1 / 29

InfoExpress CyberGatekeeper Customer Presentation

InfoExpress CyberGatekeeper Customer Presentation. Where the network meets seamless host integrity. Name of Presenter, BG Date (Format as Month, 2007). Agenda. CyberGatekeeper (CG) overview Roadmap. InfoExpress Background. History US company, headquartered in Silicon Valley

biana
Download Presentation

InfoExpress CyberGatekeeper Customer Presentation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. InfoExpress CyberGatekeeper Customer Presentation Where the network meets seamless host integrity Name of Presenter, BG Date (Format as Month, 2007)

  2. Agenda • CyberGatekeeper (CG) overview • Roadmap

  3. InfoExpress Background History • US company, headquartered in Silicon Valley • Have been delivering network security solutions for Global 2000 customers for over 12 years. • Profitable for a decade. • An innovator in the NAC space Firsts in the NAC market… • 2000 – 1st to embed NAC into VPN • 2001 – 1st In-line NAC appliance for remote access VPN and WAN use • 2004 – 1st VLAN switching based NAC solution, using SNMP or 802.1x • 2004 – 1st to demonstrate TCG and CNAC third-party compatibility • 2006 – Dynamic NAC

  4. Other Firsts • CyberArmor: Centrally managed endpoint firewall (largest 125k+ seats) • VTCP secure: Proxy VPN solution (largest 100k+ seats)

  5. Introduction What… • Alcatel-Lucent is reselling InfoExpress’ 5th generation of NAC products, CyberGatekeeper for host integrity checking (HIC) Why… • Customers • Reason to call and upsell

  6. Alcatel-Lucent Layered Access Control Strategy InfoExpress Product Mapping • Authentication • Host integrity • Identity / role based resource access • IPS/IDS • Quarantine • Remediate • Compliance / reporting

  7. CyberGatekeeper Hardware Architecture

  8. Key Requirements for Host Integrity Control (HIC) Solution • Sets up a policy and verifies endpoint compliance • Restricts rogues and non-compliant systems • Remediates non-compliant systems • Reports endpoint and enterprise compliance • Implements an on-going process

  9. Customer Scenarios Where CyberGatekeeper Does Well • Software can be deployed • 802.1x deployments • Many locations • Heterogeneous network • Need for centrally managed solution for VPN, wireless, LAN, remote offices • Guest HIC without changing the network

  10. HIC Business Drivers • Keep rogue or unknown PCs off the network • Stop worms / Trojans from propagating throughout the network • Increase compliance scorecard – internal / external audit • Increase endpoint visibility / control 30% of organizations surveyed have NAC projects in 2007. ~Aberdeen Group, 12/2006

  11. Benefits of HIC • Keeps rogue devices off your network • Ensures 100% of endpoints on your network are compliant or quarantined until they are remediated. • Prevents vulnerabilities – security solutions are assured to be running and up-to-date. OS and patches assured to be current. • Lowers help desk costs – Automatic remediation of non-compliant PCs • HIC for guest access

  12. A New Approach for Host Integrity - Dynamic NAC DNAC strengths • No network upgrades or changes • Software solution runs on Windows server (Linux appliance optional) • Authentication agnostic • Friendly fail-open design • Provides real-time network visibility

  13. How does Dynamic NAC work? Enforcers watch for unauthorized endpoints, blocking their traffic, and helping remediate them. Enforcers are normal PC’s that have been selected to be an Enforcer Other complaint endpoints can become enforcers to replace enforcers who leave the network. Guests are endpoints that are audited only or on guest lists, but are not running DNAC (consultants, printers, etc). Guests cannot become enforcers. Unauthorized endpoints are quarantined by the enforcers until they are healthy and reported to the management server while remaining quarantined.

  14. Endpoint audit with a CyberGatekeeper Server CyberGatekeeper Server Creates a community of enforcers, compliant PCs, and compliant guests Network Enforcers

  15. Enforcers watch for new endpoints using ARP redirection to protect the network and community CG Server Network ? New endpoint attempts to access network Enforcers

  16. DNAC Model Enforcers are selected from the endpoint community • Create a trusted community of endpoints with a compliance check • Designate some endpoints as enforcers • Enforcers identify and quarantine unauthorized endpoints Provides real-time network visibility • Checks compliant, non-compliant and unauthorized endpoints

  17. Enforcers Allow Access to the CG Policy Server and Remediation Server CG Server Remediation Server Detect and correct plus compliance Network Unhealthy endpoint Enforcers

  18. After Remediation and an Audit, an Endpoint Obtains a Clean Bill of Health from the Policy Server CG Server Remediation Server Network Healthy endpoint Enforcers

  19. Endpoint Joins the Group after the Audit Results are Communicated to the Other DNAC Endpoints CG Server Remediation Server Network Compliant endpoint Enforcers

  20. CyberGatekeeper Server Dynamic NAC Organizes Each Network into Groups Consisting of Enforcers, Compliant PCs and Guests

  21. Summary - CyberGatekeeper Strengths • MATURE SOLUTION - First to market endpoint enforcement, 5th generation DNAC enforcement. • CG designed SPECIFICALLY for endpoint enforcement so it’s responsive and flexible • Multiple enforcement options to address today’s and tomorrow’s NAC requirements. • Microsoft NAP, Trusted Computing Group, etc. • No network changes required with DNAC. • Deployable Today (in under 1 hour)

  22. CyberGatekeeper Solution Customer ROI – Ulster Savings Bank

  23. NAC Deployment Cost Comparison

  24. DNAC TCO

  25. CyberGatekeeper DNAC Case Study – ST Electronics Keeping rogue and unknown devices off the network Background: ST Electronics designs and develops advanced electronics systems for SATCOM and transportation systems. Their 5 divisions with 1650 employees are highly autonomous. Challenge: The IT staff needed a solution to ensure divisions were only using IT-issued PC’s and wanted to keep unknown and unmanaged devices off the network. Originally looked at upgrading their network to support 802.1x authentication, but they realized it would be a long and costly project. Solution: Looked at agent-less approaches, but preferred the responsiveness and automatic remediation benefits of CyberGatekeeper. Results: 100% compliance for antivirus software and Microsoft OS updates, investment protection because CyberGatekeeper supports 802.1x. and Guest compliance with Web Agent

  26. Build Interest Ask more questions to clarify pain points or needs • Are you worried about guest or rogue PCs? CG can control/prevent these users. • Have you looked at other NAC solutions? CG can be up and running in <1 hour and removes the requirement to upgrade your network infrastructure. • Not satisfied with your patch management solution? CG ensures that 100% of the endpoints are patched prior to getting network access. • Moving towards an 802.1x infrastructure? CG provides compliance check, endpoint visibility, and remediation to this ecosystem.

  27. DifferentiateDistinguishing CyberGatekeeper • First to market endpoint enforcement, 5th generation solution released 11/2006. • CyberGatekeeper has been deployed at many corporations since 2001. • Compatible with any network and remote access infrastructure and does not require network upgrades and changes. • CyberGatekeeper has been designed specifically for NAC, it powerful, flexible, and easy to deploy and manage.

  28. Roadmap • Enable enforcement with ActiveX agent on Alcatel-Lucent Switches through captive portal • Enable enforcement with ActiveX agent on Aruba Switches through captive portal • Both can be accomplished today via inline approach and CyberGatekeeper as enforcement mechanism • Dynamic NAC can accomplish this and provide enforcement through enforcer agents

  29. Contacts • Sarveshwar Rao • Product Manager – Security Solutions • Alcatel-Lucent • 26801 West Agoura Road,Calabasas,CA – 91301 • Sarveshwar.rao@alcatel-lucent.com , 818-584-4551 • Kevin Tierney • Director of Business Development • Responsible for Alcatel-Lucent relationship • Current primary POC • ktierney@infoexpress.com, 215-431-4482

More Related