Presentation is loading. Please wait.

Presentation is loading. Please wait.

InstantScan Content Manager L7 Networks L7 Networks Inc.

Similar presentations


Presentation on theme: "InstantScan Content Manager L7 Networks L7 Networks Inc."— Presentation transcript:

1

2 InstantScan Content Manager L7 Networks L7 Networks Inc.

3 Agenda Company Profile L7 Missions L7 Investors Layer-7 Content Manager Part-I Market Demand Part-II Solutions Part-III Successful Cases Appendix-I Layer-7 App. Appendix-II Product Spec. Appendix-III Patents

4 Missions: Internal Network Security Internal Threats External Threats InstantLock Co-Defender Defending Internal Attacks: Isolate virus-infected PCs InstantBlock Application Firewall Preventing External Attacks/Thieves: Unified threat management InstantQos Bandwidth Mgr. Shaping Internal Traffic: Manage P2P / streaming / VoIP / … by layer-7 in-depth classification InstantScan Content Mgr. Catching Internal Thieves: Employee internet content / behavior management

5 L7 Investors

6 InstantScan Content Manager L7 Networks Inc.

7 Part-I Market Demands Catching the Internal Thieves

8 network performance killer killer employee productivity killer What are your employees doing at work? Outlook for s Internet Explorer for web sites MSN for chats Communicating for work? Speak to lovers first! Looking for info for work? Check out stock price first! BT, ED2K, Xunlei Download a movie back home for fun!!

9 Survey & Studies Heavy Usage –Gartner: >30% enterprise, <1% control (2005) –Radicati Group: >80% enterprise (2008) Security Theats –WORM_KELVIR.A –WORM_FATSO.A –…

10 1. Employees with low productivity

11 2. Information Leakage or Virus Price Book

12 3. Bandwidth stealers for downloads P2P downloads Illegal music Illegal movies …… Bandwidth inadequate for HTTP ERP ……

13 Plug & Play Content Manager (stealth mode) switch L7 Firewall 2005/03/25: NBL Editors Choice Beat Facetime, Akonix 2005/12/01: National Innovation Awards

14 20 Mbps 10 Mbps 35 Mbps Step.1 Discovery MSN file transfer Anti-Virus File Recording Keyword block IM Game IM Chat IM Streaming P2P Bandwidth Mgmt. Chat Recording Step.2 Normalization Step.3 Behavior Mgmt. Step.4 Content Mgmt. Step.5 Report Analysis Interactive Behavior Mgmt. Deep Content Inspection Layer-7 to Layer-4 Normalization Real-time Learning Offline Report / Analysis 5-Step Content Management

15 1. Employees with low productivity Instantly respond to employees in Chat windows even IS doesnt have an IP address

16 2. Information Leakage or Virus Price Book Instant Warning

17 3. Bandwidth stealers for downloads After installing InstantScan P2P downloads Illegal music Illegal movies …… Mission critical app. HTTP ERP ……

18 Part-II Solutions

19 Solutions Network Performance Layer-7 Visibility Employee Productivity Internal Security built-in backend reports for 3-level analysis: (1) index for productivity, performance, security; (2) dashboards for summary; (3) detailed reports for inspection limit P2P / P2SP traffic and guarantee mission critical traffic such as ERP, VoIP, Web traffic manage / filter / record / audit employees IM & Web behaviors and contents to increase their productivity understand the real applications running by your employees highspeed UTM hardware platform with intelligent 3- tier arch. for performance, availability, and reports prevent internal network users from virus/worm or information leakage by P2P / tunnel software, spyware, WebMail, WebIM, etc.

20 Painless Installation? Firewall/VPN Inline-IDP Virus Wall Spam Wall Content Mgmt. What if IM behaves like Web Proxy? WebSense / BlueCoat / FaceTime / IM Logic / Akonix require to setup every client to connect to the IM Proxy IM Proxy Web Proxy What if IM is tunneled in WebMSN/Mail /HTTP/…? IM Proxy data path cannot be managed Tunneled IM cannot be managed Check website for comparison

21 DHCP Server Step 0. No Modification of Networks switch Management Server switch Firewall/Router Proxy IM in port-80, proxy, socks4/5 can still be managed AD Server IS Even in wireless/dhcp env, still can be managed by AD

22 3-Tier Architecture Powerful reporting and alerts Plug & play installation without modifying network arch. Friendly user interfaces

23 20 Mbps 10 Mbps 35 Mbps Step.1 Discovery MSN file transfer Anti-Virus File Recording Keyword block IM Game IM Chat IM Streaming P2P Bandwidth Mgmt. Chat Recording Step.2 Normalization Step.3 Behavior Mgmt. Step.4 Content Mgmt. Step.5 Report Analysis Interactive Behavior Mgmt. Deep Content Inspection Layer-7 to Layer-4 Normalization Real-time Learning Offline Report / Analysis 5-Step Content Management

24 Step 1. Discovery (App. View) Watch applications sessions and highlight tunneled IM sessions

25 Step 2. Setup L7 Policy Scheduled updates to Application Patterns to manage application usage by defined time schedules

26 Step 3.1 Setup IM Policy for Individuals IM management for individuals by (1) specific IM accounts, (2) learning, (3) registration, (4) AD name, (5) AD group

27 Step 3.2 Setup IM Behavior Mgmt. Define permission levels to facilitate individual IM policy deployment

28 Step 3.3 Setup IM Peers Limit the peer for chat by individuals or groups

29 Step 3.4 Self-Defined Policy Violation Warning Messages Multi-language support for all languages

30 Step 3.4 Setup Bandwidth Pipes Divide outbound bandwidth pipes by mouse drags Divide inbound bandwidth pipes by mouse drags

31 Step 4.1 Setup IM Chat Content Management Right click to define your own chatting keywords / groups

32 Step 4.2 Setup IM File Transfer Content Management Right click to define your own filename keywords/groups

33 Step 4.3 Setup IM File Transfer Anti-Virus Anyone who is infected with virus will be notified the name of the virus

34 Step 5.1 Multi-level Auditing Levels 3-levels: admin/mis/audit to separate operating and auditing parties

35 Step 5.2 Ranking by app. usage

36 Step 5.3 Ranking by traffic volume

37 Step 5.4 Scheduled Reports in HTML/PDF/XLS Formats

38

39 Part-III Successful Cases

40 Accounting & Auditing Anyone who is auditing others should have themselves well-audited so as to assist customers to be compliant to various regulations.

41 Manufacturing Confidential information should be kept as private as possible. InstantScan is able to detect varieties of tunneled software which may cause a lot of security holes for information leakage.

42 Semiconductor Confidential design sheet is the core technology of IC design and must be kept as private as possible. Anyone who use IM to transfer confidential files can be caught with strong evidence.

43 IC Design Confidential design sheet is the core technology of IC design and must be kept as private as possible. Anyone who use IM to transfer confidential files can be caught with strong evidence.

44 Banking & Stocks With a heavy usage of IM across the stock transactions, they do need a tool to log and record what the customers have issued to the brokers, and what the brokers have spoken to the internal dealers.

45 Photodiode Confidential design sheet is the core technology of Photodiode and must be kept as private as possible. Anyone who use IM to transfer confidential files can be caught with strong evidence.

46 Electronics Confidential price book is the core value of us to sale the chips and must be kept as private as possible. Anyone who use IM to transfer confidential files can be caught with strong evidence.

47 Media Confidential news are invaluable if they are kept in secret. However, journalists communicate largely with IM so they can share the resources. What is worse, internal staffs may also use IM to tell other staffs in other companies. However, IM is extremely convenient for communications among internal staffs. We need L7 to control them.

48 Spin-off from the D-Link corporation, Alpha continued to sue VIA Technology for the stolen confidential designs. In the mean time, Alpha Networks put 4 InstantScan boxes at the outbound links to control the use of IM so as to gather the information of IM usage. As the largest multi-level company in the world, Amway continued to make itself conform to the toughest regulations in order to keep its electrical communications as secure as possible, just like what it had done to web and s.

49 Confidential patents are invaluable if they are kept in secret. Biochemistry has become the most emergent Industry that can boost revenue in the century. Just like what health-care industry has emphasized, the data of the patient or people under experiments is extremely proprietary and never be leaked to anyone else. L7s InstantScan helps to control the usage of IM.

50 Benefits for Deploying InstantScan Discovery –See who is actually using the network for what, especially in multi- culture environments which mix a huge number of applications. L7 Firewall: IM / P2P / Tunnel / Streaming / VoIP / File-Transfer / … –Effective control the applications in your networks, either blocking or shaping Content Manager: IM & Web –Selectively log/record employees' activities and contents for regulations and compliance. –Actively control the activities/contents instead of just logging/recording to prevent confidential information leakage while improving productivity. Report & Analysis –log and archive for potential legal discovery needs or other purposes –Indication of employees' policy violations or productivity.

51 Layer-7 Content Manager

52 Appendix-I FAQ

53 1. L7 support what applications? Check Appendix II or L7 Web Portal

54 Large (<1000) Huge (<3000 people) Tiny (<30) Medium (< 150) Small (<70) 2. Target customers and competitors Actively mgmt. + auditing Passive auditing IS-100 IS-1000 IS-5000 Competitor: Facetime/Akonix/ImLogic Installation: Win Function: Even Price: win (no need to have 2 devices) Competitor BlueCoat has dominated the proxy market by huge number of deployed proxies. Emphasize L7s IM/P2P advantage while unneeded to change their proxy architecture IS-10 IS-50 UTM-oriented market. Need passive sniffing instead of active management. So L7 integrates IS+IB+IQ to penetrate this market

55 Appendix-II L7 Applications

56 20 Mbps 10 Mbps 35 Mbps Step.1 Monitor MSN file transfer Anti-Virus File Recording Keyword block IM Game IM Chat IM Streaming P2P Bandwidth Mgmt. Chat Recording Step.2 Normalization Step.3 Behavior Mgmt. Step.4 Content Mgmt. Step.5 Report Analysis Interactive Behavior Mgmt. Deep Content Inspection Layer-7 to Layer-4 Normalization Real-time Learning Offline Report / Analysis Normalization: Step 1~Step 2

57 General Applications No mater which port they use –HTTP –SMTP –POP3 –IMAP –FTP

58 Instant Messenger (IM) MSN: 6.2, 7.0, 7.5, 8.0 beta, Windows Live Messenger 8.0 Yahoo Messenger: 5.5, 6.0, 7.0, 8.0 beta, 8.0 ICQ: 2003pro, 4.14lite, 5.0 AIM: 5.9 QQ: –YamQQ-2003II, QQ-2003II, QQ-2003III, YamQQ-2004III, QQ-2004 formal edition, –YamQQ 2005 Formal Edition, QQ 2005 Beta2, –QQ 2005 Simplified Chinese Formal edition (include v4.0 Formal Edition) –qqfile: QQ2006Beta2, qqshare: QQ2006Beta2 Miranda: v0.4 Gaim: v1.30 Trillian: Basic 3.0 Google talk beta Webim: include web-msn, web-aol, web-yahoo, web-icq –http://www.e-messenger.net/, –http://start.e-messenger.net/, –http://www.iloveim.com/, –http://webmessenger.msn.com/, –http://www.ebuddy.comhttp://www.ebuddy.com

59 Peer-to-Peer (P2P) Bittorrent: –BitComet 0.54 / 0.6 / 0.67, Bitspirit 2.7, Mxie , utorrent 1.5, azureus 2.4 Kuro: m6, Edonkey: –Emule 0.42b/0.44d/0.45b, edonkey2000 V1.0, Overnet tested-version, utorrent v1.5, azureus v2.4 ezPeer+ v1.0beta Directconnect: directconnect 2.205, dc OpenFT: crazaa v3.55, Kceasy v0.14 Pigo: pigo v3.1, 100bao v1.2.0a Kugoo: v2.03, v2.055, v3.10 Ares: 1.04 poco: –poco 2005 –pp point (pp ) v2006 Fasttrack: –kazaa 2.7 / 3.0 / 3.2 –grokster 2.6/2.6.5 –iMesh 4.5 build 151 / 5.20 / 6.5 Gnutella: –ezpeer: 1999A6, 1999A10, BearShare Pro 4.6.2, Shareaza , Morpheus 4.6.1/ –Gnucleus 1.55, , Mxie , Foxy 1.8.6

60 Voice Over IP (VoIP) Skype: –1.0, 1.1, 1.2, 1.3, 1.4, 2.0, 2.5beta, SkypeOut: –1.4, 2.0 SIP: –TelTel , Wagaly TelTel 0.8.4, MSN Voice 7.5, Yahoo Voice 7.0 H323: –NetMeeting: 3.01

61 Tunnel Ware hopster: Release 17 Httptunnel: v3.2, 3.4 Realtunnel: v0.9.9, VNN: 2.1, 3.0 Softether: 1.0, 2.0 Tor: v X, v JAP YourFreedom

62 Remote Access Windows remote desktop VNC (Virtual Network Computing) –vnc, Ultra VNC 1.0.1, Win v3.3.7 Symantec pcAnywhere 10.5 / 11 NetOP Remote Control v9.00 Remote Administrator 2.2

63 Streaming RTSP: –http://www.haody99.com/, MediaPlayer 10.0, RealPlayer 10.5http://www.haody99.com/ –QuickTime 6.5, 7.0, KKBox: v1.0, v2.0, v2.2, RealOne 1.0, 2.0 –MMS(Multimedia Messaging Service), –Yahoo music (http://music.yahoo.com/, - Shoutcast: –winamp / 5.24 –JetAudio 6.2 –Icecast 2.3 Live365: Radio build17 Google Video(http://video.google.com/) AOL Radio(http://music.aol.com/radioguide/bb.adp) iTunes 6.0 TVAnts 1.0 PeerCast Napster (www.napster.com) qqtv (qq ; tv.qq.com) 3.2 ppstream 1.0 Webs-tv (http://www.webs-tv.net)

64 Appendix-III Product Comparison

65 L7 vs. Facetime vs. Akonix vs. IM Logic

66 Facetime s Solution Require clients to assign proxy to IM Auditor What if not set the proxy? Limited solution. Cannot control P2P bandwidth. Can block Skype

67 Akonix s Solution (I) Require clients to assign proxy to IM Auditor What if not set the proxy? Limited solution. Cannot control P2P bandwidth. Cannot manage Skype

68 Akonix s Solution (II) Limited solution. Cannot control P2P bandwidth. Cannot manage Skype Cannot manage MSN / Yahoo / AOL / ICQ over random ports

69 IMLogic s Solution

70 L7 Networks Solution

71 Award-winning test report

72 NBL Test Report (2005/2/23) Test item 3.1: IM to be managed FacetimeAkonixL7 NetworksAbocom MSN AOL QQ ICQ Yahoo Skype

73 NBL Test Report (2005/2/23) Test item 3.1.1: MSN Management FacetimeAkonixL7 NetworksAbocom MessageOK N/A File transferOKFPOKN/A VoiceOK FNOKN/A ImageFPOK N/A GameFPOK N/A FP: False positive, FN: False negative, N/A: Not available

74 NBL Test Report (2005/2/23) Test item 3.1.2: Yahoo! Management FacetimeAkonixL7 NetworksAbocom MessageOK N/A File transferOK N/A VoiceFP OKN/A ImageOK N/A GameFP OKN/A FP: False positive, FN: False negative, N/A: Not available

75 NBL Test Report (2005/2/23) Test item 3.1.3: QQ Management FacetimeAkonixL7 NetworksAbocom MessageN/A File transferN/A VoiceN/A ImageN/A GameN/A FP: False positive, FN: False negative, N/A: Not available

76 NBL Test Report (2005/2/23) Test item 3.1.4: ICQ Management FacetimeAkonixL7 NetworksAbocom MessageOK N/A File transferFP OKN/A VoiceOKFNOKN/A ImageOKFNOKN/A GameOKFNOKN/A FP: False positive, FN: False negative, N/A: Not available

77 NBL Test Report (2005/2/23) Test item 3.1.5: AOL Management FacetimeAkonixL7 NetworksAbocom MessageOK N/A File transferFPOK N/A VoiceOKFPOKN/A ImageOK N/A GameOKFNOKN/A FP: False positive, FN: False negative, N/A: Not available

78 NBL Test Report (2005/2/23) Test item 3.1: Action to be taken FacetimeAkonixL7 NetworksAbocom Blocking Filtering Intervening Recording Bandwidth Control Virus Detection Virus scanning is supported in advanced version

79 NBL Test Report (2005/2/23) Test item 3.1: Object to be managed FacetimeAkonixL7 NetworksAbocom IP address IM user account

80 Appendix-IV Patents

81 Patent-1: PostACK TCP BW. Mgmt.(1) Contributed to IEEE –IEEE Transactions on Computers, Vol.53, No.3, March 2004: Assessing and Improving TCP Rate Shaping over Enterprise Edges Assessing and Improving TCP Rate Shaping over Enterprise Edges –IEEE Communications Surveys and Tutorials, Vol.5, No.2, 2003: A Measurement-Based Survey and Evaluation of Bandwidth Management SystemsA Measurement-Based Survey and Evaluation of Bandwidth Management Systems –IEEE Global Telecommunications Conference 2004 (IEEE Globecom 2004), Dallas, Texas USA, Nov. 2004: On Shaping TCP Traffic at Edge Gateways –IEEE Symposium on Computers and Communications (IEEE ISCC 2003), Kemer - Antalya, Turkey, Jun. 2003: Co-DRR: An Integrated Uplink and Downlink Scheduler for Bandwidth Management over Wireless LANs

82 Patent-1: PostACK TCP BW. Mgmt.(2) Packeteer –TCP Rate Control Window sizing L7 –PostACK Delaying the reverse ACK

83 Step 3. Cut-Thr Forwarding Patent-2: SoftASIC ® Classification …….. Yahoo app. pattern AOL app. pattern MSN app. pattern BT app. pattern ……… Step 1. Reassembly pattern matching Step 2. Match!! At most first 10 pkts can judge if this HTTP is BT (average case: first 3 pkts can finish the process)

84 Patent-3: Multi-Stage Inspection(1) Firewall/VPN Inline-IDP Virus Wall Spam Wall Content Mgmt. IM Proxy Web Proxy HTTP …. IM Proxy data path cannot be managed Tunneled IM cannot be managed

85 Patent-3: Multi-Stage Inspection(2) …….. Yahoo app. pattern AOL app. pattern MSN app. pattern BT app. pattern ……… Step 1. Strip Headers (socks4/5) pattern matching Step 2. Match!! IM Content Mgmt. Engine Step 3. Redirect

86 Patent-4: Inline-Proxy Stack(2) Queue Inline-Proxy TCP Stack IM/Web Content Mgmt. Engine Emulate original IP/port while swapping sequence # Benefits: True inline plug & play proxy stack True inline plug & play proxy stack Stable user-space programming Stable user-space programming Easy for SMP parallel processing Easy for SMP parallel processing

87 Layer-7 Content Mgmt. Expert


Download ppt "InstantScan Content Manager L7 Networks L7 Networks Inc."

Similar presentations


Ads by Google