DPI (Flow) + DCI (Content) Scanning

  • OS deploys both a DCI and a DPI Engine
  • DPI and DCI engines work in tandem to allow for data-in-motion

1)Session recognition, extraction and storage

2)Application recognition and payload extraction within the session

3)Session reconstruction (when possible)

4)Interception of SSL sessions

 

3 Stages of Real-Time Scanning

Patented SubSonic™ Engine with GreenStreaming

  • Reduces network latency

–Large files are scanned as individual packets and immediately released

–Last packet is held until contents from each packet are reconstructed for content level scanning with no perceptible delay

  • Automatically adjusts to network speed

–Configured time interval as opposed to a configured data chunk size

  • Full context scans without sacrificing detection accuracy

–20x to 30x faster

Policy Driven Capture

  • Whenever an DSD Policy is triggered,

–Every data session for the ‘target’ is recognized and extracted

–Applications that are taking place within the session are recognized and clearly marked

–A Syslog record is generated providing a complete dump of the session

–When possible, the session is reconstructed to show the different objects that were exchanged in the session

–Whenever needed, SSL sessions are also intercepted and the aforementioned points 1 to 4 are executed

Supported Protocols & Applications

  • Traffic Protocols: All TCP, UDP, ICMP, and IP
  • Chat Applications:

–MSN Messenger

–Yahoo Messenger

–Skype Messenger

–Gmail Chat

–GaduGadu

–Facebook Chat

–WhatsApp Chat

  • VoIP Applications

–Skype

–Viper

–QQ Chat

Reconstructed Applications & Attachments

  • E-mail Protocols: SMTP, SMTPS, POP3, IMAP, full session reconstruction including attachments
  • Web Protocols: HTTP/HTTPS (port configurable), full session reconstruction including attachments
  • FTP Protocols: FTP, FTPS, TFTP, full session reconstruction including attachments
  • Web applications such as:

–Facebook

–Outlook/Hotmail

–Gmail

–Yahoo Mail

–What’sApp

  • Attachments: Support for more than 500 file types and popular media files for video and voice with known and viable decoders