Astaro

Product Presentation

Agenda

Product Overview
Security Gateways
Gateway Extensions
Management Tools
Security Gateway Features
Hosted Services: Astaro Mail Archiving

Astaro Products in Use

Agenda

Product Overview
Security Gateways
Gateway Extensions
Management Tools
Security Gateway Features
Hosted Services: Astaro Mail Archiving

Security Gateways
Comprehensive All-In-One Security for SMEs

Internet Threats on the Increase

Botnets Spam
Scam
Spam Phishing
Scam Hoax
Hoax
Viruses Spyware
Spyware Gray
Gray ware
ware Intrusions Denial
Denial of
of
Crackers
Crackers

Service
Service Distributed
Distributed Denial
Denial of
of Service
Service Ping
Ping floods
floods

Eavesdropper Script
Script Kiddies
Kiddies

Espionage
Espionage Malware
Malware Root kits

Adware
Adware P2P
P2P File
File sharing
sharing Trojans Spit
Spit Bots
Bots Backdoors
Backdoors

Buffer
Buffer

Overflows
Overflows Hackers
Hackers Malcode
Malcode Bugs
Bugs Key loggers Crime
Crime
ware
ware Pharming Competitors
Competitors Identity
Identity theft
theft Exploits
poisoning
poisoning

Snarf
Snarf attacks
attacks Spam

DNS
DNS

bots Spy
Spy bots
bots Trap
Trap doors
doors

War driving Ransomware

Ransomware ASCII
ASCII bombs
bombs

Bluesnarfing
Worms
Worms Decrypting
Decrypting Reverse
Reverse engineering
engineering Phreaking
Phreaking Port Scanning

Modern IT-Security Challenges

Cost

Time Investment

Router
Firewall
IPS
SSL VPN Gateway
E-Mail/Spam Filter
GW Antivirus Filter
Web Filter
WAN Link Balancer
Load Balancer
Total:

The Astaro All-In-One Approach

Flexible Deployment

Software Appliance

VPN & Wireless

Extensions

Virtual Appliance

Integration of
Complete E-mail, Web
& Network protection

All-In-One Appliance

Networking-Features
for High Availability
and Load Balancing

Centralized
Management &
Reporting

Browser-based
Unified Management of
All Applications

Astaro Security Gateway

Unified Threat Management Appliances

Deployment Scenarios

10

Security Features
Wireless
Wireless
Security
Security

Essential
Essential
Firewall
Firewall

Wireless
Wireless Controller
Controller for
for
Astaro
Astaro Access
Access Points
Points
Multi-Zone
Multi-Zone (SSID)
(SSID) support
support
op
tio

op

na
l

n
tio

Stateful
Stateful Firewall
Firewall
Network
Network Address
Address Translation
Translation
PPTP/L2TP
PPTP/L2TP Remote
Remote Access
Access

Branch
Branch Office
Office Security
Security

Reverse
Reverse Proxy
Proxy
Web
Web Application
Application Firewall
Firewall

tio
op

op
tio

al

optional

Network
Network
Security
Security
Intrusion
Intrusion Prevention
Prevention
IPSec/SSL
IPSec/SSL VPN
VPN

Web
Web Application
Application
Security
Security

Mail
Mail
Security
Security
Anti
Anti Spam
Spam &
& Phishing
Phishing
Dual
Dual Virus
Virus Protection
Protection

l
na

Antivirus
Antivirus

na
l

Web
Web
Security
Security
URL
URL Filter
Filter
Antivirus
Antivirus &
& Antispyware
Antispyware
IM
IM &
& P2P
P2P Control
Control

Email
Email Encryption
Encryption

Enterprise-class Security for SMB

11

10 Advantages of Astaro Security Features

1
1

Secure Firewall

6
6

User-based web filter

2
2

Support all integrated

VPN clients

7
7

Block Skype, Bittorrent or

others

3
3

Detect malware in
HTTPS-data

8
8

Implemented Web
Application Firewall

4
4

Keep mailboxes clean

9
9

Clustering allows flexible

scaling

5
5

Protect confidential
messages

10
10

Integrated Wireless
Controller

12

Management Made Easy

Intuitive Dashboard

Individual UserPortal

Comprehensive Reporting

13

10 Advantages of ASG Management

1
1

Web interface

Reuse User-Definitions in
AD

6
6

2
2

Low maintenance

7
7

Integrated Supported
Reporting

3
3

Mail & VPN User

Management

8
8

Integrated log and

quarantine management

4
4

Simple Connection for

Mobile Employees

9
9

Secure connection to
branch offices in 5 minutes

5
5

Fast Disaster-Recovery

10
10

Zero-Config HA

14

Astaro Security Gateway Products

Hardware
Appliance

110/120

220

320

425

525

625

Small
networks

Medium
networks

Medium
networks

Large
networks

Large
networks

Large
networks

6 & 2 SFP

10 & 4 SFP

10 & 8 SFP

Max.
recommended FW
Users

10/50

150

350

1000

2500

4000

Max.
recommended
UTM Users

10/25

70

200

600

1300

2000

Environment
Network Ports

Software
Appliance *

Runs on Intel-compatible PCs and servers

Virtual
Appliance *

Runs in any VMWare environment

*Pricing based #IPs/Users

15

Deployment Models

Hardware ApplianceSoftware Appliance

Virtual Appliance

Application
Application

Operating
Operating
System
System

Hardware
Hardware

First UTM Appliance that passed

VMware validation program

16

Agenda

Product Overview
Security Gateways
Gateway Extensions
Management Tools
Security Gateway Features
Hosted Services: Astaro Mail Archiving

17

Gateway Extentions

18

Branch Office Security

Secure Branch Office Connection

19

Branch Office Security - Challenges

Businesses with many small branch offices need an easy and
affordable way to connect them back to the headquarter location and
keep their Internet access secure.

20

Available Solutions

Routers for private users

Low-end UTM Appliances

MPLS and Managed VPN Services

21

Astaro RED
The easiest and most economic way to secure your branch offices in a
few minutes without the need for technical personnel at the remote
site!

22

Deployment Scenario

23

How Does RED Work?

24

Easy Installation

Appliance can be delivered without configuration

Internet

TUNNEL

Branch Office

A041023040
1

Computer

Headquarter

25

Implemented Centralized Management

26

Astaro RED 10
Technical Information
Solid steel chassis
No moving parts
1 WAN Port
4-Port LAN Switch
>30 Mbit/s VPN-throughput
<7 Watt power consumption
Unrestricted users
No Buttons, No GUI

27

Advantages
Easy to implement and manage
Virtual Ethernet cable
Setup in the branch in two minutes
Centralized configuration in ASG
No technical personnel required at the remote site
Cost efficient
Small, low-cost appliance
No maintenance or recurring costs in the remote site
Complete UTM security
Enterprise-class network, mail, and web filtering in central ASG

28

Wireless Security
Secure Wireless Networks for Businesses

29

Wireless Networks The Challenges

Businesses need an easy-to-use, secure and reliable possibility to
integrate wireless devices into their business networks.

30

Available Solutions

Access Points for private users

Low-end UTM-Appliances
with integrated Wi-Fi

Enterprise Wireless Solutions

31

Astaro Wireless Security

Air traffic control for your business network

32

Deployment scenarios

33

Easy installation

Guest

Astaro Security Gateway

Internet

Finance

34

Centralized Management

35

Flexible Access for the Whole Office

Astaro access points can be placed anywhere in your organization.
Easy creation of multiple separate wireless zones.

36

Integrated Security
Strong Encryption

Integrated UTM Security

37

Astaro Access Points

AP 10

AP 30

Up to 10 users

Up to 30 user

150 Mbit/s throughput

300 Mbit/s throughput

1 x 10/100 Base TX

1 x 10/100 Base TX

802.11 b/g/n

802.11 b/g/n

1 x detachable dipole antenna

3 x internal antennas

Power consumption: < 8 Watt

Power consumption: < 8 Watt

Desktop/Wand mounting

Desktop/ceiling mounting
Power over Ethernet (802.3af)

PoE-Injector
PoE-Injector included!
included!

38

Advantages

Easy installation and management

Centralized configuration
No configuration at the Access Points site necessary needed

Secure and reliable

Integrated UTM-security for wireless devices
Best protection for wireless connections

Flexible access
Continuous signal in the whole office
Easy internet access for guests

39

Astaro Clients
Secure Remote Access to Business Networks

40

Deployment Scenario

41

Astaro IPsec Client

Highly secure data connections to Astaro VPN gateways
Authentication via Pre-Shared Key (PSK),
PKI (X.509), Smartcards, Tokens, XAUTH
Encryption via AES, DES, 3DES, Blowfish,
DH-groups, MD5, SHA
Intelligent Split-Tunneling for optimum
traffic routing
NAT-Traversal support
Multilingual (English, German, French)
Windows XP, Vista, 7
One-click-Setup

42

Astaro SSL Client*

Proven SSL- (TLS) based security
Minimal system requirements
Supports MD5, SHA, DES, 3DES and AES
Works through all firewalls, regardless of proxies and NAT
Independent from Browser
Offers transparent access to all resources and applications within the
corporate network
Windows 2000, XP, Vista, 7, Linux, MacOS X, BSD or Solaris
One-Click-Setup

* for free

43

Astaro Smart Installer

Fast Disaster Recovery

44

Astaro Smart Installer

Fast Recovery
Fast installation of a software-image or recovering a stored
configuration with a bootable USB device
Configuration will be used automatically
No manual interference necessary
Reduces downtime

45

Management Tools
Centralized Management of all Security Products

46

Central Management The Challenges

1
1

Management of the complete security infrastructure

2
2

Setting global definitions

3
3

Monitoring important values (in real-time)

4
4

Creating company-wide reports

5
5

Centralized inventory management

47

Available Solutions
How do you handle all management tasks today?
All devices will be managed separately
Very time-consuming
Tools for central management
Expensive and complex
Using self-provided Batch processing
Very time-consuming
For configuration only, monitoring and reporting generally not
possible

48

Astaro Command Center

Manage all your security products from a single location

49

Astaro Command Center

Real-Time Monitoring
Aggregated Reporting
Inventory Management
Device Maintenance
Central Configuration
Access Management

50

Easy Management

51

Multi-Client Capability for Managed Services

52

Products

Software Appliance*
Runs on Intel-compatible PCs and servers

Virtual Appliance*
Runs in any VMware environment

Free of
Charge
!
53

Advantages

Save and distribute administration tasks

1
1
2
2

Simple configuration for company-wide security

policies

3
3

Overview for important resources used

4
4

Monitor critical system parameters in real-time

5
5

Easy maintenance for worldwide distributed devices

54

Agenda

Product Overview
Security Gateways
Gateway Extensions
Management Tools
Security Gateway Features
Hosted Services: Astaro Mail Archiving

55

Astaro Security Gateway Features

Enterprise-Class Security Technology

56

Astaro Essential Firewall

57

Astaro Network Security

58

Astaro Network Security

Virtual Private Network (VPN) Gateway

Site-to-Site IPsec & SSL VPN for creating a secure communication
Remote Access for employees and mobile user (Road Warriors)
via IPsec & SSL
Support of all Major Encryption and Authentication Methods
Certificate Authority

59

Astaro Network Security

Intrusion Prevention
Identifies and Blocks Application and Protocol Related Probes and
Attacks through Deep Packet Inspection
Database of over 8,000 Patterns and Rules
Intrusion Detection and Prevention
Powerful Management Interface
DoS (Denial of Service Attack) and protection from port scans

60

Astaro Mail Security

61

Astaro Mail Security

E-Mail Antivirus
Dual Independent Virus Scanners for SMTP and POP3
Blocks Malware before it reaches email servers or desktops
Database with more than 800.000 virus signatures
Flexible Management
Can specify file formats (endings) and content (MIME type) to block
Emails and attachments can be dropped, rejected with message to
sender, passed with a warning, or quarantined

62

Astaro Mail Security

Antispam
Highest Detection Rate through Combination of Multiple Methods:
Reputation service (format and language agnostic)
Realtime Blackhole Lists (RBLs)*
Dialup Network Blocking*
Greylisting*
BATV (Bounce Address Tag Verification)*
SPF (Sender Policy Framework)*
Expression filter
Recipient verification*
Reverse-DNS and HELO Syntax Checks*
Flexible Management
Emails and attachments can be rejected with message to sender, passed with a
warning or quarantined * can reject emails even before body is transferred

63

Astaro Mail Security

Antiphishing
Astaro identifies and blocks phishing emails though several methods:
The virus scanner identifies phishing signatures
The URL filter blocks phishing server (categorized as suspicious)
Downloaded content will be blocked, if it is similar to known
phishing site methods

64

Astaro Mail Security

Email Encryption
En-/Decryption and Digital Signatures for SMTP Emails
Completely Transparent
Easy Setup
Central Management of all Keys and Certificates
Allows Content/Virus Scanning even for Encrypted SMTP Emails

65

Astaro Web Security

66

Astaro Web Security

Spyware Protection
Blocks (Unintentional) Downloads of Spyware, Adware, and Other
Malicious Software
Prevents Infected Systems from Sending Information Back to the
Spyware (Home) Servers
Checks Against a Database of Known Spyware URLs
Blockierung von Spyware auf dem Gateway komplettiert AntiSpyware Desktop Tools

67

Astaro Web Security

Web Antivirus/Malware
Blocks viruses, worms, trojans, and other malware
Scans HTTP, HTTPS und FTP traffic
Dual Independent Virus Scanners with Multiple Detection Methods
Signature Database with more than 800,000 virus signatures
Flexible Management

68

Astaro Web Security

URL Filter
Control employees web access to more than 96 categories
Considers global reputation of a website
Additional whitelists und blacklists
Many User Authentication Options
IP addresses, access for users or groups, Active Directory SSO,
eDirectory SSO, LDAP, RADIUS/TACACS+
Time-based access policies

69

Astaro Web Security

IM & P2P Control
Manages the Use of Instant Messaging Clients (and Skype) and Peerto-Peer Applications
Flexible Control
Bandwidth Control

70

Astaro Web Application Security

71

Astaro Web Application Security

Security Patterns

72

Astaro Web Application Security

Cookie Signing - Discards cookies which have been

altered.

73

Astaro Web Application Security

URL Hardening
www.astaro.com
/products

/solutions

/resources

/ASG

/NetSecurity

/datasheets

/AMA

/MailSecurity

/webinars

/ACC

/WebSecurity

www.astaro.com/products.php allowed
www.astaro.com/admin.php

not allowed!

www.astaro.com/resources.php?userID=123

allowed & signed

www.astaro.com/resources.php?XA)=JGF/(DKLFJACV;DOQPE cant be tampered

74

Astaro Web Application Security

Antivirus

User

75

Astaro Networking Functions

Enterprise Class Network Technology

76

WAN Link Balancing

Bundles of up to 8 Internet connections with fallback
and simultaneous load distribution

ISP#1- Cable

lb
Fal
k

Servers
ISP#1Priority
ISP#2 Fallback

Servers
ISP#2Priority
ISP#1 Fallback

ac

Fal
lb a
c
k

ISP#2- DSL

77

Ethernet Link Aggregation

Bundles of up to 4 Ethernet Ports for more throughput
and stability

Redundant
Connection

Switch

Logical 200 Mbps Interface

(Link Aggregation Group)
100 Mbps Ports

78

Server Load Balancing

Dynamic load distribution for incoming data over groups
of similar servers

Session
Persistence

All requests from

John to Server A

John

Web
Servers
B

Load balance

Internet
Health Check

79

Astaro Active-Passive HA (Standby)

Stability through Standby-System
Master
deactivated
Internet
State & config
synchronization

Stateful Failover
< 2sec

NewSlave
Master
Synchronisation of:

IPSec tunnels
FW connections
Spooled & quarantined mails
Log-files

Config settings
Time/Date settings
Software version
Reporting
80

Astaro Active-Active HA (Cluster)

High Availbility
Active / Active
Master (balancing)

Slave

Cluster Nodes

Internet

Scalability
Scalability

LAN

81

Zero Config HA

Active-Passive (stand-by) HA Configuration:

Master

Automatic configuration with connections via

HA-Ports
HA port (eth3)

Active-Active (Cluster) HA - Configuration:

Change HA-mode at master to cluster

Slave

All units connected to the master HA-port

will auto-join the cluster, as per default
No extra configuration on slave/cluster
node required

82

UPS Support
Controlled Measures for Power Cuts

Power cut signaled via USB

Message sent to the admin
Automatic shut down when critical battery level is reached
Supports USVs from APC and MGE

Power

USB
Signaling

83

Routing
Optimal Path Selection and Stability
Static / Policy
Based on Source/Destination Interface/Network or Service
Dynamic
OSPF
Multicast
PIM-SM

84

DHCP
Dynamic IP Address Management
DHCP Server & Relay
Configuration per Interface
Static MAC/IP Mapping is possible
IPv4/IPv6 Support

IP Address DB
(192.168.1x)
#
External
DNS Server

.12
1
.
68
1
.
2
19
1.13
.
8
6
1
192.

192.168.1.14
DHCP Server/
Relay

85

DNS Proxy
Flexible Name Resolution
IPv4/IPv6
DynDNS-Support
Split DNS-Support

Dyn DNS Service

DNS Server/
Forwarder

Local Cache
DNS Forwarder-Support

External
DNS Server

Static DNS Entries

DNS Cache

Local
DNS Server

86

Quality of Service (QoS)

Guarantees minimum and maximum bandwidth for certain
data types
Secures quality of service (throughput, delay,) for VoIP and other
real-time applications
Prevents clogging of the Internet-uplink through individual downloads

100%

SAP

50%
Surf

P2P

VoIP
othe
r

P2P
Surf
SAP
VoIP
other

0%

87

Agenda

Product Overview
Security Gateways
Gateway Extensions
Management Tools
Security Gateway Features
Hosted Services: Astaro Mail Archiving

88

E-mail Archiving
Compliance & Productivity Requirement Solutions

89

E-mail Management Challenges

90

Available Solutions
Mail Archiving Software
Mail Archiving Appliances

Hosted archiving solution

Hosted archiving solution

91

Astaro Mail Archiving

Make Archiving Your E-Mail Our Problem

92

Deployment Scenario

93

Installation and Maintenance

Setup in < 15 minutes
No Maintenance Tasks

94

Compliance
All necessary e-mails for the prescribed period
Auditor roles, including the dual control system
Auditor logs & search

Regulation-based archiving for years or decades

Secure deletion of e-mails upon expiry of the
archiving period

Filtering of messages not to be archived

Evidence of filter actions in the audit log

95

Instant Discovery
Find e-mails instantly through
Google-like full-text search

96

Outlook Plug-In

Easy installation
Seamlessly integrated Plug-in
Direct message handling
(forward, reply, copy)
No employee training necessary
PST and mailbox upgrade included

97

Storage
Control
Backup
Storage

Unlimited storage capacity

Backend

Redundant storage and automatic

backup

Firewall

AES encrypted storage

Frontend

TLS encrypted data transfer

Astaro Mail Archiving Cloud

Secure Data Storage

98

Licensing & Pricing

No hidden extras: All services included!
#Users
10
25
50
75
100
150
200
300
400
600
800
1000
1500
2000

1 year license
$
$
$
$
$
$
$
$
$
$
$
$
$
$

480
1.150
2.210
3.250
4.245
6.245
8.155
11.985
15.655
23.015
30.060
36.070
51.940
66.485

$
$
$
$
$
$
$
$
$
$
$
$
$
$

3 years
license
1.150
2.765
5.310
7.805
10.190
14.980
19.570
28.765
37.570
55.230
72.140
86.565
124.655
159.860

$
$
$
$
$
$
$
$
$
$
$
$
$
$

5 years
license
1.730
4.145
7.965
11.705
15.290
22.475
29.355
43.150
56.360
82.845
108.210
129.850
186.985
239.340

< 3 per user/month!

99

Advantages

Easy Usability
Messages can be found in seconds
No employee training necessary intuitively designed Outlook Plug-in
Regulation-based archiving for years or decades
Maintenance-free
Setup in less than 15 minutes
AD Integration & Exchange synchronization
No hardware maintenance and upgrade
Best price/performance ratio
Less than 3 per user/month*
Unlimited Storage Capacity
* 100 user, 3 year license

100

Agenda

Product Overview
Security Gateways
Gateway Extensions
Management Tools
Security Gateway Features
Hosted Services: Astaro Mail Archiving

101