Application Scanning and Control
APPLICATION SCANNING
AND CONTROL
While traditional firewalls block protocols and ports, the Network Box Application Scanning and Control engine analyzes web traffic at the data level to identify the application responsible for that traffic.
Once identified, the engine allows connections to be appropriately labelled for reporting and policy control. Integrated to the SSL Proxy, even traffic inside encrypted SSL sessions can be identified and controlled.
The system can also promote traffic to be handled by protocol specific scanning modules to perform more detailed analysis such as anti-malware scanning and more.
Application Classification:
Tags and Categories
The engine supports over 1,300 applications such as Skype, Twitter, Messenger, Facebook, YouTube, Spotify, WhatsApp, Reddit, and many more. The applications can be classified using 20 tags and 15 categories:
|
20 Tags |
|
|
|
Advertisements |
Mobile |
Video Conferencing |
|
Encryption |
Peer 2 Peer |
Voice Conferencing |
|
Facebook App |
Phones Home |
Excessive Bandwidth |
|
Instant Messaging |
Proxy |
Potential Data Leak |
|
Internet Search |
Remote Control |
Prone to Misuse |
|
Logs Communication |
Screen Sharing |
Used by Malware |
|
Media Share |
Uses Stealth |
|
|
15 Categories |
|
|
|
Collaboration |
Messaging |
Social Networking |
|
Database |
Network Monitoring |
Streaming Media |
|
File Transfer |
Networking |
Unknown |
|
Games |
Proxy |
VPN and Tunnelling |
|
|
Remote Access |
Web Services |
Application Classification:
Productivity and Potential Risk
In addition to tags and categories, the engine also allows data streams to be analyzed both in terms of Productivity and Potential Risk.
|
The Productivity Index ranks application usage from 1 (Recreation) to 5 (Business). |
|
The Risk Level Index ranks application usage from 1 (No Risk) to 5 (Very High Risk). |
|
|
Productivity Index |
|
|
Risk Level Index |
|
1. |
Primary use is recreation |
|
1. |
No Risk |
|
2. |
Main use is recreation |
|
2. |
Minimal risk |
|
3. |
Equally used for business and recreation |
|
3. |
Some risk, possible misuse |
|
4. |
Main use is business |
|
4. |
High risk, possible data leaks / malware |
|
5. |
Primarily used for business |
|
5. |
Very high risk, evades detection/bypasses firewalls |
Enhanced
Policy Control
When the application has been identified by the engine, by using the rules system, different company policies can be applied to allow better control of user's web access:
|
Flexible Classification Control Access can be restricted using multiple categories, tags, productivity index and risk level classifications. Example: Users cannot access sites that are: Social Media, AND Advertising, AND Productivity Index 1, AND Risk Level 5.
|
|
|
Time-Based Control Allow users to access certain websites only during specific times of the day. Example: Users can only access social media sites during non-working hours.
|
|
|
User-Level Control Only specified users or user groups are allowed access to certain websites. Example: The company’s marketing department can access social media sites all day but other user groups cannot access it, or can only access it during non-working hours.
|
|
|
Granular Control User will be able to access certain website but may have restrictions within the site. Example: Users can access Facebook but cannot use the applications such as chat or games.
|
|
Key Features
|
|
Supports over 1,300 web applications. |
|
|
Customizable policy rules and granular control of applications. |
|
|
Encrypted SSL traffic can also be identified and controlled. |
Our Customers
Centaline Property:
I remember the system went online at work, during the day. When I got home later after work, I received a notification telling me the source of network attacks from Italy had been tracked down. We made several reconfigurations following the advice from Network Box. Such attacks were then completely stopped. 
--- Associate Director of EDP and IT of Centaline Property, Mr. Mason Ho
