Hillstone Intelligent Next Generation Firewall

Transcription

1 Hillstone Intelligent Next Generation Firewall Kris Nawani Solution Manager (Thailand) 12 th March About Hillstone Networks Founded 2006 by Netscreen visionaries World class team with security, big data, and networking expertise Builds Next Generation Firewalls that provide & of Applications, Users, Content, and Threats Innovations: Data Mining and Correlation Analysis for Threat and Analysis Global footprint with over 8000 customers 36 Patents in multi-core security architecture 2 Entered Magic Quadrant As a Visionary Challenger February 2014 IPv6 Ready Gold Certification 2012 ZDNet Best Data Center Firewall Award for Hillstone SG X6180 firewall 2012 Red Herring Global Top 100 Most Innovative Company Award 1

2 Hillstone Approach to Meet Changing Customer Demands 3 Intelligent Next-Generation Firewall Real-time flow analytics to detect anomalies Alert admins with early signs of unknown threats Full visibility via ongoing monitoring of user, host and server behaviors and overall network health Hillstone Elastic Firewall Architecture Scales Firewall performance linearly Fully distributed architecture with patented resource allocation algorithm Can be deployed in a virtual distributed environment and managed as one Integrated with leading cloud management platforms 3 Entered Gartner Enterprise Firewall Magic Quadrant 4 4 2

3 Enhanced NGFW Functionalities 5 Multi-dimensional Threat User and Application Identification Six detection modules including Trojan, malware and web protection Unified threat signature library High performance fully parallel detection User management based on organizational structure Local identification of applications More cloud-based application identification Operation Management Packet path detection Global fault detection Extensive network log auditing Company Business Unit Team User Intelligent Traffic Management iqos Eight-level traffic control at two layers Combined analysis and control Current and historical traffic comparison and analysis 5 StoneOS Core Features Strong Networking Foundation Dynamic routing (OSPF, BGP,RIPv2) Policy based routing Route controlled by application IPv6 Tap mode connect to SPAN port L2/L3 switching & routing Virtual wire (Layer 1) transparent in-line deployment VPN PnP VPN SSL VPN (optional USB-key) L2TP L2TP over IPSec VPN High Availability Active / passive Configuration and session synchronization Virtual Firewalls Multiple virtual firewalls in a single device Load Balancing By Source IP By Destination IP By Session By Bandwidth / Latency Zone-Based Architecture6 All interfaces assigned to security zones for policy enforcement Threat Over 1.3 million AV signatures Over 3500 IPS signatures Over 20 million domain names DoS/DDoS DNS Query Flood SYN Flood ARP spoofing Malformed packets QoS Traffic Shaping Max/guaranteed and priority By user, group, app, IP address, time, and more By Class of Service (CoS) and app priority (compatible with DiffServ tag) Centralized Mgt. Centralized deployment and management Unified policy mgt. Performance and traffic monitoring 6 3

4 Firewall Value Evolution 7 L7 Application protection to Network Operation ingfw NGFW Behavior-Based Risk to Network Health Full Cycle Management:,, Traditional FW 7 Wall is an old concept Wall is not effective in preventing the network from being compromised. 8 Assumption: Internal Networks is Clean Reality: None of Network is Clean 8 4

5 ingfw Stop Attacks in Every Step of Kill Chain Footprinting Malware Assemble & Transmit Implement Foot Target Data Data Stealing 9 Initial Breach Reconnaissance & Extend Foothold Data Exfiltration Traditional FW NGFW Malware Software Hillstone Intelligent NGFW 9 What is ingfw? 10 Next-Generation NGFW Signature Intelligent ingfw Behavior ingfw,addresses Unknown Threats based on Behavior Analysis 10 5

6 Detect Unknown Threats 11 控 制 可 视 11 Two Intelligent Engines 12 Advanced Threat (ATD) Engine Identify Polymorphic Malware by Statistical Clustering Abnormal Behavior (ABD) Engine Detect Attacks by Catching Behaviors off the Baseline 12 6

7 Advanced Threat Engine 13 Known malware Behavior set 1 Machine Learning Behavior Behavior set 2 set n Malware Behavior Rules 13 Malware Behavior learning Unknown threat Identify malware variants Behavior Pattern Matching Abnormal Behavior Engine 14 Host/User Behavior Learning & Modeling Detect Hidden Cyber Attacks 14 7

8 Abnormal Behavior Engine 15 Host/User Behavior Baseline Modeling Attack Profile DOS/Scanning crawlers Behavior Deviation Analysis Password attempt Data Exploitation Degree

9 Top-Level 17 Risk Real-time Network Risk Index Risky hosts Distribution & Risk level Hosts Threats Threat types and detailed information 17 Improved 18 Risk User App Content User App Content IP Port IP Port IP Port Traditional FW NGFW ingfw 18 9

10 Intuitive Dashboard Design 19 Intelligence Risk and threat information Next-Generation User & application information Firewall Network traffic information 19 by Hosts at Risk 20 Risky host distribution Risk endpoints/servers IP Severity,quantity 20 10

11 by Threat Types 21 Threat name & occurrence time Threat type,severity 21 on Threat Details 22 Victim Attacker 22 11

12 Mitigate Risks in Real-Time Real-Time Mitigation 24 Risk Threat Level Intelligent threat inspection App ID ingfw NGFW User ID Protocol Security Policy Set Based on Risk Levels Port Allow Continuous Risk IP 24 12

13 Real-Time Mitigation 25 Risk type and level Mitigation method Trigger Conditions & Policies Set 25 New Experience to Network Security Secure Network Layered Defenses 26 Simply Risks Level Triggers Mitigation in real-time Operate in Efficiency 360 Degree to Network Health 26 13

14 Hillstone ingfw : Real-Time Flow Analytics 流 量 27 Static Threshold Dynamic Behavior Baseline 27 Detect anomalies earlier and more accurate based on dynamic behavior base line analysis Time Network Health Index (NHI) and Behavior Reputation Index (BRI) 28 Proactively monitors threats and status of servers, network and resources Patented risk calculation model and massive data mining NHI evaluates risk trends and provides early warnings Learn about user and application behaviors to create baseline parameters Identify abnormal network behaviors based on data mining and correlation analysis BRI accurately identifies known or unknown threats 28 14

15 Innovative, Green and Energy Efficient Advantages 29 15U Hillstone Offers Similar Performance at Smaller Footprint 13U 5U Hillstone Data Center firewall 29 Firewall Market Leadership Throughput per U The throughput of each X7180 rack unit is higher than competitions: 2-4 times Throughput per U (Gbps/U) Competitor 1 Competitor 2 Hillstone X7180 Maximum power The power consumption of each X7180 unit is only a fraction of alternative products from competitors: 1/4-1/3 Maximum power ( W) 5,100 3,231 1,300 Competitor 1 Competitor 2 Hillstone X7180 Take X7180 for example 30 15

16 X Product Models X7180 (360G) 31 T T3860 (10G) T5060(20G) T5860(40G) E5960(40G) E3960(10G) E3660(8G) E5760(32G) E2800(4.5G) E5560(20G) E E2300(2.5G) E5260(16G) E1700(1.5G) E1600(1G) + UIF E1100(1G) HSA /HSM 31 HSA-10 HSM-200 Thank You! Hillstone Networks inquiry@hillstonenet.com 32 16