Sunny Valley Networks name and logo are trademarks of Sunny Valley Cyber Security Inc. All other brand names, product names, or trademarks belong to their respective owners.

 

© 2017-2019 Sunny Valley Cyber Security Inc. All rights reserved.

 

440 N Wolfe Rd, Sunnyvale CA 94085

(650) 288 4488     hi@sunnyvalley.io

spiceworld-2018.png
  • SVN YouTube Channel
  • Twitter Social Icon

ACTIONABLE PACKET CLASSIFICATION

With native TLS visibility

At scale. All software.

Product

Network security tools try to decide the fate of the packets by asking; "Are they benign or malign?". A simple yet a very difficult answer to give. This is how our packet engine is helping them.

 

We provide cybersecurity tools with the richest set of information that could ever be devised off the packets and enrich them with a lot of contexts. 

You are not judging based on only a few criteria. Instead, Having a multi-dimensional view with a lot of properties; you're deciding with confidence.

Being the industry's first and only solution with native TLS inspection, we are showing the complete picture, not half of it. 

 

Empowering;

  • Next Generation Firewalls

  • IDS/IPS Products

  • Network Forensics

  • Security Operations Centers

  • Network Security Analytics

  • Network Traffic Analysis

  • SIEM Tools

  • Deception Tools

  • APT Tools

 
 

Use caseS

PACKET CLASSIFICATION

Port agnostic application identification and metadata extraction

EAST-WEST CONTROL

Visibility and Filtering for Container, Inter-VM and lateral movement traffic

Filter, shape or even redirect flows with confidence

TLS

visibility

Software-based TLS inspection

with Privacy.

Inline, Robust, Fast.

Extract files off-wire for

APT / Malware deep scanning

application

control

file & url

EXTRACTION

Packet
Classification

A unique technology delivering port agnostic application identification, pre-enriched with lots of context like GeoIP locations, Active  Directory /Radius Database,  OS and Device identification and IP Reputation.

Pre-integrated website categorization database with +140 Million websites empowers great web insights and visibility taking into account that %70 percent of the Internet is now Web. 

  • Ability to inspect North-South & East-West traffic

  • %100 Transparent, L2 - L7 detailed packet classification & application identification

  • Session Retention & Search & Drill-down reporting

  • Transactions Retention & Search & Drill-down reporting

  • Metadata & File Extraction for Malware Detection

  • DNS, HTTP, TLS, VoIP (SIP, RTP) detailed transactions & drill-down reporting

  • Rich on-the-fly metadata enrichment

    • GeoIP (Countries, Cities, ISP names, Geo coordinates, Network AS names...)

    • User/Group (Active Directory Enrichment)

    • Device, Operating System, Browser Type information

  • Asset Discovery

  • Web Categorization (130 Million Sites with 100+ Web Categories)

 
East-West Control

Firewalls protect the borders. They do not offer visibility and filtering behind the borderline: your internal packet flows. 

However,  100% prevention is not possible. Eventually, some bad guys will evade your prevention and get inside.

Once done,  they will try to move laterally to infect more machines in your network. There are no firewalls between the machines inside the network. This makes it very convenient for the attackers to move and spread laterally. 

But, you still have the chance and power to detect and respond. 

Sunny Valley packet engine provides performance and space optimized visibility of your inter switch, inter VM or container traffic, which is key to knowing and baselining your normal network traffic behavior and spotting anomalies.  You can even utilize fully passive east-west packet filtering without the need to deploy any inline devices. 

 

  • Performance optimized

  • Passive filtering via active response (TCP RST, TCP FIN with payload, ICMP port unreachable)

  • Packet de-duplication

  • Host quarantine & containment

 
Application Control

Today, blocking or allowing ports 80 and 443 literally means denying or accepting everything. 

 

IP addresses and port numbers do not do the job in todays' ever evolving attack landscape. 

 

Security devices need far advanced and fine-grained criteria for accepting or blocking packets. 

 

Sunny Valley allows you shape, filter or even redirect packets based on a wide variety of options, including but not limited to Application IDs and Usernames.  

  • Ability to take action for all identified protocols and applications

  • Filter, Shape or Redirect according to a multitude of criteria (based on session or metadata fields)

  • Fully integrated with pfSense 2.3.x and 2.4.x 

  • %100 Transparent & Bump-in-the-wire

  • Port-agnostic

  • Web 2.0 Controls for Popular Web Sites (Facebook, LinkedIn, Twitter, Google etc.)

 
TLS
Visibility

We are not the only ones who are enjoying privacy features of TLS and similar encryption technologies.

 

Attackers are also utilizing encryption to hide their activities in the network. They hide in spots where they think you're not looking. 

 

Our fine-grained TLS inspection policies allow you to go after bad guys without sacrificing the privacy of your legitimate users. 

  • %100 Transparent on-the-fly Full TLS inspection

  • Bump-in-the-wire. 

  • Port agnostic TLS protocol detection & inspection - Ability to inspect TLS passing over any port.

  • Session Resumption

  • SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 protocols supported

  • Fine grained TLS inspection policy rules allowing you to protect privacy of your legitimate users. For instance you can tell policy engine to only inspect traffic going towards sites whose security or productivity rating is below a certain threshold or sites whose popularity rating are low.

  • You can also enforce TLS security policies to not allow any insecure TLS protocols to be used in your networks.

 
 
File & URL
Extraction

Signature based static detection mechanisms are way too old for today's advanced persistent threat landscape. 

Security tools need a deep breadth of analysis at file and URL level. 

Sunny Valley packet engine is able to feed objects and content to upstream security tools for malware detection, AV scanning and sandboxing.   

  • File Objects

  • Metadata

  • File hashes

  • URL extraction

  • Fine grained inspection policy rules allowing you to protect privacy of your legitimate users. For instance you can tell policy engine to only inspect traffic going towards sites whose security or productivity rating is below a certain threshold or sites whose popularity rating are low.

INTEGRATION

How do we integrate into your products?

 

 

 

 

 

Deployment

Bump-in-the-Wire

Mirror

Inline Passthrough

Cloud

On Premise

 

 

 

 

 

 

 

 

API

 

 

Firewall

 

 

Reporting

 

 

 

 

 

 

 

Monitoring

 

 

 

 

 

 

 

 

C++ Library, RESTful

 

Service

pfSense 2.3.x and 2.4.x

 

 

OPNSense 17.7.x
 

 

 

Elastic Search 5.3.x

Kibana

Netflow 5 and 9

Syslog

Text Files

Nagios, Syslog

 

 

 

 

 

OS

Centos Linux 7+

Ubuntu Linux 16.4+

FreeBSD 10.x

FreeBSD 11.x

Interested?

 
 
Performance & Scalability

On a typical Desktop CPU, Sunny Valley Packet Engine is able to process 1 Gbps of regular Internet traffic flow with all features enabled.

 

The engine is able to scale to the number of processors available on the system. If there are 20 cpu cores available, this means you can secure a 20 Gig pipe at a very low CPU cost.