Stormshield Network Security vs Fortinet



Similar documents
FIREWALL. Features SECURITY OF INFORMATION TECHNOLOGIES

PROTECTING YOUR MAILBOXES. Features SECURITY OF INFORMATION TECHNOLOGIES

MOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES

WEB PROTECTION. Features SECURITY OF INFORMATION TECHNOLOGIES

INTRUSION PREVENTION (IPS) Features SECURITY OF INFORMATION TECHNOLOGIES

UNIFIED THREAT MANAGEMENT SOLUTIONS AND NEXT-GENERATION FIREWALLS ADMINISTRATION TOOLS NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

PROTECTION FOR SERVERS, WORKSTATIONS AND TERMINALS ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Firewalls Overview and Best Practices. White Paper

THE OPEN UNIVERSITY OF TANZANIA

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

Uncover security risks on your enterprise network

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

UNIFIED THREAT MANAGEMENT SOLUTIONS AND NEXT-GENERATION FIREWALLS NETWORK SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

HOW TO PROTECT YOUR VIRTUAL DESKTOPS AND SERVERS? Security for Virtual and Cloud Environments

The Hillstone and Trend Micro Joint Solution

Cisco Small Business ISA500 Series Integrated Security Appliances

BlackRidge Technology Transport Access Control: Overview

SourceFireNext-Generation IPS

Netzwerkvirtualisierung? Aber mit Sicherheit!

NetDefend Firewall UTM Services

Extreme Networks Security Analytics G2 Vulnerability Manager

SANS Top 20 Critical Controls for Effective Cyber Defense

Next Generation IPS and Reputation Services

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

IBM QRadar Security Intelligence April 2013

IBM Security IBM Corporation IBM Corporation

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

Lab Testing Summary Report

On and off premises technologies Which is best for you?

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

WildFire. Preparing for Modern Network Attacks

Virtual LAN Configuration Guide Version 9

NetDefend Firewall UTM Services

CLOUD GUARD UNIFIED ENTERPRISE

Internet Content Provider Safeguards Customer Networks and Services

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Devising a Server Protection Strategy with Trend Micro

Guidelines for Web applications protection with dedicated Web Application Firewall

Unified network traffic monitoring for physical and VMware environments

Nessus and Antivirus. January 31, 2014 (Revision 4)

Symantec Endpoint Protection Analyzer Report

Protecting a Corporate Network with ViPNet. Best Practices in Configuring the Appropriate Security Level in Your ViPNet Network

Devising a Server Protection Strategy with Trend Micro

White Paper. ZyWALL USG Trade-In Program

The Ultimate WLAN Management and Security Solution for Large and Distributed Deployments

Cisco IPS Tuning Overview

How To Buy Nitro Security

Unit 3 Research Project. Eddie S. Jackson. Kaplan University. IT540: Management of Information Security. Kenneth L. Flick, Ph.D.

SSL VPN Client Installation Guide Version 9

Next Gen Firewall and UTM Buyers Guide

Configuring Virtual Switches for Use with PVS. February 7, 2014 (Revision 1)

Five Tips to Ensure Data Loss Prevention Success

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

High performance security for low-latency networks

Network Incident Report

Network Instruments white paper

Next Generation Firewalls and Sandboxing

Enabling Security Operations with RSA envision. August, 2009

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

Braindumps QA

INTRODUCTION TO FIREWALL SECURITY

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Astaro Gateway Software Applications

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Database Security, Virtualization and Cloud Computing

Kaspersky Security. for Virtualization 1.1 and Trend Micro Deep. Security 8.0 virtual environment detection rate and performance testing by AV-Test

End-user Security Analytics Strengthens Protection with ArcSight

Innovative Defense Strategies for Securing SCADA & Control Systems

The SIEM Evaluator s Guide

Symantec Endpoint Protection

Meeting the Challenges of Virtualization Security

Technical Note. ForeScout CounterACT: Virtual Firewall

Endpoint Threat Detection without the Pain

Current IBAT Endorsed Services

Firewall and UTM Solutions Guide

SonicWALL Security Appliance

Unified Threat Management, Managed Security, and the Cloud Services Model

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Product Factsheet MANAGED SECURITY SERVICES - FIREWALLS - FACT SHEET

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

How Lastline Has Better Breach Detection Capabilities. By David Strom December 2014

FEATURE OVERVIEW. FGX Series firewall. Last updated February 2012

Lucent VPN Firewall Security in x Wireless Networks

Introducing IBM s Advanced Threat Protection Platform

Response to Questions CML Managed Information Security

Cyan Networks Secure Web vs. Websense Security Gateway Battle card

Cybersecurity Health Check At A Glance

Deep Security. Προστατεύοντας Server Farm. Σωτήρης Δ. Σαράντος. Available Aug 30, Σύμβουλος Δικτυακών Λύσεων. Copyright 2011 Trend Micro Inc.

Why Choose Integrated VPN/Firewall Solutions over Stand-alone VPNs

Endpoint web control overview guide. Sophos Web Appliance Sophos Enterprise Console Sophos Endpoint Security and Control

Transcription:

Stormshield Network Security vs Fortinet NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Advantages of Stormshield Network Security solutions Published performance corresponding to use in actual conditions with an optimal level of security Storage adapted to long-term log management through the whole range Recognized antivirus solution Vulnerable management based on an unintrusive risk-free passive scanner without additional administration expenses Usable network port density that can be adapted to requirements Advanced network features to adapt to all infrastructures Differentiating factors Performance Log management Antivirus Connectivity Vulnerability management Stormshield Network Security Protection mechanisms provide an optimal level of security while preserving performance. Published performance is the result of actual measurements Long-term log management on the whole range* (thanks to SD card storage for entry-level appliances) * except SN150 Kaspersky Antivirus whose superior effectiveness has been recognized, especially against unknown malware Splitting of network interface between multiple zones, hybrid mode. Up to 12 operator links supported. On appliances higher up in the range, unequaled connectivity: up to 58 interfaces on a 2U appliance Passive vulnerability scanner: constant detection in traffic going through the appliance, with zero impact on teams and resources analyzed Fortinet Published performance becomes a far cry from actual performance once protection mechanisms are enabled No long-term log management on entry-level appliances Proprietary antivirus, moderate effectiveness and strong impact on performance Unable to manage more than two operator links (WAN) Agent requiring deployment on all workstations or active vulnerability scanner that needs to be operated by the administrator and opens intrusive connections

Impact of the IPS on performance In general, the performance of the Fortinet range appears to be much more affected than the Stormshield Network Security range once the IPS is enabled. This is an important parameter to take into account in the comparative study of two appliances which may seem equivalent in terms of their firewall performance. Managing counterarguments FORTINET APPLIANCES OFFER BETTER FUNCTIONAL COVERAGE Fortinet is indeed known for offering many features. However, in reality, it becomes obvious that several of these features do not always offer the expected level of quality and performance. For example, actual performance observed is not up to par with published performance values and the antivirus is not on the same level as vendors that are references in this field. Stormshield Network Security appliances offer a level of quality and performance on all features that would allow administrators to use them in a production environment with total peace of mind. Ratio of IPS performance vs. Firewall performance FORTINET HAS A MUCH RICHER APPLICATIONS DATABASE THAN STORMSHIELD NETWORK SECURITY DOES In terms of quantity, indeed Fortinet has an extremely well furnished applications database. However, Stormshield Network Security favors a qualitative approach. Instead of drowning the administrator in thousands of applications of little benefit, the database offers applications that are truly relevant for monitoring how corporate users use network resources, e.g. bandwidth-hungry streaming and TV channel replay sites that seriously threaten productivity or file download sites that may pose a threat to network security. Administrators may indicate to Stormshield Network Security through a dedicated portal the applications they need and which have not yet been included in the database.

Additional detailed information PUBLISHED PERFORMANCE VALUES FOR ACTUAL TRAFFIC WITH AN OPTIMAL LEVEL OF SECURITY According to Gartner, users often report that documentation published by Fortinet publish performance values higher than those actually observed, especially once the various security processes such as antivirus or URL filtering are enabled. Stormshield publishes performance values resulting from tests conducted with reputed professional devices (Spirent) when the various security mechanisms are enabled. Stormshield Network Security s proprietary IPS is subtly integrated into the core of the operating system. This enables it to perform all security processes even complex ones by reducing the latency caused by such processes on network packets. Likewise, Extended Web Control URL filtering guarantees high-quality website filtering in real time while keeping throughput high (even on entry-level appliances). LONG-TERM LOGS AND REPORTS ON THE WHOLE RANGE Entry-level Fortinet appliances do not have any storage peripherals, and are therefore unable to archive logs over an extended period: auditing a past event, reading reports over a long period or archiving all logs to meet legal requirements is impossible on these appliances. The only solution lies therefore in the addition of external components (server, storage peripheral), which increases the overall acquisition and operating cost of the solution. Stormshield Network Security appliances offer, from the SN200 product upwards, the possibility of meeting storage and log reading requirements over time. Even on the smallest models (except SN150) without high-capacity hard disks, the addition of a simple SD card allows extending storage capacity. The entire range therefore allows meeting all auditing needs without any additional server or appliance. Legal requirements governing the retention of logs over time will also be met. AN ANTIVIRUS SOLUTION RECOGNIZED FOR ITS EFFECTIVENESS Stormshield Network Security appliances build in Kaspersky s antivirus technology, which is a recognized name on the market and outperforms Fortinet s proprietary antivirus, as shown in independent tests http://av-comparatives.org. Thanks to its code emulation technology, Kaspersky protects against viruses, malware and known and unknown attacks on programs. UNINTRUSIVE VULNERABILITY MANAGEMENT WITH NO ADDITIONAL ADMINISTRATION COST Security involves the availability of as many protection measures as possible, as well as proper visibility over the status of protected resources. Fortinet appliances offer a vulnerability scanner based either on an agent to be deployed on all machines to be monitored, or on scans performed by the Fortinet appliance to these resources. These techniques are highly intrusive as it is assumed that they modify or actively draw on the network s resources. It is therefore likely that these actions adversely affect performance or even cause malfunctions on monitored resources! The deployment of agents or the activation (manual or programmed) of scans therefore involves both a greater administration load for operations teams as well as a significant risk to the proper operation of the fleet. Stormshield Network Vulnerability Management technology automatically gathers information from network traffic that passes through the analysis and filtering engine. This information allows it to determine the risks each user and each host represents. Reports then allow the administrator to estimate the greatest risks and then guide him through remediation solutions by indicating the necessary security

updates. These reports also allow the administrator to quickly modify the security policy applied to these resources in order to contain risks while awaiting their updates. This unique and innovative technology does not rely on any agent or any active scan of network resources. It allows gaining greater control over the network and increasing its security in an unintrusive risk-free manner. FOCUS ON ADVANCED NETWORK FEATURES TO FIT INTO ALL TOPOLOGIES On Stormshield Network Security appliances, every interface can be associated with a different network zone, or grouped with other interfaces (bridge) to attach several hosts belonging to the same network zone. The appliance can therefore easily keep up with changes to the protected network. Models higher up in the range offer greater scalability thanks to extension modules that increase connectivity on appliances. An unrivalled port density of up to 58 individual interfaces can therefore be attained on a 2U appliance. Our appliances also allow protecting networks with more specific requirements, such as managing up to 12 operator links for a single appliance. Phone +33 9 69 32 96 29 The cost of a call may vary according to the country you are calling from and your telecoms operator. WWW.STORMSHIELD.EU Netasq Parc Scientifique Haute Borne - Parc Horizon, Bat 6, Avenue de l Horizon 59650 Villeneuve d Ascq - FRANCE Arkoon & Netasq Copyright 2014

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information