Checkpoint

In today’s environment, companies face increasing levels of threat to their networks, at the perimeter, across the LAN and WAN, and at endpoints. Protecting everything is increasingly complex and can result in security solutions that are hard to manage and maintain.

Check Point Network Security Solutions are used by all companies in the Fortune 100.Their products cover a wide range of feature sets for all organisational sizes with advanced security features such as integrated intrusion prevention, virtualization, gateway antivirus, anti-spam, web content filtering, as well as IPsec and SSL VPN remote access for computers and mobile devices. Check Point also offers standalone intrusion prevention and SSL VPN solutions as part of the unified security architecture.

Their VPN-1 firewall and VPN solutions are available as software only or on a variety of platforms including Check Point's own Secure Platform or other vendors’ such as Nokia and IBM.

Firewall 1

Check Point FireWall-1 is the among the industry's leading firewall solutions; based on INSPECT, adaptive and intelligent inspection technology, FireWall-1 integrates both network and application-layer firewall protection and, as your business grows, INSPECT can be extended to support new requirements.

Additionally, Check Point's leading SMART management architecture makes the job of deploying and managing multiple firewalls a worry of the past. Its three tier enforcement point, management and GUI architecture allows security managers to manage multiple security systems from a single management platform.

Endpoint Security

Check Point Endpoint Security protects PCs (endpoints) by combining firewall, network access control (NAC), program control, antivirus, anti-spyware, data security, and remote access into a single agent. This removes the need to deploy and manage multiple agents and so reduces complexity and total cost of ownership.

Check Point Endpoint Security includes both data security for preventing data loss and theft and a VPN client for secure remote access communications. By having a single management console administrators are able to view and modify endpoint security policy with ease and assurance.

Check Point Endpoint Security is unified with the Check Point unified security architecture, enabling monitoring, analysis, and reporting of endpoint security logs and events from the SmartCenter, Provider-1, and Eventia management systems.

VPN (Power gateways)

VPN-1 Power, part of Check Point’s Unified Security Architecture suite, is an integrated firewall, VPN and intrusion prevention gateway providing comprehensive accelerated security and remote connectivity for applications and network resources. By using VPN-1 gateways companies are able to secure their networks without slowing down their business and, as new threats appear, VPN-1 Power adapts to meet and counter these.

VPN-1 provides truly integrated security based on Check Point’s Firewall 1 and Smart Defense intrusion prevention technologies. Firewall 1 is based on Check Point’s Stateful Inspection, the de facto standard for Internet security; Smart Defense uses Application Intelligence technologies to understand how protocols and applications should work and, based on this, can pre-emptively block entire classes of threats based on suspicious behaviour.

Connectra SSL VPN

Check Point Connectra is a complete Web Security Gateway appliance or software platform that provides SSL VPN access and comprehensive endpoint and integrated intrusion prevention security in a single, unified remote access solution. The Connectra SSL VPN gateway provides secure browser-based remote access to email, web applications and file shares. Included with Connectra, the SSL Network Extender browser plug-in, provides network-level access to client/server applications over SSL. By combining both SSL VPN connectivity and security in one solution, organizations can effectively deploy SSL VPNs safely and securely to a diverse set of remote users while ensuring the confidentiality and integrity of information that is critical to the success of any business.

F5

F5 is the global leader in application delivery networking, enabling users to increase business efficiency by leveraging the power of application, hardware, operating system, and network virtualization throughout the enterprise to achieve a single goal: the creation of a complete virtual data center that can deliver improved performance and availability at a lower cost.

F5 solutions optimize network, server and storage environments by ensuring the highest levels of performance, security and availability at the lowest possible cost. In addition, F5 facilitates IT growth and agility by eliminating physical constraints and automating routine processes.

Big IP Local Traffic Manager

Ensuring high availability, maximum performance and centralised management for your corporate applications, reducing downtime, lost opportunities and potential damage to your company’s reputation.

Big IP Local Traffic Manager (LTM) is an Application Delivery Networking (ADN) system that provideds the most intelligent and adaptable solution to secure, optimise and delivery your applications to help you effectively and completely run your business.

Big IP LTM is the only system that gives you a set of unified application infrastructure services to deliver total control, vision and flexibility into application security, performance and delivery. Advantages include increased availability of applications, acceleration of these by up to three times and increased network and application security.

Big IP Global Traffic Manager

Ensuring high availability, maximum performance and centralised management for applications running across globally dispersed data centres. Also increases availability of applications during site outages, ensuring users and customers are able to easily access applications.

Big IP Global Traffic Manager (GTM) provides an intelligent way for Global enterprises with data centres spread around the world to route users to the nearest site. While DNS can point a user to a data center, BIG-IP GTM can automatically direct them to the closest or best-performing data center, based on topology-based load balancing inspecting their IP addressing. The topology could be based on continent, country, ISP, or custom IP subnet level. Additionally, BIG-IP GTM can be used to provide seamless disaster recovery and routing based on quality of service or business criteria.

Firepass SSL VPN

Simplified, cost-effective remote access from anywhere whilst retaining high levels of information security.

F5’s FirePass SSL VPN appliance provides a secure access to corporate applications and data using a standard web browser and a standalone client. It can use a wide range of devices, including Windows Mobile devices and the Apple iPhone. Users can have secure access from anywhere they have an Internet connection, while FirePass ensures that connected computers are fully patched and protected.

Using full-tunnel SSL technology and client access policies defined by system administrators, remote clients can log on to their business applications under pre-defined access permissions and client directory control.

FirePass offloads server-based security processes and access controls to free up valuable server cycles, while clustered scalability and availability features support thousands of concurrent users and failover services. FirePass can also run virus checks prior to user logon and set defined access controls to the client device during logon, to ensure secure access compliance. Non-compliant clients can be quarantined and passed to DMZ management processes for compliance updating. FirePass also supports Application Ready Access, providing full reverse proxy services for market-leading application portals including SAP, Oracle, Microsoft, and others.

Secure Services Gateways

The Juniper Networks Secure Services Gateways are purpose-built security appliances that deliver a perfect blend of performance, security and LAN/WAN connectivity from small branch offices up to service providers. Traffic flowing in and out of the network ca be protected from worms, Spyware, Trojans, and malware by a complete set of Universal Threat Management (UTM) security features including Stateful firewall, IPSec VPN, IPS, Antivirus (includes Anti-Spyware, Anti-Adware, Anti-Phishing), Anti-Spam, and Web Filtering.

The rich set of UTM security features allows the SSG range to be deployed as a stand alone network protection device and, with its robust routing engine, the SSG range can also be deployed as a traditional branch office router or as a combination security and routing device to help reduce IT capital and operational expenditures.

Integrated Security Gateways

The Juniper Networks Integrated Security Gateways (ISG) are purpose-built, security solutions that leverage a fourth generation security ASIC, the GigaScreen3, along with high-speed microprocessors to deliver unmatched firewall and VPN performance. The Juniper Networks ISG range is ideally suited for securing enterprise, carrier and data center environments where advanced applications such as VoIP and streaming media dictate consistent, scalable performance. Integrating best-in-class Deep Inspection firewall, VPN and DoS solutions, the ISG range enables secure, reliable connectivity along with network and application-level protection for critical, high-traffic network segments.

Netscreen

The Juniper Networks NetScreen series is a line of purpose-built, high-performance firewall/VPN security systems designed to deliver a new level of high-performance capabilities for large enterprise, carrier, and data center networks. The NetScreen-5000 series consists of two products: the 2-slot NetScreen-5200 system and the 4-slot NetScreen-5400 system. NetScreen-5000 security systems integrate firewall, VPN, DoS and DDoS protection, and traffic-management functionality, in a low-profile modular chassis. Built around Juniper's third-generation security ASIC and distributed system architecture, the NetScreen-5000 series offers excellent scalability and flexibility, while providing a higher level security system through Juniper Networks NetScreen ScreenOS custom operating system. Both products employ a switch fabric for data exchange and separate multibus channel for control information, delivering scalable performance for the most demanding environments.

Juniper Networks SSL VPN - Secure Access

Juniper Networks SSL VPN - Secure Access is a complete range of remote-access appliances in a variety of form factors and features that can be combined to meet the needs of companies of all sizes. These range from SMBs that need VPN access for remote/mobile employees to large global deployments that must provide remote and/or extranet access for employees, partners and customers from a single platform.

Juniper's SSL VPN solutions use SSL, the security protocol found in all standard Web browsers. This eliminates the need for client-software deployment, changes to internal servers and costly ongoing maintenance and desktop support. Juniper SSL VPN Secure Access appliances combine the overall benefit of a lower total cost of ownership compared to traditional IPSec VPN client solutions with unique end-to-end security features. Enhanced remote access methods enable the enterprise to provision access by purpose for virtually any resource, including those that are jitter or latency sensitive.

ASA Security

Networks continue to suffer from attacks from a wide variety of sources, from both inside and outside of corporate networks. With companies working to increase their profitability through increased remote working, collaboration, mobile technologies and improved process optimization, these risks can mount if the network is not secured properly. Using Cisco ASA firewalls can enable businesses to deploy new applications in a reliable and secure manner whilst benefitting from the low operational costs of the ASA’s modular solution.

The Cisco ASA 5500 Series Firewall Edition enables businesses to securely deploy mission-critical applications and networks in a highly reliable manner, while providing significant investment protection and lower operational costs through its unique, modular design. Businesses can protect their networks from unauthorized access using the Cisco ASA 5500 Series Firewall Edition's robust policy enforcement services. These services combine with market-leading VPN services to enable businesses to securely extend their networks across low-cost Internet connections to business partners, remote sites, and mobile workers. This flexible solution can adapt as an organization's needs evolve along with the ever-changing security threat landscape, giving businesses the ability to easily integrate market-leading intrusion prevention, antivirus, antispam, antispyware, URL filtering, and other advanced content security services for additional layers of protection. Combined with Cisco management and monitoring application solutions, the Cisco ASA 5500 Series Firewall Edition provides world-class security with lower operational costs.

IPS Intrusion Prevention System

Cisco IPS (Intrusion Prevention System) helps to defend corporate networks from threats from both within the company itself and externally.

The Internet is one of the major sources of attacks and exploits targeting today's corporate networks. Applying Cisco IPS (either as a router module or as part of a firewall implementation) helps defend the corporate network against such vulnerabilities by restricting access from the untrusted internet and prevents intruders from evading the perimeter router on the telecommuter side to gain access to the corporate network. Using IPS inspection in conjunction with the Cisco IOS Firewall at the incoming and outgoing interfaces of the perimeter router will monitor and discard malicious activity.

In today's corporate network environment, an increasing number of exploits and network attacks are coming from within the corporate network itself. These attacks or exploits may be deliberate or inadvertent (for example, an infected laptop brought into the office and connected to the corporate LAN). Deploying Cisco IPS as close to the entry point into the network as possible mitigates the attacks and exploits before they spread farther into the network. By facilitating Cisco IPS together with IP Security (IPsec) VPN, Cisco Network Admission Control (NAC), and Cisco IOS Firewall, a Cisco router can perform encryption, firewall, and traffic inspection at the point of entry into the network-an industry first. This setup reduces the additional devices needed to support the system, reduces operating and capital expenditures, and enhances security.

NAC Admission Control

The Cisco Network Admission Control (NAC) appliance allows administrators to easily administer and authenticate users on wired and wireless networks, thereby ensuring that all the devices on the network are compliant with the company’s security policy. It also creates significant cost savings through automating the repair of vulnerabilities before allowing access to the network and reduces the risk of downtime caused through viruses, worms and other malicious applications.

Cisco NAC Appliance is an end-to-end network registration and enforcement solution that allows network administrators to authenticate, authorize, evaluate, and remediate users and their machines prior to allowing users onto the network. This advanced network security product recognizes users, their devices, and their roles in the network at the point of authentication, before malicious code can cause damage, evaluates whether the machine is compliant with the company’s security policies and enforces these by blocking, isolating, and repairing noncompliant machines.

Cisco NAC Appliance works with all devices, regardless of:

• • Device type (such as PCs, Mac or Linux machines, PDAs, prionters or IP phones).
• • Device ownership. Cisco NAC Appliance can apply security policies to systems owned by the corporation, employees, contractors, and guests.
• • Device access method. Cisco NAC Appliance applies network admission control to devices connecting through the LAN, WLAN, WAN, or VPN.

WAAS

Cisco WAAS allows organizations to deliver centralised applications with LAN-like speed to any employee regardless of location, while preserving end to end visibility and security. This means that lower speed links can be used, therefore reducing line costs.

Cisco Wide Area Application Services (WAAS) is a comprehensive WAN optimization solution that accelerates applications over the WAN, delivers video to the branch office, and provides local hosting of branch-office IT services. Cisco WAAS allows IT departments to centralize applications and storage in the data centre while maintaining LAN-like application performance, and provides locally hosted IT services while reducing the branch-office device footprint.

Cisco WAAS allows organizations to accomplish these primary IT objectives:

• • Application acceleration: Improve productivity of remote employees.
• • IT consolidation and WAN optimization: Minimize branch IT costs.
• • Branch IT agility: Respond rapidly to changing business needs.
• • Simplified data protection: Ease compliance and business continuity.

ACE Load balancing

Organisations lose millions of pounds a year annually in lost revenue and productivity through application downtime and degradation.

By using Cisco ACE Application Control Engine switches, companies can significantly curb these losses by increasing the manageability, security, and performance of business applications hosted in the data centre by distributing end-user application requests across server farms and offloading computer-intensive communications and security processing tasks from application servers.

In addition, Cisco ACE application switches contain enhancements that are unique in the industry to further improve application deployment times and resiliency while delivering significant power and cooling efficiencies and savings. These value-added functions include virtualization and roles-based administration.

Virtualization means that architecturally, a single physical Cisco ACE application switch can function as multiple virtual ACE devices, substantially reducing capital, space, and power requirements in the data center and enhancing an organization's capability to scale its data center resources.

Role-based administration allows IT personnel to provision and manage multiple virtual devices in parallel within a single Cisco ACE platform, allowing much faster deployment of applications than if the different groups had to provision the application switches in a serial fashion.

Using Cisco ACE application switches, with their high performance and unique features, organizations can achieve the following business goals:

• • Cost-effectively consolidate data centers while retaining business continuity.
• • Improve end-user application response times by up to 500 percent.
• • Optimize server efficiency for fast and consistent user application experiences.
• • Secure application server farms.
• • Improve application deployment times by up to 75 percent while increasing IT productivity.
• • Cost-effectively scale application deployments

Proxy SG

Blue Coat proxy SC appliances establish points of control that accelerate and secure business applications for users across distributed organisations.

Blue Coat’s MACH5 acceleration technology combines five capabilities onto one box to help ensure delivery of crucial applications, no matter if the application is located internally or externally on the Internet.

Blue Coat’s security architecture addresses multiple requirements, including filtering Web Content, preventing malicious code, virus scanning, inspecting encrypted SSL traffic and controlling Instant Messaging, Peer to Peer and streaming traffic.

Additonally, Blue Coat’s Policy Processing Engine empowers IT to make intelligent decisions. Using a wide range of attributes such as user, application content organisations can effectively aligh security and performance policies with corporate priorities.

Infoblox

Many companies have a growing problem - keeping the their core network services infrastructure - the protocols and services that store and deliver information about users, devices, and policies for all IP applications - running nonstop. Core network services (like DNS, DHCP, RADIUS, etc.) are the foundation that supports new security initiatives, pervasive mobile networking, convergence applications like VoIP, and growing compliance reporting requirements. These are becoming increasingly difficult to manage and secure for the following reasons:

• • An explosion in the number and diversity of network users, devices, and policies
• • An increasing number of network attacks specifically targeting the core network services infrastructure, such as DNS cache poisoning.
• • The deployment of real-time IP applications, such as voice over IP (VoIP), which cannot tolerate delays in network services data updates.
• • New regulations, such as Sarbanes-Oxley, which require more integrated ccore network services to enable the creation of audit trails and more sophisticated reporting.
• • Industry endpoint security initiatives, such as Cisco Network Admission Control (NAC) and Microsoft Network Access Protection (NAP), which require core network services integration to determine and enforce the access rights of remote workers.

Infoblox solves these problems by providing a platform for delivering reliable, scalable, and secure core network services. The integrated Infoblox approach combines the simplicity of appliances with the power of advanced distributed database technology to control and automate services while achieving availability, manageability, visibility, and control unparalleled by conventional solutions based on legacy technologies.

The modular Infoblox product line consists of a series of security-hardened, high-performance appliance platforms that ship standard with Infoblox NIOS™software and support a variety of software packages.

Web Security Suite

Websense Web Security Suite is a leading web security solution that protects organizations from known and new web-based threats by clocking known threats before they reach the endpoint. Based on the industry-leading Websense ThreatSeeker Network, which scans 595 million websites per week to find and respond to threats, Websense Web Security Suite protects against spyware, malicious mobile code, and phishing attacks, bots, and other malware. Unlike some other solutions, it also blocks spyware and keylogger backchannel communications from reaching their host servers. In addition, only Websense Web Security Suite offers the Websense Web Protection Services that help protect organizations’ websites, brands, and web servers.

Web Enterprise

Websense Enterprise is an industry-leading web filtering solution which improves productivity, reduces legal liability, and optimizes the use of IT resources. Websense Enterprise integrates seamlessly with leading network infrastructure products to offer unequaled flexibility and control.

Websense Enterprise allowas organisations to establish policies on Internet use, file types and user groups. Additionally, it has powerful reporting tools to track and analyse Internet use throughout the organisation and it also allows organisations to distribute administrative tasks across departments, groups, or locations to increase visibility within individual areas and to reduce the burden on IT.

SecurID

Security built on static, reusable passwords has proven easy for hackers to beat. RSA SecurID® two-factor authentication is based on something you know (a password or PIN) and something you have (an authenticator) - providing a much more reliable level of user authentication than reusable passwords. It is the only solution that automatically changes your password every 60 seconds

RSA offers enterprises a wide range of user authentication options to help positively identify users before they interact with mission-critical data and applications through a wide range of sources such as VPNs & WLANs, email, PCs or Intranets and Extranets.

The RSA SecurID family is based around the RSA SecurID authentication manager, which verifies authentication requests and centrally administers authentication policies for enterprise networks. RSA Authentication Manager software is also interoperable with more network, remote access, VPN, Internet, wireless and application solutions than any other system available today.

Features such as clustering and load balancing, native LDAP, full web-based administration and high-availability platform support make RSA Authentication Manager the ideal solution for any size network that requires a robust authentication server.

In addition, there is a range of fobs which are allocated to users to enable them to connect to the authentication manager. Each fob displays a unique code generated by the RSA SecurID or AES industry - standard hash algorithm in combination with the unique symmetric key contained in the token which will change every sixty seconds for the lifetime of the fob.