Deep Network Protection
Today's Network Security Challenge
The emergence of layer-7 malware and the fast-changing threat landscape has rendered most of today's network security solutions obsolete. No longer is it possible to secure the network by using legacy firewalls that can only enforce rules based on IP addresses and ports. Intrusion prevention systems (IPS) are no longer able to cope with the sophistication of evasive malware buried deep within legitimate layer-7 applications. Unified threat management (UTM) solutions are also unable to provide any real protection due to their loosely integrated architectures which consist of separate modules performing action on network traffic in a disparate fashion.
The current threat landscape is not only extremely sophisticated, it is also extremely fast-changing and multi-faceted. Today's business operations depend upon a plethora of software applications that often require interactions with far-flung branch offices and roaming users. Web 2.0 applications have increased the ease of use and productivity of many businesses, but they also often act as major vectors for malware and, in the case of social networks and peer-to-peer applications, can directly lead to a loss in productivity.
Readily available encrypted tunneling and VPN applications have made the situation even more difficult to deal with as they are both necessary for communication with remote branches, business partners and roaming users while at the same time are potential vectors for covert and malicious activity by users and botnets.
Deep network security solution: NETWORK PROTECTOR
Such a fast-changing and complex threat environment requires a sophisticated and deep network security solution that can mitigate threats in all the different layers of the network as well as in its depth. NETWORK PROTECTOR addresses all the current and future network threats in a holistic manner using an advanced highly-parallelized context aware single-pass engine that can perform multiple actions on the network traffic simultaneously and synchronously while keeping track of each session’s context.
Adyton’s context-aware single-pass engine uses a high-performance deep packet inspection engine that can detect hundreds of protocol alongside a large number of protocol decoders that enable it to peer deep into application traffic and inspect it for malware and irregular content. Adyton's protocol decoders eliminate the need for complex rulesets or large numbers of regular expressions. As a result, performance is much higher, while false positive and false negative ratios are kept to a minimum compared to legacy solutions.
NETWORK PROTECTOR's components
(Move the cursor to components)
NETWORK PROTECTOR uses high-performance deep packet inspection (DPI) and protocol decoders to detect, inspect and control hundreds of applications including many individual components of Web 2.0 applications in a highly granular fashion.
Its unique context-aware single-pass engine enables security administrators to look deep into any kind of application traffic traversing the network and enforce full-validation application whitelisting and blacklisting rules simultaneously per system or per zone.
The use of protocol decoders enables NETWORK PROTECTOR to fully validate all traffic and any protocol violation will result in the traffic being blocked. Full-validation whitelisting protects even against so-called zero-day attacks, for which no attack signatures are known yet.
NETWORK PROTECTOR does away with the legacy concept of identifying users by their IP address. By seamlessly integrating into active directory or LDAP, it enables rule creation per user and user group.
Administrators can create granular user and user-group specific policies based on the roles and functions within the organization rather than indiscriminate and broad policies that inhibit productivity by imposing restrictions on everyone without limiting malicious users and applications.
NETWORK PROTECTOR uses deep packet inspection (DPI), protocol decoders with full-validation whitelisting capabilities and a high-performance, highly parallelized context-aware single-pass engine to look deep inside the traffic for malware, viruses and illegitimate or classified content.
Adyton’s full-validation whitelisting ensures that traffic that does not adhere to standards will be blocked.
Adyton’s protocol and application decoders make it possible for the integrated intrusion prevention system (IPS) to scan every component of the traffic individually for threats and intrusion attempts using a daily-updated signature database of over 9,000 signatures.
The malware protection engine, based on market-leading BitDefender technology, inspects traffic in a stream-based fashion while maintaining packet order, thus eliminating the file size limit legacy solutions have.