Enhanced Application Control
At the core of a CyberHound Appliance is a powerful Next Generation Firewall with an all new Deep Packet Inspection (DPI) and Application control engine for high throughput networks. These support thousands of users with the fastest Internet links and networks and are suitable for even the largest school networks. Ensuring uptime and accessibility to Cloud hosted and SaaS based applications is a business critical requirement for the modern network administrator. Utilising legacy techniques such as simple protocol identification and port usage is no longer sufficient in identifying applications.
With CyberHound’s new Application control engine, network administrators gain extensive visibility into their network with the ability to identify and manage over 1600 applications based on the network, users, groups, time of day and more.
Our latest enhancements to its Next Generation Firewall offer new features and benefits. These continue to provide CyberHound customers with the best K12 security, filtering and Internet management services in the industry.
- Multi-instance engine with live Application update support and hardware acceleration technologies
- Application Flow replication for high availability deplyments
- 1600+ Applications with Bi-Weekly Application signature updates
- Highly scalable Application classification fast flow at speeds up to 10Gbps
- Classification of network protocols and applications based on flow pattern matching, bi-directional flow correlation, heuristics and statistical analysis
- Identifies Applications at Layers 3 through 7
- Early packet discard mechanism
- Service ID for visibility of audio, video, file transfers and more
For more information contact us today or download our Application Control Data Sheet below:
With students and teachers having access to multiple wireless devices like laptops, iPads and mobile phones, the demands on school infrastructures and IT staff can be overwhelming (and can often dictate school policies regarding BYOD usage).
This is not the case with the CyberHound Appliance. Users can now authenticate their own devices against their credentials with no involvement of IT staff.
Security Control Features:
- Next Generation (level 7) Firewall.
- Full SSL filtering / HTTPS Inspection.
- Dynamic anonymiser detection and blocking.
- Bit Torrent control.
- Malware detection on web, email, downloads and social media.
- Secure Wi-Fi connections using BYOD zero-touch on-boarding for wireless devices.
- Advanced authentication ensuring flexible and reliable control of who access your network.
Extended Network Security with IPD/IDS
Most network Intrusion Detection and Intrusion Prevention System (IDS/IPS) services form part of a Unified Threat Management system (UTM) that also incorporates firewall functionality, and usually web scanning and reporting. The reporting on such systems tie the various roles of a UTM together, which helps deliver a holistic overview of the threat landscape to an organisation, better arming the IT team to manage and mitigate threats as they appear.
Read our Technical White Paper on what Intrusion Detection and Prevention Systems are, the functionality they provide and best practice deployment for network security.
Authentication can occur using one of four methodologies, or a combination of them all:
- 802.1 authentication. Useful for BYOD devices and wi-fi access. This occurs for any IP traffic such as for apps and is not limited to web traffic.
- Active Directory Authentication. For windows based computers at Windows 7 (or greater).
- SSH authentication for OSX on domain Macs.
- Captured portal authentication – A local catch all mechanism if none of the above apply.
HTTPS Inspection (also known as SSL filtering and HTTPS interception) allows an internet management firewall or system to inspect secure internet traffic.
HTTPS was originally developed to ensure that sensitive web data could be exchanged between two computers without a third party being able to intercept the traffic and use it illegally or inappropriately. Many Internet Service Providers (ISPs) are reporting that a majority of their web traffic is now HTTPS traffic.
Without HTTPS inspection, a web filter cannot see the destination URL which makes categorisation unreliable and the filter cannot review content from the website. This can result in students either accidentally or purposefully accessing harmful or inappropriate content. Additionally, it also means that malware (malicious software) like viruses and trojans cannot be detected and blocked from entering the network and enables schools to enhance learning opportunities for students by safely allowing full internet browsing access whilst also ensuring their duty of care obligations are met.
As standard, many security appliances will block access to inappropriate web sites – however students can use anonymisers to circumvent these restrictions.
An anonymiser acts as an invisible method for students to access inappropriate content and on some solutions get round the restrictions. While it is possible to also block these anonymisers it’s a bit of a cat and mouse game with new anonymisers being created regularly.
The CyberHound Appliance is immune to these limitations as it is able to dynamically detect the behaviour of anonymisers and readily block them.
Next Generation Firewall
The CyberHound Next Generation Firewall is very simple and intuitive to use. It can be used to permit or deny access to web pages, applications, IP addresses, ports and protocols, based on the time of day, the IP address of the user, the user’s group (if groups are enabled) and other criteria. Fundamentally, it allows for very granular access policies as required.
CyberHound’s Next Generation Firewall allows network administrators to control access to actual applications rather than control the data communication ports that it may use and may be shared by other applications.
As the CyberHound Appliance can detect Skype at the application level meaning it is very useful for boarding schools where pupils can communicate with their parents at appropriate times, yet be denied access during teaching and study hours.