Syspeace Protection Features
These patterns are readily customizable by configuring Syspeace’s “rules”. Syspeace works straight out of the box, but you can customize it to suit your organization’s specific needs.
How to make Syspeace the best IT Security tool for you – customize!
Rules let you configure how certain accounts, domains or login method might change the requirements for Syspeace to notice an attacker, or raise the lockout period. For example, you might set a much lower tolerance for invalid logins on domains that are not on your own Windows domain.
You further customise it through local whitelisting and local, and global, blacklisting of certain IP addresses. Syspeace now also supports geo-blocking, stopping any login attempt from a specific region.
Syspeace’s settings allow you to:Configure your own local whitelist.
Configure your own local blacklist.
Use our Global Blacklist.
Geo-block specific countries (NEW!).
Search the log of detected login/intrusion attempts.
Receive email when a block is performed.
Receive daily and/or weekly mail with aggregated intrusion information both as plain text and attached CSV file.
Where Syspeace can protect you:
Syspeace’s security software for Windows can operate on the following accounts:File shares.
Outlook Web Access (OWA).
Remote Desktop Services (RDP)/Terminal Services.
As well as other programs using Windows authentication:Protection against unlimited login attempts on Exchange SMTP connectors.
Protection against unlimited login attempts to Microsoft SQL Server.
Protection against unlimited login attempts to your web site using the optional.
Protection against unlimited login attempts to your website using the optional Web Detector plugin (requires matching detector in web site).
Read more about Syspeace’s features below.
Homeland protection with
We’ve commonly seen blocks coming from countries which have no business in entering servers in the host country. Several of our customers work globally, but many do not, and regardless of this, it does not mean that serving a customer from that country means that they should be able to, say, trigger a Windows login attempt on this server.
You set up Country rules, describing which countries you don’t want to allow access from and Syspeace will keep track of this for you, blocking any login attempt from those regions immediately.
Known attacks coming from Russia? Block Russia permanently.
Travelling employee? Unblock regions temporarily.
The software is configurable to suit your specific needs.
Throughout the years our software has gathered important intel. This network has enabled us to create an extensive Global Blacklist of IP addresses which tend to do harm.
Each time a computer blocks an external IP address, the block is registered in the Syspeace central database. We scan this database a number of times each day looking for patterns. When a blocked address is seen repeatedly at a number of our customers, Syspeace identifies the intruder as a widespread threat then adds the IP number of the attacker to the Global Blacklist. Thereafter, distributed to all Syspeace clients, so that all customers can benefit from preemptive blocking of known intruders.
Intrusion detection and intrusion prevention is the key.
Therefore, Syspeace can pre-emptively block attackers based on failed attempts that have been blocked at other participating Syspeace installations worldwide through our Global Blacklist.
Local whitelist and blacklist
With the local whitelist, you can exclude certain IP addresses or ranges from being considered attacks; great for making sure that trusted users on internal networks never run into problems or to temporarily give a badly configured server the benefit of the doubt.
With the local blacklist, you can manually add IP addresses that you want Syspeace to treat as attackers.
Control and statistics
Syspeace provides tools to compare and keep track of the information kept on the attackers. Using these tools you can discern internal threats from external threats. You can also collect statistics about when the attacks take place, see whether an IP address has been used to log in successfully, see from which IP addresses a user tends to log in or just browse the raw information kept about login attempts.
Additionally, with our e-mail report, you can be alerted via email whenever one of a few important events happen, such as when an attacker is blocked, the block expires, rules are modified, the license status changes, the Global Blacklist changes or the service is stopped or started. Building on this, reports are available to summarize attacks and blocking activity during daily and/or weekly.