System and method for building intelligent and distributed L2-L7 unified threat management infrastructure for IPv4 and IPv6 environments

摘要

A security gateway appliance is configured to evaluate network traffic according to security rules that classify traffic flows according to specifically identified application programs responsible for producing and/or consuming the network traffic and to enforce policies in accordance with network traffic classifications. The appliance includes an on-box anti-virus/anti-malware engine, on-box data loss prevention engine and on-box authentication engine. One or more of these engines is informed by an on-box dynamic real tie rating system that allows for determined levels of scrutiny to be paid to the network traffic. Security gateways of this type can be clustered together to provide a set of resources for one or more networks, and in some instances as the backbone of a cloud-based service.

主权项

1. A security gateway appliance, comprising:
a memory and a processor communicatively coupled to the memory, the processor and the memory are included in the security gateway appliance, wherein the memory stores computer-executable instructions which, when executed by the processor, cause the processor to: (a) evaluate network traffic received at the security gateway appliance according to security rules that classify traffic flows according to specifically identified application programs responsible for producing and/or consuming the network traffic, (b) enforce policies in accordance with network traffic classifications, wherein the policies are associated with one or more connection management actions associated with one or more of: load balancing, traffic shaping, and quality of service actions, (c) provide real-time ratings and protection against undesired web content for a network, (d) evaluate the network traffic for potential data loss from the network, (e) provide application filtering and controls while enforcing quality of service, and (f) scan inbound network traffic for viruses and malware engines, and scan outbound traffic from the network for data leaks, without diverting the traffic off of the security gateway appliance.