The Cato Cloud is a converged platform to connect, secure and manage your network. You can gradually deploy Cato across branches, cloud resources, and users to replace or augment legacy network services and security point solutions.
Network Challenges of Digital Transformation
Next Generation Firewall Solution
Network Box (SIN) Pte Ltd (Cyber Security – Managed Security Service Provider) is now officially the “Pre-Approved Vendor” by Singapore IMDA for UTM+ (Unified Threat Management) package solutions for SMEs.
The Network Box UTM+ solution addresses both incoming threats from the Internet (e.g. intrusion attempts, zero-day threats, infection by trojans, viruses and other malware, spam, denial of service, etc), and outgoing threats from your business (e.g. by blocking leakage of important information, denying access to non-work related or undesirable web sites and applications, etc). Furthermore, Network Box provides additional features to assist you with the management of your network and security (e.g. customized reports, KPIs, entity management, customizable dashboard, etc).
Cyber attacks are ongoing. Today, a hacker is probing your gateway every 2.3 seconds. There are 310 intrusion attempts on your network every hour. A new virus released every 12 minutes, and 66.5% of your incoming mail are spam or malicious emails. Network Box helps to eliminate these incoming threats with the following security technologies:
The firewall is quite often the first line of defence against cyber attacks. Unlike most other firewalls, however, Network Box utilizes a Hybrid Firewall to effectively protect your servers and workstations from malicious probes and unauthorized access.
|Packet Filtering Firewall
Blocks or allows packets through the network depending on the source/destination IP, protocols and ports. Suitable for basic protection with minimal overhead.
Stateful Packet Inspection Firewall
Monitors active connections to determine which network packets to allow through to the network. Suitable for high performance and sophisticated rule sets.
A set of secure proxies, integrated to the firewall, connection tracking and NAT systems, capable of high-level protection up to layer 7 Application Layer.
INTRUSION DETECTION & PREVENTION (IDP)
Tightly integrated with the firewall, the Network Box Intrusion Detection and Prevention (IDP) system monitors and analyzes your network for signs of intrusion. If an intrusion attempt is detected, it is logged, and the system can be set to actively block the threat.
Protection against newly emerging threats is provided by a database of vulnerability-class based behaviour anomalies and heuristic (expert system) anomaly-based behavioural analysis. This is updated in real-time, using Network Box's patented PUSH Technology.
There are four IDP modes offered by
Inline with the data-stream, offers extremely light-weight, high-speed protection with zero-latency. Operating in conjunction with the firewall, the Frontline IPS adds packet content inspection, rate limiting and traffic analysis to the base firewall capabilities.
Side-by-side with the data stream, alerting and logging of traffic only. Useful for policy enforcement and more aggressive rules.
Side-by-side with the data stream, alerting and logging of traffic but with the ability to actively teardown connections, once malicious traffic has been identified.
Inline with the data stream and tightly coupled to the firewall, alerting and logging of traffic. The Inline IPS is able to automatically drop malicious traffic before the remote system even sees it.
The Network Box Anti-Malware system provides 16 anti-malware engines, running over 12 million signatures, to identify and prevent viruses, trojans, worms and other malicious software, from infecting your networked systems or networked smart devices.
Additionally, the anti-malware system transparently scans and analyzes incoming and outgoing SMTP emails, HTTP and FTP protocols for malware. Even attachments such as .exe, .zip files, and other compression and encoding formats are decoded and scanned. Furthermore, external emails from POP3 and IMAP accounts are also scanned to ensure your network is secured.
The malware signature database that powers the anti-malware system is updated in real-time, using Network Box's patented PUSH Technology.
|Crypto Hash Checks
Compares each object in the message with a database of malicious object signatures.
Regular Expression Checks
Uses regular expressions to look for common malicious code structures.
Looks for illegal structures and formatting in MIME email messages.
Kaspersky Message Scanner
Used to run the Kaspersky AVP anti-virus scanner against the entire message.
Kaspersky Object Scanner
Used to run the Kaspersky AVP anti-virus scanner against unpacked objects found inside the email message.
Clam Object Scanner
Used to optionally run the Clam anti-virus scanner against unpacked objects found inside the email message.
Bagle Variant Heuristics
Used to block new, emerging, variants of the Bagle family of viruses.
|Hidden Executable Heuristics
Used to determine if executable code is hiding in non-executable file extensions.
Class ID Heuristics
Checks CLASSID extensions in attached files, as this is a common technique used to bypass anti-virus scanning, or exploit mail reader vulnerabilities.
Blank Extension Heuristics
Checks file extensions, looking for certain types of blank extension commonly used to bypass anti-virus scanning, or exploit mail reader vulnerabilities.
Multiple Extension Heuristics
Checks for certain classes of multiple extensions, commonly used to bypass anti-virus scanning, or exploit mail reader vulnerabilities.
An in-the-cloud defense shield that provides fast and effective protection against emerging zero-day malware.
ZERO-DAY ANTI-MALWARE (Z-SCAN)
The Network Box Zero-Day Anti-Malware engine, Z-Scan, is an in-the-cloud defence shield that provides protection against the latest zero-day threat. Z-Scan operates by continually analysing all the threat information obtained, in real-time, from more than 250,000 virtual honey-pots deployed in the cloud, and releasing its own signatures to protect against these threats within seconds. Because of its fast deployment, Z-Scan is able to provide the fastest protection against emerging new threats.
The diagrams below illustrate Z-Scan in action, from the first phase of zero-day malware detection, to signature creation and application.
Identification and Signature Creation
Signature Release and Application
MULTI LAYERED ANTI-SPAM
The Network Box Anti-Spam system scans and blocks spam and other malicious emails from entering your network. With support for SMTP, POP3 and IMAP email protocols, the system provides 25 anti-spam engines, combining several different techniques, and is backed by a database of over 30 million signatures.
In addition to spam detection, the system also comprehensively scan emails for malware, intrusion, and company policy conformance.
|Co-operative Spam Checksums
This technique involves breaking apart a message, and taking cryptographic checksums of each component of the message.
Signatures and Spam Scoring
Lists of signatures which match aspects of spam messages.
White lists and Black lists
A list of words / patterns which make a message Ham (good email) or Spam.
By examining behaviour, tests can be designed to determine if an e-mail is Spam.
Real-Time IP Blacklists
Lists of gateways known to be either known sources of spam, known open-relays (allowing third-party relaying of messages), or known dial-up networks.
Real-Time URL Blacklists
Lists of URLs used by Spammers.
URL to IP Mapping and Blacklists
Lists of IP addresses used by Spammers.
Using the on-board database, URLs can be categorised.
If a domain is very young this can be an indicator of Spam.
Statistical (or Bayesian) filters can be used to automatically maintain word / pattern white lists and blacklists, together with statistical probabilities as to whether the given word / pattern makes the message Spam / Ham.
Challenge / Response Systems
Network Box can challenge previously unknown senders to check they are not Spammers.
This technique is normally used to indicate that an email message is Ham, and is not used to determine Spam.
Optical Character Recognition (OCR)
Spams sent as pictures can be interpreted as text and hence detected.
Additionally, Network Box offers a Spam Trap facility which is integrated into the email scanner technology. The Spam Trap works by monitoring a configured list of email addresses. Messages arriving on those addresses are accepted and scanned, and automatically transmitted to the centralized Spam Trap facility. The emails are then blocked and classified both ‘spam’ and ‘trapped’.
Once the spam emails arrive at the centralized Spam Trap facility, they are analysed using exactly the same anti-spam technology and signatures rules as on customer boxes. Any missed spams are forwarded on to the Security Response Outbreak Spam System for analysis and release of protection signatures. Any executable attachments are analyzed for malware and suspicious attachments are forwarded on to the Security Response Outbreak System for further analysis.
ANTI-DDoS (Anti-Distributed Denial of Service)
The Network Box Anti-DDoS engine provides Distributed Denial of Service (DDoS) Attack mitigation, so that ‘bad traffic’ is kept at bay, while ‘good traffic’ is allowed through to secured web facing servers, defending business continuity during ongoing attacks. Using real-time automated fingerprinting to identify and blacklist attacks, the engine takes milliseconds to respond to brute force attacks coming from thousands of sources.
The engine keeps track of DDoS information on a per-source basis (which it periodically maintains and prunes), and imposes limits on reasonable behavior. Sources which exceed those limits are deemed to be DoS/DDoS attack sources and mitigated.
The diagram below illustrates the Anti-DDoS engine in action, whilst your network is under a DDoS attack.
|The Anti-DDoS engines offers
DoS/DDoS mitigation facilities:
● Total connections limiting
● Total connection rate limiting
● Per-source connections limiting
● Per-source connection rate limiting
● Per-source-per-method rate limiting
● SYN cookies for SYN flood protection
WEB APPLICATION FIREWALL (WAF)
The WAF engine protects web servers against web application based attacks, including the OWASP Top 10 as standard. It also allows you to have a wide range of options for blocking and logging traffic as it passes through the WAF rules system. The rules system offers the possibility to define both positive and negative security models. Using PUSH Technology, the engine also allows for the real-time installation of emergency virtual patches at the gateway, to immediately detect and prevent any application or web server specific security issues.
The engine uses a database of over 6,000 rules combined with anti-malware and IDP signature databases to identify several million threats. The high performance rules engine is capable of millions of rule-checks per second, and up to 15,000 fully analyzed transactions per second.
|The Network Box WAF offers protection
for two application groups:
Apache, IIS, Joomla, Drupal, Mediawiki, WordPress, etc.
Tailor made software that has been specially developed for a specific organization or specific user.