Intrusion Prevention Solution
Contained within each Enforcer Profile is a Module for Intrusion Detection and Prevention. This is an extremely powerful tool used to detect and prevent zero day attacks from malware, hackers and ransomware attacks.
The first step in defence against threats is a signature based analysis of each connection. Known threats present a signature that may be blocked on attempts at initiation.
Secondly, and arguably more important is the Behaviour Based analysis utilised by the IPS module. This means that the behaviour of each connection is tracked, and if the connection meets a prescribed criteria it can be deemed as a risk and subsequently blocked.
Important Information
Non DNS based connections (or Direct IP) are always flagged for protection by the IPS. If non DNS based connections are a requirement for your network (VoIP, some file sharing systems, web applications etc) you may whitelist these Internet hosts /IP addresses/ranges under the content filter section.
Report Importance
The malware report available from the reports section is designed to show all traffic on your network that will be targeted and blocked by the IPS module. In certain cases, it may be prudent to generate this report before enabling the IPS. The report will show all connections that will be killed off by the IPS. This may reveal any legitimate systems that utilize Non DNS connections to be whitelisted in the Content Filter.