Qosmos for Next Generation Firewalls

The Challenge

To effectively classify traffic and manage rulesets, firewalls require built-in Deep Packet Inspection (DPI) providing Layer 7 application identification and detailed information in the form of metadata attributes.

Firewall vendors risk spending considerable time and money developing and updating DPI technology that provides detailed enough visibility and that is up-to-date with constantly changing protocols and applications.

How Qosmos Inside Solves the Problem

  • Qosmos application classification and metadata engine – ixEngine – is embedded into next-generation firewalls to provide Layer 7 application classification and traffic metadata attributes, such as message senders and receivers, and names of files shared or attached in an application.
  • Within days, firewall vendors can embed ixEngine into products for unmatched application classification and more effective security policy management.
  • Qosmos has successfully deployed DPI software scaling efficiently from a few MB to 1 TB of memory.


Benefits for Firewall Vendors: Full Application Visibility

  • Identifies applications based on protocol grammar analysis, not ports
  • Goes beyond traditional DPI to decode traffic inside tunneling protocols
  • Identifies actions launched within an application (such as login, browse, chat, file transfer, etc.)
  • Real-time extraction of communications metadata such as message senders and receivers, and names of files shared or attached in an application.
  • Recognizes thousands of protocols, applications and metadata
  • Allows users to develop their own protocol plugins that can be integrated in the ixEngine framework.


qosmos for next generation firewalls example


Recognized Protocols and Applications (Sample)

  • Email (smtp, pop3, imap, Outlook Exchange, etc.)
  • Webmails (Gmail, Yahoo mail, Outlook Web Access, etc.)
  • Instant Messaging (IRC, Jabber, Yahoo Messenger, etc.)
  • Web applications (HTTP, web browsing, URLs, etc.)
  • Tunnels (ICMP, HTTP tunneling, GRE, L2TP, etc)
  • File transfer protocols (FTP, Windows File Transfer SMB, etc.)
  • P2P applications (eDonkey, BitTorrent, Gnutella, NNTP, etc.)
  • Streaming (VoIP, media streaming, etc.)
  • Business applications (CRM, ERP, appliance or web mode, etc.)
  • Database protocols (MySQL, Postgress, Oracle, etc.)
  • Online gaming

Application Visibility (Sample)

  • HTTP: visited URL, URI
  • Email, Webmails, social networking and messaging: login, sender, receiver(s), attached document (type, name, content) etc.
  • File transfer, P2P: login, file type, file name, file content, etc.

To see an overview of all the protocols recognized by Qosmos, visit the Qosmos Protobook Light.

“Layer 7 visibility allows a view of individual application flows and even an understanding of components of applications.”

Jeff Wilson, Research Director and Advisor, Cybersecurity, IHS