 |
|
 |
Attack Mitigator Certification Most NIPS products are basically IDS engines that operate in-line, and are thus dependent on protocol analysis or signature matching to recognise malicious content within individual packets (or across groups of packets). These can be classed as Content-Based IPS systems. There is, however, a second breed of Network IPS that ignores packet content almost completely, instead monitoring for anomalies in network traffic that might characterise a flood attempt, scan attempt, and so on. These devices are capable of monitoring traffic flows in order to determine what is considered “normal”, and applying various techniques to determine when that traffic deviates from normal. This is not always as simple as watching for high-volumes of a specific type of traffic in a short space of time, since they must also be capable of detecting “stealth “attacks, such as low-rate connection floods and slow port scan attempts. Since these devices are concerned more with anomalies in traffic flow than packet contents, they are classed as Rate-Based IPS systems - and are also known as Attack Mitigators, as they are so effective against DOS and DDOS attacks Given the unique nature of Rate-Based IPS product, The NSS Group created a completely separate dedicated methodology, enhanced to handle Rate-Based devices. This exhaustive review will give readers a complete perspective of the capabilities, maturity and suitability of the products tested for their particular needs. As part of its extensive Attack Mitigator test methodology The NSS Group subjects each product to a brutal battery of tests that verify the stability and performance of each device tested, determine the accuracy of its security coverage, and ensure that the device will not block legitimate traffic. If a particular Attack Mitigator has been designated as NSS Approved, customers can be confident that the device will not significantly impact network/host performance, cause network/host crashes, or otherwise block legitimate traffic. To assess the complex matrix of Attack Mitigator performance and security requirements, The NSS Group has developed a specialised lab environment that is able to exercise every facet of an Attack Mitigator product. The test suite contains over 800 individual tests that evaluate Attack Mitigator products in three main areas: performance and reliability, security accuracy, and usability. This results in the most thorough and complete evaluation of Attack Mitigator products available anywhere today, under the most demanding conditions including extreme loads as well as real-world deployment scenarios using real network traffic. It is worth pointing out that standards are very high, and not every product submitted for testing receives an NSS Approved award. The NSS Group test methodologies have become the de facto standard for testing in-line Attack Mitigation devices, and the NSS Approved logo is now an essential item on the list of requirements when purchasing these products. Click here to download the complete Attack Mitigator testing procedure in PDF format |
Attack Mitigator Certification:
|
Send mail to webmaster
with questions or
|