TLS Inspection |
The DUT/SUT intercepts and decrypts inbound HTTPS traffic between
servers and clients. Once the content inspection has been completed,
the DUT/SUT encrypts the HTTPS traffic with ciphers and keys used by the
clients and servers. For TLS 1.3, the DUT works as a middlebox
(proxy) and holds the certificates and Pre-Shared Keys (PSKs) that
are trusted by the client and represent the identity of the real
server. |
IDS/IPS |
The DUT/SUT detects and blocks exploits targeting known and
unknown vulnerabilities across the monitored network. |
Anti-Malware |
The DUT/SUT detects and prevents the transmission of malicious
executable code and any associated communications across the
monitored network. This includes data exfiltration as well as
command and control channels. |
Anti-Spyware |
Anti-Spyware is a subcategory of Anti-Malware. Spyware transmits
information without the user's knowledge or permission. The DUT/SUT
detects and blocks the initial infection or transmission of data. |
Anti-Botnet |
The DUT/SUT detects and blocks traffic to or from botnets. |
Anti-Evasion |
The DUT/SUT detects and mitigates attacks that have been obfuscated
in some manner. |
Web Filtering |
The DUT/SUT detects and blocks malicious websites, including defined
classifications of websites across the monitored network. |
Data Loss Protection (DLP) |
The DUT/SUT detects and prevents data breaches and data exfiltration,
or it detects and blocks the transmission of sensitive data across
the monitored network. |
Certificate Validation |
The DUT/SUT validates certificates used in encrypted communications
across the monitored network. |
Logging and Reporting |
The DUT/SUT logs and reports all traffic at the flow level across the
monitored network. |
Application Identification |
The DUT/SUT detects known applications as defined within the traffic
mix selected across the monitored network. |
Deep Packet Inspection (DPI) |
The DUT/SUT inspects the content of the data packet. |