FacebookTwitterLinkedInYouTube


Support Login  |  Partner Login  |  Contact Us
Home
» The Need for Session-Level Network Security

The Need for Session-Level Network Security

Wed, 05/19/2010 - 20:56 — Anonymous

Security is in many ways an arms race, with the adversaries evolving their attacks and organizations looking to take the most advantage of technology and information while preventing compromises to the confidentiality, integrity, and availability of the information required to accomplish their mission or goals.  Sadly, the adversaries are currently winning this race.  They have evolved from individuals to groups, including nations states, terrorist groups, and organized crime syndicates.  They have research and development teams working on new attacks, their resources have become more talented and their attacks more focused and persistent.  They continue to innovate, often on a daily basis. 

While the adversary evolves daily, most enterprises' network security infrastructures unfortunately have not, and still rely on the traditional security controls--firewall, IPS, and gateway anti-virus, which are insufficient to mitigate the risk present today.  These technologies have served many enterprises well, but the threats have evolved beyond these technologies' abilities. It is important to remember that these traditional controls are based on technology that is over a dozen years old:

  • Anti-virus and the associated dependence on security signatures date back to reactions from the Brain virus in 1986.
  • The firewall was launched commercially in 1988 bringing packet inspection to life. 
  • Intrusion Detection Systems (IDS) delivered deep packet inspection commercially in 1997, though government research dates back to the 1980s. 
  • The first Intrusion Prevention Systems (IPS) which brought control to deep packet inspection was delivered in 1998. 

At Fidelis Security Systems, we are focused on delivering the next-generation of network security.  Our patented Deep Session Inspection™ platform is a key component of the value of the the Fidelis Extrusion Prevention System®, Fidelis XPS™, providing customers the ability to counteract these evolved threat actors and their attacks on your valuable information and networks. 

While I'll admit "Deep Session Inspection" does make great marketing, it is a completely different approach to network security.  Firewall and IDS/IPS were focused on varying levels of inspection of the packet.  Unfortunately, very few network sessions occur in a single packet, and attempting to manage state between packets in a large session is both difficult and processor intensive, greatly limiting the ability of a packet-based approach to provide the necessary visibility and control required to address today's threats.  As threat actors have implemented  custom attacks, attacks above the protocol layer, and attacks that take advantage of user behavior, packet-based tools have struggled to keep up. 

Instead of focusing on the packet, the deep session inspection engine inside Fidelis XPS rebuilds the entire session in real-time in-memory, and analyzes the session as it being constructed.  This architecture, which you can learn more about here, allows Fidelis XPS to address a broader list of issues than packet or  signature-based approaches including protect content, control application activity, enforce encryption policy and mitigate session-level threats

The adversary is evolving daily - isn't it time your network security infrastructure did too?  Read our new white paper on session level network security in the Fidelis XPS Resource Center or check out videos of some of our latest product features on our YouTube channel.

»