Security Made in Germany gateprotect

gateprotect GmbH - Valentinskamp 24 - 20354 Hamburg - Germany

4/3/2015

Reliableand Innovative

Network Security “Made in Germany”

Andrea Scattina, Sales Director Italia


Agenda

The Company gateprotect GmbH

Challenges to IT Security Today

Our Response: Innovative Network Security “Made in Germany”


gateprotect Company Profile

▪ Founded in 2002, 100 employees ,24 developers▪ Now 2015 , 210 empoyees , 78 developers

▪ Headquarters: Hamburg and Liepzig

▪ Global Player with German roots

▪ Leading European manufacturer

▪ > 30,000 installations

▪ EAL 4+ certification of the BSI

▪ Member of the federal association TeleTrusT e.V.

▪ Member in the “Alliance for Cyber-Security”

Last update: 02/2014


gateprotect has been part of theRohde & Schwarz group since June 2014.

By acquiring gateprotect GmbH, Rohde & Schwarz is investing into the IT technology market and secures additional expertise in the segment of network security.

The electronics group Rohde & Schwarz is a leading provider of solutions in the areas of measuring technology, broadcasting, radiomonitoring and radiolocation as well secure communication. Founded 80 years ago, the standalone company with its services and a tight service network is meanwhile present in over 70 countries of the world and employs approximately 9,300 employees.

gateprotect – A Rohde & Schwarz Company


gateprotect International 2015


Challenges to IT Security Today


The Patriot Act

“In all cases where personal data is stored on servers of U.S. subsidiaries, this is a breach of European law”

“The provisions of the Patriot Act allow U.S. authorities such as the FBI, the NSA or the CIA not only to access the servers of U.S. companies without a judicial order. Foreign subsidiaries are as well obliged under the U.S. law to grant access to their servers; even if this is not permitted under local law.”


Current Threats

“One single cyber-incident may cost a small company tens of thousands of Euros; a large case of data-theft may cost millions”, says EU Commissioner Neelie Kroes. “Nevertheless, most of such incidents could be avoided if users observed simple and low-cost precautions.”

“Under certain circumstances, reporting incidents to the public might even have adverse effects for the concerned companies”, says Michael Barth, expert for cyber-security.


Targeted Attacks

▪ Blackmailing with stolen data

▪ Competitors accessing confidential data and information

▪ Stealing and misuse of passwords

Viruses via Internet and E-Mail

▪ Breakdown of the IT system

▪ Destruction of data/documents

▪ Installation of sniffer programs

▪ Identity and data theft

▪ Capture and use as a botnet computer

Companies’ Own Employees, Aware or Not

▪ Stealing of customer data

▪ Stealing of confidential documents

▪ Access to insecure websites, e.g. links via Facebook

▪ Distribution of viruses (USB stick, downloads)

The greatest risk is a company‘s own staff!

Current Threats


The Top 6 Cyber-Threats

DDoS attacks with botnets

Targeted hacking of web servers to place malware

Drive-by exploits, e.g. in advertizing banners

Targeted infiltration with malware by means of social engineering or via e-mail

Random distribution of malware via Spam

Multi-level attacks where, for example, security service providers or central certification units are compromised first


The Human Factor - Danger

98%Operator

Errors

2%Technical

Errors

The greatest risk is the complexity of the products and their operation …

“Altogether, both IT managers and executives consider human misconduct as the greatest danger for the company.”

Federal Officefor Information Security


Our Response to Digital Problems


Security Systems Are Good Only If They …

▪ are easy to operate – avoidance of errors

▪ may react to new threats dynamically and quickly

▪ complex but still comprehensible

▪ are customer-focused and not restricted by an “Act”

▪ have no back doors

▪ are being developed in Germany

▪ have been certified by the BSI.


Certification and Self-Commitment

gateprotect's Firewall Packet Filtering Core has been certified by the Federal Office for Information Security (BSI) in accordance with “Common Criteria Evaluation Assurance Level 4 Augmented (EAL 4+)”.

gateprotect has been a founding member of the initiative “IT Security made in Germany” that is supported by the Federal Ministry of Economics and Technology. We have committed ourselves to manufacture only products that have no hidden access mechanisms and back doors.


Certification and Self-Commitment


04 Marzo 2015

Product Overview”

Claudio Adami, Sale Engineering


- Differences between UTM Next Generation Firewall and Next Generation Firewall

- Product overview

- Implementation Examples / Multi-Layer Security Concept / P-A-P Concept

- Benefits Multi-Layer Security Concept

Agenda


Differences – UTM Next Generation Firewall

In a UTM firewall, there are several perimeter security functions unified under a central management. Contrary to this, a next generation firewall supplements these functions by User Tracking and the App Filter.


Intrusion Prevention(IDS & IPS)

Web Filter Anti Virus Traffic Shaping

Firewall Application Filter (for Facebook Apps,

Skype etc.)

Spam Filter(Zero-hour Spam Protection)

VPN IPSec & SSL

Reliable Features

The increasing number of threats and the growing influence of the Internet on our everyday lives (social media, Web2.0) are making more and more complex security mechanisms necessary.

Differences – UTM Next Generation Firewall


NETWORK PROTECTOR offers, Single-pass technology with the most advanced deep packet inspection method, which detects hundreds of applications and can decode a great variety of different protocols. The connection can be examined closely for all important applications. Traffic is screened rigorously for malware and undesirable content.

Differences – Next Generation Firewall


APPLICATION FILTER

PROTOCOL VALIDATION

TRAFFIC MANAGEMENT

FORENSIC TRAFFIC CAPTURE

ANTI-MALWAREINTRUSION

PREVENTION SYSTEM (IPS)

WEB FILTER PACKET FILTER

All Functionalities in One Single-Pass Engine

NETWORK PROTECTOR offers, besides classic port filtering on layers 2 and 3, filtering at the application level (layer 7) and furthermore includes anti-malware and IPS functions as well as a web filter in only ONE engine.

Differences – Next Generation Firewall


Differences Next Generation-Firewall

Application Filter Web-Filter Anti-Virus Traffic shaping

DPI-Decoder IDS/IPS Anti-Malware Packet Filter

Next-Generation-Firewall


- Next-generation firewall with deep packet inspection, intrusion prevention and malware protection

- Context-based protocol analysis for uncovering threats posed by botnets, Web 2.0 applications and zero-day attacks

- Complete TCP re-assembly even detects hidden attacks on encrypted connections

- Powerful VPN concentrator for secure connection of external sites and mobile users

- Seamless integration in Active Directory and LDAP makes it possible to create user-specific rules

Key Facts – Next Generation Firewall


gateprotect Product Overview

Small Companies and Mid-Tier

Most Up-to-Date Unified Threat Management SolutionThe all-in-one solution for customers that wish to focus entirely on their core business, but want to be sure that their network, data and know-how are protected.

▪ Firewall

▪ Anti-virus

▪ Anti-spam

▪ Web content und application filter

▪ VPN

Mid-Tier and Enterprise Segment

Next Generation Firewall (Network Protector)The Enterprise solutions for complex networks with highest requirements as to throughput, flexibility and failure-safety fulfill highest security needs.

▪ High-performing firewall

▪ Intrusion Detection and Intrusion Prevention

▪ Application filter

▪ High availability


Medium Enterprises

gateprotect Appliances Next Generation Firewalls

Product Overview

Users

Per

form

an

ce /

Thr

ou

ghp

ut

(Mb

ps)

10 25 50 100 250 500 1.0005.000 10.000

500

1 000

2.000

5.000

10.000

20.000

gateprotect NP-S50

gateprotect NP-M400Medium & Large Enterprises

gateprotect NP-S100

gateprotect NP-M200

gateprotect NP-L800Large Enterprises

gateprotect NP-L500


Users

Per

form

an

ce /

Thr

ou

ghp

ut

(Mb

ps)

10 25 50 100 250 500 1.0005.000 10.000

500

1 000

2.000

5.000

10.000

20.000

Small & Medium Enterprises

GPA 300GPA 500

Midsize Enterprises

GPX 650

Large Enterprises

GPZ 2500

GPZ 5000GPZ 1000

GPX 850

GPO 150GPO 100

Small & Remote Offices

GPO 110

gateprotect Product Overview

UTM Firewalls

Next Generation Firewalls

Medium & Large Enterprises

gateprotect NP-S

gateprotect NP-M

gateprotect NP-L


gateprotect – how to implement

Ordinary SMB company network with reliable security and high-performance basic protection

Between the company‘s internal network and the external network, there is a high-quality UTM firewall located that unifies perimeter security functions and directly connects to the DMZ (Demilitarized Zone).

Not trustworthy network (INTERNET)

DMZ

(Core) Switchgateprotect Appliance


Multi-Layer Security Concept for Flexible Security Requirements


Router (Packet filter)

DMZ NETWORK PROTECTOR

gateprotect – Multi-Layer Security Concept


Multi-Layer Security Concept for Flexible Security Requirements


Router (Packet filter)

DMZ NETWORK PROTECTOR



P-A-P ConceptThe Federal Office for Information Security (BSI) recommends:



- Raise Performance

• Offloading the perimeter Firewall

- Raise Security Level

• Securing LAN-Segments

• Zero Day protection through full Protocol validation and application whitelisting

- Flexibility

• Different rules for every LAN-Segments

Benefit – Multi-Layer Security Concept

Date post:	25-Jul-2015
Category:	Technology
Upload:	giovanni-zanasca
View:	58 times
Download:	0 times