Today's IPS products support multiple detection methods (signature, protocol anomaly
and behavioral anomaly), as well as addressing a range of performance needs.
When a new threat is detected, the Fortinet threat response team determines the most effective means for stopping the attack--whether via anti-virus scanning, protocol anomaly
detection, or other proactive means--and sends real-time updates to FortiGate systems across the world that can be implemented immediately.
0 used just two of those, protocol anomaly
detection (checking that traffic conforms to the relevant RFCs) and signature detection (checking the traffic doesn't match known attack patterns).
A second line of defense is network-based intrusion detection to identify external, as well as internal, threats with protocol anomaly
detection technology to detect known, as well as new, attacks.
Symantec is planning to enhance the existing intrusion prevention capabilities of its Symantec Gateway Security and Symantec Client Security products by integrating ManHunt to provide advanced high-speed protocol anomaly
Hybrid Intrusion Detection -- RealSecure Network Sensor uses a combination of sophisticated seven-layer protocol anomaly
detection an d attack pattern matching to interpret network activity.
They provide detection via several methods -- signatures, protocol anomaly
detection, behavioral or heuristics.
Network protection is provided by combining multiple detection technologies, including protocol anomaly
detection, vulnerability attack interception, signature recognition, denial-of-service and scan detection, and IDS evasion detection.
ManHunt is designed to monitor network traffic at speeds of up to two gigabits per second, combining protocol anomaly
detection, signature detection, denial-of-service, scan detection and IDS evasion detection techniques.
Multiple intrusion detection methods including signature based detection, protocol anomaly
and traffic anomaly; Application protocol (SMTP, HTTP, POP3, IMAP, SNMP, SIP, SMB, SSH) intelligent threat detection and prevention.
According to Gartner, "The network IPS appliance market is composed of in-line devices that perform full-stream assembly and deep inspection of network traffic, providing detection using several methods, including signatures, protocol anomaly
detection and behavioral or heuristics.
TippingPoint is also offering protection for VoIP in the form of Denial of Service attacks and VoIP protocol anomaly