1 / 33

OmniSwitch & CyberGatekeeper Host Integrity Check & NAC Solution

OmniSwitch & CyberGatekeeper Host Integrity Check & NAC Solution. Presenter. Agenda. Enterprise Security by Alcatel-Lucent Host Integrity Check with NAC Solution Overview OmniSwitch / CyberGatekeeper Integration CyberGatekeeper DNAC Technology Case Studies Why Alcatel-Lucent Security.

Télécharger la présentation

OmniSwitch & CyberGatekeeper Host Integrity Check & NAC Solution

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.


Presentation Transcript

  1. OmniSwitch & CyberGatekeeperHost Integrity Check & NAC Solution Presenter

  2. Agenda • Enterprise Security by Alcatel-Lucent • Host Integrity Check with NAC Solution Overview • OmniSwitch / CyberGatekeeper Integration • CyberGatekeeper DNAC Technology • Case Studies • Why Alcatel-Lucent Security

  3. Enterprise Security By Alcatel-LucentOpen. Trusted. Dynamic. Market Context

  4. Creating The Trusted Dynamic Enterprise • Open and Secure Interfaces to • Communications, Data and Services • Enable new collaborative business models • Managed risk • Protected data • Controlled costs • Security Is a Positive Enabler for Business Performance

  5. Alcatel-Lucent’s Enterprise Security Blueprint User Centric Security Delivered from Within the Network Global Corporate-Wide Security • Consistent Application of Security Voice, Data, and Mobility • Independent Chain of Control • Security is Transparent to the User • Security is Always-On • Security is Highly Available For more detail, see Creating the Trusted, Dynamic Enterprise white paper by Alcatel-Lucent • Security Across Networks, People, Processes & Knowledge

  6. Alcatel-Lucent Security Solutions • A Comprehensive Portfolio

  7. Host Integrity Check withNetwork Access Control Market Context

  8. 4. KNOWLEDGE The Challenge • Services Unavailable • Partner Access • Guest Access • Non Compliant Endpoints • Infected Endpoints • Rogue Endpoints • Malware Containment 2.PEOPLE 1. NETWORK LOSS OF PRODUCTIVITY OPEN ENDED THREATS • Manage Help Desk Costs • Data Protection • Control USB Key Usage • Reduce Management Costs • Increase Compliance Score Card • Non-Productive Applications • Multi-end-point Platforms • Multi-Authentication 3.PROCESS NEW MANDATE FOR THE CIO NEW BUSINESS MODELS

  9. Key Features Verify OS and End Point Configuration Controls Automatic Remediation Multi-Platform Authentication Vulnerability Protection Centralized Policy Management Network Access Control (Host Integrity Check)CyberGatekeeper & OnmiSwitch CyberGatekeeper Policy Manager and Report Server CyberGatekeeper Remote Server OmniSwitch CyberGatekeeper Policy Server CyberGatekeeper Agent Differentiation • Non Disruptive Multi-vendor Deployment • Compatible with Multi-network, Multi-authentication, Multi-end-point environments • Integration with OmniSwitch provides enhanced security and reduced cost Reference Customers • Iona College (US) • Wolf Creek (Canada) • HanseatiCContor

  10. Benefits • Ensures 100% of endpoints on your network are compliant • Quarantined until they are remediated • Keeps rogue devices off your network • Prevents vulnerabilities • Security solutions are running and up-to-date • OS and patches are current • Malware is contained • Lowers help desk costs • With automatic remediation • Provides secure and controlled Guest access • Improves compliance scorecard • Increased data protection HIC

  11. Comprehensive Enterprise Host Integrity Check Solution • Multi-Vendor Environments • Integration with Alcatel-Lucent OmniSwitches • DNAC technology for 3rd Party switches LAN Users Wireless Users • CyberGatekeeper Remote in-line appliance 802.1x Users • CyberGatekeeper Policy Server VPN Users • CyberGatekeeper Remote in-line appliance Guests • On-demand Web agent - Windows, Linux, and Mac • Continuous Surveillance, Highly Available Solution

  12. OmniSwitch / CyberGatekeeperforHost Integrity Check with NAC

  13. Enhanced Security with Authentication and User Profile enabled NAC • Multiple authentication methods and end-point platforms • MAC based, Captive Portal, 802.1x • Security is closer to the first user connection point • Endpoints connected to VoIP phones are secured • Users & end-points are authenticated • Access is role-based & dynamic • QoS, Network Resources, LAN segments • Control is via ACL, not VLAN or IP changes • Does not require 802.1x or changes to DHCP • Enhanced Security with Reduced Costs

  14. OmniSwitch Embedded Network Security

  15. Unique Host Integrity Check with NAC Solution 4 3 OmniSwitch redirects traffic to the CyberGatekeeper Policy Server and the remediation servers. CyberGatekeeper policy server receives HIC report from CyberGatekeeper Agent and informs the OnmiSwitch if the device has passed or failed. 2 CyberGatekeeper Policy Server OmniSwitch provides authentication and identifies user profile. It checks if HIC check is needed for this user. (802.1x, MAC, Captive Portal) Remediation Server(s) 1 802.1x User 5 Employee, contractor or guest connects to the network Alcatel-Lucent OmniSwitch If HIC Passed , OmniSwitch selectively allows device traffic to production network following policy in user profile. If HIC Failed, OmniSwitch restricts traffic to remediation network only Regular LAN User Production Network Guest Resident or On-demand Agent Continuous Surveillance

  16. CyberGatekeeper DNACfor Host Integrity Check

  17. Dynamic NAC - A Different Approach for Host Integrity Check Enforcer Endpoints Police Endpoints Compliant Endpoints Granted Access Guest Endpoints Audit Only Unauthorized Endpoints Quarantine • LAN Switch Agnostic Existing endpoints provide enforcement Creates a community of endpoints like “Neighborhood Watch” Select endpoints are designated as enforcers Enforcers identify and quarantine unknown endpoints DNAC strengths No network upgrades or changes Authentication agnostic Friendly fail-open design Provides real-time network visibility

  18. Each LAN Segment Self-Organizes CyberGatekeeper Policy Server

  19. Enforcers Detect New Endpoints Using ARP Redirection ? New endpoint attempts to access network Enforcers

  20. Enforcers Control Unauthorized Endpoint Access Unauthorized Endpoint Enforcers

  21. Authorized Endpoint Joins the Group Compliant Endpoint Enforcers

  22. CyberGatekeeper Case Studies

  23. Iona College Chooses CyberGatekeeper • IONA College, New Rochelle, New York selects CyberGatekeeper to protect their Wireless Network and seamlessly enable Host Integrity Checking/Campus Network Policy on Students’ laptops. • CyberGatekeeper solution selected as a replacement for Symantec CIM. • CyberGatekeeper solution scans Symantec A/V to make sure it is not out-of-date. • Using self remediation through the CyberGatekeeper they will be able to deliver the proper A/V package to all the students without the need to touch the laptops. • ‘Desirable Mode’ enables testing policies before deployment. • Client notification capabilities on policy changes well-liked. • Support for Vista and MAC Platforms was key.

  24. HanseatiCContor Chooses CyberGatekeeper • HanseatiCContor, Germany selects OnmiSwitch NAC & CyberGatekeeper to secure its new converged communications network service customers, guests, and mobile workers. • OmniSwitch & CyberGatekeeper selected to provide NAC and HIC • Every device connected to the network is authenticated • Access is granted based upon a profile • Different customers are placed into proper network segment • All endpoints are verified to be compliant before allowed onto the network • All critical patches applied, Anti-virus in place, and personal firewall enabled • Unauthorized applications are disabled • If a device changes status it is placed into quarantine • Always-on, with low operational costs was a key factor Needed a secure and manageable communications infrastructure to accommodate a complex business environment

  25. 4. KNOWLEDGE Protect Your Enterprise Today • Services are Available • Secured Partner Access • Secured Guest Access • Endpoints are Compliant • Malware is Contained • Continuous Surveillance 2.PEOPLE 1. NETWORK PRODUCTIVITY ENHANCED THREAT PROTECTION • Applications are Available • Integrates with Existing Infrastructure • Compliance Reporting • Reduced Help Desk Costs • Data is Protected • Reduced Management Costs • Enterprise is Compliant 3.PROCESS ENTERPRISE IS SECURE NEW BUSINESS MODELS

  26. For More Information on CyberGatekeeper www.alcatel-lucent.com/enterprise/?product=CyberGatekeeper&page=overview

  27. Why Alcatel-Lucent? World Class R&D with Bell Labs (X.805 setting the Standard) [ITU-T & ISO] • Security, Network & Mobile Technology • Web 2.0, Cloud Computing, Encryption Research Carrier Class security for enterprise • Unmatched scalability and reliability • Understand new deployment models (Web 2.0, Cloud) Open Standards based solution enabling • Best of breed product selection Security Ecosystem provides access to collaboration and research with industry leading government and standards bodies User Centric Approach providing the fine grained control and audit that enables business performance Security Blueprint that enables open, trusted, dynamic security for voice, data and mobility. www.alcatel-lucent.com/enterprise/security • Trusted Advisor for Unique Security Solutions

  28. www.alcatel-lucent.com www.alcatel-lucent.com/enterprise/security

  29. Back-UPCyberGatekeeper Competitive Analysis

  30. Ease of Use Comparison – CyberGatekeeper vs. Cisco NAC CyberGatekeeper requires significantly less effort to deploy CyberGatekeeper doesn’t require severe or critical network changes Involves few operations for provisioning and maintenance Source: The Tolly Group, October 2006

  31. The Facts – CyberGatekeeper, Cisco NAC, and Juniper

  32. Notes – From Previous Slide • Only when configured as in-band • Only when configured as OOB virtual gateway • Only template remediation actions • Approx 9MB • Can kill process, delete file and re-direct URL • Only simple process check, file check (with no MD5 in Cisco), registry check. Cannot do file check based upon registry value as base directory. • Approx 14 MB

  33. Symantec NAC facts • Requires DHCP, or 802.1x to redirect traffic for posture check • Limited operating system supported • Not capable of the authentication portion of NAC • The appliances will not perform post admission functions such as Role based access control, Threat Control, or authentication • Relies on weak Self enforcement model • Managed PC’s run Symantec Network Protection Agent to self enforce • Weak to non existent unmanaged Endpoint support. • Requires purchase of additional SNAC enforcer 6100 appliance where performance limited, and therefore only recommended for VPN access. • Not suitable for networks with unmanaged devices (guest/contractor) • SNAC 6100 has limited performance and not suitable for inline deployment in LAN • Total solution can be very costly with low ROI

More Related