Simplifying Email, Web & Network Protection
Astaro Overview – Page 2 © Astaro 2007
Topics
Astaro Company Profile
The Security Struggle
Overview of Astaro Security Gateway
Security ApplicationsWeb Security
Email Security
Network Security
Appliances and Software
Additional Astaro Products
Business Value
Network Security
Web Security
Email Security
Astaro Overview – Page 3 © Astaro 2007
Astaro Company Profile
Founded in 2000
Pioneered what is called Unified Threat Management market
Profitable, growing 60%
Award-Winning ProductsAstaro Security Gateway – the most flexible solution for integrated email, web, and network protection
protects 40.000+ networks in over 60 countries
Easy to deploy and manage
Global PresenceHeadquarters in Karlsruhe, Germany and Boston, USA
100+ employees in EMEA, Americas and APAC
24x7 technical support
1000+ partners & reseller worldwidet (700+ in EMEA)
Astaro Overview – Page 4 © Astaro 2007
Customers
Astaro Overview – Page 5 © Astaro 2007
Recognition
Best of the year 2004Best of the year 2005Best of the year 2006Editor's choice (2x)
5/5 Star Review (2x)
Best of the year 2004Best of the year 2005
Editor's choice
Recommended productProduct of the year 2005Product of the year 2006
Astaro Overview – Page 6 © Astaro 2007
The Security Struggle
MULTIPLYING THREATS
DEMAND MULTIPLE DEFENSES
THAT ARE DIFFICULT TO INTEGRATE
AND MANAGE
∞ Evaluate
∞ Purchase
∞ Train
∞ Install
∞ Integrate
∞ Configure
∞ Manage
∞ Update
Firewall
VPN
Spam Blocking
Anti- Virus
Intrusion Detection
URL Filtering
Anti-Spyware
Astaro Overview – Page 7 © Astaro 2007
Firewall
1995
VPNURL FilterIDSEmail Anti VirusFirewall
2000
Central report toolCentral config tool Central mgmt toolSigning/encryptionVoIP SecurityVPN Remote accessNACWireless security P2P filterIM filterAnti SpywareMulti protocol AVIPSVPNURL FilterIDSEmail Anti VirusFirewall
2005
App 3App 2App 1
UTM Gateways
Clean pipe
2010
The growing demand for Internet Security
Astaro Overview – Page 8 © Astaro 2007
Astaro Security Gateway
Complete Perimeter Security
Network Security
Web Security
Email Security
Astaro Overview – Page 9 © Astaro 2007
Integrated Email, Web and Network Protection
Content FilterAnti Virus & SpywareIM & P2P Control
Web FilteringFirewall
IPSVPN
Network Protection
Email Security
Spam FilterAnti Virus & PhishingEncryption
Astaro Overview – Page 10 © Astaro 2007
Layered Security
Externalusers
Internet
Firewalland VPN
IntrusionProtection
Content Filtering–Virus/Spam/URL/Spyware/Phishing
Internalusers
LANs
EmailDatabase Web
Internal Resources
Astaro Security Gateway V7
Astaro Overview – Page 11 © Astaro 2007
Integrated Management
Installation
Update
Logging and Reporting
Network Security
Web Security
Email Security
ManagementInterface
Astaro Overview – Page 12 © Astaro 2007
Web Security
Network Security
Email Security
Content Filtering
Virus Protection
IM and P2P Control
Web Security
Spyware Protection
Astaro Overview – Page 13 © Astaro 2007
Spyware Protection
Blocks downloads of spyware, adware, and other malicious software
Prevents infected systems from sending information back to the spyware server
Checks against a database of known spyware URLs
Gateway spyware blocking complements desktop anti-spyware tools
Astaro Overview – Page 14 © Astaro 2007
Virus Protection for the Web
Block viruses, worms, trojans, and other “malware” before they reach desktops
Scans HTTP and FTP trafficWeb & ftp downloads
Web-based email (MSN Hotmail, Yahoo! Mail)
Dual virus scanners with multiple detection methods
Virus signatures, heuristic analysis
Database of more than 300,000 virus signaturesFrequent automatic updates
Flexible managementCan specify file formats and text strings to block
Astaro Overview – Page 15 © Astaro 2007
Content Filtering (URL Blocking)
Enforces policies on appropriate use of the web
Administrators can define web use policies based on pre-defined categories of web sites
Nudity, gambling, criminal activities, shopping, drugs, job search, sports, entertainment, etc.
Sophisticated classification techniques text classification, recognition of symbols and logos
Whitelists and blacklists to tailor access for groups of users
Measure and report on activities
Astaro Overview – Page 16 © Astaro 2007
IM & P2P Control
Manage the use of Instant Messaging ClientsAOL IM, ICQ, MSN Messenger, Yahoo! Messenger, IRC, Google Talk/Jabber, Skype
Manage the use of Peer-to-Peer applicationsBittorrent, Edonkey, Gnutella,WinMX, Winny, Manolito, Ares, Direct Connect
Flexible controlFor each application administrator can define, if it should be allowed or blocked and if he should receive a notice about its usage.
Astaro Overview – Page 17 © Astaro 2007
Email Security
Network Security
Web Security
Email Security
Virus Protection
Spam Protection
Phishing Protection
Email Security
Astaro Overview – Page 18 © Astaro 2007
Virus Protection for Email
Block viruses, worms, trojans, and other “malware” before they reach email servers of desktops
Scans SMTP and POP3 traffic
Dual virus scanners with multiple detection methods
Virus signatures, heuristic analysis
Database of more than 300,000 virus signaturesFrequent automatic updates
Flexible managementCan specify file formats and text strings to blockEmails and attachments can be dropped, rejected with message to sender, passed with a warning, quarantined
Gateway virus protection supplements desktop virus scanning.
Astaro Overview – Page 19 © Astaro 2007
Spam Protection
Identifies and disposes unsolicited emails (spam)
Scans SMTP and POP emails
Multiple methods to identify spamReputation service with spam outbreak detection using patented Recurrent-Pattern DetectionTM technology Realtime Blackhole Lists, Whitelists/Blacklists, Greylisting, URL scanning, BATV, SPF record checking…
Detects spam in every language and format
Flexible managementEmails and attachments can be rejected with message to sender, passed with a warning or quarantinedUser can individually release blocked messages via daily spam report or end user portal
Astaro Overview – Page 20 © Astaro 2007
Protection Against “Phishing”
“Phishing” – Criminals imitate emails from banks, credit card companies, eBay and other sources to obtain confidential user information
Astaro identifies and blocks phishing emails through several techniques:
Virus scanner identifies phishing signatures
URL filtering database captures phishing servers in the “suspicious” category
Content downloaded from web sites will be blocked if it matches patterns of phishing content
Internet
EmailServer
WebServer
Databases
ofPhishing
Sites
Scans for phishing
signatures
Astaro Overview – Page 21 © Astaro 2007
Email Security
Network Security
Web Security
Email Security
Email Encryption
Astaro Overview – Page 22 © Astaro 2007
Email Encryption
En-/Decryption and Digital Signatures for Emails
supports OpenPGP and S/MIME
Completely transparentNo additional Software on Client required
Easy SetupOnly three configuration steps to start
Central Management of all keys and certificates
No key or certificate distribution required
Allows Content/Virus scanning even for encrypted SMTP emails
SMTP
Email in clear text
EmailServer
Encrypted Email
‘snmffdsa gDsfg sdfgdsfgfdg
Fdsg fgsdfgsdfgdsfSfdgsdfdsfgsdfFg fdsgdsfgsdfgDfgdfsgfdsgfdsg
dslsgdsfg
External User
Internal User
Astaro Overview – Page 23 © Astaro 2007
Network Security
Network Security
Web Security
Email Security
VPN Gateway
Firewall
Intrusion Protection
Network Security
Astaro Overview – Page 24 © Astaro 2007
Firewall
Stateful Packet InspectionPacket filtering – inspects packet headers
Stateful packet inspection – tracks events across a session to detect violations of normal processes
Time-based rules and Policy-based routing
Application-Level Deep Packet FilteringScans packet payloads to enforce protocol-specific rules
Security proxies to simplify managementHTTP, FTP, POP3, SMTP, DNS, Socks, Ident
NAT (Network Address Translation) and masquerading
DoS (Denial of Service Attack) protection
Transparent mode eases administration
Astaro Overview – Page 25 © Astaro 2007
Virtual Private Network (VPN) Gateway
Encrypts data to create a secure private communications “tunnel” over the public Internet
Supports IPSec, SSL, L2TP, and PPTP VPNsWindows, Linux, Unix and MacOS x clients
Advanced encryptionSupports all major encryption methods
Many authentication methods
Internal certificate authorityFull Public Key Infrastructure (PKI) support
Supports VPN tunnels based on dynamic IP interface addresses (DynDNS)
Astaro Overview – Page 26 © Astaro 2007
Intrusion Protection
Identifies and blocks application- and protocol- related probes and attacks
Database of over 6,000 patterns and rulesProbing, port scans, interrogations, host sweeps
Attacks on application vulnerabilities
Protocol exploitations
Intrusion detection and preventionNotify administrator, or block traffic immediately
Powerful management interfaceOne click to enable or disable complete rule sets e.g. for email- or webservers
Astaro Overview – Page 27 © Astaro 2007
Astaro Security Gateway Appliances
Astaro Security Gateway 110/120
Astaro Security Gateway 220
Astaro Security Gateway 320
Astaro Security Gateway 425
Astaro Security Gateway 525/525F
Environment Small office/ branch office
Small to Medium business Medium business Medium business,
enterprise division enterprise division
Hardware specs
3 x 10/100 Base-TX ports
integrated HD
8 x 10/100 Base-TX ports
integrated HD
4 x 10/100 Base-TX ports
4 x Gigabit Base-TX port
integrated HD
4 x Gigabit ports – PCI bus
4 x Gigabit ports – PCI Express bus
Hardware acceleration card
integrated HD
Dual Intel Xeon CPU
10 x Gigabit ports – PCI Express bus- 525: 10 x Copper- 525F: 4 x Copper/6 x SFP
Hardware acceleration card
2 integrated HD (RAID1) 1)
2 redundant Power supplies)
Performance FirewallVPNIPS
100 Mbps30 Mbps55 Mbps
260 Mbps150 Mbps110 Mbps
420 Mbps200 Mbps180 Mbps
1,200 Mbps265 Mbps450 Mbps
3,000 Mbps400 Mbps750 Mbps
Astaro Security Gateway SoftwareRuns on Intel-compatible PCs and servers
1) hot-swappable
Astaro Overview – Page 28 © Astaro 2007
Other Astaro Products
Centralized management and real-time monitoring of installations with multiple ASG appliances
Astaro Command Center
Advanced IPSec VPN client with personal firewall and integrated dialer
Astaro Secure Client
Centralized security reporting engine that collects, correlates and analyzes security data and provides a huge portfolio of grafical reports
Astaro Report Manager
Astaro Overview – Page 29 © Astaro 2007
Business Value
Enhance SecurityBlock threats with complete perimeter security
Integrated management reduces human error and increases speed of response
Increase productivityKeep systems, networks and web sites up and running
Increase productivity by blocking spam and inappropriate web surfing
Simplify managementA complete perimeter security solution that is easy to deploy, manage and update, and that scales seamlessly from small offices to large headquarters installations.
Network Security
Web Security
Email Security
Astaro Overview – Page 30 © Astaro 2007
SC Magazine Awards 2007 ‘Best Network Security’ Solution
Voted as finalist by Astaro’s loyal user base
Selected as winner by jury of independent industry experts
Ceremony organized by the UK’s industry leading security publication
Winner of ‘Best Network Security’ Solution category in the 2007 SC Magazine European Awards