Deep Network Protection

Today's Network Security Challenge

The emergence of layer-7 malware and the fast-changing threat landscape has rendered most of today's network security solutions obsolete. No longer is it possible to secure the network by using legacy firewalls that can only enforce rules based on IP addresses and ports. Intrusion prevention systems (IPS) are no longer able to cope with the sophistication of evasive malware buried deep within legitimate layer-7 applications. Unified threat management (UTM) solutions are also unable to provide any real protection due to their loosely integrated architectures which consist of separate modules performing action on network traffic in a disparate fashion.

The current threat landscape is not only extremely sophisticated, it is also extremely fast-changing and multi-faceted. Today's business operations depend upon a plethora of software applications that often require interactions with far-flung branch offices and roaming users. Web 2.0 applications have increased the ease of use and productivity of many businesses, but they also often act as major vectors for malware and, in the case of social networks and peer-to-peer applications, can directly lead to a loss in productivity.

Readily available encrypted tunneling and VPN applications have made the situation even more difficult to deal with as they are both necessary for communication with remote branches, business partners and roaming users while at the same time are potential vectors for covert and malicious activity by users and botnets.

Deep network security solution: NETWORK PROTECTOR

Such a fast-changing and complex threat environment requires a sophisticated and deep network security solution that can mitigate threats in all the different layers of the network as well as in its depth. NETWORK PROTECTOR addresses all the current and future network threats in a holistic manner using an advanced highly-parallelized context aware single-pass engine that can perform multiple actions on the network traffic simultaneously and synchronously while keeping track of each session’s context.

Adyton’s context-aware single-pass engine uses a high-performance deep packet inspection engine that can detect hundreds of protocol alongside a large number of protocol decoders that enable it to peer deep into application traffic and inspect it for malware and irregular content. Adyton's protocol decoders eliminate the need for complex rulesets or large numbers of regular expressions. As a result, performance is much higher, while false positive and false negative ratios are kept to a minimum compared to legacy solutions.

NETWORK PROTECTOR's components

NETWORK PROTECTOR's components External and internal users are tracked by their IP addresses. However, Network Protector also integrates with your Active Directory or LDAP server, so you can refer to users and groups instead of IP addresses when creating your security policies. Network Protector employs the most powerful and highest performing application detection engine on the market. It is capable of detecting and blocking hundreds of applications, also those that rely on encrypted communication, such as BitTorrent and Skype. VPN connections are terminated on the device and VPN users‘ traffic is treated as coming from a separate security zone so that different rules may apply than for your internal users. Network Protector can inspect SSL-encrypted traffic so that threats or data loss over encrypted connections will not go unnoticed. Traffic is continuously inspected for adherence to the underlying protocol. Any violation is a sign of suspicious activity and will result in the connection being blocked. This way, Network Protector offers protection even against so called zero-day attacks for which no attack signatures are yet known. Protocol Decoders are the base for all of Network Protector‘s security-related components. They understand how client applications and servers communicate with each other and use this knowledge to dissect the traffic into separate parts that are then passed on for further inspection. This largely eliminates the need for regular expressions, increasing performance and resulting in extremely low false positive and false negative ratios. Based on market-leading anti-virus technology by BitDefender, downloads and documents are scanned for the latest malware. Scanning is stream-based, so there is no upper file size limit. In addition to simple port and IP blocking, firewall rules can be enforced per application, user or group. Both whitelisting and blacklisting modes are offered. More than 9,000 decoder-based IPS signatures, updated daily, ensure cutting-edge threat protection. A category-based web filter containing millions of known URLs allows you to restrict access to certain kinds of websites. Different configurations are possible per user or group.

(Move the cursor to components)

Application Awareness

NETWORK PROTECTOR uses high-performance deep packet inspection (DPI) and protocol decoders to detect, inspect and control hundreds of applications including many individual components of Web 2.0 applications in a highly granular fashion.

Its unique context-aware single-pass engine enables security administrators to look deep into any kind of application traffic traversing the network and enforce full-validation application whitelisting and blacklisting rules simultaneously per system or per zone.

The use of protocol decoders enables NETWORK PROTECTOR to fully validate all traffic and any protocol violation will result in the traffic being blocked. Full-validation whitelisting protects even against so-called zero-day attacks, for which no attack signatures are known yet.

User Awareness

NETWORK PROTECTOR does away with the legacy concept of identifying users by their IP address. By seamlessly integrating into active directory or LDAP, it enables rule creation per user and user group.

Administrators can create granular user and user-group specific policies based on the roles and functions within the organization rather than indiscriminate and broad policies that inhibit productivity by imposing restrictions on everyone without limiting malicious users and applications.

Short video about web interface of NETWORK PROTECTOR

Threat Awareness

NETWORK PROTECTOR uses deep packet inspection (DPI), protocol decoders with full-validation whitelisting capabilities and a high-performance, highly parallelized context-aware single-pass engine to look deep inside the traffic for malware, viruses and illegitimate or classified content.

Adyton’s full-validation whitelisting ensures that traffic that does not adhere to standards will be blocked.

Adyton’s protocol and application decoders make it possible for the integrated intrusion prevention system (IPS) to scan every component of the traffic individually for threats and intrusion attempts using a daily-updated signature database of over 9,000 signatures.

The malware protection engine, based on market-leading BitDefender technology, inspects traffic in a stream-based fashion while maintaining packet order, thus eliminating the file size limit legacy solutions have.