6McAfee Endpoint Encryption (SafeBoot Encryption) Security PortfolioEndpoint Data ProtectionEndpoint EncryptionProtect your company’s mission-critical information with Endpoint Encryption. This solution uses powerful encryption and strong access control to prevent unauthorized access to your sensitive data and stop its loss.McAfee Endpoint Encryption (SafeBoot Encryption)Lumension End Point Security
7Security Portfolio (Cont’d.) II. Data loss preventionThe point of these products is to monitor, document, and often prevent sensitive information from leaving an organization without authorization.McAfee Data Loss Prevention (DLP)III. Device ControlDo you know where your data is? Device Control protects data from leaving your company’s control and falling into the wrong hands through removable media, such as USB drives, MP3 players, CDs, and DVDs.McAfee Device ControlLumension End Point SecurityDevice ControlIt gives you the tools you need to monitor and control how users copy data onto these devices—regardless of whether they’re in the office, at home, or on the move.
9Security Portfolio (Cont’d.) FIREWALLSStateful firewallsMaintain context about active sessions, and use that "state information" to speed packet processing. Any existing network connection can be described by several properties, including source and destination IP address, UDP or TCP ports, and the current stage of the connection's lifetime (including session initiation, handshaking, data transfer, or completion connection).FortinetJuniperCiscoStateful firewallsIf a packet does not match an existing connection, it will be evaluated according to the rule set for new connections. If a packet matches an existing connection based on comparison with the firewall's state table, it will be allowed to pass without further processing.
10Security Portfolio (Cont’d.) FIREWALLS Cont’Unified Threat ManagementUnified Threat Management (UTM) devices are dedicated appliances that include integrated firewall, VPN, intrusion detection or intrusion prevention, and anti-virus capabilities.FortinetJuniperApplication-layer firewallswork on the application level of the TCP/IP stack (i.e., all browser traffic, or all telnet or ftp traffic), and may intercept all packets traveling to or from an application. They block other packets (usually dropping them without acknowledgement to the sender). In principle, application firewalls can prevent all unwanted outside traffic from reaching protected machines.Secure Computing (Sidwinder)
11Security Portfolio (Cont’d.) Intrusion prevention systemNetwork Intrusion Prevention SystemsNIPS are security devices that perform deep-packet inspection to identify and block malicious traffic. NIPS look for signatures of known viruses and worms, and block that traffic accordingly, also include a rate-limiting feature that allows a network administrator to set a threshold of traffic that is allowed to pass at any one time. McAfee NIPSJuniperCiscoProventia® Network Intrusion Prevention System (IPS)Tipping PointHost Intrusion prevention systempreserves your desktops and servers with signature and behavioral protection, and a system firewall.McAfee HIPSProventi a Server Sensor
12Security Portfolio (Cont’d.) Total Endpoint ProtectionProtect your endpoints from malicious threats, mitigate risk, and lower costs with our simplified, comprehensive, and powerful end-to-end solution .Kaspersky Total Space SecurityMcAfee Total Protection for Enterprise
13Security Portfolio (Cont’d.) Identity ManagementIdentity management defines a digital identity for each entity (human, hardware, or process), associates attributes with the identity, and enforces the means by which the identity can be verified.Digital Certificate services plus PKI integration plus smart card or token integration .VASCORSACustomized Strong Authentication Solutions
14Security Portfolio (Cont’d.) Proxy And cachingSome of the technologies used to accomplish the process of shrinking the data traveling over these protocols include traffic prioritization, compression, caching, wide-area file services, server load balancing, TCP optimization and SSL acceleration.BluecoatSecure Computing (Webwasher)
15Security Portfolio (Cont’d.) Messaging SecurityMessaging security products includes protection from spam, viruses, phishing attacks, spyware, Trojans, worms, and other malware on both the inbound and outbound routes.Fortinet ( Fortimail )Secure Computing ( Ironmail )
16Security Portfolio (Cont’d.) Compliance SolutionsNetwork Access Control (NAC)NAC can manage users’ access once they’re already on the LAN to certain servers, applications, and data. Ensuring a user is who they say they are is typically performed by captive portals, MAC-based authentication, port-based authentication, or third-party authentication. Set policies dictate the level of access each user is granted, be it go/no-go access, VLAN-based access controls, simple packet filters, or stateful firewalling.Cisco (NAC)Juniper (UAC)Configuration control Solutionprovides complete control of virtual and physical IT configurations, combining configuration assessment with change auditing in a single software solution for enterprise configuration control.Configuration assessment policies assess and validate IT configurations against internal policies, compliance standards and security best practices, reporting on out-of-policy settings and providing detailed remediation guidance.Tripwire Enterprise
17Security Portfolio (Cont’d.) Event ManagementLarge enterprise networks generate an overwhelming amount of logs and security events. Firewalls, intrusion detection systems, web servers, authentication devices, and many other network elements contribute to more and more logs which need to be analyzed and produce actionable information.Juniper – STRMCustomized Syslog Solution
19Security Portfolio (Cont’d.) Complying with security standards for organization program .Security Risk AssessmentISO Preparation ServicesVulnerability assessmentpenetration testingEthical hackingPCI Compliance preparation.
20Security Portfolio (Cont’d.) Complying with security standards for organization program .Security Risk AssessmentISO Preparation ServicesVulnerability assessmentpenetration testingEthical hackingPCI Compliance preparation.
21QualysGuard Security and Compliance Solutions QualysGuard Vulnerability ManagementGlobally Deployable, Scalable Security Risk and Vulnerability ManagementQualysGuard Policy ComplianceDefine, Audit, and Document IT Security ComplianceQualysGuard PCI ComplianceAutomated PCI Compliance Validation for Merchants and Acquiring InstitutionsQualysGuard Web Application ScanningAutomated Web Application Security Assessment and Reporting that Scales with your Business
23Security Portfolio (Cont’d.) WEB application AccelerationCitrix® NetScaler® is a Web application delivery appliance that accelerates performance, provides L4-7 traffic management, offers an integrated application firewall and off loads servers to ensure application availability, increased security and substantially lower costs. In addition to accelerating application performance, CitrixNetScaler offloads computing-intensive tasks like SSL encryptionand TCP connection management from Web servers. Serversare then free to handle more application requests, increasing thescalability of the application infrastructure and generating a highreturn on investment (ROI).CITRIX
24Security Portfolio (Cont’d.) Wan optimizationWAN optimization products seek to accelerate a broad range of applications accessed by distributed enterprise users via eliminating redundant transmissions, staging data in local Cahes, compressing and prioritizing data, and streamlining chatty protocols (e.g., CIFS).WAN Optimization is a superset of WAFS in that it also addresses:SSL-encrypted ASP and Intranet applicationsMultimedia & e-learning applicationsBluecoat Mach5
25Security Portfolio (Cont’d.) Traffic shaping & controlTraffic shaping (also known as "packet shaping") is any action on a set of packets (often called a stream or a flow) which imposes additional delay on those packets such that they conform to some predetermined constraint (a contract or traffic profile). Traffic shaping provides a means to control the volume of traffic being sent into a network in a specified period (bandwidth throttling), or the maximum rate at which the traffic is sent (rate limiting), or more complex criteria such as GCRA.Bluecoat Packetshaper
26Summary Security Service Endpoint Data protection McAfee DLP , SafeBoot and Device controlLumension End Point SecurityEndpoint total protectionKaspersky workspace securityMcAfee total Endpoint securityGateway SecurityFortinet -FortigateJuniperCiscoApplication layer FirewallSecure Computing - SidewinderIPS/IDSISS ProventiaJuniper -IDPTipping PointWeb Security GatewayBluecoat Proxy and cachingWebwasher proxy and caching
27Summary Products Security Service Mail Security Gateway Secure computing- IronmailFortinet - FortimailNetwork Access controlCisco - NACJuniper - UACWeb application AccelerationCITRIXWan optimizationBluecoat Mach 5Traffic shaping , Monitoring and controlBluecoat Packet shaperSecurity servicesISO preparation.Policy ComplianceVulnerability assessmentRisk assessmentPCI compliance.penetration test