New forms of attack are constantly being developed, and relying solely on signature-based security is no protection against the many new virus variants or against the sheer volume of new malware types. StormShield’s integrated Host Intrusion Protection System (HIPS) complements the integrated signature-based anti-virus/anti-spyware service and addresses this challenge through a unique combination of proactive methods to combat unknown attacks:

System Hardening | Intrusion Prevention | Behavioral analysis | Rule-Based Protection

Network Intrusion Prevention

A number of threats to the endpoint may be detected and blocked at the network interface level, before they actually penetrate the system. StormShield defends against network-based attacks by providing a series of firewall options, including a stateful Network Driver Interface Specification (NDIS) firewall. Instead of protecting devices at the application layer, the NDIS firewall communicates directly with each network interface card (NIC). As a result, it protects the PC from the moment traffic enters it, blocking undesired communications at the lowest level.

StormShield also examines the network traffic flow, detecting and blocking unusual activity such as floods, port scans, or ARP cache poisoning. An embedded Intrusion Detection System (IDS) dynamically applies firewall filtering rules if an anomaly is detected. Such protection of network traffic on each endpoint also provides stronger overall network security, as StormShield’s distributed architecture prevents a compromised endpoint from infecting other devices.

StormShield protects from network intrusion through:

• Protocol analysis
• Blocking port scans
• Network floods prevention
• Detecting and preventing ARP cache poisoning
• Advanced firewall filtering