Datasheet

FORCEPOINT
Intrusion Prevention System
Forcepoint offers the industry’s highest security* intrustion prevention system (ips) for protecting
distributed enterprise networks – across data centers, offices, branches, and the cloud.
*NSS Labs NGIPS Test 2017

Forcepoint’s network security solutions offer the Continual Updates To Keep Ahead Of Attackers
industry’s most secure Intrusion Prevention System.
Forcepoint’s global research team is constantly
Top-rated in independent tests, Forcepoint’s IPS can be
examining threat intelligence feeds, vulnerability
deployed as a standalone Layer 2 IPS device or as part of
reports from different sources, and a variety of test
a full-featured Layer 3 next-generation firewall (NGFW)
systems to analyze exploits and vulnerabilities. New
in physical, virtual and cloud environments. It defeats
fingerprints are published as needed through our cloud
evasions, exploits and malware that attackers use to
service and are automatically downloaded by Forcepoint
penetrate and spread within enterprise networks.
network security systems. This proactive approach gives
IT teams time to analyze newly published patches and
Unique Architecture For Efficacy And Speed
implement remediation efforts without fear of
Forcepoint uses a dynamic stream-based approach to immediate compromise.
inspection that goes beyond simple packet inspection. It
reconstructs and examines the actual payloads, defeating Stopping Zero-Days And Unwanted Content
evasion techniques that camouflage exploits and malware.
Forcepoint’s network security products also provide
multiple layers of defense against previously unknown
In addition, high-speed, granular decryption unmasks
attacks and undesirable content. Transmitted files go
attacks that attempt to hide within SSL/TLS traffic.
through rigorous reputation and malware scanning, and
Forcepoint analyzes each payload stream, decoding
new threats like zero-day attacks can be uncovered with
the various layers of protocols to look for abnormal or
our advanced sandboxing technology. Forcepoint is one
malformed protocol setup, metadata, and headers.
of the pioneers in categorizing and filtering websites and
content; with our IPS devices and firewalls, organizations
Forcepoint then applies advanced techniques to
can more easily comply with workplace regulations, limit
examine transmission contents for signs of exploits
exposure to personal data, and prevent users from going
against vulnerabilities in many types of systems.
to websites with dangerous content in the first place.
Unlike verbose pattern-based signature mechanisms,
Forcepoint’s more-sophisticated approach enables such
Fail-Open Resilience
attacks to be identified with a single, concise fingerprint.
Fingerprints are matched using high-speed deterministic Forcepoint’s appliances support a range of modular
finite automata (DFA) tailored to each protocol context, network cards, including fail-open interfaces that keep
enabling new fingerprints to be incorporated with traffic running even if the IPS or NGFW loses power.
almost no impact on CPU resources.

www.forcepoint.com 1
 Forcepoint Intrusion Prevention System (IPS)

FORCEPOINT COMBINES FULL-STREAM RECONSTRUCTION WITH HIGH-SPEED EXPLOIT FINGERPRINTING

Protection To Keep Your Business Running Business Outcomes

Every day, attackers get better at penetrating enterprise
 Fewer breaches
networks, applications, data centers, and endpoints. Once
inside, they can steal intellectual property, customer  Greater security without disruption
information, and other sensitive data, causing irreparable
damage to businesses and reputations.  Less exposure to new vulnerabilities while IT teams
prepare to deploy new patches
Internet attacks are moving beyond simply transmitting  Safer rollout of branches, clouds or datacenters
exploits of vulnerabilities. Increasingly, new techniques
are being used to evade detection by traditional security  Lower TCO for security and network infrastructure
network devices, including many name-brand firewalls.
Key Features
These evasions work at multiple levels to camouflage
exploits and malware, making them invisible to traditional  Deployment as a Layer 2 IPS or as part of a Layer 3 NGFW
signature-based packet inspection. With evasions, even
old attacks that have been blocked for years can suddenly  Stream inspection that examines actual payloads
be used to compromise internal systems.  Pioneer in anti-evasion defenses

Forcepoint takes a different approach. Our industry-  High-speed decryption with granular privacy controls
leading IPS engine is designed for all three stages of  Protocol abnormality and misuse detection
network defense: to defeat evasions, detect exploits of
vulnerabilities, and stop malware. It can be deployed  Exploit and malware detection via high-speed DFA
transparently behind existing firewalls to add protection  Denial of Service (DoS) detection
without disruption or as part of our full-featured NGFW
for all-in-one security.  Anti-bot defenses
 Zero-day sandboxing via cloud or on-premises appliance
All Forcepoint network security products are continually
updated, centrally managed, and can seamlessly share  Industry-leading URL Filtering
security policies and dashboards throughout your
 Modular fail-open network interfaces for appliances
network. With Forcepoint, you can keep your business
safe – reliably, consistently and efficiently – throughout  Unified capabilities and performance across deployments
your data centers, office networks, branch locations, or
cloud environments.  Policy-based centralized management
 Rapid updates without downtime

www.forcepoint.com 2
 Forcepoint Intrusion Prevention System (IPS)

Forcepoint Intrusion Prevention System (IPS) Specifications

SUPPORTED PLATFORMS

Appliances Multiple series of modular appliances for deployment in data centers, at network edges, and in branches

Cloud Infrastructure Amazon Web Services, Microsoft Azure

Virtual Appliance x86 64-bit based systems; VMware ESXi, VMware NSX, Microsoft Hyper-V, and KVM virtualized environment

Deployment Modes Standalone IPS (layer 2, with optional fail-open network interface modules), part of NGFW (layer 3)

Virtual Context Virtualization to separate logical contexts with separate interfaces and policies

INSPECTION

Multi-Layer Traffic Normalization • Reconstructs and analyzes actual payloads to assure integrity of data streams
/ Full-Steam Deep Inspection • Discards duplicate lower-level segments that could lead to ambiguities when reassembled

Anti-Evasion Defense Stops out-of-order fragments, overlapping segments, protocol manipulation, obfuscation, encoding tricks

Dynamic Context Detection Protocol, application, file type

Ethernet, H.323, GRE, IPv4, IPv6, ICMP, IP-in-IP, IPv6 encapsulation, UDP, TCP, DNS, FTP, HTTP, HTTPS,
Protocol-Specific Traffic IMAP, IMAPS, MGCP, MSRPC, NetBIOS Datagram, OPC Classic, OPC UA, Oracle SQL Net ,POP3, POP3S,
Handling / Inspection RSH, RSTP, SIP, SMTP, SSH, SunRPC, NBT, SCCP, SMB, SMB2, SIP, TCP Proxy, TFTP, Integrated inspection
with Sidewinder Security Proxies

• High-performance decryption of HTTPS client and server streams

Granular Decryption of SSL/TLS
• Policy-driven controls to protect users’ privacy and limit organizations’ exposure to personal data
Traffic
• TLS certificate validity checks and certificate domain name-based exemption list

• Protocol-independent, any TCP/UDP protocol with evasion and anomaly logging

• Virtual patching for both client and server CVE vulnerabilities
Vulnerability Exploit Detection • Sophisticated fingerprint approach eliminates need for many signatures
• High-speed deterministic finite automata (DFA) matching engine handles new fingerprints quickly
• Continual update of fingerprints from Forcepoint

• Protocol-independent fingerprint matching

Custom Fingerprinting
• Regular expression-based fingerprint language with support for custom applications

Reconnaissance TCP/UDP/ICMP scan, stealth, and slow scan detection in IPv4 and IPv6

• Decryption-based detection and message length sequence analysis

Anti-Botnet
• Automatically updated URL categorization to block or warn users away from botnet sites

Correlation Local correlation, log server correlation

• SYN/UDP flood detection with concurrent connection limiting, interface-based log compression
DoS/DDoS Protection • Protection against slow HTTP request methods, half-open connection limit.
• Separation of Control Plane and Data Plane

Blocking Methods Direct blocking, connection reset, blacklisting (local and distributed), HTML response, HTTP redirect

Traffic Recording Automatic traffic recordings/excerpts from misuse situations

• Continual dynamic updates through Forcepoint Security Management Center (SMC)

Automatic Updates
• Updates virtual patching and provides detection and prevention for emerging threats

www.forcepoint.com 3
 Forcepoint Intrusion Prevention System (IPS)

Forcepoint Intrusion Prevention System (Ips) Specifications continued

ADVANCED MALWARE DETECTION AND FILE CONTROL

Protocols FTP, HTTP, HTTPS, POP3, IMAP, SMTP

Policy-based file filtering with efficient down-selection process. Over 200 supported file types in 19
File Filtering
file categories

File Reputation High speed cloud-based malware reputation checking and blocking.

File Anti-Virus Scanning Local anti-virus scan engine*

Forcepoint Advanced Malware Detection available both as cloud and on-premise service, same as used by
Zero-Day Sandboxing
Forcepoint Web Security, Forcepoint Email Security and Forcepoint CASB

URL FILTERING

Powered by Forcepoint ThreatSeeker Intelligence, same as used by Forcepoint Web Security and Forcepoint
URL Categorization
Email Security

Automatic Updates Continually updated as new sites are analyzed

Enforcement of Forcepoint NGFW URL Filtering available as an add-on subscription

Category-based Access Policies

MANAGEMENT & MONITORING

Enterprise-level centralized management system with log analysis, monitoring and reporting capabilities
Management Interfaces
(see Forcepoint Security Management Center datasheet for details)

SNMP Monitoring SNMPv1, SNMPv2c, and SNMPv3

Traffic Capturing Console tcpdump, remote capture through Forcepoint Security Management Center

High Security Management 256-bit security strength in engine-management communication

Communication

Common Criteria Network Devices Protection Profile with Extended Package Stateful Traffic Filter Firewall,
Security Certifications
FIPS 140-2 crypto certificate, CSPN by ANSSI, (First Level Security Certification USGv6)

*Local anti-malware scan is not available with 110/115 appliances.

CONTACT © 2017 Forcepoint. Forcepoint and the FORCEPOINT logo are trademarks of
Forcepoint. Raytheon is a registered trademark of Raytheon Company. All other
www.forcepoint.com/contact trademarks used in this document are the property of their respective owners.

[DATASHEET_FORCEPOINT_TEMPLATE_EN] XXXXXX.062817

www.forcepoint.com 4