NIP6300/6600 Next-Generation Intrusion Prevention System

NIP6300/6600 Intrusion Prevention System

Huawei NIP6300/6600 series is an advanced, new generation intrusion prevention system (NGIPS) designed to provide application and service security for carriers. The NIP6300/6600 provides context, application, and content awareness capabilities and defends against unknown threats to better protect network infrastructures, bandwidth performance, servers, and clients.

New hardware and software architecture, providing industry-leading performance

Uses a dedicated multi-core and multi-CPU platform, which greatly improves detection performance.

Provides dedicated hardware for decompression and pattern matching to ensure high traffic processing efficiency and optimal performance with multi-level protection.

Uses a new intelligent awareness engine (IAE) for threat detection, which enables multi-level protection and concurrent processing and improves threat detection efficiency.

Multi-level detection for comprehensive protection

Protects operating systems and applications from malware and attacks.

Identifies more than 120 types of files, prevents file name extension tampering, and identifies malicious code in files.

Provides superior anti-DDoS capabilities to mitigate application-layer DDoS attacks (such as HTTP, DNS, and SIP attacks).

Implements SSL encryption and advanced evasion detection.

Detects unauthorized connections to servers and protects information assets.

Dynamic context awareness for intelligent policy tuning and hierarchical log management

Identifies security risks to both static assets and dynamic traffic.

Automatically tunes security policies based on the security risks.

Analyzes the detection logs based on the security risks for hierarchical log management.

Interworking with the sandbox and reputation systems for threat detection

Interworks with the sandbox for suspect file analysis and threat file detection.

Interworks with the IP and C&C reputation systems for rapid threat detection and prevention.

Fast signature update for prompt vulnerability protection

Captures the latest attacks, worms, viruses, and Trojan horses, extracts signatures from them, and determines the threat trend using a global honeynet.

Updates the signature database and inspection engine promptly when new and zero-day threats and vulnerabilities are identified.

Certified "CVE-Compatible". Threat analysis and verification are compatible with Common Vulnerabilities and Exposures (CVE) requirements.

Applications & Benefits

The NIP6300/6600 series next-generation intrusion prevention system can be deployed in carrier IDCs and enterprise networks to detect and block attacks in real time. Intelligent context awareness, dynamic policy tuning, and hierarchical log management help improve attack defense capabilities and reduce customers' network O&M costs.