7Part-I Market DemandsCatching the Internal Thieves
8What are your employees doing at work? employee productivity killerInternet Explorer for web sitesOutlook for sLooking for info for work?Check out stock price first!network performancekillerCommunicating for work?Speak to lovers first!MSN for chatsBT, ED2K, XunleiDownload a movie back home for fun!!
19Solutions Layer-7 Visibility Employee Productivity Network Internal manage / filter / record / audit employee’s IM & Web behaviors and contents to increase their productivitybuilt-in backend reports for 3-level analysis: (1) index for productivity, performance, security; (2) dashboards for summary; (3) detailed reports for inspectionEmployeeProductivityhighspeed UTM hardware platform with intelligent 3-tier arch. for performance, availability, and reportsunderstand the real applications running by your employeesLayer-7VisibilityInternal Subscriber ManagerExternal CostNetworkPerformanceInternalSecuritylimit P2P / P2SP traffic and guarantee mission critical traffic such as ERP, VoIP, Web trafficprevent internal network users from virus/worm or information leakage by P2P / tunnel software, spyware, WebMail, WebIM, etc.
20Painless Installation? WebSense / BlueCoat / FaceTime / IM Logic / Akonix require to setup every client to connect to the IM ProxyTunneled IM cannot be managedSpam Wallcannot be managedVirus WallIM Proxy data pathInline-IDPFirewall/VPNCheck websitefor comparisonContent Mgmt.IMProxyWhat if IM is tunneled in WebMSN/Mail/HTTP/…?WebProxyWhat if IM behaves like Web Proxy?
21Step 0. No Modification of Networks IM in port-80, proxy, socks4/5 can still be managedEven in wireless/dhcp env, still can be managed by ADManagementServerDHCPServerFirewall/RouterProxyISswitchADServerswitch
223-Tier Architecture Friendly user interfaces Powerful reporting and alertsPlug & play installation without modifying network arch.
40Accounting & Auditing Anyone who is auditing others should have themselveswell-audited so as to assistcustomers to be compliant tovarious regulations.
41Manufacturing Confidential information should be kept as private as possible. InstantScan isable to detect varieties of tunneledsoftware which may cause a lot ofsecurity holes for information leakage.
42Semiconductor Confidential design sheet is the core technology of IC design and must be keptas private as possible. Anyone who useIM to transfer confidential files can becaught with strong evidence.
43IC Design Confidential design sheet is the core technology of IC design and must be keptas private as possible. Anyone who useIM to transfer confidential files can becaught with strong evidence.
44Banking & Stocks With a heavy usage of IM across the stock transactions, they do need a tool to log andrecord what the customers have issued tothe brokers, and what the brokers havespoken to the internal dealers.
45Photodiode Confidential design sheet is the core technology of Photodiode and must bekept as private as possible. Anyone whouse IM to transfer confidential files can becaught with strong evidence.
46Electronics Confidential price book is the core value of us to sale the chips and must bekept as private as possible. Anyone whouse IM to transfer confidential files can becaught with strong evidence.
47Media Confidential news are invaluable if they are kept in secret. However, journalists communicate largely with IM so theycan share the resources. What is worse, internal staffsmay also use IM to tell other staffs in other companies.However, IM is extremely convenient for communicationsamong internal staffs. We need L7 to control them.
48Spin-off from the D-Link corporation, Alpha continued to sue VIA Technology for the stolen confidential designs. Inthe mean time, Alpha Networks put 4 InstantScan boxesat the outbound links to control the use of IM so as togather the information of IM usage.As the largest multi-level company in the world, Amwaycontinued to make itself conform to the toughestregulations in order to keep its electrical communicationsas secure as possible, just like what it had done to weband s.
49Confidential patents are invaluable if they are kept in secret. Biochemistry has become the most emergentIndustry that can boost revenue in the century. Just likewhat health-care industry has emphasized, the data of thepatient or people under experiments is extremelyproprietary and never be leaked to anyone else. L7’sInstantScan helps to control the usage of IM.
50Benefits for Deploying InstantScan DiscoverySee who is actually using the network for what, especially in multi-culture environments which mix a huge number of applications.L7 Firewall: IM / P2P / Tunnel / Streaming / VoIP / File-Transfer / …Effective control the applications in your networks, either blocking or shapingContent Manager: IM & WebSelectively log/record employees' activities and contents for regulations and compliance.Actively control the activities/contents instead of just logging/recording to prevent confidential information leakage while improving productivity.Report & Analysislog and archive for potential legal discovery needs or other purposesIndication of employees' policy violations or productivity.
531. L7 support what applications? Check Appendix II or L7 Web Portal
542. Target customers and competitors IS-5000Actively mgmt. + auditingCompetitor: Facetime/Akonix/ImLogicInstallation: WinFunction: EvenPrice: win (no need to have 2 devices)IS-1000IS-100UTM-oriented market. Need passive sniffing instead of active management. So L7 integrates IS+IB+IQ to penetrate this marketIS-50IS-10Competitor BlueCoat has dominated the proxy market by huge number of deployed proxies. Emphasize L7’s IM/P2P advantage while unneeded to change their proxy architecturePassive auditingTiny(<30)Small(<70)Medium(< 150)Large(<1000)Huge(<3000 people)
72NBL Test Report (2005/2/23) Test item 3.1: IM to be managed Facetime AkonixL7 NetworksAbocomMSN○AOLQQ╳ICQYahooSkype
73NBL Test Report (2005/2/23) Test item 3.1.1: MSN Management Facetime AkonixL7 NetworksAbocomMessageOKN/AFile transferFPVoiceFNImageGameFP: False positive, FN: False negative, N/A: Not available
74NBL Test Report (2005/2/23) Test item 3.1.2: Yahoo! Management FacetimeAkonixL7 NetworksAbocomMessageOKN/AFile transferVoiceFPImageGameFP: False positive, FN: False negative, N/A: Not available
75NBL Test Report (2005/2/23) Test item 3.1.3: QQ Management Facetime AkonixL7 NetworksAbocomMessageN/AFile transferVoiceImageGameFP: False positive, FN: False negative, N/A: Not available
76NBL Test Report (2005/2/23) Test item 3.1.4: ICQ Management Facetime AkonixL7 NetworksAbocomMessageOKN/AFile transferFPVoiceFNImageGameFP: False positive, FN: False negative, N/A: Not available
77NBL Test Report (2005/2/23) Test item 3.1.5: AOL Management Facetime AkonixL7 NetworksAbocomMessageOKN/AFile transferFPVoiceImageGameFNFP: False positive, FN: False negative, N/A: Not available
78NBL Test Report (2005/2/23) Test item 3.1: Action to be taken Facetime AkonixL7 NetworksAbocomBlocking○Filtering╳InterveningRecordingBandwidth ControlVirus DetectionVirus scanning is supported in advanced version
79NBL Test Report (2005/2/23) Test item 3.1: Object to be managed FacetimeAkonixL7 NetworksAbocomIP address╳○IM user account
81Patent-1: PostACK TCP BW. Mgmt.(1) Contributed to IEEEIEEE Transactions on Computers, Vol.53, No.3, March 2004: Assessing and Improving TCP Rate Shaping over Enterprise EdgesIEEE Communications Surveys and Tutorials, Vol.5, No.2, 2003: A Measurement-Based Survey and Evaluation of Bandwidth Management SystemsIEEE Global Telecommunications Conference 2004 (IEEE Globecom 2004), Dallas, Texas USA, Nov. 2004: On Shaping TCP Traffic at Edge GatewaysIEEE Symposium on Computers and Communications (IEEE ISCC 2003), Kemer - Antalya, Turkey, Jun. 2003: Co-DRR: An Integrated Uplink and Downlink Scheduler for Bandwidth Management over Wireless LANs
83Patent-2: SoftASIC® Classification ……..Yahoo app. patternAOL app. patternMSN app. patternBT app. pattern………Step 1. Reassemblypattern matchingStep 3. Cut-ThrForwardingStep 2. Match!!At most first 10 pkts can judge if this HTTP is BT(average case: first 3 pkts can finish the process)
84Patent-3: Multi-Stage Inspection(1) HTTP….Tunneled IM cannot be managedSpam Wallcannot be managedVirus WallIM Proxy data pathInline-IDPFirewall/VPNContent Mgmt.IMProxyWebProxy