Part-I Market Demands Catching the Internal Thieves
network performance killer killer employee productivity killer What are your employees doing at work? Outlook for emails Internet Explorer for web sites MSN for chats Communicating for work? Speak to lovers first! Looking for info for work? Check out stock price first! BT, ED2K, Xunlei Download a movie back home for fun!!
Solutions Network Performance Layer-7 Visibility Employee Productivity Internal Security built-in backend reports for 3-level analysis: (1) index for productivity, performance, security; (2) dashboards for summary; (3) detailed reports for inspection limit P2P / P2SP traffic and guarantee mission critical traffic such as ERP, VoIP, Web traffic manage / filter / record / audit employees IM & Web behaviors and contents to increase their productivity understand the real applications running by your employees highspeed UTM hardware platform with intelligent 3- tier arch. for performance, availability, and reports prevent internal network users from virus/worm or information leakage by P2P / tunnel software, spyware, WebMail, WebIM, etc.
Painless Installation? Firewall/VPN Inline-IDP Virus Wall Spam Wall Content Mgmt. What if IM behaves like Web Proxy? WebSense / BlueCoat / FaceTime / IM Logic / Akonix require to setup every client to connect to the IM Proxy IM Proxy Web Proxy What if IM is tunneled in WebMSN/Mail /HTTP/…? IM Proxy data path IM@HTTP cannot be managed Tunneled IM cannot be managed Check website for comparison
DHCP Server Step 0. No Modification of Networks switch Management Server switch Firewall/Router Proxy IM in port-80, proxy, socks4/5 can still be managed AD Server IS Even in wireless/dhcp env, still can be managed by AD
3-Tier Architecture Powerful reporting and alerts Plug & play installation without modifying network arch. Friendly user interfaces
20 Mbps 10 Mbps 35 Mbps Step.1 Discovery MSN file transfer Anti-Virus File Recording Keyword block IM Game IM Chat IM Streaming P2P Bandwidth Mgmt. Chat Recording Step.2 Normalization Step.3 Behavior Mgmt. Step.4 Content Mgmt. Step.5 Report Analysis Interactive Behavior Mgmt. Deep Content Inspection Layer-7 to Layer-4 Normalization Real-time Learning Offline Report / Analysis 5-Step Content Management
Step 1. Discovery (App. View) Watch applications sessions and highlight tunneled IM sessions
Step 2. Setup L7 Policy Scheduled updates to Application Patterns to manage application usage by defined time schedules
Step 3.1 Setup IM Policy for Individuals IM management for individuals by (1) specific IM accounts, (2) learning, (3) registration, (4) AD name, (5) AD group
Step 3.2 Setup IM Behavior Mgmt. Define permission levels to facilitate individual IM policy deployment
Step 3.3 Setup IM Peers Limit the peer for chat by individuals or groups
Step 3.4 Self-Defined Policy Violation Warning Messages Multi-language support for all languages
Step 3.4 Setup Bandwidth Pipes Divide outbound bandwidth pipes by mouse drags Divide inbound bandwidth pipes by mouse drags
Step 4.1 Setup IM Chat Content Management Right click to define your own chatting keywords / groups
Step 4.2 Setup IM File Transfer Content Management Right click to define your own filename keywords/groups
Step 4.3 Setup IM File Transfer Anti-Virus Anyone who is infected with virus will be notified the name of the virus
Step 5.1 Multi-level Auditing Levels 3-levels: admin/mis/audit to separate operating and auditing parties
Accounting & Auditing Anyone who is auditing others should have themselves well-audited so as to assist customers to be compliant to various regulations.
Manufacturing Confidential information should be kept as private as possible. InstantScan is able to detect varieties of tunneled software which may cause a lot of security holes for information leakage.
Semiconductor Confidential design sheet is the core technology of IC design and must be kept as private as possible. Anyone who use IM to transfer confidential files can be caught with strong evidence.
IC Design Confidential design sheet is the core technology of IC design and must be kept as private as possible. Anyone who use IM to transfer confidential files can be caught with strong evidence.
Banking & Stocks With a heavy usage of IM across the stock transactions, they do need a tool to log and record what the customers have issued to the brokers, and what the brokers have spoken to the internal dealers.
Photodiode Confidential design sheet is the core technology of Photodiode and must be kept as private as possible. Anyone who use IM to transfer confidential files can be caught with strong evidence.
Electronics Confidential price book is the core value of us to sale the chips and must be kept as private as possible. Anyone who use IM to transfer confidential files can be caught with strong evidence.
Media Confidential news are invaluable if they are kept in secret. However, journalists communicate largely with IM so they can share the resources. What is worse, internal staffs may also use IM to tell other staffs in other companies. However, IM is extremely convenient for communications among internal staffs. We need L7 to control them.
Spin-off from the D-Link corporation, Alpha continued to sue VIA Technology for the stolen confidential designs. In the mean time, Alpha Networks put 4 InstantScan boxes at the outbound links to control the use of IM so as to gather the information of IM usage. As the largest multi-level company in the world, Amway continued to make itself conform to the toughest regulations in order to keep its electrical communications as secure as possible, just like what it had done to web and emails.
Confidential patents are invaluable if they are kept in secret. Biochemistry has become the most emergent Industry that can boost revenue in the century. Just like what health-care industry has emphasized, the data of the patient or people under experiments is extremely proprietary and never be leaked to anyone else. L7s InstantScan helps to control the usage of IM.
Benefits for Deploying InstantScan Discovery –See who is actually using the network for what, especially in multi- culture environments which mix a huge number of applications. L7 Firewall: IM / P2P / Tunnel / Streaming / VoIP / File-Transfer / … –Effective control the applications in your networks, either blocking or shaping Content Manager: IM & Web –Selectively log/record employees' activities and contents for regulations and compliance. –Actively control the activities/contents instead of just logging/recording to prevent confidential information leakage while improving productivity. Report & Analysis –log and archive for potential legal discovery needs or other purposes –Indication of employees' policy violations or productivity.
1. L7 support what applications? Check Appendix II or L7 Web Portal
Large (<1000) Huge (<3000 people) Tiny (<30) Medium (< 150) Small (<70) 2. Target customers and competitors Actively mgmt. + auditing Passive auditing IS-100 IS-1000 IS-5000 Competitor: Facetime/Akonix/ImLogic Installation: Win Function: Even Price: win (no need to have 2 devices) Competitor BlueCoat has dominated the proxy market by huge number of deployed proxies. Emphasize L7s IM/P2P advantage while unneeded to change their proxy architecture IS-10 IS-50 UTM-oriented market. Need passive sniffing instead of active management. So L7 integrates IS+IB+IQ to penetrate this market
NBL Test Report (2005/2/23) Test item 3.1: IM to be managed FacetimeAkonixL7 NetworksAbocom MSN AOL QQ ICQ Yahoo Skype
NBL Test Report (2005/2/23) Test item 3.1.1: MSN Management FacetimeAkonixL7 NetworksAbocom MessageOK N/A File transferOKFPOKN/A VoiceOK FNOKN/A ImageFPOK N/A GameFPOK N/A FP: False positive, FN: False negative, N/A: Not available
NBL Test Report (2005/2/23) Test item 3.1.2: Yahoo! Management FacetimeAkonixL7 NetworksAbocom MessageOK N/A File transferOK N/A VoiceFP OKN/A ImageOK N/A GameFP OKN/A FP: False positive, FN: False negative, N/A: Not available
NBL Test Report (2005/2/23) Test item 3.1.3: QQ Management FacetimeAkonixL7 NetworksAbocom MessageN/A File transferN/A VoiceN/A ImageN/A GameN/A FP: False positive, FN: False negative, N/A: Not available
NBL Test Report (2005/2/23) Test item 3.1.4: ICQ Management FacetimeAkonixL7 NetworksAbocom MessageOK N/A File transferFP OKN/A VoiceOKFNOKN/A ImageOKFNOKN/A GameOKFNOKN/A FP: False positive, FN: False negative, N/A: Not available
NBL Test Report (2005/2/23) Test item 3.1.5: AOL Management FacetimeAkonixL7 NetworksAbocom MessageOK N/A File transferFPOK N/A VoiceOKFPOKN/A ImageOK N/A GameOKFNOKN/A FP: False positive, FN: False negative, N/A: Not available
NBL Test Report (2005/2/23) Test item 3.1: Action to be taken FacetimeAkonixL7 NetworksAbocom Blocking Filtering Intervening Recording Bandwidth Control Virus Detection Virus scanning is supported in advanced version
NBL Test Report (2005/2/23) Test item 3.1: Object to be managed FacetimeAkonixL7 NetworksAbocom IP address IM user account
Patent-1: PostACK TCP BW. Mgmt.(1) Contributed to IEEE –IEEE Transactions on Computers, Vol.53, No.3, March 2004: Assessing and Improving TCP Rate Shaping over Enterprise Edges Assessing and Improving TCP Rate Shaping over Enterprise Edges –IEEE Communications Surveys and Tutorials, Vol.5, No.2, 2003: A Measurement-Based Survey and Evaluation of Bandwidth Management SystemsA Measurement-Based Survey and Evaluation of Bandwidth Management Systems –IEEE Global Telecommunications Conference 2004 (IEEE Globecom 2004), Dallas, Texas USA, Nov. 2004: On Shaping TCP Traffic at Edge Gateways –IEEE Symposium on Computers and Communications (IEEE ISCC 2003), Kemer - Antalya, Turkey, Jun. 2003: Co-DRR: An Integrated Uplink and Downlink Scheduler for Bandwidth Management over Wireless LANs
Patent-1: PostACK TCP BW. Mgmt.(2) Packeteer –TCP Rate Control Window sizing L7 –PostACK Delaying the reverse ACK
P2P/BT@HTTP Step 3. Cut-Thr Forwarding Patent-2: SoftASIC ® Classification …….. Yahoo app. pattern AOL app. pattern MSN app. pattern BT app. pattern ……… Step 1. Reassembly pattern matching Step 2. Match!! At most first 10 pkts can judge if this HTTP is BT (average case: first 3 pkts can finish the process)
Patent-3: Multi-Stage Inspection(1) Firewall/VPN Inline-IDP Virus Wall Spam Wall Content Mgmt. IM Proxy Web Proxy Standard@Any HTTP Proxy@HTTP@Any Socks4@Any Socks5@Any …. IM Proxy data path IM@HTTP cannot be managed Tunneled IM cannot be managed