|
ServerShield Features and Benefits
- Eliminates remote threats without blocking legitimate application requests or requiring server reboots
- Up-to-date protection for servers with no configuration changes and no agent installation
- Delivers appropriate protection for specific applications without requiring any manual tuning
ServerShield Dynamic Content ensures up-to-date server protection without interruption to availability.
Dynamic Protocol Handlers
- Full context decoding within and across sessions for over 70 protocols
- Eliminates exploit-bypass situations and false-negatives
- Addresses IP-, TCP- and UDP-level evasion techniques such as IP fragmentation and TCP segmentation
Inline Patches
- Individual inline patches correlate one-to-one with the software vendor security patch
- Preserves application availability by emulating the corrective action of the vendor patch, rather than employing signatures that are subject to false-positives
- Vulnerability-specific, rather than attack-specific, so current and future attack variants and vectors are addressed in a single instance
- Our layer 7 architecture and global software engineering team mean that Inline patches can also be developed, tested and released to customers even before software vendors can develop/deploy their own security patches
Inline Application Policies
- Enforces good server hygiene by preventing prohibited activities and disabling services
- Provides remediation for a class of vulnerabilities that software patches do not address
The Core Platform provides the unique capabilities for the ServerShield appliance to track server inventory, monitor traffic, and correct vulnerabilities on the fly with insignificant network latency.
Session & Asset Manager
- Manages inventory of servers, applications, ports and protocols
- Maintains full session context of all relevant server transactions
Inline Correction Engine
- Complete repository of callable functions common to inline patches
- Can modify traffic, such as truncating strings or converting Unicode to ASCII
- Enables Inline Patches to accurately emulate software patches
Transparent TCP/IP Transformer
- Provides the ability to modify data in midstream without disrupting server sessions
- High throughput and low latency
ServerShield Feature and Benefit Summary
Server Discovery
- Continually detects and catalogs applications, services and operating system versions to accurately account for servers behind the appliance
- Eliminates configuration and tuning burden of traditional security solutions
End-point Awareness
- Complete server asset inventory is mapped to application-specific protection profiles
- Server-bound traffic is checked only within appropriate application protocols, ensuring precise detection and correction logic
- 100% accuracy—no false positives, no false negatives
Automated Provisioning
- Newly detected servers are automatically protected, ensuring a secure environment regardless of unpatched vulnerabilities
- Reduces operational costs associated with physical patch management
Dynamically Loadable Content
- New inline patches, policies, and application coverage can be added to the core platform on the fly without restarting any service
Zero Footprint
- Up-to-date protection with no configuration changes and no agent installation on the server
Zero Downtime
- Eliminates remote threats without blocking legitimate application requests or requiring server reboots
Zero Tuning
- Delivers appropriate protection for specific applications without requiring any manual tuning
|
