DEEP PACKET INSPECTION (DPI)
DPI employs numerous technologies (IDS / IPS, protocol inspection, SSL decryption, sandbox, threat emulation, SIEM, vulnerability scanning, forensics and more, in the form of hardware, software and cloud solutions) in order to detect data content against compliance, policy and threat criteria - to minimise risks to mission-critical services, data and assets.
Network traffic doesn’t lie - why you need Deep Packet Inspection
>
Visualise your network, configurations and risks
> Increased visibility into network traffic > Analyse, correlate detect anomalies |
>
Vulnerability Insight
> Ensure Compliance > Protection from Cyber-crime |
Go beyond traditional known signature based detection systems
Implement or supplement existing security solutions for real-time monitoring of all data communications to detect new security threats without relying upon
vulnerability signatures. You can identify malware, viruses and anomalies
through behaviour profiling for all network traffic including applications,
hosts and protocols.
Equip IT
teams and management with the ability to flag problems and track anomalous events that you would not have known
to look for or had the time to look for, including:
- Expired or weak SSL
certificates
- Data passing over printer
and USB channels in VDI environments
- Access-denied events for
networked storage
- High- and low-intensity
brute-force attacks on authentication servers
- Data extraction through
DNS txt records
- Super-user account activity
- … and much more.
Solution Features & Benefits
Carrier grade scale and security, at a fraction of the cost
Security that unifies visibility across virtual, cloud computing and traditional datacenter environments.
The purpose of IT security is to enable your business, not impede it, but the challenges and complexity you face for your IT security grow every day. Compliance requirements impose security standards for data and applications on servers. Physical servers are replaced with virtual machines to save money, be green, and increase scalability. Cloud computing evolves the traditional IT infrastructure to increase cost savings while enhancing flexibility, capacity, and choice. Servers are no longer barricaded behind perimeter defenses, and like laptops before them, they’re now moving outside the security perimeter and need a last line of defense. It’s now vital to your defense-in-depth security strategy to deploy a server and application protection system delivering comprehensive security controls while supporting current and future IT environments.
For example, current Payment Card Industry Data Security Standards (PCI DSS) recognise that traditional perimeter defenses are no longer sufficient to protect data from the latest threats, and that they now require multiple layers of protection beyond appliance-based firewall and intrusion detection and prevention systems (IDS/IPS). Wireless networks, encrypted attacks, mobile resources, and vulnerable web applications all contribute to the weakness that exposes enterprise servers to penetration and compromise.
DPI (Deep Packet Inspection) is used for intrusion detection and prevention, web application protection, and application control examines all incoming and outgoing traffic, including SSL traffic, for protocol deviations, content that signals an attack, and policy violations.
Solutions Delivered Through DPI Technologies
Protection Against "Unknown" Threats
- Empowering you to identify suspicious activity and behaviour and to take proactive or preventive measures.
- Provide zero-day protection from unknown exploits attacking unknown vulnerabilities, by detecting unusual protocol data containing malicious code.
- Capture evasive malware & monitor suspicious network traffic.
- Stop known attacks and malware and are similar to traditional anti virus software in that they use signatures to identify and block known individual exploits.
Threat Detection
Inspect application level data on the network to detect new security threats without relying upon vulnerability signatures. You can identify malware, viruses and anomalies through behaviour profiling for all network traffic including applications, hosts and protocols
Security that unifies visibility across virtual, cloud computing and traditional datacenter environments.
For example, current Payment Card Industry Data Security Standards (PCI DSS) recognise that traditional perimeter defenses are no longer sufficient to protect data from the latest threats, and that they now require multiple layers of protection beyond appliance-based firewall and intrusion detection and prevention systems (IDS/IPS). Wireless networks, encrypted attacks, mobile resources, and vulnerable web applications all contribute to the weakness that exposes enterprise servers to penetration and compromise. DPI (Deep Packet Inspection) is used for intrusion detection and prevention, web application protection, and application control examines all incoming and outgoing traffic, including SSL traffic, for protocol deviations, content that signals an attack, and policy violations.
Protection Against "Unknown" Threats
- Empowering you to identify suspicious activity and behaviour and to take proactive or preventive measures.
- Provide zero-day protection from unknown exploits attacking unknown vulnerabilities, by detecting unusual protocol data containing malicious code.
- Capture evasive malware & monitor suspicious network traffic.
- Stop known attacks and malware and are similar to traditional anti virus software in that they use signatures to identify and block known individual exploits.
Threat Detection
Intrusion Detection
Intrusion detection and protection is used to shield systems against unpatched vulnerabilities.
The solution’s high-performance deep packet inspection engine examines all incoming and outgoing traffic, including SSL traffic, for protocol deviations, content that signals an attack, and policy violations.
It can operate in detection or prevention mode to protect operating systems and enterprise application vulnerabilities.
- protects against known and zero-day attacks by shielding known vulnerabilities from unlimited exploit.
- examines all incoming and outgoing traffic for protocol deviations, policy violations, or content that signals an attack.
“Advanced malware” and “advanced persistent threats (APT)” are frequently used as terms to describe malicious code that bypasses traditional security systems, such as signature-based detectors (anti-virus engines and intrusion detection systems).
To counter such advanced threats, a new class of security vendors have introduced sandboxing technology. Sandboxing works by running code inside a tightly controlled environment, in which you can monitor and analyse the code's behaviour.
Since it is not necessary to have seen a specific threat before, sandboxing offers the promise to identify advanced malware and zero-day threats across your entire enterprise - different operating systems (Windows, Mac OSX and Android), physical and virtual hosts, services, users, network infrastructure and web, email, content, and mobile applications.
Protect your intellectual property from leaking out to cloud applications - whether intentionally or by accident. For example, if an employee tries to save a document marked company confidential to DropBox, or if an employee tries to send an email containing credit card numbers in Gmail.
SSL Inspection
Today, more and more Internet traffic is encrypted using the Secure Sockets Layer (SSL) protocol.
Are your security systems ‘blind’ to SSL traffic?
Ten years ago, SSL encryption was used primarily for banking and other secure transactions, but now SSL is becoming mainstream—all major consumer and commercial cloud applications like Google Search, Office 365, Salesforce, Box, and Facebook are 100% SSL. Google and Microsoft in particular are actively promoting ubiquitous use of SSL encryption for all Internet access with Google recently announcing that it will prioritise sites that use SSL in its search algorithms.
Can always inspect what content is trying to leave your organisation. Even if it is hiding behind SSL. We’ll notice customer information, credit card numbers, financial data, company secrets.
Ten years ago, SSL encryption was used primarily for banking and other secure transactions, but now SSL is becoming mainstream—all major consumer and commercial cloud applications like Google Search, Office 365, Salesforce, Box, and Facebook are 100% SSL. Google and Microsoft in particular are actively promoting ubiquitous use of SSL encryption for all Internet access with Google recently announcing that it will prioritise sites that use SSL in its search algorithms.
Can always inspect what content is trying to leave your organisation. Even if it is hiding behind SSL. We’ll notice customer information, credit card numbers, financial data, company secrets.
Encryption Auditing
Managing SSL certificates is a complex and often time-consuming process that can require significant planning, as was illustrated last October when a Microsoft update began blocking RSA keys using less than 1024-bit encryption. System administrators simply don’t have the time required to continuously keep tabs on weak SSL keys and expired certificates.
- Identify all SSL certificates passing over the network, including those using weak keys and cipher suites.
- Track certificates that are expiring in three months or less, or have already expired, for proactive remediation. This way, not only can you ensure that your encryption is up to standard, but you can prove it with push-button reports.
Microsoft ‘Patch-Tuesday’s’ Vulnerability Coverage
As a result of our solution partners being an inaugural member of the Microsoft Active Protections Program (MAPP). The solutions receive vulnerability information from Microsoft in advance of their monthly security bulletins. This advance notice makes it possible to anticipate emerging threats and to provide mutual customers with more timely protections effectively and efficiently via security updates.
Web Application Security
As organisations rely more and more on web applications to deliver services to their employees, partners, and customers, threats targeting websites are increasing rapidly because they are easy to exploit and have access to extremely valuable information.
- Shield against high-severity vulnerabilities discovered in web applications and servers.
The solution automatically identifies and blocks common web application attacks.
- Security for web apps helps IT protect sensitive transactions and data on external web applications without false positives. Platform and application vulnerability scanning coupled with expert testing protect applications from sophisticated attacks.
Application Control
Application control rules provide increased visibility into, or control over, the applications that are accessing the network. These rules can also be used to identify malicious software accessing the network, or to reduce the vulnerability of your servers.
Firewall functionality to provide predefined and customisable perimeter around servers.
- Grouping common enterprise server types - including Web, LDAP, DHCP, FTP, and database - ensuring rapid, easy, consistent deployment of firewall policy, even in large, complex networks.
- Coverage of all IP-based protocols: Supporting full-packet capturing simplifies troubleshooting and provides valuable insight into understanding raised firewall events—TCP, UDP, ICMP, and more.
- Reconnaissance detection: detects activities such as port scan. Non-IP traffic such as ARP traffic can also be restricted.
Security Intelligence Feeds
Security Operation Centres (SOCs) and intelligence services commonly work together as a global community to share and feed real-time security intelligence about threats to customers employing there technology or services. This ensures that customers are protected or informed about known threats as they emerge anywhere in the world.
Security Intelligence isn’t just for those with big budgets, staff and lots of patience. Modern Security Intelligence solutions have evolved from the dinosaurs known as first-gen SIEM offerings (these products required major upfront implementation work and actually added to your on-going headcount needs, rather than easing them). Today it’s just the opposite – which means Security Intelligence is within the reach and budget of virtually any organisation.
Security Intelligence isn’t just for those with big budgets, staff and lots of patience. Modern Security Intelligence solutions have evolved from the dinosaurs known as first-gen SIEM offerings (these products required major upfront implementation work and actually added to your on-going headcount needs, rather than easing them). Today it’s just the opposite – which means Security Intelligence is within the reach and budget of virtually any organisation.
- Security devices
- Servers and mainframes - Network and virtual activity - Data activity - Application activity |
- Database activity
- Configuration information - Vulnerabilities and threats - Users and identities - Global threat intelligence |
Agentless Virtual Infrastructure Security
Deployed at the hypervisor level, there is no need to install and manage a separate agent on every VM. This means that individual servers and VMs are not cluttered with signature libraries and detection engines, resulting in big improvements management and performance.
Deployed at the hypervisor level, there is no need to install and manage a separate agent on every VM. This means that individual servers and VMs are not cluttered with signature libraries and detection engines, resulting in big improvements management and performance.
Storage Access Monitoring
Integrity Monitoring
Monitoring unauthorised, unexpected, or suspicious changes
Log inspection to identify and report important security events
Files and directories can be monitored for changes to: contents, attributes - such as owners, permissions, and size and time-and-date stamp using out-of-the-box integrity rules. Additions, modifications, or deletions of Windows registry keys and values, access control lists, and log files can also be monitored and alerted.
Baseline Setting
- Analyse networked storage activity.
- Continuously monitor your SAN or NAS environment and break out client IP, username, and file path to identify who is accessing which files from where.
- Access attempts and access success to determine whether authentication is working properly.
- Failed attempts by client to identify unauthorised access through brute-force logins.
- Analyse and address data leakage. IT teams can identify unauthorised or anomalous data access, including unauthorised file access by client by share or volume, or database responses greater than 2MB.
Integrity Monitoring
Monitoring unauthorised, unexpected, or suspicious changes
Log inspection to identify and report important security events
Monitors critical operating system and application files - such as directories, and registry keys and values - to detect suspicious behaviour.
Extensive file and system checking for complianceFiles and directories can be monitored for changes to: contents, attributes - such as owners, permissions, and size and time-and-date stamp using out-of-the-box integrity rules. Additions, modifications, or deletions of Windows registry keys and values, access control lists, and log files can also be monitored and alerted.
Baseline Setting
Baseline security profiles can be established and used to compare for changes, to initiate alerts and determine appropriate actions.
Create rule sets based on definitions, adding parameters for what normal activity should look like.
The Security Center
SOC (Security Operation Centre) support is an integral part of the Deep Security solution. It consists of a dynamic team of security experts who help customers stay ahead of the latest threats by providing a timely and rapid response to a broad range of new vulnerabilities and threats as they are discovered, together with a customer portal for accessing security updates and information.
Over 100 sources of public, private, and government data are systematically and continuously monitored to identify and correlate new relevant threats and vulnerabilities. The Security Center researchers leverage relationships with different organisations to get early and sometimes pre-release information on vulnerabilities, so that timely and accurate protection can be delivered to customers. These sources include Microsoft, Oracle, and other vendor advisories; SANS; CERT; Bugtraq; VulnWatch; PacketStorm; and Securiteam.
Create rule sets based on definitions, adding parameters for what normal activity should look like.
The Security Center
SOC (Security Operation Centre) support is an integral part of the Deep Security solution. It consists of a dynamic team of security experts who help customers stay ahead of the latest threats by providing a timely and rapid response to a broad range of new vulnerabilities and threats as they are discovered, together with a customer portal for accessing security updates and information.
Over 100 sources of public, private, and government data are systematically and continuously monitored to identify and correlate new relevant threats and vulnerabilities. The Security Center researchers leverage relationships with different organisations to get early and sometimes pre-release information on vulnerabilities, so that timely and accurate protection can be delivered to customers. These sources include Microsoft, Oracle, and other vendor advisories; SANS; CERT; Bugtraq; VulnWatch; PacketStorm; and Securiteam.
DPI Cloud Managed Service
Carrier Grade Security and Scalability, at a Fraction of the Cost
100% cloud based architecture solution ensures that your operational overhead is minimal - no hardware or software, and no patches or upgrades to manage.
Benefits
- Protects web applications from application-layer attacks SQL injection and cross- site scripting.
- Detailed events provide valuable information, including who attacked, when they attacked, and what they attempted to exploit. Administrators can be notified automatically via alerts when an incident has occurred.
- Shields vulnerabilities in operating systems and enterprise applications until they can be patched for timely protection against known and zero-day attacks.
- Coverage for applications, including database, web,email, and FTP servers.
Compliance, Audit & Reporting
Policy and regulatory compliance management.
You can identify and correct out-of-policy behaviour; applications running over nonstandard ports; users logging on to critical servers with clear-text user names and passwords; and the use of unencrypted protocols in sensitive areas of the network.
Proven technology certified to Common Criteria EAL4+
Data protection with FiPS 140-2 validated encryption for maximum privacy and secure data destruction capabilities.
Data protection with FiPS 140-2 validated encryption for maximum privacy and secure data destruction capabilities.
Achieves cost-effective compliance
- Major compliance requirements for PCI DSS 3.0, as well as HIPAA, NIST and SAS70.
- Providing detailed, auditable reports documenting prevented attacks and policy compliance status, reducing the preparation time required to support audits.
- Enables compliance with PCI requirement 6.6 for the protection of Web applications and the data they process.
- Extensive file property checking :This capability is applicable to the PCI DSS 10.5.5 requirement.
- Able to forward events to a security information and event management (SIEM) system via Syslog.
- Auditable reporting for compliance: A complete audit trail of security events can be generated to assist with meeting compliance requirements such as PCI 10.6
SIEM Integration
'Security Information and Event Management' solutions on their own automate, analyse and report events against policy and compliance.
DPI solution feeds information and event data into most SIEM tools.
DPI solution feeds information and event data into most SIEM tools.
Forensics
Solutions contain the threat, but you will want to understand where and how it got to your network and what you need to do to protect from infections.
Solutions contain the threat, but you will want to understand where and how it got to your network and what you need to do to protect from infections.
Platform Coverage
| > Physical and
virtual infrastructure > On-premise > Delivered as software, hardware or as a managed service |
> Cloud (Private,
Public & Hybrid (private and public) - Amazon Web Services (AWS) - Microsoft Azure - VMware vCloud Air |
Contact us today to discuss your requirements in more detail.
P: +44(0)7714 209927
S: +44(0)1273 329753
| 
info@securenetconsulting.co.uk
|