Mc Afee Next Generation Firewall June 2014 Mc

Mc. Afee Next Generation Firewall June 2014.

Mc. Afee – Big Picture of Security . 2

Next Generation Firewalls – New Era Connected NGFW Completeness of security • • • Connected to end point security Connected to real-time global threat database Connected to advanced breach detection Advanced NGFWs • • • Central management for large networks High availability Advanced evasion protection First NGFWs • • Inspection Application and user awareness Traditional FWs 1988 2008 2012 2013 2014 time. 3

Marrying the Network, Security and Admin Requirements CIO • Best overall solution to ensure business continuity and protect key assets • Cost effectiveness – good value for money Networking People Security Specialists • Service availability • Proven protection from malware • Constant security updates and support • Reports and forensics • High granularity • Performance • Managed Qo. S • Avoidance of any downtime Mc. Afee NGFW Satisfies all These Needs Administrators • Holistic network view • Easy-to-use tools and workflow automation. 4

Meeting Various Customer Needs Datacenters & cloud services Mission critical networks Classified data & IPR Multi-location & multi-tenant businesses Business continuity & applications Financial transactions & assets Superior solution for distributed enterprises looking for comprehensive security, scalability and ease of operations. 5

What Makes Mc. Afee NGFW Different? Unified Software Core Strong Centralized Management Security Connected High Availability Advanced Evasion Prevention. 7

Unified Software Core Flexible Delivery NEXT GENERATION FIREWALL LAYER 2 FIREWALL Mc. Afee MILITAR Y IPS VPN GLOBA L ENTERPRIS E COMMERCIA L SMB SOFT VIRTUAL PHYSICAL Adjustable security level to meet deployment need High performance maintained even with deep inspection. 8

Unified Software Core NGFW Management in Various Configurations FW/VPN IPS L 2 FW IPS FW/VPN L 2 FW FW/VPN Adapts to the dynamic business needs – no license renegotiations or forklift upgrade of hardware. 9

Unified Software Core Total cost TCO Effect Typical Cost Mc. Afee More performance needed Change in threat Landscape Security as a business enabler ‘All inclusive’ licensing enables easy budgeting and maintains the long term Total Cost of Ownership flat. 10

Centralized Management Resource Optimization Hierarchical Security policies are based Initial Policies Configuration on templates Hierarchical Templates And Aliases Policies follow template changes automatically Policy Validation Analysis Main policy can and jump to sub-policies to share policies Security. Ability Automation with between firewalls POLICY TEMPLATE MAIN POLICY SUB POLICY 1 Scheduling. SUB POLICY 2 SUB POLICY 3 Security Automation with Plug and Play Security automation with plug andupgrades play Security automation with scheduling e. g. Hierarchical templates and aliases Policy validation and analysis.

High Availability Native Active-Active Clustering 99 Node 1 . UPTIME Internet Node 2 Node 4 Node 3 Node 5 Node 6 … 16 Mix of hardware and software versions “I can update a FW cluster without dropping a single packet” – Mc. Afee NGFW customer. 12

High Availability Multi-Link and Augmented VPNs Distant Site 2 Mbps HQ + MPLS Distant Site ISP A 2 Mbps + 2 Mbps ADSL ISP B = up to 6 Mbps Cost-effective and secure site-to-site connectivity with adjustable resilience and capacity. 13

Mc. Afee Security Connected e. PO End-Point Management Mc. Afee GTI Reputation in the Cloud Mc. Afee Antivirus/GAM SMC Enterprise Authentication Advanced Threat Defense ESM SIEM Mc. Afee NGFW Holistic security solution merging network and end-point threats and management together. 14

Advanced Evasion Prevention Evasions – what, why and when? Means to disguise an attack Objective to bypass network security devices with no tracks Extremely hard to track Unlimited amount of variations and combinations Most network devices are ineffective Internet Ack ta t Security Device Attack Ack ta t Vulnerable Target Mc. Afee NGFW is tested against >800 million evasions or combinations. 15

Advanced Evasion Prevention Fundamental Difference Traditional Inspection Architecture ? ta ck Mc. Afee NGFW Stream Based Full Stack Normalization attack Protocol agents t a ck at ! ta Effectiveness based on all traffic normalization before inspection. 16

Advanced Evasion Prevention How Easy is an Evasion 1 With Evader getting access to the Select the Exploit “protected” network is as simple as: 2 Identify Attack Target 3 Select the Evasion Technique Cisco Palo Alto Networks Check Point Fortinet Juniper Source. Fire Tipping Point . 17

Flexible Mc. Afee NGFW Appliance Portfolio Same appliance for multiple use-cases 5200 Series Mc. Afee SMC 3200 Series Fit from branch office to data center deployments 1400 Series Rugged designs for demanding environment 1000 Series 300 Series 2 G Modular hardware 20 G 60 G 120 G One harmonized appliance family protecting investments with hardware modularity and simple licensing. 18

Third Party Recognition ‘Long legacy with HIGH AVAILABILITY’ and ‘early focus on ANTI-EVASION’ 2013 NSS Labs test results: RECOMMENDED VALIDATED for real world quality, protection, and performance . 19

Mc. Afee Next Generation Firewall Provides • Adaptability to dynamic enterprise security environment • Operational efficiency and high up-time ensuring business continuity • Holistic ’Connected NGFW’ approach to network security • Efficient protection against Advanced Evasions . 20

. 21