Reflex Security Optional Modules

Introduction: Reflex Security Optional Modules

	Network Defender
	Network Discovery
	Anti-Virus Gateway
	Anti-Spyware

Network Defender

Security Policy Enforcement and Quarantine
In the early days of online security the network perimeter could reasonably be considered as the “front lines”.  Unfortunately in a world of unsecured laptops, wireless access, zombie machines and other threats, this view is obsolete.  Today, a threat may just as easily originate inside your network as from the outside.  An effective security and compliance system needs to adapt to this reality and provide appropriate internal monitoring and control.

The Reflex Network Defender™policy enforcement module works in conjunction with Network Discovery to detect and quarantine infected, disruptive or unauthorized internal hosts from the rest of the network.  Using open standard protocols, Reflex Network Defender leverages legacy switches, routers and access points to enforce user-defined access policies.  When Network Defender detects an unauthorized device or policy violation, it issues network access control instructions to an IEEE 802.1X compliant network device.  This allows network administrators to maintain appropriate control over new or potentially rogue hosts.

Reflex Network Defender’s ability to work with existing infrastructure eliminates the need for network reconfiguration and also ensures network performance and reliability.  The ability to manage ACLs centrally also saves work for network administrators.

When Reflex Network Defender detects an attack, the system automatically implements one of several configurable responses in real time:

• Alert/Log and take no further action.
• Quarantine infected or unauthorized hosts.
• Send E-mail, SNMP traps or syslog output based on alert event or system event.

Reflex Network Defender adds essential control mechanisms to secure both physical and virtualized networks.

top of page

Network Discovery

Security Scanner
A proactive network defense and regulatory compliance strategy begins with an understanding of the assets that must be protected and where they are most exposed to risk.  Unfortunately, maintaining complete awareness in an organic network environment is a tough challenge.
The Reflex Network Discovery™ module helps administrators address these issues by dynamically profiling four key elements:

• Network assets: Servers, workstations, routers, firewalls, manageable switches, proxy servers, wireless access points and more.
• Network state: IP address, MAC address and active ports/services.
• Network communication flows: Includes both legitimate and attack traffic.
• Network Changes: Highlight new assets, services and behaviors.

The resulting information provides essential context for security threats and attacks and facilitates an appropriate, adaptive response.

Reflex Network Discovery delivers a real-time, graphical view of physical and virtualized network assets such as servers, workstations, routers, manageable switches, proxy servers, wireless access points and more.  It also profiles communication flows between network nodes and makes it easy to identify changes or additions to system services, state or roles.  Unlike active vulnerability scans that introduce potentially disruptive traffic to create a “snapshot” view of the network, Reflex network Discovery uses a passive, non-disruptive scanning technology to provide persistent awareness.  This presents more relevant, actionable information.

Reflex Network Discovery is an essential security tool for both physical and virtualized networks.  It identifies legitimate assets and communication flows as well as rogue resources and attack flows.  This hands-on view means you’ll see your network as it really is – not how it “should” be.  This perspective facilitates more effective network security and better compliance with regulations such as SOX, GLBA, and HIPAA.

Reflex Network Discovery operates as a completely passive device and does not introduce traffic, performance degradation or a potential point of failure to the network.  It determines network configuration, roles and behavior based on determinants contained within the network traffic flows.

top of page

Anti-Virus Gateway

Effective virus protection has become essential due to the rapid growth in the number of computer virus attacks, new virus strains, an increase in hacker activities and the availability of back-door utilities.  To counter these threats, the Reflex VirusEval anti-virus gateway offers an efficient combination of technologies capable of comprehensively protecting your E-mail traffic from all types of viruses.

The core of any anti-virus product is the so-called AV “engine,” a module that scans and detects malicious code. The reliability of virus detection, and hence, the security level provided by the engine, ultimately depends on the structure of the engine, detection methods, and heuristic technologies integrated into the anti-virus engine.

Unlike systems that only address a few high-profile viruses, the Reflex IPS AV engine is capable of detecting and defeating more than 85,000 different types of viruses and worms.  
The Reflex VirusEval module inspects every E-mail attachment traversing the IPS.  This delivers a unique combination of technologies necessary for successful detection of malicious code, including three primary types of detection logic:

• Search for Virus Signatures: Byte-to-byte comparison between received code and samples stored in the anti-virus database.
• Heuristic Method: Detects unknown viruses by analyzing a chain of instructions similar to the defined virus type.
• Emulation: The creation of object behavior models that emulate actions (such as unpacking files, modifying existing files, creating hidden files etc.) determine the nature of an object in question. Depending on emulation results, an object is assigned an appropriate danger category.

To ensure the on-going effectiveness of the system, the Reflex VirusEval module is automatically updated with the latest virus signatures and detection methodologies. The installation process is very simple and requires no network infrastructure changes.  This approach provides an effective, “set and forget” capability that increases both security and manageability.

When used in tandem with client-side anti-virus, the Reflex solution enables a layered defense mechanism that provides superior network protection and helps assure regulatory compliance. It provides effective anti-virus protection at the network perimeter, at the multi-gigabit network core and within virtualized server environments.

top of page

Anti-Spyware

Rogue spyware programs such as keyloggers, Trojans and adware pose a significant threat to system security and regulatory compliance.  In addition, the performance and stability problems resulting from these programs can create an unrealistic prevention/remediation burden for IT staff.  As a result, effective spyware prevention has become a top priority.

Unfortunately, spyware programs are evolving and the latest polymorphic versions attempt to evade detection by varying their install location, process names and other variables.

While these capabilities thwart many client-side spyware prevention systems, Reflex’s anti-spyware gateway addresses the challenge by detecting and disabling spyware at its most vulnerable point, while it is still in transit to the user workstation.  This eliminates the spyware threat before it has an opportunity to install and conceal itself on user systems.

When used in tandem with client-side anti-spyware, the Reflex solution enables a layered defense mechanism that provides superior network protection and helps assure regulatory compliance. It provides effective anti-spyware protection at the network perimeter, at the multi-gigabit network core and within virtualized server environments.

top of page

Datasheets:

• English Product Overview (PDF)
• Reflex Interceptor 1000 Product (PDF)
• Reflex System (PDF)
• Reflex Command Center ISM (PDF)
• Reflex Command Center ISM ROI (PDF)