3. Internet Security today The growing complexity Botnets Spam Phishing Scam Hoax Viruses Spyware Gray ware Intrusions Denial of Service Distributed Denial of Service Malware Ping floods Eavesdropper Script Kiddies Espionage Root kits Adware P2P File sharing Trojans Spit Bots Backdoors Buffer Overflows Hackers Malcode Bugs Key loggers Crime ware Pharming Competitors Identity theft Exploits DNS poisoning Snarf attacks Spam bots Spy bots Trap doors War driving Ransomware ASCII bombs Bluesnarfing Worms Decrypting Reverse engineering Port Scanning… Too many threats … Too many tools … Helpdesk Evaluation Training Deployment Management Updating Too many tasks … Firewall & VPN IPS & IDS SSL VPN Email Filter Web & IM Filter
4. Internet Security today The growing demand for integration URL Filter Anti Virus VPN Firewall 2000 Antispam URL Filter IDS/IPS Anti Virus VPN Firewall 2003 Central Mgmnt.. VoIP Antiphishing Antispyware Antispam URL Filter IDS/IPS Anti Virus VPN Firewall 2005 Clustering SSL VPN IM/P2P control Email Encryption Single Sign On Dual AV Central Mgmnt. VoIP Antiphishing Antispyware Antispam URL Filter IDS/IPS Anti Virus VPN Firewall 2008 FW/VPN UTM UTM+ XTM typical Integrated products
5. Internet Security today The growing demand for unified management Firewall Antispam VPN Antivirus URL Filter IDS/IPS … have many different management interfaces Many different tools… Wizards (initial setup) Web GUI (basic configuration) set admin user cfg password set interface ethernet1 manage ssh exec ssh tftp username cfg file-name idnt_cfg.pub ip-addr 10.1.1.5 save CLI (detailed configuration) Launch of 3rd party GUI (for specific applications) Software client (Off-line configuration)
6. Internet Security today The Astaro All-In-One Approach All-In-One Appliances Browser-based Unified Management of All Applications Automatic Firmware & Pattern Updates Localized UserPortal Integration of Complete Email, Web & Network protection Flexible Deployment Centralized Management
7.
8. Astaro Company Overview Our Business a leading supplier of All-In-One Internet Security Appliances Astaro is easy-to-use All-In-One security gateways with complete enterprise-class functionality. Only Astaro offers suppliers of single- or other multi-function products for internet security In contrast to integrated products for Email, Web and Network Security that are cost efficient and easy-to-use. requiring small to medium sized companies and organizations for
10. Astaro Company Overview Frequently awarded 2 × Product of the Year Recommendation Best of the Year Editor's Choice 3 × Best of the Year 2 × Editor's Choice “ The most polished and easy to use management system we’ve seen. ” InfoWorld “ An astonishingly rich set of security features.” SC Magazine “ This is a real winner.” SC Magazine “ Covers all the bases” “Excellent ” InfoWorld "knallharte Firewall" PC Pr@xis
11. Astaro Product Overview All-In-One-Appliances Unified Threat Management Network Security Firewall VPN Intrusion Prevention Base License optional optional Mail Security Anti Spam & Phishing Dual Virus Protection Email Encryption Subscription Web Security URL Filter Antivirus & Antispyware IM & P2P Control Subscription
13. Astaro Product Overview Management & VPN Products Provides Centralized management and real-time monitoring for multiple Astaro appliances Collects, correlates and analyzes security data and provides a huge portfolio of graphical reports Advanced IPsec VPN client with personal firewall and integrated dialer
26. Astaro Web Gateway Deployment scenarios Internet AWG Internal users and resources Firewall and IPS Inspect all traffic Inspect HTTP traffic only HTTP
29. Astaro Web Gateway Products Hardware Appliances 500 – 2000 150 - 750 50 - 250 1 – 100 Recommended Users 250 Mbit/s 150 Mbit/s 80 Mbit/s 50 Mbit/s Web Throughput 4 4 2 2 Gigabit Network Ports Medium business, enterprise division AWG 4000 Medium business Medium business Small to Medium business Environment AWG 3000 AWG 2000 AWG 1000 Virtual Appliance Runs in any VMware environment Pricing based on IPs/Users (similar to ASG software)
30.
31.
32. Astaro Mail Gateway Comprehensive Mail Security functionality Antispam Antivirus Encryption Email Remote Exchange Access
36. Astaro Mail Gateway Products Hardware Appliances 2000-5000 700-3000 200-800 50-300 Recommended Users 200,000 150,000 100,000 50,000 Email Throughput (Emails/h) AMG 1000 AMG 2000 AMG 3000 AMG 4000 Environment Small to Medium business Medium business Medium business Medium business, enterprise division Gigabit Network Ports 2 2 4 4 Virtual Appliance Runs in any VMware environment Pricing based on IPs/Users (similar to ASG software)
52. Astaro Report Manager Products Software Application Runs on Intel-compatible PCs and servers Requires Windows Platform: - Windows 2000/XP/2003 - MS IE 6.0 or compatible with JAVA runtime - MS IIS or integrated Apache
53.
54. Astaro All-in-One Internet Security For additional information: Contact Ronnie Hash Astaro Software & Virtual Appliances Free Download www.astaro.com/download [email_address]
Notes de l'éditeur
Due to the growing complexity and increasing number of tasks there is a growing demand for integrating the many tools into single products Vendors had first started with integrating firewall and VPN gateway functions into a single product Since 2003 UTM (Unified Threat Management) appliances evolved, which additionaly incorporated Intrusion Detection/prevention plus Antivirus functions as part of a single centralized gateway. Since then UTM vendors added more and more functions to their products and created new marketing buzzwords like UTM+ Currently the successor of UTM is evalving, called XTM (eXtensible Threat Management) XTM-Platforms are more advanced then UTM in terms of: flexible extensibility with new features and additional performance Simple centralized management Comprehensive enterprise-class functionality (e.g. clustering etc…) Astaro’s solutions are always ahead of the competition in terms of completeness and depth of integrated features (see also features listed on top of grey shaded areas)
However Integrating many tools into a single paltform only provides limited benefit if not all tools are integrated into a unified management system at the same time. However this is not the case with many of today‘s „integrated“ solutions where the aggregated tools have no knowledge of each other and administrators often have to use many different manegement tools and GUIs in order to manage the compelte product
Explain deployment options 3 deployment options, same great product. Astaro Security Gateway is available as a software appliance, hardware appliance, and virtual appliance in order to meet any deployment scenario. Software appliance Since the operating system and all featured applications are bundled within a single ISO image, Astaro Security Gateway software appliances are much easier and faster to install than software applications that require a separate, pre-installed operating system. By supporting a broad range of Intel-compatible server systems, software appliances allow for maximum deployment flexibility on your hardware of choice. The Astaro Security Gateway software appliance is available on CD with a printed manual or can be downloaded directly from Astaro servers and independently burned onto a CD. There is no need for client based software installation. Specific licensing packages are available, varying by the number of users/IP addresses. Hardware appliance Astaro Security Gateway hardware appliances are based on high quality Intel-compatible server systems with each model offering an identical feature set. Small businesses do not have to surrender important security features due to scaled-down hardware performance. All models offer an integrated hard disk drive in order to locally store quarantined emails and log data, avoiding the need for additional servers. Astaro Security Gateway hardware appliances can be easily deployed at the perimeter of your network to protect all email, web and network user traffic. Since all hardware appliances feature a pre-installed operating system and software, the initial setup will be fast and without complication. There is no further need for client based software installation. With a complete range of models available, ASG hardware appliances effectively protect networks from 10 to more than 2000 users. Virtual appliance Astaro Security Gateway virtual appliances allow for easy deployment in large and complex environments. Optimized hardware allocation and reduced hardware expenditure is available since physical computers are able to run multiple instances of the software in parallel by using the underlying VMware virtualization infrastructure. As a result, it is ideally suited for managed security services and those responsible for the consolidation of several departmental networks. The Astaro Security Gateway virtual appliance can be downloaded from Astaro servers and burned independently onto a CD. It can then be installed on any system running either a VMware player, VMware workstation, VMware server or VMware ESX server. Specific licensing packages are available, varying by the number of users/IP addresses. Astaro is one of the few security vendors offering a virtual appliance and we have been partners with VMware for over 5 years.
Only Astaro appliances are available in three different types: as hardware, a software, and a virtual appliance.Integration into existing infrastructures has never been easier. Nobody's faster: With Astaro’s “10-Minute Setup” each installation is completed easily. Nobody's more flexible: Astaro “One-Click Clustering” technology enables scalable performance and system stability with up to ten cluster nodes. Over 47,000 customers are already protecting their internet communications with an Astaro appliance.
Introduce the audience to the Astaro Security Gateway Interface So, this is the main management console you use in the Astaro Security Gateway. When you first login to the unit you are greeted with a dashboard view displaying the status of your Astaro Security Gateway and network. As you can see the Astaro Security Gateway is a comprehensive perimeter security solution that offers the latest in: Network Security - Firewall, VPN and Intrusion Prevention Web Security - URL Filtering, Malware Detection, Bandwidth Management and Application Control Mail Security - Antispam, Antivirus, Antiphishing and Email Encryption The interface has been designed to ensure that the administrator has the best possible user experience. Astaro has incorporated AJAX technology into its interface allowing for drag and drop features and what we feel is the industries most user friendly management console.
Antispam - Unmatched recognition rate through reputation-based filtering With the patented reputation-based filtering techniques, we now detect and reject up to 90% of all spam emails prior even receiving the body of the email. This reduces the load on the box, the network traffic transferred and also the amount of emails in the quarantine you need to manage. This concept works also for Image, PDF, MP3, Flash or foreign language spam, as we do not rely on understanding the content of the email. In order to detect the last appr. 10% of the spam messages, we complement this approach with an patented reputation- and fingerprint based filtering technology, an "Advanced Greylisting Filter", which is now needed as most spam senders are now able to bypass standard greylisting filters. With this, Astaro has the one of the highest spam detection rates and a feature richness to surpass nearly every dedicated mail filtering solution out there, even in the enterprise as all these settings can also be configured within profiles on a per domain basis, and the integrated clustering technology, scales nearly linear over multiple appliances which act as one single solution. Antivirus - Dual virus scanners block harmfull malware in SMTP and POP3 With two indipendent virus scanners that receive indipendent pattern and engine updated, Astaro offers a maximum protection against malware distributed via email messages. This is not only true for SMTP but also covers POP3 emails sent through the Mail Gateway. Email Encryption - Transparently secure and sign email communication - clientless The only secure way to sent email across the internet is to encrypt them. With S/MIME and OpenPGP support, AMG offers a standardized way to communicate securely. Unlike other solutions however, Astaro doesn’t require complex enrollments of PKIs or even involving the end-user into the process of managing certificates, encrypting, decrypting and signing messages. All of this is done automatically at the gateway without any need for client software or interaction. Remote Exchange Access - Let mobile users easily access their exchange mailbox with their customary Outlook client via a secure SSL-VPN connection Beside the secure transfer of email messages the save access to the corporate mailbox on internal servers is especially for SMEs a challenge. Astaro Mail Gateway offers easy to configure SSL-VPN access not only to MS Exchange but also to Lotus Notes and Novell Groupwise.
The WebAdmin allows easy configuration and monitoring of all email related security tasks out of one powerfull browser-based graphical user interface. Astaro WebAdmin shares common administration concepts throughout the whole Astaro product family, efficiently limiting the training efforts between Astaro products to a minimum.
Localized in 15 languages, Astaro UserPortal presents many options for end-users to track and monitor messages which have been processed by the Astaro Mail Gateway. It not only offers the possibility to easily manage quarantined emails but also allows users to gain a quick overview on their complete email traffic. Also, the UserPortal offers features to manage personal email whitelists and administer POP3 accounts. The Picture shows the common share in e-mail traffic on an Astaro appliance: Most spam is rejected, some are qurarntined and only a few delivered.
personalized email log: Each user can see the status of all sent and received emails, weather they have been delivered, rejected by the spam quarantine or contained a virus.
Firewall Stateful Packet Inspection Packet filtering – inspects packet headers Stateful packet inspection – tracks events across a session to detect violations of normal processes Time-based rules and Policy-based routing Application-Level Deep Packet Filtering Scans packet payloads to enforce protocol-specific rules Security proxies to simplify management HTTP, FTP, POP3, SMTP, DNS, Socks, Ident NAT (Network Address Translation) and masquerading DoS (Denial of Service Attack) protection Transparent mode eases administration VPN Encrypts data to create a secure private communications “tunnel” over the public Internet Supports IPsec, SSL, L2TP, and PPTP VPNs Windows, Linux, Unix and MacOS x clients Advanced encryption Supports all major encryption methods Many authentication methods Internal certificate authority Full Public Key Infrastructure (PKI) support Supports VPN tunnels based on dynamic IP interface addresses (DynDNS) IPS Identifies and blocks application- and protocol- related probes and attacks Database of over 7,500 patterns and rules Probing, port scans, interrogations, host sweeps Attacks on application vulnerabilities Protocol exploitations Intrusion detection and prevention Notify administrator, or block traffic immediately Powerful management interface One click to enable or disable complete rule sets e.g. for email- or webservers
Antivirus Blocks viruses, worms, trojans, and other “malware” before they reach email servers or desktops Scans SMTP and POP3 traffic Dual virus scanners with multiple detection methods Virus signatures, heuristic analysis Database of more than 800,000 virus signatures Frequent automatic updates Flexible management Can specify file formats and text strings to block Emails and attachments can be dropped, rejected with message to sender, passed with a warning, or quarantined Supplements desktop virus scanning Antispam Identifies and disposes unsolicited emails Scans SMTP and POP emails Multiple methods to identify spam Reputation service with spam outbreak detection using patented Recurrent-Pattern Detection TM technology Realtime Blackhole Lists, Whitelists/Blacklists, Greylisting, URL scanning, BATV, SPF record checking… Detects spam in every language and format Flexible management Emails and attachments can be rejected with message to sender, passed with a warning or quarantined User can individually release blocked messages via daily spam report or end user portal Antisphishing “ Phishing” – Criminals imitate emails from banks, credit card companies, eBay and other sources to obtain confidential user information Astaro identifies and blocks phishing emails through several techniques: Virus scanner identifies phishing signatures URL filtering database captures phishing servers in the “suspicious” category Content downloaded from web sites will be blocked if it matches patterns of phishing content Email Encryption En-/Decryption and Digital Signatures for SMTP Emails supports OpenPGP and S/MIME Completely transparent No additional Software on Client required Easy Setup Only three configuration steps to start Central Management of all keys and certificates No key or certificate distribution required Allows Content/Virus scanning even for encrypted SMTP emails
Spyware Protection Blocks downloads of spyware, adware, and other malicious software Prevents infected systems from sending information back to the spyware server Checks against a database of known spyware URLs Gateway spyware blocking complements desktop anti-spyware tools Antivirus for Web Block viruses, worms, trojans, and other “malware” before they reach desktops Scans HTTP and FTP traffic Web & ftp downloads Web-based email (MSN Hotmail, Yahoo! Mail) Dual virus scanners with multiple detection methods Virus signatures, heuristic analysis Database of more than 800,000 virus signatures Frequent automatic updates Flexible management Can specify file formats (endings) and content (MIME) types to block URL Filter Enforces policies on appropriate web usage Administrators can define web use policies based on 60 pre-defined categories of web sites Nudity, gambling, criminal activities, shopping, drugs, job search, sports, entertainment, etc. Sophisticated classification techniques text classification, recognition of symbols and logos Whitelists and blacklists to tailor access for groups of users Measure and report on activities IM/P2P Control Manage the use of Instant Messaging Clients and Skype AOL IM, ICQ, MSN Messenger, Yahoo! Messenger, IRC, Google Talk/Jabber, Tencent QQ, Skype Manage the use of Peer-to-Peer applications Applejuice, Ares, Bittorrent, Direct Connect, Edonkey, Gnutella, IMesh, MUTE, Manolito, Pando, Winny Flexible control Depending on application the administrator can decide to either allow or block it completely, block file transfers only or just log its usage Specific users/IP addresses can be excluded from general rules Specific hosts and networks can be excluded from IM/P2P control
Real-time monitoring of critical system parameters Tracks license status, threats, firmware/pattern versions, resource usage and other system parameters in real time Inventory Management At a glance overview of static system parameters of all devices like SW version, CPU, Memory,Hard disks,Networks Interfaces,CD-ROM drives Centralized Device Maintenance Prefetch and install pattern and system updates System shutdown and reboot Single-Sign-On WebAdmin access Rapid Access to Astaro Gateways with single logon Role-based administration Provides different management rights to different administrative users at the same time, including full revision capability
Two different GUIs for ACC system management and device management of individual customers Dashboard-Views for brief overview about critical system parameters Tree-Views to group and organize devices Diversified List-Views for detailed status information Worldmap locates devices within globally distributed network
Centralized Management allows you to: Save administrative time and money when managing multiple globally distributed security devices Easily define and deploy company wide security policies Keep an overview about the overall security status of your network Track critical device parameters in real-time Astaro Command Center Enables easy mass rollouts of multiple Astaro Gateways Provides real-time threat-level monitoring Offers central firmware status check and pattern and software updates Includes comprehensive dashboards for at-a-glance status overviews as well as detailed parameter tracking
Log Management Centralized Data Collection and Archiving Compliance Management Scalable to 1000s of devices via distributed architecture Reporting 800+ pre-defined reports Reporting Portal with powerful drilldown Automated Report Generation and Distribution Monitoring & Alerting Real-time Monitoring Correlated Alerting & Analysis Real-time Event Manager Monitoring Dashboard Forensic Analysis Ad-Hoc Audit of log data Investigative Analysis Expression based search through volumes of log data across thousands of devices