To address the limitations of packet-filtering, application proxy, and stateful inspection, a technology known as Deep Packet Inspection (DPI) was developed. DPI operates at L3-7 of the OSI model. DPI engines parse the entire IP packet, and make forwarding decisions by means of a rule-based logic that is based upon signature or regular expression matching. That is, they compare the data within a packet payload to a database of predefined attack signatures. Additionally, statistical or historical algorithms may supplement static pattern matching.
Analysis of packet headers can be done economically since the locations of packet header fields are restricted by protocol standards. However, the payload contents are, for the most part, unconstrained. Therefore, searching through the payload for multiple string patterns within the datastream is a computationally expensive task. The requirement that these searches be performed at wirespeed adds to the cost. Additionally, because the signature database is dynamic, it must be easily updateable.
The Deep Security Firewall software module is enterprise grade, bidirectional, and stateful. It can be used to enable communications over ports and protocols necessary for correct server operation and to block all other ports and protocols, reducing the risk of unauthorized access to the server.
Virtual machine isolation
Enabling virtual machines to be isolated in cloud computing or multitenant virtual environments, providing virtual segmentation without modifying virtual switch configurations.
Filtering traffic with firewall rules on: IP addresses, Mac addresses, ports, and more. Different policies can be configured for each network interface.
Coverage of all IP-based protocols
Supporting full-packet capturing simplifies troubleshooting and provides valuable insight into understanding raised firewall events - TCP, UDP, ICMP, and more.
Detects activities such as port scan. Non-IP traffic such as ARP traffic can also be restricted.
The stateful firewall is flexible, enabling complete bypass of inspection in a controlled manner when appropriate. It addresses ambiguous traffic characteristics that can be encountered on any network, due to normal conditions or as part of an attack.
Predefined firewall profiles
Grouping common enterprise server types - including web, LDAP, DHCP, FTP, and database - ensuring rapid, easy, consistent deployment of firewall policy, even in large, complex networks.
With detailed logging, alerting, dashboards, and flexible reporting, the Deep Security Firewall software module captures and tracks configuration changes - such as what policy changes have been made and who made the changes - providing a detailed audit trail.