The Challenge
Commercial Off-The-Shelf (COTS) products such as Intrusion Prevention and Detection Systems (IPS/IDS) are not always able to detect fraudulent behavior or data leakage which use Web-based applications (Gmail, etc.) or anonymization mechanisms such as Web proxies (Glype).
Qosmos Solution
Qosmos ixMachine provides complete visibility over network traffic and feeds IPS/IDS solutions with IPDRs according to predefined rules, so that suspicious traffic can be mitigated as required.
Benefits
- Reinforced IPS/IDS solution thanks to additional traffic information provided by Qosmos
- Enhanced protection against malicious activity data leakage over all type of IP communications: IP telephony, email, instant messaging, Web, etc.
- Less downtime: no need to quarantine entire routers (instead e.g. specific IP addresses can be blocked)
Example of Implementation
Information Extracted
Recognized Applications and Protocols (sample)
- Instant Messaging: AIM, msn, Skype, Yahoo, Google Talk, QQ, etc.
- Webmail: Gmail, Hotmail, Livemail, Squiremail, Yahoo mail, etc.
- Network: IP, TCP, FTP, Ethernet, DNS, DHCP, UDP, etc.)
Extracted Information (sample)
- User ID
- IP address
- Date & time of login / logoff
- Subject of email
- Content of email
- Attached documents
- Data transfer sessions (type, content, time)
