Qosmos for Next Generation Firewalls
Firewalls can no longer use ports to effectively classify traffic. Today’s firewalls must have:
- Layer 7 / application identification
- Beyond classification, advanced security applications such as IPS require visibility on application usage patterns (who is doing what).
Firewall vendors risk spending considerable time and money developing a traffic decoding technology such as Deep Packet Inspection and keeping up with constantly changing protocols and applications that make networks vulnerable.
How Qosmos Inside Solves the Problem
- Qosmos decoding engine – ixEngine – is embedded into next-generation firewalls to provide Layer 7 application classification and delivery of traffic metadata attributes, such as message senders and receivers, and names of files shared or attached in an application.
- Within days, firewall vendors can embed ixEngine into products for unmatched application classification and more effective security policy management.
Protocol Watch Service systematically tests protocols, identifies variants and new protocols, and updates ixEngine’s decoder.
Benefits for firewall vendors
Full application visibility
- Identifies applications based on protocol grammar analysis, not ports
- Beyond traditional Deep Packet Inspection to decode traffic inside tunneling protocols
- Distinguish actions launched within an application (such as login, browse, chat, file transfer, etc.)
- Real-time extraction of communications metadata such as message senders and receivers, and names of files shared or attached in an application.
- Hundreds of protocol and applications and thousands of metadata
- Protocol Plugin Creator allows users to develop their own protocol plugins that can be integrated in the ixEngine framework.
Designed with “Triple R” (robustness, reliability and resilience) in mind
- Resilience, by functioning even under adverse external conditions (e.g. maliciously forged packets or flows)
- Robustness, by performing well during difficult situations (e.g. SYN flood attacks, incomplete traffic)
- Reliability, by adequately decoding traffic even under unusual circumstances (e.g. tunnels, obfuscated traffic, non-standard protocol behavior)
Support for ALL leading processor architectures
- Optimized for all leading processors on the market: Intel x86, NetLogic XLR, Cavium Octeon, Tilera TILEPro, and Freescale PowerQUICC.
- Application classification at traffic speeds up to 10 Gbps on a single processor
Protocols and Applications
Recognized protocols and applications (sample)
- Email (smtp, pop3, imap, Lotus Notes, etc.)
- Webmails (gmail, Yahoo mail, Outlook web access, etc.)
- Instant Messaging (MSN Messenger, Yahoo!Messenger etc)
- Web applications (HTTP, web browsing, URLs, etc.)
- Tunnels (ICMP, HTTP tunneling, GRE, L2TP, etc)
- File transfer protocols (FTP, Jabber, AIM file transfer, etc.)
- P2P applications (eDonkey, BitTorrent, Gnutella, etc.)
- Streaming (VoIP, media streaming, etc.)
- Business applications (CRM, ERP, appliance or web mode, etc.)
- Database protocols (MySQL, Postgress, etc.) Online gaming
Application visibility (sample)
- HTTP: visited URL, URI
- Email, webmails, Social Networks and messaging: logging, sender, receiver(s), attached document (type, name, content) etc.
- File transfer, P2P: login, file type, file name, file content, etc.