I recently visited northern France and the security vendor NETASQ in an effort to learn more about the company's take on the unified threat management (UTM) market.
Sitting in the company headquarters in Lille, executive vice president Dominique Meurisse, began by claiming that 'the firewall is not enough, we want to implement a concept to keep people secure'.
Mirroring comments made often on this website, Meurisse admitted that the company is ‘trying to have the best performance of security' but that ‘we have to give something to be used by the customer'.
Meurisse said: “This is more from the firewall to what we offer, the consumer is coming into the firewall market and trying to understand what the company is claiming. Everybody relates that to big companies and now 50,000 boxes have been deployed and no customers send mail complaining of damage from an attack despite 25 per cent of our customers being sensitive and at exposure to risk.”
Later on I met with Christophe Rup, international pre-sales engineer, and director of products Jeremy D'Hoinne. D'Hoinne began by explaining that NETASQ is a software and hardware manufacturer, and it was important for the company to tell the customers to use a standard hardware platform, as this is a lower cost for customers and performance. This will also help them choose what works better with the software.
D'Hoinne said: “We are a specialist on the firewall and the network and we think you are better if you let a specialist run their area, but vendors have an all-in-one to increase the margin - we want to increase security.”
Speaking about the product line, D'Hoinne said that its focus is on the security UTM, which covers network security, and multi-functional firewall. Mail protection is also offered with the gateway MFiltro, ‘because the anti-spam in the firewall was good enough', according to D'Hoinne.
He said: “This is all-in-one network security, we use the tag ‘ASQ for real-time intrusion protection'.”
Rup commented: “This is a classic multi-function firewall, we developed new technology for each feature and migrated it on top of the operating system. Every regular firewall IPS is done on the kernel and it does the analysis right there, but the number of actions will be 12.
“We divide this into three parts – protocol analysis, packet checking and the foundation of protection and follow each stage of the protocol; heuristic analysis and filtering; and contextual signatures – there is other analysis but other packet still had systems to detect problems.”
Commenting, UK and Ireland managing director Shameem Ibrahim, said: “We are the only ones who do that, with three types of analysis, as most are based on signatures but that is not close to what you get on the protocol.”
D'Hoinne said that most IPS will say that more than 4,000 signatures are recognised but they need to create one signature per attack so it makes it difficult. In this case NETASQ is doing the job without creating signatures, as it was pre-prepared.
D'Hoinne said: “You can wait for an SQL injection attack or you can decide that it uses the same behaviour and it is not normal with a specific character. This means more work at the beginning but the Kernel code is more sensitive than user-based and the cost is less thanks to the Kaminsky DNS vulnerability.”