Академический Документы
Профессиональный Документы
Культура Документы
PROTECTION
The trademarks, including but not limited to “Network Box” and the curly ”N” device, are either trademarks or
registered trademarks of Network Box Corporation Limited. Other trademarks and product names used in this
publication are for identification purposes only, and may be the trademarks of their respective companies. This
document may not be distributed without the prior consent of Network Box Corporation Limited.
Copyright © Network Box Corporation Limited 2014.
Your Business
By installing Network and Reputation
Box at the gateway,
you will be protected
against all types of
cyber threats
Emails
Bank Details
Company Assets
Supplier Data
Passwords
Customer Data
Financial Data
Intellectual Property
Do-it-Yourself vs Network Box
Self-Managed Managed Security
Self-managed Appliance, purchase & operation costs:
– Purchase Costs of all Security & Gateway Devices
(Firewall, IDS, Antivirus, AntiSPAM, Content Filtering, ONE TIME Boxes Cost
AntiDDoS, Load Balance, VPN, SSL server, IPv4 to IPv6,
Entity Management, secured DNS, secured DHCP,
– Enterprise Series E-2000 >150 users
Network Monitoring (gateway) and reporting, etc – Medium Series M-395i <150 users
--- multiply by number of sites
– Annual Services (for each appliance) x no. of sites – Small Series S-68i <15 users
– Consulting, Outsourcing , Maintenance Services
– Security Systems Integration & Upgrade (services) – One time install & commissioning
Salary / HR for IT Security/ Gateway
– Head office / data center ANNUAL Services per Year, OPEX
to maintain (per vendor): Firewall, IDS, Antivirus, AntiSPAM,
Content Filtering, AntiDDoS, Load Balance, VPN, SSL – Enterprise Series E-2000 >150 users
server, IPv4 to IPv6, Entity Management, secured DNS,
secured DHCP, Network Monitoring (gateway) and – Medium Series M-395i <150 users
reporting, etc
--- multiply by additional resouces per branch sites
– Small Series S-68i <15 users
– Resources for 24/7 monitoring, management and real-
time update (3 shifts)
– Certification & training costs SIMPLER TO MANAGE, & MORE SECURE:
– Cyber threat mitigation costs – IT Security Costs becomes fixed annual OPEX
– HRD – IT Professionals: local, regional, global NB backup,
Other costs
– Facility & utility cost for 24/7, 365 Monitoring (3 shifts
monitoring & gateway security management support
operations) always on call (Service Ticket)
– Transport & accommodations, OPEs
– Cyber threat mitigation costs
– Integrations, Updates, Upgrades are automated
– Costs for dedicated lines, VPN , virtual VPN, etc – Systems Improvements (more Engines, at no additional
costs, no IT resources required to add, install, integrate),
always secured
– Operations 24/7 monitoring, Service Tickets
– Default feature enable customer to perform Remote
config to all Branch sites
– Benefit from the most comprehensive, well integrated,
award winning cyber gateway security
– Scalability, benefit from the same quality of protection
for all internet gateways within the organization, with the
best TCO cyber security solution
Cyber Security
What security technologies should most
business have in place right now?
04 IDP (Intrusion Detection and Prevention) 10 Secure Socket Layer (SSL) Proxying
Network Box has tightly integrated all of the above into one solution
into one fixed (OPEX) costs
Essential
Security Technologies
Smart Next Generation Solution
Self-managed point-solutions for internet security usually looks like a server farm consisting multiple appliance/
technology/ vendors that is complex, costly, and demand professionally certified team to manage. Due to recent
and ever increasing attacks from the internet, the security team demands more and more of the company’s
resources. This is the reason why most businesses centralize their internet access to their head office, because it is not
practical and very costly to deploy gateway security at each of the branch sites. But this method restrict internet
speed and restrict user access policy to a point that frustrate users.
Many branch sites quietly allow new “unauthorized” internet connection (like Telkom IndiHome, or tethering to 4G
wifi), ignoring or simply don’t understand that such action will compromise the security of the whole organization.
Another fact is that most head-office’s IT security team is seriously understaffed. IT Departments are struggling when
they face the task to update or to change the configuration of their security systems. New servers, new applications,
new threats, all requires changes in the existing configurations. Then, they will have to ensure integration among all
of their security and other gateway devices. These are issues only experienced technical people can comprehend.
That is why internet access at branch sites often very restricting, and this is always contradicts the management’s
demands for faster internet speed, customized and more flexible internet access rules. On top of this, there is always
new demand for more internet applications to run their business. On the other side, some companies just “give up”
and implement very loose security control, that leaves the whole organization vulnerable.
Not many businesses conduct regular internet security audit. Therefore most of them are unaware about their
security risks they are facing. Those who have done security audit often faces difficulties in implementing proper
internet security solutions in place, due to the costs and resources required to manage and to maintain them.
Network Box can solve the above issues. Network Box provides managed security solution for businesses of all sizes.
We provide comprehensive gateway security that is scalable and yet affordable. From a small S-series Box that
protects a small 5 users site branch, to a data center level, we have it all covered. Now each site can be protected
with UTM or WBP (web proxy) with comprehensive internet security, that is fully monitored, managed and updated in
real-time, 24/7, fully automated, fully integrated. Network Box allows for remote management/ configuration from
the Head Office IT security team, with back up support from local VAR partners, as well as from the global IT support
at SOC. Regardless the box size, small Box or Enterprise Box, all runs the same protection and the same service
quality. Only Network Box has this kind of solution, an internationally recognized, award winning protection.
This new concept generates cost savings in securing your internet gateways, including cost reduction on the overall
internet connection costs and very minimal requirement on your already understaffed IT security team. Customer
can utilize cheaper internet costs because much of the load from the existing VPN can be allocated to local ISP,
and yet they can be well protected, managed and monitored by the head office. Furthermore, the cost of investing
on Network Box at each site is usually much cheaper than maintaining existing security. Better security, simple to
manage and better total cost of ownership.
VPN-5 Box
Small Outlets
Head Office
INTERNET
Head Office
INTERNET
INTERNET
In order to provide
comprehensive security FW+ AV+ CF+
Firewall Anti-Virus Content Filtering
solutions, Network Box’s Plus
Plus
Plus
technologies have
been categorized and
complied into nine
service packages
UTM+ WAF+ EMP+
Unified Threat Web Application Email Protection
Management Plus
Firewall Plus
Plus
PUSH Updates
Network Monitoring and Reporting
Firewall
Intrusion Detection and Prevention (IDP)
Virtual Private Network (VPN)
Anti-Malware (email)
Anti-Malware (web)
Anti-Spam
Content Filtering
Entity Management
Data Leakage Prevention (DLP)
Anti-DDoS
Web Application Firewall (WAF)
IPv4 to IPv6 Bridging
Multi-Layered
Security
78 Protection Engines
75,512,406 Signatures
S-series VPN
M-series
Enterprise
series
PUSH Technology
Real-Time Updates
Key Features:
– Updates are PUSHed out and
installed in an average time of less
than 45 seconds
– Automated process, the customer
does not need to manually
download and install the updates
– Currently, Network Box is PUSHing
out 32,000+ updates a day
Hybrid Firewall
Gateway Protection
Key Features:
– Proxy Firewall, maintains
transparency between requester
and server
– Packet-Filtering, suitable for basic
protection with minimal
overhead
– Stateful Packet Inspection,
suitable for high performance
and sophisticated rule sets
Anti-Malware
viruses, worms, trojans, spyware
Key Features:
– 16 Engines
11,098,714 Signatures
– Triple 100% Tolly Group detection
rating against their Extended Wildlist
Malware database over HTTP, SMTP
and POP3 protocols
– Zero-Day Anti-Malware engine,
Z-Scan, responds in an average
time of 3 seconds from a threat
being detected
– Anti Mobile malware
Z-Scan
Multi-award winning Z-Scan, focuses on developing and releasing its
own signatures to protect against emerging Zero Day Malware threats
Key Features:
– 25 Engines
30,741,928 Signatures
– Industry leading:
98.75% Spam Detection Accuracy,
with 0.01% False-Positive Rate
– Anti-Spam technologies:
Co-operative Spam Checksums,
Signatures and Spam Scoring,
Real-Time IP and URL Blacklists,
Mail Portal, URL Categorization,
Bayesian Filtering, OCR
Intrusion Detection
and Prevention (IDP)
Key Features:
– 3 Engines
16,013 Signatures
– Scans network traffic at the
application level, and seamlessly
blocks malicious behavior with
zero latency
– Two Modes:
Active (blocks network traffic)
Passive (logs intrusion attempts)
Virtual Private Network
(VPN)
Key Features:
– Authenticated user sessions
– Allows different firewall policies to
be applied to encrypted vs non-
encrypted traffic and to specific
end-points
– Supports 3 core VPN Technologies:
PPTP, IPSEC, SSL VPN
Content Filtering
Control Your Web Access
Key Features:
– 16 Engines
33,631,094 Signatures
– Uses high performance
signature based technology,
rather than a simple URL Undesirable
Website
database
– Detection rate of 98.7% for the
Top 100,00 websites
Internet
User
Network Box
installed at the gateway
Block
Notification
The website is BLOCKED
by the Network Box and
user is sent a notification.
Data Leakage Prevention
(DLP)
Key Features:
– Customizable rules and policies
– Complex pattern matching and
Content analysis
– Optical Character Recognition
Distributed Denial of Service (DDoS) Attacks
Real-Time DDoS Mitigation
BOTNET
The botnet will attempt to
Legitimate
overwhelm the web server by Users
sending numerous requests.
Whilst this is happening, the
Anti-DDoS WAF+ allows
Web Server
legitimate users to access the
web server.
Web Application Firewall
(WAF)
Key Features:
– Uses a database of over 6,000
rules combined with a signature
database to identify several
million threats
– Up to 15,000 fully analyzed
transactions per second
– Supports standard and custom
applications
Infected LAN
Protect your Internal Network
Key Features:
– Detection of outbound access to
known public BotNet command and
control servers
– Detection of outbound access to
known malware update sites
– Highly-granular detection for highly-
prolific malware
– Optional support for dynamically
blacklisting detected infected
workstations / servers
SSL Proxying
Secured Certificate Exchange
Key Features:
– Provides Identification, Decryption,
Encryption, Certificate Validation and
Protection of SSL network traffic
– Gives IT Managers the option to
bypass failed SSL certificates, NOT
the end user
– Allows connections to secure servers
on the Internet to be made with the
highest common denominator
security, rather than the lowest
Application Scanning
Enhanced Policy Control
Key Features:
– Customisable policy rules for
enhanced control of internet access
– Supports:
1,388 applications,
15 categories
20 tags
– SSL encrypted traffic can also be
identified and controlled
Application Scanning
Enhanced Policy Control
1. Flexible Classification Control
Access can be restricted using multiple categories, tags, productivity
index and risk level classifications
Example: Users cannot access site that are: Social Media, AND
Advertising, AND Productivity Index 1 AND Risk Level 5
2. Time-based Control
Allows users to access certain websites only during specific times of the day
Example: Users can only access Facebook during lunch time, and before /
after work
3. User-level Control
Only specified users/user groups
can access certain websites
Example: The company’s marketing department can access Facebook
all day but other user groups cannot access it / can only access it
during non-working hours
4. Granular Control
User will be able to access certain website but may have restrictions
within the site
Example: Users can access Facebook but cannot use the applications
such as chat or games
IPv4-IPv6 / IPv6-IPv4 Bridging
Fully Automated Solution
IPv6
Server
The Network Box device
recognizes both IPv4 and
IPv6 protocols, it acts as a
bridge between the two IP
clouds so that computers on
IPv4 can access computers
on IPv6 and vice versa.
IPv6
Server
IPv4
Server
IPv6 devices
communicate with
each other via the
Network Box system IPv6 cloud.
(installed in front of
the servers)
Key Features:
– 4 geographical locations:
Asia, America, Europe and
the Pacific
– Once delivered, the emails will
be removed and only logs will
be retained
– Backup queuing if the primary
MX servers are overloaded and
temporarily not accepting new
connections/emails
Cloud DNS Backup
Protect your domains and links
Key Features:
– Full control over which of
domains will use the service
– Full control over which cloud
backup servers will be used for
which domain
– Only the DNS records and
statistical logs, will be stored on
the Cloud DNS Backup servers
Entity Management
User and Device Administration
Key Features:
– All users’ devices (e.g. laptop,
desktop, mobile device, etc) can
be grouped into individual entities
– Presents a single holistic view of
the activity, of each of the entities
in the network
– Allows IT Managers to monitor,
manage, and protect, their users
and networks
Network Monitoring
and Reporting
Key Features:
– HTML-5 Customizable Dashboard
– Customized Reports:
Adobe PDF, CSV and other formats
– Real-time portable monitoring
Network Monitoring
HTML-5 Dashboard