ParsIPS presents a brilliant solution for Intrusion Prevention System. It uses innovative technologies to monitor network and system activities for malicious or unwanted behavior and can react in real-time and immediately to block or prevent those activities. Distributed feature of ParsIPS is a Network based IPS technology that operates in-line to monitor all network traffic for malicious code or attacks. When an attack is detected, it can drop the offending packets while still allowing all other traffic to pass. It helps network administrators to resolve ambiguities in passive network monitoring by placing detection systems in-line.

ParsIPS operates in the form of a Deep Inspection firewall. ParsIPS�s technologies apply a deeper level of application understanding to the traffic to make access control decisions based on the intent of that traffic. It can efficiently perform network security functions as well as analysis on the application message to determine whether to accept or deny traffic.

Content-based technology of ParsIPS inspects the content of network packets for unique sequences (signatures) to detect and hopefully prevent known types of attack such as worm infections and hacks.

ParsIPS protocol analyzer technology can natively decode application-layer network protocols, like HTTP or FTP. Once the protocols are fully decoded, the IPS analysis engine can evaluate different parts of the protocol for anomalous behavior or exploits.

Another technology that is used in ParsIPS is rate-based IPS (ParsRBIPS) technology. It is primarily intended to prevent Denial of Service and Distributed Denial of Service attacks. It works by monitoring and learning normal network behaviors. Through real-time traffic monitoring and comparison with stored statistics, ParsRBIPS can identify abnormal rates for certain types of traffic e.g. TCP, UDP or ARP packets, connections per second, packets per connection, packets to specific ports etc. Attacks are detected when thresholds are exceeded. The thresholds are dynamically adjusted based on time of day, day of the week etc., drawing on stored traffic statistics. Unusual but legitimate network traffic patterns may create false alarms. The system's effectiveness is related to the granularity of the ParsRBIPS rulebase and the quality of the stored statistics. Once an attack is detected, various prevention techniques may be used such as rate-limiting specific attack-related traffic types, source or connection tracking, and source-address, port or protocol filtering (black-listing) or validation (white-listing).

The most excellent features of this product are listed in the following:

1. Make access control decisions based on application content, rather than IP addresses or ports
2. Improve performance and accuracy of classification mapping with careful signature formats
3. Can serve secondarily at the host level to deny potentially malicious activity
4. A very low rate of false positives
5. Detecting application level attacks from penetrating and proliferating across the network
6. Operate completely invisible in a network
7. Do not typically claim an IP address on the protected network but can respond directly to any traffic in a variety of ways
8. A wide range of responses including dropping packets, resetting connections, generating alerts, and even quarantining intruders
9. Offers deeper insight into network operations providing information on overly active hosts, bad logons, inappropriate content and many other network and application layer functions