Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Программный блейд
IPS Event Analysis

IPS Event Analysis Software Blade

Overview

The IPS Event Analysis Software Blade is a complete IPS event management system for your IPS Software Blade, providing situational visibility, and easy to use forensic and reporting tools. IPS events are presented in a Timeline View so administrators can immediately focus on their high priority assets, and quickly see threat and vulnerability status of these assets. Quickly drill-down from business view monitoring to forensic-level details to easily identify and manage threat information. The IPS Event Analysis Software Blade enables easy overview of overall attack trends and effectiveness of the current IPS policy.

Key Benefits

  • Overcome data overload
  • Easily identify high-priority events on high-priority systems
  • Track and report on compliance issues and IPS policy effectiveness

Features

Situational Visibility
Situational Visibility uses a ‘timeline view’ of threat activity to provide real-time insight into high-priority security activity on high-priority systems. The security administrator can quickly and easily configure the timeline view to display those systems and events that are ‘high-priority’ to the organization. For example, on any given network, some servers and services are more important than others. The security administrator may wish to see only high-severity attacks on particular systems, or high-severity attacks that the current security policy did not block.

Situational Visibility with the timeline view enables administrators to immediately focus on high priority assets, and quickly see the threat and vulnerability status of these assets.


Overcome Data Overload
Easily customize timelines to show systems and events that you deem important

 

Reporting – trend analysis and IPS policy effectiveness
The IPS Event Analysis Software Blade provides extensive tools to identify and analyze attack trends and the effectiveness of the current IPS policy. Also, dynamically create time-based dispersion graphs that summarize the Top-N events, and easily group, sort, and filter security events.


Meet Compliance and Management Information Needs
Select from many predefined reports, or quickly create your own

 

Easy to use forensic tools
Administrators can easily and quickly dissect and analyze an attack by grouping events by source, destination, attack used, and other fields. More detailed information is available via packet capture. Move easily between a logged event and the related protection to get more details on the attack, to modify the protection, or to create network exceptions. From the management interface, quickly create a ticket so that the event can be tracked and followed. Additionally, ‘generic IPS events’ will automatically be associated with accurate common attack names and details.


Quickly and easily drill-down from business view to detailed forensics

Specifications

Feature Details
Multi-functional overview

View by:

  • Timeline
  • Recent critical events
  • Top sources
  • Top destinations
  • Top events
  • IPS Event Analysis Blade status
  • Event summary

Security Center feed of the latest IPS updates

Customizable Timeline view of security threats

Filter by:

  • Direction
  • ID
  • Start or end time
  • Severity
  • Event name
  • State
  • Source
  • Destination
  • Service
  • Peak # of connections
  • Total # of connections
  • Detection time
  • Last update time
  • User
  • Category
  • Follow-up
  • Origin
  • Product
  • Accepted connections
  • Blocked connections
  • Time interval
  • Automatic reaction status
  • File name
  • Attack name
  • Virus name
  • Confidence level
  • VLAN ID
  • Sensor mode
  • IPS profile
  • CVE list
Configurable alert view
Columns can be easily sorted and grouped
Predefined and customizable graphs

Customize by

  • Destination
  • Event
  • Severity
  • Source
  • state
  • Time
  • Attack type
  • Follow-up events
  • Incoming
  • Outgoing
Multiple graph time resolutions
  • 5, 10, or 30 minutes
  • 1 hour
  • 1 day
  • 1 week
  • 30 days
Multiple graph views
Split by severity or attack
View data table, toggle On of Off
Predifined and customizable event policy

Customize by

  • Destination
  • Event
  • Severity
  • Source
  • State
  • Time
  • Attack type
  • Follow-up events
  • Incoming
  • Outgoing

Support

Threats to the network are constantly evolving and becoming more sophisticated. To maintain continuity and productivity, defenses must advance as quickly to deliver the technology and features that protect the business. Check Point Update service protects against emerging threats with critical hot software fixes, service packs, and major software upgrades.

Benefits

  • Ensures continuous security with access to critical hot fixes and service packs
  • Maximizes ROI and investment with access to major upgrades and enhancements
  • Increases security with the latest applications, features, and technologies
>