SonicWall says its new inspection engine gives deeper insight into network traffic without performance dumps.
SonicWall pulled the covers off a new feature company officials contend
offers deeper insight into network traffic without compromising performance.
Dubbed the SonicWall RFDPI 8 (Reassembly-Free Deep Packet Inspection 8)
engine, the technology has been built into the company's NSA (network security
appliance) multicore products as a way to address security and bandwidth
concerns brought on by Web 2.0 applications.
Customers can use the technology
to monitor traffic to the point where they can look at keywords being typed
into Web 2.0 social networks and actually block content from being uploaded,
explained Jon Kuhn, SonicWall's director of product marketing.
The company unveiled the technology April 30 at the Interop Las Vegas
convention. According to SonicWall, the new version of the inspection engine is
two to four times faster than previous versions.
The new inspection engine works by scanning every packet in real time as it
moves through the appliance. The engine essentially takes advantage of
streaming traffic, so when a file comes across the network in multiple packets
the engine scans each packet individually to piece together a threat or piece
"We're scanning traffic by packet instead of trying to stuff an entire
file," Kuhn said. "With a traditional appliance, you'd have to first
bring that file down on to the appliance and then scan it for any content that
you are looking for."
Click here to read about SonicWall's Unified Threat Management appliances for midmarket companies.
The inspection engine scales from single core to multicore processors,
uses a universal single engine and signature language, and includes the ability
to support any platform memory size without limitation of flow size or the
number of concurrent connections, according to the company.
The technology is part of SonicWall's overall Unified Threat Management
strategy. SonicWall competes in the UTM market with a number of enterprises,
including Check Point Software Technologies and Fortinet. The market for UTM
devices, which integrate multiple security features such as firewalls and intrusion
prevention in one device, has been going strong as smaller organizations look
for ways to manage security threats more effectively.
As organizations look to control information leaving the network due to the
use of Web 2.0 applications, deep packet inspection is important for the sake
of visibility into traffic, Kuhn said.
"When you do that you need a very, very detailed
and granular look at what traffic is traversing this network," he said.
"This is what [SonicWall's] UTM is seeking to solve: trying to get down to
the bits and bytes of what's being transferred outside the network."