InstantScan????

1
(No Transcript)
2
InstantScan Content Manager

• L7 Networks service_at_L7-Networks.com

L7 Networks Inc.
3
Agenda

• Company Profile
• L7 Missions
• L7 Investors
• Layer-7 Content Manager
• Part-I Market Demand
• Part-II Solutions
• Part-III Successful Cases
• Appendix-I Layer-7 App.
• Appendix-II Product Spec.
• Appendix-III Patents

4
Missions Internal Network Security
InstantScan Content Mgr. Catching Internal
Thieves Employee internet content / behavior
management
InstantLock Co-Defender Defending Internal
Attacks Isolate virus-infected PCs
Internal Threats
InstantBlock Application Firewall Preventing
External Attacks/Thieves Unified threat
management
InstantQos Bandwidth Mgr. Shaping Internal
Traffic Manage P2P / streaming / VoIP / by
layer-7 in-depth classification
External Threats
5
L7 Investors
6
InstantScan Content Manager
L7 Networks Inc.
7
Part-IMarket Demands
Catching the Internal Thieves
8
What are your employees doing at work?
employee productivity killer
Internet Explorer for web sites
Outlook for emails
Looking for info for work? Check out stock price
first!
network performance killer
Communicating for work? Speak to lovers first!
MSN for chats
BT, ED2K, Xunlei
Download a movie back home for fun!!
9
Survey Studies

• Heavy Usage
• Gartner gt30 enterprise, lt1 control (2005)
• Radicati Group gt80 enterprise (2008)
• Security Theats
• WORM_KELVIR.A
• WORM_FATSO.A

10
1. Employees with low productivity
11
2. Information Leakage or Virus
Price Book
12
3. Bandwidth stealers for downloads

• P2P downloads
• Illegal music
• Illegal movies

• Bandwidth inadequate for
• HTTP
• Email
• ERP

13
Plug Play
Firewall
2005/03/25 NBL Editors Choice Beat Facetime,
Akonix 2005/12/01 National Innovation Awards
L7
Content Manager (stealth mode)
switch
14
5-Step Content Management
Step.1 Discovery
Step.2 Normalization
Step.3 Behavior Mgmt.
Step.4 Content Mgmt.
Step.5 Report Analysis
Anti-Virus
MSN file transfer
File Recording
IM Game
IM Chat
Chat Recording
IM Streaming
Keyword block
P2P Bandwidth Mgmt.
35 Mbps
20 Mbps
10 Mbps
Interactive Behavior Mgmt.
Deep Content Inspection
Layer-7 to Layer-4 Normalization
Real-time Learning
Offline Report / Analysis
15
1. Employees with low productivity
Instantly respond to employees in Chat windows
even IS doesnt have an IP address
16
2. Information Leakage or Virus
Price Book
Instant Warning
17
3. Bandwidth stealers for downloads

• P2P downloads
• Illegal music
• Illegal movies

After installing InstantScan

• Mission critical app.
• HTTP
• Email
• ERP

18
Part-IISolutions
19
Solutions
manage / filter / record / audit employees IM
Web behaviors and contents to increase their
productivity
built-in backend reports for 3-level analysis
(1) index for productivity, performance,
security (2) dashboards for summary (3)
detailed reports for inspection
Employee Productivity
highspeed UTM hardware platform with intelligent
3-tier arch. for performance, availability, and
reports
Layer-7 Visibility
understand the real applications running by your
employees
Network Performance
Internal Security
limit P2P / P2SP traffic and guarantee mission
critical traffic such as ERP, VoIP, Web traffic
prevent internal network users from virus/worm or
information leakage by P2P / tunnel software,
spyware, WebMail, WebIM, etc.
20
Painless Installation?
WebSense / BlueCoat / FaceTime / IM Logic /
Akonix require to setup every client to connect
to the IM Proxy
Spam Wall
Tunneled IM cannot be managed
Virus Wall
IM_at_HTTP cannot be managed
IM Proxy data path
Inline-IDP
Firewall/VPN
Check website for comparison
Content Mgmt.
IM Proxy
What if IM is tunneled in WebMSN/Mail/HTTP/?
Web Proxy
What if IM behaves like Web Proxy?
21
Step 0. No Modification of Networks
IM in port-80, proxy, socks4/5 can still be
managed
Even in wireless/dhcp env, still can be managed
by AD
Management Server
DHCP Server
Firewall/Router
Proxy
IS
switch
AD Server
switch
22
3-Tier Architecture
Friendly user interfaces
Powerful reporting and alerts
Plug play installation without modifying
network arch.
23
5-Step Content Management
Step.1 Discovery
Step.2 Normalization
Step.3 Behavior Mgmt.
Step.4 Content Mgmt.
Step.5 Report Analysis
Anti-Virus
MSN file transfer
File Recording
IM Game
IM Chat
Chat Recording
IM Streaming
Keyword block
P2P Bandwidth Mgmt.
35 Mbps
20 Mbps
10 Mbps
Interactive Behavior Mgmt.
Deep Content Inspection
Layer-7 to Layer-4 Normalization
Real-time Learning
Offline Report / Analysis
24
Step 1. Discovery (App. View)
Watch applications sessions and highlight
tunneled IM sessions
25
Step 2. Setup L7 Policy
Scheduled updates to Application Patterns to
manage application usage by defined time schedules
26
Step 3.1 Setup IM Policy for Individuals
IM management for individuals by (1) specific IM
accounts, (2) learning, (3) registration, (4) AD
name, (5) AD group
27
Step 3.2 Setup IM Behavior Mgmt.
Define permission levels to facilitate individual
IM policy deployment
28
Step 3.3 Setup IM Peers
Limit the peer for chat by individuals or groups
29
Step 3.4 Self-Defined Policy Violation Warning
Messages
Multi-language support for all languages
30
Step 3.4 Setup Bandwidth Pipes
Divide outbound bandwidth pipes by mouse drags
Divide inbound bandwidth pipes by mouse drags
31
Step 4.1 Setup IM Chat Content Management
Right click to define your own chatting keywords
/ groups
32
Step 4.2 Setup IM File Transfer Content Management
Right click to define your own filename
keywords/groups
33
Step 4.3 Setup IM File Transfer Anti-Virus
Anyone who is infected with virus will be
notified the name of the virus
34
Step 5.1 Multi-level Auditing Levels
3-levels admin/mis/audit to separate operating
and auditing parties
35
Step 5.2 Ranking by app. usage
36
Step 5.3 Ranking by traffic volume
37
Step 5.4 Scheduled Reports in HTML/PDF/XLS Formats
38
Step 5.4 Scheduled Reports in HTML/PDF/XLS Formats
39
Part-IIISuccessful Cases
40
Accounting Auditing
Anyone who is auditing others should have
themselves well-audited so as to assist
customers to be compliant to various regulations.
41
Manufacturing
Confidential information should be kept as
private as possible. InstantScan is able to
detect varieties of tunneled software which may
cause a lot of security holes for information
leakage.
42
Semiconductor
Confidential design sheet is the core technology
of IC design and must be kept as private as
possible. Anyone who use IM to transfer
confidential files can be caught with strong
evidence.
43
IC Design
Confidential design sheet is the core technology
of IC design and must be kept as private as
possible. Anyone who use IM to transfer
confidential files can be caught with strong
evidence.
44
Banking Stocks
With a heavy usage of IM across the
stock transactions, they do need a tool to log
and record what the customers have issued to the
brokers, and what the brokers have spoken to the
internal dealers.
45
Photodiode
Confidential design sheet is the core technology
of Photodiode and must be kept as private as
possible. Anyone who use IM to transfer
confidential files can be caught with strong
evidence.
46
Electronics
Confidential price book is the core value of us
to sale the chips and must be kept as private as
possible. Anyone who use IM to transfer
confidential files can be caught with strong
evidence.
47
Media
Confidential news are invaluable if they are kept
in secret. However, journalists communicate
largely with IM so they can share the resources.
What is worse, internal staffs may also use IM to
tell other staffs in other companies. However,
IM is extremely convenient for communications amon
g internal staffs. We need L7 to control them.
48
Spin-off from the D-Link corporation, Alpha
continued to sue VIA Technology for the stolen
confidential designs. In the mean time, Alpha
Networks put 4 InstantScan boxes at the outbound
links to control the use of IM so as to gather
the information of IM usage.
As the largest multi-level company in the world,
Amway continued to make itself conform to the
toughest regulations in order to keep its
electrical communications as secure as possible,
just like what it had done to web and emails.
49
Confidential patents are invaluable if they are
kept in secret. Biochemistry has become the most
emergent Industry that can boost revenue in the
century. Just like what health-care industry has
emphasized, the data of the patient or people
under experiments is extremely proprietary and
never be leaked to anyone else. L7s InstantScan
helps to control the usage of IM.
50
Benefits for Deploying InstantScan

• Discovery
• See who is actually using the network for what,
  especially in multi-culture environments which
  mix a huge number of applications.
• L7 Firewall IM / P2P / Tunnel / Streaming / VoIP
  / File-Transfer /
• Effective control the applications in your
  networks, either blocking or shaping
• Content Manager IM Web
• Selectively log/record employees' activities and
  contents for regulations and compliance.
• Actively control the activities/contents instead
  of just logging/recording to prevent confidential
  information leakage while improving productivity.
• Report Analysis
• log and archive for potential legal discovery
  needs or other purposes
• Indication of employees' policy violations or
  productivity.

51

• Layer-7
• Content Manager

52
Appendix-IFAQ
53
1. L7 support what applications?

• Check Appendix II or L7 Web Portal

54
2. Target customers and competitors
IS-5000
Actively mgmt. auditing
Competitor Facetime/Akonix/ImLogic Installation
Win Function Even Price win (no need to have 2
devices)
IS-1000
IS-100
UTM-oriented market. Need passive sniffing
instead of active management. So L7 integrates
ISIBIQ to penetrate this market
IS-50
IS-10
Competitor BlueCoat has dominated the proxy
market by huge number of deployed proxies.
Emphasize L7s IM/P2P advantage while unneeded to
change their proxy architecture
Passive auditing
Large (lt1000)
Huge (lt3000 people)
Tiny (lt30)
Medium (lt 150)
Small (lt70)
55
Appendix-IIL7 Applications
56
Normalization Step 1Step 2
Step.1 Monitor
Step.2 Normalization
Step.3 Behavior Mgmt.
Step.4 Content Mgmt.
Step.5 Report Analysis
Anti-Virus
MSN file transfer
File Recording
IM Game
IM Chat
Chat Recording
IM Streaming
Keyword block
P2P Bandwidth Mgmt.
35 Mbps
20 Mbps
10 Mbps
Interactive Behavior Mgmt.
Deep Content Inspection
Layer-7 to Layer-4 Normalization
Real-time Learning
Offline Report / Analysis
57
General Applications

• No mater which port they use
• HTTP
• SMTP
• POP3
• IMAP
• FTP

58
Instant Messenger (IM)

• MSN 6.2, 7.0, 7.5, 8.0 beta, Windows Live
  Messenger 8.0
• Yahoo Messenger 5.5, 6.0, 7.0, 8.0 beta, 8.0
• ICQ 2003pro, 4.14lite, 5.0
• AIM 5.9
• QQ
• YamQQ-2003II, QQ-2003II, QQ-2003III,
  YamQQ-2004III, QQ-2004 formal edition,
• YamQQ 2005 Formal Edition, QQ 2005 Beta2,
• QQ 2005 Simplified Chinese Formal edition
  (include ??????v4.0 Formal Edition)
• qqfile QQ2006Beta2, qqshare QQ2006Beta2
• Miranda v0.4
• Gaim v1.30
• Trillian Basic 3.0
• Google talk beta
• Webim include web-msn, web-aol, web-yahoo,
  web-icq
• http//www.e-messenger.net/, http//e-messenger.ne
  t/, http//vweb.e-messenger.net/,
• http//start.e-messenger.net/, http//hanoi.e-mess
  enger.net, http//www.meebo.com/,
• http//www.iloveim.com/, http//x??.iloveim.com/,
  http//hanoi.e-messenger.net,
• http//webmessenger.msn.com/, http//www.icq.com/i
  cq2go/, http//aimexpress.aim.com/
• http//www.ebuddy.com

59
Peer-to-Peer (P2P)

• Bittorrent
• BitComet 0.54 / 0.6 / 0.67, Bitspirit 2.7, Mxie
  0.6.0.2, utorrent 1.5, azureus 2.4
• Kuro m6, 2005 5.18
• Edonkey
• Emule 0.42b/0.44d/0.45b, edonkey2000 V1.0,
  Overnet tested-version, utorrent v1.5, azureus
  v2.4
• ezPeer v1.0beta
• Directconnect directconnect 2.205, dc 0.668
• OpenFT crazaa v3.55, Kceasy v0.14
• Pigo pigo v3.1, 100bao v1.2.0a
• Kugoo v2.03, v2.055, v3.10
• Ares 1.04
• poco
• poco 2005
• pp point (pp???) v2006
• Fasttrack
• kazaa 2.7 / 3.0 / 3.2
• grokster 2.6/2.6.5
• iMesh 4.5 build 151 / 5.20 / 6.5
• Gnutella

60
Voice Over IP (VoIP)

• Skype
• 1.0, 1.1, 1.2, 1.3, 1.4, 2.0, 2.5beta, 2.5.0.113
• SkypeOut
• 1.4, 2.0
• SIP
• TelTel 0.8.5.3, Wagaly TelTel 0.8.4, MSN Voice
  7.5 , Yahoo Voice 7.0
• H323
• NetMeeting 3.01

61
Tunnel Ware

• hopster Release 17
• Httptunnel v3.2, 3.4
• Realtunnel v0.9.9, 1.0.1
• VNN 2.1, 3.0
• Softether 1.0, 2.0
• Tor v0.1.0.1X, v0.1.1.22
• JAP 00.05.022
• YourFreedom 20060725-01

62
Remote Access

• Windows remote desktop
• VNC (Virtual Network Computing)
• vnc, Ultra VNC 1.0.1, Win v3.3.7
• Symantec pcAnywhere 10.5 / 11
• NetOP Remote Control v9.00
• Remote Administrator 2.2

63
Streaming

• RTSP
• http//www.haody99.com/, MediaPlayer 10.0,
  RealPlayer 10.5
• QuickTime 6.5, 7.0, KKBox v1.0, v2.0, v2.2,
  RealOne 1.0, 2.0
• MMS(Multimedia Messaging Service),
• Yahoo music
• (http//music.yahoo.com/, http//tw.music.yahoo.co
  m/, http//music.yahoo.com.cn/)
• - Shoutcast
• winamp 5.111 / 5.24
• JetAudio 6.2
• Icecast 2.3
• Live365 Radio365 1.11 build17
• Google Video(http//video.google.com/)
• AOL Radio(http//music.aol.com/radioguide/bb.adp)
• iTunes 6.0
• TVAnts 1.0
• PeerCast 0.1217
• Napster (www.napster.com)
• qqtv (qq?? tv.qq.com) 3.2
• ppstream 1.0

64
Appendix-IIIProduct Comparison
65

• L7 vs. Facetime vs. Akonix vs. IM Logic

66
Facetimes Solution
Limited solution. Cannot control P2P bandwidth.
Can block Skype
Require clients to assign proxy to IM
Auditor What if not set the proxy?
67
Akonixs Solution (I)
Limited solution. Cannot control P2P bandwidth.
Cannot manage Skype
Require clients to assign proxy to IM
Auditor What if not set the proxy?
68
Akonixs Solution (II)
Limited solution. Cannot control P2P
bandwidth. Cannot manage Skype Cannot manage MSN
/ Yahoo / AOL / ICQ over random ports
69
IMLogics Solution
70
L7 Networks Solution
71

• Award-winning test report

72
NBL Test Report (2005/2/23)
73
NBL Test Report (2005/2/23)
FP False positive, FN False negative, N/A Not
available
74
NBL Test Report (2005/2/23)
FP False positive, FN False negative, N/A Not
available
75
NBL Test Report (2005/2/23)
FP False positive, FN False negative, N/A Not
available
76
NBL Test Report (2005/2/23)
FP False positive, FN False negative, N/A Not
available
77
NBL Test Report (2005/2/23)
FP False positive, FN False negative, N/A Not
available
78
NBL Test Report (2005/2/23)
Virus scanning is supported in advanced version
79
NBL Test Report (2005/2/23)
80
Appendix-IVPatents
81
Patent-1 PostACK TCP BW. Mgmt.(1)

• Contributed to IEEE
• IEEE Transactions on Computers, Vol.53, No.3,
  March 2004 Assessing and Improving TCP Rate
  Shaping over Enterprise Edges
• IEEE Communications Surveys and Tutorials, Vol.5,
  No.2, 2003 A Measurement-Based Survey and
  Evaluation of Bandwidth Management Systems
• IEEE Global Telecommunications Conference 2004
  (IEEE Globecom 2004), Dallas, Texas USA, Nov.
  2004 On Shaping TCP Traffic at Edge Gateways
• IEEE Symposium on Computers and Communications
  (IEEE ISCC 2003), Kemer - Antalya, Turkey, Jun.
  2003 Co-DRR An Integrated Uplink and Downlink
  Scheduler for Bandwidth Management over Wireless
  LANs

82
Patent-1 PostACK TCP BW. Mgmt.(2)

• Packeteer
• TCP Rate Control
• Window sizing
• L7
• PostACK
• Delaying the reverse ACK

83
Patent-2 SoftASIC Classification
.. Yahoo app. pattern AOL app. pattern MSN app.
pattern BT app. pattern
Step 1. Reassembly
pattern matching
Step 3. Cut-Thr Forwarding
Step 2. Match!!
P2P/BT_at_HTTP
At most first 10 pkts can judge if this HTTP is
BT (average case first 3 pkts can finish the
process)
84
Patent-3 Multi-Stage Inspection(1)

• Standard_at_Any
• HTTP
• Proxy_at_HTTP_at_Any
• Socks4_at_Any
• Socks5_at_Any
• .

Spam Wall
Tunneled IM cannot be managed
Virus Wall
IM_at_HTTP cannot be managed
IM Proxy data path
Inline-IDP
Firewall/VPN
Content Mgmt.
IM Proxy
Web Proxy
85
Patent-3 Multi-Stage Inspection(2)
IM Content Mgmt. Engine
Step 3. Redirect
.. Yahoo app. pattern AOL app. pattern MSN app.
pattern BT app. pattern
Step 1. Strip Headers (socks4/5)
pattern matching
Step 2. Match!!
MSN_at_Socks_at_Any
86
Patent-4 Inline-Proxy Stack(2)

• Benefits
• True inline plug play proxy stack
• Stable user-space programming
• Easy for SMP parallel processing

IM/Web Content Mgmt. Engine
Inline-Proxy TCP Stack
Emulate original IP/port while swapping sequence

Queue
MSN_at_Socks_at_Any
87

• Layer-7
• Content Mgmt.
• Expert