Site Protector Appliance (SPA)

A Layer-2 Dynamic Firewall based on Artificial Intelligence and Machine Learning technologies

 

 View Demo Video

Unified network security for every enterprise environment.

SPA (Site Protector Appliance) is a Layer 2 Anomaly Detection System and Dynamic Firewall with advanced security features and built-in defense against all new classes of sophisticated attacks. SPA engine analyzes the actual content in the data stream to protect against known and unknown evasion techniques, even when they are applied on multiple protocol levels, increasing your protection against advanced persistent threats and other undesirable traffic.

 

 SYN Attacks    DDoS Attacks    Brute Force attacks  DNS Flooding   Port Scanning  Null packets 
Protocol Anomalies   Application Attacks  and much more..

 

How it works / Connection Diagram

A SPA system consists of two main componets that can be installed on same or different machines,  the SPA Engine and the SPA Management/ Collector .

The SPA Engine (Layer 2 appliance) can connect to any network segment and does not require any network changes. It needs at minimum 3 network cards, 2 in bridge mode (layer 2 ) and 1 for communication with the SPA Management server. For better protection is recommended to install SPA Engine (appliance) in front of your router as shown in the diagram.

The SPA Engine supports ANY data packets to pass through, has no IP address hence is invisible from internet and hackers. Our unique, state of the art engine, is fully functioning in layer 2 (bridge mode) for packet analysis and dynamic blocking.

The SPA engine operates by analyzing the data streams and in line with the configuration parameters provided by the administrator it creates a ‘dynamic policy’ based on the network traffic and network behavior. That results to dynamic ‘memory resident’ rules saved in the kernel space.
This results in policies that will not block any normal activity, but provide the ability to detect anomalies in protocols and hence detect hacker activity trying to penetrate a network . All blocking mechanisms are applied in real time and expiration flags can be defined.

The initial state of a SPA engine does NOT contain any blocking rules. By default all traffic is allowed to pass through. A minimum of 2 hours is required in order for the engine to analyze enough traffic and start creating a dynamic policy.

The SPA Management/Collector  acts as an ‘analyzer’ and a ‘correlation engine’. Its main purpose is to analyze information and provide input to the SPA Engine to improve its policy and operation by processing the raw data provided by the engine and apply analysis techniques to define a proper short and long term reaction / action to the specific attack. It also functions as a monitoring and administration service for the operation of the SPA Engine via a web interface.

In addition to the SPA Engine, the SPA Collector can be integrated with various external security systems (i.e firewalls, ids etc) and receive security related logs in standard syslog format. Incoming logs are saved in a database, get analyzed using various parsers (Checkpoint, Snort,mod_security waf etc),correlated using 'spro' correlation engine and provide additional input to the SPA Engine.

On enterprise enviroments with multiple Internet gateways you can use one SPA Management to configure and monitor more than one SPA Engines.

 

 

 

Want to know more ?  
F.A.Q
Request a quotation
See some screenshots
SPA Product Line
Build an effective DDoS protection
Cloud server and data sharing
Install on my own hardware
Deep Analyzer and the built in DNS server
Howto write my own log parsers
Enable beta or alpha releases
Ransomware and malware protection
Configure Blackhole settings
Configure system alerts and notifications
Adjusting port scanning detection plugin
Learn more about Whitelist and Exception settings

 

 

Site Protector Appliance (SPA)

A Layer-2 Dynamic Firewall based on Artificial Intelligence and Machine Learning technologies

   

 View Demo Video

Unified network security for every enterprise environment.

SPA (Site Protector Appliance) is a Layer 2 Anomaly Detection System and Dynamic Firewall with advanced security features and built-in defense against all new classes of sophisticated attacks. SPA engine analyzes the actual content in the data stream to protect against known and unknown evasion techniques, even when they are applied on multiple protocol levels, increasing your protection against advanced persistent threats and other undesirable traffic.

 

 SYN Attacks   
DDoS Attacks   
Brute Force attacks 
DNS Flooding  
Port Scanning 
Null packets 
Protocol Anomalies  
Application Attacks  and much more..

How it works / Connection Diagram

A SPA system consists of two main componets that can be installed on same or different machines,  the SPA Engine and the SPA Management/ Collector .

The SPA Engine (Layer 2 appliance) can connect to any network segment and does not require any network changes. It needs at minimum 3 network cards, 2 in bridge mode (layer 2 ) and 1 for communication with the SPA Management server. For better protection is recommended to install SPA Engine (appliance) in front of your router as shown in the diagram.

The SPA Engine supports ANY data packets to pass through, has no IP address hence is invisible from internet and hackers. Our unique, state of the art engine, is fully functioning in layer 2 (bridge mode) for packet analysis and dynamic blocking.

The SPA engine operates by analyzing the data streams and in line with the configuration parameters provided by the administrator it creates a ‘dynamic policy’ based on the network traffic and network behavior. That results to dynamic ‘memory resident’ rules saved in the kernel space.
This results in policies that will not block any normal activity, but provide the ability to detect anomalies in protocols and hence detect hacker activity trying to penetrate a network . All blocking mechanisms are applied in real time and expiration flags can be defined.

The initial state of a SPA engine does NOT contain any blocking rules. By default all traffic is allowed to pass through. A minimum of 2 hours is required in order for the engine to analyze enough traffic and start creating a dynamic policy.

The SPA Management/Collector  acts as an ‘analyzer’ and a ‘correlation engine’. Its main purpose is to analyze information and provide input to the SPA Engine to improve its policy and operation by processing the raw data provided by the engine and apply analysis techniques to define a proper short and long term reaction / action to the specific attack. It also functions as a monitoring and administration service for the operation of the SPA Engine via a web interface.

In addition to the SPA Engine, the SPA Collector can be integrated with various external security systems (i.e firewalls, ids etc) and receive security related logs in standard syslog format. Incoming logs are saved in a database, get analyzed using various parsers (Checkpoint, Snort,mod_security waf etc),correlated using 'spro' correlation engine and provide additional input to the SPA Engine.

On enterprise enviroments with multiple Internet gateways you can use one SPA Management to configure and monitor more than one SPA Engines.

 

 
Want to know more ?  
F.A.Q
Request a quotation
See some screenshots
SPA Product Line
Build an effective DDoS protection
Cloud server and data sharing
Install on my own hardware
Deep Analyzer and the built in DNS server
Howto write my own log parsers
Enable beta or alpha releases
Ransomware and malware protection
Configure Blackhole settings
Configure system alerts and notifications
Adjusting port scanning detection plugin
Learn more about Whitelist and Exception settings