Benefits
Our anti-malware toolkit detects and identifies potential threats as they enter the system. Using three detection schemes and hardware-accelerated pattern matching, we are able to provide high performance and a high detection rate.

We have designed the toolkit to be easily integrated into your applications, and we’ve made rule updates simple. CSS has developed this system in collaboration with leading anti-malware company Kaspersky, so the threat signature database can be updated on an ongoing basis.

Block Diagram

Applications
This toolkit can be used by most OCTEON applications where malware is a potential threat. It comes with convenient APIs to be integrated into customers’ applications. In the OCTEON processor’s data plane, the anti-malware detection system passes the packets tagged with the detection result to the customer software. In control plane, the customer control application may use the APIs to dynamically load new rules, retrieve statistics and read log messages. Coordination between data plane and control plane is maintained internally by the anti-malware detection system.

Technical Specifications
Three different schemes (URL-based detection, signature-based and MD5 Hash-based detection) work together to achieve a high level of detection. The HFA hardware on the OCTEON processor accelerates pattern matching in the packet payload to determine a signature match. It also accelerates normalized URL-for-URL matching, and the parsing of headers and objects in the packet header (HTTP and HTML layers)

Specific features include the following:

• In-line malware detection
• IP reassembly
• Support for IPv6
• TCP reassembly
• Support for hardware-based decompression of GZIP objects
• Flow/session-based detection to reduce overhead
• Comprehensive schemes working on packet metadata (HTTP and HTML), packet payload and flow behavior (URL-based, signature-based and MD5-based)
• Real-time update of signatures without service interruption
• Real-time statistics
• Fully optimized on OCTEON hardware with DFA/HFA acceleration
• Professional services including customer application integration and rule update

Performance
By taking advantage of hardware acceleration and optimized software, the anti-malware detection system achieves a very high level of performance:

• 5Gbps on 5 cores (a typical scenario)
• Up to millions of simultaneous flows
• Scalable with more detection rules and flows

Ordering Information
Coming soon.

Reference Materials
Coming soon.

Call us
To learn more about our Protocol Analysis Toolkit, call us today: 650-623-7000