Network security tools try to decide the fate of the packets by asking; "Are they benign or malign?". A simple yet a very difficult answer to give. This is how our packet engine is helping them.
We provide cybersecurity tools with the richest set of information that could ever be devised off the packets and enrich them with a lot of contexts.
You are not judging based on only a few criteria. Instead, Having a multi-dimensional view with a lot of properties; you're deciding with confidence.
Being the industry's first and only solution with native TLS inspection, we are showing the complete picture, not half of it.
Next Generation Firewalls
Security Operations Centers
Network Security Analytics
Network Traffic Analysis
file & url
A unique technology delivering port agnostic application identification, pre-enriched with lots of context like GeoIP locations, Active Directory /Radius Database, OS and Device identification and IP Reputation.
Pre-integrated website categorization database with +140 Million websites empowers great web insights and visibility taking into account that %70 percent of the Internet is now Web.
Ability to inspect North-South & East-West traffic
%100 Transparent, L2 - L7 detailed packet classification & application identification
Session Retention & Search & Drill-down reporting
Transactions Retention & Search & Drill-down reporting
Metadata & File Extraction for Malware Detection
DNS, HTTP, TLS, VoIP (SIP, RTP) detailed transactions & drill-down reporting
Rich on-the-fly metadata enrichment
GeoIP (Countries, Cities, ISP names, Geo coordinates, Network AS names...)
User/Group (Active Directory Enrichment)
Device, Operating System, Browser Type information
Web Categorization (130 Million Sites with 100+ Web Categories)
Firewalls protect the borders. They do not offer visibility and filtering behind the borderline: your internal packet flows.
However, 100% prevention is not possible. Eventually, some bad guys will evade your prevention and get inside.
Once done, they will try to move laterally to infect more machines in your network. There are no firewalls between the machines inside the network. This makes it very convenient for the attackers to move and spread laterally.
But, you still have the chance and power to detect and respond.
Sunny Valley packet engine provides performance and space optimized visibility of your inter switch, inter VM or container traffic, which is key to knowing and baselining your normal network traffic behavior and spotting anomalies. You can even utilize fully passive east-west packet filtering without the need to deploy any inline devices.
Passive filtering via active response (TCP RST, TCP FIN with payload, ICMP port unreachable)
Host quarantine & containment
Today, blocking or allowing ports 80 and 443 literally means denying or accepting everything.
IP addresses and port numbers do not do the job in todays' ever evolving attack landscape.
Security devices need far advanced and fine-grained criteria for accepting or blocking packets.
Sunny Valley allows you shape, filter or even redirect packets based on a wide variety of options, including but not limited to Application IDs and Usernames.
Ability to take action for all identified protocols and applications
Filter, Shape or Redirect according to a multitude of criteria (based on session or metadata fields)
Fully integrated with pfSense 2.3.x and 2.4.x
%100 Transparent & Bump-in-the-wire
Web 2.0 Controls for Popular Web Sites (Facebook, LinkedIn, Twitter, Google etc.)
We are not the only ones who are enjoying privacy features of TLS and similar encryption technologies.
Attackers are also utilizing encryption to hide their activities in the network. They hide in spots where they think you're not looking.
Our fine-grained TLS inspection policies allow you to go after bad guys without sacrificing the privacy of your legitimate users.
%100 Transparent on-the-fly Full TLS inspection
Port agnostic TLS protocol detection & inspection - Ability to inspect TLS passing over any port.
SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 protocols supported
Fine grained TLS inspection policy rules allowing you to protect privacy of your legitimate users. For instance you can tell policy engine to only inspect traffic going towards sites whose security or productivity rating is below a certain threshold or sites whose popularity rating are low.
You can also enforce TLS security policies to not allow any insecure TLS protocols to be used in your networks.
File & URL
Signature based static detection mechanisms are way too old for today's advanced persistent threat landscape.
Security tools need a deep breadth of analysis at file and URL level.
Sunny Valley packet engine is able to feed objects and content to upstream security tools for malware detection, AV scanning and sandboxing.
Fine grained inspection policy rules allowing you to protect privacy of your legitimate users. For instance you can tell policy engine to only inspect traffic going towards sites whose security or productivity rating is below a certain threshold or sites whose popularity rating are low.
How do we integrate into your products?
C++ Library, RESTful
pfSense 2.3.x and 2.4.x
Elastic Search 5.3.x
Netflow 5 and 9
Centos Linux 7+
Ubuntu Linux 16.4+
Performance & Scalability
On a typical Desktop CPU, Sunny Valley Packet Engine is able to process 1 Gbps of regular Internet traffic flow with all features enabled.
The engine is able to scale to the number of processors available on the system. If there are 20 cpu cores available, this means you can secure a 20 Gig pipe at a very low CPU cost.