Data Flow and Analysis (DFA)

IQL VA is a network security appliance add-on that enables instant detection of the complete landscape including all running applications, services and connected devices. DFA displays detailed analysis including paths, memory, access files, ownership details, data transferred and malicious activity information to the administrator. DFA also has advanced capabilities to display decrypted information that has been transferred over SSL/HTTPS. Support is also available for closed protocols on a case-by-case basis. While DFA can analyse threats initiated by external actors it has the ability to monitor internal communications as well. The network administrator can define rules which have global impact to view activity such as:

  • Ability to monitor uploaded files within encrypted applications and websites of popular email providers. As an example if a corporation is undertaking research they can block their personnel from uploading files. DFA can also be used to decrypt secure communications within a networked environment.
  • Ability to block unknown personal hotspots, networks, connected devices and terminals (including detection of MAC/IP/meta data spoofing) initiated within the company premises.
  • Selective blocking of mobile terminals, laptops and portable electronic that do not belong to a whitelist. This should not be compared to jamming which uses the principles of bandwidth blocking. DFA based blocking is akin to monitoring of radio transmissions in an area to detect and block specific MAC address initiated transmission.This ensures that the network administrator can detect unusual activity and applications that may be stubs or malware undertaking rogue transmissions. This module is able to interact with wired network connections along with the ability to monitor wireless connections (GSM/Wi-Fi/WiMax) when connect to scanner units.

  • Go back