Clavister NetEye & NetEye Cloud. Version: 2019Q2 Encryption - - PowerPoint PPT Presentation

clavister neteye amp neteye cloud
SMART_READER_LITE
LIVE PREVIEW

Clavister NetEye & NetEye Cloud. Version: 2019Q2 Encryption - - PowerPoint PPT Presentation

Dec 02, 2023 200 likes •410 views

Clavister NetEye & NetEye Cloud. Version: 2019Q2 Encryption does 80 % of pages loaded in Chrome on Windows are not mean content HTTPS, up from 69% last year . is SAFE. - GOOGLE'S HTTPS ENCRYPTION TRANSPARENCY REPORT DEC 18

slide-1
SLIDE 1

Clavister NetEye & NetEye Cloud.

Version: 2019Q2

slide-2
SLIDE 2

MENU

Encryption does not mean content is SAFE. High risk that threats enter the perimeter via secure transactions.

> 50% of all

network attacks hide in SSL

GARTNER

”80 % of pages loaded in

Chrome on Windows are HTTPS, up from 69% last year.”

  • GOOGLE'S HTTPS ENCRYPTION

TRANSPARENCY REPORT – DEC 18

MENU

slide-3
SLIDE 3

MENU

End-user Security

Headquarters Branch offices Remote worker VPN Clients Windows and macOS endpoint security clients

VPN Tunnel Central Management Virtual Firewall Firewall Identity Management

  • Therefore end-point security clients are always

must haves in combination with a perimeter firewall.

End End-Use ser Pr Prot

  • tectio

ion

slide-4
SLIDE 4

MENU

End-user Security

Headquarters Branch offices Remote worker VPN Clients Windows and macOS endpoint security clients

VPN Tunnel Central Management Virtual Firewall Firewall Identity Management

  • Therefore end-point security clients are always must

haves in combination with a perimeter firewall.

  • However … not all clients are supported
  • Administration and management are challenges

End End-Use ser Pr Prot

  • tectio

ion

Mobile? Linux? IoT?

slide-5
SLIDE 5

MENU

How about SSL Inspection?

SS SSL L Insp nspection

Headquarters Branch offices Remote worker VPN Clients Windows and macOS endpoint security clients

  • Expensive
  • Complex
  • Low QoS

Enabling SSL Inspection has a 60% - 80% drop in the average throughput on NGFWs with the functionality built in.

NSS LABS – JULY 18

slide-6
SLIDE 6

MENU

A new approach required - Advanced Threat Protection

Headquarters Branch offices Remote worker VPN Clients Windows and macOS endpoint security clients

Adv Advanced Th Threat Protectio ion

Secure Web Server

  • A complementary

appliance – virtual or hardware

  • Selective traffic routed

through

  • SSL Decryption
  • Multiple scanning

engines

  • Cloud Sandboxing

applied if needed

slide-7
SLIDE 7
  • Advanced Threat Protection
  • Integrated SSL Inspection with anti-virus scanning up

to 2000 Mbit/s of Web traffic!

  • Cloud Sandboxing for controlled detonation
  • Complementary to any firewall!

High-end appliance empowering enterprises and multi-site

  • rganizations screen

encrypted traffic for threats.

slide-8
SLIDE 8
  • Advanced Threat Protection as-a-

Service

  • Traffic sent to the cloud securely

via IPSec tunnels (and back)

  • Full SSL Inspection and multiple

malware scanning engines

  • No additional HW on-site required

On-demand SSL Inspection with minimum impact on your firewall

Secure Web Server Clavister NetEye Cloud

slide-9
SLIDE 9
  • Suspic

icious executable files files scanned by NetEye that need more investigation are send to Clavister Sandbox Cloud

  • Windows environment used for con
  • ntrolle

led deton

  • nation
  • Im

Impact analy lysis is and reporting back to administrator

  • Run as-a-Service, no
  • on
  • n-sit

ite HW HW required

Controlled detonation outside the secure perimeter

Clavister NetEye Cloud Clavister Sandbox Cloud

slide-10
SLIDE 10

Whats included?

  • Managed solution

Customer has no no access to NetEye instance

  • Logs/analyze in InCenter

Clients

Secure Web Server

Logs Management

slide-11
SLIDE 11

Integrated Reporting in InCenter.

  • Clavister InCenter Cloud

license included with each Clavister NetEye

  • Analytics combined with

Clavister NetWall and

  • ther Clavister products

Integrated Holistic Security Analytics

slide-12
SLIDE 12

Certificates / / Man-in in-the-Middle

Secure Web Server

  • Act as Back-2-Back User Agent
  • Client needs to install same cert as managed by NetEye
  • NetEye not visible for client
slide-13
SLIDE 13

Setup appliance/virtual

Client IP 10.0.0.30

NAT

Log Src 10.0.0.30

If NAT, it should be after NetEye. If not, log will not be traceable to specific client

  • Route web traffic to NetEye
  • Whitelist via FQDN PBR
  • Save throughput for trusted destination
  • Ex: YouTube, Microsoft, Twitter etc
  • Applications that dont work man-in-the-middle
  • Health/Finance (WCF)
  • Etc
  • Support will guide customer with these steps (if FW is Clavister)

IP 88.3.4.23

  • FW is responsible to route

traffic to NetEye.

  • NetEye works on L3 (L2 is

supported for specific cases)

  • Any FW works!
  • NetEye will have its own

white/blacklists

  • Only defined ports will be

decrypted

  • Only define ports will be scanned

(all decrypted)

  • White/blacklist
  • Traffic can be bypassed
slide-14
SLIDE 14

Setup Clo loud

Client IP 10.0.0.30

NAT

Same routing decisions

  • Same decisions in FW
  • Traffic is sent in IPsec tunnel to

NetEye instance in cloud

  • Traffic is NOT sent back to FW

again

  • Different IP addresses from same client
  • Localized to where cloud platform is

available

IP 88.3.4.23 IP 104.2.42.4

slide-15
SLIDE 15

HTTPS

Sandbox

Web Server

Decrypt Check cache? Encrypt

.exe HTTP Has file been scanned before (compare checksum)?

  • > If NO, send to sandbox AN

AND Client Admin Could be hours… Threat! Client migh ight be infected

slide-16
SLIDE 16

Connect Protect Prevent

Antivirus Scanning SSL Traffic Inspection Sandboxing

Clavister NetEye.

Clavister NetEye

Advanced Threat Protection

Model SKU Platform SSL Performance Interfaces

Clavister NetEye 50 Virtual NE-50V 50 Mbps Clavister NetEye 100 Virtual NE-100V 100 Mbps Clavister NetEye 250 Virtual NE-250V 250 Mbps Clavister NetEye 500 Virtual NE-500V 500 Mbps Clavister NetEye 8000 Rack Appliance NE-8000 2 CPU, 20 Core each, 16GB Ram 500 Mbps 1 x RJ45 4 x Module Clavister NetEye 8500 Rack Appliance NE-8500 2 CPU, 20 Core each, 16GB Ram 1000 Mbps 1 x RJ45 4 x Module Clavister NetEye 8900 Rack Appliance NE-8900 2 CPU, 20 Core each, 16GB Ram 2000 Mbps 1 x RJ45 4 x Module

Licensing Option

Security Subscription

*

* Sandbox always hosted in the Cloud

Modules SKU

Interface module 2x10 GbE SFP+ APP-CM-NET120

slide-17
SLIDE 17

Connect Protect Prevent

Antivirus Scanning SSL Traffic Inspection Sandboxing

Clavister NetEye Cloud.

Clavister NetEye Cloud

Advanced Threat Protection hosted as a service in Clavister Cloud Licensing Option

Security Subscription

*

* Sandbox always hosted in the Cloud

Model SKU Format SSL Performance Interfaces

Clavister NetEye 50 Cloud NE-50C 50 Mbps IPSEC Clavister NetEye 100 Cloud NE-100C 100 Mbps IPSEC Clavister NetEye 250 Cloud NE-250C 250 Mbps IPSEC Clavister NetEye 500 Cloud NE-500C 500 Mbps IPSEC

slide-18
SLIDE 18

Costs

  • Clavister NetEye and Clavister NetEye cloud are priced for peak throughput
  • Throughput only of HTTP and HTTPS traffic that needs decryption and

scanning

  • Trusted domains can be excluded in the policy routing configured in the

firewall

  • Example pricing:
  • 50 Mbit/s will serve 50 users or more – down to 1 Euro a month for virtual
  • 2000 Mbit/s will sever over 2000 users, under 1 Euro a month including HW
  • 500 Mbit/s will serve 600 users or more – down to 1 Euro a month including cloud costs!
  • Clavister InCenter Cloud for Clavister NetEye always included!
slide-19
SLIDE 19

MENU

Summary – Key Results

  • Advanced Threat Protection

dedicated SSL Inspection with integrated malware scanning

  • Always latest signatures installed

in Clavister NetEye Cloud

  • Secure detonation outside the

enterprise perimeter

  • Limited to no impact on firewall

performance Clavister NetEye gives peace of mind without need to upgrade security infrastructure.

Adv Advanced Th Threat Protectio ion