Embed Size (px)
DESCRIPTION
Presentacion de ventas de Astaro UTM
Citation preview
Astaro Product Presentation
2
Product Overview
Security Gateways
Gateway Extensions
Management Tools
Security Gateway Features
Hosted Services: Astaro Mail Archiving
Agenda
3
Astaro Products in Use
4
Product Overview
Security Gateways
Gateway Extensions
Management Tools
Security Gateway Features
Hosted Services: Astaro Mail Archiving
Agenda
5
Security GatewaysComprehensive All-In-One Security for SMEs
6
Crackers Botnets Spam Phishing Scam Hoax
Viruses Spyware Gray ware Intrusions Denial of
Service Distributed Denial of Service Ping floods
Eavesdropper Script Kiddies Espionage Malware Root kits
Adware P2P File sharing Trojans Spit Bots Backdoors
Buffer Overflows Hackers Malcode Bugs Key loggers
Crime ware Pharming Competitors Identity theft Exploits
DNS poisoning Snarf attacks Spam bots Spy bots Trap
doors War driving Ransomware ASCII bombs
Bluesnarfing Worms Decrypting Reverse engineering Phreaking
Port Scanning
Internet Threats on the Increase
IPS
SSL VPN Gateway
E-Mail/Spam Filter
Web Filter
GW Antivirus Filter
WAN Link Balancer
Load Balancer
Router
Cost Time Investment
Total:
Firewall
Modern IT-Security Challenges
7
8
The Astaro All-In-One Approach
All-In-One Appliance
CentralizedManagement &
Reporting
Browser-basedUnified Management of
All Applications
VPN & WirelessExtensions
Flexible Deployment
Software Appliance
Virtual Appliance Integration of Complete E-mail, Web& Network protection
Networking-Features for High Availability and Load Balancing
9
Astaro Security GatewayUnified Threat Management Appliances
10
Deployment Scenarios
11
Security Features
Enterprise-class Security for SMB
Wireless Controller forAstaro Access Points
Multi-Zone (SSID) support
Wireless Security
optional
Intrusion Prevention
IPSec/SSL VPN
Branch Office Security
Network Security
optional
URL Filter
Antivirus & Antispyware
IM & P2P Control
Web Security
optional
Reverse Proxy
Web Application Firewall
Antivirus
Web Application Security
optional
Anti Spam & Phishing
Dual Virus Protection
Email Encryption
Mail Security
optional
Stateful Firewall
Network Address Translation
PPTP/L2TP Remote Access
Essential
Firewall
12
10 Advantages of Astaro Security Features
Secure Firewall1
Support all integrated VPN clients2
Detect malware in HTTPS-data3
Keep mailboxes clean4
Protect confidential messages5
User-based web filter6
Block Skype, Bittorrent or others7
Implemented Web Application Firewall 8
Clustering allows flexible scaling9
Integrated Wireless Controller 10
13
Management Made Easy
Intuitive Dashboard Individual UserPortal Comprehensive Reporting
14
10 Advantages of ASG Management
Web interface1
Low maintenance2
Mail & VPN User Management3
Simple Connection for Mobile Employees 4
Fast Disaster-Recovery 5
Reuse User-Definitions in AD6
Integrated Supported Reporting 7
Integrated log and quarantine management
8
Secure connection to branch offices in 5 minutes
9
“Zero-Config HA“10
15
Astaro Security Gateway Products
HardwareAppliance
110/120 220 320 425 525 625
Environment Small networks
Medium networks
Medium networks
Large networks
Large networks
Large networks
Network Ports 4 8 8 6 & 2 SFP 10 & 4 SFP10 & 8
SFP
Max. recommended FW Users
10/50 150 350 1000 2500 4000
Max. recommended UTM Users
10/25 70 200 600 1300 2000
Software Appliance * Runs on Intel-compatible PCs and servers
VirtualAppliance * Runs in any VMWare environment
*Pricing based #IPs/Users
16
Hardware
Operating System
Application
Deployment Models
First UTM Appliance that passed VMware validation program
Hardware ApplianceSoftware Appliance Virtual Appliance
Hardware
Operating System
Application
17
Product Overview
Security Gateways
Gateway Extensions
Management Tools
Security Gateway Features
Hosted Services: Astaro Mail Archiving
Agenda
18
Gateway Extentions
19
Branch Office SecuritySecure Branch Office Connection
20
Branch Office Security - Challenges
Businesses with many small branch offices need an easy and affordable way to connect them back to the headquarter location and keep their Internet access secure.
21
Available Solutions
Routers for private users
Low-end UTM Appliances
MPLS and Managed VPN Services
22
Astaro RED
The easiest and most economic way to secure your branch offices in a few minutes – without the need for technical personnel at the remote site!
23
Deployment Scenario
24
How Does RED Work?
25
Easy Installation
Appliance can be delivered without configuration
A0410230401
Internet
TUNNEL
Computer
Headquarter
Branch Office
26
Implemented Centralized Management
27
Astaro RED 10
Technical Information
Solid steel chassis
No moving parts
1 WAN Port
4-Port LAN Switch
>30 Mbit/s VPN-throughput
<7 Watt power consumption
Unrestricted users
No Buttons, No GUI
28
Easy to implement and manage
Virtual Ethernet cable
Setup in the branch in two minutes
Centralized configuration in ASG
No technical personnel required at the remote site
Cost efficient
Small, low-cost appliance
No maintenance or recurring costs in the remote site
Complete UTM security
Enterprise-class network, mail, and web filtering in central ASG
Advantages
29
Wireless SecuritySecure Wireless Networks for Businesses
30
Wireless Networks – The Challenges
Businesses need an easy-to-use, secure and reliable possibility to integrate wireless devices into their business networks.
31
Available Solutions
Access Points for private users
Low-end UTM-Applianceswith integrated Wi-Fi
Enterprise Wireless Solutions
Astaro Wireless Security
Air traffic control for your business network
32
33
Deployment scenarios
34
Easy installation
Guest
Internet Finance
Astaro Security Gateway
35
Centralized Management
36
Flexible Access for the Whole Office
Astaro access points can be placed anywhere in your organization.
Easy creation of multiple separate wireless zones.
37
Integrated Security
Integrated UTM Security
Strong Encryption
38
Astaro Access Points
Up to 10 users
150 Mbit/s throughput
1 x 10/100 Base TX
802.11 b/g/n
1 x detachable dipole antenna
Power consumption: < 8 Watt
Desktop/Wand mounting
Up to 30 user
300 Mbit/s throughput
1 x 10/100 Base TX
802.11 b/g/n
3 x internal antennas
Power consumption: < 8 Watt
Desktop/ceiling mounting
Power over Ethernet (802.3af)
AP 10 AP 30
PoE-Injector included!
39
Easy installation and management– Centralized configuration
– No configuration at the Access Points’ site necessary needed
Secure and reliable– Integrated UTM-security for wireless devices
– Best protection for wireless connections
Flexible access– Continuous signal in the whole office
– Easy internet access for guests
Advantages
40
Astaro ClientsSecure Remote Access to Business Networks
41
Deployment Scenario
42
Highly secure data connections to Astaro VPN gateways
Authentication via Pre-Shared Key (PSK), PKI (X.509), Smartcards, Tokens, XAUTH
Encryption via AES, DES, 3DES, Blowfish, DH-groups, MD5, SHA
Intelligent Split-Tunneling for optimum traffic routing
NAT-Traversal support
Multilingual (English, German, French)
Windows XP, Vista, 7
„One-click“-Setup
Astaro IPsec Client
43
Proven SSL- (TLS) based security
Minimal system requirements
Supports MD5, SHA, DES, 3DES and AES
Works through all firewalls, regardless of proxies and NAT
Independent from Browser
Offers transparent access to all resources and applications within the corporate network
Windows 2000, XP, Vista, 7, Linux, MacOS X, BSD or Solaris
„One-Click“-Setup
* for free
Astaro SSL Client*
44
Astaro Smart InstallerFast Disaster Recovery
45
Fast Recovery
Fast installation of a software-image or recovering a stored configuration with a bootable USB device
– Configuration will be used automatically
– No manual interference necessary
Reduces downtime
Astaro Smart Installer
46
Management ToolsCentralized Management of all Security Products
47
Central Management – The Challenges
Management of the complete security infrastructure1
Setting global definitions2
Monitoring important values (in real-time)3
Creating company-wide reports4
Centralized inventory management5
48
How do you handle all management tasks today?
All devices will be managed separately
– Very time-consuming
Tools for central management
– Expensive and complex
Using self-provided Batch processing
– Very time-consuming
– For configuration only, monitoring and reporting generally not possible
Available Solutions
49
Astaro Command CenterManage all your security products from a single location
50
Real-Time Monitoring
Aggregated Reporting
Inventory Management
Device Maintenance
Central Configuration
Access Management
Astaro Command Center
51
Easy Management
52
Multi-Client Capability for Managed Services
53
Products
Virtual Appliance* Runs in any VMware environment
Software Appliance* Runs on Intel-compatible PCs and servers
Free of Charge!
54
Advantages
Save and distribute administration tasks1
Simple configuration for company-wide security policies
2
Overview for important resources used3
Monitor critical system parameters in real-time4
Easy maintenance for worldwide distributed devices5
55
Product Overview
Security Gateways
Gateway Extensions
Management Tools
Security Gateway Features
Hosted Services: Astaro Mail Archiving
Agenda
56
Astaro Security Gateway FeaturesEnterprise-Class Security Technology
57
Astaro Essential Firewall
58
Astaro Network Security
59
Virtual Private Network (VPN) Gateway
Site-to-Site IPsec & SSL VPN for creating a secure communication Remote Access for employees and mobile user (Road Warriors)
via IPsec & SSL
Support of all Major Encryption and Authentication Methods
Certificate Authority
Astaro Network Security
60
Intrusion Prevention
Identifies and Blocks Application and Protocol Related Probes and Attacks through Deep Packet Inspection
Database of over 8,000 Patterns and Rules
Intrusion Detection and Prevention
Powerful Management Interface
DoS (Denial of Service Attack) and protection from port scans
Astaro Network Security
61
Astaro Mail Security
62
E-Mail Antivirus
Dual Independent Virus Scanners for SMTP and POP3
Blocks Malware before it reaches email servers or desktops
Database with more than 800.000 virus signatures
Flexible Management
– Can specify file formats (endings) and content (MIME type) to block
– Emails and attachments can be dropped, rejected with message to sender, passed with a warning, or quarantined
Astaro Mail Security
63
Antispam Highest Detection Rate through Combination of Multiple Methods:– Reputation service (format and language agnostic)– Realtime Blackhole Lists (RBLs)*– Dialup Network Blocking*– Greylisting*– BATV (Bounce Address Tag Verification)*– SPF (Sender Policy Framework)*– Expression filter– Recipient verification*– Reverse-DNS and HELO Syntax Checks…*
Flexible Management– Emails and attachments can be rejected with message to sender,
passed with a warning or quarantined
Astaro Mail Security
* can reject emails even before body is transferred
64
Antiphishing
Astaro identifies and blocks phishing emails though several methods:
– The virus scanner identifies phishing signatures
– The URL filter blocks phishing server (categorized as “suspicious”)
– Downloaded content will be blocked, if it is similar to known phishing site methods
Astaro Mail Security
65
Email Encryption
En-/Decryption and Digital Signatures for SMTP Emails
Completely Transparent
Easy Setup
Central Management of all Keys and Certificates
Allows Content/Virus Scanning even for Encrypted SMTP Emails
Astaro Mail Security
66
Astaro Web Security
67
Spyware Protection
Blocks (Unintentional) Downloads of Spyware, Adware, and Other Malicious Software
Prevents Infected Systems from Sending Information Back to the Spyware (Home) Servers
Checks Against a Database of Known Spyware URLs
Blockierung von Spyware auf dem Gateway komplettiert Anti-Spyware Desktop Tools
Astaro Web Security
68
Web Antivirus/Malware
Blocks viruses, worms, trojans, and other “malware”
Scans HTTP, HTTPS und FTP traffic
Dual Independent Virus Scanners with Multiple Detection Methods
Signature Database with more than 800,000 virus signatures
Flexible Management
Astaro Web Security
69
URL Filter
Control employee’s web access to more than 96 categories
Considers global reputation of a website
Additional whitelists und blacklists
Many User Authentication Options
– IP addresses, access for users or groups, Active Directory SSO, eDirectory SSO, LDAP, RADIUS/TACACS+
– Time-based access policies
Astaro Web Security
70
IM & P2P Control
Manages the Use of Instant Messaging Clients (and Skype) and Peer-to-Peer Applications
Flexible Control
Bandwidth Control
Astaro Web Security
71
Astaro Web Application Security
72
Astaro Web Application Security
Security Patterns
73
Astaro Web Application Security
Cookie Signing - Discards cookies which have been altered.
74
www.astaro.com/admin.php not allowed!
Astaro Web Application Security
www.astaro.com
/products /solutions /resources
/ASG
/AMA
/ACC
/NetSecurity
/MailSecurity
/WebSecurity
/datasheets
/webinars
www.astaro.com/resources.php?userID=123 allowed & signed
www.astaro.com/resources.php?XA)=§JGF/(D§KLFJACV;DOQPE can‘t be tampered
www.astaro.com/products.php allowed
URL Hardening
75
Astaro Web Application Security
Antivirus
User
76
Astaro Networking FunctionsEnterprise Class Network Technology
77
WAN Link Balancing
Bundles of up to 8 Internet connections with fallback and simultaneous load distribution
Fallbac
k
Fallback
ISP#2- DSL
ISP#1- Cable
ServersISP#1Priority
ISP#2 Fallback
ServersISP#2Priority
ISP#1 Fallback
78
Ethernet Link Aggregation
Bundles of up to 4 Ethernet Ports for more throughput and stability
Logical 200 Mbps Interface(Link Aggregation Group)
100 Mbps Ports
RedundantConnection
Switch
79
Server Load Balancing
Dynamic load distribution for incoming data over groups of similar servers
Health Check
SessionPersistence
Internet
John
All requests fromJohn to Server A
A
B
C
WebServers
Load
bala
nce
Astaro Active-Passive HA (Standby)
Stability through Standby-System
Synchronisation of: IPSec tunnels FW connections Spooled & quarantined mails Log-files
Master
Slave
State & configsynchronization
Stateful Failover < 2sec
deactivated
New Master
80
Internet
Config settings Time/Date settings Software version Reporting
Cluster Nodes
Scalability
Astaro Active-Active HA (Cluster)
81
High AvailbilityActive / Active
LAN
Master (balancing)
Slave
Internet
”Zero Config HA“
Active-Passive (stand-by) HA - Configuration:
– Automatic configuration with connections via HA-Ports
Active-Active (Cluster) HA - Configuration:
– Change HA-mode at master to “cluster“
• All units connected to the master HA-port will auto-join the cluster, as per default
• No extra configuration on slave/cluster node required
Master
Slave
HA port (eth3)
82
83
Controlled Measures for Power Cuts Power cut signaled via USB
Message sent to the admin
Automatic shut down when critical battery level is reached
Supports USVs from APC and MGE
UPS Support
USB
Signaling
Power
84
Optimal Path Selection and Stability
Static / Policy
– Based on Source/Destination Interface/Network or Service
Dynamic
– OSPF
Multicast
– PIM-SM
Routing
85
DHCP
Dynamic IP Address Management
DHCP Server & Relay
Configuration per Interface
Static MAC/IP Mapping is possible
IPv4/IPv6 Support
ExternalDNS Server
IP Address DB(192.168.1x)
#
DHCP Server/ Relay
192.168.1.12
192.168.1.13
192.168.1.14
86
DNS Proxy
Flexible Name Resolution
IPv4/IPv6
DynDNS-Support
Split DNS-Support
Local Cache
DNS Forwarder-Support
Dyn DNS Service
ExternalDNS Server
LocalDNS Server
DNS Server/Forwarder
Static DNS EntriesDNS Cache
87
Quality of Service (QoS)
Guarantees minimum and maximum bandwidth for certain data types
Secures quality of service (throughput, delay,…) for VoIP and other real-time applications
Prevents clogging of the Internet-uplink through individual downloads
P2P
Surf
SAP
VoIP
other
100%
50%
0%
P2P
Surf
SAPVoIP
other
88
Product Overview
Security Gateways
Gateway Extensions
Management Tools
Security Gateway Features
Hosted Services: Astaro Mail Archiving
Agenda
89
E-mail ArchivingCompliance & Productivity Requirement Solutions
90
E-mail Management Challenges
91
Available Solutions
Mail Archiving Software
Mail Archiving Appliances
Hosted archiving solution
Hosted archiving solution
92
Astaro Mail Archiving
Make Archiving Your E-Mail Our Problem
93
Deployment Scenario
94
Setup in < 15 minutes
No Maintenance Tasks
Installation and Maintenance
95
Compliance
All necessary e-mails – for the prescribed period
Filtering of messages not to be archived
Evidence of filter actions in the audit log
Regulation-based archiving for years or decades
Secure deletion of e-mails upon expiry of the archiving period
Auditor roles, including the dual control system
Auditor logs & search
96
Find e-mails instantly through Google-like full-text search
Instant Discovery
97
Outlook Plug-In
Easy installation
Seamlessly integrated Plug-in
Direct message handling (forward, reply, copy)
No employee training necessary
PST and mailbox upgrade included
98
Secure Data Storage
TLS encrypted data transfer
AES encrypted storage
Redundant storage and automatic backup
Unlimited storage capacity
Storage
Fronte
nd
Back
end
Fire
wall
Sto
rage
Back
up
Contr
ol
Asta
ro M
ail A
rch
ivin
g C
lou
d
99
Licensing & Pricing
No hidden extras: All services included!
#Users 1 year license 3 years license 5 years license
10 $ 480 $ 1.150 $ 1.73025 $ 1.150 $ 2.765 $ 4.145 50 $ 2.210 $ 5.310 $ 7.965 75 $ 3.250 $ 7.805 $ 11.705
100 $ 4.245 $ 10.190 $ 15.290 150 $ 6.245 $ 14.980 $ 22.475 200 $ 8.155 $ 19.570 $ 29.355 300 $ 11.985 $ 28.765 $ 43.150 400 $ 15.655 $ 37.570 $ 56.360 600 $ 23.015 $ 55.230 $ 82.845 800 $ 30.060 $ 72.140 $ 108.210
1000 $ 36.070 $ 86.565 $ 129.850 1500 $ 51.940 $ 124.655 $ 186.985 2000 $ 66.485 $ 159.860 $ 239.340
< €3 per user/month!
100
Easy Usability
– Messages can be found in seconds
– No employee training necessary – intuitively designed Outlook Plug-in
– Regulation-based archiving for years or decades
Maintenance-free
– Setup in less than 15 minutes
– AD Integration & Exchange synchronization
– No hardware maintenance and upgrade
Best price/performance ratio
– Less than €3 per user/month*
– Unlimited Storage Capacity
* 100 user, 3 year license
Advantages
101
Product Overview
Security Gateways
Gateway Extensions
Management Tools
Security Gateway Features
Hosted Services: Astaro Mail Archiving
Agenda
