http://www.engineeringnews.co.za
  SEARCH
Login
R/€ = 14.15Change: 0.05
R/$ = 11.58Change: -0.02
Au 1195.87 $/ozChange: -1.05
Pt 1197.50 $/ozChange: 0.00
 
 
Note: Search is limited to the most recent 250 articles. Set date range to access earlier articles.
Where? With... When?








Start
 
End
 
 
And must exclude these words...
Close Main Search
Close Main Login
My Profile News Alerts Newsletters Logout Close Main Profile
 
Agriculture   Automotive   Chemicals   Competition Policy   Construction   Defence   Economy   Electricity   Energy   Environment   ICT   Metals   Mining   Science and Technology   Services   Trade   Transport & Logistics   Water  
What's On Press Office Tenders Suppliers Directory Research Jobs Announcements Contact Us
 
 
 
RSS Feed
Article   Comments   Other News   Research   Magazine  
 
 
Jan 27, 2012

Real-time, deep-packet inspection of network traffic improves security

Back
SECURITY|Africa|Environment|Facebook|LinkedIn|Security|SonicWall|Unified Threat Management Solutions|YouTube|Africa|Europe|South Africa|United States|Security|Cloud Applications|Firewall Supplier|Internal Network|Intrusion Prevention Services|Secure Hypertext Transfer Protocol|Security|Services|Session Initiation Protocol|Solutions|Streaming Media|Dominique Honnay|Security|Middle East|Firewall|Information Technology|Secure Hypertext Transfer Protocol|Session Initiation Protocol|Streaming Media|VOIP
SECURITY|Africa|Environment|Security||Africa|||Security|Security|Services|Solutions||Security||
security|africa-company|environment|facebook|linkedin|security-company|sonicwall|unified-threat-management-solutions|youtube|africa|europe|south-africa|united-states|security-facility|cloud-applications|firewall-supplier|internal-network|intrusion-prevention-services|secure-hypertext-transfer-protocol|security-industry-term|services|session-initiation-protocol-industry-term|solutions|streaming-media-industry-term|dominique-honnay|security-person|middle-east|firewall|information-technology|secure-hypertext-transfer-protocol-technology|session-initiation-protocol|streaming-media|voip
© Reuse this



The real-time, deep-layer inspection of inbound, outbound and internal network traffic enables companies to improve the security of their information and also to secure information accessed remotely by different devices, says firewall supplier SonicWall director of emerging markets and Europe, Middle East and Africa distributors Dominique Honnay.

The information technology administrator or security officer of a company needs to be able to identify the applications coming into the company’s network, he says.

“We look at the special characteristics of data streams and, based on these, we can determine that the traffic is LinkedIn, Facebook, Facebook Farmville gaming, or Skype, beside others. Our library has a database of 3 800 applications that we can identify and it is growing continuously,” he explains.

All incoming traffic should be scanned and filtered, as is the case with classic Unified Threat Management Solutions (intrusion prevention services, gateway antivirus and antispyware). However, there is a growing need to scan the traffic from specific applications in detail, owing to emerging security threats. This means scanning streaming media, such as Skype, YouTube and Voice-over-Internet Protocols (VoIPs). Also, when companies are using cloud applications, it is critical to ensure a secure network envi- ronment, he says.

“This must happen in real time, as the information is streamed. We have developed our own patented technology, called Reassembly-Free Deep Packet Inspection (RFDPI), to scan network traffic. This engine gives us the ability to scan up to 56 different protocols, including secure hypertext trans- fer protocol and other secure traffic,” he notes.

“One of the things we do is to look for anomalies in the packets. For example, session initiation protocol and VoIP have distinguishing characteristics. We also use our own intelligence database to identify potential threats coming into the network through, for example, VoIP, and we define the patterns that the engine can recognise in the VoIP traffic coming into companies,” explains Honnay.

Companies traditionally focus on securing and filtering information coming from outside into the networks. However, in larger, more open environments, such as in large corporate companies and universi- ties, it is also important to subsegment the internal network in different virtual or physical areas and conduct scans and filtering for internal traffic on the network, he notes.

Meanwhile, given that some employees must be able to access different sites, such as Facebook or LinkedIn, to establish and maintain client relationships, simply blocking access to sites is not the most effective method of dealing with the emerging security threats in the workplace.

Rules for bandwidth prioritisation can be set up to manage the performance of a company’s network because there will always be a greater demand for bandwidth than is available, he adds.

“From a secure remote access point of view, we also must be able to identify which users are accessing our networks, using which applications and what devices. Is the device known to the company, is it a private device, does it have the correct firewall settings and is its antivirus program up to date?”

Employees and managers need to be able to connect to work networks using any device at hand and the critical measure is how companies control this development, states Honnay.

The mechanisms to manage device connectivity mostly have to do with the internal environment, which means that the user must register and authenticate the device on the active directory database, including his or her position in, or relationship with, the company, for example, a consultant.

“Secondly, we have to check the device he or she is using and whether it is a managed or unmanaged device. Can the information technology (IT) manager configure or see the security settings?”

SonicWall’s Secure Remote Access Platforms can check to see if devices are secure and can prevent flooding, which is mass traffic sent to bring down a server or network.

“We can define, for instance, when a person wants to connect with a device that does not meet the company’s security policy; they can only access browser-based applications, and will only be granted full access to the internal network if the user has taken action to secure his device,” he says.

The challenge, if a company wants to effectively secure traffic on its network, is to be able to scan at wire speeds.

“If you cannot scan at 1 Gbit/s, 5 Gbit/s, 40 Gbit/s or higher, you are securing the environment at the cost of performance. There must be a balance between connec- tivity, security and performance.

“We have RFDPI appliances capable of handling 10 Gbit/s and can combine four boxes to enable 40 Gbit/s scanning. We plan to increase this capacity in 2012.”

Meanwhile, SonicWall has identified a potential growth market in South Africa in line with developments in the US and Europe, where smaller companies that are unable to afford skilled or permanent IT security personnel are outsourcing the perimeter security of their networks to specialist companies.

“This is a change in the market that will probably come to South Africa as well,” concludes Honnay.

Edited by: Martin Zhuwakinyu
© Reuse this Comment Guidelines (150 word limit)
 
 
 
 
 
 
 
 
Other Information Technology News
MATT BARKER Wireless networks should enable users to engage and must provide relevant information to them based on their activity and location
The inclusion of Bluetooth to provide sub-three meter accuracy and heightened functionality for users is one of the ways to change existing wireless networks into engagement networks. An engagement network differs from common wireless networks in that it enables the...
The converged CTR microwave router integrates legacy time-division multiplexing, Ethernet and Internet protocol/Multiprotocol Label Switching (IP/MPLS) network layers to enable cellular base stations to be multi-function hubs for delivery of new services, says...
Article contains comments
ALASTAIR DE WET Small businesses can potentially work together with software companies to buy and use products legally
Engineering software specialist company Autodesk has implemented special prices, including rental options, to make its widely used engineering design and manufacturing software programs available to small business in Africa. The most significant reason why companies...
More
 
 
Latest News
China appears to have been routinely underestimating output from its sprawling steel sector, with official figures for last year alone 40-million tonnes below a key industry estimate - an amount equivalent to Germany's entire annual production. Beijing has vowed to...
Lumwana, Zambia
Canada’s Barrick Gold Corp will suspend operations at its Lumwana copper mine, in Zambia’s Northwestern province, after the country enacted legislation that raised the royalty rate on openpit mining operations from 6% to 20%. TSX- and NYSE-listed Barrick, the world’s...
The Labour Court in Johannesburg has set aside the 2011-2014 metal sector wage agreement, the National Employers' Association of SA (Neasa) said on Thursday. The 2011-2014 wage deal was the result of an agreement between the Steel and Engineering Industries...
More
 
 
Recent Research Reports
Liquid Fuels 2014 - A review of South Africa's Liquid Fuels sector (PDF Report)
Creamer Media’s Liquid Fuels 2014 Report examines these issues, focusing on the business environment, oil and gas exploration, the country’s feedstock supplies, the development of South Africa’s biofuels industry, fuel pricing, competition in the sector, the...
Water 2014: A review of South Africa's water sector (PDF Report)
Creamer Media’s Water 2014 report considers the aforementioned issues, not only in the South African context, but also in the African and global context, and examines the issues of water and sanitation, water quality and the demand for water, among others.
Defence 2014: A review of South Africa's defence industry (PDF Report)
Creamer Media’s Defence 2014 report examines South Africa’s defence industry, with particular focus on the key participants in the sector, the innovations that have come out of the sector, local and export demand, South Africa’s controversial multibillion-rand...
Road and Rail 2014: A review of South Africa's road and rail infrastructure (PDF report)
Creamer Media’s Road and Rail 2014 report examines South Africa’s road and rail transport system, with particular focus on the size and state of the country’s road and rail network, the funding and maintenance of these respective networks, and the push to move road...
Real Economy Year Book 2014 (PDF Report)
This edition drills down into the performance and outlook for a variety of sectors, including automotive, construction, electricity, transport, steel, water, coal, gold, iron-ore and platinum.
Real Economy Insight: Automotive 2014 (PDF Report)
This four-page brief covers key developments in the automotive industry over the past 12 months, including an overview of South Africa’s automotive market, trade figures, production and the policies influencing the sector.
 
 
 
 
 
This Week's Magazine
South Africa remains an important manufacturing and export platform for Ford Motor Company, says executive chairperson Bill Ford. However, he adds that other countries on the continent are “becoming interesting”, and that the US carmaker is casting its net wider for...
TO BE PHASED INTO SERVICE The first MeerKAT dish, with another 63 to come
Germany’s Max-Planck-Society (MPG) and the Max-Planck-Institute for Radio Astronomy (MPlfR) are investing €11-million (about R150-million) into South Africa’s MeerKAT radio telescope array programme. The money will be used to design, build and install S-band radio...
Infrastructure spend in sub-Saharan Africa will grow from $70-billion in 2013 to $180-billion by 2025, says PwC capital projects and infrastructure Africa leader Jonathan Cawood. This is one of the findings of PwC’s Capital Projects & Infrastructure report on East...
Private-owned defence and aerospace manufacturer Paramount Group and the Ichikowitz Family Foundation unveiled its Anti-Poaching Skills and K9 Training Academy in Magaliesburg last month.
MATT BARKER Wireless networks should enable users to engage and must provide relevant information to them based on their activity and location
The inclusion of Bluetooth to provide sub-three meter accuracy and heightened functionality for users is one of the ways to change existing wireless networks into engagement networks. An engagement network differs from common wireless networks in that it enables the...
 
 
 
 
 
 
 
 
 
Alert Close
Embed Code Close
content
Research Reports Close
Research Reports are a product of the
Research Channel Africa. Reports can be bought individually or you can gain full access to all reports as part of a Research Channel Africa subscription.
Find Out More Buy Report
 
 
Close
Engineering News
Completely Re-Engineered
Experience it now. Click here
*website to launch in a few weeks