Network Virtualization

Subscribe to Network Virtualization: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Network Virtualization: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


netvirt Authors: Elizabeth White, Sven Olav Lund, Larry Alton, Moshe Kranc, Doron Kolton

Related Topics: Security Journal, SOA & WOA Magazine, Network Virtualization

Article

Keeping Your Network Security One Step Ahead

A new approach to data inspection is paramount in order to address undetected and emergent threats

Advanced malicious content and attacks are starting to threaten conventional network filtering technologies that are not able to keep up with the increased volume and complexity of network traffic. Currently, one in every 14 downloads contains malicious content that may create operational, reputational and customer relationship management challenges. The Global State of Information Security survey conducted by PwC in 2012 found that 57 percent of security experts are dissatisfied with their information security strategy. When malware and non-compliant data slip through the networks undetected, organizations are at risk for IT infrastructure damage and information leakage.

The explosion of social media, mobile data usage and cloud computing has introduced new threats that demand a different approach to security. Deep Packet Inspection (DPI) and packet filtering are two of the standard inspection technologies that secure networks at the packet level; unfortunately, these technologies have limited efficiency and cannot adequately scale to provide optimal security with the evolving Internet.

The Limitations of Deep Packet Inspection
Deep Packet Inspection matches IP packet sequences against known offending patterns. DPI is presently the industry standard for monitoring and managing network packet data. To be effective, DPI systems must match the packet information to these patterns at wire speed, which presents two main limitations:

  • Packet data acquired from a DPI system needs to be matched against a known malware threat, but real-time DPI has limited memory available for pattern matches. This limits the amount of unique signatures available for the system to match against threats.
  • Malware embedded in large applications often pass through DPI and sneak onto the network undetected. This occurs when the number of packets a DPI can hold for pattern matching is limited, and often the number of IP packets present during the transmission of an application payload surpasses this cap.

These limitations are failing to meet the demands of network security. Nested, zipped or archived files, along with an increasing number of unsupported application types, can manipulate these limitations and slide through a DPI security system that isn't adept enough to handle them.

Deep Content Inspection: A Different Approach
A new approach to data inspection is paramount in order to address undetected and emergent threats. Deep Content Inspection (DCI) is an innovative form of network filtering that works as a fully transparent device at a more comprehensive level.

This technology goes beyond merely checking the body or header of data packets circulating within a network; it reassembles, decompresses and/or decodes network traffic packets into their constituting application level objects, often denoted as the MIME objects. This process makes it possible for a DCI solution to scan the entire object and identify any malicious or non-compliant intent.

The prevalent DCI archetype implements full content-based review in real time in order to understand the intent of data-in-motion. Unlike the DPI approach of simply matching packet sequences against patterns, DCI has a much broader inspection scope. DCI offers a whole new level of protection by performing reputation searches and behavior analyses on structured or packed data. By keeping track of content across multiple packets, DCI can find and assess signatures that cross packet boundaries.

DCI provides a comprehensive approach to screening for attacks and malicious content by moving away from traditional packet inspection and focusing on the content and intent of data to effectively secure enterprises, governments and service providers against today's threats.

More Stories By Hongwen Zhang

Dr. Hongwen Zhang is president and CEO of Wedge Networks, a leading provider of remediation-based Deep Content Inspection for high-performance, network-based Web security. He holds a PhD in Computer Science from the University of Calgary, a MSc in Computer Engineering from the Institute of Computer Technology - Chinese Academy of Sciences (Beijing, PRC), and a Bachelor of Science in Computer Science from Fudan University (Shanghai, PRC). With more than two decades of high-tech leadership experience, Dr. Zhang is a co-inventor and holder of several patents in the area of computing and networking.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.