Trellix Intrusion Prevention System (IPS) is a network security solution that detects and blocks malware threats across networks using both signature-based and signature-less detection methods. The system is designed to operate in hybrid environments, supporting on-premises, virtual, and cloud deployments with scalability up to 100 Gbps for on-premises appliances. It features automatic scaling for elastic workloads. Trellix IPS combines multiple detection techniques that go beyond traditional pattern matching, utilizing advanced detection and emulation capabilities to identify sophisticated and stealthy attacks. The solution provides real-time blocking capabilities and is marketed as NDR (Network Detection and Response) ready. The platform includes comprehensive investigative workflows with intuitive dashboards that correlate alerts to enable efficient threat investigation. It integrates behavioral analysis with signature-based detection to provide context for security events. The system is supported by complementary services including installation assistance, configuration support, integration capabilities, training, and ongoing optimization services such as solution tuning and incident response support.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Tcpdump is a command-line packet analyzer for capturing and analyzing network traffic.
pfSense is a leading open source firewall and network security solution, providing advanced protection and connectivity options.
A Linux command-line tool that allows you to kill in-progress TCP connections based on a filter expression, useful for libnids-based applications that require a full TCP 3-way handshake for TCB creation.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
A TCP-based traceroute implementation that bypasses firewall filters to trace the path to a destination.
Tor Browser is a free and open-source software that allows users to browse the internet anonymously and privately.
NBD is a user-space network protocol for sharing block devices over a network, allowing clients to access block devices on a server as if they were local.
WiGLE.net is a platform that collects and provides data on WiFi networks and cell towers, with over 1.3 billion networks collected.
A blog sharing packet capture files and malware samples for training and analysis, with archived posts and traffic analysis exercises.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.