Increase Network Security With Application Session Filtering Via Keyword And Regex Search

cubro icon challenge

CHALLENGE

cubro icon solution in green

SOLUTION

PRODUCTS

 

Finding Traffic Based on Content

Filtering for traffic based on the content  can be useful when improving security. Traditional Layer 2 - 4 Network Packet Brokers have only a limited view on content in a packet. Often the relevant information is only visible in a higher layer though; beyond Layer 4. If there is a requirement to inspect the content of a packet then there is no avoiding a Network Packet broker that incorporates a CPU.

 

Keyword and Regex Search Application

With the help of regex we have the ability to match fixed values like IP addresses or Port numbers of a packet. This feature allows the user to match on every element of the packet. Regex (regular expression) is used to describe a certain search pattern. This pattern can be a complex search operation, strings, or entire sentences. For example, it is possible to search for headlines from newspapers or easily filter HTTP GET messages. This is slightly more complex than traditional filtering - but the possibilities are much higher.

The below image shows a scenario where all HTTP GET messages are retrieved for analysis because the “HTTP GET” message provides a great deal of information about the traffic.

 

Products in this Solution