Hillstone Intelligent Next Generation Firewall



Similar documents
The Hillstone and Trend Micro Joint Solution

Next Generation Enterprise Network Security Platform

SourceFireNext-Generation IPS

On-Premises DDoS Mitigation for the Enterprise

Implementing Cisco IOS Network Security

PALO ALTO SAFE APPLICATION ENABLEMENT

IINS Implementing Cisco Network Security 3.0 (IINS)

Secure Cloud-Ready Data Centers Juniper Networks

Huawei Eudemon200E-N Next-Generation Firewall

Intro to NSX. Network Virtualization VMware Inc. All rights reserved.

Concierge SIEM Reporting Overview

What s Next for the Next Generation Firewall Vendor Palo Alto Networks Overview. October 2010 Matias Cuba - Regional Sales Manager Northern Europe

Fighting Advanced Threats

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis

FROM PRODUCT TO PLATFORM

Agenda , Palo Alto Networks. Confidential and Proprietary.

SecurityDAM On-demand, Cloud-based DDoS Mitigation

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

Customer Service Description Next Generation Network Firewall

Advanced Threats: The New World Order

Active Visibility for Multi-Tiered Security. Juergen Kirchmann Director Enterprise Sales EMEA

Next-Generation Firewalls: Critical to SMB Network Security

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware

DYNAMIC DNS: DATA EXFILTRATION

DDoS Protection Technology White Paper

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Network that Know. Rasmus Andersen Lead Security Sales Specialist North & RESE

REVOLUTIONIZING ADVANCED THREAT PROTECTION

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

BlackRidge Technology Transport Access Control: Overview

PROFESSIONAL SECURITY SYSTEMS

End-user Security Analytics Strengthens Protection with ArcSight

Radware s Attack Mitigation Solution On-line Business Protection

USG6600 Next-Generation Firewall

McAfee Next Generation Firewall Optimize your defense, resilience, and efficiency.

Intro to Firewalls. Summary

USG6300 Next-Generation Firewall

Firewall Feature Overview

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Next Generation Network Firewall

Cyber Situational Awareness for Enterprise Security

Cyberoam Next-Generation Security. 11 de Setembro de 2015

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

Security strategies to stay off the Børsen front page

Simple security is better security Or: How complexity became the biggest security threat

Unified Security, ATP and more

Why a Network-based Security Solution is Better than Using Point Solutions Architectures

How To Protect A Network From Attack From A Hacker (Hbss)

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Unified Threat Management, Managed Security, and the Cloud Services Model

Description: Objective: Attending students will learn:

Data Sheet. DPtech Anti-DDoS Series. Overview

plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels

The SIEM Evaluator s Guide

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

Product Overview. customers in the business of service provider, enterprise, financial services, and public sectors.

What s Next for Network Security - Visibility is king! Gøran Tømte March 2013

Next Generation Firewall

Introducing IBM s Advanced Threat Protection Platform

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network

VMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic

Cisco Advanced Malware Protection for Endpoints

Firewall Sandwich. Aleksander Kijewski Presales Engineer Dell Software Group. Dell Security Peak Performance

First Line of Defense

Fortinet Network Security NSE4 test questions and answers:

Service Description DDoS Mitigation Service

McAfee Network Security Platform Administration Course

Stop advanced targeted attacks, identify high risk users and control Insider Threats

Architecture Overview

Managing Latency in IPS Networks

Cyb T er h Threat D f e ense S l o uti tion Moritz Wenz, Lancope 1

DPtech ADX Application Delivery Platform Series

SVN5800 Secure Access Gateway

SonicWALL Unified Threat Management. Alvin Mann April 2009

PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data

DDoS DETECTING. DDoS ATTACKS WITH INFRASTRUCTURE MONITORING. [ Executive Brief ] Your data isn t safe. And neither is your website or your business.

The Cisco ASA 5500 as a Superior Firewall Solution

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Critical Security Controls

Leading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA

Complete Protection against Evolving DDoS Threats

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

Network as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats

Next Generation Firewalls and Sandboxing

Enterprise Cybersecurity: Building an Effective Defense

Cyber Security for NERC CIP Version 5 Compliance

Guideline on Firewall

SANS Top 20 Critical Controls for Effective Cyber Defense

Cyberoam Perspective BFSI Security Guidelines. Overview

Next Generation IPS and Reputation Services

SECURING YOUR MODERN DATA CENTER WITH CHECK POINT

Transcription:

Hillstone Intelligent Next Generation Firewall Kris Nawani Solution Manager (Thailand) 12 th March 2015 1 About Hillstone Networks Founded 2006 by Netscreen visionaries World class team with security, big data, and networking expertise Builds Next Generation Firewalls that provide & of Applications, Users, Content, and Threats Innovations: Data Mining and Correlation Analysis for Threat and Analysis Global footprint with over 8000 customers 36 Patents in multi-core security architecture 2 Entered Magic Quadrant As a Visionary Challenger February 2014 IPv6 Ready Gold Certification 2012 ZDNet Best Data Center Firewall Award for Hillstone SG-6000- X6180 firewall 2012 Red Herring Global Top 100 Most Innovative Company Award 1

Hillstone Approach to Meet Changing Customer Demands 3 Intelligent Next-Generation Firewall Real-time flow analytics to detect anomalies Alert admins with early signs of unknown threats Full visibility via ongoing monitoring of user, host and server behaviors and overall network health Hillstone Elastic Firewall Architecture Scales Firewall performance linearly Fully distributed architecture with patented resource allocation algorithm Can be deployed in a virtual distributed environment and managed as one Integrated with leading cloud management platforms 3 Entered Gartner Enterprise Firewall Magic Quadrant 4 4 2

Enhanced NGFW Functionalities 5 Multi-dimensional Threat User and Application Identification Six detection modules including Trojan, malware and web protection Unified threat signature library High performance fully parallel detection User management based on organizational structure Local identification of 1300+ applications More cloud-based application identification Operation Management Packet path detection Global fault detection Extensive network log auditing Company Business Unit Team User Intelligent Traffic Management iqos Eight-level traffic control at two layers Combined analysis and control Current and historical traffic comparison and analysis 5 StoneOS Core Features Strong Networking Foundation Dynamic routing (OSPF, BGP,RIPv2) Policy based routing Route controlled by application IPv6 Tap mode connect to SPAN port L2/L3 switching & routing Virtual wire (Layer 1) transparent in-line deployment VPN PnP VPN SSL VPN (optional USB-key) L2TP L2TP over IPSec VPN High Availability Active / passive Configuration and session synchronization Virtual Firewalls Multiple virtual firewalls in a single device Load Balancing By Source IP By Destination IP By Session By Bandwidth / Latency Zone-Based Architecture6 All interfaces assigned to security zones for policy enforcement Threat Over 1.3 million AV signatures Over 3500 IPS signatures Over 20 million domain names DoS/DDoS DNS Query Flood SYN Flood ARP spoofing Malformed packets QoS Traffic Shaping Max/guaranteed and priority By user, group, app, IP address, time, and more By Class of Service (CoS) and app priority (compatible with DiffServ tag) Centralized Mgt. Centralized deployment and management Unified policy mgt. Performance and traffic monitoring 6 3

Firewall Value Evolution 7 L7 Application protection to Network Operation ingfw NGFW Behavior-Based Risk to Network Health Full Cycle Management:,, Traditional FW 7 Wall is an old concept Wall is not effective in preventing the network from being compromised. 8 Assumption: Internal Networks is Clean Reality: None of Network is Clean 8 4

ingfw Stop Attacks in Every Step of Kill Chain Footprinting Malware Assemble & Transmit Implement Foot Target Data Data Stealing 9 Initial Breach Reconnaissance & Extend Foothold Data Exfiltration Traditional FW NGFW Malware Software Hillstone Intelligent NGFW 9 What is ingfw? 10 Next-Generation NGFW Signature Intelligent ingfw Behavior ingfw,addresses Unknown Threats based on Behavior Analysis 10 5

Detect Unknown Threats 11 控 制 可 视 11 Two Intelligent Engines 12 Advanced Threat (ATD) Engine Identify Polymorphic Malware by Statistical Clustering Abnormal Behavior (ABD) Engine Detect Attacks by Catching Behaviors off the Baseline 12 6

Advanced Threat Engine 13 Known malware Behavior set 1 Machine Learning Behavior Behavior set 2 set n Malware Behavior Rules 13 Malware Behavior learning Unknown threat Identify malware variants Behavior Pattern Matching Abnormal Behavior Engine 14 Host/User Behavior Learning & Modeling Detect Hidden Cyber Attacks 14 7

Abnormal Behavior Engine 15 Host/User Behavior Baseline Modeling Attack Profile DOS/Scanning crawlers Behavior Deviation Analysis Password attempt Data Exploitation 15 360 Degree 16 16 8

Top-Level 17 Risk Real-time Network Risk Index Risky hosts Distribution & Risk level Hosts Threats Threat types and detailed information 17 Improved 18 Risk User App Content User App Content IP Port IP Port IP Port Traditional FW NGFW ingfw 18 9

Intuitive Dashboard Design 19 Intelligence Risk and threat information Next-Generation User & application information Firewall Network traffic information 19 by Hosts at Risk 20 Risky host distribution Risk endpoints/servers IP Severity,quantity 20 10

by Threat Types 21 Threat name & occurrence time Threat type,severity 21 on Threat Details 22 Victim Attacker 22 11

Mitigate Risks in Real-Time 23 23 Real-Time Mitigation 24 Risk Threat Level Intelligent threat inspection App ID ingfw NGFW User ID Protocol Security Policy Set Based on Risk Levels Port Allow Continuous Risk IP 24 12

Real-Time Mitigation 25 Risk type and level Mitigation method Trigger Conditions & Policies Set 25 New Experience to Network Security Secure Network Layered Defenses 26 Simply Risks Level Triggers Mitigation in real-time Operate in Efficiency 360 Degree to Network Health 26 13

Hillstone ingfw : Real-Time Flow Analytics 流 量 27 Static Threshold Dynamic Behavior Baseline 27 Detect anomalies earlier and more accurate based on dynamic behavior base line analysis Time Network Health Index (NHI) and Behavior Reputation Index (BRI) 28 Proactively monitors threats and status of servers, network and resources Patented risk calculation model and massive data mining NHI evaluates risk trends and provides early warnings Learn about user and application behaviors to create baseline parameters Identify abnormal network behaviors based on data mining and correlation analysis BRI accurately identifies known or unknown threats 28 14

Innovative, Green and Energy Efficient Advantages 29 15U Hillstone Offers Similar Performance at Smaller Footprint 13U 5U Hillstone Data Center firewall 29 Firewall Market Leadership Throughput per U The throughput of each X7180 rack unit is higher than competitions: 2-4 times Throughput per U (Gbps/U) 30 72 34 13 Competitor 1 Competitor 2 Hillstone X7180 Maximum power The power consumption of each X7180 unit is only a fraction of alternative products from competitors: 1/4-1/3 Maximum power ( W) 5,100 3,231 1,300 Competitor 1 Competitor 2 Hillstone X7180 Take X7180 for example 30 15

X Product Models X7180 (360G) 31 T T3860 (10G) T5060(20G) T5860(40G) E5960(40G) E3960(10G) E3660(8G) E5760(32G) E2800(4.5G) E5560(20G) E E2300(2.5G) E5260(16G) E1700(1.5G) E1600(1G) + UIF E1100(1G) HSA /HSM 31 HSA-10 HSM-200 Thank You! Hillstone Networks Email: inquiry@hillstonenet.com 32 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information