In active mode (that is, stream blocking is on), the NBA must be physically inline between the corporate LAN and the internet. In this mode, the Data Inspection ports on the NBA connect it to the LAN and the internet, and all data packets transit through the NBA.
In active mode, the NBA can actively block network events simply by not passing packets across the Internet boundary, closing network sessions, or communicating at a protocol level with applications either side of the Internet boundary. In active mode, the NBA can also be configured to decode SSL sessions and detect files and emails in them.
To allow real-time analysis of network events, the NBA must be connected via the Socket API to policy engines. This allows CA DataMinder to apply policy to data streams to determine whether they need to be blocked.
|
Copyright © 2014 CA.
All rights reserved.
|
|