Comparative analysis. NETASQ vs Fortinet. COMPARATIVE ANALYSIS NETASQ vs Fortinet. Copyright NETASQ 2009



Similar documents
Fortinet Certified Network Security Administrator

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

1Fortinet. 2How Logtrust. Firewall technologies from Fortinet offer integrated, As your business grows and volumes of data increase,

FortiGate Multi-Threat Security Systems I Administration, Content Inspection and SSL VPN Course #201

Cyberoam Perspective BFSI Security Guidelines. Overview

SonicWALL Security Quick Start Guide. Version 4.6

NETASQ MIGRATING FROM V8 TO V9

UNIFIED THREAT MANAGEMENT SOLUTIONS AND NEXT-GENERATION FIREWALLS NETWORK SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Unified Threat Management Throughput Performance

MOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

Cisco Small Business ISA500 Series Integrated Security Appliances

FIREWALL. Features SECURITY OF INFORMATION TECHNOLOGIES

IREBOX X. Firebox X Family of Security Products. Comprehensive Unified Threat Management Solutions That Scale With Your Business

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

UNIFIED THREAT MANAGEMENT SOLUTIONS AND NEXT-GENERATION FIREWALLS ADMINISTRATION TOOLS NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

QUESTION: 1 Which of the following are valid authentication user group types on a FortiGate unit? (Select all that apply.)

VPN. Date: 4/15/2004 By: Heena Patel

Implementing Cisco IOS Network Security v2.0 (IINS)

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

WEB PROTECTION. Features SECURITY OF INFORMATION TECHNOLOGIES

Readiness Assessments: Vital to Secure Mobility

High performance security for low-latency networks

Basics of Internet Security

A Prevention & Notification System By Using Firewall. Log Data. Pilan Lin

Total Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security

Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper

NetDefend Firewall UTM Services

FortiMail Filtering Course 221-v2.2 Course Overview

Chapter 2 Introduction

Check Point Security Administrator R70

Achieving PCI-Compliance through Cyberoam

Security Toolsets for ISP Defense

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

- Introduction to PIX/ASA Firewalls -

Content-ID. Content-ID URLS THREATS DATA

Lesson 5: Network perimeter security

NETWORK SECURITY (W/LAB) Course Syllabus

Information Security Services

Simple security is better security Or: How complexity became the biggest security threat

SonicWALL Advantages Over WatchGuard

Building Remote Access VPNs

Penetration Testing //Vulnerability Assessment //Remedy

End-user Security Analytics Strengthens Protection with ArcSight

Fortinet Network Security NSE4 test questions and answers:

INTRUSION PREVENTION (IPS) Features SECURITY OF INFORMATION TECHNOLOGIES

Certification Report

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

ANNEXURE TO TENDER NO. MRPU/IGCAR/COMP/5239

Intel Security Certified Product Specialist Security Information Event Management (SIEM)

USG6600 Next-Generation Firewall

WHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems

2012 North American Enterprise Firewalls Market Penetration Leadership Award

Gateway Security at Stateful Inspection/Application Proxy

Firewalls and Intrusion Detection

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Huawei Eudemon200E-N Next-Generation Firewall

Astaro Gateway Software Applications

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 12

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

Sophos Certified Architect Course overview

Firewall Feature Overview

Firewalls, Tunnels, and Network Intrusion Detection

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

GoToMyPC Corporate Advanced Firewall Support Features

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2

Steps for Basic Configuration

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

Cisco IPS Tuning Overview

PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data

Networking: EC Council Network Security Administrator NSA

Network Access Security. Lesson 10

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Introducing IBM s Advanced Threat Protection Platform

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

FortiWeb 5.0, Web Application Firewall Course #251

Move over, TMG! Replacing TMG with Sophos UTM

USG6300 Next-Generation Firewall

Fail-Safe IPS Integration with Bypass Technology

Windows Remote Access

Performance Evaluation of Intrusion Detection Systems

Cisco Wide Area Application Services (WAAS) Software Version 4.0

Implementing Cisco IOS Network Security

*TKtr *W4>K. Government of India itwm mitm Ministry of Labour & Employment W T HSlPT&llem. Directorate General of Mines Safety TENDER NOTICE

Managing Latency in IPS Networks

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Securing and Accelerating Databases In Minutes using GreenSQL

Managed Security Services for Data

Implementing and Administering Security in a Microsoft Windows Server 2003 Network

INSTANT MESSAGING SECURITY

Network Security. Protective and Dependable. Pioneer of IP Innovation

Security Considerations for DirectAccess Deployments. Whitepaper

NetDefend Firewall UTM Services

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

Transcription:

Comparative analysis vs 1

Key advantages to solutions Proactive when encountering threats High-performance architecture Maximum protection for businesses of all sizes Licenses for unlimited number of users Complete shield from threats Simplified vulnerability detection and auditing Simplified risk management Abnormal network behavior blocked Maximum protection for businesses of all sizes offers the highest level of protection throughout its whole range. All modes of protection are present by default, without the need to purchase additional options. IPS Antivirus Antispam URL filtering As an option (Fortiguard) As an option (Fortiguard) As an option (Fortiguard) As an option (Fortiguard) standard license All IPS protection modes are available. The embedded antivirus module includes a proactive engine and a database of more than 500 000 antivirus signatures. s Antispam module combines reputation and heuristic analyses to eradicate SPAM. s URL filtering module is embedded in the product to ensure optimum performance. 2

Effective intrusion prevention s intrusion prevention engine combines various technologies and more than 10 years worth of research to arrive at delivering the highest level of security: Protocol analysis and security Behavioral analyses Proactive protection contextual signatures Contextual signatures for protection from threats and attacks. s IPS is based on a single signature database and communicates actively about its reaction time when a new threat appears. s intrusion prevention technologies have been specially researched to provide proactive protection. Distribution between the different categories of protection Protocol IPS Behavioral analyses IPS Performance IPS largely inspired by Snort and signatures do not offer optimum protection from 0-day attacks s IPS is based on the detection of ports, which is an ineffective method of protection Activating s IPS feature causes performance to plunge by 80% combines protocol analyses and protection signatures detects protocols in real time regardless of the port in order to detect any anomalies. s performance includes the activation of intrusion prevention 3

Case study of the Kaminsky DNS vulnerability The exploitation of this vulnerability allows passing off false DNS responses for valid responses (DNS spoofing). The attacks work on the basis of being able to guess the random elements (DNS ID and UDP port) necessary for creating a response in the right format. Detection of attack behavior Targeted DNS spoofing attempt alarm raised Allowing a single valid response The behavioral analysis only allows one response in the event of an attack. A search for DNS spoofing on the Fortiguard website only displays one detection signature by the metasploit tool. There is no mention of a more thorough analysis. s different behavioral analyses provide effective protection from the attack discovered by Mr Kaminsky. 4

High-performance architecture s architecture relies on the synergies between hardware architecture and the operating system. The architecture combines dedicated hardware components (ASIC) and software analyses. actively communicates information about its hardware architecture. A technological choice like this would not have been out of place 10 years ago, but is irrelevant today because of the evolution of security needs: 1. s network ASIC is not used when intrusion prevention is enabled. 2. s content ASIC imposes many restrictions and does not avoid changes in context and data duplication (software <-> hardware transfers) thereby largely limiting the improvements in performance. The gross performance that highlights (Firewall and IPSec) degrades rapidly and drastically as soon as the slightest security scan is launched by software. Global performance IPS Anti-spam - The investment is spread out between the main processor and the dedicated circuits - Execution of a software application - Software analysis performed in several stages URL filter - Database hosted on the Internet standard license + The use of powerful processors benefits from the analyses on the whole + Combination of analyses embedded in the operating system + Heuristic analysis on the fly + URL database compiled in an optimized format and compared locally. s architecture is based on the operating system s direct use of a powerful central processor. Intrusion prevention, carried out in the operating system, ensures optimum performance: 5

No change in context (such as OS <-> analysis software) No data duplication Analysis on the fly, without software proxy Antivirus In the standard version of its products, provides an antivirus module (ClamAV-based) on all models. Kaspersky antivirus is also available. These 2 engines combine heuristic analyses and a full antivirus signature database. s antivirus is limited in terms of number of antivirus signatures due to the size of its architecture. It only integrates several thousand signatures ( wild list principle). In January 2009, 46 014 different viruses were detected, confirming estimates that an average of more than 30 000 viruses appear each month. This average is indicated in the graph below with the following mark: Source: av-test.org 2008, av-comparatives s choice to optimize its architecture in order to guarantee the analysis of a full antivirus database has a positive effect on the detection rate, such as in the test presented below: 6

Source: av-test.org 2008 Another key factor is the responsiveness when an update is necessary: Average response time Kaspersky < 2 hours Between 2 and 4 hours Source: av-test.org 2008 Lastly, the frequency of these updates is also an accurate indication of the evolution of an antivirus database: Source: av-test.org 2008 7

The Austrian laboratory AV-Comparatives conducts tests twice yearly on antivirus solutions in order to analyze their level of detection of malicious codes during on demand comparatives. Ever since the first installation of this test in February 2004, Kaspersky Lab solutions have attained the Advanced+ label, in other words, the best result. URL filtering directly embeds URL filter and Antiphishing rules on the product in order to prevent latency. URLs are downloaded in a binary format to ensure the highest processing speed. centralizes all queries in its datacenter. When the internet is accessed, the appliance will then query the Datacenter, thereby impacting latency. Web queries are in fact transmitted outside the company network. has also partnered with a world expert in the field, Optenet, to provide a high quality URL database. The largest international enterprises, many telecoms operators and millions of users worldwide trust Optenet s expertise and use this technology. Optenet has R & D centers across the whole of Europe, in Latin America, in the United States and in Australia, to guarantee a localized categorization of the different sites. 8

SEISMO: real-time risk management Network protection is one of the foundations of high-level security. In addition to a multi-feature firewall and proactive protection techniques, making the network as secure as possible has become a daily objective. Risk management is a compromise between the risk in itself and the cost incurred in avoiding it. One of the most important factors in this field is the teams level of information. firewalls use network information in real time to determine the risk borne by each user/network equipment. This unique engine, called SEISMO, forms part of the Firewall/UTM operating system, and provides a totally new level of information. This information guides the administrator to the solution in order to delete the risks detected. Automatic reports provide an accurate indication of the evolution of the risk in the company. Detailed display of the vulnerabilities by user/host: each vulnerability is of course documented. The real-time risk management that provides is a decisive advantage for guaranteeing the highest level of security. 9

Network features SNMP v3 Policy-based routing (PBR) PPTP encryption Authentication QoS SNMP v2 (unsecured version of the protocol) Dedicated policy No choice of encryption method for PPTP tunnels Restricted choice of authentication mode There are only 3 levels for (High, Medium, Low) allows the use of SNMP v3 PBR is directly accessible from the filter policy. The PPTP server allows selecting different encryption algorithms. SSL, RADIUS, NTLM, KERBEROS, SPNEGO 8 priority levels 10

Administration Global policy Reporting Simplicity Plug n Secure One policy level Purchase of a dedicated product (FortiAnalyzer) Html table More than 80% of alarms are set to pass, requiring manual configuration. Global and local policy, with possibility of delegating solutions embed a full reporting module offers help for setting up security policies by indicating configuration errors and other alerts in real time. The automatic attachment of configuration profiles ensures a high level of security even in factory settings. Example of a filter policy 11

Range comparison 12

Example: U1100 vs FORTINET FG-800 FG-800 U1100 difference Firewall + IPS throughput (Mbps) 600 2 800 466% VPN AES throughput (Mbps) 200 450 225% Concurrent connections 400 000 800 000 200% New connections / second 10 000 20 000 200% 10/100/1000 interfaces 4 8 200% IPSec tunnels 3 000 4 000 133% FG-800 U1100 Savings Price of the appliance 15 295 10 990 4 305 1-year maintenance 16 845 15 000 (with SEISMO) 1 845 3-year maintenance 28 655 21 137 (with SEISMO) 7 518 More than 7 500 in savings over 3 years, with SEISMO included! 13

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information