Devices designed to provide protection against the most advanced cyber threats
Ultra Horizon can provide devices that protect the network from some of the most advanced cyber threats including viruses, worms, spyware and other malicious traffic. In addition, all devices support sandboxing, This provides detailed testing of suspected payloads in a restricted environment to enable detection of malicious intent without risk of infection.
PROTOCOL & PORT AGNOSTIC
Many solutions deployed rely on application detection via inspection of transport protocol and port number. For example, HTTPS (TCP, 443). This means that applications can fool DPI firewalls into misclassifying traffic by changing this tuple of parameters. Our solutions rely on L7 inspection and regular expression matching to distinguish applications; preventing misclassification.
All security devices are managed through a simple, but expressive web interface designed to provide an intuitive layout and real time threat metrics to the user. This allows system administrators to make important changes quickly without having to rely on a command line interface to perform complex tasks.
Administrators can configure and enforce policies based on users and user groups (e.g. Guest, Staff etc…) instead of or in addition to network address blocks. This is accomplished by integrations with directory servers such as Microsoft Active Directory, eDirectory, SunOne, OpenLDAP and most other LDAP-based directory servers to provide user and group information to the devices. This information can be further utilised to permit/deny certain traffic characteristics to user groups. For example, one may wish to deny social media applications for staff, but permit it for guests.
All security devices provided by Ultra Horizon operate in Layer 2 transparent mode. This means that the firewall itself does not act as a router at Layer 3, but instead forwards Layer 2 frames like a switch. This means that our devices can be easily integrated into almost any network configuration and is usually placed between a core/aggregation switch and edge device. This allows the device to analyse all traffic to and from the wider Internet, whilst leaving internal inter-VLAN traffic unmonitored to preserve network performance.