ActiveScout Blocking

ActiveScout provides flexible, intuitive alerting and reporting options to ensure that security managers get the information they need, when they need it.

• Customized blocking
  ActiveScout's blocking mechanisms can be selectively activated, depending on corporate security policies. Blocking can be activated for specific attack categories, with configurable action duration and alert options.
  
  
• Advanced TCP session reset
  Unlike conventional TCP reset mechanisms, which are sensitive to timing subtleties, ActiveScout's TCP reset blocking mechanism is activated during the initiation of the TCP session, providing efficient blocking.
  
  
• Firewall-based blocking
  In addition to using its own blocking technique, ActiveScout can make the firewall dynamic by creating rules in real-time, enabling the automated blocking of intruders.
  
  ActiveScout appliance integrates with the most common firewalls, including Check Point's VPN-1 /FireWall-1® solution using Suspicious Activity Monitoring Protocol (SAMP) and Cisco's PIX firewalls. Additionally, ActiveScout ships with an API allowing for the development of scripts to provide easy integration to third party firewalls.
  
  
• Monitor/Block mode toggle
  ActiveScout supports both a Monitor-mode and a Block-mode, allowing the security manager to switch between observation and blocking of offensive traffic.
  
  
• Exclusion and inclusion lists
  ActiveScout allows security managers to manually override its identification and blocking mechanisms, in order to exclude pre-defined IP addresses and/or to permit access from business-critical addresses.