InfoExpress CyberGatekeeper Customer Presentation

1. InfoExpress CyberGatekeeper Customer Presentation Where the network meets seamless host integrity Name of Presenter, BG Date (Format as Month, 2007)

2. Agenda • CyberGatekeeper (CG) overview • Roadmap

3. InfoExpress Background History • US company, headquartered in Silicon Valley • Have been delivering network security solutions for Global 2000 customers for over 12 years. • Profitable for a decade. • An innovator in the NAC space Firsts in the NAC market… • 2000 – 1st to embed NAC into VPN • 2001 – 1st In-line NAC appliance for remote access VPN and WAN use • 2004 – 1st VLAN switching based NAC solution, using SNMP or 802.1x • 2004 – 1st to demonstrate TCG and CNAC third-party compatibility • 2006 – Dynamic NAC

4. Other Firsts • CyberArmor: Centrally managed endpoint firewall (largest 125k+ seats) • VTCP secure: Proxy VPN solution (largest 100k+ seats)

5. Introduction What… • Alcatel-Lucent is reselling InfoExpress’ 5th generation of NAC products, CyberGatekeeper for host integrity checking (HIC) Why… • Customers • Reason to call and upsell

6. Alcatel-Lucent Layered Access Control Strategy InfoExpress Product Mapping • Authentication • Host integrity • Identity / role based resource access • IPS/IDS • Quarantine • Remediate • Compliance / reporting

7. CyberGatekeeper Hardware Architecture

8. Key Requirements for Host Integrity Control (HIC) Solution • Sets up a policy and verifies endpoint compliance • Restricts rogues and non-compliant systems • Remediates non-compliant systems • Reports endpoint and enterprise compliance • Implements an on-going process

9. Customer Scenarios Where CyberGatekeeper Does Well • Software can be deployed • 802.1x deployments • Many locations • Heterogeneous network • Need for centrally managed solution for VPN, wireless, LAN, remote offices • Guest HIC without changing the network

10. HIC Business Drivers • Keep rogue or unknown PCs off the network • Stop worms / Trojans from propagating throughout the network • Increase compliance scorecard – internal / external audit • Increase endpoint visibility / control 30% of organizations surveyed have NAC projects in 2007. ~Aberdeen Group, 12/2006

11. Benefits of HIC • Keeps rogue devices off your network • Ensures 100% of endpoints on your network are compliant or quarantined until they are remediated. • Prevents vulnerabilities – security solutions are assured to be running and up-to-date. OS and patches assured to be current. • Lowers help desk costs – Automatic remediation of non-compliant PCs • HIC for guest access

12. A New Approach for Host Integrity - Dynamic NAC DNAC strengths • No network upgrades or changes • Software solution runs on Windows server (Linux appliance optional) • Authentication agnostic • Friendly fail-open design • Provides real-time network visibility

13. How does Dynamic NAC work? Enforcers watch for unauthorized endpoints, blocking their traffic, and helping remediate them. Enforcers are normal PC’s that have been selected to be an Enforcer Other complaint endpoints can become enforcers to replace enforcers who leave the network. Guests are endpoints that are audited only or on guest lists, but are not running DNAC (consultants, printers, etc). Guests cannot become enforcers. Unauthorized endpoints are quarantined by the enforcers until they are healthy and reported to the management server while remaining quarantined.

14. Endpoint audit with a CyberGatekeeper Server CyberGatekeeper Server Creates a community of enforcers, compliant PCs, and compliant guests Network Enforcers

15. Enforcers watch for new endpoints using ARP redirection to protect the network and community CG Server Network ? New endpoint attempts to access network Enforcers

16. DNAC Model Enforcers are selected from the endpoint community • Create a trusted community of endpoints with a compliance check • Designate some endpoints as enforcers • Enforcers identify and quarantine unauthorized endpoints Provides real-time network visibility • Checks compliant, non-compliant and unauthorized endpoints

17. Enforcers Allow Access to the CG Policy Server and Remediation Server CG Server Remediation Server Detect and correct plus compliance Network Unhealthy endpoint Enforcers

18. After Remediation and an Audit, an Endpoint Obtains a Clean Bill of Health from the Policy Server CG Server Remediation Server Network Healthy endpoint Enforcers

19. Endpoint Joins the Group after the Audit Results are Communicated to the Other DNAC Endpoints CG Server Remediation Server Network Compliant endpoint Enforcers

20. CyberGatekeeper Server Dynamic NAC Organizes Each Network into Groups Consisting of Enforcers, Compliant PCs and Guests

21. Summary - CyberGatekeeper Strengths • MATURE SOLUTION - First to market endpoint enforcement, 5th generation DNAC enforcement. • CG designed SPECIFICALLY for endpoint enforcement so it’s responsive and flexible • Multiple enforcement options to address today’s and tomorrow’s NAC requirements. • Microsoft NAP, Trusted Computing Group, etc. • No network changes required with DNAC. • Deployable Today (in under 1 hour)

22. CyberGatekeeper Solution Customer ROI – Ulster Savings Bank

23. NAC Deployment Cost Comparison

24. DNAC TCO

25. CyberGatekeeper DNAC Case Study – ST Electronics Keeping rogue and unknown devices off the network Background: ST Electronics designs and develops advanced electronics systems for SATCOM and transportation systems. Their 5 divisions with 1650 employees are highly autonomous. Challenge: The IT staff needed a solution to ensure divisions were only using IT-issued PC’s and wanted to keep unknown and unmanaged devices off the network. Originally looked at upgrading their network to support 802.1x authentication, but they realized it would be a long and costly project. Solution: Looked at agent-less approaches, but preferred the responsiveness and automatic remediation benefits of CyberGatekeeper. Results: 100% compliance for antivirus software and Microsoft OS updates, investment protection because CyberGatekeeper supports 802.1x. and Guest compliance with Web Agent

26. Build Interest Ask more questions to clarify pain points or needs • Are you worried about guest or rogue PCs? CG can control/prevent these users. • Have you looked at other NAC solutions? CG can be up and running in <1 hour and removes the requirement to upgrade your network infrastructure. • Not satisfied with your patch management solution? CG ensures that 100% of the endpoints are patched prior to getting network access. • Moving towards an 802.1x infrastructure? CG provides compliance check, endpoint visibility, and remediation to this ecosystem.

27. DifferentiateDistinguishing CyberGatekeeper • First to market endpoint enforcement, 5th generation solution released 11/2006. • CyberGatekeeper has been deployed at many corporations since 2001. • Compatible with any network and remote access infrastructure and does not require network upgrades and changes. • CyberGatekeeper has been designed specifically for NAC, it powerful, flexible, and easy to deploy and manage.

28. Roadmap • Enable enforcement with ActiveX agent on Alcatel-Lucent Switches through captive portal • Enable enforcement with ActiveX agent on Aruba Switches through captive portal • Both can be accomplished today via inline approach and CyberGatekeeper as enforcement mechanism • Dynamic NAC can accomplish this and provide enforcement through enforcer agents

29. Contacts • Sarveshwar Rao • Product Manager – Security Solutions • Alcatel-Lucent • 26801 West Agoura Road,Calabasas,CA – 91301 • Sarveshwar.rao@alcatel-lucent.com , 818-584-4551 • Kevin Tierney • Director of Business Development • Responsible for Alcatel-Lucent relationship • Current primary POC • ktierney@infoexpress.com, 215-431-4482