Security and IPS
The LucidView IPS module provides behaviour based IPS, identification and elimination of suspicious connections which are often ransomware related. Our IPS protects against both known and unknown malware by analysing the behaviour of the connection and eliminating any connections which are anomalous.
IDS & IPS with the LucidView Enforcer
LucidView specialises in behaviour based intrusion detection and prevention. We look at how the traffic behaves on your network, identify and eliminate any anomalies. Each and every connection that comes into or leaves your Network is analysed and categorised.
Behaviour based IPS is proactive. The Enforcer examines traffic patterns, looking for anything out of the ordinary. Any traffic and/or connections behaving oddly are immediately added to the “Security Risk” category and blocked.
Pull and Push Remote Protection
Pull Remote Protection – These are attempted attacks into your network by a remote hacker trying to gain access to your network, The LucidView Enforcer identifies these connections and eliminates them before they are able to infect the network or give a remote hacker control over the network.
Push Remote Protection – This refers to remote hackers that gain access via users from within the network, this can happen via a VPN, apps like WhatsApp, Telegram and even email. The user inadvertently allow the hacker to push a remote connection into your network. The LucidView Enfrorcer identifies these push remote connections and eliminates them.
The IPS module takes a variety of factors into consideration when protecting your network from unauthorised remote access, known malware and other security risks. Any good IPS solution is going to have false positives from time to time. Services such as VOIP servers and VPNs that have no DNS entries may be flagged as a security risk. These IP addresses can be added to whitelists in your LucidView MikroTik Portal so that they be ignored by the IPS module.
Example of Identifying Security Risk
The charts in this example provide an illustration of how the LucidView Enforcer examines and an analyses each connection coming into and leaving your network.
Using our own A.I. we have created the LucidView Enforcer. The Enforcer effectively assesses, in real time, when a connection is behaving “suspiciously”. If it is, the Enforcer automatically puts into the IPS Module. Thereby, blocking it and eliminating the threat to your network.
The LucidView IPS module identifies suspicious connections and immediately kills them off upon identification. Offering an extremely effective Intrusion Detection (IDS) and proactive Intrusion Prevention (IPS) for all customers.
How the IPS Security Module works
This is a detailed presentation of LucidView’s behaviour based IPS Security solution presented at the MikroTik Users Conference in February 2020.