"Set it and forget it attitude"- Web Application firewall

Web Application Firewalls (WAFs) are an excellent last line of defense. They’re great at blocking both automated scans and granular exploits like Cross-Site Scripting and SQL injection. I recommend WAFs to partners all the time. But is there more to the story?

Unfortunately, more security vendors deploy WAF to cover up instead of looking to fortify their coding practices which led to vulnerabilities in their web applications. WAF has also replaced good old security practices of conducting regular audit and security scan. It's "set it and forget it". This is especially common with the compliance as a checkbox mode of operation that’s present in many businesses. Reminds me of what Firewalls with Stateful Inspection Technology were 10 years ago.

WAF would not protect you against application logic flaws. What about weak passwords in your web application? Another flaw that may go unguarded.

Good security practices like security monitoring, patch management, change management, incident response processes/procedures and most importantly security awareness sessions still hold good.

Whether you work for a large enterprise or a small business, just know that Web Application Firewalls are not the end-all be-all solution for your web security problems. They’re good at what they do. But like airbags in our automobiles, they can’t be relied on completely. To set up WAF and rely on it completely to protect your Web application is being short sighted and a recipe for getting bitten when you least expect.

The solution is to layer your web controls and look to fortify your coding practices. Web Application flaws are better fixed as the source by performing periodic scans, manual tests and review your code.

After you follow best practices for setting up Web Application, let WAF be the icing on the cake.

False Sense of Security - NGFW (Next Generation Firewall)

I am often questioned by my partners about how is Cyberoam different from the new buzz NGFW.  In reality, Cyberoam and new NGFW share many common features. 

UTM and NGFW are 2 different terms coined by two different analyst firms.  IDC coined UTM and Gartner coined NGFW.  One key difference is the technology used to deliver the functions.  It is believed that UTMs just provides multiple features on a single platform without integrating the features together.  Whereas NGFW delivers features like IPS, AV and application control while integrating these into Firewall.

NGFW Major features vs Cyberoam

* NGFW integrates security functions in to a single engine and define security controls through firewall.  NGFW also enables user based access control.

Cyberoam is a ID based firewall that implements Layer 8 technology.  It not only ties all the security policies and access controls to firewall, but also to the user.  You can apply Web Filter, Application Filter, Antivirus, Anti spam, QoS, IPS, VPN to Firewall as well as to a User/Group

* NGFW are believed to deliver wire-speed network security and suitable for large networks.

Cyberoam delivers high performance network security ranging from small to large networks.  It has firewall throughput up to 10Gbps with UTM throughput of up to 1.2 Gbps.

* NGFW optimizes application control

Cyberoam offers comprehensive Layer 7 Application Control, that is capable of identifying and controlling applications using standard and non standard ports and protocols, even encrypted SSL tunneled traffic.  Cyberoam identifies and controls more than 2000 layer 7 applications.  Cyberoam also does application based QoS, IM control as well as Data Leak Prevention.

* NGFW provides greater visibility with advanced monitoring and reporting

Cyberoam integrates custom built SIEM solution called iView for more than 1000 user based reports.  iView provides reports for Applications, web filter, threats, web trends, internet usage, as well as compliance reports.  It also provides module wise live reporting.  All logs and reports are stored on appliance hard drive. 

Conclusion

At the end of the day, NGFWs are just a subset of Cyberoam UTM

Scare the Scareware

I remember that when I was in school, my Dad bought me a computer which was a Pentium 2 powered desktop. I invited most of my friends out of curiosity to have a look at my desktop. In those days there was a software that was given to me by one of my cousins from Canada. I must say it as a program, that once was run use to display some messages saying YOUR ALL DATA IS BEING DELETED AND THE SYSTEM HAS CRASHED. My friends use to run the program somehow and I use to scare the hell out of them. It was a prank and indeed included lots of fun. What I want to convey here is that such software or malicious programs are known as scare wares and are used by many hackers to cause anxiety and threat to the people.
Scare wares or better to call them as fake softwares are indeed the bitter reality for the consumers around the globe nowadays. A good example is of fake antivirus softwares, the cyber criminals use social engineering to install a malicious code on the computers of the consumers. Once this code is installed, it starts displaying fraudulent alerts with fake messages. Below are such screenshots displaying fake messages.

The people usually fell into the trap due to the fact they get scared enough after reading such messages. These alerts prompt users to visit such websites to buy and download fake softwares to clean threats which never exist.

For cyber criminals, it is a lucrative business to threat people and steal their money by prompting them to buy fake softwares. This class of malwares scans the computers and comes up with a collection of junk files and data.  To prove their legitimacy, these softwares will have names such as:

1. Internet defender
2. Security shield
3. Smart internet protection
4. Malware protection 2012

These malwares can also cause further distress among the users. They can interfere with the normal functioning of the system. They will terminate the processes, for example it will never allow you to run task manager. They can also force web re-directions where in as each and every time you try to access a web page you will be re directed to some or the other link. These softwares are also infamous for downloading further malwares like banking trojans or rootkits etc.

So, we can conclude here that scare ware malwares will be an ongoing problem which will continue due the fact that it involves monetary gains for the cyber criminals.

I was curious to find out weather my Cyberoam can take care of these scare wares. But, first of all I wanted to know what all features I have at my disposal to protect my users against such malwares.
Here is my verdict after some long testing:

1. Cyberoam's anti-virus engine is fabulous, I really mean it. I was not able to download any of the malicious software.  I think nothing can be said more about it.

2. Secondly, I went ahead and enabled the Anti-Pharming feature of the Cyberoam, after which Cyberoam re resolves the DNS for the URLs with the DNS server configured in the appliance itself. This is by far the best way of protection against the redirectional links, directing the users to malicious websites instead of the original website.

3. On further research, I hit a couple of very interesting web categories, "SpywareandP2P" and "PhishingandFraud". I am not sure how the guys at Cyberoam do the categorization, but believe me it is really effective. I found several websites being denied by the Cyberoam when I applied them.


By the way I refered to http://www.spywarewarrior.com/rogue_anti-spyware.htm#products for testing purpose. You can try the same to test Cyberoam's capabilities in protecting your network.

Cyberoam Demo

One of the coolest features I like about the Cyberoam is Reporting part. I was able to impress many customers with its reports. Cyberoam claims to have more than 1400 reports. Most of these reports are Identity based, which means which user, what site, what amount of data, what time.....cool.

So in simple words, you really do not have to worry about the IP address any more. What’s more?

Well, it’s free of cost.

Seriously, we do not have to buy any hardware or software to generate logs. To check the authenticity of the logs, we requested few of our customers to keep an eye of the logs and surprisingly most of the events have been logged.

So if a user browses any unhealthy site, it will be logged. If he tries to access any application not allowed he will be logged. Everything is logged.

Recently we were at our customer to impress him about the Cyberoam functionality. But unfortunately, their current network does not allow SSL VPN ports (8443 default). So we tried to access the Cyberoam Demo site. We logged in, we explained him every feature. Then we were to show the reporting part to customer.

We came back to office and wrote requesting Cyberoam to include graphs on the Cyberoam Demo. There is no point in having a demo without any reports online. Though we had some screenshot to show them, but a live demo should be capable to show some reports.


Let's see when we will be able to see the Cyberoam with logs on demo.cyberoam.com

Most common myths about the network security

Myths about network security

1>     I am anonymous on internet:
2>     Having a security appliance will require dedicated manpower
3>     The threats are only from outside
4>     I am secure if I am accessing HTTPS
5>     Installing firewall : I am secure

1>     I am anonymous on internet:

This is a common myth most the administrators are under. They do not understand that to bring down a big target, hackers target small organisations. The reason for this behaviour is obvious; they want to cover their tracks. Hackers create zombies in smaller networks and try to bring down bigger network. When doing a forensic analysis it will always be your network under the RADAR.

2>     Having a security appliance will require a dedicated manpower

The Cyberoam UTM appliance is all in one solution and does not require any dedicated manpower. Companies can use their existing manpower to control their internet traffic. The products is very simple to configure and its plug and play device.

3>     Threats are only from outside

Most of the administrators feel that threats are only from outside. This is great myth of all, as the threats from inside is equally distributed to threats from outside. More than 50% of the threats are from inside. Free surfing on the internet will invite virus, Trojan and worms inside the network and thus will reduce the speed of the whole network. You will buy new switches which should be working at great speeds and at the end of the day you will still find them working the same as before. The worms eat up your bandwidth due to broadcasts and Trojans can launch attacks from inside the network. If your email server gets compromised you will see your public IP getting black listed.

4>     I am secure, if I am accessing HTTPS

This is where you get a false sense of security. When you see secure protocol you should never feel full secure. Security is never full and complete, it’s a constant evolution. So you should always update yourself with new technologies and then remember to use your brain before implementing it as a solution.

5>     Installing firewall : I am fully secure

The firewall just a primary security but what about the ports which you have bypassed like when you are using a web server, FTP server or email server. You have opened these ports directly from your firewall. Now there is no protection on these ports except checking the state of the connection and DOS check. Many other attacks like URL redirection, XSS attacks, Buffer overflow attacks which could seriously damage your reputation are ignored. 

Most important things your firewall should do

We have recently organised a customer meeting, where we have invited most of our customers and requested them to the poll for the most important things a firewall should do. This is a regular operation we do.

How this helps us?

1> increased satisfaction of the customer because we care
2> customers tends to learn new threats
3> New customers who appreciate the need of security
4> awareness of new technologies released and how its going to help them
5> a common platform to discuss existing network problems and their solutions

After many suggestions and many reviews we have decided to list them down. The list which will help most of the customers to take a better decisions while buying a new security product or when they are ready for renewal or when they want to replace existing solution

The attacks have grown mature, the users went mature, the applications are more mature but most of the appliances are not ready for this challenge.The attacks can be blocked from WAN but what about the new threats. These new threats are also known as Zero day attacks. The products are not aware of these threats.

So to provide a check list we came up with Top 10 list and below are the important list of these features:

1> Intelligent and advanced Application filter with bandwidth control

The advanced application filter should identify applications which are running on standard ports. Like HTTP i.e. port 80. Port 80 has simple web traffic, IM traffic, CRM traffic, streaming media traffic. Most of our customers wanted a solution which will allow steaming media on port 80 but with a limited bandwidth. If a solution can not identify the streaming media on port 80 its very difficult to manage your limited bandwidth. Along with that many online movies sites and live TV can also be differentiated and should be limited on usage.

Another set of bandwidth hungry applications are the p2p applications which eat up your most important resource i.e. bandwidth. Recently one of our customer complained slow browsing, we installed a solution just to find most of the users were bringing their laptops with P2P applications still active when they come from home. They were not only choking up the bandwidth but also risking the network with new Virus, worms and Trojans.

2> A True identity based solution

Some users are very aggressive. They launch an attack deliberately or accidentally and the organization looses important data. Most of the organizations trust their employees and we seldom hear these but the truth is these things never come to light unless they occur to important organisations. So administrators right choice is to identify the users who take advantage of this trust.

Also, most of the attacks are not from outside but inside like spam. we want to identify the users and then block them. The identity based solution should also have the ability to allow admin to create granular policies over the users.

Now that we are aware the user is the weakest link in the security his activities should be monitored regularly.

3> Live view of the network

Once the user has been identified, the solution should be capable to show how much of bandwidth is being consumed by each user or application. The data is very important for the optimizing the network performance. When you keep these advanced solutions in your network, you will be amazed to see so many applications being used which are chocking your bandwidth. Based on the live reports, you can take immediate actions on the users.

4>  Anti-Spam

Spam is very ugly truth. With no solution your email server and your users can be easily compromised and soon your IP will be blacklisted. Once a IP gets blacklisted, we all are aware of the hardships we have to go through to get it unlisted. A true spam solution should be able to catch spam in any language or format. Also, it should be capable to block spam at the gateway level itself.

5> WAF

In my earlier thread I have explained the use of WAF and its requirement. To refer it kindly browse through below link
http://cyberoamexpert.blogspot.in/2012/05/cyberoams-waf.html

6> Web Category based Bandwidth control:

One best example is the Facebook or social networking sites. These social networking sites are very good and I am big fan of them. Recent study also showed that the allowing the users to do facebook increased the productivity of the employees. But that does not mean that users should be given full bandwidth to these networking sites. So a true solution should be capable to implement the bandwidth policies on these sites. So users can enjoy the site but at a limited bandwidth.

7> Logging and Reporting

A true solution should include inbuilt logging and reporting solution. The reporting should be very elaborate and should not require any external device or software. Howerver, it should also provide a facility to generate logs and reports to a syslog server.

8> SSL VPN

I like working from home as many of us do. But it gets difficult to work if I am not able to access resources securely. The solution should allow users to login from home and work safe and secure. SSL VPN is best as its secure and provides mobility.  While client to site is also better way but a SSL VPN is truly a best solution.


All our customers were very satisfied with the list as it really helped them to choose the right product!

Cyberoam's WAF

Web Application Firewall.


In the continuation to my previous article where I mentioned about the new features released by Cyberoam, one of the key and important feature is that of Web Application Firewall. It is not a new term or technology in fact there are already UTMs and open source projects offering the Web application security. So you might be wondering what new Cyberoam is offering with this feature or some smart heads might be thinking that Cyberoam is catching up with its competitors. Yes, it could be true to an extent; however, the true mettle of the feature depends on what is on the offer and this where Cyberoam has more impact over its competitors.
WAF or Web application firewall is a plug-in, or a filter that scans any http connection with certain set of rules. In general, these set of rules are enough to overcome certain type of common attacks like SQL injection or Cross site scripting (XSS). Now, you can customize these set of rules in accordance to your knowledge and requirement which in turn can help you in indentifying and blocking various attacks. This is the point where Cyberoam scores over all other web application security solutions available in the market.


Why do we need a WAF?
Web or the World Wide Web is frequently referred to as the next battle ground. The countries around the globe nowadays fear that the next world war will be fought on the internet and attacking the web application servers will be one of the most important types of attack.
Despite the incident of dotcom bubble burst the dependency of the world on Web has not decreased. Web sites and web applications are growing rapidly. Businesses worldwide have moved on to use more and more complex applications on http. The phenomenal dependency of businesses on the web has made them prone to various attacks. Over the past decade or so we have seen a lot of increase in the hacking activity. Various attacks like, work attack, SQL injection have taken the toll of business to a much larger extent now.
Most of you might wonder that these attacks can also be stopped by a firewall then why do we need a WAF? However, the point is that a firewall cannot stop these attacks. Here is the list of attacks that a firewall cannot detect or stop: 


1.     URL interpretation attack
2.     Input validation attacks
3.     SQL injection attack
4.     Impersonation attacks
5.     Buffer over flow attacks
6.     Cross site scripting 


Above is just a partial list of attacks that cannot be stopped by your perimeter firewall. There are many other attacks that you firewall can never even detect off and your web services can easily fell prey to deadly hackers.
So, you cannot deny the fact that despite deploying a firewall in your network you need a WAF to protect the web server and web applications.


Cyberoam as a WAF:
Yes, now Cyberoam has an inbuilt feature of Web application Firewall. Cyberoam’s WAF helps in you in achieving the following major organizational concerns/questions with respect to the web services on offer:
1.     How can you secure your web applications?
2.     How can you insure that only authenticated users get access to the web services?
3.     How can you insure the acceleration and speed of the applications?
4.     How to insure the scalability of the web servers with the growing number of users?
5.     Validating the input of the users on the web forms?
However, before we talk more about Cyberoam as a WAF, Let us have a look at the challenges faced by current WAF products which are in the market.
The major challenge is in the form of too much of security, I mean to say, some products like Barracuda WAF provide too much of security that there have been instances that even legitimate users have been deprived of work. This actually may sound funny but it is true for many other products as well.
Other challenges can be listed as below:


1.     Penetration of database monitoring
2.     Prevention of hacking, data theft
3.     Provision to work as IDS(Intrusion Detection System)
4.     Notifying as well as rectifying the security loopholes.
5.     Prevention of cookie poisoning and session hijacking
6.     Less scanning time for the data
7.     Efficient and effective filtering of http/https requests
8.     Moulding itself to detect and prevent new attacks
9.     Customization of http/https scanning rules


While testing the Cyberoam WAF I found all the challenges being overcome. I tested it against my word press website linked to a JDBC. While products like Barracuda, Semantic, Citrix, Imperva etc failed in overcoming one or the other challenges listed above. However, Cyberoam has no reporting feature which actually is a point that goes against it when we compare it with dedicated WAF products.
I am more interested in testing Cyberoam’s WAF against Astaro’s WAF (Since Astaro is only UTM offering inbuilt WAF), where in as later uses signatures to detect and prevent attacks. I have never been a great fan of technologies using signatures and this is no deferent. The huge issue I see with signatures is that they need to be updated regularly which is a big overhead. Since Cyberoam uses intuitive active and passive modes to detect and prevent attacks it is far more effective and efficient then Astaro.
Cyberoam’s WAF is so intelligent that in real time environment it is quickly able to notice the behaviour if web applications that you have in your network and then it moulds itself to protect them automatically. How does it do so? It is still a mystery. May be I can get a hint from Cyberoam support.

New Features released by Cyberoam.

Cyberoam has released a new version for all the existing models this week. I had a chance to go through the release notes and found things quite interesting.
I have always viewed Cyberoam as a competitive product and with the coming of new features it is creating a niche of its own.

The newly released version is 10.02.0 Build 206 and with this Cyberoam has bought a a new set of features. Here are the features that I have been talking all through:

1. Mix Mode
2. FQDN Host and Host Groups
3. Guest Users
4. Differentiated Services Code Point (DSCP)
5. Captive Portal URL Redirection
6. Hit Count in Mail Summary Reports
7. Country Based Traffic Control
8. WAF – Web Application Firewall
9. NT LAN Manager (NTLM) Authentication Support

The features here have a lot to offer and I will not do any justification by going through all of them in this article. So, In the upcoming weeks I will post more information about these features after doing some testing and playing with them.

Besides these features, there are some enhancements that have also been announced with this new version. These enhancements were long awaited and at last Cyberoam have them.
Here are is the list of the enhancements done:

1. GUI Enhancements
2. DNS Optimization
3. Virtual Host Enhancement
4. IBM server terminal support in SSLVPN
5. Dynamic Interface Support
6. Search using IP Address
7. Customized Wireless LAN

We will again talk about these enhancements in a separate article later.

Every new version has also some bug fixes, so this version is no deferent.  I will test and display the list of the bugs fixed in the new version in the upcoming articles.

A fight for best application filter

Today networks and the amount of data transfer done, are large and  growing larger in size. As the companies grow larger, the number of users in the network also increase. The users are the primary cause of growth in the traffic. Let’s understand their behaviour and why there is an exponential growth in the data transfer on the WAN. Let’s understand why 80/20 rule is no more valid:

1.  Users will access resources on the LAN and WAN. These days, everyone is moving the applications on the cloud. It makes sense why traffic is growing on the WAN.
2.     These users are not only accessing the applications on the cloud but also applications which they should avoid, like proxy applications, P2P applications (torrents). Primarily, this is the reason how a virus/malware comes inside the network.

Now, if we include above all we understand that we need to identify the application traffic being used by User and drop it if objectionable.

Applications have grown too mature and difficult to catch with traditional firewalls. The traditional firewalls are capable of only identifying the ports, or the only rule matching criteria is "The port numbers".A real next generation firewall should be application intelligent and must identify the user who is initiating the traffic.

“The applications have grown too mature” What does that mean exactly??

Let’s take an example here of an application called ultrasurf. It’s really best example because of its random behaviour. It’s like chameleon which gets connected to the servers anyhow. Another good example is skype. To simplify things, consider port 80 traffic. It not only includes simple web traffic but now it also includes video streaming, proxy application traffic, instant messengers, downloads, CRM……many many more.

I think the solution is obvious -- go for a combined security solution!!! But which one very mind twisting question.

Recently, there is hype in the security market about PaloAlto networks. The APP ID technology is currently marketed as unique as they have this feature right inside the firewall module.  I searched on the youtube for any related videos on how to configure this videos. It seriously concerned the first few steps of the getting up the appliance. The new generation appliances should be easily configured and should be plug_and_play but instead it seems to be very lengthy process

http://www.youtube.com/watch?v=13nEDpEsRUA&feature=related

Creating a firewall rule..oh! god it was very very lengthy process.  Not a simple thing to configure. It again needs a professional for just configuring the firewall rules. Again not a simple plug and play device.

Now I got more interested in capabilities. As a security professional, I wanted to test this appliance out and about its capabilities. I took 4 appliances in the test bed to compare capabilities. These appliances have capabilities to identify different applications and block them.

I also wanted to choose command applications which are being used in the current network. The applications have been choose to understand the maturity level of the application Vs. maturity /capability level of the product to identify and block it. These applications are specially choose from networks with students, HR team, construction companies, complex networks, and low bandwidth networks. So we have prepared a list of common and deadly 35. These applications are used for data leakage and risk for the organisations has increased.

Below are the deadly 35:

Application	Facebook likes	source
Ultrasurf - Proxy	4016 likes	http://ultrasurf.us/
Freegate - Proxy	N.A.	http://download.cnet.com/Freegate/3000-2085_4-10415391.html
Hotspotshield - Proxy	N.A.	http://hotspotshield.com/
MSN - IM	1,731,299 likes	msn.com
Yahoo - IM	40,00,000 users	http://www.yahoo.com
Gtalk - IM	6541 likes	http://www.google.com
TOR - Proxy	N.A.	https://www.torproject.org/
Skype - VoIP	1,09,00,000	http://www.skype.com
Facebook Chat - IM	10,450 likes	http://facebook.com
AIM Messenger - IM	1,20,000	http://aim.com
QQ Messenger - IM	6275 Likes	http://imqq.com
BitComet P2P Traffic - P2P	181 like	http://bitcomet.com
Bittorrent_uTorrent_Thunder - P2P	7239 likes	http://bittorrent.com
Securitykiss - Proxy	N.A.	http://www.securitykiss.com/
FTP Upload/Download	N.A.
Team Viewer	610	http://www.teamviewer.com
iTunes	Too Many	http://www.apple.com/itunes/
Facebook Application	Too Many	https://facebook.com
Webmail-gmail-chat	Too Many	http://www.gmail.com
google+	Too Many	https://plus.google.com/up/start/?continue=https://plus.google.com/&type=st&gpcaz=93f2c371
webmail- yahoo-chat	Too Many	http://www.yahoo.com
teamviewer file transfer	N.A.	http://www.teamviewer.com
cyber ghost	N.A.	http://cyberghostvpn.com/
asproxy (on web)	N.A.	http://asproxy.sourceforge.net/
qq file transfer	6277 likes
shareaza	N.A.	http://www.shareaza.com/
emule	1,41,256	http://www.emule.com/
dc++	N.A.	http://dcplusplus.sourceforge.net/
qq live (WEB)	Too Many
ustream	290,000/month	http://www.ustream.tv/
jumblo	N.A.	http://jumblo.software.informer.com/
psiphone	622	http://psiphon.ca/
simurgh proxy	N.A.	Free File sharing
Wi-Free	Few	http://www.wi-free.com/
Digsby	80000/month	http://www.digsby.com/

Two of these applications caught my eye because of their extra ordinary behaviour:

1. Psiphon
2.  Wi-free

These will be the next generation applications used for surfing. Very difficult to stop them. They use protocols like SSH, DNS to send the traffic through the network. And its very difficult to detect and drop such traffic. If you DROP dns traffic your internet traffic will not work. The Public WI-FI can be easily penetrated using these applications.

Very good applications developed by beautiful minds to share the data to the outside world but now they are being used in a very different environments like schools and colleges. So the customer requirement was very obvious.

Test BED:

The test bed was very simple.

•  A computer with all these applications will be connected to the LAN and the WAN will be connected to the Internet.
•  These applications were to be run one by one  so that capability and maturity of the product in blocking the application can be evaluated
•  No extra firewall rules should be required.

But the results are totally different and I think Cyberoam has fared very well or best to say it has it has proved to be best.  The results may vary but we have tried to use the latest Version. It seems that the products took too much time in blocking the applications when a new version of the applications is released. These products were not proactive.  These applications have topped our list and some products are not even aware of these deadly applications.

Below are the results:

Application Name	Application Version	Fortigate (FW-v4.0,build0521,120313 (MR3 Patch 6))	Sonicwall (FW- SonicOS Enhanced 5.8.0.2-37o)	Palo-Alto (FW-4.0.8)	Cyberoam (FW-124)
		Latest Release: 3.00168		Latest Release: 298-1339	Latest Release: 3.0.53
Ultrasurf - Proxy	11.04	Working	Not Working	Not Working	Working
Freegate - Proxy	7.27	Working	Not Working	Not Working	Working (ultrasurf & Freegate Both should apply)
Hotspotshield - Proxy	2.52	Working	Not Working	Not Working	Working
MSN - IM	0.98.4	Working	Working	Working	Working
Yahoo - IM	11.05	Working	Working	Working	Working
Gtalk - IM	1.0.0.104	Not Working	Working	Working	Working
TOR - Proxy	0.2.2.35-8.0	Working	Working	Working	Working
Skype - VoIP	5.8	Not Working	Working	Working	Working
Facebook Chat - IM		Not Working (taking time to bypass)	Not available	Not Working	Working
AIM Messenger - IM	1.0.1.2	Working	Working	Not Working	Working
QQ Messenger - IM	1.2	Working	Working	Working	Working
BitComet P2P Traffic - P2P	1.31	Working	Not Working	Working	Working
Bittorrent_uTorrent_Thunder - P2P	B(7.6-26764) & U(3.1.2-26773)	Working	Not Working	Working	Working
Securitykiss - Proxy	2.2	Not available	Not available	Working	Working
FTP Upload/Download		Working	Working	Working	Working
Team Viewer	7.0.12799	Working	Working	Working	Working
iTunes	10_05_2005	Working	Not available	Working	Working
Facebook Application		Working	Not available	Working	Working
Webmail-gmail-chat		Working	Not available	Not Working	Working
google+		Working	Working	Working	Working
webmail- yahoo-chat		Not Working	Not available	Working	Working
teamviewer file transfer		Not available	Not available	Not available	Working
cyber ghost	4.7.18.1187	working	Not available	Working	Working
asproixy (on web)		Not Working	Not Working	Working	Working
qq file transfer	1.2	Working	Not Working	Not Working	Working
shareaza	V8	Not Working	Working	Not available	Working
emule	0.50a	Not Working	Working	Working	Working
dc++	0.791	Not Working (connected but unable to download)	Not Working	Not Working (connected but unable to download)	Working
qq live (WEB)		Working	Not Working	Working	Working (whole category should block)
ustream		Working	Working	Working	Working (whole category should block)
jumblo	4.09 Build 660	Not available	Not available	Not available	Working
psiphone		Not available	Not available	Not Working (SSH +)	Working
simurgh proxy	1.20 beta	Working	Not available	Not available	Working
Wi-Free		Not available	Not available	Not available	Working
Digsby	91	Working	Working	Not available	Working

Just to quantify them in beautiful graphs

Further more, the Cyberoam was quite easy in configuring. It seems to be true application intelligent firewall which blocks most dangerous applications. This product is quite promising and its track in the Magic Quadrant has shown considerable growth.