NGF Presentation

download report

Transcript NGF Presentation

McAfee Next Generation Firewall June 2014 .

McAfee –

Big Picture of Security .

Next Generation Firewalls –

New Era

Connected NGFW

• • • Connected to end point security Connected to real-time global threat database Connected to advanced breach detection

Advanced NGFWs

• • • Central management for large networks High availability Advanced evasion protection

First NGFWs

• • Inspection Application and user awareness

Traditional FWs

1988 2008 2012 2013 2014 time .

3

Marrying the Network, Security and Admin Requirements

CIO

• Best overall solution to ensure business continuity and protect key assets • Cost effectiveness – good value for money

Networking People

• Service availability • Performance • Managed QoS • Avoidance of any downtime

McAfee NGFW Satisfies all These Needs Administrators

• Holistic network view • Easy-to-use tools and workflow automation

Security Specialists

• Proven protection from malware • Constant security updates and support • Reports and forensics • High granularity .

4

Meeting Various Customer Needs

Datacenters & cloud services Mission critical networks Classified data & IPR Business continuity & applications Multi-location & multi-tenant businesses Financial transactions & assets Superior solution for distributed enterprises looking for comprehensive security, scalability and ease of operations .

5

What Makes McAfee NGFW Different?

Unified Software Core Security Connected Strong Centralized Management High Availability Advanced Evasion Prevention

.

7

Unified Software Core

Flexible Delivery NEXT GENERATION FIREWALL FIREWALL LAYER 2 FIREWALL IPS VPN McAfee MILITAR Y GLOBA L ENTERPRIS E COMMERCIA L SMB SOFT VIRTUAL PHYSICAL Adjustable security level to meet deployment need High performance maintained even with deep inspection .

8

Unified Software Core

NGFW Management in Various Configurations L2FW FW/VPN Adapts to the dynamic business needs – no license renegotiations or forklift upgrade of hardware FW/VPN .

9

Unified Software Core

TCO Effect Typical Cost McAfee More performance needed Change in threat Landscape Security as a business enabler ‘All inclusive’ licensing enables easy budgeting and maintains the long term Total Cost of Ownership flat .

10

Centralized Management

Resource Optimization Initial

Hierarchical Templates And Aliases Policy Validation and Analysis

POLICY TEMPLATE MAIN POLICY

Security Automation with Scheduling

SUB POLICY 1 SUB POLICY 3

Security Automation with Plug and Play

.

High Availability

Native Active-Active Clustering

99 UPTIME .

Internet Node 1 Node 2 Node 3 Node 4 Node 5 Node 6 …16 Mix of hardware and software versions

“I can update a FW cluster without dropping a single packet ” –

McAfee NGFW customer

.

12

High Availability

Multi-Link and Augmented VPNs Distant Site HQ 2 Mbps

MPLS

+ 2 Mbps

ISP A ADSL

+ 2 Mbps

ISP B

= up to 6 Mbps Cost-effective and secure site-to-site connectivity with adjustable resilience and capacity Distant Site .

13

McAfee Security Connected

ePO End-Point Management McAfee GTI Reputation in the Cloud McAfee Antivirus/GAM SMC Advanced Threat Defense Enterprise Authentication ESM SIEM McAfee NGFW Holistic security solution merging network and end-point threats and management together .

14

Advanced Evasion Prevention

Evasions – what, why and when?

Means to disguise an attack Objective to bypass network security devices with no tracks Extremely hard to track Unlimited amount of variations and combinations Most network devices are ineffective

Internet

Security Device A c k t a t Vulnerable Target McAfee NGFW is tested against > 800 million evasions or combinations .

15

Advanced Evasion Prevention

Fundamental Difference Traditional Inspection Architecture McAfee NGFW Stream Based Full Stack Normalization ta ?

ck t a attack !

ck Protocol agents at ta Effectiveness based on all traffic normalization before inspection .

16

Advanced Evasion Prevention

How Easy is an Evasion

1 With Evader getting access to the “protected” network is as simple as: 2 3 Identify Attack Target Select the Evasion Technique

Cisco Palo Alto Networks Check Point Fortinet Juniper SourceFire Tipping Point .

17

Flexible McAfee NGFW Appliance Portfolio

McAfee SMC

1400 Series 3200 Series 5200 Series Same appliance for multiple use-cases Modular hardware Fit from branch office to data center deployments Rugged designs for demanding environment 1000 Series 300 Series 2G 20G 60G 120G One harmonized appliance family protecting investments with hardware modularity and simple licensing .

18

Third Party Recognition

Long legacy with

HIGH AVAILABILITY’

and

early focus on

ANTI EVASION’

2013 NSS Labs test results:

RECOMMENDED VALIDATED

for real world quality, protection, and performance .

19

McAfee Next Generation Firewall Provides

• Adaptability to dynamic enterprise security environment • Operational efficiency and high up-time ensuring business continuity • Holistic ’Connected NGFW’ approach to network security • Efficient protection against Advanced Evasions .

20

.

21