Citing an increase in attacks that take advantage of holes in existing firewall technology, NetScreen Technologies Monday said that it will release new "deep packet inspection" features across its line of network firewall products.
The new features build on technology NetScreen acquired in 2002 when it purchased OneSecure, and will enable the Sunnyvale, Calif., company's products to defend customers against a wide range of attacks that hide in traffic that usually passes through firewalls, destined for Web and e-mail servers, among others.
The addition of deep inspection features is the biggest change in firewall technology since the introduction of stateful inspection firewall architecture in the 1990s, according to David Flynn, vice president of marketing at NetScreen.
The term "deep inspection" describes a variety of features that enable security devices to scour individual data packets or streams of packets to spot malicious code or other anomalies that might be part of an attack.
Stateful inspection features enabled firewalls to move beyond just filtering traffic based on the information contained in data packet headers to monitor active firewall connections. Deep packet inspection allows firewalls to dig even deeper into traffic flows, reassembling packet streams to spot hidden attacks on targets like Web, e-mail and DNS servers, he said.
Deep inspection features will be included with a new version of the NetScreen operating system, ScreenOS Version 5.0. That will be available on the NetScreen-5GT, -5XT, -25, -204 and -208 devices in November and for the higher end NetScreen -500, -5200 and -5400 devices in December, NetScreen said. Existing customers will receive the new features as a software upgrade, according to NetScreen.
The new deep inspection features finally make good on NetScreen's promises to integrate OneSecure's intrusion detection and prevention (IDP) features into its ASIC-based hardware, according to Richard Stiennon, vice president of research at Gartner Inc.
The updated firewalls could spell trouble for niche application firewall makers with products that are not suited for more traditional deployments on the network perimeter and puts NetScreen in a position to compete with Check Point and Cisco, he said. Both those companies have made moves to offer similar features in their own products.
In May, for example, Check Point introduced a version of its SmartDefense product with "application intelligence" features that enable it to actively protect applications behind the firewall such as Web servers, e-mail servers and DNS servers.
Also in May, Cisco unveiled its Cisco Security Agent (CSA), making use of behavior-based detection technology it purchased with Okena in January. The CSA resides on servers and desktop machines and analyzes user behavior, thwarting actions that violate established company policy.
While deep packet inspection features are attractive to companies that are worried about infection from the next virulent Internet worm, the intense processing required to do deep inspection still means a decrease in data throughput compared with devices that are not doing deep packet inspection, Flynn said.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment