Towers Net Defender (TND) is system for detection and prevention of cyber attack (Intrusion prevention system – IPS, Intrusion detection System – IDS). Towers Net Defender monitors network and/or system activities for malicious activities, timely identifies them, blocks/stops it and reports about successfully defended attack (generates Certificate of Successful Defence), also registers and informs other servers about attacks and records all significant events in the monthly report for user.
Features
- Neutralize operation of detected malicious packages of information,
- Generates an alarm (Certificate of Succesful Defense),
- Recognizes the nature of unknown malicious attacks (zero day attack) and performs additional checks,
- Reset the connection,
- Block traffic from IP address which generates the attack,
- Generate reports on threats and attacks.
Specifications and Implementation
- Agent type, Local NBA IPS class – Towers Net Defender is an agent type of IDPS. TND agent program is activated on the defended server.
- Monitoring all log files – TND Server is monitoring, in real time, all the log files (Access log, Error log and Sys log) trough an agent program.
- Continuously updating of known attacks database – TND server has complete database of all known attacks. TND server compares potential attacks in real time with all attacks from the TND database. Every attack is blocked by TND server through an agent program. The database of all known attacks and new malicious software is continuously improving.
- White list – Client can prepare a safety (white) list of IP addresses, for open access, without checking (service IP addresses, internal IP addresses from the safe segment of the network and similar).
- Optimal and efficient reporting – TND server sends alarm information (Certificate of Successful Defense) for every blocked attack. Client will receive a monthly report about all important events and attacks to his system.
- Very low server capacity usage – The maximum usage of server and processor resources is less than 1% , beside that consumption of other server resources is very small (CPU usage, Memory, Power consumption, Network capacity).
- Very high TND resistance – It is not possible to attack to the agent program or other elements of TND IPS system.
Characteristics of TND service
- Very small consumption of all server resources (CPU Usage, Memory, Power supply) even during active detection and defense.
- Conventional products consume a huge server’s resources during detection of the attack,
- TND system saves server resources using principle of virtual machine. During defense the agent program only executes the blocking command for any unauthorized access.
- Very Cost Effective IDPS – no need for additional costs of training, administration, hardware and maintenance.