address the evolving threat scenarios and the security technologies required by up-to-date applications.

Among these threats, for example, are dynamic or randomly assigned port numbers and the increasing emulation and virtualisation of applications.

In the opinion of market experts, the next generation of threat management systems must address the following key areas:

• Firewall/UTM Kernel
• Stealth™ technology for IP-less and thus uncompromisable operation
• TLS Engine for decryption of every TLS-based protocol (HTTPS, SPOP, SMTPS, P2P)
• ASICs: highly specialised chips for optimisation of performance and improvement of scanner speeds

The MF Security Gateway™ provides immediate protection for every network, Web access and data traffic. The multi-award-winning underground_8 package solution integrates more security applications in one standard management interface than any other competitor.

process applications up to layer 7 of the ISO stack. Examination of the lower layers 2 to 4 is classed as ‘network processing’ and includes routing and some Denial of Service (DoS) identification methods.

The MF Security Gateway processes layers 4 to 7 traffic which is often classed as ‘content processing’. This in-depth analysis is the only credible way to discover the latest malware, spam and phishing attacks. These functions are also required to monitor, control and block any peer-to-peer data traffic. 

Filtering of the data traffic is permitted in Stealth™ mode without the need to carry out a corresponding division into sub-networks. As a result the Stealth™ mod, in relation to the network topology, operates in a totally transparent manner.

The Stealth™ mode can be deployed when a network is already protected by a firewall but where the extended control and filtering capabilities of the MF Security Gateway™ are required.

The MF Security Gateway™ may be integrated between the existing firewall/router and the other network components without altering the network topology. Even existing components, such as DHCP servers can continue to function without a hitch.

The Intrusion Detection System (IDS) integrated in the MF Security Gateway™ automatically detects attacks that are aimed at a network or a computer.

Modern IDS technology enables fast discovery of potential attack scenarios.

applications that are critical to the business, only to find that they do not function efficiently over a WAN and the Internet.

These applications have to compete with other less important applications for their bandwidth, as the bandwidth resources may be limited. This "free to all applications" philosophy delays important information, hinders the performance of the applications and therefore damages the organization. Most networks do not need additional bandwidth; they need methods to effectively manage the existing bandwidth and control its use.

This solution is supported by the MF Security Gateway™ with integrated port-based Traffic Shaping, optimising services such as VoIP, HTTP, POP3, FTP etc. An administrator is able to divide the available bandwidth between applications based on the various protocols. It is possible to combine the appropriate rules for this at will.

works is essentially very simple.

A small encrypted network within a wider network is created, which is only accessible with appropriate addresses and passwords, so that only authorised users can communicate with each other. Thus a VPN is a sort of monitored private line within the Internet. It links computers or networks to one another by using other networks as a transport path.

The actual transfer path remains hidden from the user who is completely unaware of the interposed (virtual) network. The MF Security Gateway™ supports two VPN scenarios: client to network and network to network.

This simplifies the integration of underground_8’s MF Security Gateway™ into heterogeneous system environments. The MF Security Gateways™ are quickly and conveniently connected to third-party products via IPsec-based site-to-site VPN. The appliance already includes detailed settings for the products of other manufacturers most frequently encountered on the market.

VPNVPN solution without prior installation of client software.

In this way, users of underground_8 solutions based on the MF Security Gateway™ gain greater flexibility during remote access and VPN access than in other UTM appliances, allowing them to access the company network securely from outside their home network.

The configuration set-up of terminals to the MF Security Gateway™ can be made by means of any additional software, i.e. clientless, and all the user needs for configuration of the SSL tunnel is a browser. As a result, it is also possible to securely access company information from third-party computers (from an Internet café for example) or from company-external locations (airports, hotels, railway stations).

With other UTM solutions the SSL licences are frequently charged on a per tunnel basis; there is no restriction whatsoever with MF Security Gateway™ regarding simultaneous user tunnels. Companies can thus scale their remote access solution flexibly as required.

program exploits). Mobile security is a standard component in the MF Security Gateway™ solution.

The MF Security Gateway™ ensures automatic virus protection if secure access of a mobile terminal (Windows mobile device, iPhone/iPodTouch for example) is made via IPsec, L2TP or an SSL-VPN. So underground_8 enables iPhone users the benefit of secure connections between home and corporate networks.

As a result, iPhone users have ease of access for e-mails and data on internal servers that are protected by MF Security Gateways™. Now mobile employees no longer need to perform laborious booting of their laptop computers if they are outside the network or if they want to access business data when they are on the move. 

status of a connection and assign the data packets to a logical data stream. Thus it is even possible to filter out and repel attacks and incidents from non-contiguous data streams.

With the fully integrated anti-virus protection controlled by DLA™ (Dual Layer Anti-Virus), underground_8 appliances provide one of the highest-performance anti-virus protection mechanisms in the industry thus protecting communication platforms against denial-of-service attacks (DoS) in the event of large-scale virus attacks. Among other things, the DLA™ technology integrates the multi-award-winning anti-virus engine from Kaspersky Labs and thus an anti-virus program certified by Westcoast Labs.

communication efficiently for spam, viruses, spyware, phishing and malware. Filter functions and content analyses must ensure that transfer of the e-mails is secure.

Spam frequently changes its form so even a combination of several technologies may fail to offer long-term security. Filter rules that are too narrow mean that valid e-mails may be blocked. This is where the anti-spam engine incorporated in the MF Security Gateway™ provides massive cost savings and frees staff from having to parse potentially harmful content.

Integration of the MF Security Gateway™ in an existing IT infrastructure takes place at the gateway level and requires no configuration change to the mail server. Modification of DNS-MX records is also superfluous. Incoming SMTP and POP3 connections are monitored.

• Due to a lack of transparency, Skype is an application which is generally considered incompatible with a company’s security policy
• Skype prevents the rapid detection of existing or future back doors
• Using Skype means that the network is unprotected against attacks, since the Skype base enables attackers to “hide”
• It is virtually impossible to monitor the data traffic transmitted via Skype due to the encryption used
• It is virtually impossible to block the use of Skype in organizations by deploying  current security solutions.

The MF Security Gateway™ from underground_8 can be configured to detect, classify and block all Skype programs if required.

Clients behind a firewall that want to set up a connection to an external server connect instead to a SOCKS proxy. This proxy server checks the client’s authorisation to contact an external server and forwards the query to the server. Furthermore, the MF Security Gateway™ also supports a protocol-independent SOCKS proxy. The rules for forwarding the data traffic through the SOCKS proxy may be specified by the administrator based on specific features.

also form the boundaries of cooperation in P2P networks. Trust includes the "voluntary provision of a preliminary service without recourse to legal security and control measures".

This occurs on the basis of the expectation that "the person who accepts this trust voluntarily renounces improper or illegal behaviour".

Opening a system up for communication purposes or allowing access by others can have critical side-effects. In direct communication in P2P networks, companies' conventional security mechanisms such as firewalls can often be bypassed, and P2P networks can clog up a company's bandwidth and malware can spread at lightning speed. P2P is therefore the easiest way to introduce completely uncontrolled malware, into a network.

With the help of inbuilt P2P filters, the MF Security Gateway™ protects a network against peer-to-peer network attacks and blocks their execution. An administrator can specify which file-sharing system (e.g. e-Donkey, KaZaA, Gnutella, etc.) may or may not be allowed within the network.

(DDoS attacks) or downloading of other programs are only the some of the most prevalent possibilities.

Botnets spread in a conventional manner: they can masquerade as e-mail attachments, as vulnerabilities in operating systems and applications or as Trojans. Once installed, the affected computers may be controlled remotely by an unauthorized third-party.

The security solutions developed by underground_8 reliably protect a network against botnets because, regardless of signatures, even previously undetected bots are detected and rendered harmless by observing behaviour and controlling network traffic.

The biggest drawback is that the exchange of data via IM is not documented or only rarely documented and not centrally archived.

As a result, IM eludes the usual reporting procedures. In addition, there is no integration at all with other communication systems. If instant messaging is used for business correspondence and if important topics are discussed via chat, such as placing of orders, then this may result in compliance and legal implications.

underground_8’s MF Security Gateway™ includes Layer-7 protocol identification thus making it possible to analyse the behaviour of all data packets. The MF Security Gateway™ provides the option to regulate the use of IM programs with simultaneous control and security. All data received is scanned for content and is rejected at the MF Security Gateway™ if a risk is detected.

of failure for important business processes. The MF Security Gateway™ family is designed for high availability in order to maintain the highest network reliability.

understand complex network functions and how to correctly configure the firewall accordingly.

The administration interface of the MF Security Gateway™ has been developed in accordance with the latest Web standards. Platform and browser-independent, standardised presentation in addition to ultra-fast page reproduction and improved preparation of large data volumes are only a few of the areas to which importance has been attached.

Even inexperienced users can quickly find their way around with the introduction of multiple navigation features. Important functions are not hidden; they are visible from every page and accessible with only two clicks.

Monitoring of critical system events becomes even easier based on the intelligent log infrastructure of the MF Security Gateway™. The MF Security Gateway™ makes recording functions (logs) available for all network activities from packet level to application level. This makes it possible to

log specific data such as HTTP URLs, VPN connections, connection attempts, all NAT connections (both outgoing and incoming). The easy to operate user interface provides comprehensive analysis and clearly laid out log file display.
The live log viewer built into the MF Security Gateway™ displays the collected data in real-time. This means that administrators can react specifically to attacks, monitor their defence, document the efficiency of their security infrastructure and meet compliance guidelines.

The advantage of this approach is that the user obtains a good overview of the information in each case. However, it is not possible to inspect partial time periods and volumes in this display variation. The MF Security Gateway™ embodies a revolutionary approach. Instead of dictating to the user which data might be of interest and displaying these rigidly, XC™ offers the following possibilities:

• Time periods may be altered at will
• Time periods may be altered dynamically by the use of zoom options
• Individual partial graphs may be hidden or revealed at will

As a result, the user has the opportunity to display the exact data values at any point in time and to read them off accurately. In addition, it is possible to export the corresponding view as images from every selected display.

The data preparation technique developed by underground_8 enables optimum display for extensive mapping, such as all the network statistics, virus scanner efficiency, e-mail processing or HTTP proxy statistics.