SURF-NDP
    Surfilter Intrusion Prevention System

    Surfilter's Intrusion Prevention System SURF-NDP uses a hardware platform and a software operating system, integrated with an identification application for user and content information, and comprehensively identifies all information content in one scan. The content identification doesn’t rely on the traditional application port, and is not affected by encryption, evasion and escape technology. It accurately evaluates known threats and viruses. It evaluates the features of unknown malware through sandboxing and realizes comprehensive and timely protection of the customer's network.

    Core Value


    Application Identification Technology (APP-ID)

    Classify all applications at each port.

    Identify application program regardless of port encryption or circumvention technology.

    Use application program as the basis for all security-enabling strategic decisions.

    Control unrecognized application programs through multiple means in many ways.


    Content Identification (Content-ID) Technology

    Integrate with other non-standard user storage.

    Restrict unauthorized file and sensitive data transmission and control work-unrelated web browsing.

    Deploy unified strategies to local and remote users on multiple platforms.


    Unknown Malware Protection

    Stop known threats such as virus attacks, malware and spyware without being affected by common means of threat and avoidance.

    Identify unknown malware and automatically update the signature library.

    Product Functionality


    Sandbox Analysis Technology

    Identify and analyze more than 100 malicious acts on targets and unknown files.

    Update discovered malware signatures and automatically provide protection.

    Update the signature library and integrate log reports within 1 hour.


    Firewall Technology

    Implement strategy-based control for application programs, users and content.

    Piecewise Packet Protection.

    Reconnaissance Scan Protection.

    Denial of Service (DoS) and Distributed Denial of Service (DDoS) Protection.

    SSL (Inbound and Outbound), SSH.


    File and Data Filtering

    File transfer: Two-way control over more than 60 unique file types.

    Data transmission: Two-way control for unauthorized data transmission.

    Hidden download protection.


    Threat Defense

    Vulnerability attack protection for application programs and operating system.

    Virus stream scanning (including viruses embedded in HTML, Javascript, PDF and compressed

    files), spyware and worms.


    Quality of Service (QoS)

    Implements strategy-based traffic shaping through applications, users, sources, destinations,

    interfaces, IPSec VPN tunnels, etc.

    Traffic class with 8 guarantees, maximum and priority bandwidth parameters.

    Real-time bandwidth monitoring.

    Distinguish service tags according to strategy.

    4 physical interfaces supporting QoS.

    Product Advantages


    Innovative hardware platform and software operating system comprehensively identifies all message contents including three kinds of the information—APP-ID, User-ID and Content-ID—through single scan.


    Excellent security ensures complete terminal protection, sandbox monitoring of unknown software, global protection, dangerous URL filtering, threat monitoring, etc., ensuring intrusion protection and virus monitoring are integrated and deployed in the data centers, enterprise network exit boundary, and distributed enterprises and terminals.


    Provides detailed logs and reports for management, reporting, visualization tools, integrated web interface, CLI or internal management (panorama), viewing, filtering and export traffic data, threats, URL and data filtering logs, providing the detailed logs and reports.