Hillstone S-Series
Network Intrusion Prevention System (NIPS)
S600 / S1060 / S1560 / S1900 / S2100 / S2160 / S2700 / S2660 / S3560 / S3500 /
S3860 / S3900 / S5500 /
S5560
As the threat landscape continues to evolve aggressively, an increasing number of network pro-tection technologies have quickly emerged. Among these various technologies, Intrusion Preven-tion System (IPS) remains one of the most widely deployed solutions, regardless of platform or form factor.
Hillstone Network-based IPS (NIPS) appliance operates in-line, and at wire speed, performing deep packet inspection, and assembling inspection of all network traffic. It also applies rules based on sev
eral methodologies, including protocol anomaly analysis and signature analysis to block threats. Hillstone NIPS can be deployed in the network to inspect traffic left undetected by perimeter solutions, and is an integral part of network security systems for its high-performance, no compromise, best-of-breed protection capability and broad and flexible deployment scenarios.
Product Highlights
Unparalleled Threat Protection without Performance Compromise
The Hillstone NIPS platform has the most comprehensive high performance inspection engine, combined with the best-of-breed signature partnering with leading technology part-ners, providing customers the highest threat detection rate with the lowest total cost of ownership (TCO). Hillstone IPS engine has 99.6% blocking rate of static exploits and 98.325% blocking rate of live exploits (reported by NSS Labs).The Hillstone NIPS platform provides high throughput, low latency and maximum availability to maintain efficient secu -rity operations without compromising network performance.  NIPS combines protocol analysis, threat reputation and other features that deliver threat protection from Layer 2 to Layer 7, including ARP attack, Dos/DDoS attack, abnormal protocols, malicious URLs, malwares and web attacks.
Granular Reporting with User Targeted Viewpoints
Hillstone NIPS provides comprehensive visibility based on protocol, application, user and content. It can identify more than 4,000 applications, including hundreds of mobile and cloud applications.
Bringing multiple sources together, the system can identify contextual information to make proper blocking decisions. With a granular and robust reporting function, it offers visibil-ity across different views:
• Unique templates, based on whether you are a business system administrator, a security administrator or the CIO or executive.
• Organized Threat Content – whether a security, system risk, network threat or traffic view – in order to help you clearly understand the risk and make the right decision.
Product Highlights (Continued) Features
Intrusion Prevention
• 12,700+ signatures, protocol anomaly detection, rate-based detection, custom signatures, manual, automatic push or pull signature updates, integrated threat encyclopedia
• IPS Actions: monitor, block, reset (attackers IP or victim IP, incoming interface) with expiry time
• Packet logging option
• Filter based selection and review: severity, target, OS, application or protocol • IP exemption from specific IPS signatures
• IDS sniffer mode
• IPv4 and IPv6 rate based DoS protection with threshold settings against TCP Syn flood, TCP/UDP/SCTP port scan, ICMP sweep, TCP/UDP/SCIP/ICMP session flooding (source/destination)
• Active bypass with bypass interfaces
• Predefined prevention configuration
• Support web server protection, including CC attack, external link attack, iframe, cross-site request forgery (CSRF) attack, etc.
• Support protection of brute force attack including FTP, MSRPC, POP3, SMTP, SUNRPC and telnet
• Support weak password detection for FTP, MSRPC, POP3, SMTP, SUNRPC and telnet
• Threat Details support URI and Attack Data Decoding
• Support MPLS frame inspection
Threat Correlation Analytics
• Correlation among unknown threats, abnormal behavior and application behavior to discover potential threat or attacks
• Multi-dimension correlation rules, automatic daily update from the cloud Advanced Threat Detection
• Behavior-based advanced malware detection
• Detection of more than 2000 known and unknown malware families including Virus, Worm, Trojan, Spyware, Overflow etc
• Real-time, online, malware behavior model database update
Abnormal Behavior Detection
• Behavior modeling based on L3-L7 baseline traffic to reveal anomalous network behavior, such as HTTP scanning, Spider, SPAM, SSH/FTP weak password, and spyware
• Detection of DDoS including Flood, Sockstress, zip of death, reflect, DNS query, SSL DDos and application DDoS
• Supports inspection of encrypted tunneling traffic for unknown applications • Real-time, online, abnormal behavior model database update
Antivirus
• Manual, automatic push or pull signature updates
• Flow-based antivirus: protocols include HTTP/HTTPS, SMTP, POP3, IMAP, FTP/ SFTP, SMB
• Compressed file virus scanning Attack Defense
• Abnormal protocol attack defense
• Anti-DoS/DDoS, including SYN Flood, DNS Query Flood defense
• ARP attack defense
• IP scanning and port scanning
URL Filtering
• Flow-based web filtering inspection
• Manually defined web filtering based on URL, web content and MIME header
• Dynamic web filtering with cloud-based real-time categorization database: over 140 million URLs with 64 categories (8 of which are security related)
• Additional web filtering features:
- Filter Java Applet, ActiveX or cookie
- Block HTTP Post
- Log search keywords
- Exempt scanning encrypted connections on certain categories for privacy
• Web filtering profile override: allows administrator to temporarily assign different profiles to user/group/IP
• Web filter local categories and category rating override
• Support allow/block list
• Customizable alarm
Anti-Spam
• Real-time spam classification and prevention
• Confirmed spam, suspected spam, bulk spam, valid bulk
• Protection regardless of the language, format, or content of the message
• Support both SMTP and POP3 email protocols
• Inbound and outbound detection
• Whitelists to allow emails from trusted domain/email addresses
• User-defined blacklists
Cloud-Sandbox
• Upload malicious files to cloud sandbox for analysis
• Support protocols including HTTP/HTTPS, POP3, IMAP, SMTP and FTP
• Support file types including PE, ZIP, RAR, Office, PDF, APK, JAR and SWF
• File transfer direction and file size control
• Provide complete behavior analysis report for malicious files
• Global threat intelligence sharing, real-time threat blocking
• Support detection only mode without uploading files
Data Security
• Web content filtering and file content filtering
• Support file filtering with over 100 file formats
• Support network behavior recording
Ease of Deployment and Centralized Management Deploying and managing the Hillstone NIPS is simple, with minimum overhead. It can be deployed in the following modes to meet security requirements and ensure optimal network connectivity:• Active protection (intrusion prevention mode), real time monitoring and blocking.
• Passive detection (intrusion detection mode), real time monitoring and alert.
The Hillstone NIPS can be managed by the Hillstone Security Management Platform (HSM). Administrators can centrally register, monitor, and upgrade NIPS devices deployed in differ-ent branches or locations, with a unified management policy across the network for maximum efficiency.
Features (Continued)
Botnet C&C Prevention
• Discover intranet botnet host by monitoring C&C connections and block further advanced threats such as botnet and ransomware
• Regularly update the botnet server addresses
• Prevention for C&C IP and domain
• Support TCP, HTTP, and DNS traffic detection
• IP and domain whitelists
IP Reputation
• Identify and filter traffic from risky IPs such as botnet hosts, spammers, Tor nodes, breached hosts, and brute force attacks
• Logging, dropping packets, or blocking for different types of risky IP traffic
• Regular IP reputation signature database upgrade
Application Control
• Over 4,000 applications that can be filtered by name, category, subcategory, technology and risk
• Each application contains a description, risk factors, dependencies, typical ports used, and URLs for additional reference
• Actions: block, monitor
• Provide multi-dimensional monitoring and statistics for applications running in the cloud, including risk category and characteristics
• Support encrypted application
Quality of Service (QoS)
• Support encrypted application
• Max/guaranteed bandwidth tunnels or IP/user basis
• Tunnel allocation based on security domain, interface, address, user/user group, server/server group, application/app group, TOS, VLAN
• Bandwidth allocated by time, priority, or equal bandwidth sharing
• Type of Service (TOS) and Differentiated Services (DiffServ) support
• Prioritized allocation of remaining bandwidth
• Maximum concurrent connections per IP
• Bandwidth allocation based on URL category
• Bandwidth limit by delaying access for user or IP
IPv6
• Management over IPv6, IPv6 logging and HA
• IPv6 tunneling, DNS64/NAT64 etc
• IPv6 routing protocols, static routing, policy routing, ISIS, RIPng, OSPFv3 and BGP4+
• IPS, Application identification, Antivirus, Access control, ND attack defense VSYS
• System resource allocation to each VSYS
• CPU virtualization
• Non-root VSYS support IPS, URL filtering, Policy, QoS, etc.
• VSYS monitoring and statistics
• Support backup of all VSYS configurations at once
SSL Proxy
• SSL offload: SSL traffic decryption
• SSL require/ exempt: SSL traffic allowed or block based on the policy rules without decryption
Flexible Traffic Analysis and Control
• Support 3 operation modes: Route/NAT (layer 3) , Transparent (layer 2) with optional bypass interface, and TAP mode (IDS Mode) with Hillstone Firewall Integration
• Traffic analysis and control based on policy rules by source/destination zone, source/destination IP address, users, service or applications High Availability
• Redundant heartbeat interfaces
• AP and peer mode
• Standalone session synchronization
• HA reserved management interface
• Failover:
- Port, local & remote link monitoring
- Stateful failover
- Sub-second failover
- Failure notification
• Deployment Options:
-  HA with link aggregation
-
  Full mesh HA
-  Geographically dispersed HA
Visible Administration
• Management access: HTTP/HTTPS, SSH, telnet, console
• Central Management: Hillstone Security Manager (HSM), web service APIs • Two-factor authentication:  username/password, HTTPS certificates file
• System Integration: SNMP, syslog, alliance partnerships
• Rapid deployment: USB auto-install, local and remote script execution
• Dynamic real-time dashboard status and drill-in monitoring widgets
• Storage device management: storage space threshold customization and alarm, old data overlay, stop recording.
• Language support: English
Logs and Reporting
• Logging facilities: local storage for up to 6 months, multiple syslog servers and multiple Hillstone Security Audit (HSA) platforms
• Encrypted logging and log integrity with HSA scheduled batch log uploading • Reliable logging using TCP option (RFC 3195)
• Detailed traffic logs: forwarded, violated sessions, local traffic, invalid packets • Comprehensive event logs: system and administrative activity audits, routing & networking, VPN, user authentications, WiFi related events
• Log aggregation: support aggregation of AV and C&C logs
• IP and service port name resolution option
• Brief traffic log format option
• Granular Reporting with User Targeted Viewpoints
-  HA Management/C-level View
-  Business System Owner View
-  Network Security Administrator View
Statistics and Monitoring
• Application, URL, threat events statistic and monitoring
• Real-time traffic statistic and analytics
• System information such as concurrent session, CPU, Memory and temperature
• iQOS traffic statistic and monitoring, link status monitoring
• Support traffic information collection and forwarding via Netflow (v9.0)
• Cloud-based threat intelligence push service
• Geographical distribution of external network attacks
CloudViewsession和application的区别
• Cloud-based security monitoring
• 24/7 access from web or mobile application
• Device status, traffic and threat monitoring
• Cloud-based log retention and reporting
500 GB (optional)
Dimension              (W×D×H, mm)16.9 × 11.8 × 1.7 in
(430×300×44mm)
17.1×12.6×1.7 in
(436x 320x 44mm)
16.9 x 14.8 x 1.7 in
(430x375x44mm)
Weight14.3 lb (6.5 kg)14.33 lb (6.5kg)22.0 lb (10 kg)
Temperature32-104°F (0-40°C)32-104°F (0-40°C)32-104°F (0-40°C) Relative Humidity5-85% (no dew)10%~95% (no dew)5-85% (no dew)
14 Gbps
Consumption  1 + 1    1 + 1    1 + 1
Dimension              (W×D×H, mm)16.9 × 19.7 × 3.5 in
(430×500×88mm)
16.9 × 19.7 × 3.5 in
(430×500×88mm)
17.1×21.3×1.7 in
(436x542x44mm)
Weight35.3 lb (16 kg)35.3 lb (16 kg)32.6 lb (14.8kg)
Temperature32-104°F (0-40°C)32-104°F (0-40°C)32-104°F (0-40°C) Relative Humidity5-85% (no dew)5-85% (no dew)10%~95% (no dew)

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。