Our next-generation firewall features a number of data filtering capabilities to help further reduce your risk of attack and exfiltration. When combined with User-ID™, applications function control, file blocking by type, and content-level pattern matching enable you to identify and allow specific business-related traffic and deny all else.

By combining the ability to explicitly block dangerous file transfer, applications, non-business-related file types, and data containing sensitive information – like Social Security numbers – with network segmentation, we can further help you to control the flow of traffic and decrease opportunities for attackers to conduct a successful attack against your organization.

File Blocking

The file blocking profile gives you control over the flow of different files by inspecting the payload to identify the true file type, as opposed to looking only at the file extension, to determine if a file transfer is allowed by your policy.

You can implement file blocking by type, user group, or on a per-application basis, which enables you to do things like approve a specific webmail application, like Gmail, and allow attachments but block the transfer of PE files.

File Transfer Control

Granular control over application features, like file transfers, represents another policy option that helps you balance application use with policy control to safely enable applications. You can establish policies to allow IM or webmail applications but deny a related file transfer function.

Content-Based Pattern Matching

Our data filtering capabilities also include the ability to identify and control the transfer of sensitive data patterns, such as credit card and Social Security numbers, or custom data patterns in both application content and file attachments.

By denying the flow of data based on the information it contains, you can better secure your organization by reducing the risk of data exfiltration, either inadvertently by users or by attackers.