Stateful inspection vs NetBox Blue’s application layer

The NetBox application layer firewall and proxy implementation sits between your local workstations and the internet. Suspicious data is dropped and workstations and servers on the internet never communicate directly hence greatly reducing the ability of compromise to internal machines. This has an advantage over the “Typical Security Implementation” above in that the NetBox firewall has transparent proxy intelligence for specific protocols rather than just looking at each packet on its own merit.

This application layer intelligence also has benefits over the much purported Deep Packet Inspection (DPI) firewalls. DPI is per packet, not covering the entire data stream – so a large malicious payload (larger than one packet) will be missed. DPI firewalls that implement a signature based policy around access control will only block suspicious traffic if it has a signature for it. The DPI firewall has to have its signature set updated to detect any newly discovered threats. Hence an attack the DPI firewall has not seen before will get through. The NetBox application layer firewall executes the protocol that is being spoken hence doesn’t need to check against a signature database. Instead of trying to determine if any part of the protocol communication matched a signature the NetBox proxy is executing the protocol hence unless the application that is communicating with the proxy complies with the protocol then traffic is not going to get through. Also because application-level proxies are application-aware, the proxies can more easily handle complex protocols.

Spam filtering vs NetBox Blue’s SMTP level Spam and malware filtering

NetBox Blue’s unique SMTP pre-delivery filtering mechanism means customers no longer have to pay to download spam just to reject it. NetBox Blue’s recent global statistics show greater than 90% of total emails are spam. That means for a site receiving 1,000,000 emails per week 900,000 emails are being downloaded and processed by your mail server just be rejected or even worse ending up in users mail boxes for them to filter through. Over 95% of all spam that the NetBox rejects is rejected before the content or any attachments even hits your internet connection. This is achieved through a sophisticated set of pre-delivery SMTP control commands during the email exchange process. Why accept and download email before you can even verify that the sender is legitimate? Hence the NetBox verifies that senders and servers adhere to a number of sophisticated lookups before allowing the email to be downloaded. This saves massive amounts of bandwidth and is akin to an “in the cloud” solution – with the added benefit of retaining control. This also cleans the internet pipe, enabling excess bandwidth to be available for business critical applications such as remote desktop, Citrix, VoIP, etc.

Once an email has passed this initial interrogation our thorough Post-Delivery content filtering engine is engaged to put the email through a number of further spam and Anti-Virus checks. The final stage of processing is through the Content Compliance Engine (CCE) which allows corporations to apply business compliance rules to all inbound and outbound email traffic. Only once an email has passed this final stage is it relayed to the internal mail server for user retrieval.

IDS and IPS vs the NetBox Blue offering

Signature based IDS and IPS solutions have been proven in the past to not be scalable in our modern day and age of growing internet borne security threats.

Heuristic / Bayesian filtering vs NetBox Blue’s “true” filtering technologies

Heuristics and Bayesian filtering have been successful spam technologies in the past when only 20-30% of email on the internet was spam. Now that over 90% of total email on the internet is spam these two techniques of detecting and combating spam are not scaling and are causing users and administrators greater overhead of managing deployments that implement this technology. In today’s climate a spam solution should be robust and scalable such that that it doesn’t require user intervention to determine what is or isn’t spam. A simple ROI calculation suggests that solutions that still require quarantine folders or administrators to weed through 1000’s of emails a day that are (probable) spam can not provide scalable email security solutions. The NetBox Blue spam implementation does not use any ‘guess’ work in its battle against spam. The SMTP pre-delivery engine performs a number of dynamic and transparent black and white tests. These tests are performed on the basis of actual SMTP meta data and are not guess work - either a sending email server passes these tests or not.

This refreshing approach to spam filtering enables clean installations of the NetBox where once its implemented users or administrators no longer have to trawl through potential false positive spam folders. For piece of mind the NetBox can be configured to store messages that have been detected however, after experiencing the NetBox effect administrators commonly disable this feature and enjoy a clean and maintenance free anti-spam gateway solution.

Zero hour protection

True Zero hour protection is delivered on the NetBox as a result of its application layer intelligence and semi-managed firewall. The NetBox uses protocol anomaly detection and application layer proxying - it does not rely on definition updates to prevent attacks. Solutions that rely on a signature set only stop attacks that have been identified and have signatures written for them. Once a new threat is discovered your network is still at the mercy of signature developers to write the signature and then vendors to disseminate these patches to your device.

Vendor X has a global reputation therefore must provide a better solution than the NetBox

In the security space it is commonly known that some of the biggest global providers of network infrastructure solution have some of the most insecure devices. These devices require constant user intervention for firmware updates and don’t enforce secure communications for remote management. The NetBox is supplied as a semi-managed service meaning the appliance is always up to date and has the latest patches.

Bust a Myth

If you are confused about any of the other buzz words used by alternative technology suppliers then please contact supportnetboxblue [dot] com to tell us and we will do our best to help “translate” them.