Stateful inspection vs Netbox Blue's application layer

The Netbox application layer firewall and proxy implementation sits between your local workstations and the internet. Suspicious data is dropped and workstations and servers on the internet never communicate directly hence greatly reducing the ability of compromise to internal machines. This has an advantage over the "Typical Security Implementation" above in that the Netbox firewall has transparent proxy intelligence for specific protocols rather than just looking at each packet on its own merit.

This application layer intelligence also has benefits over the much purported Deep Packet Inspection (DPI) firewalls. DPI is per packet, not covering the entire data stream so a large malicious payload (larger than one packet) will be missed. DPI firewalls that implement a signature based policy around access control will only block suspicious traffic if it has a signature for it. The DPI firewall has to have its signature set updated to detect any newly discovered threats. Hence an attack the DPI firewall has not seen before will get through. The Netbox application layer firewall executes the protocol that is being spoken hence doesn't need to check against a signature database. Instead of trying to determine if any part of the protocol communication matched a signature the Netbox proxy is executing the protocol hence unless the application that is communicating with the proxy complies with the protocol then traffic is not going to get through. Also because application-level proxies are application-aware, the proxies can more easily handle complex protocols.

Spam filtering vs Netbox Blue's SMTP level Spam and malware filtering

Netbox Blue's unique SMTP pre-delivery filtering mechanism means customers no longer have to pay to download spam just to reject it. Netbox Blue's recent global statistics show greater than 90% of total emails are spam. That means for a site receiving 1,000,000 emails per week 900,000 emails are being downloaded and processed by your mail server just be rejected or even worse ending up in users mail boxes for them to filter through. Over 95% of all spam that the Netbox rejects is rejected before the content or any attachments even hits your internet connection. This is achieved through a sophisticated set of pre-delivery SMTP control commands during the email exchange process. Why accept and download email before you can even verify that the sender is legitimate? Hence the Netbox verifies that senders and servers adhere to a number of sophisticated lookups before allowing the email to be downloaded. This saves massive amounts of bandwidth and is akin to an "in the cloud solution" with the added benefit of retaining control. This also cleans the internet pipe, enabling excess bandwidth to be available for business critical applications such as remote desktop, Citrix, VoIP, etc.

Once an email has passed this initial interrogation our thorough Post-Delivery content filtering engine is engaged to put the email through a number of further spam and Anti-Virus checks. The final stage of processing is through the Content Compliance Engine (CCE) which allows corporations to apply business compliance rules to all inbound and outbound email traffic. Only once an email has passed this final stage is it relayed to the internal mail server for user retrieval.

Advanced IDS/IPS protection

This technology provides hybrid signature and protocol anomaly detection. This is designed to protect hosts that may be sitting behind the Netbox, and rate limit bandwidth utilisation that may be consumed for an attack. The Netbox total security solution is provided as a semi-managed service hence the firewall is proactively and seamlessly updated to rate-limit and block external attacks. This type of approach allows for zero-day protection as the rules aren't just specific to previously known attacks.

Protocol neutral anti virus

The Netbox also delivers protocol neutral anti virus protection.

This scans all streams of traffic for virus activity - any stream that is not encoded (eg: SSL encryption) will be scanned automatically to provide comprehensive coverage, even if it is not on traditional protocols such as HTTP and FTP. This provides the highest level of anti virus protection available. Heuristic / Bayesian filtering vs Netbox Blue's "true" filtering technologies

Heuristics and Bayesian filtering have been successful spam technologies in the past when only 20-30% of email on the internet was spam. Now that over 90% of total email on the internet is spam these two techniques of detecting and combating spam are not scaling and are causing users and administrators greater overhead of managing deployments that implement this technology. In today's climate a spam solution should be robust and scalable such that that it doesn't require user intervention to determine what is or isn't spam. A simple ROI calculation suggests that solutions that still require quarantine folders or administrators to weed through 1000's of emails a day that are (probable) spam can not provide scalable email security solutions. The Netbox Blue spam implementation does not use any guess work in its battle against spam. The SMTP pre-delivery engine performs a number of dynamic and transparent black and white tests. These tests are performed on the basis of actual SMTP meta data and are not guess work - either a sending email server passes these tests or not.

This refreshing approach to spam filtering enables clean installations of the Netbox where once its implemented users or administrators no longer have to trawl through potential false positive spam folders. For piece of mind the Netbox can be configured to store messages that have been detected however, after experiencing the Netbox effect administrators commonly disable this feature and enjoy a clean and maintenance free anti-spam gateway solution.