|Intelligent management||Detects the types, operating systems, and enabled services of protected IT assets and dynamically generates suitable intrusion prevention policies for the IT environment.|
|Evaluates the risk level of attack events based on the IT environment so that administrators can process critical attack events and ignore false positive attacks.|
|Identifies application types of live network traffic and determines whether to implement intrusion detection based on the risk levels of the identified application types.|
|Provides multiple types of logs, such as threat logs, operation logs, system logs, and policy matching logs, for the administrator to learn about network events.|
|Provides multiple types of reports, such as traffic reports, threat reports, and policy matching reports, for the administrator to view network traffic and threat status. The NIP can also interwork with an eSight to provide more comprehensive and diversified reports.|
|Provides a web UI, CLI (console, Telnet, and sTelnet), and network management system (SNMP) for device management.|
|Intrusion prevention||Defends against common attacks, such as Worms, Trojan horses, botnets, cross-site scripting, and SQL injection, based on the signature database, and provides user-defined signatures to defend against new attacks.|
|APT detection||Detects APT attacks based on reputation systems and the sandbox. The NIP6000 sends suspect files to the sandbox for detection and then displays attack events based on the sandbox detection result.|
Supports IP and C&C reputation to detect and prevent malicious IP addresses and domain names.
|Application Security||Automatically learns traffic patterns and defends against multiple types of DDoS attacks at the application layer, including HTTP, HTTPS, DNS, and SIP flood attacks.|
Scans for viruses in files transmitted through HTTP, FTP, SMTP, POP3, IMAP, NFS, and SMB and prevents virus-infected files from being transmitted.
Identifies more than 6000 applications, including P2P, IM, online gaming, social networking, video, and audio applications, and takes actions (block, traffic limiting, application usage display) for the identified applications.
|Web security||Decrypts HTTPS traffic and detects threats. Provides a URL blacklist to control online behavior.|
|Network security||Detects threats in IPv6 traffic. Detects threats in VLAN, QinQ, MPLS, GRE, IPv4 over IPv6, and IPv6 over IPv4 tunnel traffic. Automatically learns traffic patterns and defends against multiple types of DDoS attacks at the network layer, including SYN, UDP, ICMP, and ARP flood attacks.|
Defends against multiple types of single-packet attacks, including:
• Scanning attacks, such as IP sweep and port scanning
• Malformed packet attacks, such as IP spoofing, LAND, Smurf, Fraggle, WinNuke, Ping of Death, TearDrop, IP fragment, ARP spoofing, and attacks using invalid TCP flags Control message attacks, such as oversized ICMP packets, ICMP unreachable packets, ICMP redirect packets, Tracert, packets with options such as IP source routing, IP record route, and IP timestamp
Blacklists the source or destination IP addresses of attacks to block the follow-up packets from or to the blacklisted IP addresses.
|High availability||Supports hot backup protocols, such as VRRP, VGMP, and HRP, and provides a hot standby mechanism to ensure that services can automatically and smoothly switch to the standby device if the active device fails.|
Provides a bypass card to ensure service continuity if the system encounters faults (such as hardware failures, and devices being powered off).
Provides visualized fault diagnosis for the administrator to diagnose all possible fault causes and automatically displays the diagnosis results and troubleshooting suggestions.
|Signature database update||Supports online and offline updates of the IPS-SDB, SA_SDB, and antivirus SDB for the device to have the latest defense capabilities.|