McAfee Next Generation Firewall June 2014 . McAfee – Big Picture of Security . 2 Next Generation Firewalls – New Era Connected NGFW Completeness of security • • • Connected to end point security Connected to real-time global threat database Connected to advanced breach detection Advanced NGFWs • • • Central management for large networks High availability Advanced evasion protection First NGFWs • • Inspection Application and user awareness Traditional FWs 1988 2008 2012 2013 2014 time . 3 Marrying the Network, Security and Admin Requirements CIO • Best overall solution to ensure business continuity and protect key assets • Cost effectiveness – good value for money Networking People Security Specialists • Service availability • Proven protection from malware • Constant security updates and support • Reports and forensics • High granularity • Performance • Managed QoS • Avoidance of any downtime McAfee NGFW Satisfies all These Needs Administrators • Holistic network view • Easy-to-use tools and workflow automation . 4 Meeting Various Customer Needs Datacenters & cloud services Mission critical networks Classified data & IPR Multi-location & multi-tenant businesses Business continuity & applications Financial transactions & assets Superior solution for distributed enterprises looking for comprehensive security, scalability and ease of operations . 5 What Makes McAfee NGFW Different? Unified Software Core Strong Centralized Management Security Connected High Availability Advanced Evasion Prevention . 7 Unified Software Core Flexible Delivery NEXT GENERATION FIREWALL LAYER 2 FIREWALL FIREWALL McAfee MILITAR Y IPS VPN GLOBA L ENTERPRIS E COMMERCIA L SMB SOFT VIRTUAL PHYSICAL Adjustable security level to meet deployment need High performance maintained even with deep inspection . 8 Unified Software Core NGFW Management in Various Configurations FW/VPN IPS L2FW IPS FW/VPN L2FW FW/VPN Adapts to the dynamic business needs – no license renegotiations or forklift upgrade of hardware . 9 Unified Software Core Total cost TCO Effect Typical Cost McAfee More performance needed Change in threat Landscape Security as a business enabler ‘All inclusive’ licensing enables easy budgeting and maintains the long term Total Cost of Ownership flat . 10 Centralized Management Resource Optimization Initial Configuration Hierarchical Templates And Aliases Policy Validation and Analysis POLICY TEMPLATE MAIN POLICY SUB POLICY 1 Security Automation with SchedulingSUB POLICY 2 SUB POLICY 3 Security Automation with Plug and Play Security automation with plug andupgrades play Security automation with scheduling e.g. Hierarchical templates and aliases Policy validation and analysis . High Availability Native Active-Active Clustering 99 Node 1 . UPTIME Node 2 Node 3 Internet Node 4 Node 5 Node 6 …16 Mix of hardware and software versions “I can update a FW cluster without dropping a single packet” – McAfee NGFW customer . 12 High Availability Multi-Link and Augmented VPNs Distant Site 2Mbps MPLS HQ + Distant Site ISP A 2Mbps ADSL + 2Mbps ISP B = up to 6 Mbps Cost-effective and secure site-to-site connectivity with adjustable resilience and capacity . 13 McAfee Security Connected ePO End-Point Management McAfee GTI Reputation in the Cloud McAfee Antivirus/GAM SMC Enterprise Authentication Advanced Threat Defense ESM SIEM McAfee NGFW Holistic security solution merging network and end-point threats and management together . 14 Advanced Evasion Prevention Evasions – what, why and when? Means to disguise an attack Objective to bypass network security devices with no tracks Extremely hard to track Unlimited amount of variations and combinations Most network devices are ineffective Internet Ack ta t Security Device Attack Ack ta t Vulnerable Target McAfee NGFW is tested against >800 million evasions or combinations . 15 Advanced Evasion Prevention Fundamental Difference Traditional Inspection Architecture attack ? ta ck McAfee NGFW Stream Based Full Stack Normalization Protocol agents t a ck at ! ta Effectiveness based on all traffic normalization before inspection . 16 Advanced Evasion Prevention How Easy is an Evasion 1 With Evader getting access to the Select the Exploit “protected” network is as simple as: 2 Identify Attack Target 3 Select the Evasion Technique Cisco Palo Alto Networks Check Point Fortinet Juniper SourceFire Tipping Point . 17 Flexible McAfee NGFW Appliance Portfolio Same appliance for multiple use-cases 5200 Series McAfee SMC 3200 Series Modular hardware Fit from branch office to data center deployments 1400 Series Rugged designs for demanding environment 1000 Series 300 Series 2G 20G 60G 120G One harmonized appliance family protecting investments with hardware modularity and simple licensing . 18 Third Party Recognition ‘Long legacy with HIGH AVAILABILITY’ and ‘early focus on ANTI-EVASION’ 2013 NSS Labs test results: RECOMMENDED VALIDATED for real world quality, protection, and performance . 19 McAfee Next Generation Firewall Provides • Adaptability to dynamic enterprise security environment • Operational efficiency and high up-time ensuring business continuity • Holistic ’Connected NGFW’ approach to network security • Efficient protection against Advanced Evasions . 20 . 21