1. Home
  2. >
  3. Security
  4. >
  5. Next Generation Firewalls

NEXT GENERATION FIREWALLS

STRONGER CLOUD FIREWALL AND WAF WITH APPLICATION-LEVEL VISIBILITY

As firewalling functions and services are moving to the cloud, Cloud Firewalls (Cloud FW) and Web Application Firewalls (WAF) need the same application awareness and DPI (Deep Packet Inspection) capabilities as on-premise Next Generation Firewalls (NGFW). Therefore, cloud firewall functions also benefit from embedded Next Generation DPI (NG DPI).

NG Cloud FW Functions Supported by NG DPI

BOOSTING CLOUD FIREWALL AND WAF WITH ENEA QOSMOS NG DPI ENGINE

Enea’s Qosmos ixEngine® is an embedded NG DPI engine that delivers the detail and quality of traffic intelligence that enables application-level visibility, strengthening your firewall solutions and providing the differentiation to set you apart from competition.

Qosmos ixEngine provides real-time contextual information about applications, users, data, devices, files and flows. This information also supports the development of extended firewall services, such as DDoS protection, email security, and malware detection. Offering such services can increase your revenue and boost customer satisfaction and loyalty.

THE ROLE OF ENEA QOSMOS TECHNOLOGY IN WEB APPLICATION FIREWALLS

EXAMPLES OF ENHANCED WAF FUNCTIONS ENABLED BY QOSMOS IXENGINE

  • Reveal applications (e.g., eProxy, HTTP Injector) that combine techniques such as protocol header customization, proxies, tunneling & domain fronting, to evade detection.

  • Detect executables concealed in HTTP requests, such as code used in injection attacks (SQL, ORM, EL, LDAP, etc.).

  • Detect domain fronting used to evade URL filtering.

  • Use metadata and metrics related to traffic flows, applications, services, data, users, and devices for heuristics-based detection of DDoS attacks.

BENEFITS

  • Improve detection of advanced Layer 7 attacks.
  • Enhance log-based monitoring with ultra-reliable telemetry data.
  • Expand whitelists and blacklists.
  • Improve detection of malicious traffic using spoofing techniques to avoid detection.

THE ADVANTAGES OF ENEA QOSMOS TECHNOLOGY IN CLOUD FIREWALLS

EXAMPLES OF NG CLOUD FW FUNCTIONS ENABLED BY QOSMOS IXENGINE

  • Detect a mismatch between a file type and MIME announcement.

  • Extract and analyze a URL in an email body.

  • Block access to a database if the source IP@ is not valid.

  • Incorporate custom signatures into rulesets.

  • Use file reconstruction capability to provide objects to anti-virus / malware detection.

  • Detect tunneling or obfuscation (protocols such as iodine, openvpn, psiphon, tor, etc.)…

BENEFITS

  • Gain roadmap control by transforming a Cloud FW into a NG Cloud FW.
  • Accelerate time-to-market by outsourcing a high-maintenance technology.
  • Enable smart security steering from the 1st packet.
  • Maximize functions that can be executed without decryption.
Qosmos ixEngine: Next-Generation Deep Packet Inspection (DPI) for Maximum Traffic Visibility
How SSE Vendors Use Next Generation DPI for Market Success
Application & Device Awareness for NGFW Innovation with Enea Qosmos ixEngine + LibDevice 2.0 for Access Networks
Retaining Network Traffic Visibility in the Encryption Era