HUAWEI NIP6000, an advanced, New Generation Intrusion Prevention System (NGIPS), provides context, application, and content awareness capabilities and defends against unknown threats to better protect network infrastructures, bandwidth performance, server
Consult
Thanks to the development of the cloud and mobile computing technologies, many enterprises currently allow their employees to use smart devices, such as smartphones and tablets, and popular network applications, such as Facebook and Twitter, for work to improve employee productivity. The problem with these technologies is that they blur network borders and increase the exposure to risks. The increasing number of security incidents indicates that the threat landscape in information security is changing and traditional technologies cannot protect against the new generation of threats.
New threats are mostly zero-day vulnerability-based attacks that target specific victims. Traditional defense technologies are slow to create signatures, thereby giving attacks ample time to cause severe damage. In addition, attackers may customize the attack for the target environment and remain undetected for a long time. The increasing number of attacks proves that traditional technologies cannot help enterprises defend against this new generation of attacks. Enterprises now need a fundamentally different new-generation solution to protect their IT infrastructures from such threats.
HUAWEI NIP6000, an advanced, New Generation Intrusion Prevention System (NGIPS), provides context, application, and content awareness capabilities and defends against unknown threats to better protect network infrastructures, bandwidth performance, servers, and clients.
Product characteristics
New hardware and software architecture, providing industry-Leading performance
Most software matching engines process regular expressions slowly, which severely restricts the device detection performance. Huawei NGIPS engine uses an MIPS64 processor from Cavium, a world-renowned chip provider, to provide high-performance hardware pattern matching. Huawei NGIPS also employs the new Intelligent Awareness Engine (IAE) for threat detection, which enables in-depth detection and delivers 15 Gbit/s detection efficiency.
The NIP6000 series NGIPS, with the new unified hardware-software architecture, uses a dedicated multi-core platform and co-processors to process massive numbers of packets that require high computing performance. Packets that require less computing performance are processed using software. Such processing mechanisms improve the overall device performance.
Legacy IPS devices detect attacks based only on attack signatures, without considering the attributes of the protected assets on live networks, leading to false positives. The NIP6000 is aware of environment changes and provides intelligent policy tuning and hierarchical log management functions to resolve this problem.
Signature-based attack detection can detect attacks that exploit known vulnerabilities but cannot detect zero-day or APT attacks. The most effective method for APT attack defense is the sandbox technology, which creates an isolated threat detection environment in which traffic can be analyzed.
In such a scenario, the NIP6000 is often deployed in the downstream of an egress firewall or a router and transparently connects to the network. To protect multiple links, you can use multiple interface pairs on the NIP6000.
In such a scenario, dual NIP6000s are often deployed to avoid a single point of failure. The NIP6000s can be deployed in-line in front of servers to transparently access the network or attached to switches or routers. In the latter deployment mode, traffic exchanged between the Internet and servers is diverted to the NIP6000s for processing, after which it is injected back.
For a large or medium-sized enterprise, the network is often divided into zones of different security levels. Isolation or security control is applied to communications between the zones. For example, departments or headquarters and branches must be isolated from each other for security.
Intrusion prevention products can be deployed in off-line mode on networks to monitor the network security conditions. In such a scenario, the intrusion prevention product records attack events and web application traffic conditions, to provide evidence for cyber security event audit and user behavior analysis, but does not take defense actions. The NIP6000 is attached to a switch, and the switch sends a copy of traffic to be checked to the NIP6000 for detection and analysis.
Model | NIP6610 | NIP6330 | NIP6620 | NIP6650 | NIP6680 |
---|---|---|---|---|---|
Performance | Mid-range FE | Low-end Gigabit | Mid-range Gigabit | High-end Gigabit | Mid-range 10 Gigabit |
Scalability | |||||
IPS Throughput | 600 Mbit/s | 1.0 Gbit/s | 2.0 Gbit/s | 6.0 Gbit/s | 15.0 Gbit/s |
Fixed Ports | 4 GE + 2 Combo | 8 GE + 4 SFP | 8 GE + 4 SFP | 8 GE + 4 SFP | 4 x 10 GE +1 6 GE + 8 SFP |
Height | 1U | 3U | |||
Dimensions (mm) | 442 x 421 x 43.6 | 442 x 415 x 130.5 | |||
Weight | 10 Kg | 24 Kg | |||
Hard Disk | Optional. Supports one 300 GB hard disk (hot-swappable). | Optional. Supports one 300 GB hard disk (RAID1 and hot-swappable). | |||
Redundant Power Supply | Optional | Standard | |||
AC Power Supply | 100V to 240V | ||||
DC Power Supply | - | -48V to -60V | |||
Power Consumption | 170W | 350W | |||
Operating Environment |
0°C to 45°C (without optional hard disk)
10% to 90% |
||||
Functions | |||||
Intelligent Management | Detects the types, operating systems, and enabled services of protected IT assets and dynamically generates suitable intrusion prevention policies for the IT environment. | ||||
Evaluates the risk level of attack events based on the IT environment so that administrators can process critical attack events and ignore false positive attacks. | |||||
Identifies application types of live network traffic and determines whether to implement intrusion detection based on the risk levels of the identified application types. | |||||
Provides multiple types of logs, such as threat logs, operation logs, system logs, and policy matching logs, for the administrator to learn about network events. | |||||
Provides multiple types of reports, such as traffic reports, threat reports, and policy matching reports, for the administrator to view network traffic and threat status. The NIP can also interwork with an eSight to provide more comprehensive and diversified reports. |
|||||
Provides a web UI, CLI (console, Telnet, and sTelnet), and network management system (SNMP) for device management. | |||||
Intrusion Prevention | Defends against common attacks, such as Worms, Trojan horses, botnets, cross-site scripting, and SQL injection, based on the signature database, and provides user-defined signatures to defend against new attacks. | ||||
APT Detection | Detects APT attacks based on reputation systems and the sandbox. The NIP6300/6600 sends suspect files to the sandbox for detection and then displays attack events based on the sandbox detection result. | ||||
Supports IP and C&C reputation to detect and prevent malicious IP addresses and domain names. | |||||
Application Security | Automatically learns traffic patterns and defends against multiple types of DDoS attacks at the application layer, including HTTP, HTTPS, DNS, and SIP flood attacks. | ||||
Scans for viruses in files transmitted through HTTP, FTP, SMTP, POP3, IMAP, NFS, and SMB and prevents virus-infected files from being transmitted. | |||||
Identifies more than 6,000 applications, including P2P, IM, online gaming, social networking, video, and audio applications, and takes actions (block, traffic limiting, application usage display) for the identified applications. | |||||
Web Security | Decrypts HTTPS traffic and detects threats. | ||||
Provides a URL blacklist to control online behavior. | |||||
Network Security |
Detects threats in IPv6 traffic. |
||||
Detects threats in VLAN, QinQ, MPLS, GRE, IPv4 over IPv6, and IPv6 over IPv4 tunnel traffic. | |||||
Automatically learns traffic patterns and defends against multiple types of DDoS attacks at the network layer, including SYN, UDP, ICMP, and ARP flood attacks. | |||||
Defends against multiple types of single-packet attacks, including:
|
|||||
Blacklists the source or destination IP addresses of attacks to block the follow-up packets from or to the blacklisted IP addresses. | |||||
High Availability | Supports hot backup protocols, such as VRRP, VGMP, and HRP, and provides a hot standby mechanism to ensure that services can automatically and smoothly switch to the standby device if the active device fails. | ||||
Provides a bypass card to ensure service continuity if the system encounters faults (such as hardware failures, and devices being powered off). | |||||
Provides visualized fault diagnosis for the administrator to diagnose all possible fault causes and automatically displays the diagnosis results and troubleshooting suggestions. | |||||
Signature Database Update | Supports online and offline updates of the IPS-SDB, SA_SDB, and antivirus SDB for the device to have the latest defense capabilities. |