Defense Strategies for Application-Level Security
Application Intelligence provides capabilities to addresses the following four defense strategies, which are required for successful application-level security:
- Validate Compliance to Standards
- Validate Expected Usage of Protocols
- Limit Applications' Ability to Carry Malicious Data
- Control Application-Layer Operations
Validate
Compliance to Standards
Firewalls must be able to determine whether communications adhere
to relevant protocol standards. Violation of standards may be indicative
of malicious traffic. Any traffic not adhering to strict protocol
or application standards must be closely scrutinized before it is
permitted into the network, otherwise business-critical applications
may be put at risk.
Testing for protocol compliance is important, but of equal importance is the capability to determine whether data within protocols adheres to expected usage. In other words, even if a communication stream complies with a protocol standard, the way in which the protocol is being used may be incongruous with what is expected.
Limit
Applications' Ability to Carry Malicious Data
Even if application-layer communications adhere to protocols, they
may still carry data that can potentially harm the system. Therefore,
a security gateway must provide mechanisms to limit or control an
application's ability to introduce potentially dangerous data or
commands into the internal network.
Control
Application-Layer Operations
Not only can application-layer communications introduce malicious
data to a network, the application itself might perform unauthorized
operations. A network security solution must have the ability to
identify and control such operations by performing "access
control" and "legitimate usage" checks. This level
of security requires the capability to distinguish, at a granular
level, application operations.