310 likes | 751 Views
InfoExpress CyberGatekeeper Customer Presentation. Where the network meets seamless host integrity. Name of Presenter, BG Date (Format as Month, 2007). Agenda. CyberGatekeeper (CG) overview Roadmap. InfoExpress Background. History US company, headquartered in Silicon Valley
E N D
InfoExpress CyberGatekeeper Customer Presentation Where the network meets seamless host integrity Name of Presenter, BG Date (Format as Month, 2007)
Agenda • CyberGatekeeper (CG) overview • Roadmap
InfoExpress Background History • US company, headquartered in Silicon Valley • Have been delivering network security solutions for Global 2000 customers for over 12 years. • Profitable for a decade. • An innovator in the NAC space Firsts in the NAC market… • 2000 – 1st to embed NAC into VPN • 2001 – 1st In-line NAC appliance for remote access VPN and WAN use • 2004 – 1st VLAN switching based NAC solution, using SNMP or 802.1x • 2004 – 1st to demonstrate TCG and CNAC third-party compatibility • 2006 – Dynamic NAC
Other Firsts • CyberArmor: Centrally managed endpoint firewall (largest 125k+ seats) • VTCP secure: Proxy VPN solution (largest 100k+ seats)
Introduction What… • Alcatel-Lucent is reselling InfoExpress’ 5th generation of NAC products, CyberGatekeeper for host integrity checking (HIC) Why… • Customers • Reason to call and upsell
Alcatel-Lucent Layered Access Control Strategy InfoExpress Product Mapping • Authentication • Host integrity • Identity / role based resource access • IPS/IDS • Quarantine • Remediate • Compliance / reporting
Key Requirements for Host Integrity Control (HIC) Solution • Sets up a policy and verifies endpoint compliance • Restricts rogues and non-compliant systems • Remediates non-compliant systems • Reports endpoint and enterprise compliance • Implements an on-going process
Customer Scenarios Where CyberGatekeeper Does Well • Software can be deployed • 802.1x deployments • Many locations • Heterogeneous network • Need for centrally managed solution for VPN, wireless, LAN, remote offices • Guest HIC without changing the network
HIC Business Drivers • Keep rogue or unknown PCs off the network • Stop worms / Trojans from propagating throughout the network • Increase compliance scorecard – internal / external audit • Increase endpoint visibility / control 30% of organizations surveyed have NAC projects in 2007. ~Aberdeen Group, 12/2006
Benefits of HIC • Keeps rogue devices off your network • Ensures 100% of endpoints on your network are compliant or quarantined until they are remediated. • Prevents vulnerabilities – security solutions are assured to be running and up-to-date. OS and patches assured to be current. • Lowers help desk costs – Automatic remediation of non-compliant PCs • HIC for guest access
A New Approach for Host Integrity - Dynamic NAC DNAC strengths • No network upgrades or changes • Software solution runs on Windows server (Linux appliance optional) • Authentication agnostic • Friendly fail-open design • Provides real-time network visibility
How does Dynamic NAC work? Enforcers watch for unauthorized endpoints, blocking their traffic, and helping remediate them. Enforcers are normal PC’s that have been selected to be an Enforcer Other complaint endpoints can become enforcers to replace enforcers who leave the network. Guests are endpoints that are audited only or on guest lists, but are not running DNAC (consultants, printers, etc). Guests cannot become enforcers. Unauthorized endpoints are quarantined by the enforcers until they are healthy and reported to the management server while remaining quarantined.
Endpoint audit with a CyberGatekeeper Server CyberGatekeeper Server Creates a community of enforcers, compliant PCs, and compliant guests Network Enforcers
Enforcers watch for new endpoints using ARP redirection to protect the network and community CG Server Network ? New endpoint attempts to access network Enforcers
DNAC Model Enforcers are selected from the endpoint community • Create a trusted community of endpoints with a compliance check • Designate some endpoints as enforcers • Enforcers identify and quarantine unauthorized endpoints Provides real-time network visibility • Checks compliant, non-compliant and unauthorized endpoints
Enforcers Allow Access to the CG Policy Server and Remediation Server CG Server Remediation Server Detect and correct plus compliance Network Unhealthy endpoint Enforcers
After Remediation and an Audit, an Endpoint Obtains a Clean Bill of Health from the Policy Server CG Server Remediation Server Network Healthy endpoint Enforcers
Endpoint Joins the Group after the Audit Results are Communicated to the Other DNAC Endpoints CG Server Remediation Server Network Compliant endpoint Enforcers
CyberGatekeeper Server Dynamic NAC Organizes Each Network into Groups Consisting of Enforcers, Compliant PCs and Guests
Summary - CyberGatekeeper Strengths • MATURE SOLUTION - First to market endpoint enforcement, 5th generation DNAC enforcement. • CG designed SPECIFICALLY for endpoint enforcement so it’s responsive and flexible • Multiple enforcement options to address today’s and tomorrow’s NAC requirements. • Microsoft NAP, Trusted Computing Group, etc. • No network changes required with DNAC. • Deployable Today (in under 1 hour)
CyberGatekeeper DNAC Case Study – ST Electronics Keeping rogue and unknown devices off the network Background: ST Electronics designs and develops advanced electronics systems for SATCOM and transportation systems. Their 5 divisions with 1650 employees are highly autonomous. Challenge: The IT staff needed a solution to ensure divisions were only using IT-issued PC’s and wanted to keep unknown and unmanaged devices off the network. Originally looked at upgrading their network to support 802.1x authentication, but they realized it would be a long and costly project. Solution: Looked at agent-less approaches, but preferred the responsiveness and automatic remediation benefits of CyberGatekeeper. Results: 100% compliance for antivirus software and Microsoft OS updates, investment protection because CyberGatekeeper supports 802.1x. and Guest compliance with Web Agent
Build Interest Ask more questions to clarify pain points or needs • Are you worried about guest or rogue PCs? CG can control/prevent these users. • Have you looked at other NAC solutions? CG can be up and running in <1 hour and removes the requirement to upgrade your network infrastructure. • Not satisfied with your patch management solution? CG ensures that 100% of the endpoints are patched prior to getting network access. • Moving towards an 802.1x infrastructure? CG provides compliance check, endpoint visibility, and remediation to this ecosystem.
DifferentiateDistinguishing CyberGatekeeper • First to market endpoint enforcement, 5th generation solution released 11/2006. • CyberGatekeeper has been deployed at many corporations since 2001. • Compatible with any network and remote access infrastructure and does not require network upgrades and changes. • CyberGatekeeper has been designed specifically for NAC, it powerful, flexible, and easy to deploy and manage.
Roadmap • Enable enforcement with ActiveX agent on Alcatel-Lucent Switches through captive portal • Enable enforcement with ActiveX agent on Aruba Switches through captive portal • Both can be accomplished today via inline approach and CyberGatekeeper as enforcement mechanism • Dynamic NAC can accomplish this and provide enforcement through enforcer agents
Contacts • Sarveshwar Rao • Product Manager – Security Solutions • Alcatel-Lucent • 26801 West Agoura Road,Calabasas,CA – 91301 • Sarveshwar.rao@alcatel-lucent.com , 818-584-4551 • Kevin Tierney • Director of Business Development • Responsible for Alcatel-Lucent relationship • Current primary POC • ktierney@infoexpress.com, 215-431-4482