Jan 27, 2012
Real-time, deep-packet inspection of network traffic improves securityBack
The information technology administrator or security officer of a company needs to be able to identify the applications coming into the company’s network, he says.
“We look at the special characteristics of data streams and, based on these, we can determine that the traffic is LinkedIn, Facebook, Facebook Farmville gaming, or Skype, beside others. Our library has a database of 3 800 applications that we can identify and it is growing continuously,” he explains.
All incoming traffic should be scanned and filtered, as is the case with classic Unified Threat Management Solutions (intrusion prevention services, gateway antivirus and antispyware). However, there is a growing need to scan the traffic from specific applications in detail, owing to emerging security threats. This means scanning streaming media, such as Skype, YouTube and Voice-over-Internet Protocols (VoIPs). Also, when companies are using cloud applications, it is critical to ensure a secure network envi- ronment, he says.
“This must happen in real time, as the information is streamed. We have developed our own patented technology, called Reassembly-Free Deep Packet Inspection (RFDPI), to scan network traffic. This engine gives us the ability to scan up to 56 different protocols, including secure hypertext trans- fer protocol and other secure traffic,” he notes.
“One of the things we do is to look for anomalies in the packets. For example, session initiation protocol and VoIP have distinguishing characteristics. We also use our own intelligence database to identify potential threats coming into the network through, for example, VoIP, and we define the patterns that the engine can recognise in the VoIP traffic coming into companies,” explains Honnay.
Companies traditionally focus on securing and filtering information coming from outside into the networks. However, in larger, more open environments, such as in large corporate companies and universi- ties, it is also important to subsegment the internal network in different virtual or physical areas and conduct scans and filtering for internal traffic on the network, he notes.
Meanwhile, given that some employees must be able to access different sites, such as Facebook or LinkedIn, to establish and maintain client relationships, simply blocking access to sites is not the most effective method of dealing with the emerging security threats in the workplace.
Rules for bandwidth prioritisation can be set up to manage the performance of a company’s network because there will always be a greater demand for bandwidth than is available, he adds.
“From a secure remote access point of view, we also must be able to identify which users are accessing our networks, using which applications and what devices. Is the device known to the company, is it a private device, does it have the correct firewall settings and is its antivirus program up to date?”
Employees and managers need to be able to connect to work networks using any device at hand and the critical measure is how companies control this development, states Honnay.
The mechanisms to manage device connectivity mostly have to do with the internal environment, which means that the user must register and authenticate the device on the active directory database, including his or her position in, or relationship with, the company, for example, a consultant.
“Secondly, we have to check the device he or she is using and whether it is a managed or unmanaged device. Can the information technology (IT) manager configure or see the security settings?”
SonicWall’s Secure Remote Access Platforms can check to see if devices are secure and can prevent flooding, which is mass traffic sent to bring down a server or network.
“We can define, for instance, when a person wants to connect with a device that does not meet the company’s security policy; they can only access browser-based applications, and will only be granted full access to the internal network if the user has taken action to secure his device,” he says.
The challenge, if a company wants to effectively secure traffic on its network, is to be able to scan at wire speeds.
“If you cannot scan at 1 Gbit/s, 5 Gbit/s, 40 Gbit/s or higher, you are securing the environment at the cost of performance. There must be a balance between connec- tivity, security and performance.
“We have RFDPI appliances capable of handling 10 Gbit/s and can combine four boxes to enable 40 Gbit/s scanning. We plan to increase this capacity in 2012.”
Meanwhile, SonicWall has identified a potential growth market in South Africa in line with developments in the US and Europe, where smaller companies that are unable to afford skilled or permanent IT security personnel are outsourcing the perimeter security of their networks to specialist companies.
“This is a change in the market that will probably come to South Africa as well,” concludes Honnay.
Edited by: Martin Zhuwakinyu
Creamer Media Senior Deputy Editor
To subscribe email firstname.lastname@example.org or click here
To advertise email email@example.com or click here
Other ICT News
Updated 2 hours 39 minutes ago Having sifted through more than 400 entries, organisers of the 2016 Hack.Jozi Challenge have whittled the hopeful teams down to a shortlist of this year’s top ten finalists, who were selected for their innovative ideas in the digital arena. Facilitated by the City of...
Updated 2 hours 53 minutes ago South Africa’s air traffic management agency, Air Traffic and Navigation Services (ATNS), announced on Tuesday that it had signed an agreement with US-domiciled global space-based company air traffic surveillance system company Aireon. Under the agreement, ATNS and...
Updated 1 hour 18 minutes ago The Department of Human Settlements (DHS) has approved 101 “catalytic” public–private partnership (PPP) projects, valued at around R340-billion – more than half of which would be sourced from the private sector – that would mobilise and coordinate private-sector...
Updated 1 hour 24 minutes ago By 2050, agricultural productivity in Africa has the potential to increase by 70%, through technological innovation leveraged by the Internet of Things (IoT). This would meet the continent’s growing food demand which, based on population growth, is set to grow by...
Updated 1 hour 58 minutes ago Branded food, home and personal care products manufacturer Tiger Brands expects to report earnings per share (EPS) of between R10.23 and R10.65 for the six months ended March 31, a 23% to 28% improvement on the EPS of 832c reported for the six months to March 2015....
Recent Research Reports
Automotive 2016: A review of South Africa's automotive sector (PDF Report)
Creamer Media’s Automotive 2016 Report provides an overview of South Africa’s automotive industry over the past 12 months. The report provides insight into local demand and production, vehicle imports and exports, investment and competitiveness in the sector, as well...
Energy Roundup – April 2016 (PDF Report)
The April 2016 roundup covers activities across South Africa for March 2016 and includes details of a North Gauteng High Court Judge’s dismissal of a court application to postpone the 9.4% electricity tariff increase, which the National Energy Regulator of South...
Electricity 2016: A review of South Africa's electricity sector (PDF Report)
Creamer Media’s Electricity 2016 report provides an overview of South Africa’s electricity sector, focusing on State-owned power utility Eskom and independent power producers, electricity planning, transmission, distribution and the theft thereof, besides other issues.
Energy Roundup – March 2016 (PDF Report)
The March 2016 roundup covers activities across South Africa for February 2016 and includes details of the Department of Energy’s plans to announce the preferred bidders for the first tranche of the coal independent power producer procurement programme; the Council...
Steel 2016: A review of South Africa's steel sector (PDF Report)
Creamer Media’s Steel 2016 Report examines South Africa’s steel industry over the past 12 months. The report provides insight into the global steel market and and particularly into South South Africa’s steel sector, including production and consumption, main...
Construction 2016: A review of South Africa's construction industry (PDF Report)
Creamer Media’s Construction 2016 Report examines South Africa’s construction industry over the past 12 months. The report provides insight into the business environment; key participants; local demand; geographic diversification; corporate activity; black economic...
This Week's Magazine
The two spent-fuel pools at Eskom’s 1 800 MW Koeberg nuclear power station, in the Western Cape, will be full by 2018, increasing the urgency on the State-owned utility to begin pursuing alternative storage options. Koeberg has, over the past 32 years, accumulated a...
South Africa lacks the skills necessary to implement the government’s plan to build 9.6 GWe of new nuclear energy capacity, warns nuclear-qualified Quality Strategies International CEO David Crawford. “Apart from the concern about the affordability of the programme,...
Cybersecurity multinational Check Point has released its latest 700-series cybersecurity systems for small businesses, which draw on its international threat intelligence to provide up-to-date cybersecurity, says Check Point South Africa country manager Doros...
Daimler Trucks and Buses Southern Africa (DTBSA) saw a marked slip in new-vehicle sales in 2015 compared with 2014, with sales dropping from 5 897 units to 5 300 units. The decline came as the South African new truck and bus market declined from 31 558 units in 2014...
Group of 20 (G-20) economies threatened to penalise havens that don’t share information on their banking clients after the leak of the Panama Papers provoked a global uproar over tax evasion. The G-20 will consider “defensive measures” against financial centers and...