McAfee Next Generation Firewall
June 2014
.
McAfee – Big Picture of Security
.
2
Next Generation Firewalls – New Era
Connected NGFW
Completeness of security
•
•
•
Connected to end point security
Connected to real-time global threat database
Connected to advanced breach detection
Advanced NGFWs
•
•
•
Central management for large networks
High availability
Advanced evasion protection
First NGFWs
•
•
Inspection
Application and user awareness
Traditional FWs
1988
2008
2012
2013
2014
time
.
3
Marrying the Network, Security and
Admin Requirements
CIO
• Best overall solution to ensure business
continuity and protect key assets
• Cost effectiveness – good value for money
Networking People
Security Specialists
• Service availability
• Proven protection
from malware
• Constant security
updates
and support
• Reports and forensics
• High granularity
• Performance
• Managed QoS
• Avoidance of any
downtime
McAfee NGFW
Satisfies all
These Needs
Administrators
• Holistic network view
• Easy-to-use tools and
workflow automation
.
4
Meeting Various Customer Needs
Datacenters &
cloud services
Mission critical
networks
Classified data &
IPR
Multi-location &
multi-tenant
businesses
Business
continuity &
applications
Financial
transactions &
assets
Superior solution for distributed enterprises looking for
comprehensive security, scalability and ease of operations
.
5
What Makes McAfee NGFW Different?
Unified
Software
Core
Strong
Centralized
Management
Security
Connected
High
Availability
Advanced
Evasion
Prevention
.
7
Unified Software Core
Flexible Delivery
NEXT GENERATION FIREWALL
LAYER 2
FIREWALL
FIREWALL
McAfee
MILITAR
Y
IPS
VPN
GLOBA
L
ENTERPRIS
E
COMMERCIA
L
SMB
SOFT
VIRTUAL
PHYSICAL
Adjustable security level to meet deployment need
High performance maintained even with deep inspection
.
8
Unified Software Core
NGFW Management in Various Configurations
FW/VPN
IPS
L2FW
IPS
FW/VPN
L2FW
FW/VPN
Adapts to the dynamic business needs –
no license renegotiations or forklift upgrade of hardware
.
9
Unified Software Core
Total cost
TCO Effect
Typical Cost
McAfee
More performance
needed
Change in threat
Landscape
Security as a business
enabler
‘All inclusive’ licensing enables easy budgeting and maintains the long
term Total Cost of Ownership flat
.
10
Centralized Management
Resource Optimization
Initial
Configuration
Hierarchical Templates And Aliases
Policy Validation and Analysis
POLICY TEMPLATE
MAIN POLICY
SUB POLICY 1
Security Automation with SchedulingSUB POLICY 2
SUB POLICY 3
Security Automation with Plug and Play
Security
automation
with
plug
andupgrades
play
Security
automation
with scheduling
e.g.
Hierarchical
templates
and
aliases
Policy
validation
and
analysis
.
High Availability
Native Active-Active Clustering
99
Node 1
.
UPTIME
Node 2
Node 3
Internet
Node 4
Node 5
Node 6
…16
Mix of hardware
and software
versions
“I can update a FW cluster without dropping a single packet” – McAfee NGFW customer
.
12
High Availability
Multi-Link and Augmented VPNs
Distant Site
2Mbps
MPLS
HQ
+
Distant Site
ISP A
2Mbps
ADSL
+
2Mbps
ISP B
=
up to
6
Mbps
Cost-effective and secure site-to-site connectivity with adjustable
resilience and capacity
.
13
McAfee Security Connected
ePO
End-Point Management
McAfee GTI
Reputation in
the Cloud
McAfee
Antivirus/GAM
SMC
Enterprise
Authentication
Advanced
Threat Defense
ESM
SIEM
McAfee NGFW
Holistic security solution merging network and end-point threats and
management together
.
14
Advanced Evasion Prevention
Evasions – what, why and when?
Means to disguise an attack
Objective to bypass network
security devices with no tracks
Extremely hard to track
Unlimited amount of variations
and combinations
Most network devices are
ineffective
Internet
Ack ta t
Security
Device
Attack
Ack ta t
Vulnerable
Target
McAfee NGFW is tested against >800 million evasions or combinations
.
15
Advanced Evasion Prevention
Fundamental Difference
Traditional Inspection Architecture
attack
?
ta
ck
McAfee NGFW Stream Based
Full Stack Normalization
Protocol
agents
t
a
ck
at
!
ta
Effectiveness based on all traffic normalization before inspection
.
16
Advanced Evasion Prevention
How Easy is an Evasion
1
With Evader getting access to the
Select the Exploit
“protected”
network is as simple as:
2
Identify Attack Target
3
Select the Evasion
Technique
Cisco
Palo Alto Networks
Check Point
Fortinet
Juniper
SourceFire
Tipping Point
.
17
Flexible McAfee NGFW Appliance Portfolio
Same appliance for multiple
use-cases
5200 Series
McAfee SMC
3200 Series
Modular hardware
Fit from branch office to data
center deployments
1400 Series
Rugged designs for demanding
environment
1000 Series
300 Series
2G
20G
60G
120G
One harmonized appliance family protecting investments with hardware
modularity and simple licensing
.
18
Third Party Recognition
‘Long legacy with HIGH AVAILABILITY’ and ‘early
focus on ANTI-EVASION’
2013 NSS Labs test results: RECOMMENDED
VALIDATED for real world quality, protection,
and performance
.
19
McAfee Next Generation
Firewall Provides
• Adaptability to dynamic enterprise security
environment
• Operational efficiency and high up-time ensuring
business continuity
• Holistic ’Connected NGFW’ approach to network
security
• Efficient protection against Advanced Evasions
.
20
.
21