Trend Micro Deep Security Deep Packet Inspection & Firewall - license
Mfg # DXNM0079
CDW # 2617776
| UNSPSC 43233203
Software Details
- License + 1 Year Maintenance
- volume
- 1 server (physical machine or virtual machine)
- 51-250 licenses
Know your gear
To address the limitations of packet-filtering, application proxy, and stateful inspection, a technology known as Deep Packet Inspection (DPI) was developed. DPI operates at L3-7 of the OSI model. DPI engines parse the entire IP packet, and make forwarding decisions by means of a rule-based logic that is based upon signature or regular expression matching. That is, they compare the data within a packet payload to a database of predefined attack signatures. Additionally, statistical or historical algorithms may supplement static pattern matching.
Analysis of packet headers can be done economically since the locations of packet header fields are restricted by protocol standards. However, the payload contents are, for the most part, unconstrained. Therefore, searching through the payload for multiple string patterns within the datastream is a computationally expensive task. The requirement that these searches be performed at wirespeed adds to the cost. Additionally, because the signature database is dynamic, it must be easily updateable.
DPI technology can be effective against buffer overflow attacks, denial of service (Dos) attacks, sophisticated intrusions, and a small percentage of worms that fit within a single packet.
Deep Packet Inspection promises to enhance firewall capabilities by adding the ability to analyze and filter SOAP and other XML messages, dynamically open and close ports for VoIP application traffic, perform in-line AV and spam screening, dynamically proxy IM traffic, eliminate the bevy of attacks against NetBIOS-based services, traffic-shape or do away with the many flavors of P2P traffic, and perform SSL session inspection.
Deep Packet Inspection essentially collapses Intrusion Detection (IDS) functionality into the firewall appliance so that both a firewall and an in-line IDS are implemented on the same device.
The Deep Security Firewall software module is enterprise grade, bidirectional, and stateful. It can be used to enable communications over ports and protocols necessary for correct server operation and to block all other ports and protocols, reducing the risk of unauthorized access to the server.
Analysis of packet headers can be done economically since the locations of packet header fields are restricted by protocol standards. However, the payload contents are, for the most part, unconstrained. Therefore, searching through the payload for multiple string patterns within the datastream is a computationally expensive task. The requirement that these searches be performed at wirespeed adds to the cost. Additionally, because the signature database is dynamic, it must be easily updateable.
DPI technology can be effective against buffer overflow attacks, denial of service (Dos) attacks, sophisticated intrusions, and a small percentage of worms that fit within a single packet.
Deep Packet Inspection promises to enhance firewall capabilities by adding the ability to analyze and filter SOAP and other XML messages, dynamically open and close ports for VoIP application traffic, perform in-line AV and spam screening, dynamically proxy IM traffic, eliminate the bevy of attacks against NetBIOS-based services, traffic-shape or do away with the many flavors of P2P traffic, and perform SSL session inspection.
Deep Packet Inspection essentially collapses Intrusion Detection (IDS) functionality into the firewall appliance so that both a firewall and an in-line IDS are implemented on the same device.
The Deep Security Firewall software module is enterprise grade, bidirectional, and stateful. It can be used to enable communications over ports and protocols necessary for correct server operation and to block all other ports and protocols, reducing the risk of unauthorized access to the server.