Network Box

PROTECTION

The trademarks, including but not limited to “Network Box” and the curly ”N” device, are either trademarks or
registered trademarks of Network Box Corporation Limited. Other trademarks and product names used in this
publication are for identification purposes only, and may be the trademarks of their respective companies. This
document may not be distributed without the prior consent of Network Box Corporation Limited.
Copyright © Network Box Corporation Limited 2014.

PT NETWORK BOX INDONESIA

www.network-box.com

PUSH Content Filtering Zero-Day Anti-DDoS

Technology Engine Anti-Malware Engine Web Application Firewall+
Network Box
Protection Cyber Threat

Your Business
By installing Network and Reputation
Box at the gateway,
you will be protected
against all types of
cyber threats

Emails

Bank Details
Company Assets
Supplier Data

Passwords
Customer Data
Financial Data

Intellectual Property

Do-it-Yourself
Self-Managed
Self-managed Appliance, purchase & operation costs:
–  Purchase Costs of all Security & Gateway Devices
(Firewall, IDS, Antivirus, AntiSPAM, Content Filtering,
AntiDDoS, Load Balance, VPN, SSL server, IPv4 to IPv6,
Entity Management, secured DNS, secured DHCP,
Network Monitoring (gateway) and reporting, etc
--- multiply by number of sites
–  Annual Services (for each appliance) x no. of sites
–  Consulting, Outsourcing , Maintenance Services
–  Security Systems Integration & Upgrade (services)
Salary / HR for IT Security/ Gateway
–  Head office / data center
to maintain (per vendor): Firewall, IDS, Antivirus, AntiSPAM,
Content Filtering, AntiDDoS, Load Balance, VPN, SSL
server, IPv4 to IPv6, Entity Management, secured DNS,
secured DHCP, Network Monitoring (gateway) and
reporting, etc
--- multiply by additional resouces per branch sites
–  Resources for 24/7 monitoring, management and real-
time update (3 shifts)
–  Certification & training costs
–  Cyber threat mitigation costs
Other costs
–  Facility & utility cost for 24/7, 365 Monitoring (3 shifts
operations)
–  Transport & accommodations, OPEs
–  Cyber threat mitigation costs
–  Costs for dedicated lines, VPN , virtual VPN, etc
vs Network Box
Managed Security
ONE TIME Boxes Cost
–  Enterprise Series E-2000 >150 users
–  Medium Series M-395i <150 users
–  Small Series S-68i <15 users
–  One time install & commissioning
ANNUAL Services per Year, OPEX
–  Enterprise Series E-2000 >150 users
–  Medium Series M-395i <150 users
–  Small Series S-68i <15 users
SIMPLER TO MANAGE, & MORE SECURE:
–  IT Security Costs becomes fixed annual OPEX
–  HRD – IT Professionals: local, regional, global NB backup,
monitoring & gateway security management support
always on call (Service Ticket)
–  Integrations, Updates, Upgrades are automated
–  Systems Improvements (more Engines, at no additional
costs, no IT resources required to add, install, integrate),
always secured
–  Operations 24/7 monitoring, Service Tickets
–  Default feature enable customer to perform Remote
config to all Branch sites
–  Benefit from the most comprehensive, well integrated,
award winning cyber gateway security
–  Scalability, benefit from the same quality of protection
for all internet gateways within the organization, with the
best TCO cyber security solution
Cyber Security
What security technologies should most
business have in place right now?

01 Firewall 07 DLP (Data Leakage Prevention)

02 Anti-Malware (Push Update) 08 DDoS Mitigation

03 Anti-Spam (Push Update) 09 Web Application Firewall

04 IDP (Intrusion Detection and Prevention) 10 Secure Socket Layer (SSL) Proxying

05 VPN (Virtual Private Network) 11 IPv6 Bridging

06 Content Filtering and Policy Enforcement 12 Network Monitoring and Reporting

Network Box has tightly integrated all of the above into one solution
into one fixed (OPEX) costs

Essential
Security Technologies
Smart Next Generation Solution
Self-managed point-solutions for internet security usually looks like a server farm consisting multiple appliance/
technology/ vendors that is complex, costly, and demand professionally certified team to manage. Due to recent
and ever increasing attacks from the internet, the security team demands more and more of the company’s
resources. This is the reason why most businesses centralize their internet access to their head office, because it is not
practical and very costly to deploy gateway security at each of the branch sites. But this method restrict internet
speed and restrict user access policy to a point that frustrate users.
Many branch sites quietly allow new “unauthorized” internet connection (like Telkom IndiHome, or tethering to 4G
wifi), ignoring or simply don’t understand that such action will compromise the security of the whole organization.
Another fact is that most head-office’s IT security team is seriously understaffed. IT Departments are struggling when
they face the task to update or to change the configuration of their security systems. New servers, new applications,
new threats, all requires changes in the existing configurations. Then, they will have to ensure integration among all
of their security and other gateway devices. These are issues only experienced technical people can comprehend.
That is why internet access at branch sites often very restricting, and this is always contradicts the management’s
demands for faster internet speed, customized and more flexible internet access rules. On top of this, there is always
new demand for more internet applications to run their business. On the other side, some companies just “give up”
and implement very loose security control, that leaves the whole organization vulnerable.
Not many businesses conduct regular internet security audit. Therefore most of them are unaware about their
security risks they are facing. Those who have done security audit often faces difficulties in implementing proper
internet security solutions in place, due to the costs and resources required to manage and to maintain them.
Network Box can solve the above issues. Network Box provides managed security solution for businesses of all sizes.
We provide comprehensive gateway security that is scalable and yet affordable. From a small S-series Box that
protects a small 5 users site branch, to a data center level, we have it all covered. Now each site can be protected
with UTM or WBP (web proxy) with comprehensive internet security, that is fully monitored, managed and updated in
real-time, 24/7, fully automated, fully integrated. Network Box allows for remote management/ configuration from
the Head Office IT security team, with back up support from local VAR partners, as well as from the global IT support
at SOC. Regardless the box size, small Box or Enterprise Box, all runs the same protection and the same service
quality. Only Network Box has this kind of solution, an internationally recognized, award winning protection.
This new concept generates cost savings in securing your internet gateways, including cost reduction on the overall
internet connection costs and very minimal requirement on your already understaffed IT security team. Customer
can utilize cheaper internet costs because much of the load from the existing VPN can be allocated to local ISP,
and yet they can be well protected, managed and monitored by the head office. Furthermore, the cost of investing
on Network Box at each site is usually much cheaper than maintaining existing security. Better security, simple to
manage and better total cost of ownership.
 VPN-5 Box
Small Outlets

Head Office
INTERNET

S-Series with WBP+

for Small Branches
(5-15 users)
Enterprise Series with UTMW service
Comprehensive, award-winning mul=-layer,
=ghtly-integrated, managed security with 24/7
real-=me security monitoring, management &
update, with “High Availability” op=on:
•  Firewall
•  Intrusion Detec<on & Preven<on (IDP)
•  An<Malware & Zero Day Protec<on M-Series with WBP+ or UTM+
•  An<SPAM for Branch Offices ( <150 users)
•  Content Filtering & Policy Enforcement
•  DDoS Mi<ga<on, Branches and outlets, Big or Small, are
•  Web Applica<on Firewall (WAF) protected using VPN Box, Small or Medium •  SSL Proxying
•  VPN Series Boxes, with WBP+ (web browsing •  IPv6 Bridging
•  SSL Proxying proxyi) OR with UTM+ (Unified Threat •  Network Monitoring & Repor<ng
•  IPv6 Bridging Managment) services, in a single or High •  PUSH Update
•  Network Monitoring & Repor<ng Availability op=on: •  Applica<on Scanning & Control
•  PUSH Update •  Firewall •  Load Balancing, DNS, DHCP server
•  Applica<on Scanning & Control •  Intrusion Detec<on & Preven<on (IDP) with UTM+ , you’ll get addi<onal services:
•  Data Leakage Protec<on (DLP) •  An<Malware Web •  An<Malware Email
•  Load Balancing, DNS, DHCP server, and more •  Zero Day Protec<on •  An<SPAM
and service support by qualified professionals •  Content Filtering & Policy Enforcement and service support by qualified professionals
from Network Box’s triple ISO-cer=fied SOC, and •  DDoS Mi<ga<on, from Network Box’s triple ISO-cer=fied SOC,
your local Value Added Resellers. •  VPN and your local Value Added Resellers.
 VPN-5 Box
Small Outlets
about $1000/yr

Head Office
INTERNET

S-Series with WBP+

for Small Branches
(5-15 users)
about $5000/yr
Enterprise Series with UTMW service S38i & S-68i
with “High Availability” op=on
about $125,000/yr
E-2000i x 2
M-Series with WBP+ or UTM+
for Branch Offices ( <150 users)
about $15000/yr
M255i & M395i
Remarks :
•  Box price has not been added. Box cost is one-<me cost, about 75% to 150% of the annual service, depending
on the hardware requirement (box sizing) on each loca<on.
•  Mean Time Between Failure of Boxes is 4 years for Small series, 5 years for Medium Series and 7 years for
Enterprise series. Please refer to the Hardware datasheet for more accurate informa<on.
•  The above value serves as indica<on for rough-cut project investment, for es<ma<on only.
•  Assump<on: 1 box per site (per gateway)
•  All annual services cost are based on WBP+ (web proxy) services
•  Actual investment value/cost at each site will depend on the result of box sizing
•  The above assump<on is based on the limited data provided to us. This assump<on cannot be applied in other
simula<on case.
•  This is not a Quota<on. for discussion purpose only.
Smart Next Generation Solution
Managed Security & Services
Only possible with Network Box
–  Beter security: comprehensive 78+ gateway security engines, holistic security approach, multi-layer, well-
integrated, real-time updates – fully automated, PUSH technology
–  All security components are monitored, updated and managed in real-time, 24/7 by professional IT security at our
triple-ISO SOC’s. Because, late update means no security!
–  Unlimited technical support, using Network Box Service Ticket facility
–  First-tier support services from distinguished Network Box LOCAL PARTNERs
–  Less demand on company resources:
–  Less demand on IT professionals (HR) required to manage gateway cyber security
–  One high performance Box to replace many devices (self-managed un-integrated devices)
–  Easy to install, to configure and to swap boxes
–  Simpler to manage cyber security: Single site monitoring, single configuration console, remote management
support. This removes the troubles of maintenance and integration tasks of multiple vendors and appliances.
–  Better control: comprehensive cyber security in one integrated package with real-time reports
–  Better Total Cost of Ownership TCO, versus self-managed or point-solutions
–  Scallable: fully protect small outlet, small to large branch offices, to data center. Affordable!
–  Best of breed cyber security technology at your doorstep – at all time
–  Award winning solutions, recognized worldwide by cyber security professionals

MANAGED SECURITY – BETTER TCO – BETTER CONTROL – SIMPLER TO MANAGE

SO YOU CAN SPEND MORE RESOURCES ON YOUR MAIN BUSINESS
 INTERNET
VPN
•  limited b/w
•  restric<ng
•  more $ vs
alterna<ves
•  low security

Mul<ple vendor, many appliances, complex

Self-managed, point-solu<ons
Not well-integrated, late update
Head Office High demand on IT resources

THE NEXT GENERATION MANAGED SECURITY

VPN-5 Box
Small Outlets

INTERNET

E-Series with UTMW S-Series with WBP+

for Small Branches
(5-15 users)

Head Office M-Series with WBP+ or UTM+

for Branch Offices ( <150 users)
Network Box
Service Packages

In order to provide
comprehensive security FW+ AV+ CF+
Firewall Anti-Virus Content Filtering
solutions, Network Box’s Plus Plus Plus

technologies have
been categorized and
complied into nine
service packages UTM+ WAF+ EMP+
Unified Threat Web Application Email Protection
Management Plus Firewall Plus Plus

WBP+ FWAF UTMW

Web Browsing FW+ and WAF+ UTM+ and WAF+
Protection Plus Protection Protection
Service Packages
Security Technologies Matrix
Security Technologies FW+ AV+ CF+ UTM+ WAF+ EMP+ WBP+ FWAF UTMW

PUSH Updates ˜ ˜ ˜ ˜ ˜ ˜ ˜ ˜ ˜
Network Monitoring and Reporting ˜ ˜ ˜ ˜ ˜ ˜ ˜ ˜ ˜
Firewall ˜ ˜ ˜ ˜ ˜ ˜ ˜ ˜
Intrusion Detection and Prevention (IDP) ˜ ˜ ˜ ˜ ˜ ˜ ˜ ˜
Virtual Private Network (VPN) ˜ ˜ ˜ ˜ ˜ ˜ ˜ ˜
Anti-Malware (email) ˜ ˜ ˜ ˜
Anti-Malware (web) ˜ ˜ ˜ ˜
Anti-Spam ˜ ˜ ˜ ˜
Content Filtering ˜ ˜ ˜ ˜
Entity Management ˜ ˜ ˜ ˜ ˜ ˜ ˜ ˜ ˜
Data Leakage Prevention (DLP) ˜ ˜
Anti-DDoS ˜ ˜ ˜ ˜ ˜ ˜ ˜ ˜ ˜
Web Application Firewall (WAF) ˜ ˜ ˜
IPv4 to IPv6 Bridging ˜ ˜ ˜ ˜ ˜ ˜ ˜ ˜ ˜
Multi-Layered
Security
78 Protection Engines
75,512,406 Signatures

For real-time figures, please visit

http://response.network-box.com/protection
Managed Security Platform
Hardware Appliance
– All hardware is 64bit
– Designed to offer exceptional performance and reliability
– Based on multi-core CPUs, and able to withstand extreme
shock, vibration and temperature ranges

S-series VPN

M-series

Enterprise
series
PUSH Technology
Real-Time Updates

Key Features:
–  Updates are PUSHed out and
installed in an average time of less
than 45 seconds
–  Automated process, the customer
does not need to manually
download and install the updates
–  Currently, Network Box is PUSHing
out 32,000+ updates a day
Hybrid Firewall
Gateway Protection

Key Features:
–  Proxy Firewall, maintains
transparency between requester
and server
–  Packet-Filtering, suitable for basic
protection with minimal
overhead
–  Stateful Packet Inspection,
suitable for high performance
and sophisticated rule sets
Anti-Malware
viruses, worms, trojans, spyware

Key Features:
–  16 Engines
11,098,714 Signatures
–  Triple 100% Tolly Group detection
rating against their Extended Wildlist
Malware database over HTTP, SMTP
and POP3 protocols
–  Zero-Day Anti-Malware engine,
Z-Scan, responds in an average
time of 3 seconds from a threat
being detected
–  Anti Mobile malware
 Z-Scan
Multi-award winning Z-Scan, focuses on developing and releasing its
own signatures to protect against emerging Zero Day Malware threats

While the M-Scan

Lab is doing analysis,
Network Box Security
Response utilizes the Z-Scan
Z-Scan Outbreak Outbreak System
system to protect
Network Box clients
around the world
The whole process takes
3 seconds
Z-Scan’s
250,000+
‘in-the-cloud’
malware
traps
Network Box Security Response The Zero Day Malware is sent to
‘Outbreak System’ | M-Scan Lab Network Box Security Response, as well
as the Network Box M-Scan Lab
Anti-Spam
Multi-Layered Spam Protection

Key Features:
–  25 Engines
30,741,928 Signatures
–  Industry leading:
98.75% Spam Detection Accuracy,
with 0.01% False-Positive Rate
–  Anti-Spam technologies:
Co-operative Spam Checksums,
Signatures and Spam Scoring,
Real-Time IP and URL Blacklists,
Mail Portal, URL Categorization,
Bayesian Filtering, OCR
Intrusion Detection
and Prevention (IDP)

Key Features:
–  3 Engines
16,013 Signatures
–  Scans network traffic at the
application level, and seamlessly
blocks malicious behavior with
zero latency
–  Two Modes:
Active (blocks network traffic)
Passive (logs intrusion attempts)
Virtual Private Network
(VPN)

Key Features:
–  Authenticated user sessions
–  Allows different firewall policies to
be applied to encrypted vs non-
encrypted traffic and to specific
end-points
–  Supports 3 core VPN Technologies:
PPTP, IPSEC, SSL VPN
Content Filtering
Control Your Web Access

Key Features:
–  16 Engines
33,631,094 Signatures
–  Uses high performance
signature based technology,
rather than a simple URL Undesirable
Website
database
–  Detection rate of 98.7% for the
Top 100,00 websites

Internet
User
Network Box
installed at the gateway
Block
Notification The website is BLOCKED
by the Network Box and
user is sent a notification.
Data Leakage Prevention
(DLP)

Key Features:
–  Customizable rules and policies
–  Complex pattern matching and
Content analysis
–  Optical Character Recognition
Distributed Denial of Service (DDoS) Attacks
Real-Time DDoS Mitigation

Anti-DDoS WAF+ will DETECT and FINGER PRINT

the attack. It MITIGATES the attack by black
listing the source addresses.

BOTNET
The botnet will attempt to
Legitimate
overwhelm the web server by Users
sending numerous requests.
Whilst this is happening, the
Anti-DDoS WAF+ allows
Web Server legitimate users to access the
web server.
Web Application Firewall
(WAF)

Key Features:
–  Uses a database of over 6,000
rules combined with a signature
database to identify several
million threats
–  Up to 15,000 fully analyzed
transactions per second
–  Supports standard and custom
applications
Infected LAN
Protect your Internal Network

Key Features:
–  Detection of outbound access to
known public BotNet command and
control servers
–  Detection of outbound access to
known malware update sites
–  Highly-granular detection for highly-
prolific malware
–  Optional support for dynamically
blacklisting detected infected
workstations / servers
SSL Proxying
Secured Certificate Exchange

Key Features:
–  Provides Identification, Decryption,
Encryption, Certificate Validation and
Protection of SSL network traffic
–  Gives IT Managers the option to
bypass failed SSL certificates, NOT
the end user
–  Allows connections to secure servers
on the Internet to be made with the
highest common denominator
security, rather than the lowest
Application Scanning
Enhanced Policy Control

Key Features:
–  Customisable policy rules for
enhanced control of internet access
–  Supports:
1,388 applications,
15 categories
20 tags
–  SSL encrypted traffic can also be
identified and controlled
Application Scanning
Enhanced Policy Control
1. Flexible Classification Control
Access can be restricted using multiple categories, tags, productivity
index and risk level classifications
Example: Users cannot access site that are: Social Media, AND
Advertising, AND Productivity Index 1 AND Risk Level 5
2. Time-based Control
Allows users to access certain websites only during specific times of the day
Example: Users can only access Facebook during lunch time, and before /
after work
3. User-level Control
Only specified users/user groups
can access certain websites
Example: The company’s marketing department can access Facebook
all day but other user groups cannot access it / can only access it
during non-working hours
4. Granular Control
User will be able to access certain website but may have restrictions
within the site
Example: Users can access Facebook but cannot use the applications
such as chat or games
IPv4-IPv6 / IPv6-IPv4 Bridging
Fully Automated Solution
IPv6
Server
The Network Box device
recognizes both IPv4 and
IPv6 protocols, it acts as a
bridge between the two IP
clouds so that computers on
IPv4 can access computers
on IPv6 and vice versa.

IPv6
Server
IPv4
Server IPv6 devices
communicate with
each other via the
Network Box system IPv6 cloud.
(installed in front of
the servers)

IPv4 IPv4 devices

Server communicate with
each other via the
IPv4 cloud.
Cloud Mail Backup
Never loose an email again

Key Features:
–  4 geographical locations:
Asia, America, Europe and
the Pacific
–  Once delivered, the emails will
be removed and only logs will
be retained
–  Backup queuing if the primary
MX servers are overloaded and
temporarily not accepting new
connections/emails
Cloud DNS Backup
Protect your domains and links

Key Features:
–  Full control over which of
domains will use the service
–  Full control over which cloud
backup servers will be used for
which domain
–  Only the DNS records and
statistical logs, will be stored on
the Cloud DNS Backup servers
Entity Management
User and Device Administration

Key Features:
–  All users’ devices (e.g. laptop,
desktop, mobile device, etc) can
be grouped into individual entities
–  Presents a single holistic view of
the activity, of each of the entities
in the network
–  Allows IT Managers to monitor,
manage, and protect, their users
and networks
Network Monitoring
and Reporting

Key Features:
–  HTML-5 Customizable Dashboard
–  Customized Reports:
Adobe PDF, CSV and other formats
–  Real-time portable monitoring
Network Monitoring
HTML-5 Dashboard

DDoS Attack Analysis

Real-Time
Portable Monitoring
Using almost any mobile
device, users can securely
monitor their network in
real-time
ISO Certified Monitored Service
Advantages

All requests are handled by qualified

security analysts

Monitored by triple ISO certified

Security Operations Centre

Full logs of every event

Ability to ‘roll back’ to a previous

security setting
CYBERSECURITY Excellence Awards
Over 100 Awards: Government, Media, Industry Awards, from Asia, Europe & USA
 Network Box Certified ISO 9001/ ISO 20000 / ISO 27001 Security Operation Centre

PT NETWORK BOX INDONESIA

www.network-box.com
email us at: nbid@network-box.com