Qosmos for Next Generation Firewalls
Firewalls can no longer use ports to effectively classify traffic. Today’s firewalls must have:
- Layer 7 / application identification
- Beyond classification, advanced security applications such as IPS require visibility on application usage patterns (who is doing what).
Firewall vendors risk spending considerable time and money developing a traffic decoding technology such as Deep Packet Inspection and keeping up with constantly changing protocols and applications that make networks vulnerable.
How Qosmos Inside Solves the Problem
- Qosmos DPI engine – ixEngine – is embedded into next-generation firewalls to provide Layer 7 application classification and delivery of traffic metadata attributes, such as message senders and receivers, and names of files shared or attached in an application.
- Within days, firewall vendors can embed ixEngine into products for unmatched application classification and more effective security policy management.
Benefits for firewall vendors: Full application visibility
- Identifies applications based on protocol grammar analysis, not ports
- Goes beyond traditional Deep Packet Inspection to decode traffic inside tunneling protocols
- Identifies actions launched within an application (such as login, browse, chat, file transfer, etc.)
- Real-time extraction of communications metadata such as message senders and receivers, and names of files shared or attached in an application.
- Recognizes thousands of protocols, applications and metadata
- Allows users to develop their own protocol plugins that can be integrated in the ixEngine framework.
Designed with “Triple R” (robustness, reliability and resilience) in mind
- Resilience, by functioning even under adverse external conditions (e.g. maliciously forged packets or flows)
- Robustness, by performing well during difficult situations (e.g. SYN flood attacks, incomplete traffic)
- Reliability, by adequately decoding traffic even under unusual circumstances (e.g. tunnels, obfuscated traffic, non-standard protocol behavior)
Support for all leading processor architectures
- Optimized for all leading processors on the market: Intel x86, Broadcom, Cavium, EZChip, and Freescale.
- Application classification at traffic speeds up to 10 Gbps on a single processor
Recognized protocols and applications (sample)
- Email (smtp, pop3, imap, Lotus Notes, etc.)
- Webmails (gmail, Yahoo mail, Outlook web access, etc.)
- Instant Messaging (MSN Messenger, Yahoo!Messenger etc)
- Web applications (HTTP, web browsing, URLs, etc.)
- Tunnels (ICMP, HTTP tunneling, GRE, L2TP, etc)
- File transfer protocols (FTP, Jabber, AIM file transfer, etc.)
- P2P applications (eDonkey, BitTorrent, Gnutella, etc.)
- Streaming (VoIP, media streaming, etc.)
- Business applications (CRM, ERP, appliance or web mode, etc.)
- Database protocols (MySQL, Postgress, etc.) Online gaming
Application visibility (sample)
- HTTP: visited URL, URI
- Email, webmails, social networking and messaging: login, sender, receiver(s), attached document (type, name, content) etc.
- File transfer, P2P: login, file type, file name, file content, etc.