Astaro Slide Presentation
Download
Report
Transcript Astaro Slide Presentation
Simplifying Email, Web & Network Protection
Topics
Astaro Company Profile
The Security Struggle
Overview of Astaro Security Gateway
Security Applications
Web Security
Email Security
Network Security
Appliances and Software
Network
Security
Web
Security
Email
Security
Additional Astaro Products
Business Value
© Astaro 2007
Astaro Overview – Page 2
Astaro Company Profile
Founded in 2000
Pioneered what is called Unified Threat Management market
Profitable, growing 60%
Award-Winning Products
Astaro Security Gateway – the most flexible solution for integrated
email, web, and network protection
protects 40.000+ networks in over 60 countries
Easy to deploy and manage
Global Presence
Headquarters in Karlsruhe, Germany and Boston, USA
100+ employees in EMEA, Americas and APAC
24x7 technical support
1000+ partners & reseller worldwidet (700+ in EMEA)
© Astaro 2007
Astaro Overview – Page 3
Customers
© Astaro 2007
Astaro Overview – Page 4
Recognition
Best of the year 2004
Best of the year 2005
Best of the year 2006
Editor's choice (2x)
5/5 Star Review (2x)
Best of the year 2004
Best of the year 2005
Editor's choice
Recommended product
Product of the year 2005
Product of the year 2006
© Astaro 2007
Astaro Overview – Page 5
The Security Struggle
THAT ARE DIFFICULT
TO INTEGRATE
AND MANAGE
DEMAND MULTIPLE
DEFENSES
MULTIPLYING
THREATS
VPN
Firewall
∞ Evaluate
∞ Purchase
Intrusion
Detection
∞ Train
AntiVirus
∞ Install
∞ Integrate
Spam
Blocking
∞ Configure
URL
Filtering
∞ Manage
∞ Update
© Astaro 2007
AntiSpyware
Astaro Overview – Page 6
The growing demand
for Internet Security
Firewall
VPN
URL Filter
IDS
Email Anti Virus
Firewall
Central report tool
Central config tool
Central mgmt tool
Signing/encryption
VoIP Security
VPN Remote access
NAC
Wireless security
P2P filter
IM filter
Anti Spyware
Multi protocol AV
IPS
VPN
URL Filter
IDS
Email Anti Virus
Firewall
1995
2000
2005
© Astaro 2007
App 3
App 2
App 1
UTM Gateways
Clean pipe
2010
Astaro Overview – Page 7
Astaro Security Gateway
Complete Perimeter Security
Network
Security
Web
Security
Email
Security
© Astaro 2007
Astaro Overview – Page 8
Integrated Email, Web and
Network Protection
Firewall
IPS
VPN
Network
Protection
Web
Filtering
Email
Security
© Astaro 2007
Content Filter
Anti Virus & Spyware
IM & P2P Control
Spam Filter
Anti Virus & Phishing
Encryption
Astaro Overview – Page 9
Layered Security
Astaro Security Gateway V7
Firewall
and VPN
External
users
Internet
Internal
users
LANs
Intrusion
Protection
Content Filtering–
Virus/Spam/URL/
Spyware/Phishing
Database
Email
Web
Internal Resources
© Astaro 2007
Astaro Overview – Page 10
Integrated Management
Web
Security
Network
Security
Email
Security
Installation
Management
Interface
© Astaro 2007
Update
Logging and
Reporting
Astaro Overview – Page 11
Web Security
Virus
Protection
Network
Security
Content
Filtering
Web
Security
Spyware
Protection
IM and P2P
Control
Email
Security
© Astaro 2007
Astaro Overview – Page 12
Spyware Protection
Blocks downloads of spyware, adware,
and other malicious software
Prevents infected systems from
sending information back to the
spyware server
Checks against a database of known
spyware URLs
Gateway spyware blocking
complements desktop anti-spyware
tools
© Astaro 2007
Astaro Overview – Page 13
Virus Protection for the Web
Block viruses, worms, trojans, and other
“malware” before they reach desktops
Scans HTTP and FTP traffic
Web & ftp downloads
Web-based email (MSN Hotmail, Yahoo! Mail)
Dual virus scanners with multiple detection
methods
Virus signatures, heuristic analysis
Database of more than 300,000 virus signatures
Frequent automatic updates
Flexible management
Can specify file formats and text strings to block
© Astaro 2007
Astaro Overview – Page 14
Content Filtering (URL Blocking)
Enforces policies on appropriate use of the web
Administrators can define web use policies
based on pre-defined categories of web sites
Nudity, gambling, criminal activities, shopping,
drugs, job search, sports, entertainment, etc.
Sophisticated classification techniques
text classification, recognition of symbols and
logos
Whitelists and blacklists to tailor access for
groups of users
Measure and report on activities
© Astaro 2007
Astaro Overview – Page 15
IM & P2P Control
Manage the use of Instant Messaging Clients
AOL IM, ICQ, MSN Messenger, Yahoo! Messenger, IRC,
Google Talk/Jabber, Skype
Manage the use of Peer-to-Peer applications
Bittorrent, Edonkey, Gnutella,WinMX, Winny, Manolito, Ares,
Direct Connect
Flexible control
For each application administrator can define, if it should be
allowed or blocked and if he should receive a notice about its
usage.
© Astaro 2007
Astaro Overview – Page 16
Email Security
Network
Security
Web
Security
Email
Email
Security
Security
Virus
Protection
Spam
Protection
© Astaro 2007
Phishing
Protection
Astaro Overview – Page 17
Virus Protection for Email
Block viruses, worms, trojans, and other “malware”
before they reach email servers of desktops
Scans SMTP and POP3 traffic
Dual virus scanners with multiple detection
methods
Virus signatures, heuristic analysis
Database of more than 300,000 virus signatures
Frequent automatic updates
Flexible management
Can specify file formats and text strings to block
Emails and attachments can be dropped, rejected
with message to sender, passed with a warning,
quarantined
Gateway virus protection supplements desktop
virus scanning.
© Astaro 2007
Astaro Overview – Page 18
Spam Protection
Identifies and disposes unsolicited emails (spam)
Scans SMTP and POP emails
Multiple methods to identify spam
Realtime Blackhole Lists, header and text analysis,
whitelists, blacklists, URL scanning, greylisting,
BATV, SPF record checking…
Heuristic methods create a “spam score”
based on probability
Flexible management
Emails and attachments can be dropped, rejected
with message to sender, passed with a warning,
quarantined
User can individually release blocked messages via
daily spam report or end user portal
© Astaro 2007
Astaro Overview – Page 19
Protection Against “Phishing”
“Phishing” –
Email
Internet
Criminals imitate emails from banks, credit
card companies, eBay and other sources
to obtain confidential user information
Astaro identifies and blocks phishing
emails through several techniques:
Virus scanner identifies phishing
signatures
URL filtering database captures phishing
servers in the “suspicious” category
Content downloaded from web sites will
be blocked if it matches patterns of
phishing content
© Astaro 2007
Scans for
phishing
signatures
Email
Server
Databases
of
Phishing
Sites
Web
Server
Astaro Overview – Page 20
Email Security
Network
Security
Web
Security
Email
Email
Encryption
Security
© Astaro 2007
Astaro Overview – Page 21
Email Encryption
Internal
User
En-/Decryption and Digital Signatures for
Emails
supports OpenPGP and S/MIME
Email in
clear text
Email
Server
Completely transparent
No additional Software on Client required
‘snmffdsa g
Dsfg sdfgdsfgfdg
Fdsg fgsdfgsdfgdsf
Sfdgsdfdsfgsdf
Fg fdsgdsfgsdfg
Dfgdfsgfdsgfdsg
dslsgdsfg
SMTP
Easy Setup
Only three configuration steps to start
Central Management of all keys and
certificates
No key or certificate distribution required
Allows Content/Virus scanning even for
encrypted SMTP emails
© Astaro 2007
Encrypted
Email
External
User
Astaro Overview – Page 22
Network Security
Firewall
VPN
Gateway
Network
Network
Security
Security
Intrusion
Protection
© Astaro 2007
Web
Security
Email
Security
Astaro Overview – Page 23
Firewall
Stateful Packet Inspection
Packet filtering – inspects packet headers
Stateful packet inspection – tracks events across a
session to detect violations of normal processes
Time-based rules and Policy-based routing
Application-Level Deep Packet Filtering
Scans packet payloads to enforce protocolspecific rules
Security proxies to simplify management
HTTP, FTP, POP3, SMTP, DNS, Socks, Ident
NAT (Network Address Translation) and
masquerading
DoS (Denial of Service Attack) protection
Transparent mode eases administration
© Astaro 2007
Astaro Overview – Page 24
Virtual Private Network (VPN)
Gateway
Encrypts data to create a secure private
communications “tunnel” over the public Internet
Supports IPSec, SSL, L2TP, and PPTP VPNs
Windows, Linux, Unix and MacOS x clients
Advanced encryption
Supports all major encryption methods
Many authentication methods
Internal certificate authority
Full Public Key Infrastructure (PKI) support
Supports VPN tunnels based on dynamic IP
interface addresses (DynDNS)
© Astaro 2007
Astaro Overview – Page 25
Intrusion Protection
Identifies and blocks application- and protocolrelated probes and attacks
Database of over 6,000 patterns and rules
Probing, port scans, interrogations, host sweeps
Attacks on application vulnerabilities
Protocol exploitations
Intrusion detection and prevention
Notify administrator, or block traffic immediately
Powerful management interface
One click to enable or disable complete
rule sets e.g. for email- or webservers
© Astaro 2007
Astaro Overview – Page 26
Astaro Security Gateway Appliances
Environment
Astaro Security
Gateway 110/120
Astaro Security
Gateway 220
Astaro Security
Gateway 320
Astaro Security
Gateway 425
Astaro Security
Gateway 525/525F
Small office/
branch office
Small to Medium
business
Medium business
Medium business,
enterprise division
enterprise division
4 x 10/100 Base-TX ports
4 x Gigabit ports – PCI bus
Dual Intel Xeon CPU
4 x Gigabit Base-TX port
4 x Gigabit ports – PCI
Express bus
10 x Gigabit ports – PCI
Express bus
- 525: 10 x Copper
- 525F: 4 x Copper/6 x SFP
3 x 10/100 Base-TX
ports
8 x 10/100 Base-TX
ports
integrated HD
integrated HD
integrated HD
Hardware acceleration card
Hardware
specs
integrated HD
Hardware acceleration card
2 integrated HD (RAID1) 1)
2 redundant Power supplies)
Performance
Firewall
VPN
IPS
100 Mbps
30 Mbps
55 Mbps
260 Mbps
150 Mbps
110 Mbps
420 Mbps
200 Mbps
180 Mbps
1,200 Mbps
265 Mbps
450 Mbps
3,000 Mbps
400 Mbps
750 Mbps
1) hot-swappable
Astaro Security Gateway Software
Runs on Intel-compatible PCs and servers
© Astaro 2007
Astaro Overview – Page 27
Other Astaro Products
Astaro Command Center
Centralized management and real-time monitoring
of installations with multiple ASG appliances
Astaro Report Manager
Centralized security reporting engine that collects,
correlates and analyzes security data and provides
a huge portfolio of grafical reports
Astaro Secure Client
Advanced IPSec VPN client with personal
firewall and integrated dialer
© Astaro 2007
Astaro Overview – Page 28
Business Value
Enhance Security
Block threats with complete
perimeter security
Integrated management
reduces human error and
increases speed of response
Increase productivity
Network
Security
Web
Security
Email
Security
Keep systems, networks and
web sites up and running
Increase productivity by blocking
spam and inappropriate web surfing
Simplify management
A complete perimeter security solution that is easy to
deploy, manage and update, and that scales seamlessly
from small offices to large headquarters installations.
© Astaro 2007
Astaro Overview – Page 29
Discussion and Follow-Up