alert logic logo
Product
  • Essentials
    Vulnerability & Asset Visibility with
    Extended Endpoint Protection
  • Professional
    Essentials + Threat Detection & Incident Management
  • Enterprise
    Professional + WAF & Threat Hunting Analyst
  • Capabilities Mapping
    Across Other Alert Logic Offerings
Solutions & Capabilities

    • Threat Detection & Response
    • Intrusion Detection
    • Log Management
    • Anti-Virus Integration
    • Asset Discovery
    • Dark Web Scanning
    • Managed Security Services
    • SaaS Vendor Security
    • Security Monitoring
    • SOC-as-a-Service
    • Vulnerability Management
    • Web Application Firewall
  • Compliance
    • PCI Compliance
    • GDPR Compliance
    • HIPAA Compliance
    • SOC2 Compliance
    • NIST Compliance
  • Environments
    • Hybrid Cloud
    • On-Premises
    • Public Cloud
      • Amazon Web Services
      • Microsoft Azure & Office 365
      • Google Cloud Platform
    • Container Security
    • Extended Endpoint Protection

 

 
 
 
white bg cato networks

The S

Cato Cloud

The Cato Cloud is a converged platform to connect, secure and manage your network. You can gradually deploy Cato across branches, cloud resources, and users to replace or augment legacy network services and security point solutions.

Network Challenges of Digital Transformation

 

 

Capture
NB Logo

The S

Next Generation Firewall Solution

Network Box (SIN) Pte Ltd (Cyber Security – Managed Security Service Provider) is now officially the “Pre-Approved Vendor” by Singapore IMDA for UTM+ (Unified Threat Management) package solutions for SMEs.

The Network Box UTM+ solution addresses both incoming threats from the Internet (e.g. intrusion attempts, zero-day threats, infection by trojans, viruses and other malware, spam, denial of service, etc), and outgoing threats from your business (e.g. by blocking leakage of important information, denying access to non-work related or undesirable web sites and applications, etc). Furthermore, Network Box provides additional features to assist you with the management of your network and security (e.g. customized reports, KPIs, entity management, customizable dashboard, etc).

INCOMING THREATS

Cyber attacks are ongoing. Today, a hacker is probing your gateway every 2.3 seconds. There are 310 intrusion attempts on your network every hour. A new virus released every 12 minutes, and 66.5% of your incoming mail are spam or malicious emails. Network Box helps to eliminate these incoming threats with the following security technologies:

HYBRID FIREWALL

The firewall is quite often the first line of defence against cyber attacks. Unlike most other firewalls, however, Network Box utilizes a Hybrid Firewall to effectively protect your servers and workstations from malicious probes and unauthorized access.

Packet Filtering Firewall

Blocks or allows packets through the network depending on the source/destination IP, protocols and ports. Suitable for basic protection with minimal overhead.

Packet Filtering
 

Stateful Packet Inspection Firewall

Monitors active connections to determine which network packets to allow through to the network. Suitable for high performance and sophisticated rule sets.

Stateful Inspection
 

Proxy Firewall

A set of secure proxies, integrated to the firewall, connection tracking and NAT systems, capable of high-level protection up to layer 7 Application Layer.

Proxy Firewall

INTRUSION DETECTION & PREVENTION (IDP)

Tightly integrated with the firewall, the Network Box Intrusion Detection and Prevention (IDP) system monitors and analyzes your network for signs of intrusion. If an intrusion attempt is detected, it is logged, and the system can be set to actively block the threat.

Protection against newly emerging threats is provided by a database of vulnerability-class based behaviour anomalies and heuristic (expert system) anomaly-based behavioural analysis. This is updated in real-time, using Network Box's patented PUSH Technology.

There are four IDP modes offered by

Network Box:

 

4 IDP modes

Frontline IPS

Inline with the data-stream, offers extremely light-weight, high-speed protection with zero-latency. Operating in conjunction with the firewall, the Frontline IPS adds packet content inspection, rate limiting and traffic analysis to the base firewall capabilities.

Passive IDS

Side-by-side with the data stream, alerting and logging of traffic only. Useful for policy enforcement and more aggressive rules.

Active IDS

Side-by-side with the data stream, alerting and logging of traffic but with the ability to actively teardown connections, once malicious traffic has been identified.

Inline IPS

Inline with the data stream and tightly coupled to the firewall, alerting and logging of traffic. The Inline IPS is able to automatically drop malicious traffic before the remote system even sees it.

MULTI-LAYERED ANTI-MALWARE

The Network Box Anti-Malware system provides 16 anti-malware engines, running over 12 million signatures, to identify and prevent viruses, trojans, worms and other malicious software, from infecting your networked systems or networked smart devices.

Additionally, the anti-malware system transparently scans and analyzes incoming and outgoing SMTP emails, HTTP and FTP protocols for malware. Even attachments such as .exe.zip files, and other compression and encoding formats are decoded and scanned. Furthermore, external emails from POP3 and IMAP accounts are also scanned to ensure your network is secured.

The malware signature database that powers the anti-malware system is updated in real-time, using Network Box's patented PUSH Technology.

Anti-Malware Engines

Crypto Hash Checks

Compares each object in the message with a database of malicious object signatures.

Regular Expression Checks

Uses regular expressions to look for common malicious code structures.

Illegal MIME

Looks for illegal structures and formatting in MIME email messages.

Kaspersky Message Scanner

Used to run the Kaspersky AVP anti-virus scanner against the entire message.

Kaspersky Object Scanner

Used to run the Kaspersky AVP anti-virus scanner against unpacked objects found inside the email message.

Clam Object Scanner

Used to optionally run the Clam anti-virus scanner against unpacked objects found inside the email message.

Bagle Variant Heuristics

Used to block new, emerging, variants of the Bagle family of viruses.

Hidden Executable Heuristics

Used to determine if executable code is hiding in non-executable file extensions.

Class ID Heuristics

Checks CLASSID extensions in attached files, as this is a common technique used to bypass anti-virus scanning, or exploit mail reader vulnerabilities.

Blank Extension Heuristics

Checks file extensions, looking for certain types of blank extension commonly used to bypass anti-virus scanning, or exploit mail reader vulnerabilities.

Multiple Extension Heuristics

Checks for certain classes of multiple extensions, commonly used to bypass anti-virus scanning, or exploit mail reader vulnerabilities.

Z-Scan

An in-the-cloud defense shield that provides fast and effective protection against emerging zero-day malware.

ZERO-DAY ANTI-MALWARE (Z-SCAN)

The Network Box Zero-Day Anti-Malware engine, Z-Scan, is an in-the-cloud defence shield that provides protection against the latest zero-day threat. Z-Scan operates by continually analysing all the threat information obtained, in real-time, from more than 250,000 virtual honey-pots deployed in the cloud, and releasing its own signatures to protect against these threats within seconds. Because of its fast deployment, Z-Scan is able to provide the fastest protection against emerging new threats.

Z-Scan Overview

The diagrams below illustrate Z-Scan in action, from the first phase of zero-day malware detection, to signature creation and application.

Phase 1:

Malware Detection

Z-Scan phase 1

Phase 2:

Identification and Signature Creation

Z-Scan phase 2

Phase 3:

Signature Release and Application

Z-Scan phase 3

MULTI LAYERED ANTI-SPAM

The Network Box Anti-Spam system scans and blocks spam and other malicious emails from entering your network. With support for SMTP, POP3 and IMAP email protocols, the system provides 25 anti-spam engines, combining several different techniques, and is backed by a database of over 30 million signatures.

In addition to spam detection, the system also comprehensively scan emails for malware, intrusion, and company policy conformance.

Anti-Spam Technologies

Co-operative Spam Checksums

This technique involves breaking apart a message, and taking cryptographic checksums of each component of the message.

Signatures and Spam Scoring

Lists of signatures which match aspects of spam messages.

White lists and Black lists

A list of words / patterns which make a message Ham (good email) or Spam.

Heuristics

By examining behaviour, tests can be designed to determine if an e-mail is Spam.

Real-Time IP Blacklists

Lists of gateways known to be either known sources of spam, known open-relays (allowing third-party relaying of messages), or known dial-up networks.

Real-Time URL Blacklists

Lists of URLs used by Spammers.

URL to IP Mapping and Blacklists

Lists of IP addresses used by Spammers.

URL Categorization

Using the on-board database, URLs can be categorised.

Domain Age

If a domain is very young this can be an indicator of Spam.

Bayesian Filtering

Statistical (or Bayesian) filters can be used to automatically maintain word / pattern white lists and blacklists, together with statistical probabilities as to whether the given word / pattern makes the message Spam / Ham.

Challenge / Response Systems

Network Box can challenge previously unknown senders to check they are not Spammers.

Digital Signatures

This technique is normally used to indicate that an email message is Ham, and is not used to determine Spam.

Optical Character Recognition (OCR)

Spams sent as pictures can be interpreted as text and hence detected.

 

Spam Traps

Additionally, Network Box offers a Spam Trap facility which is integrated into the email scanner technology. The Spam Trap works by monitoring a configured list of email addresses. Messages arriving on those addresses are accepted and scanned, and automatically transmitted to the centralized Spam Trap facility. The emails are then blocked and classified both ‘spam’ and ‘trapped’.

Once the spam emails arrive at the centralized Spam Trap facility, they are analysed using exactly the same anti-spam technology and signatures rules as on customer boxes. Any missed spams are forwarded on to the Security Response Outbreak Spam System for analysis and release of protection signatures. Any executable attachments are analyzed for malware and suspicious attachments are forwarded on to the Security Response Outbreak System for further analysis.

Spam Traps

ANTI-DDoS (Anti-Distributed Denial of Service)

The Network Box Anti-DDoS engine provides Distributed Denial of Service (DDoS) Attack mitigation, so that ‘bad traffic’ is kept at bay, while ‘good traffic’ is allowed through to secured web facing servers, defending business continuity during ongoing attacks. Using real-time automated fingerprinting to identify and blacklist attacks, the engine takes milliseconds to respond to brute force attacks coming from thousands of sources.

The engine keeps track of DDoS information on a per-source basis (which it periodically maintains and prunes), and imposes limits on reasonable behavior. Sources which exceed those limits are deemed to be DoS/DDoS attack sources and mitigated.

Anti-DDoS Overview

The diagram below illustrates the Anti-DDoS engine in action, whilst your network is under a DDoS attack.

DDoS Attack

 

The Anti-DDoS engines offers

DoS/DDoS mitigation facilities:

● Total connections limiting

● Total connection rate limiting

● Per-source connections limiting

● Per-source connection rate limiting

● Per-source-per-method rate limiting

● SYN cookies for SYN flood protection

WEB APPLICATION FIREWALL (WAF)

The WAF engine protects web servers against web application based attacks, including the OWASP Top 10 as standard. It also allows you to have a wide range of options for blocking and logging traffic as it passes through the WAF rules system. The rules system offers the possibility to define both positive and negative security models. Using PUSH Technology, the engine also allows for the real-time installation of emergency virtual patches at the gateway, to immediately detect and prevent any application or web server specific security issues.

The engine uses a database of over 6,000 rules combined with anti-malware and IDP signature databases to identify several million threats. The high performance rules engine is capable of millions of rule-checks per second, and up to 15,000 fully analyzed transactions per second.

WAF overview

 

The Network Box WAF offers protection

for two application groups:

Standard Applications:

Apache, IIS, Joomla, Drupal, Mediawiki, WordPress, etc.

Custom Applications:

Tailor made software that has been specially developed for a specific organization or specific user.