SecureTrust Cybersecurity
Helios IPS as a service

Helios IPS As A Service

Helios’s cloud-based IPS is fully converged with the rest of Helios’s security services, which include:

  • Next-generation firewall (NGFW)
  • Secure web gateway (SWG)
  • URL filtering
  • Malware protection

Helios IPS is the first to be integrated with a global SD-WAN service, bringing context-aware protection to users everywhere.

Why IPS As A Service?

Today’s IPS appliances are hampered by many factors.

The increased use of encrypted traffic makes TLS/SSL inspection essential.

However, inspecting encrypted traffic degrades IPS performance.

IPS inspection is also location bound and often does not extend to cloud and mobile traffic.

And, appliances must be constantly updated with new signatures and software patches, increasing IT operational costs.

Helios solves these problems with a managed and adaptive cloud-based IPS service that delivers advanced security everywhere with unlimited inspection capacity:

  • Managed And Adaptive Cloud Service: The Helios Team leverages big data insights derived from the Helios Cloud to update, tune and maintain IPS signatures without customer involvement. New signatures are validated on real traffic, which allows them to be optimized for maximum effectiveness before being applied to production, customer traffic.
  • Advanced Security Everywhere: Internet and wide area network (WAN) traffic is scanned and protected for all branch offices and mobile users regardless of location.
  • Unlimited Inspection Capacity: The Helios IPS has no capacity constraints, inspecting all traffic, including TLS traffic, today and in the future.

Context-Aware Protection

Beyond common protection for the latest vulnerabilities and exploits, Helios IPS uses a set of advanced behavioral signatures to protect against complex attacks by identifying suspicious traffic patterns. 

Leveraging the converged network and security cloud platform, Helios’s IPS has access to unique context across multiple domains typically unavailable to a standard IPS. 

The use of this context makes IPS signatures more accurate (reducing false positives) and more effective (reducing false negatives). 

The context attributes include:

  1. Layer-7 Application Awareness: The Helios IPS is application-aware, applying rules based on network services, business applications, and application categories.
  2. User Identity Awareness: The Helios IPS recognizes user identity based on Active Directory.
  3. Geolocation: Helios IPS can enforce customer-specific, geo-protection policies to stop traffic based on the source and destination country.
  4. User Agent and Client Fingerprinting: The Helios IPS identifies the sending client, such as a browser type or mobile device.
  5. True Filetype Inspection: A common attack vector is to mask executables attached to a message by changing the appearance of filename extensions. The Helios IPS identifies and block such threats by inspecting the data stream to determine the actual filetype.
  6. DNS Queries and Activation: By investigating the DNS stream, the Helios IPS can run heuristics to detect anomalies in DNS queries indicating a domain generation algorithm (DGA) or malware-related DNS queries.
  7. Domain or IP Reputation Analysis: In-house and external intelligence feeds enable the Helios IPS to detect and stop inbound and outbound communications with potentially compromised or malicious resources, such as domains and IP addresses that are newly registered or whose reputations are labeled unknown, suspicious, or malicious.

Helios IPS in Action

The combination of functions allows Helios to spot threats efficiently and effectively.

The WannaCry outbreak, for example, can be stopped by detecting malicious buffers indicative of the EternalBlue exploit used by WannaCry:

The suspicious locations can be blocked by leveraging Helios’s geolocation restrictions:prevent inbound or outbound communications

And with reputation analysis, Helios IPS can identify and prevent inbound or outbound communications with compromised or malicious resources:

prevent inbound or outbound communications 2

The Helios IPS has already been deployed within the Helios Cloud, protecting customers from infection.

Upon deployment, the IPS detected several infected machines in one leading manufacturing company.

The manufacturer relies on the Helios Cloud to connect and secure it’s three US locations, five international offices, and cloud instance.

Helios IPS identified that the machines were communicating with a C&C server that is used to spread Andromeda bot malware.

Details of the anti-malware event can be seen below:

anti-malware event

The SD-WAN of the Future. Today.

Today’s users work everywhere and so must their wide area networks.

But advanced security must be built into the network to securely connect locations, cloud resources, and mobile users.

With Helios IPS and the rest of Helios’s converged security services, Helios inspects and protects against threats in WAN and Internet traffic without the administrative overhead, capacity constraints, or restrictions of standard security appliances.

Combined with its private backbone, the Helios Cloud makes securely connecting your business simple — again.

Why Choose SecureTrust?

SecureTrust is a leading provider of cybersecurity automation solutions.

SecureTrust’s platform can help organizations to mitigate Intrusions into your networks

Are you ready to block cyber criminals from stealing your data?

Get secure today!

Helios is SecureTrust's cutting-edge platform and AI technology that empower our team of experts to provide efficient and effective security services.

Share This Article

Get the week’s best
cybersecurity content

Join 10,000 Subscribers

AI & Cybersecurity Insights

SecureTrust Cybersecurity Powered By Helios