The customer needed an intrusion detection system designed for an early detection of suspicious activity by means of the network traffic analysis. It was decided to build the product on the basis of open-source solution.
The attack detection mechanism is based on signature analysis. It enables you to automatically detect abnormal activity with the help of predefined rules (sensors). The administrator is able to determine the group of packages having caused the sensor response, and receive the information about the vulnerability and its operation parameters in order to take protective actions. The database of rules is constantly updated with consideration to the new types of attacks.
Advanced graphic interface tools enable you to analyze incidents, flexibly set up the rules
and select the objects to protect. The system intrusion attempts are logged.
When an attack is detected, the system promptly notifies the people in charge. The circle of people and notification channels are defined by the system administrator.