Protection Modules

Deep Security is a software solution that protects dynamic datacenters. One or more of the following protection modules can be deployed to the server or virtual machine in a single Deep Security Agent. The Deep Security Agent is unified across physical and virtual environments.

 

The table below outlines key datacenter security requirements and the specific Deep Security modules used to address them.

= Essential = Advantageous
  Deep Security Modules
  Deep Packet Inspection      
Datacenter
Requirement		 IDS/IPS Web App
Protection		 Application
Control		 Firewall Integrity
Monitoring		 Log
Inspection
Server
Protection		    
Web Application
Security		    
Virtualization
Security		  
Suspicious
Behavior
Detection		  
Virtual Machine
Isolation		          
Cloud Computing
Security		  
Compliance
Reporting

Deep Packet Inspection (DPI) Protection Module

The high-performance deep packet inspection engine examines all incoming and outgoing traffic, including SSL traffic, for protocol deviations, content that signals an attack, or policy violations. It can operate in detection and prevention modes to protect operating systems and enterprise application vulnerabilities. It protects web applications from application-layer attacks including SQL injection and cross-site scripting. Detailed events provide valuable information, including who attacked, when they attacked and what they attempted to exploit. Administrators can be automatically notified via alerts when an incident has occurred. Deep packet inspection is used for intrusion detection and prevention, web application protection, and application control.

Intrusion Detection and Prevention (IDS/IPS)

By shielding vulnerabilities in operating systems and enterprise applications until they can be patched, Intrusion detection and prevention helps enterprises achieve timely protection against known and zero-day attacks. Vulnerability rules shield a known vulnerability—for example those disclosed monthly by Microsoft—from an unlimited number of exploits. Deep Security includes out-of-the-box vulnerability protection for over 100 applications, including database, web, email and FTP servers. Rules that shield newly discovered vulnerabilities are automatically delivered within hours, and can be pushed out to thousands of servers in minutes, without a system reboot. Learn more about vulnerability gaps.


Web Application Protection

Deep Security enables compliance with PCI Requirement 6.6 for the protection of web applications and the data that they process. Web application protection rules defend against SQL injections attacks, cross-site scripting attacks and other web application vulnerabilities, and shield these vulnerabilities until code fixes can be completed.


Application Control

Application control rules provide increased visibility into, or control over, the applications that are accessing the network. These rules can also be used to identify malicious software accessing the network, or to reduce the vulnerability exposure of your servers.

Firewall Protection Module

The bi-directional stateful firewall provides centralized management of server firewall policy, and includes pre-defined templates for common enterprise server types.
Key features and benefits include:

  • Virtual machine zoning
  • Fine-grained filtering (IP & MAC addresses, Ports)
  • Coverage of all IP-based protocols (TCP, UDP, ICMP, …)
  • Coverage of all frame types (IP, ARP, …)
  • Prevents Denial of Service (DoS) attacks
  • Design policies per network interface
  • Detection of reconnaissance scans
 

Integrity Monitoring Protection Module

This module monitors critical operating system and application files (files, directories, registry keys and values, etc.), this module detects malicious and unexpected changes.
Key features and benefits include:

  • Real-time, on-demand, or scheduled detection of change
  • Extensive file property checking, including attributes (PCI 10.5.5)
  • Monitor specific directories, file system modifications, and new file creations
  • Flexible, practical monitoring through includes/excludes
  • Auditable reports
 

Log Inspection Protection Module

This module collects and analyzes operating system and application logs for security events. Log Inspection rules optimize the identification of important security events buried in multiple log entries. These events are forwarded to a security information and event management (SIEM) system or centralized logging server for correlation, reporting and archiving. This module leverages and enhances open-source software available at OSSEC.
Key features and benefits include:

  • Suspicious behavior detection
  • Collection of security-related administrative actions
  • Optimized collection of security events across your datacenter
  • Advanced rule creation using OSSEC rule syntax