An Israeli security company this week made its U.S. debut, announcing an intrusion detection system that, without human intervention, shuts down attacks while they are in progress.

Vsecure Technologies' NetProtect Enterprise appliance can defend against four types of attacks, says Joe Krull, vice president of security for the firm. They are: Network probes and scanning, which usually precedes an attack, distributed denial of service (DDoS) attacks, "brute force" or dictionary-based authorization attacks and worms.

NetProtect is a Layer 2 appliance that has no IP address, Krull says. As such, it cannot itself be targeted by hackers and can be installed anywhere on the network with no configuration changes, as is typically required with traditional IDSs.

The product is intended to be easy to deploy and use. After installation, the device goes into learning mode, during which it polls network devices, "learning" the network architecture and creating a baseline to define what constitutes normal activity. This process takes no more than two hours, after which the device shifts to transparent mode.

At that point, it shows the types of attacks that are occurring and indicates what it would do to block them, without actually taking any action. Only after the customer is comfortable that the device is acting correctly is it shifted to active mode and starts blocking attacks.

In all, NetProtect examines some 14 parameters to determine whether any type of network traffic is abnormal, says Avi Elbaum, chief technology officer for Vsecure. Examples include the number of inbound vs. outbound packets and how much payload packets are carrying.

"We built a machine that exactly calculates the relationship between incoming and outgoing traffic for every user," even when dealing with stateless protocols like UDP, Elbaum says.

Once it draws a conclusion about which connection is involved in an attack, the device takes corrective action -- a key differentiator from most other IDSs. That action can range from dropping packets to closing the session on the user or server side, he says.

NetProtect Enterprise handles lines speeds of T1/E1 and 10M bps Ethernet. It is priced at about $22,000. In about four months, the company plans to deliver a version that supports T3/E3 and Fast Ethernet.