EFFECTIVE FIREWALLING REQUIRES APPLICATION LEVEL VISIBILITY
To be fully effective in classifying traffic and managing rules, firewalls require detailed up-to-date, application level information. The only technology that can provide a high enough level of detail is Deep Packet Inspection (DPI), because it can inspect data flows up to Layer 7 and extract additional information in the form of metadata. DPI technology requires very specific protocol expertise. Monitoring and reverse engineering new protocols can take considerable time. Firewall vendors risk spending a significant amount of time and money developing and updating DPI tools in-house, with the challenge of gaining adequate visibility and remaining up-to-date with constantly changing protocols and applications. These resources could be better used in areas of their core expertise.
LAYER 7 APPLICATION CLASSIFICATION & METADATA
Enea's Qosmos ixEngine® is an advanced, DPI-based, classification and metadata engine that recognizes over 3100 protocols, more than any other DPI engine on the market. Delivered as a Software Development Kit (SDK), it is composed of software libraries, modules and tools that are easily integrated into new or existing solutions. Developers benefit from market-leading DPI technology to bring detailed traffic visibility to network solutions up to Layer 7. Integration of Qosmos ixEngine as a software component can be carried out in a few days and removes the need to develop in-house protocol recognition capabilities, simplifying product development and accelerating delivery.
Qosmos Labs constantly monitors and updates the DPI protocol library, sending regular updates to customers that can be integrated as hot swaps into their products. In this way, firewall vendors can concentrate on their core areas of expertise while delivering maximum firewall performance at all times.
BENEFITS FOR FIREWALL VENDORS: FULL APPLICATION VISIBILITY
- Identifies applications based on protocol grammar analysis, not ports
- Goes beyond traditional DPI to decode traffic inside tunneling protocols
- Identifies actions launched within an application (such as login, browse, chat, file transfer, etc.)
- Real-time extraction of communications metadata such as message senders and receivers, and names of files shared or attached in an application.
- Recognizes thousands of protocols, applications and metadata (see Qosmos Protobook Light)
- Allows users to develop their own protocol plugins that can be integrated in the Qosmos ixEngine framework.
Demo of Qosmos DPI Engine for Cybersecurity Applications