Astaro  Product Presentation Name of Presenter, Designation Date of Presentation
Agenda <ul><li>Product Overview </li></ul><ul><li>Security Gateways </li></ul><ul><li>Gateway Extensions </li></ul><ul><li...
Company Profile The Leading European UTM Security Provider
Our Business ASTARO  is the leading European UTM Security provider for small to medium sized companies and organizations r...
Astaro Global Profile <ul><li>Founded 2000 </li></ul><ul><li>170 employees  </li></ul><ul><li>Headquarters in:  </li></ul>...
Astaro Asia Hub <ul><li>Established in Singapore in August 2009 </li></ul><ul><li>Supporting whole of Asia Pacific except ...
Successful Global Customers
Successful Asia Pacific Customers  Education
Successful Asia Pacific Customers  Government National  Economic  Development  Authority
Successful Asia Pacific Customers  Telcommuniations & Utilities
Successful Asia Pacific Customers  Financial Services Institutions (FSI)
Successful Asia Pacific Customers  Manufacturing
Successful Asia Pacific Customers  Retail and Hospitality
Successful Asia Pacific Customers  Non-Profit Organizations
Awards SC Magazine - Best SME Security Solution 2010 The final verdict &quot;a great product at a highly competitive price...
Awards Technology Innovation of the Year Award 2008 „ superior performance” (Frost & Sullivan) Top 100 Innovator 2008 „ ex...
Certifications TOLLY Up-to-Spec Certified independent test lab (Tolly Enterprises, LLC) Common Criteria First UTM applianc...
Recognitions “ Frost & Sullivan believes that Astaro is to be a leading company in the UTM market…” - 2009
Recognitions Figure 1. Magic Quadrant for Unified Threat Management
Agenda <ul><li>Product Overview </li></ul><ul><li>Security Gateways </li></ul><ul><li>Gateway Extensions </li></ul><ul><li...
Astaro Products in Use
Security Gateways Comprehensive All-In-One Security for SMEs
Internet Threats on the Increase Crackers  Botnets  Spam  Phishing   Scam  Hoax  Viruses  Spyware  Gray ware   Intrusions ...
Modern IT-Security Challenges Cost Time Investment IPS SSL VPN Gateway E-Mail/Spam Filter Web Filter GW Antivirus Filter W...
The Astaro All-In-One Approach All-In-One Appliance Centralized Management & Reporting Browser-based Unified Management of...
Astaro Security Gateway Unified Threat Management Appliances
Deployment Scenarios
Security Features Enterprise-class Security for SMB <ul><li>Wireless Controller for Astaro Access Points </li></ul><ul><li...
10 Advantages of Astaro Security Features <ul><li>Secure Firewall </li></ul><ul><li>1 </li></ul><ul><li>Support all integr...
Management Made Easy <ul><li>Intuitive Dashboard </li></ul>Individual UserPortal Comprehensive Reporting
10 Advantages of ASG Management <ul><li>Web interface </li></ul><ul><li>1 </li></ul><ul><li>Low maintenance </li></ul><ul>...
Astaro Security Gateway Products *Pricing based #IPs/Users
Deployment Models Hardware Operating  System Application First UTM Appliance that passed  VMware validation program Hardwa...
Agenda <ul><li>Product Overview </li></ul><ul><li>Security Gateways </li></ul><ul><li>Gateway Extensions </li></ul><ul><li...
Gateway Extentions
Branch Office Security Secure Branch Office Connection
Branch Office Security - Challenges <ul><ul><ul><li>Businesses with many small branch offices need an easy and affordable ...
Available Solutions <ul><li>Routers for private users </li></ul><ul><li>Low-end UTM Appliances  </li></ul><ul><li>MPLS and...
Astaro RED <ul><li>The easiest and most economic way to secure your branch offices in a few minutes – without the need for...
Deployment Scenario
How Does RED Work?
Easy Installation <ul><li>Appliance can be delivered without configuration </li></ul>  A0410230401    Internet  TUNN...
Implemented Centralized Management
Astaro RED 10 <ul><li>Technical Information </li></ul><ul><li>Solid steel chassis </li></ul><ul><li>No moving parts </li><...
<ul><li>Easy to implement and manage </li></ul><ul><ul><li>Virtual Ethernet cable </li></ul></ul><ul><ul><li>Setup in the ...
Wireless Security Secure Wireless Networks for Businesses
Wireless Networks – The Challenges <ul><ul><ul><li>Businesses need an easy-to-use, secure and reliable possibility to inte...
Available Solutions <ul><li>Access Points for private users </li></ul><ul><li>Low-end UTM-Appliances with integrated Wi-Fi...
Astaro Wireless Security <ul><li>Air traffic control for your business network </li></ul>
Deployment scenarios
Easy installation Astaro Security Gateway    Guest Internet Finance
Centralized Management
Flexible Access for the Whole Office <ul><ul><li>Astaro access points can be placed anywhere in your organization. </li></...
Integrated Security Integrated UTM Security Strong Encryption
Astaro Access Points <ul><li>Up to 10 users </li></ul><ul><li>150 Mbit/s throughput </li></ul><ul><li>1 x 10/100 Base TX <...
<ul><li>Easy installation and management </li></ul><ul><ul><li>Centralized configuration </li></ul></ul><ul><ul><li>No con...
Astaro Clients Secure Remote Access to Business Networks
Deployment Scenario
<ul><li>Highly secure data connections to Astaro VPN gateways </li></ul><ul><li>Authentication via Pre-Shared Key (PSK), P...
<ul><li>Proven SSL- (TLS) based security </li></ul><ul><li>Minimal system requirements  </li></ul><ul><li>Supports MD5, SH...
Astaro Smart Installer Fast Disaster Recovery
<ul><li>Fast Recovery </li></ul><ul><li>Fast installation of a software-image or recovering a stored configuration with a ...
Management Tools Centralized Management of all Security Products
Central Management – The Challenges <ul><li>Management of the complete security infrastructure </li></ul><ul><li>1 </li></...
<ul><li>How do you handle all management tasks today? </li></ul><ul><li>All devices will be managed separately  </li></ul>...
Astaro Command Center Manage all your security products from a single location
<ul><li>Real-Time Monitoring </li></ul><ul><li>Aggregated Reporting </li></ul><ul><li>Inventory Management </li></ul><ul><...
Easy Management
Multi-Client Capability for Managed Services
Products Virtual Appliance*   Runs in any VMware environment Software Appliance*   Runs on Intel-compatible PCs and server...
Advantages <ul><li>Save and distribute administration tasks </li></ul><ul><li>1 </li></ul><ul><ul><li>Simple configuration...
Agenda <ul><li>Product Overview </li></ul><ul><li>Security Gateways </li></ul><ul><li>Gateway Extensions </li></ul><ul><li...
Astaro Security Gateway Features Enterprise-Class Security Technology
Astaro Essential Firewall
Astaro Network Security
<ul><li>Virtual Private Network (VPN) Gateway </li></ul><ul><li>Site-to-Site IPsec & SSL VPN for creating a secure communi...
<ul><li>Intrusion Prevention </li></ul><ul><li>Identifies and Blocks Application and Protocol Related Probes and Attacks t...
Astaro Mail Security
<ul><li>E-Mail Antivirus </li></ul><ul><li>Dual Independent Virus Scanners for SMTP and POP3 </li></ul><ul><li>Blocks Malw...
<ul><li>Antispam </li></ul><ul><li>Highest Detection Rate through Combination of Multiple Methods: </li></ul><ul><ul><li>R...
<ul><li>Antiphishing </li></ul><ul><li>Astaro identifies and blocks phishing emails though several methods: </li></ul><ul>...
<ul><li>Email Encryption </li></ul><ul><li>En-/Decryption and Digital Signatures for SMTP Emails </li></ul><ul><li>Complet...
Astaro Web Security
<ul><li>Spyware Protection </li></ul><ul><li>Blocks (Unintentional) Downloads of Spyware, Adware, and Other Malicious Soft...
<ul><li>Web Antivirus/Malware </li></ul><ul><li>Blocks viruses, worms, trojans, and other “malware” </li></ul><ul><li>Scan...
<ul><li>URL Filter </li></ul><ul><li>Control employee’s web access to more than 96 categories </li></ul><ul><li>Considers ...
<ul><li>IM & P2P Control </li></ul><ul><li>Manages the Use of Instant Messaging Clients (and Skype) and Peer-to-Peer Appli...
Astaro Web Application Security
Astaro Web Application Security Security Patterns
Astaro Web Application Security <ul><li>Cookie Signing - Discards cookies which have been altered. </li></ul>
<ul><li>www.astaro.com/admin.php   not allowed! </li></ul>Astaro Web Application Security <ul><li>URL Hardening </li></ul>...
Astaro Web Application Security <ul><li>Antivirus </li></ul>User
Astaro Networking Functions Enterprise Class Network Technology
WAN Link Balancing <ul><li>Bundles of up to 8 Internet connections with fallback and simultaneous load distribution  </li>...
Ethernet Link Aggregation <ul><li>Bundles of up to 4 Ethernet Ports for more throughput and stability </li></ul>Logical 20...
Server Load Balancing <ul><li>Dynamic load distribution for incoming data over groups of similar servers </li></ul>Health ...
Astaro Active-Passive HA (Standby) <ul><li>Stability through Standby-System </li></ul><ul><li>Synchronisation of: </li></u...
Astaro Active-Active HA (Cluster) Cluster Nodes   Scalability High Availbility Active / Active LAN Master  (balancing) Sla...
” Zero Config HA“ <ul><li>Active-Passive (stand-by) HA - Configuration: </li></ul><ul><ul><li>Automatic configuration with...
<ul><li>Controlled  Measures for Power Cuts </li></ul><ul><li>Power cut signaled via USB </li></ul><ul><li>Message sent to...
<ul><li>Optimal Path Selection and Stability </li></ul><ul><li>Static / Policy </li></ul><ul><ul><li>Based on  Source/Dest...
DHCP <ul><li>Dynamic IP Address Management </li></ul><ul><ul><li>DHCP Server & Relay </li></ul></ul><ul><ul><li>Configurat...
DNS Proxy <ul><li>Flexible Name Resolution </li></ul><ul><li>IPv4/IPv6 </li></ul><ul><li>DynDNS-Support </li></ul><ul><li>...
Quality of Service (QoS) <ul><ul><li>Guarantees  minimum and maximum bandwidth for certain data types </li></ul></ul><ul><...
Agenda <ul><li>Product Overview </li></ul><ul><li>Security Gateways </li></ul><ul><li>Gateway Extensions </li></ul><ul><li...
E-mail Archiving Compliance & Productivity Requirement Solutions
E-mail Management Challenges
Available Solutions <ul><li>Mail Archiving Software </li></ul><ul><li>Mail Archiving Appliances </li></ul><ul><li>Hosted a...
Astaro Mail Archiving <ul><li>Make Archiving Your E-Mail Our Problem </li></ul>
Deployment Scenario
<ul><li>Setup in < 15 minutes </li></ul><ul><li>No Maintenance Tasks </li></ul>Installation and Maintenance
Compliance <ul><li>All necessary e-mails – for the prescribed period </li></ul><ul><li>Filtering of messages not to be arc...
<ul><li>Find e-mails instantly through  Google-like full-text search </li></ul>Instant Discovery
Outlook Plug-In <ul><li>Easy installation </li></ul><ul><li>Seamlessly integrated Plug-in </li></ul><ul><li>Direct message...
<ul><li>Secure Data Storage </li></ul><ul><li>TLS encrypted data transfer  </li></ul><ul><li>AES encrypted storage </li></...
Licensing & Pricing <ul><li>No hidden extras: All services included! </li></ul>< €3 per user/month!
<ul><li>Easy Usability </li></ul><ul><ul><li>Messages can be found in seconds </li></ul></ul><ul><ul><li>No employee train...
Agenda <ul><li>Product Overview </li></ul><ul><li>Security Gateways </li></ul><ul><li>Gateway Extensions </li></ul><ul><li...
<ul><li>Thank you! </li></ul>
Upcoming SlideShare
Loading in …5
×

Astaro asia product-presentation-updated 21-feb11

2,991 views

Published on

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,991
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
76
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • © Astaro 2008 Astaro Overview – Page
  • © Astaro 2008 Astaro Overview – Page
  • © Astaro 2008 Astaro Overview – Page
  • © Astaro 2008 Astaro Overview – Page
  • © Astaro 2008 Astaro Overview – Page
  • © Astaro 2008 Astaro Overview – Page
  • © Astaro 2008 Astaro Overview – Page
  • © Astaro 2008 Astaro Overview – Page
  • © Astaro 2008 Astaro Overview – Page
  • © Astaro 2008 Astaro Overview – Page
  • © Astaro 2008 Astaro Overview – Page
  • © Astaro 2008 Astaro Overview – Page Astaro has won numerous industry awards. SC Magazine continuously give s the Astaro Security Gateway 5 Star Ratings, &amp;quot;Recommended“ &amp; “Best Buy” designations, as well as multiple “Best of the Year” awards. CRN Magazine has also recognized Astaro as an industry leader and has honored the product line by giving us “Product of the Year” awards And PC Magazine too has named Astaro Security Gateway Best of the Year. A complete awards listing is on our website
  • © Astaro 2008 Astaro Overview – Page Astaro has won numerous industry awards. SC Magazine continuously give s the Astaro Security Gateway 5 Star Ratings, &amp;quot;Recommended“ &amp; “Best Buy” designations, as well as multiple “Best of the Year” awards. CRN Magazine has also recognized Astaro as an industry leader and has honored the product line by giving us “Product of the Year” awards And PC Magazine too has named Astaro Security Gateway Best of the Year. A complete awards listing is on our website
  • © Astaro 2008 Astaro Overview – Page The Astaro Security Gateway has received many important certifications: - ICSA Common Criteria Tolly
  • Astaro‘s goal is to provide complete IT security solutions which integrate the right technology and are also understandable, easy to use and pragmatic to employ. Furthermore, the solutions should be independent from the platform. Through the Astaro Security Gateway product family, you are able to establish a central component for the protection of Internet traffic as a whole. The solution can be adopted as self-managed solution, a managed Gateway solution for the customer (CPE) or as cloud-based service available through service providers or partners. Astaro Mail Archiving is a hosted service which simplifies mailbox management and legal compliance requirements. The image in the slide above illustrates the possible deployment scenarios for Astaro products.
  • The different threat scenarios for a company&apos;s IT infrastructure has heavily evolved over the past 10 years, to the point where new technology updates are constantly required for sufficient protection. This is partly due to the continuous increase in complexity of the IT landscape. The threats themselves are also rapidly evolving and can often only be fought through a combination of different technologies.
  • The number and complexity of the tools, which are required for IT security, is also on the rise. Firewalls and VPN gateways no longer provide sufficient protection. The use of Intrusion Detection and Prevention Systems (IPS) has become a mandatory asset and the demand for tools which check e-mails and web downloads for dangerous content such as spam, viruses, spyware, phishing is also on the rise. With every additional tool employed in your IT security infrastructure, the costs, expenditure of time for installation, training and maintenece will also increase. As as result, many company&apos;s today cannot cover this requirement.
  • © Astaro 2008 Astaro Overview – Page Though the Astaro Security Gateway (ASG) family, we are able to provide an integrated complete solution for e-mail, web and network security. The browser-based management interface allows for easy configuration of all functions with just a few mouse-clicks - also without vast knowledge of technical IT know-how. The Astaro Command Center enables a central establishment and overview for larger and more wide-spread installations of up to hundreds of Astaro Security Gateways. Networking features such as high-availability (HA), clustering, server and WAN link balancing provide constant reliability and scalability for your deployment, usually available only to enterprise solutions. The Gateways are supported by tools which help extend your functionality for smooth daily business operations: Astaro RED offers compülete and centrally administered UTM security for remote offices and can be configured in minutes - without the need of local IT personell. With Astaro Wireless Security , you are able to easily connect our Access Point devices with your ASG&apos;s security features. Astaro VPN Clients provide mobile employees with secure and easy to administer remote access to the corporate network. The Astaro Smart Installer is a bootable USB device, with which you are able to easily install the latest version of Astaro Security Gateway software. ASG provides the same functions on all appliance models: hardware, software and virtual, allowing for more flexible deployment scenarios.
  • © Astaro 2008 Astaro Overview – Page This slide illustrates different deployment scenario possibilities for Astaro Security Gateway.
  • © Astaro 2008 Astaro Overview – Page For every Astaro Security Gateway, a free Essential Firewall license is available. This license provides the base functionality with fundamental security features activated for the protection of company networks. This basis can also be flexibly extended through optional subscriptions for Astaro Network, Web, Mail, Web Application and Wireless Security. Many providers of UTM solutions list in their datasheets a large number of functions. Often enough however, certain product features are only rudimentarily implemented. For example, some manufacturers talk about spam protection when they only employ a single mechanism such as RBL lists. Effective spam protection is only reached however through a combination of different techniques, which are specialized in recognizing certain spam methodology. Enterprise e-mail solutions and Astaro&apos;s UTM solutions work in this way.
  • © Astaro 2008 Astaro Overview – Page - Secure firewall through flexible filter rules - Supports integrated VPN clients for all important operating systems (Windows, Linux, Mac OS X, iOS, Android etc.) - Recognizes malware in encrypted HTTPS data and prevents users from accepting invalid certificates - Clean mailbox though reputation-based spam recognition with a high positive hit rate - Protection for trusted mails through transparent email encryption  (TLS, S/MIME, OpenPGP) - User and group-based web filtering without time-consuming authentication through single sign on - Blocks Skype, Bittorrent and other applications through a mouse click - Integrated Web Application Firewall protects web servers against manipulation and information loss - Flexible scalability through clustering with integrated load balancing for up to 10 Gateways - Integrated wireless controller provides security and WLAN functionality for all connected Access Points
  • © Astaro 2008 Astaro Overview – Page Simple management is one of the most important aspects for an all-in-one security solution. Esepcially designed for the requirements of small and middle sized companies, all features can be easily used without much technical security know-how. For this reason, every function can be configured via an intuitive browser-based user interface in many different languages. The intuitive dashboard provides a quick overview about the current status of the Gateway, for example the resources used, active connections and recognized malware. The UserPortal allows every user to see their individual mail log, manage their own spam quarantine or install their own VPN Client configuration with a single mouse click. This saves the administrator much time. Extensive log data, which is stored in a local database, allows the generation of many easy to read reports . Especially in their own user friendliness, many of today&apos;s UTM solutions come up short.
  • © Astaro 2008 Astaro Overview – Page - Comfortable management through a browser-based GUI in many languages - Low maintenance though automated pattern and firmware updates - Relieves the administrator&apos;s burden through Mail and VPN management via the UserPortal - available in over 15 languages - Simple connection for mobile employees through one click SSL VPN with unlimited number of free clients - Automated configuration backup by e-mail and fast disaster recovery through backup import via a USB stick - Reuse existing user and group definitions from Active Directory and eDirectory - Integrated database supported reporting for extensive information with over 120 graphical reports - Integrated management of log data and spam quarantine makes external servers unnecessary - Secure connection for remote locations in just a few minutes - Plug and play configuration for redundant HA and cluster installations through “Zero Config HA“
  • The ASG product line covers models for small networks and remote locations with up to 10 users to large networks with up to 5000 users. As opposed to other UTM solutions, Astaro software can be also installed on your own servers. The same set of security applications, including features such as Active/Active Clustering, WAN Uplink Balancing or Active Directory Integration, is available on all Astaro Security Gateway models - no matter if the hardware, software or virtual appliance is deployed. Furthermore, every hardware appliance contains an integrated hard drive for local spam quarantine and log/reporting information. Therefore, even the smallest remote office can get the same protection as a company&apos;s central office - without compromise. The ASG 525 and 625 models offer the highest availability through a redundant hard drive and power supply.
  • © Astaro 2008 Astaro Overview – Page There are 3 deployment options for all of Astaro’s appliances Software Appliance Since the operating system and all featured applications are bundled within a single ISO image, Astaro software appliances are much easier and faster to install than software applications that require a separate, pre-installed operating system. By supporting a broad range of Intel-compatible server systems, software appliances allow for maximum deployment flexibility on your hardware of choice. The Astaro software appliances are available on CD with a printed manual or can be downloaded directly from Astaro servers and independently burned onto a CD. There is no need for client based software installation. Specific licensing packages are available, varying by the number of users/IP addresses. Hardware Appliance Astaro hardware appliances are based on high quality Intel-compatible server systems with each model offering an identical feature set. Small businesses do not have to surrender important security features due to scaled-down hardware performance. All models offer an integrated hard disk drive in order to locally store quarantined emails and log data, avoiding the need for additional servers. Astaro hardware appliances can be easily deployed at the perimeter of your network to protect all email, web and network user traffic. Since all hardware appliances feature a pre-installed operating system and software, the initial setup will be fast and without complication. There is no further need for client based software installation. With a complete range of models available, Astaro hardware appliances effectively protect networks from 10 to more than 2000 users. Virtual Appliance Astaro virtual appliances allow for easy deployment in virtualized environments. Optimized hardware allocation and reduced hardware expenditure is available since physical computers are able to run multiple virtual servers/appliances in parallel by using the underlying virtualization infrastructure. As a result, it is ideally suited for both managed security services as well as companies of all sizes consolidating physical servers onto fewer virtual systems. The Astaro virtual appliances can be downloaded from Astaro servers and burned independently onto a CD. It can then be installed on any VMware system running either a VMware server or VMware ESX server. Specific licensing packages are available, varying by the number of users/IP addresses. Astaro is one of the few security vendors offering a virtual appliance and we have been partners with VMware for over 5 years.
  • Routers for private users are cheap. However, to install these individually and to manage them requires a lot of time investment. Very often, important security functions, which business customers require, are not present. Low-end UTM appliances usually have the obligatory security features. However, if you sum up the effort and the hidden costs for roll out, maintenance, subscriptions and management software, these products are everything but &amp;quot;simple&amp;quot; and &amp;quot;affordable&amp;quot;. MPLS and Managed VPN Services are comfortable but require high budgets. Furthermore, they are not available everywhere.
  • Routers for private users are cheap. However, to install these individually and to manage them requires a lot of time investment. Very often, important security functions, which business customers require, are not present. Low-end UTM appliances usually have the obligatory security features. However, if you sum up the effort and the hidden costs for roll out, maintenance, subscriptions and management software, these products are everything but &amp;quot;simple&amp;quot; and &amp;quot;affordable&amp;quot;. MPLS and Managed VPN Services are comfortable but require high budgets. Furthermore, they are not available everywhere.
  • © Astaro 2008 Astaro Overview – Page If your business has many small branch offices such as travel agencies, retail stores, gas stations etc., then you need an easy and affordable way to connect them back to the headquarter location and to keep their Internet access secure – for that, RED makes your life a lot easier. Astaro RED (Remote Ethernet Device) is the first security gateway requiring no local setup. It&apos;s complete configuration is performed centrally via an Astaro Security Gateway located at your main office and automatically distributed to the RED appliances. All data for the remote office will then be filtered through the central ASG.
  • The small and affordable Astaro RED appliance creates a secure VPN tunnel to a central Astaro Security Gateway. This works like a direct Ethernet cable between the central and remote offices. Astaro RED appliances work similar to a &amp;quot;thin client&amp;quot; in regard to the central Astaro Security Gateway. This means, the entire traffic is redirected to the central office, where the security functions of the central Gateway are running. Through this, remote offices which are connected via an Astaro RED, are able to have the same level of security as their central office location. Astaro RED therefore offers complete enterprise-class security for small remote and home offices (depending on the security features running on the central Gateway).
  • Astaro RED is the first complete Security Gateway which does not require configuration or special technical know-how at the local office. The configuration is carried out at the headquarter location and automatically distributed to all Astaro RED devices. Even mass roll outs for up to 100 appliances per day is realistic. Configuration and setup are carried out automatically and are ready in just a few steps: - Appliance can be sent unconfigured to the remote office - At the remote location, an employee will communicate the Device ID to the IT department at the headquarter location (found on the bottom of the appliance) - The IT department will give the RED device a name within the central ASG - A new configuration will be automatically generated - Connect the Internet cable to the Astaro RED - Connect to a computer - Plug it in - The tunnel will be created automatically Requirements: Central ASG needs to run at least V7.505 with the Network Security Subscription (minimum). The remote office needs an Internet connection (Router/ Cable modem with DHCP and Port 3400 open)
  • The Astaro Security Gateway works as an &amp;quot;Astaro RED controller&amp;quot; and centrally manages all Astaro RED appliances via a cloud-based provisioning service. The complete configuration, logging and bug fixing is carried out at the headquarter location. Individual administration for each unit is not required. With Astaro RED, the administration of the IP addresses of the remote offices are reduced to child&apos;s play. The DHCP and DNS server configuration is carried out centrally in the Astaro Security Gateway and distributed over to the connected Astaro RED appliances. The individual creation and administration of security policies for every single location is also not necessary. You need only to create and administer a global policy which is valid for all remote locations. A further advantage is the integrated reporting function from Astaro which delivers information to all connected networks - without the need for a separate reporting tool.
  • Technical facts about Astaro RED
  • A WLAN solution needs to be: - simple to administer No WLAN expertise required through auto configuration Fast and simple provisioning of many Access Points for central management - reliable Uninterrupted signal for the entire office - secure Integrated UTM functionality Strong encryption Supports the latest Wi-Fi standards (802.11n)
  • Access Points for home users (D-Link, Linksys) Such consumer products are affordable, but offer only a limited amount of features. These are usually restricted in the WLAN area (for authentication, multiple and guest zones) and also in the security area (for content filtering). They are also hard to individually manage, especially when there are more than one in use. Low-end UTM appliances with integrated WLAN (Watchguard, Fortinet, Cisco) These appliances require a substantial initial investment and offer integrated UTM security. However, they have only a restricted areas of application. Since these appliances are usually located in the server room, the whole office will not receive a signal. Enterprise WLAN Soltuions (Aruba, Belden/Trapeze, Meru Networks) These solutions offer comprehensive WLAN functionality, but are relatively expensive and through it&apos;s complexity often hard to manage. Furthermore, they require an additional security solution for the protection of the network.
  • This slide shows our Access Points (the AP 10 on the left and AP 30 on the right). The AP 10 is for up to 10 users with a maximum throughput of 150 Mbit/s. This WLAN solution is directed towards smaller office environments. The AP 30 is for up to 30 users with a maximum throughput of 300 Mbit/s. This PoE aligned Access Point is available in the design of a smoke detector for a ceiling mount and is directed towards larger office environments. This appliance covers higher requirements for amount of users, signal reach and performance.
  • Astaro Wireless Security is a new approach, which serves to simplify the secure and reliable availability of WLAN environments. The integrated wireless controller in the ASG ensures that the affordable Access Points do not require any manual configuration. Astaro Access Points can be positioned anywhere in the office and offer a strong WLAN signal all over the office - the placement behind an Astaro RED is also possible, WLAN access for guests is also available in minutes and many clients can also be protected through the UTM security of the central ASG.
  • Plug &amp; Play Implementation Configuration and implementation of the Access Points require only a few steps: - Create a new WLAN in the WebAdmin (network name, zone and encryption should be specified) - Connect the Access Points to anywhere in the network - All Access Points appear automatically in the WebAdmin as &amp;quot;Pending Access Point&amp;quot;. - Click on &amp;quot;Accept&amp;quot; and the Access Point automatically creates a tunnel and allows for a secure connection Requirements: Min. V7.507 Min. Wireless Security Subscription
  • The Astaro Security Gateway works as a WLAN controller and centrally administers all Access Points. Configuration, logging and bug fixing are all carried out in the Astaro Security Gateway. Astaro Access Points act in regard to the Security Gateway&apos;s WLAN Controller as a thin client. The Astaro Access Points do not require any configuration. This means, the controlling functions in the Access Point devices are reduced to a minimum and are found in the WLAN controller instead. A further advantage is the integration of Astaro&apos;s reporting function, which delivers information to the connected WLAN clients without the need for a separate reporting tool. An active Wireless Security Subscription is required for the Astaro Security Gateway as a minimum requirement in order to use and administer the Astaro Access Points.
  • Placement Choice Astaro Access Points can be placed anywhere in your organization, providing a strong wireless signal all over the office. This allows mobile users the possibility, also in different locations like the conference room, corridors or reception, uninterrupted access to networked data. Multiple Zones All Astaro Access Points support up to 8 WLAN zones (SSIDs), each providing different authentication and privacy settings. This enables wireless guest Internet access without the risk of compromising the integrity of your network. The capacity of broadcasting multiple SSIDs allows the creation of what is often called a &amp;quot;virtual access point&amp;quot;, the partitioning of a single physical access point into several virtual access points, each of which have a different set of security and network settings.
  • Wireless Access Points seamlessly integrates in Astaro Security Gateway and instantly protects all wireless clients through complete UTM security, as provided by Astaro‘s award winning security technology. With Astaro Wireless Security, all security applications are executed within the central gateway, and all wireless traffic is forwarded to the Astaro Security Gateway. Thus, the wireless clients obtain the same level of UTM security as if they were physically connected to your internal network. Astaro Wireless Security supports state-of-the-art wireless encryption and authentication standards, ensuring the wireless connection is as secure as it gets: PA2-Enterprise in combination with IEEE 802.1X (RADIUS authentication) The Astaro Wireless Security monitoring function also enables users to easily recognize rejected authentication attempts.
  • This slide details the technical information of the AP devices. The AP30 is delivered with a PoE Injector as standard! For larger installations, in which a PoE Injector already exists, AP devices without the PoE Injector and mains supply are available.
  • Summary
  • © Astaro 2008 Astaro Overview – Page
  • Remote access to corporate network data from any location at any time is a necessity for mobile or home workers in many businesses. However, setting up these clients on individual PCs often becomes a huge administrative burden. Astaro VPN clients offer secure and flexible remote access for any type of network environment and operating system with minimal administrative effort. Astaro offers two different clients for IPsec and SSL connections. Depending on your individual requirements and client operating systems in use you can easily deploy both clients to securely connect to any Astaro Security Gateway.
  • Astaro IPsec Client is a powerful and feature rich client for IPsec based remote access from Windows XP, Windows Vista or Windows 7 based PCs (32 and 64 bit support). Many encryption types available: AES (128/192/256), DES, 3DES (112/168), Blowfish (128/448), RSA (up to 2048 Bit), DH groups 1/2/5/14, MD5, SHA-256/384/512 Windows 7 (32 and 64 Bit support).
  • Astaro SSL Client is an easy-to-use client for transparent SSL access to all company applications (no “Webifier” required). Installs on Windows, Linux, MacOS and UNIX operating systems. Available free of charge with any Astaro Security Gateway!
  • © Astaro 2008 Astaro Overview – Page
  • The Astaro Smart Installer is a special USB device that contains a unique chip which allows emulation of a USB CD-ROM. With it you can place the latest version of an Astaro image on an Astaro Gateway, if for example the installation is many updates or major versions behind. This saves the long process of applying many updates or moving across major versions all at once. Furthermore, a configuration backup can be easily installed after a system crash - without manual intervention.
  • What are the challenges when many Gateways are used in one comapny?
  • How are central management tasks approached today?
  • © Astaro 2008 Astaro Overview – Page Whether you have two or more than two hundred ASGs deployed, Astaro Command Center (ACC) saves you time and makes your life much easier! A browser-based GUI provides a centralized point where administrators can get a global view of their infrastructure and keep aware of events in real-time. Working with multiple sites has never been easier. Real-Time Monitoring of Critical System Parameters An overview for license status, threats, Fireware/Pattern updates, resources in use and other parameters in real-time. Aggregated Reporting Creates company-wide information on all Gateways via a central consolidated report. Inventory Management A fast overview about the properties of devices such as software version, CPU, memory, hard drive, network interfaces, CD-ROMs and more. Central Device Management “ Prefetch” and install pattern and system updates. System shutdown and Reboot. Central Configuration Global configuration of IPsec, Packet Filter configuration and Web Proxy Policies. Role-Based Administration Simultaneous management through users with differing administration rights - full revisioning available.
  • © Astaro 2008 Astaro Overview – Page Dashboard view provides a quick overview about critical system parameters. List view shows all details about connected ASGs. Through the drill down and filtering possibility, specific important parameters can be featured.
  • © Astaro 2008 Astaro Overview – Page The Command Center can be deployed in different ways: A) Deploy Astaro Command Center at the corporate headquarter location to distribute management tasks among regions or departments. B) Deploy Astaro Command Center in MSP environments to offer managed service with role-based multi-client access.
  • © Astaro 2008 Astaro Overview – Page The Astaro Command Center is available on two platforms. The software can be run on a dedicated, Intel-compatible PC of your choice, or as a Virtual Machine within a VMware environment such as a VMware Player or VMware ESX. Both appliances include the Linux OS with many applications and updates and maintenance. Both, the software and virtual appliances are available as free full versions.
  • © Astaro 2008 Astaro Overview – Page Summary
  • © Astaro 2008 Astaro Overview – Page The Essential Firewall contains the fundamental basis security functions which every business should use such as a firewall, network tools, routing and secure remote access. These are all available free of charge for all Astaro appliances - also for commercial use! With the integrated firewall, unauthorized access to internal and external resources are rejected and hacker attacks blocked. The Essential Firewall contains: Stateful Packet Inspection Firewall - Packet filtering which searches Packet headers - Stateful packet inspection – follows events via sessions and recognizes logging irregularities - All data packets are checked twice: upon entering the Gateway and upon leaving Flexible Rule Management - For hosts, networks, groups or VPN users - Time based activation - Interface based rules Network Address Translation - SNAT/DNAT - Masquerading Remote Access VPNs: - PPTP &amp; L2TP Network Services - IPv4/IPv6 dual stack - Static Routing - Transparent bridging - DynDNS client - NTP server - DHCP Server/Relay - DNS Server
  • © Astaro 2008 Astaro Overview – Page Hackers develop their attack methods continuously so firewalls alone can only recognize few attacks. Support is provided by Intrusion Prevention Systems (IPS) which are able to detect new forms of worms and other exploits. Furthermore, site.-to-site VPNs are required in order to create secure connections from remote offices to the central location. With the introduction of Astaro RED, there is now another possibility to connect remote offices to the central location without any configuration. All of these functions are available through the Astaro Network Security subscription.
  • © Astaro 2004 Astaro Security Linux – Page The integrated VPN Gateway provides the following functions: - Site-to-Site VPN for secure communication between two locations - Supports IPsec and SSL protocols - Star, hub-and-spoke and fully meshed configurations - Remote access for home workers and mobile users (Road Warriors) - Supports IPsec, SSL, L2TP and PPTP VPNs - Integrated clients in all operating systems (Windows, Linux, Mac OS X, iOs, Android…) as well as the Cisco IPSec Client Astaro IPsec Client Astaro SSL Client: Free download without user restrictions - Supports all Major Encryption and Many Authentication Methods - IPSec offers high interoperability with other devices - XAUTH allows for integration of One-Time-Password systems - Internal Certificate Authority - Full Public Key Infrastructure (PKI) Support
  • © Astaro 2004 Astaro Security Linux – Page The functionality of the Intrusion Prevention is seamlessly integrated in the firewall. An intuative summary of the rules in simple to activate categories (mail server attacks, web server attacks etc) simplifies management and does not require detailed know-how on special protocols. Through participation in the Microsoft Active Protections Program (MAPP), Astaro is one of the few vendors who are able to block Mircrosoft specific attacks - long before official recognition and also before Microsoft patches are available! The database contains rules for: Probing, Port Scans, Interrogations, Host Sweeps Attacks on application weak-spots Protocol exploits MAPP (Microsoft Active Protections Program) Signatures Intrusion Detection and Prevention: Admin notification or the immediate blocking of traffic Performance Management Interface: One click to create complete rule sets for e.g. for e-mail or web server requirements
  • © Astaro 2008 Astaro Overview – Page Astaro Mail Security ensures that the abuse which email is subjected to, such as spam, viruses and privacy issues, do not affect your daily business routines. Through this application, real messages are properly delivered and employees can find what they need without being exposed to damaging content. Dual yet individual virus engines operate in parallel to scan and block threats in content before it has a chance to enter the network. Astaro Mail Security stops spam, phishing and other unwanted email before it gets delivered and clutters up mailboxes. The combination of many different recognition mechanisms offer a high hit rate and low amount of false positives. Through Astaro&apos;s Email Encryption, sensitive information can be automatically encrypted and protected against external spys.
  • © Astaro 2004 Astaro Security Linux – Page Astaro E-mail Antivirus offers the following functions: - Dual Independent Virus Scanners with Multiple Detection Methods - Virus signatures, heuristic analysis - Blocks viruses, worms, Trojans and other malware before they reach the mail server or desktops Scans SMTP and POP3 traffic - Huge Signature Database with more than 800,000 virus signatures - Frequent automatic updates - Flexible Management - Can specify file formats (endings) and content (MIME type) to block - Emails and attachments can be dropped, rejected with message to sender, passed with a warning or quarantined
  • © Astaro 2004 Astaro Security Linux – Page Astaro Anti Spam: Identifies and Disposes Unsolicited SMTP and POP3 Emails Highest Detection Rate through Combination of Multiple Methods to Identify Spam - Reputation service with spam outbreak detection (format and language agnostic) using patented Recurrent-Pattern DetectionTM technology - Realtime Blackhole Lists (RBLs) - Dialup network blocking - Greylisting - BATV (Bounce Address Tag Verification) - SPF (Sender Policy Framework) record checking - Expression filter - Recipient verification - Reverse-DNS &amp; HELO syntax checks… Flexible Management - Emails and attachments can be rejected with message to sender, passed with a warning or quarantined
  • © Astaro 2004 Astaro Security Linux – Page
  • © Astaro 2004 Astaro Security Linux – Page En-/Decryption and Digital Signatures for SMTP Emails Supports OpenPGP and S/MIME Completely Transparent to the Enduser No additional Software on Client PC required Easy Setup Only three configuration steps to start Central Management of all Keys and Certificates No key or certificate distribution required Allows Content/Virus Scanning even for Encrypted SMTP Emails
  • © Astaro 2008 Astaro Overview – Page The unrestricted usage of the Internet, Instant Messaging, and Peer-to-Peer Programs not only reduces employee productivity, but can also lead to serious legal liability. Furthermore Malware hidden within downloads, needs to be filtered out to protect users and PCs from infection and data loss. The Astaro Security Gateway Web Security subscription protects your organization and your users and gives you visibility into how they spend their time online. Spyware and viruses in FTP, HTTP and even in encrypted HTTPS data is reliably recognized and stopped, before they are able to reach the network and create any damage. The URL filter ensures when and where your employees spend their time online. With IM/P2P filtering, you are able to restrict the use of instant messagng and Peer-to-Peer applications. All information is collected and displayed in detailed reports, which shows how effective your security policies are and which areas need to be worked on.
  • © Astaro 2004 Astaro Security Linux – Page - Blocks (Unintentional) Downloads of Spyware, Adware, and Other Malicious Software - Prevents Infected Systems from Sending Information Back to the Spyware (Home) Servers - Checks Against a Database of Known Spyware URLs - Filters and Removes Active Content Such as Java, Active X, Flash, Cookies, VBScript or JavaScript
  • © Astaro 2004 Astaro Security Linux – Page Web Antivirus/Malware: Reliably detects and blocks viruses, worms, trojans, and other “malware” in emails, web and FTP downloads before they reach email servers or desktops Scans HTTP, HTTPS and FTP, traffic Web &amp; FTP Downloads Web-based E-mail (MSN Hotmail, Yahoo! Mail) Dual Independent Virus Scanners with Multiple Detection Methods Virus signatures, Heuristic analysis Huge Signature Database with more than 800,000 virus signatures Frequent automatic updates Flexible Management Can specify file formats (endings) and content (MIME type) to block
  • © Astaro 2004 Astaro Security Linux – Page URL Filter: Controls employee web usage Improves productivity Ensures compliance with company-wide surf regulations Administrators can restrict web resources via 96 pre-defined categories Games, shopping, drugs, jobs, sport, entertainment, etc. Additional categories can be individually managed Filter Might also Consider Global Reputation Whitelists and Blacklists to Tailor Access for Groups of Users Many User Authentication Options IP Address, Active Directory SSO, eDirectory SSO, LDAP, RADIUS/TACACS+ Time-based access policies
  • © Astaro 2004 Astaro Security Linux – Page IM Client examples: AOL IM, ICQ, MSN Messenger, Yahoo! Messenger, IRC, Google Talk/Jabber, Tencent QQ, Skype P2P Client examples: Applejuice, Ares, Bittorrent, Direct Connect, Edonkey, Gnutella, IMesh, MUTE, Manolito, Pando, Share, WinMX, Winny Flexible control: Depending on application the administrator can decide to either allow or block it completely, block file transfers only or just log its usage Specific users/IP addresses can be excluded from general rules Specific hosts and networks can be excluded from IM/P2P control Granular Bandwidth Control Define max. allowed bandwidth per application
  • © Astaro 2008 Astaro Overview – Page Astaro Web Application Security hardens your web servers using Reverse Proxy technology to protect them from modern attacks and data loss. With it, you can securely offer applications like Outlook Web Access (OWA) and guard against techniques like SQL Injection and Cross Site Scripting (XSS). Stop hackers from using these types of attacks to gain access to sensitive information like credit card data, personal information, and social security numbers. Astaro Web Application Security aids you in compliance efforts where a web application firewall is required, such as PCI-DSS. Reverse Proxy will monitor and manage the connections to and from your Web or Outlook Web Access servers. Using this technology, Astaro can scan of all the transactions occurring in real-time while giving you layered security options for how the Internet interacts with your servers both over normal HTTP and encrypted HTTPS. The integrated Web Application Firewall offers a series of functions to protect your web server and applications: - A scanning engine recognizes and reliably blocks viruses, worms, Trojans and other malware in server uploads and downloads, before they reach the server of the user. - URL Hardening ensures that website visitors occupy only the areas publically presented and have only access to specifc content. - Cookie Signing prevents that the content of a cookie, that is given out from your web server to the user, is manipulted.
  • Different types of attacks require different mechanisms for recognition. One mechanism is the use of patterns, similar to that in a IPS-System. With this, many of the usual SQL injection and XSS attacks can be recognized and prevented. Astaro WAS uses a comprehensive set of patterns, which are updated live. - Over 350 patterns dedicated to this single area of protection - Live-updated in real time using Astaro Up2Date technology - Can be configured by any administrator, no special training is required - Support for multiple profiles which can be applied to different servers separately - No complex regular expressions to master - Reduces the risk of data theft and site tampering.
  • Astaro WAS inspects all outgoing and returning cookies &lt;click&gt; - Outgoing cookies are stamped with a digital, tamper-proof signature Returning cookies are inspected by WAS - Invalid or missing signatures will cause cookie to be discarded (Cookies not issued by the server will have no signature at all)
  • URL hardening checks every website request that a visitor is allowed to make; restricting them to valid ones only. For this, the administrator needs only to define the initial URL (for example www.astaro.com). When a page is then requested, WAS checks the links to the sub pages and objects and saves these as &amp;quot;allowed&amp;quot; URLs. For our example, allowed URLs would be \\products, \\solutions etc… &lt;click&gt; If someone tries to access www.astaro.com\\admin.php for example via manual intervention, WAS will reject the request. Additionally, the URLs and objects which are sent to the browser from the server will be signed. &lt;click&gt; Through this, the manipulation of single parameters such as /resources.php?userID=123 can be prevented.
  • Another feature of Astaro’s Web Application Security is the Antivirus features. With two engines which operate separately in parallel it is possible to scan uploads and downloads &lt;click&gt; This prevents users from uploading files like email attachments (OWA) or posting infected content to your bulletin board (UBB). On the other side it prevents customers/visitors from becoming infected should your site attempt to distribute a virus to them.
  • WAN Link Balancing enables the simple and simultaneous use of many Internet connections. With this extension, Astaro allowed the option of an active/passive setup (the second connection will then only be used when the first connection is not available). Alternatively, the new Multipath-Balancing can be used. The new active/active balancing enables you to distribute many connections and fix standard priorities for respective connections in case of a sytsem crash. This scenario shows a configuration with a special type of data transfer (Web/Mail) which is connected to a special uplink interface. Both connections serve as opposing security systems in the case one fails.
  • Sales Kick-Off October 2006 © Astaro 2006 Whats’s New in Astaro Security Gateway V7 – Page Ethernet Link Aggregation enables many Ethernet-Ports to be logically connected for: - More performance - More stability and reliability Requirements: The connected partner needs to support link aggregation (802.3ad)
  • Incoming data traffic can be dynamically divided over many servers in a cluster. The failure of a server in the list (dead peer) will be immediately recognized through a customizable availability test (health-check - TCP, ICMP (Ping), HTTP Connect or HTTPS Connect). Session persistence guarantees that clients are always connected with the same server. This should prevent the crash of existing sessions, which the client would be forced to usually do, and the information would need to be reentered (for example with online shopping).
  • With active/passive HA, a slave system operates in stand-by operation. In normal operation, all tunnels, firewall connections and quarantined objects are synchronized. &lt;click&gt; In the case that the master fails, the slave takes over in less than 2 seconds. -&gt; After the take over, the IPsec tunnels do not need to be rebuilt. Both devices are logically available for management, but only one is visible.
  • The Active-Active (Cluster) mode offers high availability as well as integrated load balancing for up to 10 nodes. The load balancing is steered by the master, therefore an external load balancer is not required. As opposed to other cluster solutions, the master node inspects every data packet before it is forwarded to the other nodes. This ensures that only the performance intensive tasks such as virus scanning, IPsec or Intrusion Prevention are distributed to the other nodes. The existing network environment does not need to be updated - the complete cluster is considered as &amp;quot;one&amp;quot; routing device inside of the network. New nodes can be added during live operations. The whole configuration, all connections and Firmware releases will be automatically synched during operations. The synch load between the node is minimal thanks to the innovative Astaro algorythem. Astaro Active-Active HA enables the use of fully networked configurations via redundant switches (intern/extern). Advantages Drastically improved performance (up to 1 Gbps) for complex scanning tasks. Makes ASG to one of the most performance strong security solutions on the entire market.
  • Through &amp;quot;Zero-Config HA&amp;quot;, configuring HA environments is reduced to child&apos;s play. All devices are set to “Automatic Configuration“ as standard With the connection of double devices via the HA interface, configuration follows independently in Active-Passive HA mode. In order to configure a Active-Active (Cluster), you need only to change the HA-mode on the master to &amp;quot;cluster&amp;quot;. All devices then independently register in the cluster No additional configuration is required for the slave nodes of the cluster
  • Astaro Security Gateways support the uninterrupted power supply (UPS) from APC and MGE. This works by the signal of a power cut (change to battery supply) via the USB port, then a message is sent to the admin. After a critical battery level has been reached, the ASG is &amp;quot;ordered&amp;quot; to then power down.
  • Astaro Security Gateways offer different routing functions: Static routing enables the manual entry of routers in the WebAdmin. Via policy routing, the paths are independently defined by the source and target address as well as by the data type in order for VoIP data to find the least low-lag path or for unimportant information to find the cheapest connection route for example. Dynamic OSPF routing enables the automated recognition of current network topologies and the selection of the most optimal route. Changes to the topology (for example with power loss) will be automatically recognized. Astaro supports OSPF V2 - RFC 2328 inclusive of MD5 and password authentication. OSPF is the most used protocol inside of large backbone networks and offers many advantages as opposed to older protocols such as RIP. Multicast routing allows for the distribution of single packets to many recipients, which for example makes the assignment of media streams much more efficient.
  • The integrated DHCP proxy can be used as a server to supply clients in local networks with dynamic IP addresses. It can also be appointed as a relay in order to forward address requests to an external server. For every network Interface, different DHCP configurations are possible.
  • The integrated DNS proxy allows for flexible resolution of domain names in IP addresses. Not only can different external DNS servers be used, but also unique static entries in the ASG can be administered. A local cache accelerates the requests to the DNS server. Split DNS allows the possibility for requests to specific domains to be forwarded to a local DNS server.
  • Astaro QoS can guarantee bandwidth availability for certain types of outgoing network traffic. This bandwidth is however not continuously reserved and blocked off for other applications but only applied when the bandwidth availability becomes tight. For example, when unimportant data is taking up too much of the whole bandwidth availability. Applications (for example P2P, Surfen, ERP, VoIP) can be simply defined through a data selector (also when used by ToS and DiffServ flags) and certain bandwidth pools with priorities can be allocated. For certain data types, (such as Skype, Bittorent etc.) there are predefined selectors. All settings can be made by each Interface. Incoming traffic is optimized by different techniques such as Stochastic Fairness Queuing (SFQ) or Random Early Detection (RED) in order to avoid data queues.
  • When it comes to e-mail management, we find three challenges which administrators face all the time: The first and most unpopular, due to its complexity, is compliance, as in most countries e-mail communication has to be archived by legal or regulatory compliance requirements. Tools are therefore required to archive e-mails securely for defined periods of time and also make sure they are deleted when expired. The next challenge is the sheer e-mail volume clogging valuable storage space on your mail server as well as the growing amounts of individual mail files (PST files) that are simply not manageable on a larger scale. They are often not backed up and also are slow when searching through them (which is not possible with OWA at all). And last but not least, e-mail discovery is a very important task, as the vast amount of information formed by all those messages must be searchable to produce fast and reliable results – also a task often left to the pc-client and end-user who must browse through large e-mail folders to retrieve specific e-mails which is slow and frustrating.
  • When you are looking into solving these kind of problems, you will find that an e-mail archiving solution will just the answer. However, looking at today‘s offerings you will also quickly realize that there are three different types of solutions available. The first type are pure software solutions. As a pure on-site software installation, it fits quite nicely into your corporate environment, but at high cost: You will have to provide your own hardware - which also is the limiting factor, it‘s expensive in terms of initial investment AND maintenance. And last but not least, when it comes to scalability, you will find that it doesn‘t really scale well at all. The same is more or less true for appliances. Slightly lower maintenance costs and a less tight integration into existing environments but still the same scalability issues and hardware limitations. A newer and far better approach comes with the hosted archiving services. They offer very low initial investments and are mostly easy to use solutions that don‘t require installation efforts on-site – if at all. However, most of the services you will find today have additional hidden costs and storage limits. They do a very good job in hiding these facts with very intransparent licensing models.
  • Astaro solves all of the challenges we have just talked about by offering a cloud-based e-mail archiving service that is easy to setup, accessable from everyware and scales with your growth. Astaro Mail Archiving is easily setup after a simple registration and automatic provisioning process and archives e-mails from MS Exchange Servers over an encrypted internet tunnel, storing them securely into data centers. Once in the archive, you can access all of your corporatate e-mail from anywhere, anytime through an Outlook Plugin or WebGUI that allows an instant and easy, Google-like search. To get deeper into the beauty of our solution, let‘s first look at the setup...
  • To set up Astaro Mail Archiving, you practically don‘t need to install any additional hardware or software at your site. By using the Journaling function of your existing MS-Exchange server (MS Exchange 2003, 2007 and 2010 are supported), the installation is complete within 15 minutes of registration and you can start to archive your e-mails. This enables you to archive all incoming, outgoing, and internal e-mails and transfer the majority of your e-mails to the cloud - so that the required storage space on your mailbox server can be reduced.
  • Compliance is usually the main challenge when considering an e-mail archiving solution. Astaro Mail Archiving makes the task simple: Only archive what you really need to by filtering out undesired messages and individually selecting the archiving period for the messages that you want to archive: whether you archive messages for a year or a decade, Astaro will not charge you any more! Of course, all actions are carefully monitored and logged so that evidence can be provided whenever necessary. There are also special auditor roles, which provide auditors with the ability to access all company messages, for example. If desired, these roles can be secured by a dual control principle.
  • Whether auditor or end-user: Your search will produce results in seconds and will not only search e-mail content but also all attachments. You can choose between two Google-like search options: Use a web interface when on-the-go or if you need to perform auditor searches or choose an Outlook plug-in (for MS Outlook 2003, 2007, 2010) which seamlessly integrates into your familiar work environment.
  • Users practically don‘t have to learn or even change the way they work with e-mail. The plugin integrates seamlessly into the Outlook clients and messages can be handled the same way as you are used to. Even drag and drop operations are possible and for convenience, searches are automatically saved! As an extra advantages, you will even get the possibility to upload existing e-mails such as PST-files or older mailbox folders into the archive.
  • When it comes to storing your valuable e-mail communication into the cloud, the Astaro Mail Archiving service ensures that your data stays secure: High availability data centers receive your e-mails via a TLS encyrpted link to your corporate e-mail server. Once processed, the data is encrypted and stored in redundant storage networks, where it is also automatically backed up to a separate data center. Astaro Mail Archiving is flexible and convenient to use with support for user synchronization through your local Active Directory or for example support for multiple transport forms and formats. Even importing exisiting data is easy through the PST-file import.
  • Licensing for Astaro Mail Archiving is straight-forward and transparent: The product is licensed per mailbox and has typical user scales as shown in the slide here. Beside your appropriate scale, you only have to choose whether you want to sign for a 1, 3 or 5 years period. And to be clear: this not only includes the right to archive e-mails for the amount of users, you will also truly have no limitations: - No storage limit This means that for licensed users and regular business use, you will be able to archive messages without worrying about growing disk space - No retention time limit This means that only you decide whether you want to store an e-mail for 1 or 10 years, no additional fees are applied if you want to store for longer. - No additional fees for PST import Have tried to get existing PST files into any other cloud from our competitors? We not only can tell you how this is easily done, we tell you also how much it additionally costs: Nothing!
  • Summary
  • Astaro asia product-presentation-updated 21-feb11

    1. 1. Astaro Product Presentation Name of Presenter, Designation Date of Presentation
    2. 2. Agenda <ul><li>Product Overview </li></ul><ul><li>Security Gateways </li></ul><ul><li>Gateway Extensions </li></ul><ul><li>Management Tools </li></ul><ul><li>Security Gateway Feature </li></ul><ul><li>Hosted Services: Astaro Mail Archiving </li></ul><ul><li>Company Profile </li></ul>
    3. 3. Company Profile The Leading European UTM Security Provider
    4. 4. Our Business ASTARO is the leading European UTM Security provider for small to medium sized companies and organizations requiring integrated products for Email, Web and Network Security that are cost efficient and easy-to-use. In contrast to suppliers of single- or other multi-function products for internet security Only Astaro offers easy-to-use All-In-One security gateways with complete enterprise-class functionality specifically designed for SMEs
    5. 5. Astaro Global Profile <ul><li>Founded 2000 </li></ul><ul><li>170 employees </li></ul><ul><li>Headquarters in: </li></ul><ul><ul><li>Karlsruhe (Germany) </li></ul></ul><ul><ul><li>Boston (USA) </li></ul></ul><ul><ul><li>Singapore (Asia Pacific) </li></ul></ul><ul><li>Worldwide Offices </li></ul><ul><li>> 2500+ partners & resellers worldwide </li></ul><ul><li>24/7 Service </li></ul><ul><li>Astaro protects more than 100.000 networks for 47.000 customers in over 60 countries </li></ul>
    6. 6. Astaro Asia Hub <ul><li>Established in Singapore in August 2009 </li></ul><ul><li>Supporting whole of Asia Pacific except Japan </li></ul><ul><li>13 Employees </li></ul><ul><ul><li>Singapore (Headquarters) </li></ul></ul><ul><ul><li>Australia </li></ul></ul><ul><ul><li>Indonesia </li></ul></ul><ul><ul><li>China </li></ul></ul><ul><ul><li>India </li></ul></ul><ul><li>11 distributors in the region </li></ul><ul><li>Focused on building a small but strong VAR base </li></ul>
    7. 7. Successful Global Customers
    8. 8. Successful Asia Pacific Customers Education
    9. 9. Successful Asia Pacific Customers Government National Economic Development Authority
    10. 10. Successful Asia Pacific Customers Telcommuniations & Utilities
    11. 11. Successful Asia Pacific Customers Financial Services Institutions (FSI)
    12. 12. Successful Asia Pacific Customers Manufacturing
    13. 13. Successful Asia Pacific Customers Retail and Hospitality
    14. 14. Successful Asia Pacific Customers Non-Profit Organizations
    15. 15. Awards SC Magazine - Best SME Security Solution 2010 The final verdict &quot;a great product at a highly competitive price. Overall a great value for the money.&quot; SC Magazine - 5 Star Rating Astaro Security Gateway is a &quot;very responsive and strong appliance. Contains all the necessary security and content management features.&quot; WINMAG Pro - MKB Best Choice 2009 WindowSecurity.com - Software-Based Firewall Readers Choice Scholastic Administr@tor - Best in Tech for Network Security 2009 VAR Business 2009 Partner Program Guide - 5 Star Rating Linux Magazine - Top 20 Companies to Watch in 2009
    16. 16. Awards Technology Innovation of the Year Award 2008 „ superior performance” (Frost & Sullivan) Top 100 Innovator 2008 „ exceeding creative and innovative research and development” (Compamedia) PC Praxis Testsieger „ technically outstanding“ (PC Praxis) 2008 Editor’s Best Award „ competitive advantages, value to the customer“ (Windows IT Pro) 3x Best of the Year Award 2x Editor‘s Choice „ To call Astaro‘s Appliance just a UTM would be a major understatement.“ (SC Magazine) 2x Product of the Year „ Among the array of contenders, one product managed to stand out.” CRN Magazine
    17. 17. Certifications TOLLY Up-to-Spec Certified independent test lab (Tolly Enterprises, LLC) Common Criteria First UTM appliance to receive the Common Criteria certification from the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik) ICSA Labs Firewall Certification security industry's central authority for research, intelligence, and certification testing of products (ICSA Labs) VMware - VMware Ready Certification Products that carry the VMware Ready logo have passed specific VMware integration and interoperability criteria and are ready to run mission critical business applications and operations with full VMware support.
    18. 18. Recognitions “ Frost & Sullivan believes that Astaro is to be a leading company in the UTM market…” - 2009
    19. 19. Recognitions Figure 1. Magic Quadrant for Unified Threat Management
    20. 20. Agenda <ul><li>Product Overview </li></ul><ul><li>Security Gateways </li></ul><ul><li>Gateway Extensions </li></ul><ul><li>Management Tools </li></ul><ul><li>Security Gateway Feature </li></ul><ul><li>Hosted Services: Astaro Mail Archiving </li></ul><ul><li>Company Profile </li></ul>
    21. 21. Astaro Products in Use
    22. 22. Security Gateways Comprehensive All-In-One Security for SMEs
    23. 23. Internet Threats on the Increase Crackers Botnets Spam Phishing Scam Hoax Viruses Spyware Gray ware Intrusions Denial of Service Distributed Denial of Service Ping floods Eavesdropper Script Kiddies Espionage Malware Root kits Adware P2P File sharing Trojans Spit Bots Backdoors Buffer Overflows Hackers Malcode Bugs Key loggers Crime ware Pharming Competitors Identity theft Exploits DNS poisoning Snarf attacks Spam bots Spy bots Trap doors War driving Ransomware ASCII bombs Bluesnarfing Worms Decrypting Reverse engineering Phreaking Port Scanning
    24. 24. Modern IT-Security Challenges Cost Time Investment IPS SSL VPN Gateway E-Mail/Spam Filter Web Filter GW Antivirus Filter WAN Link Balancer Load Balancer Router Total: Firewall
    25. 25. The Astaro All-In-One Approach All-In-One Appliance Centralized Management & Reporting Browser-based Unified Management of All Applications VPN & Wireless Extensions Flexible Deployment Software Appliance Virtual Appliance Integration of Complete E-mail, Web & Network protection Networking-Features for High Availability and Load Balancing
    26. 26. Astaro Security Gateway Unified Threat Management Appliances
    27. 27. Deployment Scenarios
    28. 28. Security Features Enterprise-class Security for SMB <ul><li>Wireless Controller for Astaro Access Points </li></ul><ul><li>Multi-Zone (SSID) support </li></ul>Wireless Security optional <ul><li>Intrusion Prevention </li></ul><ul><li>IPSec/SSL VPN </li></ul><ul><li>Branch Office Security </li></ul>Network Security optional <ul><li>URL Filter </li></ul><ul><li>Antivirus & Antispyware </li></ul><ul><li>IM & P2P Control </li></ul>Web Security optional <ul><li>Reverse Proxy </li></ul><ul><li>Web Application Firewall </li></ul><ul><li>Antivirus </li></ul>Web Application Security optional <ul><li>Anti Spam & Phishing </li></ul><ul><li>Dual Virus Protection </li></ul><ul><li>Email Encryption </li></ul>Mail Security optional <ul><li>Stateful Firewall </li></ul><ul><li>Network Address Translation </li></ul><ul><li>PPTP/L2TP Remote Access </li></ul>Essential Firewall
    29. 29. 10 Advantages of Astaro Security Features <ul><li>Secure Firewall </li></ul><ul><li>1 </li></ul><ul><li>Support all integrated VPN clients </li></ul><ul><li>2 </li></ul><ul><li>Detect malware in HTTPS-data </li></ul><ul><li>3 </li></ul><ul><li>Keep mailboxes clean </li></ul><ul><li>4 </li></ul><ul><li>Protect confidential messages </li></ul><ul><li>5 </li></ul>User-based web filter 6 Block Skype, Bittorrent or others 7 Implemented Web Application Firewall 8 Clustering allows flexible scaling 9 Integrated Wireless Controller 10
    30. 30. Management Made Easy <ul><li>Intuitive Dashboard </li></ul>Individual UserPortal Comprehensive Reporting
    31. 31. 10 Advantages of ASG Management <ul><li>Web interface </li></ul><ul><li>1 </li></ul><ul><li>Low maintenance </li></ul><ul><li>2 </li></ul><ul><li>Mail & VPN User Management </li></ul><ul><li>3 </li></ul><ul><li>Simple Connection for Mobile Employees </li></ul><ul><li>4 </li></ul><ul><li>Fast Disaster-Recovery </li></ul><ul><li>5 </li></ul>Reuse User-Definitions in AD 6 Integrated Supported Reporting 7 Integrated log and quarantine management 8 Secure connection to branch offices in 5 minutes 9 “ Zero-Config HA“ 10
    32. 32. Astaro Security Gateway Products *Pricing based #IPs/Users
    33. 33. Deployment Models Hardware Operating System Application First UTM Appliance that passed VMware validation program Hardware Operating System Application Hardware Appliance Software Appliance Virtual Appliance
    34. 34. Agenda <ul><li>Product Overview </li></ul><ul><li>Security Gateways </li></ul><ul><li>Gateway Extensions </li></ul><ul><li>Management Tools </li></ul><ul><li>Security Gateway Feature </li></ul><ul><li>Hosted Services: Astaro Mail Archiving </li></ul><ul><li>Company Profile </li></ul>
    35. 35. Gateway Extentions
    36. 36. Branch Office Security Secure Branch Office Connection
    37. 37. Branch Office Security - Challenges <ul><ul><ul><li>Businesses with many small branch offices need an easy and affordable way to connect them back to the headquarter location and keep their Internet access secure. </li></ul></ul></ul>
    38. 38. Available Solutions <ul><li>Routers for private users </li></ul><ul><li>Low-end UTM Appliances </li></ul><ul><li>MPLS and Managed VPN Services </li></ul>
    39. 39. Astaro RED <ul><li>The easiest and most economic way to secure your branch offices in a few minutes – without the need for technical personnel at the remote site! </li></ul>
    40. 40. Deployment Scenario
    41. 41. How Does RED Work?
    42. 42. Easy Installation <ul><li>Appliance can be delivered without configuration </li></ul>  A0410230401    Internet  TUNNEL  Computer  Headquarter Branch Office
    43. 43. Implemented Centralized Management
    44. 44. Astaro RED 10 <ul><li>Technical Information </li></ul><ul><li>Solid steel chassis </li></ul><ul><li>No moving parts </li></ul><ul><li>1 WAN Port </li></ul><ul><li>4-Port LAN Switch </li></ul><ul><li>>30 Mbit/s VPN-throughput </li></ul><ul><li><7 Watt power consumption </li></ul><ul><li>Unrestricted users </li></ul><ul><li>No Buttons, No GUI </li></ul>
    45. 45. <ul><li>Easy to implement and manage </li></ul><ul><ul><li>Virtual Ethernet cable </li></ul></ul><ul><ul><li>Setup in the branch in two minutes </li></ul></ul><ul><ul><li>Centralized configuration in ASG </li></ul></ul><ul><ul><li>No technical personnel required at the remote site </li></ul></ul><ul><li>Cost efficient </li></ul><ul><ul><li>Small, low-cost appliance </li></ul></ul><ul><ul><li>No maintenance or recurring costs in the remote site </li></ul></ul><ul><li>Complete UTM security </li></ul><ul><ul><li>Enterprise-class network, mail, and web filtering in central ASG </li></ul></ul>Advantages
    46. 46. Wireless Security Secure Wireless Networks for Businesses
    47. 47. Wireless Networks – The Challenges <ul><ul><ul><li>Businesses need an easy-to-use, secure and reliable possibility to integrate wireless devices into their business networks. </li></ul></ul></ul>
    48. 48. Available Solutions <ul><li>Access Points for private users </li></ul><ul><li>Low-end UTM-Appliances with integrated Wi-Fi </li></ul><ul><li>Enterprise Wireless Solutions </li></ul>
    49. 49. Astaro Wireless Security <ul><li>Air traffic control for your business network </li></ul>
    50. 50. Deployment scenarios
    51. 51. Easy installation Astaro Security Gateway    Guest Internet Finance
    52. 52. Centralized Management
    53. 53. Flexible Access for the Whole Office <ul><ul><li>Astaro access points can be placed anywhere in your organization. </li></ul></ul><ul><li>Easy creation of multiple separate wireless zones. </li></ul>
    54. 54. Integrated Security Integrated UTM Security Strong Encryption
    55. 55. Astaro Access Points <ul><li>Up to 10 users </li></ul><ul><li>150 Mbit/s throughput </li></ul><ul><li>1 x 10/100 Base TX </li></ul><ul><li>802.11 b/g/n </li></ul><ul><li>1 x detachable dipole antenna </li></ul><ul><li>Power consumption: < 8 Watt </li></ul><ul><li>Desktop/Wand mounting </li></ul><ul><li>Up to 30 user </li></ul><ul><li>300 Mbit/s throughput </li></ul><ul><li>1 x 10/100 Base TX </li></ul><ul><li>802.11 b/g/n </li></ul><ul><li>3 x internal antennas </li></ul><ul><li>Power consumption: < 8 Watt </li></ul><ul><li>Desktop/ceiling mounting </li></ul><ul><li>Power over Ethernet (802.3af) </li></ul>AP 10 AP 30 PoE-Injector included!
    56. 56. <ul><li>Easy installation and management </li></ul><ul><ul><li>Centralized configuration </li></ul></ul><ul><ul><li>No configuration at the Access Points’ site necessary needed </li></ul></ul><ul><li>Secure and reliable </li></ul><ul><ul><li>Integrated UTM-security for wireless devices </li></ul></ul><ul><ul><li>Best protection for wireless connections </li></ul></ul><ul><li>Flexible access </li></ul><ul><ul><li>Continuous signal in the whole office </li></ul></ul><ul><ul><li>Easy internet access for guests </li></ul></ul>Advantages
    57. 57. Astaro Clients Secure Remote Access to Business Networks
    58. 58. Deployment Scenario
    59. 59. <ul><li>Highly secure data connections to Astaro VPN gateways </li></ul><ul><li>Authentication via Pre-Shared Key (PSK), PKI (X.509), Smartcards, Tokens, XAUTH </li></ul><ul><li>Encryption via AES, DES, 3DES, Blowfish, DH-groups, MD5, SHA </li></ul><ul><li>Intelligent Split-Tunneling for optimum traffic routing </li></ul><ul><li>NAT-Traversal support </li></ul><ul><li>Multilingual (English, German, French) </li></ul><ul><li>Windows XP, Vista, 7 </li></ul><ul><li>„ One-click“-Setup </li></ul>Astaro IPsec Client
    60. 60. <ul><li>Proven SSL- (TLS) based security </li></ul><ul><li>Minimal system requirements </li></ul><ul><li>Supports MD5, SHA, DES, 3DES and AES </li></ul><ul><li>Works through all firewalls, regardless of proxies and NAT </li></ul><ul><li>Independent from Browser </li></ul><ul><li>Offers transparent access to all resources and applications within the corporate network </li></ul><ul><li>Windows 2000, XP, Vista, 7, Linux, MacOS X, BSD or Solaris </li></ul><ul><li>„ One-Click“-Setup </li></ul><ul><li> * for free </li></ul>Astaro SSL Client*
    61. 61. Astaro Smart Installer Fast Disaster Recovery
    62. 62. <ul><li>Fast Recovery </li></ul><ul><li>Fast installation of a software-image or recovering a stored configuration with a bootable USB device </li></ul><ul><ul><li>Configuration will be used automatically </li></ul></ul><ul><ul><li>No manual interference necessary </li></ul></ul><ul><li>Reduces downtime </li></ul>Astaro Smart Installer
    63. 63. Management Tools Centralized Management of all Security Products
    64. 64. Central Management – The Challenges <ul><li>Management of the complete security infrastructure </li></ul><ul><li>1 </li></ul><ul><li>Setting global definitions </li></ul><ul><li>2 </li></ul><ul><li>Monitoring important values (in real-time) </li></ul><ul><li>3 </li></ul><ul><li>Creating company-wide reports </li></ul><ul><li>4 </li></ul><ul><li>Centralized inventory management </li></ul><ul><li>5 </li></ul>
    65. 65. <ul><li>How do you handle all management tasks today? </li></ul><ul><li>All devices will be managed separately </li></ul><ul><ul><li>Very time-consuming </li></ul></ul><ul><li>Tools for central management </li></ul><ul><ul><li>Expensive and complex </li></ul></ul><ul><li>Using self-provided Batch processing </li></ul><ul><ul><li>Very time-consuming </li></ul></ul><ul><ul><li>For configuration only, monitoring and reporting generally not possible </li></ul></ul>Available Solutions
    66. 66. Astaro Command Center Manage all your security products from a single location
    67. 67. <ul><li>Real-Time Monitoring </li></ul><ul><li>Aggregated Reporting </li></ul><ul><li>Inventory Management </li></ul><ul><li>Device Maintenance </li></ul><ul><li>Central Configuration </li></ul><ul><li>Access Management </li></ul>Astaro Command Center
    68. 68. Easy Management
    69. 69. Multi-Client Capability for Managed Services
    70. 70. Products Virtual Appliance* Runs in any VMware environment Software Appliance* Runs on Intel-compatible PCs and servers Free of Charge!
    71. 71. Advantages <ul><li>Save and distribute administration tasks </li></ul><ul><li>1 </li></ul><ul><ul><li>Simple configuration for company-wide security policies </li></ul></ul><ul><li>2 </li></ul><ul><li>Overview for important resources used </li></ul><ul><li>3 </li></ul><ul><ul><li>Monitor critical system parameters in real-time </li></ul></ul><ul><li>4 </li></ul><ul><li>Easy maintenance for worldwide distributed devices </li></ul><ul><li>5 </li></ul>
    72. 72. Agenda <ul><li>Product Overview </li></ul><ul><li>Security Gateways </li></ul><ul><li>Gateway Extensions </li></ul><ul><li>Management Tools </li></ul><ul><li>Security Gateway Feature </li></ul><ul><li>Hosted Services: Astaro Mail Archiving </li></ul><ul><li>Company Profile </li></ul>
    73. 73. Astaro Security Gateway Features Enterprise-Class Security Technology
    74. 74. Astaro Essential Firewall
    75. 75. Astaro Network Security
    76. 76. <ul><li>Virtual Private Network (VPN) Gateway </li></ul><ul><li>Site-to-Site IPsec & SSL VPN for creating a secure communication </li></ul><ul><li>Remote Access for employees and mobile user (Road Warriors) via IPsec & SSL </li></ul><ul><li>Support of all Major Encryption and Authentication Methods </li></ul><ul><li>Certificate Authority </li></ul>Astaro Network Security
    77. 77. <ul><li>Intrusion Prevention </li></ul><ul><li>Identifies and Blocks Application and Protocol Related Probes and Attacks through Deep Packet Inspection </li></ul><ul><li>Database of over 8,000 Patterns and Rules </li></ul><ul><li>Intrusion Detection and Prevention </li></ul><ul><li>Powerful Management Interface </li></ul><ul><li>DoS (Denial of Service Attack) and protection from port scans </li></ul>Astaro Network Security
    78. 78. Astaro Mail Security
    79. 79. <ul><li>E-Mail Antivirus </li></ul><ul><li>Dual Independent Virus Scanners for SMTP and POP3 </li></ul><ul><li>Blocks Malware before it reaches email servers or desktops </li></ul><ul><li>Database with more than 800.000 virus signatures </li></ul><ul><li>Flexible Management </li></ul><ul><ul><li>Can specify file formats (endings) and content (MIME type) to block </li></ul></ul><ul><ul><li>Emails and attachments can be dropped, rejected with message to sender, passed with a warning, or quarantined </li></ul></ul>Astaro Mail Security
    80. 80. <ul><li>Antispam </li></ul><ul><li>Highest Detection Rate through Combination of Multiple Methods: </li></ul><ul><ul><li>Reputation service (format and language agnostic) </li></ul></ul><ul><ul><li>Realtime Blackhole Lists (RBLs)* </li></ul></ul><ul><ul><li>Dialup Network Blocking* </li></ul></ul><ul><ul><li>Greylisting* </li></ul></ul><ul><ul><li>BATV (Bounce Address Tag Verification)* </li></ul></ul><ul><ul><li>SPF (Sender Policy Framework)* </li></ul></ul><ul><ul><li>Expression filter </li></ul></ul><ul><ul><li>Recipient verification* </li></ul></ul><ul><ul><li>Reverse-DNS and HELO Syntax Checks…* </li></ul></ul><ul><li>Flexible Management </li></ul><ul><ul><li>Emails and attachments can be rejected with message to sender, passed with a warning or quarantined </li></ul></ul>Astaro Mail Security * can reject emails even before body is transferred
    81. 81. <ul><li>Antiphishing </li></ul><ul><li>Astaro identifies and blocks phishing emails though several methods: </li></ul><ul><ul><li>The virus scanner identifies phishing signatures </li></ul></ul><ul><ul><li>The URL filter blocks phishing server (categorized as “suspicious”) </li></ul></ul><ul><ul><li>Downloaded content will be blocked, if it is similar to known phishing site methods </li></ul></ul>Astaro Mail Security
    82. 82. <ul><li>Email Encryption </li></ul><ul><li>En-/Decryption and Digital Signatures for SMTP Emails </li></ul><ul><li>Completely Transparent </li></ul><ul><li>Easy Setup </li></ul><ul><li>Central Management of all Keys and Certificates </li></ul><ul><li>Allows Content/Virus Scanning even for Encrypted SMTP Emails </li></ul>Astaro Mail Security
    83. 83. Astaro Web Security
    84. 84. <ul><li>Spyware Protection </li></ul><ul><li>Blocks (Unintentional) Downloads of Spyware, Adware, and Other Malicious Software </li></ul><ul><li>Prevents Infected Systems from Sending Information Back to the Spyware (Home) Servers </li></ul><ul><li>Checks Against a Database of Known Spyware URLs </li></ul><ul><li>Blockierung von Spyware auf dem Gateway komplettiert Anti-Spyware Desktop Tools </li></ul>Astaro Web Security
    85. 85. <ul><li>Web Antivirus/Malware </li></ul><ul><li>Blocks viruses, worms, trojans, and other “malware” </li></ul><ul><li>Scans HTTP, HTTPS und FTP traffic </li></ul><ul><li>Dual Independent Virus Scanners with Multiple Detection Methods </li></ul><ul><li>Signature Database with more than 800,000 virus signatures </li></ul><ul><li>Flexible Management </li></ul>Astaro Web Security
    86. 86. <ul><li>URL Filter </li></ul><ul><li>Control employee’s web access to more than 96 categories </li></ul><ul><li>Considers global reputation of a website </li></ul><ul><li>Additional whitelists und blacklists </li></ul><ul><li>Many User Authentication Options </li></ul><ul><ul><li>IP addresses, access for users or groups, Active Directory SSO, eDirectory SSO, LDAP, RADIUS/TACACS+ </li></ul></ul><ul><ul><li>Time-based access policies </li></ul></ul>Astaro Web Security
    87. 87. <ul><li>IM & P2P Control </li></ul><ul><li>Manages the Use of Instant Messaging Clients (and Skype) and Peer-to-Peer Applications </li></ul><ul><li>Flexible Control </li></ul><ul><li>Bandwidth Control </li></ul>Astaro Web Security
    88. 88. Astaro Web Application Security
    89. 89. Astaro Web Application Security Security Patterns
    90. 90. Astaro Web Application Security <ul><li>Cookie Signing - Discards cookies which have been altered. </li></ul>
    91. 91. <ul><li>www.astaro.com/admin.php not allowed! </li></ul>Astaro Web Application Security <ul><li>URL Hardening </li></ul>www.astaro.com/resources.php?userID=123 allowed & signed www.astaro.com/resources.php?XA)=§JGF/(D§KLFJACV;DOQPE can‘t be tampered www.astaro.com/products.php allowed www.astaro.com /products /solutions /resources /ASG /AMA /ACC /NetSecurity /MailSecurity /WebSecurity /datasheets /webinars
    92. 92. Astaro Web Application Security <ul><li>Antivirus </li></ul>User
    93. 93. Astaro Networking Functions Enterprise Class Network Technology
    94. 94. WAN Link Balancing <ul><li>Bundles of up to 8 Internet connections with fallback and simultaneous load distribution </li></ul>Fallback Fallback ISP#2- DSL ISP#1- Cable Servers ISP#1Priority ISP#2 Fallback Servers ISP#2Priority ISP#1 Fallback
    95. 95. Ethernet Link Aggregation <ul><li>Bundles of up to 4 Ethernet Ports for more throughput and stability </li></ul>Logical 200 Mbps Interface (Link Aggregation Group) 100 Mbps Ports Redundant Connection Switch
    96. 96. Server Load Balancing <ul><li>Dynamic load distribution for incoming data over groups of similar servers </li></ul>Health Check Session Persistence Internet John All requests from John to Server A A B C Web Servers
    97. 97. Astaro Active-Passive HA (Standby) <ul><li>Stability through Standby-System </li></ul><ul><li>Synchronisation of: </li></ul><ul><li>IPSec tunnels </li></ul><ul><li>FW connections </li></ul><ul><li>Spooled & quarantined mails </li></ul><ul><li>Log-files </li></ul>Master Slave State & config synchronization Stateful Failover < 2sec deactivated New Master Internet <ul><li>Config settings </li></ul><ul><li>Time/Date settings </li></ul><ul><li>Software version </li></ul><ul><li>Reporting </li></ul>
    98. 98. Astaro Active-Active HA (Cluster) Cluster Nodes Scalability High Availbility Active / Active LAN Master (balancing) Slave Internet
    99. 99. ” Zero Config HA“ <ul><li>Active-Passive (stand-by) HA - Configuration: </li></ul><ul><ul><li>Automatic configuration with connections via HA-Ports </li></ul></ul><ul><li>Active-Active (Cluster) HA - Configuration: </li></ul><ul><ul><li>Change HA-mode at master to “cluster“ </li></ul></ul><ul><ul><ul><li>All units connected to the master HA-port will auto-join the cluster, as per default </li></ul></ul></ul><ul><ul><ul><li>No extra configuration on slave/cluster node required </li></ul></ul></ul>HA port (eth3) Master Slave
    100. 100. <ul><li>Controlled Measures for Power Cuts </li></ul><ul><li>Power cut signaled via USB </li></ul><ul><li>Message sent to the admin </li></ul><ul><li>Automatic shut down when critical battery level is reached </li></ul><ul><li>Supports USVs from APC and MGE </li></ul>UPS Support USB Signaling Power
    101. 101. <ul><li>Optimal Path Selection and Stability </li></ul><ul><li>Static / Policy </li></ul><ul><ul><li>Based on Source/Destination Interface/Network or Service </li></ul></ul><ul><li>Dynamic </li></ul><ul><ul><li>OSPF </li></ul></ul><ul><li>Multicast </li></ul><ul><ul><li>PIM-SM </li></ul></ul>Routing
    102. 102. DHCP <ul><li>Dynamic IP Address Management </li></ul><ul><ul><li>DHCP Server & Relay </li></ul></ul><ul><ul><li>Configuration per Interface </li></ul></ul><ul><ul><li>Static MAC/IP Mapping is possible </li></ul></ul><ul><ul><li>IPv4/IPv6 Support </li></ul></ul>External DNS Server 192.168.1.12 192.168.1.13 192.168.1.14 IP Address DB (192.168.1x) # DHCP Server/ Relay
    103. 103. DNS Proxy <ul><li>Flexible Name Resolution </li></ul><ul><li>IPv4/IPv6 </li></ul><ul><li>DynDNS-Support </li></ul><ul><li>Split DNS-Support </li></ul><ul><li>Local Cache </li></ul><ul><li>DNS Forwarder-Support </li></ul>External DNS Server Local DNS Server DNS Server/ Forwarder Static DNS Entries DNS Cache Dyn DNS Service
    104. 104. Quality of Service (QoS) <ul><ul><li>Guarantees minimum and maximum bandwidth for certain data types </li></ul></ul><ul><ul><li>Secures quality of service (throughput, delay,…) for VoIP and other real-time applications </li></ul></ul><ul><ul><li>Prevents clogging of the Internet-uplink through individual downloads </li></ul></ul>P2P Surf SAP VoIP other 100% 50% 0% P2P Surf SAP VoIP other
    105. 105. Agenda <ul><li>Product Overview </li></ul><ul><li>Security Gateways </li></ul><ul><li>Gateway Extensions </li></ul><ul><li>Management Tools </li></ul><ul><li>Security Gateway Feature </li></ul><ul><li>Hosted Services: Astaro Mail Archiving </li></ul><ul><li>Company Profile </li></ul>
    106. 106. E-mail Archiving Compliance & Productivity Requirement Solutions
    107. 107. E-mail Management Challenges
    108. 108. Available Solutions <ul><li>Mail Archiving Software </li></ul><ul><li>Mail Archiving Appliances </li></ul><ul><li>Hosted archiving solution </li></ul><ul><li>Hosted archiving solution </li></ul>
    109. 109. Astaro Mail Archiving <ul><li>Make Archiving Your E-Mail Our Problem </li></ul>
    110. 110. Deployment Scenario
    111. 111. <ul><li>Setup in < 15 minutes </li></ul><ul><li>No Maintenance Tasks </li></ul>Installation and Maintenance
    112. 112. Compliance <ul><li>All necessary e-mails – for the prescribed period </li></ul><ul><li>Filtering of messages not to be archived </li></ul><ul><li>Evidence of filter actions in the audit log </li></ul><ul><li>Regulation-based archiving for years or decades </li></ul><ul><li>Secure deletion of e-mails upon expiry of the archiving period </li></ul><ul><li>Auditor roles, including the dual control system </li></ul><ul><li>Auditor logs & search </li></ul>
    113. 113. <ul><li>Find e-mails instantly through Google-like full-text search </li></ul>Instant Discovery
    114. 114. Outlook Plug-In <ul><li>Easy installation </li></ul><ul><li>Seamlessly integrated Plug-in </li></ul><ul><li>Direct message handling (forward, reply, copy) </li></ul><ul><li>No employee training necessary </li></ul><ul><li>PST and mailbox upgrade included </li></ul>
    115. 115. <ul><li>Secure Data Storage </li></ul><ul><li>TLS encrypted data transfer </li></ul><ul><li>AES encrypted storage </li></ul><ul><li>Redundant storage and automatic backup </li></ul><ul><li>Unlimited storage capacity </li></ul>Storage Frontend Backend Firewall Storage Backup Control Astaro Mail Archiving Cloud
    116. 116. Licensing & Pricing <ul><li>No hidden extras: All services included! </li></ul>< €3 per user/month!
    117. 117. <ul><li>Easy Usability </li></ul><ul><ul><li>Messages can be found in seconds </li></ul></ul><ul><ul><li>No employee training necessary – intuitively designed Outlook Plug-in </li></ul></ul><ul><ul><li>Regulation-based archiving for years or decades </li></ul></ul><ul><li>Maintenance-free </li></ul><ul><ul><li>Setup in less than 15 minutes </li></ul></ul><ul><ul><li>AD Integration & Exchange synchronization </li></ul></ul><ul><ul><li>No hardware maintenance and upgrade </li></ul></ul><ul><li>Best price/performance ratio </li></ul><ul><ul><li>Less than €3 per user/month* </li></ul></ul><ul><ul><li>Unlimited Storage Capacity </li></ul></ul><ul><ul><li>* 100 user, 3 year license </li></ul></ul>Advantages
    118. 118. Agenda <ul><li>Product Overview </li></ul><ul><li>Security Gateways </li></ul><ul><li>Gateway Extensions </li></ul><ul><li>Management Tools </li></ul><ul><li>Security Gateway Feature </li></ul><ul><li>Hosted Services: Astaro Mail Archiving </li></ul><ul><li>Company Profile </li></ul>
    119. 119. <ul><li>Thank you! </li></ul>

    ×