Syspeace Protection

security-protection

Imagine that your company has a physical facility. If someone repeatedly tries to gain access with a fake key or invalid key card, you would expect that your security guards would provide protection and not let the intruder through. Unfortunately, antivirus and firewall software do not take action against the server equivalent of this scenario. Even with firewalls and antivirus software, wherever a legitimate user might need to log into your server, an intruder or attacker gets infinite tries to log in to this server. Windows Server has some built-in defenses, which usually amount to locking out the user the intruder is trying to log in as. Aside from being unhelpful and annoying for the innocent user, it does nothing to stop the attack or give you protection from the intrusion attempt.

Syspeace is an Intrusion Prevention Solution

Syspeace is an Intrusion Prevention Solution, meaning that it reasons about the pattern of the failed login attempts and blocks the attacker once it can discern the attack from a legitimate user logging in incorrectly. These patterns are readily customizable by configuring Syspeace’s rules.

Brute-force attacks that otherwise thrive on being able to try a large number of logins until one of them works by chance are stopped nearly instantly. Since it is effective against many types of attacks, Syspeace is an excellent complement to antivirus and firewall software.

In addition, Syspeace pre-emptively blocks attackers based on failed attempts that have been blocked at other participating Syspeace installations worldwide through our Global Blacklist.

Syspeace protection functionality highlights

  • Protection against unlimited login attempts on Windows accounts, which protects…
    • File shares
    • Outlook Web Access (OWA)
    • Remote Desktop Services (RDP)/Terminal Services
    • Citrix
    • RD Web
    • Sharepoint
    • …and other programs using Windows authentication
  • Protection against unlimited login attempts on Exchange SMTP connectors
  • Protection against unlimited login attempts to Microsoft SQL Server
  • Protection against unlimited login attempts to your web site using the optional Web Detector plugin (requires matching detector in web site)
  • Protection against unlimited login attempts to any product for which there is a Detector plugin (API and SDK freely available)
  • Multiple customizable rules
  • Send mail when a block is performed
  • Send daily mail with aggregated intrusion information both as plain text and attached CSV file
  • Send weekly mail with aggregated intrusion information both as plain text and attached CSV file
  • Uses local whitelist
  • Uses local blacklist
  • Uses global blacklist
  • Searchable log of login/intrusion attempts

Unique features

Global blacklist of intrusion detection and intrusion prevention

Working together, we make it harder for the people that try hacking your system. Each time a computer blocks an external IP address, the block is registered in the Syspeace central database. We scan this database a number of times each day looking for patterns. When a blocked address is seen repeatedly at a number of customers, that IP address will be added to our blacklist and distributed to all Syspeace clients so that all customers can benefit from a pre-emptive blocking of known intruders. Intrusion detection and intrusion prevention is the key.

Attack control and Access report

Syspeace provides tools to compare and keep track of the information kept on the attackers. Using these tools you can discern internal threats from external threats, collect statistics about when the attacks take place, see whether an IP address has been used to log in successfully, see from which IP addresses a user tends to log in or just browse the raw information kept about login attempts.

Floating licenses facilitates securing multiple computers

Syspeace implements a floating license model that helps you manage your Syspeace investment with a minimum of administration.
Licenses are bought per computer per day, but not allocated to any specific computer. This means that you are free to move the Syspeace application to different computers in your environment depending on where the service is needed without any extra web-based deactivation/activation.

When you register Syspeace for the first time, you get a license key that you can use on all subsequent Syspeace installations. The common license key allows you to utilize the floating license model and hence minimize the administration.

Configure it to make it even better

Syspeace works great out of the box, but you can customize it to suit your organization. Rules let you configure how certain accounts, domains or login method might change the requirements for Syspeace to notice an attacker, or raise the lockout period. For example, you might set a much lower tolerance for invalid logins on domains that are not your own Windows domain.

With the local whitelist, you can exclude certain IP addresses or ranges from being considered attacks; great for making sure that trusted users on internal networks never run into problems or to temporarily give a badly configured server the benefit of the doubt.

With the local blacklist, you can manually add IP addresses that you temporarily want Syspeace to treat as attackers.

The Syspeace global blacklist lets you take advantage of Syspeace’s network effects. Whenever Syspeace blocks an attacker, anonymized information is collected and sent to our global blacklist maintainer. As an attacker touches other separate Syspeace installations, Syspeace becomes convinced that the intruder is a widespread threat and adds the IP number of the attacker to the global blacklist. At this point everyone set to track the global blacklist will pre-emptively block the attacker, just as if the attack had happened locally.

Additionally, with messaging, you can be alerted via email whenever one of a few important events happen, such as when an attacker is blocked, the block expires, rules are modified, the license status changes, the global blacklist changes or the service is stopped or started. Building on this, reports are available to summarize attacks and blocking activity during the day and/or week.

System requirements

Syspeace is supported on the following operating systems:

  • Windows Server 2003: 32-bit (x86) or 64-bit (x64)
  • Windows Server 2003 R2: 32-bit (x86) or 64-bit (x64)
  • Windows Server 2008: 32-bit (x86) or 64-bit (x64)
  • Windows Server 2008 R2: 64-bit (x64)
  • Windows Server 2012
  • Windows Server 2012 R2

Itanium versions of Windows Server are not supported. Client versions of Windows are not supported. Running the 32-bit version of Syspeace on 64-bit versions of Windows Server is not supported.

Syspeace requires 1 GB free hard disk space and 500 MB of physical memory.