InfoExpress Cyber Gatekeeper. How to quote? Günter Neuleitner. März 2009

Similar documents
Evolving Network Security with the Alcatel-Lucent Access Guardian

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

Secure IP Address Management Layer 2 Network Access Control Solution

This chapter covers the following topics: Network admission control overview NAC Framework benefits NAC Framework components Operational overview

The self-defending network a resilient network. By Steen Pedersen Ementor, Denmark

Network Access Control in Virtual Environments. Technical Note

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks

Best Practices for Outdoor Wireless Security

Bypassing Network Access Control Systems

Alcatel-Lucent Enterprise Converged Network Solution

Building A Secure Microsoft Exchange Continuity Appliance

Alcatel-Lucent Services

EVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE

Network Access Security It's Broke, Now What? June 15, 2010

Paul Cochran - Account Manager. Chris Czerwinski System Engineer

ALCATEL-LUCENT ENTERPRISE CONVERGED NETWORK SOLUTION Deliver a consistent and quality user experience, streamline operations and reduce costs

Data Sheet: Endpoint Security Symantec Network Access Control Comprehensive Endpoint Enforcement

Microsoft Windows Server System White Paper

ENTERPRISE CONVERGED NETWORK SOLUTION. Deliver a quality user experience, streamline operations and reduce costs

Sygate Secure Enterprise and Alcatel

Network Virtualization Network Admission Control Deployment Guide

Cisco TrustSec How-To Guide: Planning and Predeployment Checklists

ALCATEL-LUCENT OMNIVISTA 2500 NETWORK MANAGEMENT SYSTEM

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.

What s New in Juniper Networks Secure Access (SA) SSL VPN Version 6.4

Whitepaper. Securing Visitor Access through Network Access Control Technology

» WHITE PAPER X and NAC: Best Practices for Effective Network Access Control.

Technical Note. CounterACT: 802.1X and Network Access Control

XenMobile Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series

MDM Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series

Cisco TrustSec Solution Overview

Technical Note. ForeScout CounterACT: Virtual Firewall

Chapter 1 The Principles of Auditing 1

Internet for Everyone In-Room Instructions January 2011 Version 1.3

ARCHITECT S GUIDE: Mobile Security Using TNC Technology

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

Secure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Information Technology Solutions

IP Telephony Management

CompTIA Network+ (Exam N10-005)

Cisco Identity Services Engine

Cisco Configuration Assistant

TABLE OF CONTENTS NETWORK SECURITY 1...1

HP Intelligent Management Center Standard Software Platform

To participate in the hands-on labs in this class, you need to bring a laptop computer with the following:

Kaspersky Endpoint Security 10 for Windows. Deployment guide

inforouter V8.0 Server & Client Requirements

ForeScout CounterACT. Continuous Monitoring and Mitigation

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

Best Practices: Pass-Through w/bypass (Bridge Mode)

End Point Security & Network Access Control

SolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements

Cisco AnyConnect Secure Mobility Client integration with ISE & SCCM client for patch remediation on windows

Internet Content Provider Safeguards Customer Networks and Services

Efficient and easy-to-use network access control and dynamic vlan management. Date: F r e e N A C. n e t Swisscom

TABLE OF CONTENTS NETWORK SECURITY 2...1

Securing end devices

Cisco Configuration Assistant

Cisco Network Admission Control and Microsoft Network Access Protection Interoperability Architecture

Network Access Control ProCurve and Microsoft NAP Integration

WHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment Adaptive Network Security...

PCI Solution for Retail: Addressing Compliance and Security Best Practices

For more information refer: UTM - FAQ: What are the basics of SSLVPN setup on Gen5 UTM appliances running SonicOS Enhanced 5.2?

HP Intelligent Management Center Standard Software Platform

Models HP IMC Smart Connect Edition Virtual Appliance Software E-LTU

Extreme Access Control For Healthcare

Bypassing Network Access Control Systems

WHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems

1. Installation Overview

ARCHITECT S GUIDE: Comply to Connect Using TNC Technology

Junos Pulse Supported Platforms Guide

Altus UC Security Overview

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

HP Intelligent Management Center Basic WLAN Manager Software Platform

Network-in-a-Box Solution. Services already integrated in the core switch Ideal concept for branch offices, schools or other small business networks

Mobile device Management mit NAC

Lecture 02b Cloud Computing II

Configure ISE Version 1.4 Posture with Microsoft WSUS

Ovation Security Center Data Sheet

Beyond Quality of Service (QoS) Preparing Your Network for a Faster Voice over IP (VoIP)/ IP Telephony (IPT) Rollout with Lower Operating Costs

Agenda What can we do now? And 5 years from now we will still be current!

Check Point NAC and Endpoint Security Martin Koldovský SE Manager Eastern Europe

Complete Patch Management

CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE

Configure Posture. Note. Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 4.1 1

Avaya Identity Engines Portfolio

QuickSpecs. HP PCM Plus v4 Network Management Software Series (Retired) Key features

Cisco Certified Network Associate (CCNA) 120 Hours / 12 Months / Self-Paced WIA Fee: $

Steelcape Product Overview and Functional Description

Transcription:

InfoExpress Cyber Gatekeeper How to quote? Günter Neuleitner März 2009

Agenda 1. Introduction 2. Components 3. Quoting CyberGatekeeper 4. AGENTLESS AND AGENT-BASED 5. Examples

1 Introduction 3 Presentation Title Month 2008

Network User Aware Security OmniSwitch OmniAccess Wireless OmniAccess Safeguard BRICK Authentication Cybergatekeeper Host Integrity Check OmniAccess Safeguard Role Based Access Comprehensive Pre and Post Admission Control Quarantine and remediation OmniSwitch OmniAccess Safeguard Fortigate Anomaly detection IPS/IDS OmniVista Quarantine OmniAccess Safeguard Monitoring/ compliance 4 Presentation Title Month 2008

Alcatel-Lucent Layered Security Strategy, InfoExpress Product Mapping CyberGatekeeper Capability Audit Remediate Quarantine IPS/IDS Role Based Access Host Integrity Authentication 5 Presentation Enterprise Forum Title March Month 2008

Benefits of HIC Keeps rogue devices off your network Ensures 100% of endpoints on your network are compliant or quarantined until they are remediated. Prevents vulnerabilities Security solutions are assured to be running and up-todate. OS and patches assured to be current. Lowers help desk costs Automatic remediation of non-compliant PC s HIC for Guest Access mitigates Security risks of Guest/Unmanaged Devices. 6 Presentation Title Month 2008

CyberGatekeeper Key Features The CyberGatekeeper solution is positioned as a vital building block in an Enterprise s Security Framework providing the following features: Host integrity check capability to address 802.1x users, non-802.1x regular users, and remote/vpn users Powerful policy management for end-point compliance Automated remediation and interoperability with patch management solutions Compliance reporting audits Fully interoperable with Alcatel-Lucent network infrastructure products Support Windows, Linux, MAC users 7 Presentation Title Month 2008

CyberGatekeeper Hardware Architektur 8 Presentation Title Month 2008

2 Components 9 Presentation Title Month 2008

Overview of CyberGatekeeper Host Integrity Solution Always consists of 4 components CyberGatekeeper Server Purchased by customer Comes in both an appliance and Windows software based on the implementation CyberGatekeeper Agent Purchased by customer CyberGatekeeper Policy Manager Software, comes with the product and is not in the pricing catalog CyberGatekeeper Reporting Server Software, comes with the product and is not in the pricing catalog 10 Presentation Title Month 2008

CyberGatekeeper Server Component CyberGatekeeper Remote Server CyberGatekeeper Remote Server Redundant CyberGatekeeper Remote Fail Open Server CyberGatekeeper DNAC Server Dynamic NAC Windows Server 11 Presentation Title Month 2008

CyberGatekeeper Server Component CyberGatekeeper Remote Server - Part Number:CGSR1P Acts as a Layer2 bridge between networks. It was designed for VPNs but also is being used directly behind wireless concentrators as the 1GB interface should not create a bottleneck. This is a dedicated device for Layer2 bridging and cannot run any of the other enforcement options of the CyberGatekeeper solution. CyberGatekeeper Remote Server Redundant - Part Number: CGSR1R Uses Spanning Tree Protocol as an active hardware standby. Must be purchased with a primary server CyberGatekeeper Remote Fail Open Server - Part Number: CGSR1F For customers who do not need a hardware redundancy and can tolerate the lack of host integrity during an outage, this is an option. A Fail Open NIC card is used that acts as a network pass-through in case something happens to the server. As an example, if you unplug the server traffic will still pass through this device, but no host integrity checking will occur. 12 Presentation Title Month 2008

CyberGatekeeper Server Component CyberGatekeeper DNAC Server - Part Number: CGSL1P Can perform 2 forms of CG implementations simultaneously. The DNAC Server can run on this appliance and needs to be able to communicate to the agents throughout the network. It can also run the 802.1x module, which acts as a radius proxy from the switch to the radius DB. A host integrity attribute is continuously added and based on this attribute an associated VLAN can be enabled. This server does NOT work in-line. Dynamic NAC Windows Server - Part Number: CGSDS A Windows software version of the server for DNAC deployments only. For customers who prefer Windows environments this is an option for them. 802.1x or in-line is not an option for this server 13 Presentation Title Month 2008

CyberGatekeeper Server Hardware appliance or Windows software (DNAC) Assesses endpoint compliance with customer policies Manages network access Sends remediation actions to endpoints Performs authentication 14 Presentation Title Month 2008

CyberGatekeeper Policy Manager Design, develop and deploy policy Obtain regular policy updates Configure and build Agent 15 Presentation Title Month 2008

CyberGatekeeper Agent Desktop Agent for Windows 98, 2000, XP, 2003, Vista, MacOS X, Linux Web Agent for Internet Explorer and Firefox on Windows 16 Presentation Title Month 2008

Audit Failure CG Administrator enables pop-up messages and creates the appropriate content Pop-up message is optional, remediation can be transparent to user 17 Presentation Title Month 2008

Remediation Planning Should the endpoint be quarantined? Should the user be notified? Should the problem be solved automatically? BUILT-IN REMEDIATION SUPPORT FULLY INTER-OPERABLE WITH PATCH MANAGEMENT SYSTEMS LIKE PATCHLINK, BIGFIX.. 18 Presentation Title Month 2008

Report Manager General reports: Compliance monitor, daily logs/statistics, access report DNAC reports: Audit and access status for endpoints by subnet Centralized DNAC configuration 19 Presentation Title Month 2008

Overview of CyberGatekeeper Host Integrity Checking Solution 20 Presentation Enterprise Forum Title March Month 2008

3 Quoting CyberGatekeeper 21 Presentation Title Month 2008

Quoting CyberGatekeeper What Customers Pay for: Agents Support/Maintenance for Agents Servers Support/Maintenance for Servers What they receive Agent license CyberGatekeeper Servers Management Server Software Policy Management Software 22 Presentation Title Month 2008

Information Needed for Quotes 1) How many users in the organization For Web agent, how many unique users per month For 1mb static agent, how many will be installed 2) What is the installation: VPN, Wireless, LAN Identify the Use Case to the Server implementation and use the corresponding part number Redundancy is achieved with 2 or more appliances The exception is the CGSR1P, which will have a CGSR2P for active standby capabilities. They are paired together and would be purchased accordingly. 23 Presentation Title Month 2008

What to Quote Agents Web or Static does not matter CGAD-xxxxx Actual Agents CGAD-xxxxx-SPM Support/Maintenance Servers CGSxxx Actual Servers CGSxxx-SPM Support/Maintenance Agents can be used across multiple servers, customer only charged once. 24 Presentation Title Month 2008

4 AGENTLESS AND AGENT-BASED 25 Presentation Title Month 2008

AGENTLESS AND AGENT-BASED 26 Presentation Title Month 2008

5 Examples 27 Presentation Title Month 2008

Example 1 28 Presentation Title Month 2008

Example 1 29 Presentation Title Month 2008

Example 2 30 Presentation Title Month 2008

Example 2 31 Presentation Title Month 2008

Example 3 32 Presentation Title Month 2008

Example 3 33 Presentation Title Month 2008

Example 4 34 Presentation Title Month 2008

Example 4 35 Presentation Title Month 2008

www.alcatel-lucent.com www.alcatel-lucent.com 36 Presentation Title Month 2008

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information