Any first-level approach to network protection usually involves website blacklisting and role-based access management. Alone, however, these are not sufficient for providing the best protection to a network. Phishing attacks, keyloggers and targeted drive-by exploit kits create constant challenges in policy enforcement.
Before the shift towards the cloud, a network could be secured by placing a firewall at its entry point. Now, blurry network boundaries require additional protection points both at the network edge and on every endpoint for a pro-active approach to security. In addition to that, the increasing number of devices connecting to a network with BYOD and the propensity of some devices to be easily infected makes policy enforcement a continually evolving issue, particularly considering the widespread use of encryption and obfuscation techniques.
Security equipment and software vendors can use deep packet inspection (DPI) and advanced metadata extraction as provided by R&S®PACE 2 in the applications listed in the table below to create leading-edge products that include:
- Exfiltration of possible threats such as email attachments, URLs, filenames and other types of suspicious payload
- Reliable classification of security-critical applications that actively hide and obfuscate their traffic such as anonymizers, VPNs, Tor and peer-to-peer clients (e.g. Bittorrent)
- Investigation of encryption quality and parameters by providing detailed metrics such as SSL ciphers, sessions, and certificates used
Typical R&S®PACE 2 applications
- Next-generation network & web application firewalls
- Endpoint protection solutions
- UTM solutions
- 3GPP policy enforcement function (PCEF)
- Web & email filters (gateways)
- Anti-virus software