4 More images
Details
Available in two models:
- Ally ip1000s anti-reconnaissance engine and anomaly-based prevention uses a 1.4GHz/64BIT CPU with 1GB DDR RAM for SNMP alerts and a 40GB 7200 RPM drive for Syslog and Eventlog tracking with dual "fail open" 1000BaseT Ethernet controllers
- Ally ip100's anti-reconnaissance engine and anomaly-based prevention uses a 200MHz CPU with 64MB RAM for Syslog & SNMP alerts with dual "fail open" 100BaseT Ethernet controllers
Plug and Protect®(PnPro) — Patent-pending feature:
- Ally appliances have NO TCP/IP or MAC address so they can't be targeted or exploited. Allows deployment in 15 minutes or less with NO client impact; NO configuration changes to any other devices and 100% compatible with other network hardware and software
Tagged Universal Resource Information Transmission® (Tag-UR-IT) — Patent-pending feature:
- Uses Anomaly and behavior based detection so NO signatures are needed. Tag-UR-IT tags, inspects and pre-processes packets so network traffic is hardened before it enters your network.
- Ally appliances provide protocol enforcement, anti-spoofing, and anti-reconnaissance protection. They also stop Denial of Service attacks (DoS, DDoS, DRDoS, etc.) along with "slow and low" network recons — even preventing bouncescans from succeeding!
5/3/06 Upgraded Features
- Double the granularity of attack detection reporting — see more precisely and analyze 100 events to manage suspicious and unwanted behavior
- More immediate access to real-time data
- Introduction of 4 blacklists for different types of offenses that can be set with varying parameters for each list
Anti Reconnaissance Appliance
Camouflage and Protect Your Network
Route undesireable traffic to Ally, NOT into your network! Once rerouted into Arxceo Ally's active anti-reconnaissance engine
- Undesireable traffic is 'trapped'
- Arxceo provides modified replies to these network probes
- It hides your real information
- It hides the fact that they have been discovered
- Arxceo's technology works in realtime
- Doesn't use any defined lists of good or bad IP addresses
Arxceo's anti-reconnaissance technology implements a passive responder, an active detection and reaction module and finally an aggressive blackhole response engine to provide the most robust defense against attackers and worms.
According to SC Magazine reviewer, Peter Stephenson, "In a field where a mid-range product can cost around $26,000, the real standout was a product that measured about eight inches long, looked like a square orange tube and cost $900. It was the only product we tested that performed flawlessly in all areas ... It is simple to deploy and configure and requires very little administration ...add in its excellent performance and the Ally ip100 is our Best Buy for small networks."
ÞDue to customer demand for protecting laptop connections while away from the office, every Ally ip100 can now be powered from the USB port of a PC or laptop.
Anti-Reconnaissance Countermeasures
- Arxceo's patent-pending Tag-UR-IT® technology confuses reconnaissance results of attackers
- Industry tests show a 0.0% chance of attackers predicting the sequence numbers of connection IDs for the range of hardware and operating systems protected by an Ally
- The results of various reconnaissance tools return different information to further delay or thwart a scouting session
- Results change from session to session when using the same tool repeatedly
Worm Mitigation
- Worms enter the network from the Internet, an email attachment, unsecured wireless networks and a myriad of other methods
- They propagate across your network by scanning for other machines to infect
- The Ally appliances stop the propogation and the scans and prevent the spread of worms
Protocol Fortification
- The Ally fortifies network protocols
- Eliminates abuses such as covert channeling, DNS cache poisoning, fragmented packet 'exploit injections' and raw-frame Ethernet data leak transmissions
- Provides a hardened network stack guarantee for every device protected by an Arxceo Ally appliance
Transparent IP Address Authentication
- The Ally transparently authenticates end-user TCP connections
- Doesn't require any client software to communicate or authenticate the session
- Authentication eliminates address spoofing, which is a common method used in both network reconnaissance and network attacks - including many of the Denial of Service abuses
