Feature Story

Power Tools for IT

UTM (Unified Threat Management) devices that combine various security applications into one appliance to protect companies against security threats aren't anything new. What is new to the UTM landscape is NBRS Ver5.0, a next-generation UTM platform from Network Box USA (www.networkboxusa.com) that promises to alter how UTM devices function and how IT managers interact with them.

A Holistic View

Since 2000, Network Box has offered fully managed UTM security services that combine comprehensive security protection with its patented real-time PUSH update technology and global network of SOCs (Security Operations Centers). The result is award-winning protection used by organizations around the world, including 150-plus U.S. financial institutions. NBRS Ver5.0, however, ups the ante by introducing "Holistic Security Management."

Typical UTM solutions combine spam, firewall, antivirus, and other security applications in one device but present the modules in separate administrative user interfaces. "The industry is long overdue for a change in approaching the topic of unified threat management," says Pierluigi Stella, Network Box USA CTO. "IT managers need a comprehensive, full-serviced, universal view of their network gateways. And not just from a security perspective but also from the viewpoints of compliance, reporting, and business continuity." NBRS Ver5.0 does this and much more.

Packing hundreds of new features—among them bandwidth control, application identification, SSL (secure website) scanning, and translation for the new IPv6 protocol—NBRS Ver5.0 utilizes "security modules" that work together and extend the platform's usefulness. What's important to note about NBRS Ver5.0 is that its modules not only work together, but can also be viewed simultaneously, providing a holistic rather than a fragmented approach.

As a result, your company's IT personnel can use NBRS Ver5.0 to track and view network resources, entities (network users and machines), and their individual attributes (MAC, IP, and email addresses) all in one pane. Thus, IT can view the firewall blocks, Web access, and network usage tied to, say, John Doe's desktop PC, mobile device, and VPN access all on one screen.

Next-Generation Application Protection

The first module released for NBRS Ver5.0 is a state-of-the-art WAF (Web Application Firewall). The holistically managed device sits in front of the Web server to protect it from threats coming in from the browser. It combines routing, protocol translation, encryption and compression offloading, protection from DDoS (distributed denial of service) attacks, IPv4/IPv6 bridging, and a Virtual Patching feature that essentially applies "hot updates" by installing WAF rules.

A typical installation would put the NBRS Ver5.0 WAF between attack sources and the Web servers a company wants to protect. NBRS Ver5.0 WAF then transparently intercepts and proxies requests targeted at these Web servers, applying protection rules before passing requests to the Web servers. Additionally, replies from the protected Web servers are intercepted and subjected to protection rules before being passed to the requester.

Mark Webb-Johnson, CTO, Network Box Corp., Ltd., says to think of a WAF as a very specific IPS (Intrusion Prevention System) tightly integrated with a firewall "targeted purely at protecting Web servers and the applications running on them accessed through the HTTP protocol." Whereas IT can instruct a firewall to open or close port TCP/80 for Web access, and an IPS can inspect traffic on port TCP/80 and check for common vulnerabilities and exploits, the Network Box WAF "goes beyond both by completely decoding the HTTP protocol and applying rules to requests and responses using that protocol," Webb-Johnson says.

IT managers are also concerned about data center-based applications running on Internet-facing Web servers. Though security scans or PCI vulnerability assessments can pinpoint problems with legacy applications, fixing issues in the actual application is too difficult and costly, Network Box states.

"While Intrusion Prevention Systems can do wonders for protecting the Web servers themselves, it (and other similar technology) is limited in its ability to protect custom applications running on those servers," Webb-Johnson says. IPS can detect and block generic attacks, he says, but targeted attacks against custom applications are beyond the scope of most IPSs. "This is where Web Application Firewalls come in," he adds.

A Modular Approach

In addition to the WAF module, the NBRS Ver5.0 platform features other modules and components that assist in protection. These include a Network Input layer that receives network traffic and ensures that it conforms to fundamental IP protocols. This layer also handles common DoS (denial of service)/DDoS attacks, which occur when an attacker floods servers with requests, overwhelming the servers and preventing them from providing expected services.

An integrated Network DDoS Security module, meanwhile, also protects against DoS and DDoS attacks, primarily through the use of five techniques that identify malicious attack behavior and dynamically block the attacks as well as the identified sources of attacks. Globally, Webb-Johnson says, DDoS attacks have been gaining considerable attention, putting enhanced DDoS mitigation high on the list of security features IT managers are currently seeking. "Network Box's WAF system provides not only real-time push-updated Web application protection, but offers exactly the kind of effective yet affordable DDoS mitigation organizations are looking for," he says.

Elsewhere, a Network Selection phase classifies traffic and determines if additional processing is needed. An Input Translation module enables high-level translations between all combinations of the IPv4, IPv6 (the Internet protocol that follows IPv4), and SSL protocols. "This year, the IPv4 address space has been officially declared exhausted. Though there is no need to panic just yet, be prepared to face reality, because soon enough, they'll be gone for good and IPv6 will be the order of the day," Stella says. "For this reason, IPv6 support and innovation are foundational aspects of Network Box 5.0."

Finally, the NBRS Ver5.0 platform's Web Server Proxy module handles connections in and out of the actual WAF, decoding the HTTP protocol and enforcing policy. Outgoing traffic that successfully passes through the WAF moves through additional modules before passing through a Network Output module on to the protected Web server. Impressively, all these actions occur without impacting the core WAF's effectiveness.

The Rest of the Story

Network Box has designed the NBRS Ver5.0 platform to function on all of the company's modern UTM hardware devices, including those that customers are currently running. The company is making the technology free to current users of its UTM devices and states support for older hardware is coming. Additionally, such options as hardware acceleration for certain NBRS Ver5.0 functions, including SSL and VPN encryption, are expected for upcoming release.

Read this article interactively

Return to: 2012 Feature Stories