• Identify applications, not ports.
Identify the application, irrespective of protocol, encryption, or evasive tactic
and use the identity as the basis for all security policies.
• Identify users, not IP addresses.
Employ user and group information from enterprise directories for visibility,
policy creation, reporting, and forensic investigation—no matter where the user
is located.
• Block threats in real-time. Protect
against the entire lifecycle of an attack including dangerous applications, vulnerabilities,
malware, high-risk URLs, and a wide array of malicious files and content.
• Simplify policy management. Safely
and securely enable applications with easy-to-use graphical tools and a unified
policy editor.
• Enable a logical perimeter. Secure
all users, including traveling or telecommuting users, with consistent security
that extends from the physical to the logical perimeter.
• Deliver multi-gigabit throughput.
Combining purpose-built hardware and software to enable low-latency, multi-gigabit
performance with all services enabled.
App-ID:
Classifying All Applications, All Ports, All the Time
Accurate traffic classification is the
heart of any firewall, with the result becoming the basis of the security
policy. Traditional firewalls classify traffic by port and protocol, which, at
one point, was a satisfactory mechanism for securing the network. Today,
applications can easily bypass a port-based firewall; hopping ports, using SSL
and SSH, sneaking across port 80, or using non-standard ports. App-ID addresses
the traffic classification visibility limitations that plague traditional firewalls
by applying multiple classification mechanisms to the traffic stream, as soon
as the firewall sees it, to determine the exact identity of applications
traversing the network.
Unlike add-on offerings that rely
solely on IPS-style signatures, implemented after port-based classification,
every App-ID automatically uses up to four different traffic classification mechanisms
to identify the application. App-ID continually monitors the application state,
re-classifying the traffic and identifying the different functions that are
being used. The security policy determines how to treat the application: block,
allow, or securely enable (scan for, and block embedded threats, inspect for
unauthorized file transfer and data patterns, or shape using QoS).
User-ID:
Enabling Applications by Users and Groups
Traditionally, security policies were
applied based on IP addresses, but the increasingly dynamic nature of users and
computing means that IP addresses alone have become ineffective as a mechanism
for monitoring and controlling user activity. User-ID allows organizations to
extend user- or group-based application enablement polices across Microsoft Windows,
Apple Mac OS X, Apple iOS, and Linux users.
User information can be harvested from
enterprise directories (Microsoft Active Directory, eDirectory, and Open LDAP)
and terminal services offerings (Citrix and Microsoft Terminal Services) while
integration with Microsoft Exchange, a Captive Portal, and an XML API enable
organizations to extend policy to Apple Mac OS X, Apple iOS, and UNIX users
that typically reside outside of the domain.
Content-ID:
Protecting Allowed Traffic
Many of today’s applications provide
significant benefit, but are also being used as a delivery tool for modern
malware and threats. Content-ID, in conjunction with App-ID, provides administrators
with a two-pronged solution to protecting the network. After App-ID is used to
identify and block unwanted applications, administrators can then securely enable
allowed applications by blocking vulnerability exploits, modern malware, viruses,
botnets, and other malware from propagating across the network, all regardless
of port, protocol, or method of evasion. Rounding out the control elements that
Content-ID offers is a comprehensive URL database to control web surfing and
data-filtering features.
没有评论:
发表评论