposed to probe-type network IDS systems which are passive
). It combines both real-time inter-application protocol decoding functions
and intrusion detection system based on contextual signatures.
- Intrusion prevention by inter-application protocol
decoding :
This technology analyses the flow going through the network. It decodes
the applicative protocol used, checks the compliance with the standards
(RFC) and separates the various elements of the protocol (commands, parameters,
data, etc.).
It is proactive against unexpected attacks because it can detect and block
attacks that are not compliant with the RFC’s or with the protocol
“expected use” as well as those that are not compliant with
the operating rules attached to these protocols, as defined by the security
administrator.
- Signature-based intrusion detection :
This technology looks for "signatures" (a sequence of characters
that is typical of an attack) into communications going through the security system. It implements a database with more than 700 signatures developed
by ARKOON security watch teams and can block a large number of attacks.
Combining these two technologies allows for taking into account the applicative
context in the comparison process. This leads to the use of context-sensitive
signatures which dramatically reduce the risk of "false positives".
Thanks to this combination, it is possible to limit the number of signatures
in the base by only using attack signatures which are not detected by
inter application protocol decoding, thereby reducing the consumption
of related resources and allowing the use of this technique “in
line” without degrading the performances
