What’s new in Balasys Proxedo Network Security 1.0.5

In the past period, intensive development and background work have shifted our focus inward, resulting in poor communication when it comes to Proxedo Network Security news. We’re sorry about that! I would like to emphasize that the development of PNS is nevertheless ongoing! Thanks to these efforts, Balasys’ highly flexible, proxy-based network security suite now boasts an updated architecture, a renewed GUI and several new features. In this post, I’d like to summarize the key new features that have been added to the product since the 1.0. release.

1. TLS 1.3 support

Proxedo Network Security was one of the first IT security products to support the latest TLS 1.3 cryptographic protocol. You can encrypt non-encrypted or legacy internet protocols with the most advanced encryption standard currently available on the market. The security of the communication can be further improved by requiring strong authentication from the user. Based on this feature set, you can implement highly secure web browsing, mailing or even e-banking/e-commerce services over your less-secure internet infrastructure. Another potential use is the strong encryption of data stored in cloud services.

2. Web Application Firewall (WAF)

Based on the integration with Apache ModSecurity WAF, PNS can now inspect and analyze the content of encrypted and non-encrypted internet traffic to verify that it conforms to the standards of the HTTP(S) in use. Beyond detecting advanced attack vectors, it can also hide the vulnerabilities or development errors of the web servers. This is a reliable tool for protecting your organization's public internet services.

3. ICAP support

The PNS can now support the Internet Content Adaptation Protocol (ICAP). Thanks to ICAP support, PNS can integrate with several third-party security solutions such as DLPs, IDS/IPS and anti-malware tools, including multi-scan engines and sandbox-technologies. The above integrations can also be implemented via encrypted channels. This feature empowers you to build a custom and comprehensive threat management environment to protect your enterprise network.

4. Hostname-based rules

Many websites (e.g. facebook.com) don’t have a fixed IP address, yet you still need to control access to them. In addition, sometimes you are not allowed to inspect certain types of encrypted traffic (from privacy or other reasons), but you may still want to gain some control over this traffic tool. In such cases, hostname-based decisions can help you: you can control the access to these sites based purely on their hostnames. Essentially, this is a special URL-filtering capability helping you set up rules solely based on the domain name information, without knowing the IP address or the outgoing traffic content. For example, you can leverage this function in the following cases:

• Denying access to unwanted sites, applications or content – e.g. blocking movie streaming or adult web sites.
• Selective content filtering – e.g. allowing Windows update services or internet banking traffic but scanning all the other content for viruses.
• Load balancing of encrypted traffic – e.g. redirection of bandwidth-intensive YouTube traffic to the backup line.

5. Connection rate limiting

Proxedo Network Security offers a rule for limiting network connection rates. This feature comes in especially handy when your site is under (D)DOS attack or there are enormous peaks in the everyday traffic. You can configure the product to prioritize the requests in such cases by serving more important transactions first, while limiting the bandwidth for others.

6. Advanced Protocol Recognition

PNS can automatically recognize certain protocols and services and can selectively handle these based on preconfigured connection rules. Currently, the supported protocols and services are as follows: HTTP, SSH, server certificate and Sever Name Indication (SNI).

7. Form-based authentication

The PNS 1.0.5 supports form-based authentication in HTTP protocol. It can be presented to the user with an editable ‘form’ to fill in and submit in order to log into a given web application or service. You can even integrate it with your existing AD/LDAP database. Form-based authentication is a platform-independent and customizable solution to unify the web-based authentication process across your company, customers and partners.

We are continuing the development of Proxedo Network Security to make it the most customizable, reliable and resource-efficient network security suite available on the market today. From now on, we are going to post some important news about Balasys and the Proxedo product family on a regular basis. Stay tuned!

Learn more here.