Network

Firewall

McAfee

internet-security-it-infovieManaging and properly securing large networks is key to enterprise operations. It is a constant struggle to keep up with the myriad points of intrusion and weaknesses, and hackers are working just as hard. Fortunately, in addition to offering improved feature sets, new technology constantly seeks to make using these features more streamlined. The system integration of the new firewall begins with McAfee ePolicy Orchestrator. Through this, the firewall observes endpoint security and, with the help of the Enterprise Security Manager and Advanced Threat Defense solution, responds to most threats faced by networks. This includes mutating malware, botnets and zero-day attacks, among others.Keeping the network informed of traffic using the firewall is the foundation of McAfee’s security solution. However, the Next Generation Firewall also does some of the heavy lifting by monitoring and inspecting possible threats; this will certainly save some processing power.

McAfee’s new firewall is supported on x86 architectures and VMware ESX/KVM platforms. The device can act as a firewall on either layer 2 or layer 3 networks. It also supports an IPS (intrusion prevention system) mode.

Checkpoint

The Check Point Next Generation Firewall extends the power of the firewall beyond stopping unauthorized access by adding IPS and Application Control protection. Next Generation Firewalls come in many sizes and offer throughput of up to 110 Gbps.With perimeters no longer well-defined and threats growing more intelligent every day, we need an architecture combining high-performance network security devices with real-time proactive protections for north-south and east-west traffic. Checkpoint enforcement points provide the flexibility to custom fit security enforcements in the modern enterprise. Checkpoint provides customers of all sizes with the latest data and network security protection in a single integrated next generation firewall platform, reducing complexity and lowering the total cost of ownership. Whether you need next generation security for your data center, enterprise, small or home office, Check Point has a solution for you.

Malware analysis (Advanced persistent threats)

Fire Eye

An important part of preventing and detecting future cyber attacks is analyzing current ones. Using malware analysis tools, cyber security experts can analyze the attack lifecycle and glean important forensic details to enhance their threat intelligence.Malware Analysis (AX series) products provide a secure environment to test, replay, characterize, and document advanced malicious activities. Malware Analysis shows the cyber attack lifecycle, from the initial exploit and malware execution path to callback destinations and follow-on binary download attempts.The FireEye Adaptive Defense approach to cyber security delivers technology, expertise, and intelligence in a unified, nimble framework. Adapt your security architecture to prevent today’s cyber attacks and avert their worst effects.

Application Delivery Controller

A10 Networks

A10 Networks® Thunder® ADC product line of high-performance, next-generation application delivery controllers enable customers’ applications to be highly available, accelerated and secure. Thunder ADC is premium ADC product line, delivering up to 153 Gbps of throughput in a single appliance or 1.2 Tbps of throughput in a cluster, the broadest range of form factors (physical, virtual and hybrid), and with expanded system resources designed to support future feature needs.

The A10 Thunder ADC product line is built upon A10’s Advanced Core Operating System (ACOS®) platform, with our Symmetric Scalable Multi-Core Processing (SSMP) software architecture that delivers high performance and a range of deployment options for dedicated, hosted or cloud data centers.

SIEM

McAfee / NetIQ Sentinel

When a corporate network is breached, the time between the attack occurs and when the incident response team responds can make the difference between protecting the organization’s most vital data and having embarrassing corporate emails splashed across the Internet and read on the evening news. Security Information and Event Management (SIEM) software, when correctly configured and monitored, can play a significant role in identifying breaches as they’re happening. When considering solutions, the SIEM stands out, especially because it is able to respond to diverse needs of an enterprises security infrastructure. The enterprise can deploy an SIEM for two primary use cases.

Threat Management – using the SIEM to detect, evaluate, escalate and mitigate threats

Compliance – using the SIEM to process large amounts of data and producing compliance analytics

SIEM for Threat Management

Organizations that are serious in preventing information security attacks on their wide enterprise network need to look for the following features:

  • Real-time monitoring of attacks, preferably participating in detection
  • Collecting, processing, implementing and collaborating on threat intelligence
  • Effectively managing data, events, logs and providing actionable reporting frameworks
  • Providing an incident handling facility
  • Protecting privacy of data collected
  • Leveraging on skills that are required for quality threat correlation
  • Effective and timely implementation of the solution

Network DLP

WebSense / McAfee

Many organizations invest in security products that focus purely on the incoming traffic with little or no visibility on the outgoing traffic. As a result, organizations are often not aware of the risk they might be susceptible to. DLP solutions can rectify this issue by providing the business visibility to information that leaves the organization as well as exposing bad business processes.

Organizations today need to fully comply with state and sector specific legislation. Compliance regulation is also due to expand in the next years as more rules are in the process of approval. One being the EU Data protection directive which requires organizations to report on data breaches within 24 hours. Whilst a DLP solution on its own cannot make organizations compliant, it can definitely assist them in achieving an understanding of what data is leaving the organization, where is it going and where it is being stored. Many organizations currently use DLP to comply with the Data Protection Act, PCI-DSS and Healthcare regulations such as HIPAA-HITECH. If organizations fail to comply, large fines can be imposed.

Traditional security solutions were designed to allow or block based on source, destination and channel. Today, with the dynamics of the web and social media, this approach can affect an organization’s ability to adopt new communications channels. Many organizations still block social media sites and personal webmail sites as they are afraid it will affect their security, however in many cases there will be exceptions to those policies for specific users or departments. DLP solutions can provide an alternative by allowing the organizations to say “Yes” to social media and personal email and other channels, but with ability to control the content posted to those destinations. This allows organizations to be more flexible but still stay secure.

Organizations are focused on incoming traffic and trying to detect malware and hacking attempts. However, according to 2013 Verizon Data Breach Investigations report, in 66 per cent of cases, breaches weren’t discovered for months — or even years. The assumption now is that once the attackers are inside the network they will try to steal data (few years ago they would “just” harm the network). DLP solutions can assist in detecting large amounts of data going out of the network, as well as offering the ability to detect unrecognized encryption, password files and more.

Taking into account these factors, organizations can benefit from DLP solutions in various ways and should view it as an investment. Organizations simply cannot overlook DLP technology and procedures – it is vital to protecting sensitive data, maintaining the trust of your customers and your edge in the market.

Discover and protect sensitive data wherever it lives – on endpoints, in the Cloud or on premise. Secure personal data and intellectual property. Meet compliance use cases quickly with custom or out-of-the-box policies, applying unique capabilities as part of a comprehensive Data Theft Prevention (DTP) solution.

Endpoint:

Host based DLP

Endpoint Protector from Cososys / McAfee / Websense

Enterprises face dire consequences due to user behavior at endpoints, which puts confidential data at risk. A Host Data Loss Prevention monitors and prevents risky user behavior that can lead to a sensitive data breach. This protection works across networks, through applications, and via removable storage devices. You’re in control whether users are in the office, at home, or on the move.

Data transfer methodology — Host Data Loss Prevention controls how you transfer data over the network, use it in applications, and copy it to removable storage devices.

Data protection regardless of format — Protect data in any format, even if it’s modified, copied, pasted or compressed

Controlling data sent to removable storage — Prevent data from being written to USB drives, iPods, and other removable storage devices, and stop data loss from endpoints by monitoring and preventing risky user behavior.

Centralized management console — Managing Host Data Loss Prevention allows you to define and manage data protection policies, deploy and update agents, monitor real-time events, and generate reports to meet compliance requirements, all from the centralized management console.

IRM (Information Rights Management)

Checkpoint Capsule

Most organizations today either opt to not protect documents at all, or protect them using basic password protections. Besides having to remember them, the downside of passwords is that once someone has them, they have access to that document forever.Sharing documents with coworkers, partners, and customers is a daily activity in business today. On average, sensitive data is sent outside organizations every 49 minutes.Almost 85% of organizations have used Dropbox to share business documents. Think about the several means of sharing data today and number of security gaps they leave. Sensitive documents get attached to emails, shared on cloud sharing sites, transferred via FTP or put on USB thumb drives and exchanged every business day. Once a document leaves the organization, there is typically no insight or control over WHO is accessing it and HOW else it is being shared.Check Point Capsule provides a complete document security solution. Users establish security when they create documents. They can encrypt sensitive documents, as well as define who can access that document and what they can do with it.Authorized recipients can seamlessly access and use documents without the need to remember passwords. On premise management enables organizations to verify and audit who has shared documents, review usage history, and remotely revoke access. Check Point Capsule also provides document tracking and controls throughout the document’s lifespan. Documents can be shared with confidence, because security follows the document wherever it goes throughout its life.

The mobile revolution is here. The global mobile workforce is set to increase to 1.67 billion in 2018, accounting for 41.8% of the global workforce according to Strategy Analytics.Usage patterns between corporate disciplines and personal freedoms are blurring quickly. Proactively protecting your organization by securing the mobile workforce is becoming more important.IT needs to secure the mobile network, protect against mobile device attacks and infections that are becoming more prevalent, and protect their organization’s documents both now and in the future.Check Point Capsule combines all these protection capabilities in a single integrated solution. Check Point Capsule creates a secure mobile environment that protects mobiledevices from threats everywhere and secures business documents wherever they go.Finally, a solution that offers complete mobile freedom without compromising security.

Full disk Encryption

Winmagic / Sophos / McAfee

The most common reason for implementing FDE is the threat of a laptop or mobile device being lost or stolen by an attacker who wants to gain unauthorized access to sensitive data on the system.For a few years, there seemed to be numerous media reports of stolen or lost laptops, each of which contained millions of unprotected customer records. These were treated as full-fledged data breaches because no one could know if the sensitive data had been accessed by the attackers or not. A single data breach can cost an organization millions of dollars in recovery costs and damage its reputation.As a result of these breaches, it became a no-brainer to install FDE to protect sensitive data on laptops. That way, if a laptop is lost or stolen, the data can be considered safe because the device is protected by FDE. This helps organizations prevent data breaches and avoids the announcement of stolen and lost laptops by the media.Many organizations have extended this fundamental principle — protecting sensitive data using FDE — so they use FDE on all laptops (and in some cases, desktops) because they are not 100% sure which devices contain sensitive data and which don’t. This is a surprisingly common and complex problem that requiring FDE use on all laptops addresses relatively easily and cheaply.

Application performance management

NetIQ App manager

Operational complexity within IT is increasing. BYOD, IaaS, PaaS, even consumer-level cloud-based services are rolling in the door, and IT has to effectively manage everything from legacy mainframes and traditional multi-tier application servers to ad hoc systems and personally owned mobile devices, while having less control over the environment and endpoints than ever. At the same time, tolerance for downtime is decreasing, the cost of service slowdowns and interruptions is increasing, and the resources dedicated to manage the entire, complex, heterogeneous environment are flat at best. You don’t have to have a crystal ball to see that this is a recipe for disaster.

Today’s network managers are responsible for more than bandwidth and connectivity.They are accountable for the network impact on applications and the users that rely on them -employees, customers, partners and vendors. That’s no small task in today’s complex network environments. And while network and applications performance once applied only to the LAN, now the same network managers have the WAN to think about.This comes at a time when application performance has become more critical than ever.When applications are mission-critical and tied to revenue streams, compliance, inventories and customer support, application performance on the network has significant bottom-line impact. Certain applications, like VoIP, cannot tolerate any performance delays, and require extra attention to ensure their success.

Application performance management is quickly becoming an undisputed requirement for managing today’s networks. By a panoramic view across the enterprise network, issues can be identified faster, bandwidth can be better allocated, application performance by Class of Service can be monitored, better planning for network upgrades and new applications can occur—with a host of other advantages. Application performance management is recognized as a key component in WAN optimization, helping businesses get the best possible performance from new or existing networks.

Data Center Security

Symantec Data Center Security

Symantec™ Data Center Security enables organizations to harden their physical and virtual servers as well as their private clouds; continuously monitor the security and compliance posture of their on-premise data centers, public clouds, and private clouds; protect legacy infrastructure from zero-day threats and new vulnerabilities, securely transition into software-defined data centers; and enable micro segmentation to deliver application-centric security. It offers Agentless network-based threat detection and protection (Network IPS).Operations Director delivers out-of-the-box security intelligence and automates policy-based security orchestration within the Symantec Data Center Security product family, enables application-centric security services, and seamlessly integrates with VMware NSX to extend security policy orchestration to third party security tools. Unified Management Console (UMC delivers a consistent management experience across Data Center Security products.