Presentation is loading. Please wait.

Presentation is loading. Please wait.

InstantScan Content Manager

Similar presentations


Presentation on theme: "InstantScan Content Manager"— Presentation transcript:

1

2 InstantScan Content Manager
L7 Networks L7 Networks Inc.

3 Agenda Company Profile L7 Missions L7 Investors
Layer-7 Content Manager Part-I Market Demand Part-II Solutions Part-III Successful Cases Appendix-I Layer-7 App. Appendix-II Product Spec. Appendix-III Patents

4 Missions: Internal Network Security
InstantScan Content Mgr. Catching Internal Thieves: Employee internet content / behavior management InstantLock Co-Defender Defending Internal Attacks: Isolate virus-infected PCs Internal Threats InstantBlock Application Firewall Preventing External Attacks/Thieves: Unified threat management InstantQos Bandwidth Mgr. Shaping Internal Traffic: Manage P2P / streaming / VoIP / … by layer-7 in-depth classification External Threats

5 L7 Investors

6 InstantScan Content Manager
L7 Networks Inc.

7 Part-I Market Demands Catching the Internal Thieves

8 What are your employees doing at work?
employee productivity killer Internet Explorer for web sites Outlook for s Looking for info for work? Check out stock price first! network performance killer Communicating for work? Speak to lovers first! MSN for chats BT, ED2K, Xunlei Download a movie back home for fun!!

9 Survey & Studies Heavy Usage Security Theats
Gartner: >30% enterprise, <1% control (2005) Radicati Group: >80% enterprise (2008) Security Theats WORM_KELVIR.A WORM_FATSO.A 即時通訊(IM,Instant Messenger),隨著這類軟體功能的豐富化,與溝通上具有取代 的即時方便性,因此這類的軟體也雨後春筍般的出現,攻佔電腦使用族群的使用佔有率。Radicati Group日前公佈了企業即時通訊市場的調查結果,顯示出北美85%的企業在業務及個人交流中使用即時通訊,全球也有20%的使用率。Radicati也預測,2008年底全球將有80%的企業使用即時通訊軟體。因此可以預期的,IM軟體未來將如同手機、 般成為生活溝通上如影隨形的一項方便工具。IM的應用帶來新的便利,不過以安全的角度來看,越多人使用,越方便的軟體,卻是MIS人員心中的恐慌,因為方便性和安全性通常是對立的,這也會引發出許多新的資安問題。新的病毒與攻擊手法,也可以預期的將有透過IM軟體來傳播的新途徑管道。

10 1. Employees with low productivity

11 2. Information Leakage or Virus
Price Book

12 3. Bandwidth stealers for downloads
P2P downloads Illegal music Illegal movies …… Bandwidth inadequate for HTTP ERP ……

13 Plug & Play L7 Content Manager (stealth mode)
2005/03/25: NBL Editor’s Choice Beat Facetime, Akonix 2005/12/01: National Innovation Awards Firewall L7 Content Manager (stealth mode) switch

14 5-Step Content Management
Discovery Step.2 Normalization Step.3 Behavior Mgmt. Step.4 Content Mgmt. Step.5 Report Analysis Anti-Virus MSN file transfer File Recording IM Game IM Chat Chat Recording IM Streaming Keyword block P2P Bandwidth Mgmt. 35 Mbps 20 Mbps 10 Mbps Real-time Learning Layer-7 to Layer-4 Normalization Interactive Behavior Mgmt. Deep Content Inspection Offline Report / Analysis

15 1. Employees with low productivity
Instantly respond to employees in Chat windows even IS doesn’t have an IP address

16 2. Information Leakage or Virus
Price Book Instant Warning

17 3. Bandwidth stealers for downloads
P2P downloads Illegal music Illegal movies …… After installing InstantScan Mission critical app. HTTP ERP ……

18 Part-II Solutions

19 Solutions Layer-7 Visibility Employee Productivity Network Internal
manage / filter / record / audit employee’s IM & Web behaviors and contents to increase their productivity built-in backend reports for 3-level analysis: (1) index for productivity, performance, security; (2) dashboards for summary; (3) detailed reports for inspection Employee Productivity highspeed UTM hardware platform with intelligent 3-tier arch. for performance, availability, and reports understand the real applications running by your employees Layer-7 Visibility Internal Subscriber Manager External Cost Network Performance Internal Security limit P2P / P2SP traffic and guarantee mission critical traffic such as ERP, VoIP, Web traffic prevent internal network users from virus/worm or information leakage by P2P / tunnel software, spyware, WebMail, WebIM, etc.

20 Painless Installation?
WebSense / BlueCoat / FaceTime / IM Logic / Akonix require to setup every client to connect to the IM Proxy Tunneled IM cannot be managed Spam Wall cannot be managed Virus Wall IM Proxy data path Inline-IDP Firewall/VPN Check website for comparison Content Mgmt. IM Proxy What if IM is tunneled in WebMSN/Mail/HTTP/…? Web Proxy What if IM behaves like Web Proxy?

21 Step 0. No Modification of Networks
IM in port-80, proxy, socks4/5 can still be managed Even in wireless/dhcp env, still can be managed by AD Management Server DHCP Server Firewall/Router Proxy IS switch AD Server switch

22 3-Tier Architecture Friendly user interfaces
Powerful reporting and alerts Plug & play installation without modifying network arch.

23 5-Step Content Management
Discovery Step.2 Normalization Step.3 Behavior Mgmt. Step.4 Content Mgmt. Step.5 Report Analysis Anti-Virus MSN file transfer File Recording IM Game IM Chat Chat Recording IM Streaming Keyword block P2P Bandwidth Mgmt. 35 Mbps 20 Mbps 10 Mbps Real-time Learning Layer-7 to Layer-4 Normalization Interactive Behavior Mgmt. Deep Content Inspection Offline Report / Analysis

24 Step 1. Discovery (App. View)
Watch applications’ sessions and highlight tunneled IM sessions

25 Step 2. Setup L7 Policy Scheduled updates to Application Patterns to manage application usage by defined time schedules

26 Step 3.1 Setup IM Policy for Individuals
IM management for individuals by (1) specific IM accounts, (2) learning, (3) registration, (4) AD name, (5) AD group

27 Step 3.2 Setup IM Behavior Mgmt.
Define permission levels to facilitate individual IM policy deployment

28 Step 3.3 Setup IM Peers Limit the peer for chat by individuals or groups

29 Step 3.4 Self-Defined Policy Violation Warning Messages
Multi-language support for all languages

30 Step 3.4 Setup Bandwidth Pipes
Divide outbound bandwidth pipes by mouse drags Divide inbound bandwidth pipes by mouse drags

31 Step 4.1 Setup IM Chat Content Management
Right click to define your own chatting keywords / groups

32 Step 4.2 Setup IM File Transfer Content Management
Right click to define your own filename keywords/groups

33 Step 4.3 Setup IM File Transfer Anti-Virus
Anyone who is infected with virus will be notified the name of the virus

34 Step 5.1 Multi-level Auditing Levels
3-levels: admin/mis/audit to separate operating and auditing parties

35 Step 5.2 Ranking by app. usage

36 Step 5.3 Ranking by traffic volume

37 Step 5.4 Scheduled Reports in HTML/PDF/XLS Formats

38 Step 5.4 Scheduled Reports in HTML/PDF/XLS Formats

39 Part-III Successful Cases

40 Accounting & Auditing Anyone who is auditing others
should have themselves well-audited so as to assist customers to be compliant to various regulations.

41 Manufacturing Confidential information should be kept
as private as possible. InstantScan is able to detect varieties of tunneled software which may cause a lot of security holes for information leakage.

42 Semiconductor Confidential design sheet is the core
technology of IC design and must be kept as private as possible. Anyone who use IM to transfer confidential files can be caught with strong evidence.

43 IC Design Confidential design sheet is the core
technology of IC design and must be kept as private as possible. Anyone who use IM to transfer confidential files can be caught with strong evidence.

44 Banking & Stocks With a heavy usage of IM across the stock
transactions, they do need a tool to log and record what the customers have issued to the brokers, and what the brokers have spoken to the internal dealers.

45 Photodiode Confidential design sheet is the core
technology of Photodiode and must be kept as private as possible. Anyone who use IM to transfer confidential files can be caught with strong evidence.

46 Electronics Confidential price book is the core
value of us to sale the chips and must be kept as private as possible. Anyone who use IM to transfer confidential files can be caught with strong evidence.

47 Media Confidential news are invaluable if they are kept in secret.
However, journalists communicate largely with IM so they can share the resources. What is worse, internal staffs may also use IM to tell other staffs in other companies. However, IM is extremely convenient for communications among internal staffs. We need L7 to control them.

48 Spin-off from the D-Link corporation, Alpha continued to
sue VIA Technology for the stolen confidential designs. In the mean time, Alpha Networks put 4 InstantScan boxes at the outbound links to control the use of IM so as to gather the information of IM usage. As the largest multi-level company in the world, Amway continued to make itself conform to the toughest regulations in order to keep its electrical communications as secure as possible, just like what it had done to web and s.

49 Confidential patents are invaluable if they are kept in
secret. Biochemistry has become the most emergent Industry that can boost revenue in the century. Just like what health-care industry has emphasized, the data of the patient or people under experiments is extremely proprietary and never be leaked to anyone else. L7’s InstantScan helps to control the usage of IM.

50 Benefits for Deploying InstantScan
Discovery See who is actually using the network for what, especially in multi-culture environments which mix a huge number of applications. L7 Firewall: IM / P2P / Tunnel / Streaming / VoIP / File-Transfer / … Effective control the applications in your networks, either blocking or shaping Content Manager: IM & Web Selectively log/record employees' activities and contents for regulations and compliance. Actively control the activities/contents instead of just logging/recording to prevent confidential information leakage while improving productivity. Report & Analysis log and archive for potential legal discovery needs or other purposes Indication of employees' policy violations or productivity.

51 Layer-7 Content Manager

52 Appendix-I FAQ

53 1. L7 support what applications?
Check Appendix II or L7 Web Portal

54 2. Target customers and competitors
IS-5000 Actively mgmt. + auditing Competitor: Facetime/Akonix/ImLogic Installation: Win Function: Even Price: win (no need to have 2 devices) IS-1000 IS-100 UTM-oriented market. Need passive sniffing instead of active management. So L7 integrates IS+IB+IQ to penetrate this market IS-50 IS-10 Competitor BlueCoat has dominated the proxy market by huge number of deployed proxies. Emphasize L7’s IM/P2P advantage while unneeded to change their proxy architecture Passive auditing Tiny (<30) Small (<70) Medium (< 150) Large (<1000) Huge (<3000 people)

55 Appendix-II L7 Applications

56 Normalization: Step 1~Step 2
Monitor Step.2 Normalization Step.3 Behavior Mgmt. Step.4 Content Mgmt. Step.5 Report Analysis Anti-Virus MSN file transfer File Recording IM Game IM Chat Chat Recording IM Streaming Keyword block P2P Bandwidth Mgmt. 35 Mbps 20 Mbps 10 Mbps Real-time Learning Layer-7 to Layer-4 Normalization Interactive Behavior Mgmt. Deep Content Inspection Offline Report / Analysis

57 General Applications No mater which port they use HTTP SMTP POP3 IMAP
FTP

58 Instant Messenger (IM)
MSN: 6.2, 7.0, 7.5, 8.0 beta, Windows Live Messenger 8.0 Yahoo Messenger: 5.5, 6.0, 7.0, 8.0 beta, 8.0 ICQ: 2003pro, 4.14lite, 5.0 AIM: 5.9 QQ: YamQQ-2003II, QQ-2003II, QQ-2003III, YamQQ-2004III, QQ-2004 formal edition, YamQQ 2005 Formal Edition, QQ 2005 Beta2, QQ 2005 Simplified Chinese Formal edition (include 珊瑚蟲增強包v4.0 Formal Edition) qqfile: QQ2006Beta2, qqshare: QQ2006Beta2 Miranda: v0.4 Gaim: v1.30 Trillian: Basic 3.0 Google talk beta Webim: include web-msn, web-aol, web-yahoo, web-icq

59 Peer-to-Peer (P2P) Bittorrent: Kuro: m6, 2005 5.18 Edonkey:
BitComet 0.54 / 0.6 / 0.67, Bitspirit 2.7, Mxie , utorrent 1.5, azureus 2.4 Kuro: m6, Edonkey: Emule 0.42b/0.44d/0.45b, edonkey2000 V1.0, Overnet tested-version, utorrent v1.5, azureus v2.4 ezPeer+ v1.0beta Directconnect: directconnect 2.205, dc OpenFT: crazaa v3.55, Kceasy v0.14 Pigo: pigo v3.1, 100bao v1.2.0a Kugoo: v2.03, v2.055, v3.10 Ares: 1.04 poco: poco 2005 pp point (pp奌奌通) v2006 Fasttrack: kazaa 2.7 / 3.0 / 3.2 grokster 2.6/2.6.5 iMesh 4.5 build 151 / 5.20 / 6.5 Gnutella: ezpeer: 1999A6, 1999A10, BearShare Pro 4.6.2, Shareaza , Morpheus 4.6.1/ 4.7.1 Gnucleus 1.55, , Mxie , Foxy 1.8.6

60 Voice Over IP (VoIP) Skype: SkypeOut: SIP: H323:
1.0, 1.1, 1.2, 1.3, 1.4, 2.0, 2.5beta, SkypeOut: 1.4, 2.0 SIP: TelTel , Wagaly TelTel 0.8.4, MSN Voice 7.5 , Yahoo Voice 7.0 H323: NetMeeting: 3.01

61 Tunnel Ware hopster: Release 17 Httptunnel: v3.2, 3.4
Realtunnel: v0.9.9, 1.0.1 VNN: 2.1, 3.0 Softether: 1.0, 2.0 Tor: v X, v JAP YourFreedom

62 Remote Access Windows remote desktop VNC (Virtual Network Computing)
vnc, Ultra VNC 1.0.1, Win v3.3.7 Symantec pcAnywhere 10.5 / 11 NetOP Remote Control v9.00 Remote Administrator 2.2

63 Streaming RTSP: - Shoutcast: Live365: Radio365 1.11 build17
MediaPlayer 10.0, RealPlayer 10.5 QuickTime 6.5, 7.0, KKBox: v1.0, v2.0, v2.2, RealOne 1.0, 2.0 MMS(Multimedia Messaging Service), Yahoo music (http://music.yahoo.com/, - Shoutcast: winamp / 5.24 JetAudio 6.2 Icecast 2.3 Live365: Radio build17 Google Video(http://video.google.com/) AOL Radio(http://music.aol.com/radioguide/bb.adp) iTunes 6.0 TVAnts 1.0 PeerCast Napster (www.napster.com) qqtv (qq直播; tv.qq.com) 3.2 ppstream 1.0 Webs-tv (http://www.webs-tv.net)

64 Appendix-III Product Comparison

65 L7 vs. Facetime vs. Akonix vs. IM Logic

66 Facetime’s Solution Limited solution. Cannot control P2P bandwidth. Can block Skype Require clients to assign proxy to IM Auditor What if not set the proxy?

67 Akonix’s Solution (I) Limited solution. Cannot control P2P bandwidth.
Cannot manage Skype Require clients to assign proxy to IM Auditor What if not set the proxy?

68 Akonix’s Solution (II)
Limited solution. Cannot control P2P bandwidth. Cannot manage Skype Cannot manage MSN / Yahoo / AOL / ICQ over random ports

69 IMLogic’s Solution

70 L7 Networks’ Solution

71 Award-winning test report

72 NBL Test Report (2005/2/23) Test item 3.1: IM to be managed Facetime
Akonix L7 Networks Abocom MSN AOL QQ ICQ Yahoo Skype

73 NBL Test Report (2005/2/23) Test item 3.1.1: MSN Management Facetime
Akonix L7 Networks Abocom Message OK N/A File transfer FP Voice FN Image Game FP: False positive, FN: False negative, N/A: Not available

74 NBL Test Report (2005/2/23) Test item 3.1.2: Yahoo! Management
Facetime Akonix L7 Networks Abocom Message OK N/A File transfer Voice FP Image Game FP: False positive, FN: False negative, N/A: Not available

75 NBL Test Report (2005/2/23) Test item 3.1.3: QQ Management Facetime
Akonix L7 Networks Abocom Message N/A File transfer Voice Image Game FP: False positive, FN: False negative, N/A: Not available

76 NBL Test Report (2005/2/23) Test item 3.1.4: ICQ Management Facetime
Akonix L7 Networks Abocom Message OK N/A File transfer FP Voice FN Image Game FP: False positive, FN: False negative, N/A: Not available

77 NBL Test Report (2005/2/23) Test item 3.1.5: AOL Management Facetime
Akonix L7 Networks Abocom Message OK N/A File transfer FP Voice Image Game FN FP: False positive, FN: False negative, N/A: Not available

78 NBL Test Report (2005/2/23) Test item 3.1: Action to be taken Facetime
Akonix L7 Networks Abocom Blocking Filtering Intervening Recording Bandwidth Control Virus Detection Virus scanning is supported in advanced version

79 NBL Test Report (2005/2/23) Test item 3.1: Object to be managed
Facetime Akonix L7 Networks Abocom IP address IM user account

80 Appendix-IV Patents

81 Patent-1: PostACK TCP BW. Mgmt.(1)
Contributed to IEEE IEEE Transactions on Computers, Vol.53, No.3, March 2004: Assessing and Improving TCP Rate Shaping over Enterprise Edges IEEE Communications Surveys and Tutorials, Vol.5, No.2, 2003: A Measurement-Based Survey and Evaluation of Bandwidth Management Systems IEEE Global Telecommunications Conference 2004 (IEEE Globecom 2004), Dallas, Texas USA, Nov. 2004: On Shaping TCP Traffic at Edge Gateways IEEE Symposium on Computers and Communications (IEEE ISCC 2003), Kemer - Antalya, Turkey, Jun. 2003: Co-DRR: An Integrated Uplink and Downlink Scheduler for Bandwidth Management over Wireless LANs

82 Patent-1: PostACK TCP BW. Mgmt.(2)
Packeteer TCP Rate Control Window sizing L7 PostACK Delaying the reverse ACK

83 Patent-2: SoftASIC® Classification
…….. Yahoo app. pattern AOL app. pattern MSN app. pattern BT app. pattern ……… Step 1. Reassembly pattern matching Step 3. Cut-Thr Forwarding Step 2. Match!! At most first 10 pkts can judge if this HTTP is BT (average case: first 3 pkts can finish the process)

84 Patent-3: Multi-Stage Inspection(1)
HTTP …. Tunneled IM cannot be managed Spam Wall cannot be managed Virus Wall IM Proxy data path Inline-IDP Firewall/VPN Content Mgmt. IM Proxy Web Proxy

85 Patent-3: Multi-Stage Inspection(2)
IM Content Mgmt. Engine Step 3. Redirect …….. Yahoo app. pattern AOL app. pattern MSN app. pattern BT app. pattern ……… Step 1. Strip Headers (socks4/5) pattern matching Step 2. Match!!

86 Patent-4: Inline-Proxy Stack(2)
Benefits: True inline plug & play proxy stack Stable user-space programming Easy for SMP parallel processing IM/Web Content Mgmt. Engine Inline-Proxy TCP Stack Emulate original IP/port while swapping sequence # Queue

87 Layer-7 Content Mgmt. Expert


Download ppt "InstantScan Content Manager"

Similar presentations


Ads by Google