Sentinel Event Reference
CINS Rogue Packet Activity and
DPAM Rogue Packet Activity
Rogue Packet Activity alerts utilize a proprietary security methodology that identifies and mitigates malicious packet activity. When a packet is identified as ‘rogue’, it is immediately dropped, and its source IP is no longer permitted to communicate with the Sentinel’s protected network.
Rogue packet data across the entire network of Sentinel devices is used in conjunction with other trusted Internet security sources to provide reputation-based protection through our CINS system.
CINS Active Threat Intelligence
We are constantly analyzing alert data from our Sentinel network, and from our research we’ve identified certain groups of IPs – based on our specific score factors – that are malicious enough to be blocked immediately. These reputation-based rulesets generated by our CINS system are continuously fed back out to our Sentinel network, giving each our our Sentinel customers bullet-proof protection from some of the baddest actors on the planet. That’s why we call it active threat intelligence.
CINS Known Malicious Host
Collective Intelligence Network Security (CINS) is an IP reputation database that leverages Rogue Packet data from our network of Sentinel IPS devices and reputation-based information from other trusted Internet security sources. We analyze all the CINS data, and networks that we identify as particularly malicious are flagged as CINS Known Malicious Hosts. This list of networks is regularly distributed back to all the Sentinel devices, providing another layer of reputation-based protection for each Sentinel.
DPAM Known Compromised or Hostile Host
Distributed Pre-emptive Attack Mitigation (DPAM) refers to the ability of the Sentinel IPS to block a network before it has a chance to attempt an attack or send malicious traffic. This methodology utilizes various Internet security sources to create a comprehensive reputation-based blacklist of known malicious hosts. This list is updated regularly and distributed to each Sentinel device.
This activity can be either inbound or outbound. Outbound activity may indicate a compromised machine on LAN of the protected network, and deserves review by a Network Administrator. The Sentinel will mark outbound alerts with an EPS badge.