VP of marketing Wes Wasson said that the devices now allow four styles of intrusion protection: web site cloaking, dynamic application profiling, deep packet inspection and behind-the-firewall protection from automated attacks.
Earlier versions of the product already provided cloaking that could make web sites more or less invisible to hackers. Automated probes, for example, would not be able to detect the version number or patch status of a web server.
Deep packet inspection – the ability to block or allow traffic based on the contents of data packets, rather than just the headers – is also from earlier versions of the product.
New this week is the ability for the device to learn what healthy HTTP traffic looks like on the fly and block unhealthy traffic. The devices check outbound HTTP, then build a table of acceptable responses (such as linked URLs are linked) and block everything else.
Also new is the ability to block known attacks such as automated worms from re-infecting behind-the-firewall servers, should a rogue server become infected, by creating separated VLAN zones and pushing traffic between them back through the NetContinuum box.
Wasson said new management features and an expanded GUI allow users to manage any number of NetContinuum boxes and any number of application zones from a single console. Delegation of responsibility for zones is also possible in large deployments.
Source: Computerwire
