Jan 27, 2012
Real-time, deep-packet inspection of network traffic improves securityBack
Facebook|LinkedIn|SonicWall|Unified Threat Management Solutions|YouTube|Africa|Europe|South Africa|United States|Cloud Applications|Firewall Supplier|Internal Network|Intrusion Prevention Services|Secure Hypertext Transfer Protocol|Session Initiation Protocol|Streaming Media|Dominique Honnay|Middle East|Firewall|Information Technology|Secure Hypertext Transfer Protocol|Session Initiation Protocol|Streaming Media|VOIP
© Reuse this
The information technology administrator or security officer of a company needs to be able to identify the applications coming into the company’s network, he says.
“We look at the special characteristics of data streams and, based on these, we can determine that the traffic is LinkedIn, Facebook, Facebook Farmville gaming, or Skype, beside others. Our library has a database of 3 800 applications that we can identify and it is growing continuously,” he explains.
All incoming traffic should be scanned and filtered, as is the case with classic Unified Threat Management Solutions (intrusion prevention services, gateway antivirus and antispyware). However, there is a growing need to scan the traffic from specific applications in detail, owing to emerging security threats. This means scanning streaming media, such as Skype, YouTube and Voice-over-Internet Protocols (VoIPs). Also, when companies are using cloud applications, it is critical to ensure a secure network envi- ronment, he says.
“This must happen in real time, as the information is streamed. We have developed our own patented technology, called Reassembly-Free Deep Packet Inspection (RFDPI), to scan network traffic. This engine gives us the ability to scan up to 56 different protocols, including secure hypertext trans- fer protocol and other secure traffic,” he notes.
“One of the things we do is to look for anomalies in the packets. For example, session initiation protocol and VoIP have distinguishing characteristics. We also use our own intelligence database to identify potential threats coming into the network through, for example, VoIP, and we define the patterns that the engine can recognise in the VoIP traffic coming into companies,” explains Honnay.
Companies traditionally focus on securing and filtering information coming from outside into the networks. However, in larger, more open environments, such as in large corporate companies and universi- ties, it is also important to subsegment the internal network in different virtual or physical areas and conduct scans and filtering for internal traffic on the network, he notes.
Meanwhile, given that some employees must be able to access different sites, such as Facebook or LinkedIn, to establish and maintain client relationships, simply blocking access to sites is not the most effective method of dealing with the emerging security threats in the workplace.
Rules for bandwidth prioritisation can be set up to manage the performance of a company’s network because there will always be a greater demand for bandwidth than is available, he adds.
“From a secure remote access point of view, we also must be able to identify which users are accessing our networks, using which applications and what devices. Is the device known to the company, is it a private device, does it have the correct firewall settings and is its antivirus program up to date?”
Employees and managers need to be able to connect to work networks using any device at hand and the critical measure is how companies control this development, states Honnay.
The mechanisms to manage device connectivity mostly have to do with the internal environment, which means that the user must register and authenticate the device on the active directory database, including his or her position in, or relationship with, the company, for example, a consultant.
“Secondly, we have to check the device he or she is using and whether it is a managed or unmanaged device. Can the information technology (IT) manager configure or see the security settings?”
SonicWall’s Secure Remote Access Platforms can check to see if devices are secure and can prevent flooding, which is mass traffic sent to bring down a server or network.
“We can define, for instance, when a person wants to connect with a device that does not meet the company’s security policy; they can only access browser-based applications, and will only be granted full access to the internal network if the user has taken action to secure his device,” he says.
The challenge, if a company wants to effectively secure traffic on its network, is to be able to scan at wire speeds.
“If you cannot scan at 1 Gbit/s, 5 Gbit/s, 40 Gbit/s or higher, you are securing the environment at the cost of performance. There must be a balance between connec- tivity, security and performance.
“We have RFDPI appliances capable of handling 10 Gbit/s and can combine four boxes to enable 40 Gbit/s scanning. We plan to increase this capacity in 2012.”
Meanwhile, SonicWall has identified a potential growth market in South Africa in line with developments in the US and Europe, where smaller companies that are unable to afford skilled or permanent IT security personnel are outsourcing the perimeter security of their networks to specialist companies.
“This is a change in the market that will probably come to South Africa as well,” concludes Honnay.
Edited by: Martin Zhuwakinyu© Reuse this Comment Guidelines
Other ICT News
Updated 7 hours ago The development, convergence and mobility of modern information technology (IT) is challenging companies to have more agile systems. This may require more use of open IT standards to enable movement into and out of cloud services, says international open source IT...
Updated 7 hours ago Local antenna manufacturer Poynting Holdings reports high growth of its defence equipment order book, offset by losses in other divisions, and notes that about 68% of its earnings stem from exporting equipment mainly to developed markets, says Poynting CEO Dr André...
Updated 7 hours ago Only 26% of new information technology (IT) systems produce the intended results in companies, according to a new study involving 1 012 large firms employing more than 1 000 people in the UK, France, Germany, Switzerland, Italy, Spain, Benelux, Russia and South...
Recent Research Reports
Steel 2014: A review of South Africa's steel sector (PDF Report)
Creamer Media’s Steel 2014 report provides an overview of the global steel industry and particularly of South Africa’s steel sector over the past year, including details of production and consumption, as well as the country's primary carbon steel and stainless...
Projects in Progress 2014 - First Edition (PDF Report)
This publication contains insight into progress at the delayed Medupi and Kusile coal-fired projects, in Mpumalanga and Limpopo respectively, as well as at the Ingula pumped-storage scheme, which is under construction on the border between the Free State and...
Automotive 2014: A review of South Africa's automotive sector (PDF Report)
The report provides insight into the business environment, the key participants in the sector, local construction demand, geographic diversification, competition within the sector, corporate activity, skills, safety, environmental considerations and the challenges...
Construction 2014: A review of South Africa's construction sector (PDF Report)
Construction data released during 2013 hints at a halt to the decline in the industry during the last few years, with some commentators averring that the industry could be poised for recovery. However, others have urged caution, noting that the prospects for a...
Electricity 2014: A Review of South Africa's Electricity Sector (PDF Report)
This report provides an overview of the state of electricity generation and transmission in South Africa and examines electricity planning, investment in generation capacity, electricity tariffs, the role of independent power producers and demand-focused initiatives,...
Defence 2013: A review of South Africa's defence industry (PDF Report)
Creamer Media’s 2013 Defence Report examines South Africa’s defence industry, with particular focus on the key players in the sector, the innovations that have come out of the defence sector, local and export demand, South Africa’s controversial...
This Week's Magazine
Updated 7 hours ago Celebrating its fiftieth Green Star SA certification in only six years, and with a further 150 projects in the Green Star SA registration pipeline, the impact will increase significantly. “In South Africa, certified new green buildings now cover nearly one-million...
Updated 7 hours ago Volkswagen Group South Africa (VWSA) has installed an automated guided vehicle (AGV) line to replace the traditional roller conveyor used on the VW250 engine line. An AGV is a mobile robot that follows markers or cabling in the floor, or uses vision or lasers to...
Updated 7 hours ago South Africa has an opportunity to achieve a similar result to that of China, which has lifted hundreds of millions of its citizens from poverty to prosperity, but the challenge is to develop world-class customer-focused engineers.
Updated 7 hours ago South Africa had more than enough money and resources to deliver on the constitutional promise of quality of life for all, but those involved in corruption have cost the country immensely.
Updated 7 hours ago BMW South Africa has postponed the introduction of the i3 city car and i8 supercar to March 2015, says spokesperson Edward Makwana. The i3 is an electric vehicle, and the i8 a plug-in hybrid. Both models were scheduled for local introduction this year.