Validated Product - NFR SentivistT v4.0.2 - Updated to v4.0.6 and Sentivist Sensor Models 310C, 320C and 320F

PRODUCT DESCRIPTION

This TOE is the NFR Sentivist™ intrusion detection system from NFR Security, Inc. that monitors networks for hostile traffic. NFR Sentivist’s hybrid detection engine delivers highly accurate and robust intrusion detection because it utilizes multiple techniques to analyze and identify suspicious network traffic. These techniques include:

• Advanced, customizable signatures to match traffic to known attacks.
• Protocol decoding to detect attacks that violate protocol standards.
• Anomaly detection to detect various types of attacks.
• Stateful, deep packet inspection to detect embedded worms and trojans, among others.
• Packet reassembly to detect attacks hidden through packet fragmentation techniques, for example.

The TOE is a system of distributed components comprised of the Sentivist Administration Interface (AI) for management, the Sentivist Server which is a central server that manages event and alert data, , and the Sentivist Sensor which is a self-contained intrusion detection appliance.

The TOE uses Sentivist Sensors deployed at key network locations to collect and analyze network traffic and then respond according to the enterprise defined security policy. Data from multiple Sentivist Sensors is transmitted over secure, encrypted channels to a central server, the Sentivist Server, and is stored for review by authorized administrators. The Administration Interface (AI) allow Security Administrators to connect to the central server over secure, encrypted channels to manage policies and review detailed historical data for any connected sensors to which they’ve been granted access.