Trellix Intrusion Prevention System (IPS) is a network security solution that detects and blocks malware threats across networks using both signature-based and signature-less detection methods. The system is designed to operate in hybrid environments, supporting on-premises, virtual, and cloud deployments with scalability up to 100 Gbps for on-premises appliances. It features automatic scaling for elastic workloads. Trellix IPS combines multiple detection techniques that go beyond traditional pattern matching, utilizing advanced detection and emulation capabilities to identify sophisticated and stealthy attacks. The solution provides real-time blocking capabilities and is marketed as NDR (Network Detection and Response) ready. The platform includes comprehensive investigative workflows with intuitive dashboards that correlate alerts to enable efficient threat investigation. It integrates behavioral analysis with signature-based detection to provide context for security events. The system is supported by complementary services including installation assistance, configuration support, integration capabilities, training, and ongoing optimization services such as solution tuning and incident response support.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
NBD (Network Block Device) is a network protocol implementation that allows clients to access remote block devices over a network as if they were local storage.
Snort is an open source intrusion prevention system that uses rules to detect and prevent malicious network activity.
A Linux command-line tool that allows you to kill in-progress TCP connections based on a filter expression, useful for libnids-based applications that require a full TCP 3-way handshake for TCB creation.
A TCP-based traceroute implementation that bypasses firewall filters to trace the path to a destination.
A free DNS recursive service that blocks malicious host names and protects user privacy.
Tcpdump is a command-line packet analyzer for capturing and analyzing network traffic.
A userland implementation of the Network Block Device protocol that enables remote block device access over network connections for distributed storage and virtualization use cases.
A free, open-source network protocol analyzer for capturing and displaying packet-level data.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.