clavister neteye amp neteye cloud
play

Clavister NetEye & NetEye Cloud. Version: 2019Q2 Encryption - PowerPoint PPT Presentation

Clavister NetEye & NetEye Cloud. Version: 2019Q2 Encryption does 80 % of pages loaded in Chrome on Windows are not mean content HTTPS, up from 69% last year . is SAFE. - GOOGLE'S HTTPS ENCRYPTION TRANSPARENCY REPORT DEC 18


  1. Clavister NetEye & NetEye Cloud. Version: 2019Q2

  2. Encryption does ” 80 % of pages loaded in Chrome on Windows are not mean content HTTPS, up from 69% last year .” is SAFE. - GOOGLE'S HTTPS ENCRYPTION TRANSPARENCY REPORT – DEC 18 High risk that threats enter the > 50% of all perimeter via network attacks secure hide in SSL transactions. GARTNER MENU MENU

  3. End-user Security Firewall Virtual Firewall • Therefore end-point security clients are always Central Management must haves in combination with a perimeter Identity Management firewall. VPN Tunnel ion otectio Prot Headquarters ser Pr End-Use Windows and macOS endpoint End security clients Remote worker Branch offices VPN Clients MENU

  4. End-user Security Firewall Virtual Firewall • Therefore end-point security clients are always must Central Management haves in combination with a perimeter firewall. Identity Management • However … not all clients are supported VPN Tunnel • Administration and management are challenges ion otectio Prot Headquarters ser Pr End-Use Windows and Mobile? IoT? Linux? macOS endpoint End security clients Remote worker Branch offices VPN Clients MENU

  5. How about SSL Inspection? Enabling SSL Inspection has a 60% - 80% drop in the average throughput on NGFWs with the functionality built in. NSS LABS – JULY 18 • Expensive • Complex nspection • Low QoS Headquarters L Insp Windows and macOS endpoint SSL SS security clients Remote worker Branch offices VPN Clients MENU

  6. A new approach required - Advanced Threat Protection • A complementary appliance – virtual or hardware Secure Web Server • Selective traffic routed ion Threat Protectio through • SSL Decryption Headquarters • Multiple scanning Advanced Th Windows and macOS endpoint engines security clients • Cloud Sandboxing Adv Remote worker Branch offices VPN Clients applied if needed MENU

  7. • Advanced Threat Protection • Integrated SSL Inspection with anti-virus scanning up to 2000 Mbit/s of Web traffic! • Cloud Sandboxing for controlled detonation • Complementary to any firewall! High-end appliance empowering enterprises and multi-site organizations screen encrypted traffic for threats.

  8. • Advanced Threat Protection as-a- Service Clavister NetEye Cloud • Traffic sent to the cloud securely via IPSec tunnels (and back) Secure Web Server • Full SSL Inspection and multiple malware scanning engines • No additional HW on-site required On-demand SSL Inspection with minimum impact on your firewall

  9. Clavister Clavister NetEye Cloud Sandbox Cloud • Suspic icious executable files files scanned by NetEye that need more investigation are send to Clavister Sandbox Cloud • Windows environment used for con ontrolle led deton onation • Im Impact analy lysis is and reporting back to administrator • Run as-a-Service, no o on on-sit ite HW HW required Controlled detonation outside the secure perimeter

  10. Secure Web Server Whats included? Management Logs • Managed solution Customer has no no access to NetEye instance • Logs/analyze in InCenter Clients

  11. Integrated Reporting in InCenter. • Clavister InCenter Cloud license included with each Clavister NetEye • Analytics combined with Clavister NetWall and other Clavister products Integrated Holistic Security Analytics

  12. Certificates / / Man-in in-the-Middle Secure Web Server • Act as Back-2-Back User Agent • Client needs to install same cert as managed by NetEye • NetEye not visible for client

  13. Setup appliance/virtual If NAT, it should be after NetEye. If not, log will not be • FW is responsible to route traceable to specific traffic to NetEye. Log IP 88.3.4.23 client Src 10.0.0.30 • NetEye works on L3 (L2 is supported for specific cases) NAT • Any FW works! • NetEye will have its own white/blacklists • Only defined ports will be decrypted • Route web traffic to NetEye • Only define ports will be scanned • Whitelist via FQDN PBR (all decrypted) • Save throughput for trusted destination • • Ex: YouTube, Microsoft, Twitter etc White/blacklist • Applications that dont work man-in-the-middle • Traffic can be bypassed • Health/Finance (WCF) Client • Etc IP 10.0.0.30 • Support will guide customer with these steps (if FW is Clavister)

  14. Setup Clo loud • Same decisions in FW IP 104.2.42.4 • Traffic is sent in IPsec tunnel to NetEye instance in cloud • Traffic is NOT sent back to FW again IP 88.3.4.23 • NAT Different IP addresses from same client • Localized to where cloud platform is available Same routing decisions Client IP 10.0.0.30

  15. Could be hours… Sandbox Admin Threat! HTTPS Encrypt Check cache? Decrypt .exe HTTP Web Server Client migh ight be infected Has file been scanned before (compare checksum)? -> If NO, send to sandbox AN AND Client

  16. Clavister NetEye. Clavister NetEye Advanced Threat Protection SKU Platform Model SSL Performance Interfaces Connect Protect Prevent Clavister NetEye 50 Virtual NE-50V 50 Mbps Antivirus Scanning Clavister NetEye 100 Virtual NE-100V 100 Mbps SSL Traffic Inspection Clavister NetEye 250 Virtual NE-250V 250 Mbps Sandboxing Clavister NetEye 500 Virtual NE-500V 500 Mbps Clavister NetEye 8000 Rack Appliance NE-8000 2 CPU, 20 Core each, 16GB 500 Mbps 1 x RJ45 Modules SKU Ram 4 x Module Clavister NetEye 8500 Rack Appliance NE-8500 2 CPU, 20 Core each, 16GB 1000 Mbps 1 x RJ45 Interface module 2x10 GbE SFP+ APP-CM-NET120 Ram 4 x Module Clavister NetEye 8900 Rack Appliance NE-8900 2 CPU, 20 Core each, 16GB 2000 Mbps 1 x RJ45 Ram 4 x Module Licensing Option * Security Subscription * Sandbox always hosted in the Cloud

  17. Clavister NetEye Cloud. Clavister NetEye Cloud Advanced Threat Protection hosted as a service in Clavister Cloud SKU Format Connect Protect Prevent Model SSL Performance Interfaces Antivirus Clavister NetEye 50 Cloud NE-50C 50 Mbps IPSEC Scanning Clavister NetEye 100 Cloud NE-100C 100 Mbps IPSEC SSL Traffic Inspection Clavister NetEye 250 Cloud NE-250C 250 Mbps IPSEC Sandboxing Clavister NetEye 500 Cloud NE-500C 500 Mbps IPSEC Licensing Option * Security Subscription * Sandbox always hosted in the Cloud

  18. Costs • Clavister NetEye and Clavister NetEye cloud are priced for peak throughput • Throughput only of HTTP and HTTPS traffic that needs decryption and scanning • Trusted domains can be excluded in the policy routing configured in the firewall • Example pricing: • 50 Mbit/s will serve 50 users or more – down to 1 Euro a month for virtual • 2000 Mbit/s will sever over 2000 users, under 1 Euro a month including HW • 500 Mbit/s will serve 600 users or more – down to 1 Euro a month including cloud costs! • Clavister InCenter Cloud for Clavister NetEye always included!

  19. Summary – Key Results • Advanced Threat Protection dedicated SSL Inspection with integrated malware scanning • Always latest signatures installed in Clavister NetEye Cloud • ion Secure detonation outside the Threat Protectio enterprise perimeter • Limited to no impact on firewall performance Advanced Th Clavister NetEye gives peace of Adv mind without need to upgrade security infrastructure. MENU

Recommend


More recommend