Trellix Intrusion Prevention System

The IPS that goes way beyond signatures

Protect against stealthy threats

Trellix Intrusion Prevention System (IPS) is an NDR-ready, next-generation IPS that detects and blocks sophisticated malware threats across the network. It uses advanced detection and emulation techniques, moving beyond traditional pattern matching to defend against stealthy attacks with a high degree of accuracy and performance.

Did you know ...

Trellix Data Security statistics

000+

File formats supported by Trellix Data Loss Prevention

00M+

Drives protected worldwide by Trellix Data Encryption

000+

Patch protections delivered by Trellix Database Security

Why Trellix IPS?

Superior Detection

Combines multiple signature and signature-less detection capabilities into a single solution.

Seamless Protection

Scalable IPS architecture designed for hybrid networks from on-prem, virtual, to cloud environments.

High Performance

Provides automatic scaling for elastic workloads and on-prem appliances up to 100 Gbps.

Comprehensive Investigative Workflows

Trellix IPS+ delivers comprehensive threat investigation, combining signature-based and behavioral analysis with intuitive dashboards. Streamlined workflows correlate alerts, enabling swift investigations.

Real-time Blocking

Trellix IPS+ delivers threat mitigation across diverse networks. Its multi-layered approach combines signature and behavioral analysis to block known and emerging attacks in real time.

NDR Ready

Trellix IPS+ seamlessly integrates with Trellix NDR, providing rich threat data and Layer 7 metadata. This synergy enables advanced ML detections and powers GenAI-driven investigations.

Trellix Intrusion Prevention System products

Deploy in the cloud and on-prem.

Trellix IPS+ for AWS

  • Protects assets for known and unknown exploits.
  • Employs Trellix IVX to detect exploits before they enter the network.
  • Integrates with AWS Gateway Load Balancer for automatic scaling.

Trellix IPS for On-Premises

  • Identifies and blocks threats across the network.
  • Uses advanced detection and emulation techniques.
  • Defend against stealthy attacks with accuracy, speed, and scale.

Trellix IPS goes beyond traditional signature-based detection, incorporating multiple layers of protection. It combines signature-based detection with advanced botnet and malware detection, advanced intrusion prevention, DOS and DOS prevention, and sandboxing. This multi-layered approach enables Trellix IPS to detect and block known and unknown threats, including zero-day attacks and sophisticated malware. The system also offers high performance, scalability, and seamless integration with cloud environments, making it suitable for modern, hybrid network architectures.

Trellix IPS offers robust capabilities for inspecting encrypted traffic, including inbound and outbound SSL decryption. It supports various encryption protocols, including Diffie-Hellman and Elliptic-Curve Diffie-Hellman ciphers. The system uses an agent-based, shared key solution for SSL inspection, which doesn't impact sensor performance. This allows Trellix IPS to detect threats hidden in encrypted traffic without compromising network speed or user privacy. The exact throughput with SSL decryption varies by model but can reach up to 90 Gbps with 10% SSL traffic.

Yes, Trellix offers IPS+ for AWS, which is specifically designed to protect cloud assets. It integrates seamlessly with AWS Gateway Load Balancer, providing automatic scaling to match elastic workloads. This cloud-native version includes all the advanced features of the on-premises IPS, such as signature-based detection, behavioral analysis, and the Trellix IVX dynamic analysis engine. It offers protection against known and unknown exploits, DDoS attacks, and command-and-control callbacks, ensuring comprehensive security for AWS environments.

Trellix IPS offers high-performance protection that scales to meet the needs of demanding networks. Performance varies by model, but top-tier appliances can achieve a throughput of up to 100 Gbps when stacked. The system is designed for efficiency, maintaining performance regardless of security settings. It also provides features like active-active and active-passive modes with stateful failover for high availability. For cloud deployments, Trellix IPS+ for AWS leverages Gateway Load Balancer for automatic scaling, ensuring optimal performance as traffic fluctuates.

Related resources

Webinar
Why IPS Still Matters

Despite its reputation as a mature, commodity, technology, IPS (Intrusion Prevention Systems) are still an essential part of network security strategy.

Blog
Trellix Extends its Virtual Intrusion Prevention (vIPS) System with AWS Gateway Load Balancer

In this blog post, we'll explore how the integration of Trellix vIPS with GWLB can bolster customers’ infrastructure's capabilities.

Data Sheet
Trellix IPS+ For AWS

Trellix IPS+ provides signature-based detection that protects vulnerable assets from exploit, and can stop DDoS, C2 callbacks, and more.

Security awareness

What is Network Security

A combination of technologies, policies, and practices to protect computer networks and data's confidentiality, availability, and integrity.

Read More

What is NDR?

NDR goes beyond essential intrusion detection to continuously monitor your network traffic for suspicious activity.

Read More

Take the next step toward living security for your network