What is the SPA (Site Protector Appliance) Engine?

SPA Engine is the core engine of the SPA system, responsible for blocking attacks in Layer 2 by analyzing network traffic. It protects you against SYN Flood attacks, DDoS Attacks, XMAS Scans, IP Fragments, Invalid Packets, DNS Flooding, SSH Brute Force attacks, Email Attacks and much more.

What is the SPA Collector ?

SPA Collector adds additional functionality to the SPA Engine, by collecting and analyzing logs from SPA appliances and other Security Systems, correlating the logs and applying blocking rules if required in order to stop an attacker.

Can SPA replace my Firewall ?

No. SPA has not been designed to replace a firewall. SPA is a network analyzer that is able to detect and block various internet attacks before they enter your network.

Can someone attack my SPA ?

No. The SPA appliance runs in Layer 2 without an IP address, hense is invisible to attackers.

How SPA blocks an attack ?

SPA and all of its blocking mechanisms both operate in Layer 2. The SPA engine moves Layer 2 packets to Layer 3 (network) for inspection. If an attack detected then the SPA engine will apply a blocking rule in Layer 2.

Does SPA need any signatures like an IDS or Antivirus ?

No. The SPA engine does not need any signatures. Detection is based on traffic inspection at the network level (data stream). The  Enterprise version of our appliances include Snort IDS as an add-on.

Can I add custom blocking rules to SPA ?

Yes. You can block any IP address or complete networks, any port (tcp,udp) or any combination of IP:port .

How many rules can I add without decreasing performance ?

SPA has been tested with thousands of blocking rules (more than 50000) without any performance impact.

Which systems/logs are compatible with the SPA Collector ?

First of all, the SPA Engine does NOT need any signatures or any logs to identify an attack. But, additional inputs (like logs from other security systems) will help the correlation engine to react faster in case of an attack. The SPA Collector is able to analyze Checkpoint Firewall logs (latest version), IPtables logs, IBM ISS intrution detection logs, SNORT logs, Checkpoint IPS logs (aka SmartDefense). Also it is able to detect attacks by analyzing Apache logs, Sendmail logs, Mod_Security (WAF) logs, ProtFTP logs, Bind DNS logs and Asterisk logs.