IPCopper, Inc.

Trigger Happy Firewall? Solutions to a Common Problem


Portland, OR -- (ReleaseWire) -- 02/27/2018 --Research shows firewall performance is directly tied to packets per second throughput and the number of rules engaged. It is difficult, however, to neatly fit the messy real world into static one-dimensional firewall rules, making it a challenge to create a firewall rule set that rises to the occasion but does not go overboard. More often it results in under-ruling or over-ruling, both of which introduce their own problems, not least the time spent figuring it out. The task is made even more difficult by not knowing the content or character of the network traffic. It is like hunting for a black cat in a dark room without a flashlight – or knowing whether a cat is even there.

Common sense dictates devising firewall rules based on the actual network reality, however, common sense was overruled long ago by firewalls' inability to obtain even a semi-accurate sense of what was coursing through a network. Even if packet capture were available (which is often not the case), to accurately devise workable rules requires a simulation mechanism to apply rules in the field to actual (but not live) data and check the results. Such was the state of firewalls until now.

Blocking all packets on a specific port seems like a good idea, but in truth it depends on the circumstances at the time. A live network environment means nuance, and nuance remains difficult to put into terms that a firewall could understand.

Even before considering the nuance and unpredictability of real life environments, a more basic question is how to build a rule set in the first place. What does it need to address? What the network traffic is "supposed" to be or what the firewall vendor recommends may be far removed from the actual real world circumstances, which vary from network to network. Firewall rule sets are often written, not based on real world data, but on a theoretical idea of what comprises network data. Rule set formation is hamstrung because firewall operators cannot reliably tell what the actual packets on a real live network look like or which packets the firewall blocks.

Such was the state of firewalls, until now. The IPCopper USC8032 solves this problem elegantly. It combines the ability to capture packets and see what the actual network data looks like with the ability to create sophisticated rule- and keyword-based data scenarios. This combination of visibility and control makes it possible to implement rules, see the results and then fine tune them with triggers based on time of day, day of week and other parameters to achieve the firewall behavior appropriate for the real world network, not for someone's theoretical one-size-fits-all idea of a network.

Even further, with the addition of dynamic triggers and chained actions the USC8032 enables the application of different rules, depending whether devices are on or off, and even detect when server or other traffic jumps out of the normal range, a crucial indicator of equipment failure or hack attack. Notifications may be triggered for a variety of circumstances, from the most granular to the most general.

The USC8032 not only makes it possible to see network traffic and examine it, but also to shape it with its integral firewall, allowing the construction of real-life scenarios for real-life networks, with notifications of the real-life events that matter. With speeds up to 10Gbps and benchmarked performance up to 6.5 million packets per second with 10,000 rules, the USC8032 can handle all that the real-life network can throw at it, and then some – it does what you wish your firewall could do.

For more information visit ipcopper.com/product_usc8032.htm.

IPCopper, Inc.'s network appliances deliver high-performance packet capture and analytics to industry and governments. The company's newest appliances incorporate versatile high-speed data processing with packet capture and network visualization for unparalleled multi-faceted solutions to network management, data processing, access control and performance and security monitoring.