PacketViper’s traffic evaluation process is designed to control and verify every connection with precision, ensuring only legitimate data traverses the network. This layered, rules-based approach applies security checks in a specific order, allowing PacketViper to identify and stop threats instantly at the point of detection.
1. Custom Rules (Highest Priority)
Execution Order: Processed from the lowest to highest numerical designation.
Tie-Breaker: If rules share the same priority, execution follows the creation timestamp. Purpose: Ensures mission-critical security directives are enforced before any other step.
2. Global Network Lists (GNL)
Allow Rules First: GNL entries set to Allow are evaluated before those set to Block.
Benefit: Maintains operational efficiency while providing strong access control.
3. Country-Based Filters
Geolocation Filtering: Applies country-of-origin or destination restrictions.
Override Flexibility: Custom Rules or Sensors can override these filters to address changing threat conditions.
4. Sensors (Flexible Placement)
Sensors detect and respond to anomalies, with their placement affecting behavior:
Before Custom Rules: No filtering occurs beforehand; generates repeated alerts—ideal for sensitivity testing.
Default (After Custom Rules): Prevents repeat attempts from reaching the sensor by adding new Custom Rules for detected threats.
Post Global Network Lists: Positions deception tactics before country filtering.
Post Country-Based Filters: Serves as the last checkpoint before allowing traffic.
5. Match Detection and Enforcement
Stop on Match: Evaluation halts when a match occurs.
Immediate Action: The configured response—allow, block, alert, or blacklist—is applied instantly.
No Traffic Rerouting: Threats are contained directly at the detecting boundary.
By following this ordered process, PacketViper ensures fast, decisive containment of threats while keeping legitimate operations uninterrupted.
You can download this document