- Fewer security incidents. While connected units typically do not notice any changes, the IPS ensures less disruption for university systems and a reduced number of security incidents.
- Selective logging. The IPS only records network activity when it takes action, maintaining the privacy of network users.
- Privacy protection. The IPS compares network traffic against a list of known malicious traffic and does not store or view content.
Reputation-managed protection. The IPS subscribes to a reputation-based list of known malicious sites and domains, which it uses to proactively protect the university.
Example: Phishing or Malware attempts: If a university staff member clicks on a link in a phishing email or a malware ad for a site that is on the IPS blacklist of known malicious sites, traffic would be blocked and the staff member would see a blank page.
Multiple threat protection. The IPS offers zero-day threat protection, mitigates brute force password attempts, and provides protection against availability threats, such as DDoS and DoS attempts.
Example: Brute Force Password Attempt: If a criminal attempts to gain access to a university account through brute force (e.g., repeated login attempts), the IPS can monitor the size of the data movements, recognize unusual patterns, and block access.
- Dynamic threat response. The IPS can be fine-tuned to recognize and respond to particular threats, allowing the university to react to identified threats to university business.
Note: Not appropriate for all networks. The IPS covers most Ann Arbor campus networks, excluding the Health System. The IPS is not appropriate for some researchers with high-bandwidth needs or those who study malicious network traffic. The system may slow extremely high-volume traffic or block malicious content researchers wish to study. These networks may need to be protected in other ways.