Jan 27, 2012
Real-time, deep-packet inspection of network traffic improves securityBack
© Reuse this
The information technology administrator or security officer of a company needs to be able to identify the applications coming into the company’s network, he says.
“We look at the special characteristics of data streams and, based on these, we can determine that the traffic is LinkedIn, Facebook, Facebook Farmville gaming, or Skype, beside others. Our library has a database of 3 800 applications that we can identify and it is growing continuously,” he explains.
All incoming traffic should be scanned and filtered, as is the case with classic Unified Threat Management Solutions (intrusion prevention services, gateway antivirus and antispyware). However, there is a growing need to scan the traffic from specific applications in detail, owing to emerging security threats. This means scanning streaming media, such as Skype, YouTube and Voice-over-Internet Protocols (VoIPs). Also, when companies are using cloud applications, it is critical to ensure a secure network envi- ronment, he says.
“This must happen in real time, as the information is streamed. We have developed our own patented technology, called Reassembly-Free Deep Packet Inspection (RFDPI), to scan network traffic. This engine gives us the ability to scan up to 56 different protocols, including secure hypertext trans- fer protocol and other secure traffic,” he notes.
“One of the things we do is to look for anomalies in the packets. For example, session initiation protocol and VoIP have distinguishing characteristics. We also use our own intelligence database to identify potential threats coming into the network through, for example, VoIP, and we define the patterns that the engine can recognise in the VoIP traffic coming into companies,” explains Honnay.
Companies traditionally focus on securing and filtering information coming from outside into the networks. However, in larger, more open environments, such as in large corporate companies and universi- ties, it is also important to subsegment the internal network in different virtual or physical areas and conduct scans and filtering for internal traffic on the network, he notes.
Meanwhile, given that some employees must be able to access different sites, such as Facebook or LinkedIn, to establish and maintain client relationships, simply blocking access to sites is not the most effective method of dealing with the emerging security threats in the workplace.
Rules for bandwidth prioritisation can be set up to manage the performance of a company’s network because there will always be a greater demand for bandwidth than is available, he adds.
“From a secure remote access point of view, we also must be able to identify which users are accessing our networks, using which applications and what devices. Is the device known to the company, is it a private device, does it have the correct firewall settings and is its antivirus program up to date?”
Employees and managers need to be able to connect to work networks using any device at hand and the critical measure is how companies control this development, states Honnay.
The mechanisms to manage device connectivity mostly have to do with the internal environment, which means that the user must register and authenticate the device on the active directory database, including his or her position in, or relationship with, the company, for example, a consultant.
“Secondly, we have to check the device he or she is using and whether it is a managed or unmanaged device. Can the information technology (IT) manager configure or see the security settings?”
SonicWall’s Secure Remote Access Platforms can check to see if devices are secure and can prevent flooding, which is mass traffic sent to bring down a server or network.
“We can define, for instance, when a person wants to connect with a device that does not meet the company’s security policy; they can only access browser-based applications, and will only be granted full access to the internal network if the user has taken action to secure his device,” he says.
The challenge, if a company wants to effectively secure traffic on its network, is to be able to scan at wire speeds.
“If you cannot scan at 1 Gbit/s, 5 Gbit/s, 40 Gbit/s or higher, you are securing the environment at the cost of performance. There must be a balance between connec- tivity, security and performance.
“We have RFDPI appliances capable of handling 10 Gbit/s and can combine four boxes to enable 40 Gbit/s scanning. We plan to increase this capacity in 2012.”
Meanwhile, SonicWall has identified a potential growth market in South Africa in line with developments in the US and Europe, where smaller companies that are unable to afford skilled or permanent IT security personnel are outsourcing the perimeter security of their networks to specialist companies.
“This is a change in the market that will probably come to South Africa as well,” concludes Honnay.
Edited by: Martin Zhuwakinyu© Reuse this
Creamer Media Senior Deputy Editor
To subscribe email firstname.lastname@example.org or click here
To advertise email email@example.com or click here
Other ICT News
Updated 18 minutes ago Atterbury Property Developments is developing a R850-million, 103 000 m2 industrial and business park at the intersection of the N3 highway and Rand Airport road, next to the Elandsfontein interchange. Atterbury designed the park on a site it acquired in Gosforth...
Updated 1 hour 9 minutes ago President Jacob Zuma has said a greater investment in the country’s infrastructure would assist it during tough economic times. Zuma was speaking at the post State of the Nation discussion at the The New Age Business brief held outside Cape Town.
Updated 1 hour 32 minutes ago South Africa's rand weakened on Friday after President Jacob Zuma's state-of-the-nation address that analysts and economists said did not deal with concerns raised by rating agencies. By 0645 GMT the rand had slipped 0.7% to 15.9100 per dollar, pushed lower by the...
Recent Research Reports
Construction 2016: A review of South Africa's construction industry (PDF Report)
Creamer Media’s Construction 2016 Report examines South Africa’s construction industry over the past 12 months. The report provides insight into the business environment; key participants; local demand; geographic diversification; corporate activity; black economic...
Energy Roundup – February 2016 (PDF Report)
The February 2016 roundup covers activities across South Africa for December 2015 and January 2016 and includes details of a Government Gazette notice that confirms Cabinet’s decision to move ahead with the 9 600 MW nuclear procurement programme; State-owned power...
Energy Roundup - December 2015 (PDF Report)
The December 2015 roundup includes details of State-owned utility Eskom’s application to claw back R22.8-billion; South Africa’s ranking as an investment destination for renewable energy; and a nuclear expert’s thoughts on reactor designs for South Africa’s nuclear...
Water 2015: A review of South Africa's water sector (PDF Report)
Creamer Media’s Water 2015 Report considers the aforementioned issues, not only in the South African context but also in the African and global context in terms of supply and demand, water stress and insecurity, and access to water and sanitation, besides others.
Input Sector Review: Pumps 2015 (PDF Report)
Creamer Media’s 2015 Input Sector Review on Pumps provides an overview of South Africa’s pumps industry with particular focus on pump manufacture and supply, aftermarket services, marketing strategies, local and export demand, imports, sector support, investment...
Liquid Fuels 2015: A review of South Africa's liquid fuels sector (PDF Report)
Creamer Media’s Liquid Fuels 2015 Report examines these issues in the context of South Africa’s business environment; oil and gas exploration; fuel pricing; the development of the country’s biofuels industry; the logistics of transporting liquid fuels; and...
This Week's Magazine
Lifting, transporting, installing and ballasting solutions provider Ale has expanded its global fleet of trailers and invested in the latest range of widening trailers that can be mechanically widened from 3 m to the desired width for any project. Ale ordered 48 axle...
The market for the BMW 7 Series in South Africa differs quite significantly from the rest of the world. China, the US and the Middle East almost exclusively buy the long-wheel-base version, using the German manufacturer’s luxury high-end sedan as a chaffeur-driven...
January new-vehicle sales fell by 6.9%, to 48 615 units, compared with the same month last year. Statistics released by the Department of Trade and Industry show that the domestic new passenger-car market declined by 6.1%, to 34 936 units, compared with 12 months ago.
Information technology (IT) equipment and infrastructure multinational Dell is providing open infrastructure systems for clients so that they can use any systems, including innovative new systems, that suit their business needs, says Dell Europe, Middle East and...
South Africa’s State-owned defence industrial group, Denel, has set up another international partnership, based in Hong Kong. This new subsidiary is Denel Asia and it is a joint venture (JV) with South African private sector company VR Laser.