Increase Network Security With Application Session Filtering Via Keyword And Regex Search

The Challenge

Finding traffic based on the content of the packet requires separating traffic which cannot be done with traditional Layer 2 - Layer 4 filters. This application requires a lot processing power and, therefore, the load is limited to 20 Gbit/s. The second big challenge is the packet must be decoded first so that the search is only on the user data and not the full packet to achieve full results.

The Solution From Cubro

With the help of regex it is possible to match fixed values like IP addresses or Port numbers of a Packet. The feature allows the user to match on every part of the packet. Regex is used to describe a certain search pattern. This pattern can be a complex search operation or strings or whole sentences. For example, it is possible to search for headlines from newspapers or filter easy http GET messages. This is slightly more complex than the traditional filtering - but the possibilities are much higher.


The below image shows that the requirement is to get all HTTP GET messages for analysing purpose because the “HTTP GET” message offers a great deal of information about the traffic.

Massive Keyword Search Application

The illustration shows a high level overview on how Keyword search works in a big environment. Depending on the search criteria it is necessary to either decrypt all encrypted traffic or to delete it. Keyword and Regex search are always done with the help of CPUs because it makes sense to use multiple Sessionmasters. Each EXA gets the full information but each one searches for different content. This architecture is also the most viable solution for long term because it is scalable. If more search performance is needed in future, it is easy to just add more Sessionmasters.


Contact technical expert