Protection from malware needs to be enforced both within and outside the network simultaneously through realtime, on-access scans. This provides immediate protection against attacks from various types of malware, including rogue software such as: remote access Trojans (RATs), keyloggers, worms, backdoors, rootkits, viruses, potentially unwanted programs (PUPs), existing concealed malware (such as file-less infections) and any other malicious code.
As cyberthreats keep evolving to bypass scan measures, multilayered monitoring and packet analysis will play an even more important role in understanding the activities on a network or system. Our traffic analytics solution consisting of the reporting tool R&S®NetReporter and the R&S®NetSensor passive IP probe can be used for threat identification. It allows the user to deeply investigate the network behavior of both users and applications in order to find anomalies and identify malicious activities and possible threats.
Deep packet inspection (DPI) and advanced metadata extraction as provided by R&S®PACE 2 can be used by security equipment and software vendors in the applications listed in the table below to create leading-edge products that include:
- Preventing malware from infecting the network through exfiltration of possible threats such as email attachments, URLs, filenames and other types of suspicious payloads
- Network behavior anomaly detection (NBAD) through network and user behavior analysis for identification of malicious network activity
- Reliable classification of security-critical applications that actively hide and obfuscate their traffic such as anonymizers, VPN, Tor and peer-to-peer clients (e.g. Bittorrent)
Typical R&S®PACE 2 applications
- Next-generation network & web application firewalls
- Endpoint protection solutions
- UTM solutions
- 3GPP policy enforcement function (PCEF)
- Web & email filters (gateways)
- Anti-virus software
- SIEM systems