The Data Security Firewall uses an Advanced threat protection is a solution that helps keep zero-day and advanced threats away from entering an organization’s network. These threats are usually engineered to be disguised as good traffic and evade security measures used by the target organization. These can be a malicious file, URL or a constructed mail for well a planned attack.

GajShield’s Intelligent Sandboxing technique identifies malicious files and sandboxes it in a virtual environment, away from the organization’s network to traps the injected malware.

The ATP combined with advanced Machine Learning capability that finds outlier to identify suspicious traffic for further process by the security engines for preventing zero-day threats and keeping them away from the network. Today's viruses, Malwares, Worms and Trojans target the primary weakness in anti-virus technology: the time it takes for new signatures or heuristics to be developed and distributed. GajShield Next Generation firewall appliances, integrates Zero-Day Virus Outbreak Protection to shield enterprises in the earliest moments of malware outbreaks, and right through as new variants emerge.

GajShield zero-day protection overcomes the newer security issues witnessed, in which large quantities of Trojans and other viruses are being missed by traditional signature-based and heuristic antivirus engines increasing the risk for organizations.

Advantages:

Intelligent Sandboxing:

GajShield’s Intelligent Sandboxing service is a cloud-based sandbox designed to discover unknown threats such as ransomware at the gateway, by creating a virtual environment away from organization’s network and running the suspicious file to identify previously unseen malware and threats. It analyses executable programs (PE), JAR, APK, DLL, PDFs and MS Office files etc. (50+ types). It has support for multi-operating systems including Windows, Android, Mac OS and Linux. An organization can decide which files it would like to exclude from sandboxing based on file type, name, sender and recipient.

GajShield Threat Lab:

GajShield Threat Lab stores a database of all Proactive virus and malware detections, bad IP addresses, domains and URLs. At the GajShield Threat Lab, a database of real-time spam outbreaks is collected and compiled and maintained, through consultation with global Internet Service Providers. Patterns are analyzed, categorized, and cross-matched using algorithms, run to optimize the detection of repeating patterns and their sources. This database, containing approximately over six million signatures, is continuously updated with more than 30,000 new unique signatures added hourly. GajShield Threat Lab uses honeypots, sensors deployed across the internet which provides early warning of cyber attacks. Machine learning is used to crawl the internet to identify malicious sites. The cyber threat intelligence (Indicator of Compromise list) which consists of bad IP addresses, domains, URLs, file hash (md5/sha256), malware signatures, spam outbreak signatures which are generated by GajShield Threat Lab, is fed into each security component of GajShield NGFW. With the release of GajShield DSF Bulwark firmware, GajShield firewalls intelligently identify various attempts to compromise and alert the administrator in real time. Advance DSF engine monitors traffic in real time and using the IOC list is able to identify attempts to compromise database servers, unauthorised access to Windows or Linux servers, suspicious traffic or even attempts to leak data out of your network.  

Signature – Independent Protection:

Signature-independent protection is an essential complement to traditional AV technologies, security experts agree. By proactively scanning the Internet and identifying massive virus outbreaks as soon as they emerge, GajShield's Zero-Hour (Zero-Day) Solution provides just that: proactive virus blocking that is effective and signature-independent.

Gateway Defence:

GajShield Firewall sits at the gateway and acts as the first point of encounter to all cyber threats. Its proactive security helps in defending cyber-attacks, real-time. It deals with the threats at the gateway, keeping threats away from the organization’s network thus, maintaining a cleaner network environment.

Immediate:

GajShield provides enterprises with proactive virus detection they need to close the early-hour vulnerability gap during which millions of users are infected. GajShield's proactive virus detection capabilities ensure users' protection hours before signatures are released. 

Artificial Intelligence and Machine Learning:

AI and ML-based cybersecurity solutions will become a necessity in the future of cybersecurity as traditional means will become incapable of mitigating the risks posed by ever-evolving malware, hacks, and other types of cyber-attacks. AI-based self-learning applications will become a standard part of cybersecurity teams’ toolkits that will ensure continued protection against evolving risks.

Proven:

Robust and inherently immune to emerging foiling attempts, GajShield has a proven record of being one of the highest performings among proactive virus control solutions. GajShield's Zero-Hour Virus Outbreak Protection is powered by GajShield Threat Lab, which has a track record of protecting millions of users globally.

Features:

• Ransomware Protection
• Malware Protection
• Real-time inspection & protection from unknown threats through proactive/stream mode
• Deploy signatures to the firewall when a file is identified as malware
• Analyses archives like zip, tar, gzip, 7z, rar across all operating systems.
• Analyses many different malicious files irrespective of its size (executables, office documents, pdf files etc.) as well as malicious websites under various operating systems like Windows, Linux, Mac OS and Android.
• Trace API calls and general behaviour of the file and distil this into high-level information and signatures.
• Threat analysis on dashboard
• Analyse network traffic, even when encrypted with SSL/TLS.
• Perform advanced memory analysis of the executable programs to identify and detect potential malicious files.
• Recurrent Pattern Detection of unknown malware through emailing protocols
• Multiple spam classification
• Independent of Content, Format, Language
• Real-time Blacklist (RBL), MIME header checks
• Filter based on message header, size, sender, recipient, subject line tagging
• Zero hour Virus Outbreak Protection
• Anti-botnet security

With the increasing use of applications to infiltrate into network and leak data, Firewalls today need to evolve and become more sophisticated in detecting newer threats with changing business dependency on data. Increasing bandwidth demand and newer architectures like Web 2.0 is changing the way network protocols are being used and data is transferred. Last Generation firewalls have largely been blind to such threats as more communications are going through standard protocols like HTTP and HTTPS. 

 

Websites are now largely replaced with applications and with this, it has become imperative to provide solutions concerning filtering of malicious applications causing data threats. While some applications can be very useful to the organizations, other applications like torrents and proxy applications could be very harmful. Allowing these types of applications in your network might lead to serious consequences.

• Torrents are common sources of malware and viruses. This is especially true of software and games, which must be installed and executed. This could lead to your network being infected and risk of data leak through such downloaded applications.
• If you’re torrenting illegally, whether you realize it or not, there is a chance you could get chased for copyright infringement which could bring legal liability to your organization.
• Unless connected to a VPN or some other means of encryption, all of the internet traffic can and likely will be monitored by a user’s internet service provider. Internet service providers are usually in league with copyright holders. They don’t want to be held liable for privacy and want to save bandwidth. If an ISP catches one of its customers torrenting, they could resort to bandwidth throttling, fines, or even account suspension and termination causing disruption, leading to business loss.

Another major task considering filtering of applications is to identify applications from SSL protocols and then filtering them. Firewall filtering based on port numbers can no longer provide security to an enterprise. Many applications use standard ports like 443 to camouflage its application traffic. The strength of a firewall in classifying these application forms the basis of your security.

GajShield’s Application filter is the industry’s most powerful Deep Packet Inspection (DPI) engine, providing real-time, Layer-7 classification of all network application traffic such as DNS, FTP, HTTP, HTTPS, ICMP, MGCP, NetBIOS Name Service, SMTP and TFTP. It is designed for fast, trouble-free classification of more than 5000+ application signatures. With its smart classification technology and deep packet inspection which is also called complete packet inspection and information extraction or IX that is a form of computer network packet filtering that examines the data part (and possibly also the header) of a packet as it passes an inspection point, searching for protocol non-compliance, viruses, spam, intrusions, or defined criteria to decide whether the packet may pass or if it needs to be routed to a different destination, or, for the purpose of collecting statistical information that functions at the Application Layer of the OSI (Open Systems Interconnection model). There are multiple headers for IP packets; network equipment only needs to use the first of these (the IP header) for normal operation, but the use of the second header (such as TCP or UDP) is normally considered to be shallow packet inspection (usually called stateful packet inspection) despite this it creates zero impact on the network throughput and provides wire-speed capabilities.

GajShield reporting system provides in-depth know-how of the applications used by your organization, which forms the first step towards security. Using this knowledge, security officers can then block applications for users or groups. With its recent launch of BYOD features, applications can now also be blocked based on whether the traffic has originated from a mobile device.

Earlier, Traditional firewalls would operate on the network layer. Due to advancements in the technology, now GajShield Data Security Firewall offers Application and data Visibility & Control with data context, deeper than Layer 7 policies and reporting, preventing data leakage and sophisticated application-layer threats, including malware, phishing, botnets. GajShield offers industry-leading support for over 5000+ key application signatures. Real-time network logs and reports further allow organizations to promptly re-set network settings for maximum security and productivity. In addition to this, GajShield application filtering feature aims to enhance business-critical application performance by limiting bandwidth for non-business traffic, inbuilt application categories make it easier to filter out and block unwanted applications for the users and to ease this process, GajShield also supports sub-classification within a category.

As a result of this, the infrastructure cost is greatly reduced and thereby, bandwidth is saved as well. Detailed reports showcasing which users are allowed access to which applications further help support security. In addition to all these security features, policies can also be set to filter out nonbusiness traffic which helps to curb the usage of internet for non-professional purposes or personal usage.

Features of GajShield’s Application Filtering mechanism

• Control and visibility data layer, deeper than layer 7 & applications
• Gain control and achieve visibility across 2,500+ applications.
• Enhance business-critical application performance by limiting bandwidth for non-business traffic
• Inbuilt application categories.
• 5000+ Application signatures
• Support policies to identify/detect, allow, block or limit (usage control) TCP/IP application regardless of ports, protocol etc.
• Detect and block known applications like P2P, IM etc.
• Policy based shaping of application for users, group, ip address and network
• Sub classification within a category supported
• Provides risk factor/level of applications
• Saves bandwidth and reduces infrastructure costs
• Protects corporate users including BYOD devices.
• Improved security by blocking threats emerging out of risky applications.
• Quick to set up and simple to implement using GajShield’s Object-oriented policy management

Besides this, when it comes to blocking applications, it is realized that Applications are very difficult to detect and block as compared to URLs. Some applications like BitTorrent can run on any port and can be wrapped inside SSL which makes them difficult to detect. One possible way to effectively detect and block them would be protocol decoding with deep packet inspection. Deep packet inspection involves looking at traffic and blocking it based on its type. GajShield support protocol decoding with the help of context-based deep packet inspection.