Contact UsContact UsContact Us

Intrusion Prevention System

Protection from Core to Access Edge

  • Automatic identification, location, isolation, and solution of threats
  • Real-time attacker containment limiting  incident impact
  • Host and network-based deployment options

Click to talk to a network expert

Request a Demo

The IPS provides exceptional functionality by locating, containing, and removing the source of the attack from the network.

Intrusion Prevention System (IPS) ensures the confidentiality, integrity, and availability of business-critical resources with industry-leading Intrusion Prevention capabilities, including:

  • In-line Intrusion Prevention to provide advanced security in a specific location
  • Patented Distributed Intrusion Prevention to automate response to threats in real-time
  • Out-of-band Intrusion Detection that simultaneously utilizes multiple response technologies
  • Forensics tools for session reconstruction to simplify threat mitigation and resolution
  • Threat containment that leverages existing network investments

IPS is unique in its ability to gather evidence of an attacker’s activity, remove the attacker’s access to the network, and reconfigure the network to resist the attacker’s penetration technique. IPS stops attacks at the source of the threat and can proactively protect against future threats and vulnerabilities. IPS offers an extensive range of detection capabilities, host-based and network-based deployment options, a portfolio of IPS appliances, and seamless integration with the Extreme Networks architecture. IPS utilizes a state-of-the-art high-performance, multi-threaded architecture with virtual sensor technology that scales to protect even the largest enterprise networks.

IPS is a core component of the Extreme Networks architecture. When deployed in combination with  Security Information & Event Manager (SIEM) and NMS Automated Security Manager, it facilitates the automatic identification, location, isolation, and remediation of security threats. IPS integrates seamlessly with Network Access Control (NAC) for post-connect monitoring of behavior once network access has been granted.

From Our Blog

Migration to SDN Can Be Simple: A Case Study

You don’t have to be an enterprise the size of Google or Facebook to reap the benefits of an SDN…

Read More

Extreme Partners with NIST and US Ignite to Drive Smarter Cities with its SDN Innovation Challenge

NIST’s Global City Teams Challenge Festival (GCTC Fest) is quickly approaching and the Extreme team is thrilled to partner with…

Read More

Network Sensors

Provides deep forensics capabilities, including flexible packet capture and complete session reconstruction. Network Sensors are centrally managed via the Enterprise Management Server (EMS).

Host-Based Threat Prevention

Host Sensors are security applications used to detect attacks on a network server in real time. Host Sensors monitor individual systems running today’s most common operating systems. Host Sensors also support custom module development using the flexibility of Microsoft’s .NET Framework.

Host Sensors perform the following functions:
  • Monitor file attributes such as file permission, owner, group, value, size increase, truncated, and modification date
  • Check file integrity to determine whether content of critical files was changed
  • Continuously analyze log files using signature policies to detect attacks and/or compromises
  • Monitor Windows event logs for misuse or attack
  • Analyze Windows registry for attributes that should not be accessed and/or modified
  • Perform TCP/UDP service detection for protection against backdoor services

Enterprise Management Server (EMS)

The Enterprise Management Server (EMS) is a client-server architecture, which offers efficient, centralized management for all of the components offered with Extreme IPS. The EMS provides reporting and management services for all deployed network and host sensors.

Extreme IPS Virtual Appliances

Extreme IDS network sensor and Enterprise Management Server (EMS) can be deployed on VMware ESX™ servers. With these virtual machine options, enterprises gain additional, cost-efficient, network threat protection and the ability to monitor both the physical and virtual network. 

Certifications and Partnerships

Extreme is a partner in the Microsoft Active Protection Program (MAPP). This program, from the Microsoft Security Response Center (MSRC), provides detailed vulnerability information in advance of any public disclosure.

Extreme advanced in-line Intrusion Prevention is designed to block attackers, mitigate Denial of Service (DoS) attacks, prevent information theft, and ensure the security of Voice over IP (VoIP) communications – while remaining transparent to the network. Extreme IPS leverages a comprehensive library of vulnerability and exploit-based signatures.

Extreme Distributed Intrusion Prevention is a patented solution  (7581249), that provides threat containment and blocks attackers at the source physical port for most multi-vendor edge switches.

  • Protects network resources by removing an attacker’s ability to continue an attack or to mount a new attack
  • Real-time dynamic attacker containment limits security incident impact
  • Works with multi-vendor enterprise edge switching products
  • Protection against emerging Voice over IP vulnerabilities, Day Zero threats, and advanced Denial of Service attacks
  • Flexibly deployed as an appliance and/or virtual appliance enabling cost-efficient threat detection and monitoring
  • Supports inspection and reporting for IPv6 networks extending IPS/IDS capabilities into next-generation networks
  • Unique host-based and network-based protection deployment option
  • Powerful configuration tools for customization and advanced control
  • Transparent to the network
  • Huge library of vulnerability and exploit-based signature
  • The IPS stops attacks at the source of the threat
  • Integrates seamlessly with Extreme Network Access Control (NAC)
 IPS Network Sensor Appliances
IPS Throughput1,200Mbps8,000Mbps
Max I/O Modules66
Bypass I/O Modules4 x 1Gbps copper,
4 x 1Gbps fiber
Standard I/O Modules4 x 1Gbps copper,
4 x 1Gbps fiber
4 x 1Gbps copper,
4 x 1Gbps fiber,
2 x 10Gbps SR
Management Interfaces4 x 1Gbps copper4 x 1Gbps copper
Remote ConsoleYesYes
Typical Latency< 800 microseconds< 300 microseconds
Processor2 x E5-2603 Quad Core,
2 x E5-2620 Hex Core,
Hard Drives2 x 1TB SATA2 x 1TB SATA
Power SuppliesDual 750WDual 750W
(D x W x H)
73.2 cm x 43.8 cm x 8.76 cm73.2 cm x 43.8 cm x 8.76 cm
Shipping Weight 28.1 kg28.1 kg
Operating Temperature10° C to 35° C10° C to 35° C
Enterprise Management Server Appliances
Management Capacity25 NodesUnlimited (5000)
Management Interfaces4 x 1Gbps copper4 x 1Gbps copper
Remote ConsoleYesYes
Processor1 x E5-2620 Hex Core,
1 x E5-2620 Hex Core,
Hard Drives2 x 500GB6 x 2TB
Power SuppliesDual 750WDual 750W
(D x W x H)
73.4 cm x 43.8 cm x 4.32 cm73.2 cm x 43.8 cm x 8.76 cm
Shipping Weight 23.1 kg28.1 kg
Operating Temperature10° C to 35° C10° C to 35° C