IPolicy IPS device aims low

Low-end version of intrusion-prevention firewally family can prevent users from accessing Web sites.

IPolicy Networks plans to introduce a low-end version of its high-end intrusion-prevention firewall family that also screens URLs to prevent users from accessing designated Web sites.

The device, called iPolicy 6410 IPF, sits in front of data centers or on networks where high volumes of traffic that need to be screened pass through, and can detect and block denial-of-service attacks, worms, Trojans or unwanted content. It also can create as many as 100 virtual security domains, each with its own policies for firewalls, intrusion-detection and -prevention, and URL filtering.

The device works by breaking open packets and applying all the appropriate filters before reassembling the packets and sending them on their way. This takes less than 100 millisec, the company says, much less than it would take to perform one security scan at a time, reassemble the packet after and forward it to the next screening application.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

IPolicy Networks plans to introduce a low-end version of its high-end intrusion-prevention firewall family that also screens URLs to prevent users from accessing designated Web sites.

The device, called iPolicy 6410 IPF, sits in front of data centers or on networks where high volumes of traffic that need to be screened pass through, and can detect and block denial-of-service attacks, worms, Trojans or unwanted content. It also can create as many as 100 virtual security domains, each with its own policies for firewalls, intrusion-detection and -prevention, and URL filtering.

The device works by breaking open packets and applying all the appropriate filters before reassembling the packets and sending them on their way. This takes less than 100 millisec, the company says, much less than it would take to perform one security scan at a time, reassemble the packet after and forward it to the next screening application.

The 6410 is being used by BigRiver.net, an ISP in Millington, Tenn., that had trouble with infected customer machines passing on malicious exploits to BigRiver.net's network, says Jim Key, the ISP's IT director.

Without the iPolicy gear, Key had to manually figure out where attacks were coming from after they had started, clogging his network and slowing down customer Internet access. "When worms try to propagate, they can eat up quite a lot of bandwidth," Key says. Once he figured out where the threat was coming from, he had to manually reset firewall rules to block it.

Click to see: iPolicy 6410

Now the 6410 handles this automatically and generates reports about IP addresses that are the source of trouble and a list of the top exploits being attempted against the network, Key says.

Key says he considered gear made by iPolicy competitor Cisco (its Monitoring, Analysis and Response System and Allot). Other competitors include OneSecure and TippingPoint Technologies.

The throughput of iPolicy 6410 is 1.2Gbps, the slowest of the 6400 family, which includes the 6420 at 2.4Gbps and the 6425 at 4Gbps. These high-speed devices also handle high numbers of concurrent sessions and are designed to handle traffic made up of small packets, such as VoIP and video, that require low, predictable delay to perform well. The new device can handle as many as 1 million sessions at a time.

IPolicy 6410 costs $60,000.

Read more about security in Network World's Security section.