Application Scanning and Control

Application Scanning and Control

 

APPLICATION SCANNING

 

AND CONTROL

 

While traditional firewalls block protocols and ports, the Network Box Application Scanning and Control engine analyzes web traffic at the data level to identify the application responsible for that traffic.

 

Once identified, the engine allows connections to be appropriately labelled for reporting and policy control. Integrated to the SSL Proxy, even traffic inside encrypted SSL sessions can be identified and controlled.

 

The system can also promote traffic to be handled by protocol specific scanning modules to perform more detailed analysis such as anti-malware scanning and more.

 

 

 

Application Classification:

Tags and Categories

 

The engine supports over 1,300 applications such as Skype, Twitter, Messenger, Facebook, YouTube, Spotify, WhatsApp, Reddit, and many more. The applications can be classified using 20 tags and 15 categories:

20 Tags


 

Advertisements

Mobile

Video Conferencing

Encryption

Peer 2 Peer

Voice Conferencing

Facebook App

Phones Home

Excessive Bandwidth

Instant Messaging

Proxy

Potential Data Leak

Internet Search

Remote Control

Prone to Misuse

Logs Communication

Screen Sharing

Used by Malware

Media Share

Uses Stealth

 

 

15 Categories


 

Collaboration

Messaging

Social Networking

Database

Network Monitoring

Streaming Media

File Transfer

Networking

Unknown

Games

Proxy

VPN and Tunnelling

Mail

Remote Access

Web Services

 

 

 

Application Classification:

Productivity and Potential Risk

 

In addition to tags and categories, the engine also allows data streams to be analyzed both in terms of Productivity and Potential Risk.

The Productivity Index ranks application usage from 1 (Recreation) to 5 (Business).

 

The Risk Level Index ranks application usage from 1 (No Risk) to 5 (Very High Risk).

 

Productivity Index

 

 

Risk Level Index

1.

Primary use is recreation

 

1.

No Risk

2.

Main use is recreation

 

2.

Minimal risk

3.

Equally used for business and recreation

 

3.

Some risk, possible misuse

4.

Main use is business

 

4.

High risk, possible data leaks / malware

5.

Primarily used for business

 

5.

Very high risk, evades detection/bypasses firewalls

 

 

 

Enhanced

Policy Control

 

When the application has been identified by the engine, by using the rules system, different company policies can be applied to allow better control of user's web access:

Flexible Classification Control

Access can be restricted using multiple categories, tags, productivity index and risk level classifications.

Example: Users cannot access sites that are: Social Media, AND Advertising, AND Productivity Index 1, AND Risk Level 5.

 

Flexible Classification Control

Time-Based Control

Allow users to access certain websites only during specific times of the day.

Example: Users can only access social media sites during non-working hours.

 

Time-Based Control

User-Level Control

Only specified users or user groups are allowed access to certain websites.

Example: The company’s marketing department can access social media sites all day but other user groups cannot access it, or can only access it during non-working hours.

 

User-Level Control

Granular Control

User will be able to access certain website but may have restrictions within the site.

Example: Users can access Facebook but cannot use the applications such as chat or games.

 

Granular Control

 

 

Key Features

1,300 Web Applications

Supports over 1,300

web applications.

Custom rules and granular control

Customizable policy rules and

granular control of applications.

Identification of encrypted traffic

Encrypted SSL traffic can also be

identified and controlled.