Comprehensive insight into and control of the application layer

The applications used in enterprises can no longer be simply distinguished as "black" or "white". "Gray" applications abound. Only comprehensive and multi-dimensional insight into the application layer can guarantee enterprises' effective control to the black and gray applications.

 

Deep insight into applications

NetentSec NGFW uses deep identification technology to effectively cover the means of escape that traditional firewalls and IPS equipment cannot identify, such as port hopping, agent, tunnelling technology and SSL encryption, etc., enabling the customers to identify, detect and control various applications.

 

Comprehensive means of user identification

NetentSec NGFW can implement user authentication through a variety of certification systems (MS AD, Radius, LDAP, etc.) and supports user recognition in a variety of application systems (POP3, SMTP, Kerberos, etc.). Meanwhile, it has impeccable functions of user organization and management and user import.

 

Detailed application control policy

Different from quintuple access control policy of traditional firewalls, NetentSec NGFW exerts access policy control based on applications and users. Besides traditional simple means of allowing and forbidding, NetentSec NGFW can also perform blocking, multi-dimensional security scanning and sophisticated traffic management to the traffic within the policy.

 

Rich functions of traffic management

NetentSec NGFW provides rich functions of traffic management, including virtual link management, multi-stage flow channel management, bandwidth control and borrowing, equal distribution of user bandwidth, etc.. NetentSec NGFW not only provides security protection, but also safeguards critical applications and promotes the value of bandwidth.  

 

 

Integrated protection against application layer threats

The insight of NetentSec NGFW ensures to visualize the applications which apply technologies like dynamic port, tunnels, agents, and SSL encryption. And thus it can prevent threats to escape and defense against the threats through comprehensive security inspection means based on applications (intrusion prevention, antivirus, URL filtering, etc.).

 

Anti-escape intrusion prevention

Traditional intrusion prevention technologies cannot cope with port escape, which causes threats to network. And NetentSec NGFW’s ability of deep application identification effectively eliminates this kind of threats. NetentSec NGFWcan detect and defense against a variety of ways of attacks or threats, such as bugs, trojans, worms, back doors, buffer overflow, scanning and SQL injection. It has a database of more than 2500 threat features and keeps updating it in time.

 

Low-latency virus detection

NetentSec NGFW provides effective virus protection functions based on streaming technology. Low latency effects of flow technology bring favorable network user experience to users. It can kill viruses in multiple protocols traffic (HTTP, FTP, SMTP, POP3 and IMAP, etc.) and compressed files (gzip, zip, rar etc.). A database of nearly 100,000 virus features is maintained and updated at real time.

 

URL filtering based on the cloud

Using methods of active scan prevention and online content identification based on the cloud, NetentSec NGFW can quickly identify suspicious websites and effectively defense against websites plugged with trojans and fishing sites, identify puppet hosts implanted with trojans and cut off their communication with outside and eliminate risks, and reduce opportunities for contact with websites plugged with trojans and fishing sites and reduce risks by controlling high-risk websites such as pornography and gambling.

 

Integrated security policy

NetentSec NGFW provides integrated security policies based on applications, bringing users comprehensive security functions based on applications and simple, flexible security policy configuration. Based on the quintuple policy of traditional firewalls, three dimensions are added: application, user and content.One policy can simultaneously match application, user and content, reducing the number of policy configuration items and the maintenance costs.

 

 

Intelligent active defense

Based on behavior analysis, NetentSec NGFW provides protection means which realizes intelligence interaction between various types of logs and threat analysis visualization, helping users find and control unknown threats that exist in the network and adjust security policies timely to enhance security defense.

 

Application threats visualization

NetentSec NGFW does security risk classification and recognition based on the specific characteristics of the applications, such as "known bugs", "technical characteristics" and "how it has been attacked or used". NetentSec NGFW does more detailed application security risk classification and identification to "Gray" applications to help users to recognize and control the security risks of the "gray" applications effectively.

NetentSec NGFW can draw national and regional statistical distribution map of network traffic and threats to visualize the flow and threats going to and coming from different countries and regions.

NetentSec NGFW can find puppet hosts in the network by analyzing the behavior on the botnet and enable the users to safeguard their network from being penetrated by the botnet through isolation and control.

 

Security baseline comparison analysis

NetentSec NGFW provides not only rank statistics analysis of the applications and threats in the user’s network, but also baseline analysis which enables the user to compare to the applications and threats of the same time period of the previous day, week or month. NetentSec NGFW supports baseline comparison for four dimensions (new, disappear, obvious increase and obvious decrease) and help users to get visual experience of the changes of applications and threats in the network and to effectively predict and defense against potential threats.

 

Threat integration and correlation analysis

NetentSec NGFW can do multi-dimensional data analysis, including analysis of the threats found by scanning, URL classification and filtering, file type filtering, the source and destination user, region and countrydistribution, etc. At the same time, it can do filtering and reanalysis to the data in each dimension, analyze the relation between data and dig into it deeply, and assist users to find potential risks and control them based on applications.

NetentSec NGFW provides various log information, including traffic log, threats log, URL filtering log, file filtering log,etc.. It provides link from one log content to related contents in other logs. For example, from the log entry of threats found by scanning, you can view the relevant traffic logs, and further view the log contents of URL filtering.

 

 

Complete basic firewall features

ACL based on quintuples

NetentSec NGFW supports the access control based on quintuples (source address, destination address, source port, destination port, protocol type).

 

Traditional attack protection

NetentSec NGFW can defense against traditional means of attack, such as port scanning, DDOS attacks, SYN Flood, ICMP Flood, UDP Flood, TearDrop, LAND, WinNuke, Smurf, Fraggle and Ping Of Death.

 

Basic network functions

NetentSec NGFW have networking functions like various address translation ability, static routing, VPN based on IPsec, dynamic routing protocols (RIP, OSPF), HA, ALG, etc.

 

 

Application layer data leakage prevention

Content characteristics and file type filtering

With leading content scanning technology, NetentSec NGFW monitors the key information of the contents and files transmitted in applications, such as ID number, bank card number and phone number, and allow users to define the characteristics of the key information through flexible regular expressions to prevent sensitive data leakage.

For nearly one hundred kinds of common types of files, NetentSec NGFW can block the transmission of specified types of files. File type is recognized by feature matching, so files can still be identified accurately even if the suffixes are modified.

 

File types and contents transmission control based on applications

Traditional file transmission control is implemented based on standard protocols such as HTTP, FTP, POP3 and SMTP. With the rapid growth of network applications, the effectiveness of this way is becoming increasingly lower. NetentSec NGFW can control file types and contents based on hundreds of common used applications (microblog, network disk, WEB mail and free door, etc.). And it can make detection and control based on the direction of file transfer (upload and download).

 

 

    High performance single path heterogeneous parallel engine

Single path processing engine of data flow    

In the process of data packet forwarding, NetentSec NGFW does only single-pass message and protocol analysis on network L2 -L7. The data packet goes through the forwarding engine, the app engine and the content engine successively, and the single-passnetwork parsing, application user insight and security scanning are completed all at once. NetentSec NGFW provides unified policy framework and realizes one-time matching process of multiple security policies. And in single-path treating processes, the data on network L2 -L7 can be integratedly exported and completely visualized.

 

High-performance heterogeneous parallel framework

With high-performance hardware platform based on Intel and its DPDK software technology, NetentSec NGFW can achieve high forwarding of 10G packet. At the same time, with heterogeneous parallel architecture, NetentSec NGFW can achieve not only high-performance network forwarding, but also high-performance parallel processing of applications and contents, ensuring the high usability with all security features on.

 

 

Entire network equipment centralized management

Through software and hardware integrated security management center (Security Management Center, SMC), 2000 next-generation firewalls can be managed at the same time. Equipment centralized management, entire network condition monitoring, global threat analysis and so on are all concentrated on SMC which can help the clients equipped with multiple NS-NGFWs reduce the cost of management preferably, control the state of entire network, and realize powerful threat warning and analysis ability based on big data mining of entire network.

 

Configuration issued conveniently and safely, reducing the cost of management sharply

Network administrator can preinstall the configurations of security strategy, rules of protection and VPN tunnel, etc. which need to implement in WebUI provided by SMC firstly. Then, configurations are issued together to next generation firewall facilities of entire or partial network through SMC which can realize centralized configuration of entire network facilities. Meanwhile, updating of system software, application identification library, threat feature library, URL classification library, etc. can also be issued together by SMC which can realize batch updating of entire network facilities intelligently.

 

Comprehensive understanding of facilities statuses, easy control of entire network statuses

WebUI provided by Netentsec SMC is a visual interface of next generation firewall product which   is simple to use, integrates data provided by all facilities of entire network, carries on and present the statistics with a global perspective and facilitate to grasp intuitively the entire network statuses. Meanwhile, the user can comprehend running statuses of one or a group of next generation firewall facilities through monitoring center provided by SMC.

 

Visual application threat of entire network, intelligent warning unknown risks

SMC can intelligently mine traffic trends of entire network on a timeline, confirm the abnormal behavior and warn threat actively based on entire network data collection. SMC can associate intelligently with all relevant security incidents based on a connection dimension according to the time order after security incident happened which can present attack process and the whole picture of threat quickly.