CloudShield Technologies, a start-up based in Sunnyvale, California introduced a multi-function software platform that leverages deep packet inspection specifically to address the growing challenges of managing mixed, high-volume IP services traffic.
CloudShield, which supplies high-speed packet filtering platforms for the U.S. intelligence community, is now targeting its Layer 2-7 packet analysis systems at carriers and ISPs. The deep packet analysis could help carriers gain visibility into how subscribers and applications use the network. It could be used by carriers to develop and enforce policies on select packet traffic. It might also be used to secure the network from attacks.
To meet these aims, CloudShield is introducing a new Content Control Suite (CCS) that provides analysis, control and security to enable selective granular analysis and control of traffic at high speeds. It runs on CloudShield's FPGA-driven CS-2000 Content Processing Platform, which provides core content inspection and traffic control functionality. CCS application programming interfaces allow broadband policy managers, subscriber managers and billing software. New functionality in the suite includes:
- Signature Detection Module -- identifies traffic of interest using signatures from a variety of sources, including Snort.org, Kaspersky, and custom applications.
- Traffic Control Module -- enables a wide range of traffic controls including QoS marking, traffic shaping, redirecting, and MPLS or VLAN tagging.
- VoIP Tracking and Reporting -- identifies SIP- or H.323-based VoIP services for measurement and control, and detects DDoS attacks against VoIP infrastructures.
- Content Billing Module -- collects vital statistics on user flows for use in usage-based billing solutions.
- Traffic Measurement Module -- collects and reports statistics on selected traffic for greater situational awareness and network intelligence.
- 3rd Party signature sets: CloudShield is making Kaspersky Lab's award-winning malware signature set available to run with the CCS Signature Detection Module.
- Open Source signature sets: the Signature Detection Module supports the open source Snort rules and can import rules from sources including Snort.org or BleedingSnort.
- Custom signature sets: partners and end users can create their own traffic selection / detection signature sets for service identification or classified security purposes.
Data set modules include
CCS modules and data sets will become available in Q4 of 2006.
http://www.cloudshield.com
- CloudShield was founded in 2000 and has raised over $60 million to date.