BLUEMAX IPS

BLUEMAX IPS is a high-performance next-generation IPS by No.1 company in domestic network security. It can proactively respond to the complex and rapidly changing security environment by using the high-performance threat preventiion platform to inspect malicious traffic and files, and supporting operations optimized for asset vulnerabilities and the virtualization / cloud environments.

High-performance next generation IPSBLUEMAX IPS

Brochure Download

Inquiry

BLUEMAX IPS's system for proactively responding to network security threats

Feature

BLUEMAX IPS provides agile services while actively responding to complex and rapidly changing security environments.

HIGH PERFORMANCE
- Implement a next-generation high-performance detection engine with the H/W ? S/W integrated framework
UNKNOWN THREAT DETECTION
- Reinforce responses to new security threats through static and dynamic analysis of malicious files
ENHANCED ASSET PROTECTION
- Customized security policy based on analysis of asset vulnerabilities
AGILE SERVICE
- Provide customized 1-2-3 professional service from construction to operation

BLUEMAX IPS Main Features

Signature-based defense

It can monitor the threats of each attack stage in real time and operate signature defense policies in an intuitive and timely manner by providing analyzed signatures based on the Cyber ?Kill Chain.
DDoS defense

As it comes with the anti-DDoS dedicated engine, it can detect and block various types of DDoS attacks, e.g. DRDoS and SCAN defense, source-based defense, internal source and 1:1 flooding.
Learning defense

By learning the contents of various headers and data such as the IP, port, and flag of traffic in real time, it protects against new attacks that cannot be blocked with signatures.
APP control

It provides application control functions optimized for each infrastructure environment by providing application characteristics (SaaS, Bandwidth), technologies (C/S, P2P and Web-base), hazard classes (malicious), tagging, and detailed profile types that fit the latest trend
UI convenience

It is capable of customized operation by setting up dashboard widgets with a high degree of freedom, and it increases visibility by supporting multiple windows for each menu, and reduces analysis time with an improved Drill Down function
User-defined signature

It provides signature templates according to infrastructure network types and security levels, and provides convenient optimized operation functions that can prevent human errors by perfectly supporting the Snort option and providing the grammatical error check function.
Higher-level authorities

It supports the convenience of interconnection with threat detection rules (PCRE, SNORT and YARA), and provides the events detected by BLUEMAX IPS to higher-level authorities by synchronizing the policies of higher level authorities (NCSC).
One-click analysis function

It is possible to request immediate analysis of the logs detected by BLUEMAX IPS, and the Infringement Response Center, which is composed of experts with more than 10 years of experience, provides quick feedback.

Software Specification

Intrusion Prevention		Anti - DDoS
Application Awareness	Detection of abnormal HTTP, FTP, POP3, IMAP, SMTP IP, TCP, ICMP and IPv6 protocols	Anti - DDoS	Defense against DoS, DDoS and DRDoS
	Support app detection/control/blocking		Defense against HTTP, DHCP, SMTP, POP3, IMAP and SIP
	Recognize app information in the network traffic		Origination-based session control
	Control detailed functions each web mail and messenger		Defense against pattern learning
Context Awareness	Collect user/asset information in the network traffic and providing topology		Defense against traffic learning
	Interconnection with user information through external equipment/DB interconnection	SSL Inspection
	Link the vulnerability diagnosis solution with the signature policy	SSL Inspection	Support decryption of two-way traffic
Content Awareness	Reputation 3rd Party interconnection (IP and URL)		Automatic recognition of SSL traffic
	Definition of IP and URL reputation DB users		Support DHE/ECDHE
	Support cloud-based external malicious URL inspection		Support the SSL exception policy(5-tuple / SNI / CN)
	Provide control functions for each country/region		Support TLS 1.3
	Respond to new variants through the behavior analysis function		Control SSL/TLS version
	Provide reports and information about malicious types		Control private certificates
	Block IP and URL		Control SSL traffic Cipher-Suite
	Support the Anti-Virus and YARA rule	Security Setting & Interworking
	Support decompression of multiple, encrypted compressed files	Security Setting & Interworking	Working with Integrated threat analysis policy management system
Legacy Rule	User-defined snort rulee		Transmission of threat events and logs
	PCRE (regular expression) and YARA rule		One-click infringement accident analysis request
	Multi-pattern detection function (parallel detection)		Synchronization of the policies of higher level institutions
Log Monitoring			Support the blocking of the black list
Dashboard	Provide real-time monitoring (events, systems, networks, equipment status, work details, etc.)		Provide the white list registration exception function
	Support real-time HA monitoring	Management Function
	Support real-time SSL session status monitoring	Network / IP / Session / Audit Management	Set and manage segments and network policies
	Provide real-time attack ranks		Support statistics of each network band, monitoring and logging
	User-defined widgets and configurations		VLAN, GRE, IPinIP, GTP, DHCP and IP (v4 and v6), Support the ICMP(v4,v6), IGMP and TCP/UDP protocol
Monitoring	Integration of threat detection and blocking		Provide the TCP session management and statistical function
	Provide detailed history of detection and blocking		Provide the setting function according to the system operation environment
	Provide the results of reputation detection		Provide security functions and permission types for each administrator
Log Statistic	Log and statistical tool function		Provide the auditing and file recovery history
	Reinforce the visibility of logs and statistics and user convenience		Guaranteeing the detection and control method optimization bandwidth
	Provide user-defined trends and statistical function		Policy and dynamic-based QoS TCP Flag management and control function (SYN, FIN, Rst, Psh and Ack)
			Dynamic QoS TCP/UDP/ICMP/ETC PPS control

Hardware Specification

BLUEMAX IPS		1000	2000	4000	5000	10000
CPU		4 Core	10 Core	10 Core	24 Core	52 Core
Memory		32 GB	32 GB	64 GB	96 GB	192 GB
Storage	System	SSD 32 GB	SSD 32 GB	SSD 32 GB	SSD 128 GB	192 GB
Storage	Log	HDD 1 TB	HDD 2 TB	HDD 2 TB	SSD 1.92 TB	SSD 1.92 TB
Interface	40G Fiber	-	-	-	(max4)	(max8)
	10GF FPGA (2 Slot)	-	-	2	4(max8)	4(max8)
	10G Fiber	-	-	(max4)	(max8)	(max8)
	1G Fiber	(max8)	4(max8)	(max8)	(max12)	-
	1G Copper	4(max8)	(max8)	(max8)	(max12)	-
	HA Port / Mgmt	1GC x 2 / 1GC x 1	1GC x 2 / 1GC x 1	1GC x 2 / 1GC x 1	10GF x 2 / 1GC x 2	10GF x 2 / 1GC x 2
Power Supply		Single	Dual	Dual	Dual	Dual
Dimension (HxWxD)		1U (438x481x44)	2U (438x481x88)	2U (438x481x88)	2U (438x685x88)	2U (438x685x88)
Throughput (UDP/64byte)		1 Gbps	2 Gbps	10 Gbps	20 Gbps	40 Gbps