Create a Threat Intelligence Gateway at any Scale
GigaFilter ACL is a feature on all Corsa NSE7000 products that adds a layer of defense to network operators’ security. GigaFilter is controlled through REST and allows/denies traffic originating from or destined to any IPv4 address on the internet. With sub-flow precision, compromised targets and attackers can be eliminated. When the feature is triggered, action is taken in a few milliseconds. And because GIgaFilter is closely coupled with the hardware’s enforcement engine, traffic can also be rate limited, redirected, or copied if allow/deny is too limiting.
This is an ACL powerhouse! Traffic forwarding performance is always maintained regardless of the number of IP addresses filtered. (It should be noted that for IPv6 traffic, the NSE7000 allows or denies traffic based on rule sets in the Enforcement Engine.)
Network monitoring and analytics keep track of the bad actors as well as the known good. Threat intelligence feeds are also updated constantly with Indicators of Compromise (IOCs) to record undesired IP addresses. These filter lists can hold millions of IPv4 addresses and have become too large for ACL tables on routers and firewalls to support.
Corsa’s GigaFilter is designed to deal with this and can hold up to 4 billion IPv4 entries. With GigaFilter, operators can push their lists out to all Red Armor platforms then set a single rule to instantly block or rate-limit all enumerated IPv4 addresses wherever Corsa Red Armor is deployed. As network monitoring continues, identified IPs can be blocked or rate-limited through bulk list uploads or real-time incremental changes that can be done in service while GigaFilter continues to filter traffic based on existing rules.
GigaFilter can be integrated with any commercially available IoC/Threat Intelligence feed or open source intelligence framework such as CIF.
- Filter every possible IPv4 address at the click of a button
- IoT scale: use this to fight large botnets with tens of millions of members
- Traffic allow/deny in <1ms
- Use in conjunction with all other rules and actions in Red Armor
- Automatically upload IOC/TI files