Perception Update - Web Proxy

Perception removes the web proxy blindspot

This feature adds a layer prior to the classification engine which enables the actual session destination IP addresses to be resolved from the hostnames visible from the traffic monitored behind the web proxy.  The classification engine is then able to process session information as if the clients were communicating directly with the destination servers.

Monitoring networks where web proxies are deployed presented an issue where actual destination IP addresses were hidden from the system.  Traffic being monitored behind a web proxy is always presented with the same destination IP address, that of the web proxy itself, rather than the real destination IP address.  This results in poor performance for network monitoring systems due to the fact that a significant chunk of data appears to be targeted at a single destination, when in reality it’s going to multiple different places.

Monitoring behind a web proxy may be the only available option for a given customer as the proxy itself may be located in the internet (eg cloud based proxies) and therefore access to the output of the proxy may not be available. This previously presented a potential blind-spot to the Perception classification engine.

This update solves this problem by delivering accurate IP information to Perception regardless of proxy use.  As a result, Perception provides the same level of coverage and accuracy when used behind proxies as it does when deployed in a typical network.

This update is sensor based, and will be pushed to all managed customers at the pre-agreed upgrade time.  Self-monitored customers can update their own sensors using the software upgrade process.  Please note that Perception may need some extra configuration to function with proxy networks.  If you have any further questions about this upgrade please contact us at info@perceptioncybersecurity.com