Syspeace’s server protection is an anti-hacking software, for brute force attacks specifically. Syspeace can detect and protect you from:

Automatic hacking attacks

Brute force attacks

Intrusion attempts

The Syspeace system is a Host-based Intrusion Detection and Prevention System (HIDPS). This simply means that it reasons about the pattern of failed login attempts and sequentially blocks the attacker once it can discern the attack from a legitimate user logging in incorrectly.

Protecting against intrusion attempts and brute force attacks also protects against consequences like ransomware, malware, and viruses.

Below you’ll find an overview of all Server IPS features.

Server IPS

$4.20 / server / month

Syspeace overview

Runs on
Windows Server 2008 R2 and later

We provide an actual multi-purpose management console that you can run on almost any modern Windows computer.

With this console, you will manage all your syspeace installations as swiftly for a single account as for multiple accounts.

The console does not require line-of-sight to the services. Both the services and console must be able to connect to the Internet.

Having the possibility to manage your services wherever you are is a great advantage.

No extra components are required to install to gain full connectivity between all your consoles and your services.

We have built a layer of distributed, redundant relays that manages communication between nodes.

This means that you do not need to host any own webservers or databases or make holes in your firewall to allow for communication.

Using multiple consoles simultaneously is a design feature we are incredibly proud of.

Changes to service settings made in a console are propagated in real-time to other consoles. This allows multiple people to work simultaneously without corrupting settings or data.

Having staff be able to run their own console without being afraid of data corruption or missed settings is a huge advantage and a time saver.

Update all your services remotely by using the update feature in the console application.

This is a handy feature that minimizes maintenance when you manage several services.

Your applications should be able to utilize the capacity of your servers to the fullest.

Therefore, we have been working hard to reduce the memory footprint and CPU usage of Syspeace.

Syspeace is built for ease of use and to fit small and medium size businesses. It is easy to install, set up, and use.

Syspeace will protect your servers from brute force attacks with many functions that are unique in this space.

The modular design of the Syspeace infrastructure makes the product ideal for larger companies, MSPs, or enterprises.

Thanks to the high focus on automation and lights-out installation and updates, the maintenance time is low, and there is a minimal risk of manual errors.

Syspeace is easy to install on a scale using automation and commonly available tools and services.

Allocate support staff to access only a subset of your servers to allow for granular security.

Syspeace is compatible with both IPv4 and IPv6 networks.

Security by design

Keeping information secure and limited only to those who use it is critical for our customers and our company.

Cyber security comes in many forms. One of the cornerstones for Syspeace’s architecture is “security by design”.

This ensures that all data are kept private and secure.

All communication between the console and services is encrypted using TLS.

No one but yourself can decode and interpret the data sent between the console and services within your account.

Only the customer holds the private keys used for encryption between the console and the services.

Console to service communication through Syspeace Relay is encrypted with unique, per-tunnel ephemeral keys negotiated through a Diffie-Hellman key exchange.

All components, consoles, and services, issue their own certificate with a unique private and public key.

The public key is then sent to other components within the same account, making it possible for them to cryptographically verify the integrity of your messages.

The implementation of PKI makes it impossible to inject fraudulent information from unauthorized sources.

You, as a customer, are the sole proprietor of your certificates and private keys.

No one but yourself can encode, decode and interpret the data sent between the consoles and services you use.

The private key never leaves your computer.

We store management and license information on our central servers for billing purposes. Our Global Blocklist, which we distribute freely, is built from block information our customers send to us.

All communication between our central storage and customers is secured by TLS and encrypted using PKI.

Principle of Least Privilege is important in any application to ensure safe and secure operations.

Create and maintain multiple user accounts for your support staff to separate responsibilities and manage security on multiple services within a Syspeace account.

License details

Enjoy the user experience on our Syspeace license web.

This is where you swiftly manage the licenses for Syspeace, both your own and your customers.

Built to maximize your choice, the license console is an invaluable tool for managing your usage of Syspeace.

Get an excellent graphical overview of all your usage of licenses to follow up on your installations.

A good overview is the source of understanding your usage over time.

With a goal of zero maintenance, all our licenses are floating.
The services automatically pick up a free license from your license pool in the background. Whenever you buy a license in the Syspeace license web, that license is added to your pool.

No more hassles with separate license numbers for different servers.
One size really fits all!

With the dynamic license system, only pay for what you plan to use. Making a short-time license is as simple as creating one for extended usage.

Licenses can be stacked and be valid between different dates. This enables you to tailor your need over time.

Utilizing the license system to meet your needs optimizes your cost over time and cash flow.

We recommend you set up automatic recurring renewal of your licenses. The set up of recurring licenses is strictly on an opt-in basis per license.

You will never forget to renew a license, and your servers will remain protected.

Blocking dynamics

Syspeace’s blocking engine uses the Windows Filtering Platform (WFP) directly instead of Windows Firewall.

This engine is far faster and more efficient than the traditional firewall, governing the server’s resources better.
It also serves those who have disabled the Windows Firewall or have other security-related products installed that govern the Windows Firewall.

Syspeace allows for creating extensive, capable and complex rules with an easy-to-use UI.

A rule can act on many different types of system information. This enables you to tailor specific events with specific circumstances in order to generate a block, giving you unmatched flexibility.

When a rule is created or changed, the built-in retrospective engine maximizes your protection by running the rule logic on historical data, adapting the need for blocks effectively.

This minimizes the time the server is open and vulnerable to known threats which enhances your level of security.

It is possible to limit what countries that can visit your servers by applying a country rule. This is often used to exclude traffic from countries where you do not have any customers from.

Hacking attempts originate from many countries. Minimize your attack area by limiting who can communicate with your servers.

Blocking an intruder is essential. However, since IP addresses change owners from time to time, it is good practice to block an IP address only for a specific time.

With Syspeace, you can block them for several years.

We do not recommend excessive blocking but rather release the block in a timely fashion to minimize the risk of blocking IP addresses that are no longer threatening.

Each time a computer blocks an external IP address, the block is registered in the Syspeace central database.

We scan this database regularly, looking for patterns.

When a blocked address is seen repeatedly at a number of our customers, Syspeace identifies the intruder as a widespread threat and then adds the IP address of the attacker to the Global Blocklist.

The Global Blocklist is then distributed to all Syspeace clients so that all customers can benefit from the preemptive blocking of known intruders.

The Global Blocklist is a great example of how we as a community gain advantages by cooperating, thereby increasing our security against hackers.

Make sure that the IP addresses you see as dangerous never reach your servers.

This is done by manually administering the Local Blocklist, which guarantees they can never access your server.

If you have critical customers or internal computers that you always want to guarantee access to your server, add their IP addresses to the Local Safelist, and those addresses will never be blocked.

With Shared blocks, blocks made on one Syspeace Service are replicated on other Syspeace Services within seconds. Shared blocks are aware of local networks and will only replicate blocks for local/internal IP addresses to the services that have been tagged as being on the same network.

With Shared IP lists, Blocklists and safelists can be defined per account or license group and available (mandatory or opt-in) on all Syspeace Services.

Extended Shield

This section with Syspeace Extended Shield applies only if you are protecting more than one server with Syspeace.

You can share information about IP addresses between multiple servers that Syspeace protects.
Information can be shared between all servers in your Syspeace account or servers in a specific license group.

This feature will reduce your workload, boost security, and minimize the attack window for the brute force attacker.

A shared list contains information about one or more IP address.

A shared list can either be mandatory for the servers to use or decided per server if it should be used or not.
Targeting a specific network subnet using a local network tag is also possible, further enabling granular usage.

The shared lists are used for multiple purposes and have one thing in common: they make your life easier trying to maintain protection status on numerous servers.

Easily create one or more shared blocklists.
Each shared blocklist contains one or more IP addresses you want to block on your Syspeace servers.

With shared blocklists, it’s much easier to block a specific IP address on multiple servers.

Easily create one or more shared safelists.
Each shared safelist contains one or more IP addresses you do not want to be blocked on your Syspeace servers. Along with the entries in the local safelists, the IP addresses are removed from every block and blocklist.

Opening up access for an IP address to multiple servers protected by Syspeace is now done swiftly.

Easily create one or more shared GeoIP override lists.
Each shared override list contains one or more IP addresses you want to tie to a specific country.

Correction of a GeoIP-based error on multiple servers enhances the accuracy of reporting swiftly.

Whenever a Syspeace service protects your server from a brute force attack by blocking a specific IP address, that IP address can be shared and picked up by other Syspeace services running on other servers.

Shared blocks further enhance security on your servers, quickly shutting down the possibility for an organized hacker to probe your other servers.

Shared blocks are trackable. Each shared block on a Syspeace service can be traced back to the originating server and display the rule and the specific events that trigged the block.

Traceable shared blocks further enhance the understanding of why blocks are made.

Removing blocked IP addresses on a single server is done quickly. Removing blocked IP addresses on multiple servers can be tedious. That’s why we invented local and global removal.

The most fundamental task is to remove the block on the server you are currently managing using the Syspeace console.

It is also possible to remove a shared block “globally”, across all servers it is shared to.

Removing shared blocks on multiple servers saves time and workload and increases efficiency when managing multiple servers.

Shared block information is kept separately from the originating service and all Syspeace services keep track of the current shared blocks.

Even if a Syspeace service is taken offline for a while and later is brought back online, it will synchronize its shared blocks, be brought up to date with added and removed blocks from when it was offline and not miss a beat.

This keeps the protection level on your server up to date and minimizes administration.

Live status and insights

Keep track of which IP addresses Syspeace are blocking.

You find them in an easy to read list, including the reason why they were blocked.

This is the place to go in order to find more about the login attempts made at your server.

This list consists of failed and successful logins fed through your rules and, depending on rulings, eventually end up as blocked IP addresses in Current blocks.

Understanding why something happened is often a clue to fixing a problem.

When an IP address is blocked, this is the place you find out which rule was trigged and also all the individual login tries that the rule acted on. It is also possible to find information on any IP address that have tried to login, failed or successful.

Find an easy-to-read list of both successful and unsuccessful historical login attempts.

The list can be filtered in numerous ways to drill down into the available information.
It is also possible to export the list to a readable csv-file.

Tying together accounts and login information from different IP addresses is priceless when you want a deeper understanding of what kind of threats you face.

This report generator lets you pivot and drill down into access information, giving you an even better understanding of the situation.


Syspeace features an integrated manual.

No more hassle to find a document somewhere on the web. It’s all available in the application (and also on our Syspeace-web).

Get scheduled reports that summarize blocking activity and real-time reports that cover specific events such as blocks that are created or removed.

Also, include reports on when the services are started or stopped to get the bigger picture.

Enterprise features

When you manage multiple customers that you need to keep on separate accounts, enjoy the ability to add multiple Syspeace accounts and thereby swiftly manage multiple services for multiple customers.

This is specially built for MSPs that need a high degree of separation.

Having multiple customers, groups, or divisions that you serve with Syspeace, it would be great to allocate licenses to them without the hassle of creating many separate accounts.

This is now possible using “license groups” where you can assign floating licenses to a specific group of servers.

This allows you to minimize the license and billing work, thereby saving time.

Within a Syspeace account, give your support staff individual user accounts to manage security for the servers within the Syspeace account.

Giving granular access to technical staff enables a good practice of security and keeping in line of POLP.

This feature minimizes maintenance time and cost as well as simplifies the design of separating responsibilities within a group of technical staff members.

POLP is a cornerstone. Each account has specific permissions per group of servers, per server tag or per individual server. This allows you to tailor access and rights to servers for individual accounts.

If you have servers on two continents, giving support staff in different locations access to only their own servers keeps the CISO happy.

Group Syspeace services by tags and streamline user permission.

By putting Tags on services, it is then easy to connect those Tags to permissions that dynamically enable your support staff to access specific servers.

POLP – Principle Of Least Privilege.

This is the cornerstone of Syspeace maintenance which support your organization in your quest for secure internal maintenance.

  Our unique features found only in Syspeace.

Where Syspeace Can Protect You

Remote Desktop Services (RDP)

Terminal Services
Exchange Servers SMTP mail accounts
File shares
Outlook Web Access (OWA)
…and other programs using Windows authentication

As well as:

Login attempts on Exchange SMTP connectors.
Login attempts to Microsoft SQL Server.
Login attempts to Microsoft Routing and Remote Access Service (RRAS) – the Windows Server VPN solution.
Login attempts to your website using the optional Web Detector plugin (requires matching detector in web site). (Currently in beta – contact support.)

Download and try Syspeace v4

30-day free trial on one or more servers
Get hands-on experience with what Syspeace can do against your brute force attacks before ultimately deciding if Syspeace is for you!

More information…

Hacking and Brute Force Statistics

System Requirements

Here you can find the minimum requirements to run different versions of the Syspeace Server IPS. We have launched a new major release! See what’s new in the v3 vs v4 comparison. System requirements for Syspeace v4 Your servers must meet …