Problems of IDS systems
- Standard cybersecurity tools do not capture attacks with unknown or unstable signature patterns
- A large number of errors when using detection methods other than signature
- Existing implementations of heuristic detection mechanisms have a large number of false positives
- Insufficient speed of attack detection mechanisms, high traffic delays
- Lack of integrated security systems, including wireless networks and smart device environments (Internet of Things)
Types of cyberattacks
- Denial of Service: Back, Land, Neptune, Pod, Smurf, Teardrop, Mailbomb, Processtable, Updstorm, Apache2, Worm
- Network Scanning: Satan, IPsweep, Nmap, Portsweep, Mscan
- Remote Access: Guess_password, Ftp_write, Imap, Phf, Multihop, WarezmasterXlock, Xsnoopm Snmpguess, Httptunnel, Sendmail, Named
- Privilege incresement: Buffer_overload, Loadmodule Rootkit, Perl, Sqlattack, Xterm, Ps.
Our solutionNGIDS - Next-generation Intrusion Detection SystemNGIDS NeuroFortress consists both of hardware and software parts for detecting and preventing security threats at all stages of receiving, transmitting and processing information, including local, network, wireless environments, as well as networks of smart devices and the Internet of things, based on effective machine learning algorithms
Purpose of the product:The product is aimed at ensuring information security through the use of promising machine learning algorithms in network infrastructure, wireless environment, and Internet of things systems. The developed hardware and software solutions can be used to prevent a wide range of cyber threats by organizations of urban economy, energy, transport, telecommunications, as well as private clients transforming their business processes in accordance with the requirements of the digital economy. Of particular note is the product's focus on the promising Internet of Things (IoT) industry.
Products included in NGIDS NeuroFortress:
- Intelligent fortress attack detection based on special ANNs
- Smart Firewall
- Hybrid antivirus.
Functionality of NGIDS NeuroFortress:Our system in its maximum options includes:
- A platform for collecting, analyzing and correlating events;
- Local intrusion detection and prevention system (including analysis of executable codes and connected devices, analysis of OSI 7 layer protocols)
- Software module for primary information processing;
- Program module for interacting with the API;
- Network Intrusion Detection and Prevention System with modules for integration into firewalls and services;
- Wireless intrusion detection system - including smart devices (Internet of Things) and activity on BT, BLE, ZigBee, Lora, etc;
- Monitoring of network nodes and clusters;
- Analysis of network anomalies, including wireless radio anomalies and anomalies of smart device networks (Internet of Things);
- Monitoring, alarm and control software module;
- Vulnerability Scanner - as a separate product and as an addition to system configuration out of the box;
- Exchange and transfer system for trained machine learning models (neural network);
- Many specialized plugins for parsing and correlating logs from various external devices and services, open API for developing external modules and plugins;
- A billing platform for the cost of services provided in an on-premises and cloud solution.
The novelty of the proposed solutions in NGIDS NeuroFortress:
- Usage of an intelligent approach of identifying and preventing information security threats using specialized neural networks, which allows using the potential of "self-learning" and going beyond the knowledge base of the expert system, as well as increasing the accuracy of determining new types of network anomalies, especially with respect to the Internet of things and smart devices, which distinguishes our product from classic security systems that require constant updating of the threat signature database and conduct analysis according to a predetermined template.
- Implementation of a unique technique for reducing the volume of key information accumulated in order to classify threats and detect network anomalies, which can significantly reduce network traffic, as well as reduce the likelihood of intercepting valuable information, this implementation differs from known systems that transmit complete information to the detector. blocks for analysis.
- Integrated approach to control various media transmission media, which allows to combine radio monitoring of wireless networks, networks of smart devices, analysis of network services, this distinguishes the product from existing solutions in terms of cybersecurity environment.
- Unique machine learning algorithms due to the specificity of the classification problems being solved, in the use of Kohonen layers, which allows to increase the convergence of solutions in the analysis of probable intrusions and heterogeneous traffic, this distinguishes the product from other neural network cyber threat detectors with high classification accuracy and speed of operation ...
- Modularity of the product, which allows a number of extensions and plug-ins to integrate into existing business processes of organizations and standard means of monitoring the state of network resources, servers and PCs, this distinguishes our solution from classic products on the market by high flexibility of integration into existing systems.
- Businesses and organizations using wireless networks, smart device environments and the Internet of Things (IoT)
- Small and medium enterprises, manufacturing, IT companies, copyright
- State-owned companies, energy, media
- Information protection of strategic objects
- Corporations, Banks, Payment Systems
- Private sector, User of mobile and desktop PCs, personal data.
- State structures
- Industrial sector
- Financial sector
- Mobile threats
- Internet of Things.