Signature attack identification
KFSensor's rule base signature engine can identify
known attack patterns, which greatly helps in analyzing the nature
of a event. Rules can be imported from external sources in Snort
format giving access to a huge amount of security knowledge.
Detects Windows networking attacks
KFSensor contains the world's only Windows
networking/ NetBIOS / SMB / CIFS emulation honeypot. This unique
feature enables it to detect the nature of attacks on file shares
and Windows administrative services, currently the most prevalent
and damaging on the Internet.
Firewalls can detect port scans, but not the nature of an attack.
NIDS can identify certain attacks but not without the risk of
compromising security. Only KFSensor can provide the maximum
information on an attack, without risk of compromise.
Extendable architecture
The already comprehensive emulation and reporting
features of KFSensor can be further extended by writing your own
scripts and database queries.
No false positives
Firewalls and network based IDS are often overwhelmed
by the amount of network traffic and often generate false alarms by
misinterpreting legitimate network traffic. KFSensor's honeypot
model has no legitimate uses, so all connections to them are
suspect.
Low overheads
KFSensor lies dormant until attacked, consuming very
little processor time or network resources. Sensors can be installed
on users� machines without affecting their normal use, eliminating
the need for additional hardware.
Full converage
All TCP, UDP and ICMP traffic is monitored for all
ports.
|
Remote Administration
Protect different locations in the corporate network
with multiple KFSensor installations and manage the process from one
location. KFSensor Enterprise Edition provides remote configuration
and real time concatenation of events from a single administrator
machine using top of the range encryption and authentication.
Simplicity
The concepts behind KFSensor are easy to understand.
Its configuration and operation is straightforward, requiring
minimal training and maintenance.
Advanced server simulation
KFSensor emulates real servers, such as FTP, SMB,
POP3, HTTP, Telnet, SMTP and SOCKS to improve deception and gain
more valuable information on a hacker's motives.
Real time detection
Attacks are detected, analyzed and reported
immediately allowing response to an attack while still in progress.
Detects unknown threats
Unlike other products KFSensor does not rely on
signatures of known attacks and can therefore detect new or 0 day
threats, such as new worms, viruses and elite hackers. KFSensor is
just as effective at detecting internal threats.
Security in-depth
KFSensor complements other types of security
products, such as firewalls, anti-virus and network based IDS
systems, to provide an additional layer of protection.
Designed for a corporate
environment
KFSensor's secure design and its ability to work both
inside a LAN and in front of a firewall make it suitable for
organizations that demand the highest security requirements.
|