In 1994, Jim defined the functional requirements for protecting mission critical systems in the 21st century. First, application protection required both network level defenses and application specific defenses. Second, the Application Protection System (APS) must be capable of delivering multi-gigabit system throughput. Third, the APS must incorporate a High Availability (99.999%) design using fault tolerant self-healing hardware and software. The system should be highly scalable offering a cost effective solution for organizations of all sizes. The design decisions made 11 years ago have been verified. Just as important, the PORTUS APS is well positioned to support the latest IT trends, including utility computing. Over the last eleven years fourteen new versions of PORTUS have been released. Each new release offered increased functionality, security, performance and reliability over previous releases.

Highest Security

Application Level Defenses: Network level security provided by stateful packet filters is insufficient to protect applications from devastating attacks. During 2003 more than 80% of the successful Internet attacks exploited application level weaknesses. These attacks are buried deep within the payload portion of the IP packets and pass through stateful packet filters. Only application specific content inspection is capable of detecting and stopping application attacks. Over the past 10 years FAS has added application specific defenses that detect and block more than 1000 application level attacks. Strict enforcement of standards and RFCs catches scores of application level attacks. In some cases these checks have been capable of blocking new forms of attack seven years in advance of the first instance of the attack. No other security product does as complete a job of application protection as PORTUS.

Error Isolation & Recovery: All hardware and software is subject to failure. The key to designing a highly secure system is to plan for errors, by enabling error isolation and recovery. Stateful Packet filters run as part of the kernel. As a result, any hardware or software error has the potential to propagate throughout the system. This can cause catastrophic failures bringing down the entire system. In the worse case the packet filter can fail open permitting packets to pass through the system that should have been blocked.

The PORTUS code runs at the application level without root privileges in chrooted directories. Each transaction is handled by a separate process. This architecture has many security as well as availability advantages. First, errors are isolated to a single process or transaction, since an error in one process can not impact another. Second, the code is running without root privileges preventing access to privileged functions and data. The code is running in a chrooted directory preventing it from accessing any part of the trusted computing base. So errors in the code can not be used to compromise the system.

The PORTUS code was developed by programmers experienced in writing mission critical software for NASA manned space flight and oil company refineries. As a result, PORTUS contains triple redundant fault tolerant code. Errors are detected and automatically corrected on the fly. PORTUS has been self-diagnostic and self-healing for more than 6 years. No other product comes close.

High Availability

PORTUS pioneered High Availability (99.999%) security solutions in the mid 90s. High Availability configurations contain multiple levels of redundancy in both the hardware and the software. Some customers have been running the High Availability for years exceeding the design goal of 99.999% availability. In other words they are averaging less than 6 minutes of unscheduled outage per year.

Unlike other products the PORTUS High Availability solution is an integral part of the product and not an add-on. Unlike competitive offerings the PORTUS HA permits multiple systems to share the workload make full use of all hardware resources. Other products only offer a hot standby that does no useful work until the primary system fails.

The PORTUS APS is also supported on high availability hardware that offers the following features: dynamic processor deallocation that automatically deactivates a failing processor schedules the transactions on the remaining processors (SMP only); chipkill memory which can dynamically recover from multi-bit errors in a single byte virtually eliminating system outages due to memory failure; spare network interface cards that can be dynamically configured to replace a failed adapter, dynamic pathing to reroute message when one path become unavailable; hot-swap redundant power supplies, cooling fans and disk drives. Some of the HA systems have a measured Mean Time Between Failure of 40 years!

High Performance

PORTUS has been the performance leader for firewalls and application protection system since 1996. It has been providing multi-gigabit/second throughput for more than 8 years. Careful design, dynamic tuning of the TCP stack, use of TCP Offload Engines, and full support of SMP architectures has enabled PORTUS to outperform stateful packet filters while providing higher levels of security with its full function APS.

Enterprise Level Scalability

Cost Effectiveness

PORTUS is the most cost effective security solution in the market. Because of the low administrative overhead, and the option for "hands off" management of the product, coupled with the reliability and performance of the system hardware, PORTUS is unique in its ability to provide the "best in industry" security, performance and reliability at a reasonable price.