Protego Networks' line of PN-MARS security appliances helps network administrators manage and eliminate network attacks by combining intelligence, ContextCorrelation, SureVector analysis and AutoMitigate capability in a hardware-based solution that's easy to deploy. The appliance correlates data about security and network events from switches, routers, firewalls, intrusion-detection systems (IDSes), host logs and other hardware and software sources, and identifies incidents such as worms, Trojans, blended attacks, misconfigurations and internal abuse.

The Protego MARS series of security appliances is built around standard Intel platforms with a hardened operating system, embedded Oracle database, proprietary logic, scalable architecture and Web-based user interface. Performance characteristics and price points vary by model to accommodate a wide range of deployment scenarios, network sizes and corporate budgets. CRN Test Center engineers reviewed the PN-MARS 100, which can process up to 5,000 events per second. The unit contains a 750-Gbyte RAID 10 storage array in a 3U chassis and operates in a fashion similar to a dual-honed firewall.

Protego's automated network discovery function obtains device configuration information and captures events and logs from a wide range of network devices, security devices, hosts and host applications. It also builds a virtual network topology complete with device configuration and security policies. The appliance operates out of line, so its presence does not affect network performance. The PN-MARS 100 identifies network and application threats through sophisticated event correlation and threat validation. Once the MARS 100 makes administrators aware of an attack, they can prevent or contain it in realtime by initiating specific mitigation commands to network enforcement devices.

The link for this article located at Marc Spiwak is no longer available.