Product Id: 26781276
Description: Trend Micro Deep Discovery Inspector (Virtual Appliance, 1000 Mbps model) - License - 1 user
Mfr Part #: DDNN0010
To address the limitations of packet-filtering, application proxy, and stateful inspection, a technology known as Deep Packet Inspection (DPI) was developed. DPI operates at L3-7 of the OSI model. DPI engines parse the entire IP packet, and make forwarding decisions by means of a rule-based logic that is based upon signature or regular expression matching. That is, they compare the data within a packet payload to a database of predefined attack signatures. Additionally, statistical or historical algorithms may supplement static pattern matching.
Analysis of packet headers can be done economically since the locations of packet header fields are restricted by protocol standards. However, the payload contents are, for the most part, unconstrained. Therefore, searching through the payload for multiple string patterns within the datastream is a computationally expensive task. The requirement that these searches be performed at wirespeed adds to the cost. Additionally, because the signature database is dynamic, it must be easily updateable.
DPI technology can be effective against buffer overflow attacks, denial of service (Dos) attacks, sophisticated intrusions, and a small percentage of worms that fit within a single packet.
Deep Packet Inspection promises to enhance firewall capabilities by adding the ability to analyze and filter SOAP and other XML messages, dynamically open and close ports for VoIP application traffic, perform in-line AV and spam screening, dynamically proxy IM traffic, eliminate the bevy of attacks against NetBIOS-based services, traffic-shape or do away with the many flavors of P2P traffic, and perform SSL session inspection.
Deep Packet Inspection essentially collapses Intrusion Detection (IDS) functionality into the firewall appliance so that both a firewall and an in-line IDS are implemented on the same device.
The Deep Security Firewall software module is enterprise grade, bidirectional, and stateful. It can be used to enable communications over ports and protocols necessary for correct server operation and to block all other ports and protocols, reducing the risk of unauthorized access to the server.
- Virtual machine isolation
- Fine-grained filtering
- Coverage of all IP-based protocols
- Reconnaissance detection
- Flexible control
- Predefined firewall profiles
- Actionable reporting
- Threat detection engines
An array of specialized detection engines and correlation rules focus on finding malware, C&C, and attacker activities across virtually all network traffic - beyond standard HTTP and SMTP. The Smart Protection Network and dedicated threat researchers continuously update these engines and rules.
- Custom sandbox analysis
Custom sandbox analysis - using virtual environments that precisely match your system configurations - further analyzes suspect files and Web content. Custom sandboxing accurately detects the threats that target your organization, thwarts evasion techniques, and excludes irrelevant malware detections.
- Watch list
A special display provides risk-focused monitoring of high-severity threats and high-value assets. Designated systems can be specifically tracked for suspicious activities and events, and for detailed analysis.