IDS intrusion detection system

Products IDS Advant

Publisth Date:2012-12-10
Efficient and precise Intrusion Response Module detection: The performances of the USEUniform Secure Engineautonomously developed by LeadSec are 3 to 5 times as strong as those of ordinary detection engines and 100Mbps and 1Gbps products both can realize wire-speed-level high-performance processing. It comprehensively applies such methods as protocol analysis, protocol recombination, quick feature match, exceptional behavior detection, etc, which also include the following core techniques:
Virtual engine technique capable of parallel data collection: The Sensor can be virtualized into multiple independent detection engines and thus different detection and response policies can be applied; virtual detection engines can collaboratively collect data from multiple listening ports and analyze and detect them in a converged manner.

Efficient split mechanism for pre-inspection with security policies: The detection engine checks the collected original data to decide whether they meet the global security policies in advance and performs the data filtering operation on security incidents so as to improve the detection performances and reduce the false Alert rate.
Application analysis algorithm for in-depth content detection: By comprehensively adopting the intelligent IP defragmentation and intelligent TCP streaming session recombination techniques and behavior-based in-depth content detection algorithm, it effectively improves the issues of high false Alert rate and high Alert omission that many IDSs have; by storing session contents, it can replay multiple application messages after the events occurred.

The flow chart for intrusion detection processing by LeadSec IDS virtual engines

Convenient and Flexible Intelligent Management
The unified management and control functions based on the LeadSec security management system can result in a multi-level and distributed IDS management system for centralized monitoring and hierarchical deployment, which can complete the development and distribution of security policies, establish the global early-warning mechanism for security information and comprehensively conform to the administration model featuring China’s actual conditions. The LeadSec IDS also has the following unique management advantages:
Precise network traffic detection: It can record and display the current normal and anomalous network traffics and the number of sessions graphically in real time, truly reflect the processing capacity of the current Sensor, display the number of packets lost objectively and provide basis for scientific and rational deployment of devices.
Quick anomalous issue locating: It can utilize such functions as the quick exceptional host traffic locating, correlative even analysis, etc to give Alerts against the virus breakout in advance and can quickly locate the gateway address embezzlements based on the IP/MAC address binding function.
Focusing monitoring on critical services: To deal with the issue that critical servers can customize event features and modify the existing rule threshold, personalized detection policies can be developed in a targeted manner and the service operation statuses can be monitored in real time to make a response and block attacks well targeted by giving Alerts, thus achieving real-time and secure interlock response.
Real-time proactive blocking: The Sensor can proactively send RST packets to cut off the attacking sessions, thus meeting the requirement for blocking attacks in real time. Diversified interlock responses: The LeadSec can interlock with such devices as firewalls, routers, etc following the correlative security criterion (CSC) to integrate with the LeadSec security management system so as to in turn form a strong automatic joint defense system, thus addressing the issue of the Intrusion Response Module detection information island.
About us
Company profile
Qualification and awards
Safety products
Network border security product series
Application and data security product series
All net security risk administration product series
Security service
Security service system
Service qualification
Foundational security service
Secure service products
Contact us