C613-22104-00 REV B Malware Protection | Page 16
Feature Overview Advanced Network Protection
Malware Protection
AlliedWare Plus Malware Protection is supported from AlliedWare Plus version 5.4.5 or later.
Stream-based Malware Protection scans traffic as it traverses the device real-time for known
malware and blocks the traffic once a threat has been detected.
AlliedWare Plus Malware Protection provides the first line of defense against a wide range of
malicious content. In addition to protecting the local network by blocking threats in inbound traffic, it
also prevents compromised hosts or malicious users from launching attacks. This is essential for
protecting your organization’s reputation.
Stream-based high performance anti-malware technology is employed to protect against the most
dangerous cyber threats. By considering threat characteristics and patterns with heuristics analysis,
unknown zero-day attacks can be prevented, along with server-side malware, web-borne malware,
and other attack types. Detection covers all types of traffic including web, email and instant
messaging.
The Kaspersky anti-malware signature database is updated regularly to keep on top of the latest
attack mechanisms.
This section describes how AlliedWare Plus™ Malware Protection works. To configure this feature,
see "Configuring Malware Protection" on page 37.
How Malware Protection works
AlliedWare Plus Malware Protection uses stream-based detection to scan traffic. A stream engine is
used to extract Layer 7 payload from the stream of traffic passing through the device. The stream
engine looks for known patterns in the traffic, using signature analysis. A signature database
containing a list of known threat patterns is kept up-to-date to ensure the effectiveness of the
detection.
AlliedWare Plus Malware Protection provides the following features:
Detects and blocks known malware by inspecting the traffic stream passing through the device
real-time.
Scans the Layer 7 payloads of packets intercepted by the stream engine
Supports updating resource files
Supports Kaspersky Safestream II Malware byte signatures
Note: AlliedWare Plus Malware Protection also provides MD5 scanning of HTTP and SMTP. Malware
Protection uses stream-based scanning to compare the MD5 hash to values provided by the
Kaspersky Safestream II list of malicious objects. Streams that match the MD5 hash of known
malware will be blocked. POP and IMAP do not use the MD5 hash, and are instead scanned by the
byte-stream process described above.
To Next Page
Loading...
Need help?
General
