eTrust Intrusion Detection Features and Benefits

Enterprise Management Features

Feature	Description	Benefit
Performance Optimization	Product works with high-end network load balancers from Top Layer and Stonesoft.	Integration with third-party load balancing solutions enables higher throughput and scalability.
Automatic Signature Updates	eTrust Intrusion Detection can update signatures automatically, even through a proxy server.	Streamlines administration and ensures the use of current updates.
Enterprise Rules Manager	Support of multiple engines.	Greater flexibility and control of the use of rules.
Centralized Console Manager	eTrust Intrusion Detection can collect information on policy violations (hacks and AUP breaches) and send it to a central console. Email, NT message, pager, and other actions can also be used to transmit alerts.	No matter what kind of alert a customer requires, be it customized email, or pager messages, alerts can be sent with the requisite information in near real-time.
Comprehensive Reports	Report Viewer allows users to view the reports based on specific protocols, users, or groups of users. Examples include summary, common, web surfing, protocol traffic, events and definition reports.	Customers gain better intelligence about network usage as they can issue detail reports on specific activities in the network.
Enterprise Integration	eTrust Intrusion Detection is integrated with other key eTrust and CA technologies, including eTrust Audit using both Real-Time Monitor and Collector facilities. Severities can be set using an easy to use drop down list with severity status represented by icons common to both applications.	This gives clients the ability to see alerts from hosts and networks in the same view. This integration creates a more comprehensive network and host-based detection and monitoring solution.
Enterprise Integration	eTrust Access Control can restrict access to the eTrust Intrusion Detection network sensor service by allowing access to only those logging in from authorized IP addresses. eTrust Access Control locks down all service ports except those required for Central Alerting and Remote Viewer.	Integration with eTrust Access Control increases the security of the network and perimeter security.
Enterprise Integration	Alerts from eTrust Intrusion Detection can be collated together with other eTrust product alerts creating a single console for security and network event management and correlation.	Customers optimize their investment by creating a single point of security and network alerts.

Network Protection Features

Feature	Description	Benefit
Integrated Virus Scanning	eTrust Intrusion Detection contains eTrust Secure Content Management's ‘malware’ scanning engine.	The integration with eTrust Secure Content Management provides an ideal solution for protection against malicious content.
Packet Based Rules	In addition to pattern matching, eTrust Intrusion Detection provides Packet Based Rules, an accurate method of analysis that allows a sensor to perform additional processing functions, invoke actions, and save packets for future investigation.	This cutting-edge technology not only makes eTrust Intrusion Detection more efficient, but also lowers ‘false positive’ rate, one of the biggest issues facing intrusion detection administrators.
Active Response to Hostile Events	eTrust Intrusion Detection has the ability to update the rules base of eTrust Firewall as well as Checkpoint FW –1, and the ACL table of Cisco routers. In addition, many attacks can be blocked in near real-time.	This functionality allows clients to make their network ‘disappear’ from the view of a hacker by stopping the response to DNS requests or reinforcing Firewall Rule Policies. This capability prevents attackers from reaching or otherwise gaining more information about their intended targets.

Session Monitoring Features

Feature	Description	Benefit
Load Measuring	A new utility called NetLoad enables customers to monitor and log both total and service/protocol-specific traffic rates for a given subnet.	By knowing network traffic information, network utilization rates up front, improved requirements for IDS implementation can be obtained.
Network Usage Logging	eTrust Intrusion Detection via its Log View Server provides an instantaneous view of how network bandwidth is being used by major TCP/UDP protocols	Allows clients to see how much of their network capacity is being used by HTTP, SMTP, Telnet and FTP right after it installed. Supported with easy-to-understand and customizable pie charts.
Content Monitoring Functionality	eTrust Intrusion Detection provides out-of-the-box content monitoring of HTTP, SMTP, FTP and Telnet traffic.	Parses traffic so you can see the actual website in the viewer application and what employees are using email and web services for.
User Level Accountability	eTrust Intrusion Detection can assign by NT username, IP addresses and MAC address to HTTP, FTP, Telnet and any other TCP/UDP session	Administrators can activate specific rules on a user or group basis, using details contained in NT Domains. In case of litigation, administrators can produce a digitally signed log showing specific user activity.

Internet Content Blocking Features

Feature	Description	Benefit
URL Blocking	eTrust Intrusion Detection can block access to websites on a per user basis that falls outside an organization's Acceptable Usage Policy. URL list is broken down into 27 categories.	Allows companies to maximize network and employee resources by reducing non-business related web surfing.
Network Access Control	eTrust Intrusion Detection can prevent groups of identified or unidentified users from gaining access to specified devices or network objects by NT user name, IP Address or MAC address.	This provides unparalleled access control at the network level.
Network Watch and Patrol	Offers the ability to detect traffic, which violates policy. Violating session can automatically be closed.	This offers unobtrusive enforcement of policy for defending against abuse unlike other solutions and has zero impact on performance.