* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download the Presentation
Survey
Document related concepts
Transcript
McAfee Next Generation Firewall and Security Connected Threat Ecosystem September 2014 . Firewall Evolution “Connected” NGFW Completeness of Security • • • • Connected to endpoint security Connected to SIEM Connected to advanced threat detection Connected to real-time global threat database Performance Enhanced NGFW • Central management for large networks • High availability • Advanced evasion protection First NGFW • Inspection • Application and user awareness Traditional FW 1988 2008 2012 2013 2014 . 2 McAfee Delivers the Big Picture of Security . 3 Benefits Network Personnel Security Specialists • Service availability • Proven malware protection • High performance • Managed QoS • Continual security updates and support • Minimal downtime McAfee Next Generation Firewall • Detailed reports and forensics • Granular policies Administrators CIO / CISO / CEO / CFO • Centralized, holistic network view • Ensure business continuity and protect key assets • Easy-to-use tools and workflow automation • Complete, cost-effective security solution . 4 McAfee Differentiators Unified Software Core Strong Centralized Management Security Connected High Availability Advanced Evasion Prevention . 5 McAfee Differentiators Unified Software Core Strong Centralized Management Security Connected High Availability Advanced Evasion Prevention . 6 Unified Software Core Flexible Delivery NEXT GENERATION FIREWALL LAYER 2 FIREWALL FIREWALL McAfee MILITARY IPS VPN GLOBAL ENTERPRISE COMMERCIAL SMB SOFT VIRTUAL PHYSICAL Adjustable security levels support a wide variety of deployment scenarios Performance levels are maintained even with deep packet inspection enabled . 7 Unified Software Core FW / VPN Enables Multiple Deployment Configurations IPS IPS L2FW FW / VPN Reconfigure security effortlessly as requirements change without license renegotiations or hardware “forklift” upgrades . 8 Unified Software Core Total cost Lower TCO Typical Cost McAfee More performance needed Change in threat Landscape Security as a business enabler “All inclusive” licensing enables easy budgeting for long-term TCO reduction . 9 McAfee Differentiators Unified Software Core Strong Centralized Management Security Connected High Availability Advanced Evasion Prevention . 10 Centralized Management Resource Optimization Hierarchica l Policies Initial Security policies are based Configuration on templates Hierarchical Templates And Aliases Policies follow template changes automatically Policy Validation Analysis Main policy canand jump to sub-policies to share policies SecurityAbility Automation with between firewalls POLICY TEMPLATE MAIN POLICY SUB POLICY 1 SchedulingSUB POLICY 2 SUB POLICY 3 Security Automation with Plug and Play Security automation with plug andupgrades play Security automation with scheduling e.g. Hierarchical templates and aliases Policy validation and analysis . McAfee Differentiators Unified Software Core Strong Centralized Management Security Connected High Availability Advanced Evasion Prevention . 12 Advanced Evasion Prevention Evasions – what, why and when? • Means to disguise an attack • Bypass network security devices leaving no traces • Extremely difficult to track • Unlimited variations and combinations • Most network security devices are easily evaded Internet Ack ta t Security Device Attack Ack ta t Vulnerable Target McAfee NGFW is tested against 800 million+ evasions or combinations . 13 Advanced Evasion Prevention Fundamental Difference Traditional Inspection Architecture attack ? ta ck McAfee NGFW Stream-Based Full Stack Normalization Protocol agents t a ck at ! ta All traffic must be normalized before inspection in order to expose attacks . 14 Advanced Evasion Prevention Device Testing 1 With Evader getting access to the Select the Exploit “protected” network is as simple as: 2 Identify Attack Target 3 Select the Evasion Technique Cisco Palo Alto Networks Check Point Fortinet Juniper SourceFire Tipping Point . 15 McAfee Differentiators Unified Software Core Strong Centralized Management Security Connected High Availability Advanced Evasion Prevention . 16 High Availability Native Active-Active Clustering 99 Node 1 . UPTIME Node 2 Node 3 Internet Node 4 Node 5 Node 6 …16 Mix of hardware and software versions “I can update a FW cluster without dropping a single packet” – McAfee NGFW customer . 17 High Availability Multi-Link and Augmented VPNs Distant Site 2Mbps MPLS HQ + Distant Site ISP A 2Mbps ADSL + 2Mbps ISP B = up to 6 Mbps Cost-effective and secure site-to-site connectivity provides adjustable resilience and capacity . 18 Secure Remote Access Built-in VPN Client-based IPsec VPN access Remote McAfee NGFW Corporate HQ SSL VPN Portal • Native IPsec VPN and SSL VPN connectivity • Strong encryption protects sensitive corporate data and communications • Outlook web access (OWA) and intranet access via customizable SSL VPN Portal Login: _____ Remote Clientless access through secure portal . 19 McAfee Differentiators Unified Software Core Strong Centralized Management Security Connected High Availability Advanced Evasion Prevention . 20 McAfee NGFW Security Connected Ecosystem McAfee ePO (Endpoint Management) McAfee GTI Reputation in the Cloud McAfee Next Generation Firewall & SMC McAfee ESM (SIEM) McAfee Advanced Threat Defense Integrates network, endpoint and global threat information for superior protection . 21 McAfee ePO (Endpoint Management) Security Connected Ecosystem McAfee ePO Integration Discover and take action on dangerous or malicious endpoint behaviors • IP addresses • Ports • Login credentials, etc. Direct links to endpoint log events . 22 McAfee ESM (SIEM) Security Connected Ecosystem McAfee ESM (SIEM) Integration Quickly respond to alerts and unusual patterns on your network } Sum events and track averages } ID Anomalies 23 Alerts based on deviations • Unusual user behavior • Suspicious network activity spikes • Anomalous communication patterns . 23 Security Connected Ecosystem McAfee Advanced Threat Defense McAfee ATD Integration Deep analysis of suspect files exposes zero-day and advanced threats . 24 Security Connected Ecosystem McAfee GTI Integration McAfee GTI Reputation in the Cloud Respond to real-time global threat information including insights from McAfee Labs • • • • • • File reputation URL reputation Web categorization Message reputation IP reputation Certification reputation McAfee NGFW uses file reputation services from GTI . 25 Security Connected Ecosystem How it Works Less Time to Find, Freeze and Fix advanced threats FIND FREEZE FIX McAfee SIEM AV Scan New File logs McAfee Next Generation Firewall McAfee Advanced Threat Defense Malware Warning! McAfee ePolicy Orchestrator McAfee Global Threat Intelligence (GTI) . 26 McAfee Next Generation Firewall Appliances Highly Flexible Deployment 5200 Series McAfee SMC 3200 Series • Same appliance adaptable for multiple use-cases • Modular hardware • Scale from branch office to data center deployments • Rugged designs for demanding environments 1400 Series 1000 Series 300 Series 4G 20G 60G 120G One harmonized appliance family protects investments with hardware modularity and simple licensing . 27 Third Party Recognition “Long legacy with HIGH AVAILABILITY” “Early focus on ANTI-EVASION” RECOMMENDED by NSS Labs VALIDATED for real world quality, protection and performance . 28 McAfee Next Generation Firewall Benefits • The best protection for your business and digital assets • Adapts easily to your security needs • Scales effortlessly with your growing business • Optimizes productivity of employees and customers • Lowers TCO for both security and network infrastructure . 29 . 30