Policy Enforcement

Fine-grained policy enforcement through embedded DPI

Any first-level approach to network protection usually involves website blacklisting and role-based access management. Alone, however, these are not sufficient for providing the best protection to a network. Phishing attacks, keyloggers and targeted drive-by exploit kits create constant challenges in policy enforcement.

Before the shift towards the cloud, a network could be secured by placing a firewall at its entry point. Now, blurry network boundaries require additional protection points both at the network edge and on every endpoint for a pro-active approach to security. In addition to that, the increasing number of devices connecting to a network with BYOD and the propensity of some devices to be easily infected makes policy enforcement a continually evolving issue, particularly considering the widespread use of encryption and obfuscation techniques.

    Image - Solution - Policy Enforcement

    Security equipment and software vendors can use deep packet inspection (DPI) and advanced metadata extraction as provided by R&S®PACE 2 in the applications listed in the table below to create leading-edge products that include:

    • Exfiltration of possible threats such as email attachments, URLs, filenames and other types of suspicious payload
    • Reliable classification of security-critical applications that actively hide and obfuscate their traffic such as anonymizers, VPNs, Tor and peer-to-peer clients (e.g. Bittorrent)
    • Investigation of encryption quality and parameters by providing detailed metrics such as SSL ciphers, sessions, and certificates used

    Typical R&S®PACE 2 applications

    • Next-generation network & web application firewalls
    • Endpoint protection solutions
    • UTM solutions
    • 3GPP policy enforcement function (PCEF)
    • Web & email filters (gateways)
    • Anti-virus software