NFR Security Unveils Latest IPS Appliance

The device, dubbed Sentivist, was launched on Monday. It boasts a confidence indexing mechanism that qualitatively ranks each threat, then enables customers to set thresholds targeting those threats that exceed minimum levels of importance.

According to Andre Yee, CEO of the Rockville, Md.-based firm, the new IPS appliance enables administrators to plug in the device, set it up and let it run, eliminating the need for time-consuming maintenance.

"We believe that intrusion defense as a whole is evolving from smart detection into a phase of trusted prevention," said Yee. "Our indexing process determines what's worth fighting so our customers don't have to."

As Yee explained, Sentivist's indexing strategy largely is based on heuristics. The system assigns a qualitative score to each detected event. This score denotes the system's confidence in the veracity of the event. Security administrators can set prevention levels so that only malicious traffic with a high percentage of certainty will be dropped.

Once comfortable with a particular level of accuracy, an administrator can adjust the percentage of certainty to increase prevention without compromising the risk of dropping legitimate traffic.

The appliance also offers application-specific protection, enabling customers to program special instructions for handling technologies such as instant messaging or VoIP. In the event of protocol anomalies, such as an unusually long FTP command, Sentivist assigns a lower score since the anomaly may indicate either a possible attack or benign misuse of the protocol by an application.

Of course, users also can override the system-assigned index value and assign their own values as desired. Sentivist even includes white list capabilities to help users prevent self-inflicted attacks, such as denial of service to legitimate users.

With all of these capabilities, the Sentivist product had resellers excited about its profit potential.

"By giving users the ability to index attack characteristics against network assets, [Sentivist] allows customers to measure threats and drop traffic based on a confidence level that they predetermine," said Brian Philips, director of technical operations at NST, Chicago. "Not only does this boost their confidence, but it also reduces their risk."

Yee said solution providers can resell the product immediately. Pricing was not yet available.