Sunday, October 10, 2010

UTM Revolution - Who can not have both fish and bear's paw?



As the market and technology developments, many users find that their purchases of UTM products very much like a Swiss army knife - only useful when using a single function. All modules use fully, UTM devices will greatly decrease the performance, availability poor. Certain brands of UTM products, nominal performance is only open when the single function of the test data. Once the full-function, performance may decline more than half. Therefore, the manufacturers engineers in the implementation of the recommendations in good faith when users first open only to a certain function, other functions later to gradually open the frequent scene. At the same time, users are also not worried about performance not to use the full functionality to open, resulting in name only as a function UTM security products to buy, but only as a single functional product.

This occurs because, for the first generation appeared in the market, UTM products, integrated firewall, VPN, anti-virus, intrusion prevention, protection and other functions or terminals in the equipment to do is really just a simple superposition Once when opening multi-functional, various functional modules of the computing resources to snatch the overall performance directly led to a sharp decline. Although many companies have taken such as improving the hardware configuration, even with some features of ASIC hardware acceleration means, but the effect is not significant.

On the other hand, UTM market, the user after years of baptism, the requirements for UTM has become increasingly rational. At present, many mature users, vendors no longer accept all the performance parameters. But according to their network needs, set up a test environment, then use the standard test instrument to measure various products. The most common case is, ignoring the vendor product nominal number of connections, such as data throughput, but the test products in the environment at least Firewall + Intrusion Detection + anti-virus pages open at a time when handling HTTP, FTP throughput, etc. data as a selection basis. This test, more in line with the user's practical situation, coupled with Avalanche, IXIA test equipment and other standards to bring the relative fair, and the results more reliable.

Facing the new market environment, Lenovo network imperial continuous improvement in technology, in order to seek introduction of performance to meet user demand for a new generation of UTM products to use. Particularly with the integration of technology + engine + PSE pre-Optimal Matching technology to solve next-generation UTM product very good comprehensive performance problems.

Fusion engine, that is within UTM products, no longer exists independent of the firewall, intrusion prevention, anti-virus detection engine, but is a complete integrated test engine replaced by UTM. In fact, firewall, intrusion protection, virus protection and other major gateway protection technology, is a big overlap. By integration of the engine rather than multi-engine work independently or in series, can effectively reduce the wasteful duplication of testing brought the performance. Inevitably bring about the integration of the engine characteristics of database integration, and the resulting performance in fact is considerable. Of course, firms can adopt a prerequisite for fusion engine is vendor for firewall, intrusion prevention, anti-virus, VPN, and other additional features have sufficient technical inputs and accumulation of feature library can be purchased, but the engine must self-development, or have Source-level partners. Only on this basis, the chance of achieving complete integration of the engine.

Integration of the engine using the premise, UTM products can also be pre-screening technologies and optimization through the PSE matching techniques for further performance leap.

Integration engine technology principle as shown above. Data into the device, in addition to abnormal traffic flow protocol anomaly detection module outside. Traffic are the main engine to pre-PSE. PSE engine to a very high pre-separation of the innocent and suspicious traffic flow, and then by the characteristics of suspicious traffic matching engine optimization for further processing.

PSE a kind of pre-existing characteristics of technologies for data abstraction library to form a volume much smaller than the original features of the PSE database, then use the PSE library of pre-screening to speed up network processing technology. PSE through the abstract use of pre-treatment technology PSE Library, the detection time required for 10% less than conventional. When suspicious network traffic only to the 20% (which in practice is already high), pre-treatment with PSE performance can be as high as 70%.

Upon completion of the pre-PSE, the suspicious flow characteristics and then further optimized to match the engine for processing. This optimization principle of matching the technology is constantly under the processed data packets state set, when the state bits are placed in a predetermined value, then trigger the appropriate treatment.

Can be compared in the past the police vehicle on the highway to check every car on the release of a complete investigation. The culprits will be guns scattered the parts and bring in a number of vehicles. When the police see a particular component, can not be certain, do not immediately detained vehicles to avoid traffic congestion, but only made a record in mind. Until the check to the back of a car's parts, with the mind than the records and found that these components can be combined into a gun in the best car to be detained. Although the front has been spared some of the parts, but due to parts missing, the ultimate combination of guns can not cause damage.

Lenovo net Royal integration engine + PSE using technology and optimizing the pre-matching techniques of a new generation of UTM products can already do intrusion prevention + firewall + anti-virus functionality is fully open and contrast the performance of individual performance, down 10% to 20 % of the level of the user's network can be useful in the process, the real turn on all of the features to provide users with comprehensive protection really.







Recommended links:



Alibaba Ma: Even if I have to finally kneeling down



Windows vista ntoskrnl exe corrupt easy repair



Dynamic Power-BIV5.3.1 Chi Aowei Smooth Fat Version!



Directory Education



Young professionals entering the workplace to learn the three key ISSUES



Video P2P DOWNLOAD Storm: Openext



Top Compilers And Interpreters



Simple Network And INTERNET



AVI To FLV



we2.0 will not reform his own life?



RM to AVI



MKV TO PSP



Record 2 room to Visit a new generation of IDC



Dreamweaver MX 2004 from scratch (6)



Photoshop - Neon Text



No comments:

Post a Comment