Cloud Content Security: Fight against cyber attackers

Today’s cyber attackers are stepping up their attempts to compromise both web and email—secure only one and an adversary will enter from the other.

These attackers set ransomware traps to steal critical data only to demand a hefty price for its return.

L7 protects networks from the most advanced threats while saving valuable time and resources. With automated classifying and sand-boxing the traffic, zero-day updates to you maintain the highest level of protection.

Assist your Firewall to audit & filter threats inside https.

 Problem 1: Filtering Threats Inside Https

Nowadays cloud services and hacker C&C are all encrypted in https connections, causing traditional security solutions fail to lter the contents. Such services include Hacker Cloud (Botnet C&C / APT), WebMail Cloud (Gmail / Outlook / Yahoo Mail), Social Cloud (Facebook /Twitter / Google Plus), WebHD Cloud (Dropbox / Google Drive / One Drive), Messenger Cloud (Line / Skype / Google Hangout / Facebook Chat). Research reports indicate that atleast 60% of the total trac hides in https tunnels. Auditing, ltering, and forensics the content of trac is not easy anymore. It’s time to face the truth

Problem 2: Realtime Drill-Down Trac Ranking into Https Details

Nowadays cloud services and hacker C&C are all encrypted in https connections, causing traditional security solutions fail to lter the contents. Such services include Hacker Cloud (Botnet C&C / APT), WebMail Cloud (Gmail / Outlook / Yahoo Mail), Social Cloud (Facebook)

Problem 3: Ransonware & Condential Data Leakage

Recently many computers are locked by ransomware, meaning anti-virus is not fast enough to defend vulnerabilities. Stopping botnet’s command and control return path with malware sandbox are the last defend line for enterprises.

Problem 4: Auditing Https for Regulatory Compliance

Corporate scandals and breakdowns such as the Enron case have increased calls for stronger compliance and regulations in dierent kinds of industries, such as GDPR,

Sarbanes–Oxley, ISO27000, PCI-DSS, HIPAA, SEC, FINRA, FSA, IIROC, FERC, NERC, CFTC, NFA.

They all require electronic communications to be logged for years for auditing. Of course it is a must to audit https trac since most crime activities hide themselves in encrypted https tunnels.

Solution: User-Unaware Decryption and Digital Forensics

User-unaware installation is extremely important for such auditing tools. InstantCheck® employs transparent mode or proxy mode to install without changing your network architecture. Currently InstantCheck® can lter detailed behaviors and reconstruct mainstream webmail contents (Gmail / Outlook / YahooMail ) webhd contents (Dropbox /One Drive / Google Drive), messenger contents (Line / WeChat / Facebook Chat / GmailChat), social contents (Facebook / Twitter) for network data forensics.

Traffic analysis & QoS by not just reports, but in real-time

Visibility into https

L7 recognizes applications with the DPI (Deep Packet Inspection) technology.

With its unique drill-down real time view of  trac, you can easily get a full picture of your network.

Then assign the analyzed result with its dynamic bandwidth borrowing, prioritization, fair queuing, per-ip rate / quota / session controls, and tree-based QoS channels to optimize your trac. Finally, the built-in report engine can bring you fully customizable charts to demonstrate its activeness.

L7 can also track major application’s detailed behaviors for administrators to setup advanced L8 policies. For example, the built-in URL database can classify website trac into 70+ categories. You can assign porn trac to limited QoS channels while news trac to high-bandwidth QoS channels.

Identify not just IP addresses, but with user names

Integration with AD to track users

L7 combines several approaches to integrate with Microsoft Active Directory:

(1) GPO-dispatched end-point agent to report its User-IP mapping every 20s

(2) WMI-based agent registered to AD for interested login events

(3) Auto-AD authentication by NTLM

(4) Auto proxy authentication by NTLM

(5) Captive portal for web login with AD/LDAP/POP3/SMTP/Radius user database

 

These techniques can work together simultaneously to get the best knowledge of which

user is using which IP address.

Filter not just apps, but behaviors

NGFW controls apps, we control app behaviors

Modern clouds, such as WebMail Cloud (Gmail / Outlook / Yahoo Mail) having login / send / attach / read / download attachment; Social Cloud (Facebook / Twitter / Google Plus) having login / friend post / status / like / video / wall / share; WebHD Cloud (Dropbox /Google Drive / One Drive) having login / le upload / le download; Messenger Cloud (Line / Skype / Google Hangout / Facebook Chat) having login / message / le transfer.

Next-Generation Firewall (NGFW) may have the ability to block separate cloud apps, but NGFWs cannot look into the cloud to control the behaviors inside the cloud. L7 brings you the ability to control behaviors, not just apps.

Record not just sessions, but contents

Regulatory Compliance

Corporate scandals and breakdowns such as the Enron case have increased calls for stronger compliance and regulations in dierent kinds of industries, such as GDPR,

Sarbanes–Oxley, ISO27000, PCI-DSS, HIPAA, SEC, FINRA, FSA, IIROC, FERC, NERC, CFTC, NFA.

They all require electronic communications to be logged for years for auditing. Of course it is a must to audit https trac since most crime activities hide themselves in encrypted https tunnels.

Content recorder for auditing purpose

Traditional & modern cloud apps mentioned above can be traced and recorded for auditing purpose.

Keyword matched contents will alarm auditors to analyze if any policy violation exists. Only permitted account can see privacy data.

Block with global threat centers

Exchange of threat information with global threat centers

Modern attacks have combined a lot of techniques for hackers to control botnets for starting various attacks or stealing condential information. Multiple agencies in the world have contributed some coverage of C&C servers. L7 held the https://blacklisttoal.com to sync with many world-class blacklists to provide the best coverage of global threats.

Malicious IPs are identied with virus names to accurately stop threats immediately

Filter not just URLs, but secretes

Data Loss Prevention (DLP) module stops insider threats

For regulatory compliance to GDPR, Sarbanes–Oxley, ISO27000, PCI-DSS, HIPAA, SEC, FINRA, FSA, IIROC, FERC, NERC, CFTC, NFA, they require electronic communications to be audited and ltered to stop personal identity information (PII). With additional license toenable DLP, L7 can immediately stop confidential data leakage, even via https encrypted web sites.

Malware Analysis

ADVANCED THREATS WITH A COORDINATED DEFENSE BUILT ON SoftASIC

Ransomware and other advanced threats involve highly-coordinated delivery methods that shift between web and email channels in search of a weakness in your defenses. L7's InstantGuard provides effective security by first identifying and secondly classifying information to deliver real-time security ratings to both web and email traffic. InstantGuard’s eight threat assessment areas and unique composite scoring process protect against emerging threats — including the most advanced zero-day attacks and APTs — while improving productivity and compliance through strong outbound content visibility and containment controls.

Cloud App Security

PROVIDES VISIBILITY & CONTROL INTO CLOUDS

Most of your employees have adopted the cloud. And while your BYOD policy has increased productivity and lowered operating costs, cloud-based apps like Office 365, Dropbox and Salesforce need protection to prevent account-centric threats, meet compliance requirements and protect critical data. L7 provides visibility and control over sanctioned and unsanctioned cloud apps to enable their safe and productive use.

Web & Email Cloud Security

PROVIDES VISIBILITY & CONTROL INTO CLOUDS

The rapid expansion of public cloud services, remote workers and BYOD has revolutionized how and where data is stored and accessed. Protect your business in the cloud and as your users become more mobile and personal and business data co-mingles on removable media and devices.

L7 protects networks from the most advanced threats while saving valuable time and resources. L7's solutions are built on a common architecture, allowing for hassle-free maintenance and software updates to ensure the highest level of protection.

Data & IP Protection

SECURE CRITICAL BUSINESS DATA

With people and networks everywhere, the reality is, complete control over data and intellectual property is a thing of the past. L7's unique, human-centric perspective shifts the security paradigm to understand behaviors and intent. 

The rapid expansion of public cloud services, remote workers and BYOD has revolutionized how and where data is stored and accessed.

Protect your business as your users become more mobile and personal and business data co-mingles on removable media and devices. Detect and protect any and all data with advanced fingerprinting, from large databases to a single instance of PII hidden in documents.