the Presentation

Report
McAfee Next Generation Firewall
and Security Connected Threat Ecosystem
September 2014
.
Firewall Evolution
“Connected” NGFW
Completeness of Security
•
•
•
•
Connected to endpoint security
Connected to SIEM
Connected to advanced threat detection
Connected to real-time global threat database
Performance Enhanced NGFW
• Central management for large networks
• High availability
• Advanced evasion protection
First NGFW
• Inspection
• Application and user
awareness
Traditional FW
1988
2008
2012
2013
2014
.
2
McAfee Delivers the Big Picture of Security
.
3
Benefits
Network Personnel
Security Specialists
• Service availability
• Proven malware
protection
• High performance
• Managed QoS
• Continual security
updates and support
• Minimal downtime
McAfee Next
Generation Firewall
• Detailed reports and
forensics
• Granular policies
Administrators
CIO / CISO / CEO / CFO
• Centralized, holistic
network view
• Ensure business
continuity and protect key
assets
• Easy-to-use tools and
workflow automation
• Complete, cost-effective
security solution
.
4
McAfee Differentiators
Unified
Software
Core
Strong
Centralized
Management
Security
Connected
High
Availability
Advanced
Evasion
Prevention
.
5
McAfee Differentiators
Unified
Software
Core
Strong
Centralized
Management
Security
Connected
High
Availability
Advanced
Evasion
Prevention
.
6
Unified Software Core
Flexible Delivery
NEXT GENERATION FIREWALL
LAYER 2
FIREWALL
FIREWALL
McAfee
MILITARY
IPS
VPN
GLOBAL
ENTERPRISE
COMMERCIAL
SMB
SOFT
VIRTUAL
PHYSICAL
Adjustable security levels support a wide variety of deployment scenarios
Performance levels are maintained even with deep packet inspection enabled
.
7
Unified Software Core
FW / VPN
Enables Multiple Deployment Configurations
IPS
IPS
L2FW
FW / VPN
Reconfigure security effortlessly as requirements change
without license renegotiations or hardware “forklift” upgrades
.
8
Unified Software Core
Total cost
Lower TCO
Typical Cost
McAfee
More performance
needed
Change in threat
Landscape
Security as a business
enabler
“All inclusive” licensing enables easy budgeting for long-term TCO reduction
.
9
McAfee Differentiators
Unified
Software
Core
Strong
Centralized
Management
Security
Connected
High
Availability
Advanced
Evasion
Prevention
.
10
Centralized Management
Resource Optimization
Initial
Configuration
Hierarchical Templates And Aliases
Policy Validation and Analysis
POLICY TEMPLATE
MAIN POLICY
SUB POLICY 1
Security Automation with SchedulingSUB POLICY 2
SUB POLICY 3
Security Automation with Plug and Play
Security
automation
with
plug
andupgrades
play
Security
automation
with scheduling
e.g.
Hierarchical
templates
and
aliases
Policy
validation
and
analysis
.
McAfee Differentiators
Unified
Software
Core
Strong
Centralized
Management
Security
Connected
High
Availability
Advanced
Evasion
Prevention
.
12
Advanced Evasion Prevention
Evasions – what, why and when?
•
Means to disguise an attack
•
Bypass network security
devices leaving no traces
•
Extremely difficult to track
•
Unlimited variations and
combinations
•
Most network security devices
are easily evaded
Internet
Ack ta t
Security
Device
Attack
Ack ta t
Vulnerable
Target
McAfee NGFW is tested against 800 million+ evasions or combinations
.
13
Advanced Evasion Prevention
Fundamental Difference
Traditional Inspection Architecture
attack
?
ta
ck
McAfee NGFW Stream-Based
Full Stack Normalization
Protocol
agents
t
a
ck
at
!
ta
All traffic must be normalized before inspection in order to expose attacks
.
14
Advanced Evasion Prevention
Device Testing
1
With Evader getting access to the
Select the Exploit
“protected”
network is as simple as:
2
Identify Attack Target
3
Select the Evasion
Technique
Cisco
Palo Alto Networks
Check Point
Fortinet
Juniper
SourceFire
Tipping Point
.
15
McAfee Differentiators
Unified
Software
Core
Strong
Centralized
Management
Security
Connected
High
Availability
Advanced
Evasion
Prevention
.
16
High Availability
Native Active-Active Clustering
99
Node 1
.
UPTIME
Node 2
Node 3
Internet
Node 4
Node 5
Node 6
…16
Mix of hardware
and software
versions
“I can update a FW cluster without dropping a single packet” – McAfee NGFW customer
.
17
High Availability
Multi-Link and Augmented VPNs
Distant Site
2Mbps
MPLS
HQ
+
Distant Site
ISP A
2Mbps
ADSL
+
2Mbps
ISP B
=
up to
6
Mbps
Cost-effective and secure site-to-site connectivity
provides adjustable resilience and capacity
.
18
Secure Remote Access
Built-in VPN
Client-based IPsec VPN access
Remote
McAfee NGFW
Corporate HQ
SSL VPN
Portal
• Native IPsec VPN and SSL VPN
connectivity
• Strong encryption protects
sensitive corporate data and
communications
• Outlook web access (OWA) and
intranet access via customizable
SSL VPN Portal
Login: _____
Remote
Clientless access through secure portal
.
19
McAfee Differentiators
Unified
Software
Core
Strong
Centralized
Management
Security
Connected
High
Availability
Advanced
Evasion
Prevention
.
20
McAfee NGFW Security Connected Ecosystem
McAfee ePO
(Endpoint Management)
McAfee GTI
Reputation in
the Cloud
McAfee Next
Generation Firewall
& SMC
McAfee ESM
(SIEM)
McAfee Advanced
Threat Defense
Integrates network, endpoint and global threat information for superior protection
.
21
McAfee ePO
(Endpoint Management)
Security Connected Ecosystem
McAfee ePO Integration
Discover and take action on dangerous or malicious endpoint behaviors
• IP addresses
• Ports
• Login credentials, etc.
Direct links to endpoint log events
.
22
McAfee ESM
(SIEM)
Security Connected Ecosystem
McAfee ESM (SIEM) Integration
Quickly respond to alerts and unusual patterns on your network
}
Sum events and track averages
}
ID
Anomalies
23
Alerts based on deviations
• Unusual user behavior
• Suspicious network activity spikes
• Anomalous communication patterns
.
23
Security Connected Ecosystem
McAfee Advanced
Threat Defense
McAfee ATD Integration
Deep analysis of suspect files exposes zero-day and advanced threats
.
24
Security Connected Ecosystem
McAfee GTI Integration
McAfee GTI
Reputation in
the Cloud
Respond to real-time global
threat information including
insights from McAfee Labs
•
•
•
•
•
•
File reputation
URL reputation
Web categorization
Message reputation
IP reputation
Certification reputation
McAfee NGFW uses file
reputation services from GTI
.
25
Security Connected Ecosystem
How it Works
Less Time to Find,
Freeze and Fix
advanced threats
FIND
FREEZE
FIX
McAfee
SIEM
AV Scan
New File
logs
McAfee
Next Generation
Firewall
McAfee
Advanced Threat
Defense
Malware Warning!
McAfee
ePolicy Orchestrator
McAfee
Global Threat
Intelligence (GTI)
.
26
McAfee Next Generation Firewall Appliances
Highly Flexible Deployment
5200 Series
McAfee SMC
3200 Series
•
Same appliance adaptable
for multiple use-cases
•
Modular hardware
•
Scale from branch office to
data center deployments
•
Rugged designs for
demanding environments
1400 Series
1000 Series
300 Series
4G
20G
60G
120G
One harmonized appliance family
protects investments with hardware modularity and simple licensing
.
27
Third Party Recognition
“Long legacy with HIGH AVAILABILITY”
“Early focus on ANTI-EVASION”
RECOMMENDED by NSS Labs
VALIDATED for real world quality, protection
and performance
.
28
McAfee Next Generation
Firewall Benefits
• The best protection for your
business and digital assets
• Adapts easily to your security needs
• Scales effortlessly with your
growing business
• Optimizes productivity of employees
and customers
• Lowers TCO for both security and
network infrastructure
.
29
.
30

similar documents