Photo - Hemal Patel, CEO of Cyberoam Technologies.
Sophos company Cyberoam has been awarded a U.S. patent for identity and policy-based network security and management, which will help Malaysian companies better meet compliance requirements, said the unified threat management (UTM) specialist.
Cyberoam's chief executive officer Hemal Patel said that the technology, which was created and developed by the Cyberoam team in India, delivered "a unique capability to connect end user identity with network security policy, allowing IT security managers to more effectively manage activity and access based on individual needs."
Patel said traditional firewall security measures were designed to scan network traffic based on source and destination IP [internet protocol] criteria to allow or deny requests for Internet or network access.
"Cyberoam's innovative system and method can apply rules and policies specific to the user, between the source and the destination," he said, adding that this 'Layer 8' technology allowed user-specific policies, enabling more granular security controls for firewall decisions.
Network administrators and IT security managers will have the ability to grant network, bandwidth and application access based on user-identity, time-of-day and other Layer-7 (application layer) controls, said Patel.
With the additional level of control and visibility provided by Cyberoam Layer 8 technology, organisations will be better positioned to meet regulatory compliance requirements such as HIPAA, CIPA, PCI-DSS, GLBA, and so forth, he added.
"This patent grant validates Cyberoam's continued leadership in providing identity-based network security to address two of the primary security challenges: helping network administrators manage the weakest link in the security chain with user-defined security and network access policies, and strengthening compliance and reporting based on complete visibility of user activity in the network," said Patel.
Heart of Cyberoam appliances
"This patent awarded technology is at the heart of Cyberoam's extensive portfolio of next-generation firewall (NGFW) and UTM network security appliances," he said, adding that security would be built around the user's identity.
Patel said current corporate policies connected to network security often overlook "the most critical and weak security component: the human element. An organisation's overall security is only as strong as its weakest link - the user."
"Cyberoam UTM's Layer 8 technology over its network security appliances (UTM appliances and Next Generation Firewalls) has been derived out of the need for a more robust network security system which can include a user's human identity as part of the firewall rule matching criteria," he said.
By definition, Cyberoam Layer 8 technology over its network security appliances treated user identity the 8th layer or the 'human layer' in the network protocol stack. This allows administrators to uniquely identify users, control Internet activity of these users in the network, and enable policy-setting and reporting by username.
- Identification of attackers/victims with username
- Instant visibility for administrators into source of attacks
- Controlling who is doing what in the network
- Allowing creation of identity-based policies
- Reporting to track identity-based usage, problems, intrusions and so forth.
US Patent number 8,984,620 B2: Identity and Policy-based Network Security and Management System and Method
The patent describes a system and method that provide a security and management system between the source and the destination which is configured to apply rules and policies which are specific to the user to the connection between the source and the destination. The user-specific policies are used to govern the security and management of each packet transmitted and received via the connection.
Sign up for Computerworld eNewsletters.