Refereed journal article or data article (A1)

A method for endpoint aware inspection in a Network Security Solution




List of Authors: Heino Jenny, Jalio Christian, Hakkala Antti, Virtanen Seppo

Publisher: Institute of Electrical and Electronics Engineers

Publication year: 2022

Journal: IEEE Access

eISSN: 2169-3536

DOI: http://dx.doi.org/10.1109/ACCESS.2022.3170456

URL: https://ieeexplore.ieee.org/document/9762961

Self-archived copy’s web address: https://research.utu.fi/converis/portal/detail/Publication/174870268


Abstract

Due to the surge in remote work after the outbreak of COVID-19, network security has gained an enormous focus. The issue of erroneous inspection decisions in network security solutions has long been criticised, but the importance of the decision accuracy has never been as important as today. In this paper we provide a solution for improving the inspection decision accuracy by specifying a method for endpoint aware inspection in a network security solution capable of performing deep packet inspection. The method utilises a subset of the protected network to gather hash fingerprints from the endpoint application network traffic patterns. The information gathered from this subset is then utilised for gaining endpoint awareness for the rest of the protected network. We use methods that work on the application layer of the protocol stack. This makes the method applicable not only for local implementations, such as NGFWs and IPSs, but also for SaaS and SASE solutions. The method is, however, easily utilised with lower layer information, such as network and transport layer information, for operating system awareness as well. We also present a proof-of-concept case study where we observe that, of the applicable network connections, 100% could be identified when the operating system and endpoint application were present in the source group. To our knowledge, this is the first method to enhance the inspection process accuracy by leveraging a subset of the protected network to gain endpoint awareness.


Downloadable publication

This is an electronic reprint of the original article.
This reprint may differ from the original in pagination and typographic detail. Please cite the original version.




Last updated on 2022-26-04 at 08:55