With the increasing use of applications to infiltrate into network and leak data, Firewalls today need to evolve and become more sophisticated in detecting newer threats with changing business dependency on data. Increasing bandwidth demand and newer architectures like Web 2.0 is changing the way network protocols are being used and data is transferred. Last Generation firewalls have largely been blind to such threats as more communications are going through standard protocols like HTTP and HTTPS. 

 

Websites are now largely replaced with applications and with this, it has become imperative to provide solutions concerning filtering of malicious applications causing data threats. While some applications can be very useful to the organizations, other applications like torrents and proxy applications could be very harmful. Allowing these types of applications in your network might lead to serious consequences.

• Torrents are common sources of malware and viruses. This is especially true of software and games, which must be installed and executed. This could lead to your network being infected and risk of data leak through such downloaded applications.
• If you’re torrenting illegally, whether you realize it or not, there is a chance you could get chased for copyright infringement which could bring legal liability to your organization.
• Unless connected to a VPN or some other means of encryption, all of the internet traffic can and likely will be monitored by a user’s internet service provider. Internet service providers are usually in league with copyright holders. They don’t want to be held liable for privacy and want to save bandwidth. If an ISP catches one of its customers torrenting, they could resort to bandwidth throttling, fines, or even account suspension and termination causing disruption, leading to business loss.

Another major task considering filtering of applications is to identify applications from SSL protocols and then filtering them. Firewall filtering based on port numbers can no longer provide security to an enterprise. Many applications use standard ports like 443 to camouflage its application traffic. The strength of a firewall in classifying these application forms the basis of your security.

GajShield’s Application filter is the industry’s most powerful Deep Packet Inspection (DPI) engine, providing real-time, Layer-7 classification of all network application traffic such as DNS, FTP, HTTP, HTTPS, ICMP, MGCP, NetBIOS Name Service, SMTP and TFTP. It is designed for fast, trouble-free classification of more than 5000+ application signatures. With its smart classification technology and deep packet inspection which is also called complete packet inspection and information extraction or IX that is a form of computer network packet filtering that examines the data part (and possibly also the header) of a packet as it passes an inspection point, searching for protocol non-compliance, viruses, spam, intrusions, or defined criteria to decide whether the packet may pass or if it needs to be routed to a different destination, or, for the purpose of collecting statistical information that functions at the Application Layer of the OSI (Open Systems Interconnection model). There are multiple headers for IP packets; network equipment only needs to use the first of these (the IP header) for normal operation, but the use of the second header (such as TCP or UDP) is normally considered to be shallow packet inspection (usually called stateful packet inspection) despite this it creates zero impact on the network throughput and provides wire-speed capabilities.

GajShield reporting system provides in-depth know-how of the applications used by your organization, which forms the first step towards security. Using this knowledge, security officers can then block applications for users or groups. With its recent launch of BYOD features, applications can now also be blocked based on whether the traffic has originated from a mobile device.

Earlier, Traditional firewalls would operate on the network layer. Due to advancements in the technology, now GajShield Data Security Firewall offers Application and data Visibility & Control with data context, deeper than Layer 7 policies and reporting, preventing data leakage and sophisticated application-layer threats, including malware, phishing, botnets. GajShield offers industry-leading support for over 5000+ key application signatures. Real-time network logs and reports further allow organizations to promptly re-set network settings for maximum security and productivity. In addition to this, GajShield application filtering feature aims to enhance business-critical application performance by limiting bandwidth for non-business traffic, inbuilt application categories make it easier to filter out and block unwanted applications for the users and to ease this process, GajShield also supports sub-classification within a category.

As a result of this, the infrastructure cost is greatly reduced and thereby, bandwidth is saved as well. Detailed reports showcasing which users are allowed access to which applications further help support security. In addition to all these security features, policies can also be set to filter out nonbusiness traffic which helps to curb the usage of internet for non-professional purposes or personal usage.

Features of GajShield’s Application Filtering mechanism

• Control and visibility data layer, deeper than layer 7 & applications
• Gain control and achieve visibility across 2,500+ applications.
• Enhance business-critical application performance by limiting bandwidth for non-business traffic
• Inbuilt application categories.
• 5000+ Application signatures
• Support policies to identify/detect, allow, block or limit (usage control) TCP/IP application regardless of ports, protocol etc.
• Detect and block known applications like P2P, IM etc.
• Policy based shaping of application for users, group, ip address and network
• Sub classification within a category supported
• Provides risk factor/level of applications
• Saves bandwidth and reduces infrastructure costs
• Protects corporate users including BYOD devices.
• Improved security by blocking threats emerging out of risky applications.
• Quick to set up and simple to implement using GajShield’s Object-oriented policy management

Besides this, when it comes to blocking applications, it is realized that Applications are very difficult to detect and block as compared to URLs. Some applications like BitTorrent can run on any port and can be wrapped inside SSL which makes them difficult to detect. One possible way to effectively detect and block them would be protocol decoding with deep packet inspection. Deep packet inspection involves looking at traffic and blocking it based on its type. GajShield support protocol decoding with the help of context-based deep packet inspection.