Firewall


Firewall

Firewall: Next Generation
UTM & VPN Solutions


'Next-Generation Firewalls' are high performing, unified threat management platforms (UTM) that offer deep packet inspection for network, application, data content.

They enable organisations to enforce policy and identity based access control the networks, applications and data.


Provide compliance level forensics and granular enterprise audit reporting.






> Go beyond traditional firewalls with web and application aware security that blocks known and unknown attacks, enforces corporate policy for network and data access.

> Secure dynamic perimeters across cloud and hybrid environments

(vCloud, Amazon AMS, Microsoft Azure...)

> Create invisible infrastructures

> Real-time view of  your data, network, endpoint activity

> Protects web applications processing sensitive data in financial services, healthcare, e-commerce and other industries

> Prevent data leakage (DLP)

> Scan all inbound and outbound traffic, including SSL / HTTPs encrypted communications

> Create secure BYOD gateways for secure connectivity, application, content and user management

> Protection from targeted and unknown threats (ATPs)

> Security for any size data centre and enterprise edge






Choose Coverage / Preferred Platform Type


> Appliance
> Software (SDN)
> Virtual
> Managed Service
> Public Cloud API


Firewall Classes
  • Carrier Grade
  • Enterprise Data Centre
  • Blade Technology
  • Branch / Remote Office, SMB (small office / home)





Key Firewall Security Features


Delivering multi-layered security that scales from small-medium business appliances to multi-gigabit data center platforms.



> Secure VPN access  
(secure, encrypted connection)

> Load balancing  

(services, applications, servers)

> Bandwidth QoS 

 (Quality of Service)

> Traffic shaping 

 (Dedicated bandwidth to business critical apps)

> Anti-virus


> Intrusion prevention system (IPS)



> Sandboxing

> Application control

> Web filtering


> Anti-Spam

> SIP / VOIP security


> Wireless network security


> Mobile workforce security


> BYOD access control






Solution Features & Benefits



High Performance Firewall


Make sure your security gateway / firewall solution is not a bottleneck for traffic flow.

Solution throughput speeds upto 1.12Tbps utilising multi-core accelerated processors for processing /  inspection for all application traffic, accelerate encryption and decryption of network traffic for both SSL VPN and IPSec simultaneously.

 

 

Application Control


> Application and user visibility

Graphical Visibility on which applications are being accessed within the organisation and by which user, irrespective of their ports and protocols.

Based on network access policies, users and their job roles, and time, it offers application control to organizations to accelerate business-critical applications, stagger non-critical applications, selectively accelerate socio-business applications and block undesirable applications to achieve the twin goal of Application QoS and optimal bandwidth utilisation
.



> Deep scan HTTPS-based applications

  • Prevents latent security threats from HTTPS based requests from entering network
  • Scans FTP and encrypted HTTPS / SSL traffic in addition to guarding against web application vulnerabilities which are exploited to launch backdoor, zero-hour attacks.


> User and time-based controls for application access

  • Controls usage of social applications Eg., Facebook, YouTube, iTunes, gaming, BitTorrent based on Time and Layer 8 Identity-based policies.


> Data leakage prevention

  • Block file transfer over webmail like Gmail and Yahoo, file sharing via P2P applications.


Intrusion Prevention (IPS)

Enable full IPS protection while maintaining performance

IPS securing organisations against intrusion attempts, malware, Trojans, DoS and DDoS attacks, malicious code transmission, backdoor activity and blended threats.

Using hardware acceleration dedicated processing and memory for content inspection, as well as networking, security and management, provides the hardware acceleration necessary for predictable IPS performance.

Signature-based Intrusion Prevention System carries thousands of automatically updated signatures, enabling protection against the latest vulnerabilities.




Modern attackers are increasingly using targeted and new unknown variants of malware, zero-day exploits, and Advanced Persistent Threats (APTs) to sneak past traditional security solutions. Sandboxing identifies new malware in minutes. By executing suspect files in a virtual environment and observing their behaviour, even if the malware sample has never been seen before.


Remote Access / VPN

> Connect Offices, Secure Remote Worker Access with VPN

(Virtual Private Network)

IPSec VPN, L2TP, PPTP and SSL VPN over the Next-Generation Firewall, providing secure site-to-site and secure remote access for organisations.

Works with all third party VPNs, making it compatible with existing network infrastructures and providing secure access with remote workers, partners, suppliers and customers.



> Context & Identity-Based Access


Access control permitted based on policies linked to users identity and work based profiles; for employees, partners, customers. 
Control over ‘Who is allowed to accesses what’ .



> On-appliance SSL VPN



Decryption

> Identify & control encrypted traffic

Take control of your SSL and SSH encrypted traffic and ensure it is not being used to conceal unwanted activity or dangerous content. Using policy-based decryption and inspection, you can confirm that SSL and SSH are being used for business purposes only, instead of to spread threats or unauthorised data transfer.

> HTTPS (SSL) encryption offloading

  • Secures encrypted (SSL) connections
  • Improves performance of SSL traffic by reducing latency of SSL traffic with its SSL offloading capabilities.



> Control and visibility over HTTP & HTTPs websites

 

> Boost Productivity 


The most comprehensive URL content filtering databases with millions of URLs grouped into 89+ categories.

Blocks access to harmful websites, preventing malware, phishing, pharming attacks and undesirable content that could lead to legal liability and direct financial losses.

  • Blocks third-party proxy and tunnelling software
  • Blocks Google cache pages  
  • Blocks embedded URLs in websites   
  • Enforces ‘safe search’ in search engines   
  • Blocks malware, phishing, pharming URLs   
  • Blocks Java Applets, Cookies, Active X

> Visibility into encrypted HTTPS Traffic

  • Prevents unauthorised file upload and download over HTTP and HTTPS
  • Blocks unauthorised, malicious and illegal HTTPS websites 


> Endpoint Web protection


Protect your desktops and laptops, you can extend your UTM web protection and policy enforcement to your endpoints.



Web Server Protection

> Web Application Firewall

Do you host your own websites or offer Exchange, Lync, FTP or any other kind of service to your external users? If you do, you need a full-featured reverse proxy with web application firewall, SSL offloading and authentication.

Our Web Server Protection does all this and more to stop attacks, prevent data loss and help you meet compliance regulations.

Not only are web applications vulnerable to attack, they are attractive targets for hackers because they often have direct connectivity with one or more databases containing sensitive customer and company information.

Secure websites and Web-based applications in organisations against attacks such as SQL injection, cross-site scripting (XSS), URL parameter tampering, session hijacking, buffer overflows, and more, including the OWASP Top 10 Web application vulnerabilities.




> HTTPS (SSL) encryption offloading

  • Secures encrypted (SSL) connections
  • Improves performance of SSL traffic by reducing latency of SSL traffic with its SSL offloading capabilities


DNS Traffic Intelligence

DNS traffic exists in nearly every organisation, creating an overwhelming ocean of data security teams often ignore, or do not have the tools to properly analyse. Knowing this, cyber attackers are increasingly abusing DNS to mask their command-and-control (C2) activity in order to deliver additional malware or steal valuable data. Malicious domain names controlled by attackers enable the rapid movement of command-and-control centres from point to point, bypassing traditional security controls such as blacklists or web reputation.



> Anti-Virus

Gateway Anti-Virus and Anti-Spyware solution offers web, email and Instant Messaging security against malware, including viruses, worms, spyware, backdoors, Trojans and keyloggers.

Anti-virus is tightly integrated with IPS, Web Filtering and Anti-Spam, securing organisations against blended attacks and maintaining high levels of security.



Malware scan over incoming and outgoing traffic:

  • Virus, worm, Trojan detection and removal 
  • Spyware, malware, phishing protection 
  • Scan and deliver by file size 
  • Block by file types 
  • Multiple protocol support: HTTP, HTTPS, FTP, IM, P2P, SMTP, POP3, IMAP, VPN tunnels 
  • Millions of signatures in database 
  • Half-hourly signature updates

> Anti-Spam

Offers real-time spam protection over SMTP, POP3, IMAP protocols, protecting organisations from zero-hour threats and blended attacks that involve spam, malware, botnets, phishing, Trojans and more. 
  • Quarantines malware-infected mails  
  • Sends Spam Digest to users 
  • User right to check quarantine mails
  • Identify spammer source – email addresses of spammers

> Zero-Hour Protection

Behavioral and anomaly,  Signature-less protection. 



> Data Filtering

Identify and control the transfer of sensitive data patterns such as credit card numbers, social security numbers or custom data patterns in application content or attachments.

Control the flow of a wide range of file types by looking deep within the payload to identify the file type (as opposed to looking only at the file extension), to determine if a file transfer is allowed by your policy. This enables you to do things like approve a specific webmail application like Gmail, and allow attachments, but block the transfer of specific file types.




Bandwidth QoS

> Quality of Service

Bandwidth control prioritises business-critical applications preventing congestion, bandwidth abuse and optimising bandwidth.


Multiple Link Management / Line Aggregation

  • Multiple Link Management supports WAN redundancy and delivers assured WAN availability and reliable connectivity. 
  • Automatically distributes traffic over multiple links




3G / 4G / Wireless Connectivity

Set up, manage and secure wireless networks in just minutes with the UTM’s built-in wireless controller that works with our full range of wireless access points.

Wireless WAN connectivity enables organisations to implement high security levels in remote locations which may not have wireline connectivity. Automatic failover from wire-line to wireless WAN links ensures high availability in WAN connectivity.

Create:

  • Multiple WiFi Zones
  • Enable BYOD
  • Reliable High-Speed Wireless
  • Mobile Network Access Control
  • Guest WiFi Hotspots 
  • Secure Encryption



Mobile Workforce Security

Extend your business applications and data security to smartphones, tablets and laptops from your firewall gateway.

> Manage Mobile Devices

Ensure devices are safely enabled by configuring the device with proper security settings. Simplify deployment and setup by provisioning common configurations.

> Mobile Device Malware Protection

Protect the mobile device from exploits and malware. Protecting the device also plays an important role for protecting the data as well, because data is not safe on a compromised device.

> Mobile Data Control

Control access to data and control the movement of data between applications. Establish policies that define who can access sensitive applications, and the particular devices that can be used.


Dashboard Management

> Single Pane of Glass



> Centralised, Visibility and Control

Single pane of glass management and centralised analysis ensure consistent policy creation and enforcement across your physical and virtual networks.

Traffic visibility and more consistent, granular control over users, devices, applications and sensitive data.
 

> Network Integration Support

  • Support numerous network design requirements other networking devices (routing, multi-casting and network resiliency protocols).
  • Administrators can also configure interfaces for VLANs, VLAN trunks, port aggregation and sniffer mode.

> Identity & Access Control

  • Support both local and remote authentication services such as LDAP, RADIUS and TACACS+ to identify users and apply appropriate access policies and security profiles accordingly.
  • Also provide seamless users authorisation experience with various single sign-on capabilities.
  • Some models include PKI and certificate-based authentication services and also integrates an internal two-factor token server for additional security. 

> Policy Management

It is common in service provider and data center networks to have hundreds, if not thousands of security policies.

Detailed configuration audit trail is supported and can reside externally for secured storage.



> Role-Based Firewall Administration

Access profiles can be defined to provide granular access to virtual domains and system functionalities. This is key for addressing enterprise-class or complaint security requirements.

> IPv6 Support

Security for both IPv4 and IPv6 traffic will be crucial to the success of mixed networks. Malware and network threats are independent of IPv4 or IPv6.

Enable safe application enablement policies across IPv6, IPv4 and mixed environments.

Solutions certified with “IPv6 Ready”.




  • Supports regulatory compliance requirements of CIPA, HIPAA, PCI DSS, GLBA.
  • Faster production of Audit reports.
  • Instant identification of the source or destination endpoint under attack or perpetuating an attack .
  • User-based Analysis, Reporting and Forensics.


Firewall Platform Options

> Chassis-Based Appliances

The chassis enables the flexible system to scale effortlessly and with little disruptions by allowing blades to be hot swapped according to desired requirements.
  • 40 Gbps Backplane
  • 4U, 5U, 13U
  • Support the plug in of anything from 2 to 16 blades
  • Chassis that contains two redundant hot swappable DC Power supplies


> Enterprise Class Appliances

Max throughput up to 40 Gbps (note that actual firewall performance and power consumption depends on the actual load and application support needed from the appliance(s).



> Virtual | SDN & Cloud Ready Firewalls

Security for the Cloud, Data Center and Software Defined Networks

Few organisations use 100% hardware or 100% virtual IT infrastructure today, creating a need for both hardware appliances and virtual appliances in your security strategy.

Virtual firewall solutions typically feature all of the security and networking services common to traditional hardware-based appliances.


Automation features and an API enable you to dynamically update security policies as your VM environment changes, eliminating potential security lag.

The VM-Series supports the following hyper-visors:

> VMWare (ESI, VSphere, NSX)
> Citrix SDX
> Linux KVM (Centos/RHEL)
> Ubuntu
> vCloud
> Amazon Web Services
> Microsoft Azure





Contact us today to discuss your requirements in more detail.



+44(0)7714 209927

+44(0)1273 329753

info@securenetconsulting.co.uk