230 likes | 382 Views
Blue Ridge Networks / Com info Systems. Products and Services Overview. Teaming. Cominfo and Blue Ridge Networks signed Teaming agreement to serve Pakistan’s market Cominfo is a exclusive product and service provider of Blue Ridge Networks in Pakistan
E N D
Blue Ridge Networks / Cominfo Systems Products and Services Overview
Teaming • Cominfo and Blue Ridge Networks signed Teaming agreement to serve Pakistan’s market • Cominfo is a exclusive product and service provider of Blue Ridge Networks in Pakistan • Combination of exceptional product line and outstanding service brought two companies together
Benefits of Teaming • Local Urdu and English speaking technical support • Local workforce available to visit client sites fortraining and support • Immediate product implementation and replacement • No middleman and markups • Office expansions are scheduled for Lahore Islamabad, Rawalpindi, and Dubai
What we do BorderGuard Virtual Private Networks EdgeGuard End Point Security Site to Site Flexible Authentication Service Remote Access Scan and Block Specialized VPN Applications Trusted Configuration Management
Markets Served • Banking • Finance • Government • Health Care • Legal • Transportation • 250+ total customers in37 countries.
Differentiated Solutions • Secure Mobile Computing • Remote Access with PKI Authentication • Endpoint Security Enforcement • Nomadic Secure IP Voice, Video, Data • Secure Central Management • Service Provider Model • Low Cost, Rapid Deployment • Carrier and Media Agnostic Global Reach • Ease of Use Without Security Compromise • Enterprise Scale Hardware and Software Systems
Secure Networking Product Portfolio • BorderGuard™ 5000/6000 VPN Appliances • Multiple models span mid-range market • Up to 2.2 Gbps AES256 packet encryption • Up to 24,000 simultaneous connections • RSA public-key authentication built-in • FIPS 140-2 certified • Common Criteria , EAL2, EAL4+ (in evaluation) • RemoteLink™ • Rapid deployment and mobility features • Supports mobile security for voice, video, data applications • Protocol agnostic • Embedded PKI for strong authentication • Transparent to end-user
Secure Networking Product Portfolio • Management Console • Headless, plug-and-play central management appliance • Easy to use browser-based interaction from any PC • Manages high assurance VPNs • Site-to-site • Remote access • Granular administrator role-based administration • Ideal for Unified PKI authentication and full integration with client’s Active Directory • Instant user revocation with Red List • Detailed audit collection for better management and reporting • Remote Access Client Software • Windows 2000, XP, XP embedded, Vista and PocketPC • Supports seamless wireless roaming with persistent secure connection • Easy to install and easy to use • Optimized for X.509 cert based authentication and smartcards
Encryption Level B Encryption Level A Session Initialization Parameters Client Private Key Client Private Key BorderGuard Public Key BorderGuard Public Key Audit Audit Integrity Integrity Privacy Privacy Authorization Authorization Authentication Authentication PKI PKI High Assurance Security Mutual Mandatory Authentication SE IKE 01001010 01101101 00101001045311 10100 1001101001010 01101101 001010010110101 100110
Untrusted Network Usability – Active Directory Integration Enterprise CRL The Management Console’s Red or Green List allows administrators to block access for any reason OCSP Active Directory Log Server Management Console queries CRL servers for cert path discovery and validation Management Console queries OCSP responders for cert validation Remote Access Untrusted Network Policy Server The user authenticates to Active Directory using an end-to-end cryptographic process No intermediary servers, no additional network access policy data required ** User’s network access is limited until successful Active Directory authentication occurs Using a Common Access Card (CAC) or a Personal Identity Verification (PIV) card, a secure tunnel request is made to BorderGuard VPN appliance Flexible Authentication
RemoteLink • Secure Remote Office • VoIP • Secure Thin Clients • Non-Window Devices
Secure Virtual Ethernet Service • Any-to-any, full mesh, enterprise connectivity • 100% end-to-end security • Unicast and Multicast • Any wired or wireless networks; • DSL, Cable Modem, T1, etc. • Cell wireless, satellite, WiMax • Any Data applications and Protocols • Any VoIP applications • Any IP Video applications • Anywhere on the globe
SVES Deployment SVES creates a complete end to end private and secure network on the global Internet. Enterprise HQ Enterprise Regional Office Internet Remote workstation Branch Office Remote workstation
Secure Intranets Logical Full Mesh Among All Sites
Secure Extranets Only connectivity to/fromcentral site resources No connectivity among remote sites
EdgeGuard™ Trusted Framework for Policy Enforcement, Admission Control, and Compliance of Microsoft Windows Fixed and Mobile Workstations
NAP / NAC Application 3 Application N Malware Protection EdgeGuard Security Framework Server Application: Windows Server 2003 SQL Server 2005 EdgeGuard Management System The EdgeGuard Security Framework enables multiple applications Near real-time visibility and manageability EdgeGuard Agent Security Framework Client Application: Windows XP SP2 Windows Vista Stateful Workflow Control TPM NetLock ProcessLock FileLock RegistryLock OPSWAT Trust System
Example EdgeGuard Applications • NAP/NAC • EGA provides Posture Assessment for client systems • Continuous assessment, enforcement and remediation off-net • Enhanced Policy Enforcement for Endpoints • Application Control • Red List – unstartable applications • Green List – unstoppable applications • Trusted Enclaves for Process Containment • TEs may contain User Apps and System Services • Highly effective defense against malware • Not HIPS
Untrusted Network EdgeGuard Policy EdgeGuard Policy Status Status Anti-Virus On Anti-Virus On DAT File Updated DAT File Updated Personal Firewall On Personal Firewall On Service Pack Updated Service Pack Updated Disk Encryption On Disk Encryption On EdgeGuard Deployment Enterprise EdgeGuard allows continuous Posture Assessment through signed policy files and signed audit logs EdgeGuard Management Console Remediation Site Log Retrieval Server Remote workstation Policy Distribution Server EdgeGuard Agent
Policy Examples • End-point Security Management • Ensures that third-party security products like anti-virus, personal firewall, disk encryption, etc. are executing and have up to date policy. • Provides quarantined access for remediation like anti-virus update or patch management. • Prevents Red-listed programs from executing. • Ensures that Green-listed programs are executing. • Provides trusted push of scripts and executables for zero-day attack remediation. • Trusted Configuration Management • Protects selected registry hives from alteration. • Prevents alteration of specified DLLs or data files. • Device Management and Access Control • Enforces which network interfaces may be used and in which networks. • Controls what networks or hosts may be accessed and from where. • May be used to limit the use of writable storage media such as USB storage devices or CD-Ws. • Authentication Management • Ensures that the client system has successfully authenticated to specified enterprise systems like Active Directory prior to allowing network access. • Can enforce arbitrary pre and post connection authentication chains. Note: Any policy can be conditioned upon “location”.