Authentication

Aladdin eToken

eToken is a fully portable USB key / password management tool the size of an average house key that can be used to generate and provide secure storage for passwords, digital certificates, secure strong authentication, digital signing and encryption. eToken provides data security based on Smartcard technology but requires no special readers.

Client-Based Security

Check Point Integrity endpoint security protects PCs and the enterprise networks they connect to from worms, spyware, and intrusion attempts that evade other security products. By defeating PC-borne threats, Integrity mitigates the risk of major financial loss that can occur when information confidentiality or network availability is compromised. It’s the only solution that delivers Total Access Protection, ensuring that both IT-managed and guest PCs are secure before they are allowed to connect to the network.

Kaspersky Anti-Virus combines traditional anti-virus defense methods with the latest proactive technologies to provide solid and dependable protection against malicious programs. This award-winning antivirus software includes protection against viruses, spyware, Trojans, worms and keyloggers and features automated hourly updates.

Kaspersky Anti-Virus scans email traffic for viruses according to the protocol used. The product supports Microsoft Outlook or centralized scanning from Exchange. All HTTP Internet traffic is scanned for viruses in real-time, ensuring that infected objects are not saved to the computer’s hard disk. In addition, individual files, catalogues and disks can be designated for anti-virus scanning. Users can limit anti-virus scanning to critical areas of the operating system and startup objects to ensure that attention is focused on the most vulnerable areas of the system

Content Filtering

SurfControl Web Filter allows you to actively monitor network use and abuse anywhere in your organization. The solution provides unequalled protection from inbound and outbound malicious content, including spyware, adware, phishing, and viruses, as well as catching inappropriate Web usage, including streaming media, file downloads, pornography, and copyright violations.

SurfControl’s Real-Time Monitor gives you an understanding of Internet traffic on your network, instantly and in real-time, so that if needed, remedial action can be quickly taken.

Email Security and Anti-Spam

eSafe Mail is a secure email relay providing complete and integrated mail security with fast performance. It protects all incoming and outgoing SMTP and POP3 traffic. Known viruses are blocked with eSafe's high-speed anti-virus engine. Unknown viruses and other malicious active code (ActiveX, Java) are blocked by eSafe's various proactive technologies. eSafe detects attempts to exploit security holes and blocks this activity by removing macros and embedded objects arriving from untrusted sources.

The Barracuda Spam Firewall is an integrated hardware and software solution that has the power of an enterprise-class solution, and the ease-of-use and affordability that businesses of all sizes demand.

The Barracuda Spam Firewall includes all the features needed to eliminate your spam and completely protect your email server from all forms of attack. Email may be blocked, quarantined, tagged, or delivered based on the policies of the organization or the preferences of the individual user.

Secure Computing IronMail protects enterprise email systems from inbound threats: spam, viruses; or hackers trying to take down or take over the e‑mail system. IronMail protects enterprise email systems from outbound threats: regulatory compliance violations, corporate policy violations, or theft (“leakage”) of confidential information or intellectual property. IronMail protects enterprise email systems from threats that haven’t even been identified yet.

IronMail delivers the most accurate, effective, scalable and easy-to-manage anti-spam protection available. IronMail was the first product to integrate and correlate signature- and content-based techniques into a single, combined detection engine.

IronMail’s Zero Day Virus protection takes anti-virus protection to the next level by leveraging global threat intelligence to close the window of vulnerability that occurs between when an attack first emerges and when a signature is available – protecting your network from threats that don’t yet exist.

Encryption

The PGP Encryption Platform enables organizations to address a broad range of business and regulatory data security and privacy requirements with solutions that are flexible, scalable, and easily deployed and managed from a single, unified management console.

PGP solutions allow enterprises to deploy gateway- and desktop-based encryption based on specific requirements for data security within the organization. PGP products can secure internal and external communications, data stored on servers, desktops, and laptops, and automated backups and data transfers

While few will debate the value of encrypting messages that contain sensitive information, many security officers have resisted installing an encryption solution on their enterprise e-mail network due to the multiple incompatible technologies available, difficulty in communicating encryption requirements to end users, and challenges of getting end users to enforce the corporate policies.

IronMail solves these problems with an integrated, policy-based encryption solution that automates and enforces corporate IP protection policies with no end-user intervention. Just ask Network World Magazine, who in September 2005, named the IronMail Encryption solution the “Clear Choice Test” winner for enterprise email encryption.

Firewalls & VPNs

VPN-1 UTM delivers unified threat management that scales to enterprises of all sizes, helping customers to simplify security deployments by consolidating proven security functions within a single solution. It combines firewall, intrusion prevention, antivirus, anti-spyware, Web application firewall, and both IPSec and SSL VPN, in a fully integrated and easy-to-manage solution.

Check Point’s SmartCenter management interface gives administrators centralized control of all security components across the entire network, resulting in reduced management overhead and complexity.

VPN-1 UTM Edge solves the branch office paradox by delivering total security within a simple solution that can be deployed by non-technical personnel in less than 5 minutes. With integrated firewall, VPN, intrusion prevention, and antivirus technologies based on Check Point’s enterprise-class solutions, it ensures a consistent level of security across the entire network. As part of Check Point’s Unified Security Architecture, VPN-1 UTM Edge can enforce a global security policy as defined in SmartCenter or Provider-1. VPN-1 UTM Edge ensures that the branch office is no longer the back door to your network.

VPN-1 UTM Edge Wireless (W) security appliances deliver the same security found in VPN-1 UTM Edge X appliances and add the highest levels of security for wireless networks. VPN-1 UTM Edge W appliances support multiple security protocols, including 802.1x, IPSec over WLAN, RADIUS, WPA2, and WEP authentication. They also have dedicated WLAN interfaces from which administrators can set specific security rules for WLAN segments. This protects wireless interfaces by granting access only to authorized users, preventing hackers from attacking corporate resources and applications.

Firewall Add-Ons

Check Point FloodGate-1

Flood-Gate 1 optimizes network performance by assigning priority to business-critical applications and end users. Employee productivity remains high, your business is properly supported, and online experiences are positive. FloodGate-1 can be deployed with VPN-1/FireWall-1 or act as a standalone solution.

Check Point SmartDefense

Check Point Management and Add-ons

Check Point offers a wide variety of VPN client options, including IPSEC clients and SSL-based clients.

VPN-1 SecureClient strengthens enterprise security by ensuring client machines cannot be configured to circumvent the enterprise security policy. Using Secure Configuration Verification (SCV), managers can specify SCV checks—a set of predefined or custom conditions for a securely configured client system.

SSL Network Extender is a browser plug-in that provides clientless remote access, while delivering full network connectivity for any IP-based application. Integrated into VPN-1 gateways, SSL Network Extender enables combined IPSec and SSL VPN in one solution, simplifying your remote access deployments while providing maximum flexibility for your diverse remote access requirements. SSL Network Extender is also available with Connectra.

Check Point Integrity endpoint security protects PCs and the enterprise networks they connect to from the worms, spyware, and intrusion attempts that evade other security products. By defeating PC-borne threats, Integrity mitigates the risk of major financial loss that can occur when information confidentiality or network availability is compromised. It’s the only solution that delivers Total Access Protection, ensuring that both IT-managed and guest PCs are secure before they are allowed to connect to the network.

Check Point Connectra

Check Point Connectra is a complete Web Security Gateway that provides both SSL VPN and integrated Web security as a single, unified solution. By combining both connectivity and security in a single solution, Connectra allows organizations to deploy SSL VPNs safely and securely.

Through an integrated Connectra Web portal, users can access Web applications and resources, file shares, and email. Additionally, an organization can customize the design of the portal. Connectra can adapt the access rights of the remote user based on the trust and security of the endpoint.

Included with Connectra, SSL Network Extender is a Web plug-in that tunnels traffic from endpoint applications over SSL. It supports any IP-based application, including TCP and UDP, with-out requiring complex configuration to support each application. And because it is capable of tunneling any IP application, it even supports applications like FTP and VoIP that create unique problems with their use of dynamic ports.

Nokia IP Security Appliances

Intrusion Prevention

Check Point IPS-1 is a dedicated intrusion prevention system (IPS) that delivers mission-critical protection with unmatched management and granular forensic analysis capabilities and flexible deployment. The IPS-1 Hybrid Detection Engine delivers active detection and prevention at the network perimeter while the IPS-1 Dynamic Shielding Architecture drives preemptive functions to protect the network interior. Additional prevention is enabled through Confidence Indexing, which delivers unmatched flexibility in deploying prevention across the network. All these IPS-1 functions are controlled by powerful centralized management that readily supports both small- and large-scale deployments.

Web servers provide a portal to your internal network, so they require a more formidable and customized level of protection above and beyond what network firewalls or IDS can provide. SecureIIS provides web server security for the Microsoft IIS platform, with windows server firewall protection from both known and unknown vulnerabilities. SecureIIS works within the IIS web server, actively inspecting all incoming requests at each stage of data processing to prevent potentially harmful network traffic — whether encrypted or not — from penetrating your server. Even un-patched web servers security needs are addressed and protected from potentially damaging "known" and "unknown" attacks.

ForeScout CounterACT

ISS Proventia

Proventia Network IPS offers preemptive protection with more than 950 out of the box recommended blocking actions that neutralize threats. Internet Security Systems is number one in the overall worldwide intrusion prevention and detection market and has been number one for six consecutive years, according to the industry analyst firm, IDC.

Reporting and Compliance

The Iris Network Traffic Analyzer is eEye's award-winning vulnerability forensics solution addressing the network traffic analysis and reporting needs that security professionals face today. Iris provides the technology for continuous, automated problem identification, reporting, and integrated filtering capabilities that go beyond the capture, filter, and decode capabilities of traditional network analysis.

Iris captures network traffic and can automatically reassemble it to its native format, making it much easier to analyze the data going across the network. Security and IT professionals can read the actual text of an email exactly as it was sent, or reconstruct exact HTML pages that a user has visited. Iris also provides a variety of statistical measurements allowing companies to proactively identify — and take the steps to eliminate — performance issues before they can result in downtime.

Retina Network Security Scanner identifies known network security vulnerabilities and assists in prioritizing threats for remediation. Featuring fast, accurate, and non-intrusive scanning, users are able to secure their networks against even the most recent of discovered vulnerabilities. Users can also leverage Retina for security risk assessment, project risk management and enforcing standards-based registry settings through custom policy audits. And, because the majority of Retina scans can be conducted without administrator rights, Retina is the easy to use and cost-effective to deploy.

REM Security Management Console provides a single point of visibility for security risk management solutions, managing critical data specific to network vulnerabilities and machine resiliency, providing the overall network security posture of an organization. REM can immediately assess and improve an organization’s risk profile, enabling security teams to focus their efforts on the areas that matter most. REM's vulnerability management portal allows for the rapid identification and prioritization of threats, thus optimizing resources to focus on the most critical vulnerabilities first. Advanced workflow capabilities also allow groups to collaborate in ongoing remediation efforts, increasing operational efficiency as security and IT work to a common goal – eliminating network vulnerabilities.

To truly assure security policy and corporate compliance, one must create a platform that transforms enterprise-wide data into automated compliance and security information. RSA enVision provides a complete view of activity surrounding all the data on the network.

SPI Dynamics WebInspect application security assessment tool identifies known and unknown vulnerabilities within the Web application layer. WebInspect also performs checks that validate that the Web server is configured properly. With WebInspect, auditors, compliance officers, and security experts can perform security assessments on Web applications and Web services.

Enterprises with Web services implementations can automatically assess a Web service by discovering all XML input parameters and performing parameter manipulation on each XML field looking for vulnerabilities within the service itself.

Virtualization

Optimize and manage your IT infrastructure, from the desktop to the data center, by virtualizing your computing, storage and networking systems with VMware software. VMware products provide enterprise-class virtual machines that increase server and other resource utilization, improve performance, increase security and minimize system downtime, reducing the cost and complexity of delivering enterprise services. By leveraging your existing technology, VMware enables the roll out of new applications with less risk and lower platform costs.

Virus & Spyware Protection

eSafe Mail is a secure email relay providing complete and integrated mail security with fast performance. It protects all incoming and outgoing SMTP and POP3 traffic and can be installed as a stand-alone secure mail relay or as part of eSafe Gateway. eSafe mail provides built-in mail security mechanisms against attacks such as Denial of Service (DoS), relaying, email spoofing, attachment spoofing and manipulation.

eSafe’s integrated content security is fast and proactive, preventing known and unknown malicious code, spam, non-productive and inappropriate content from entering your network.

Wireless Security & Infrastructure

Powered by the industry’s most advanced IDS engines, policy manager and correlation engines, AirDefense accurately detects and protects the network against all wireless threats and unauthorized devices. The solution incorporates stateful, 24x7, real-time tracking of wireless LAN traffic – providing continuous monitoring of the "state" of communication between all access points and stations transmitting on the airwaves and understanding the full context of wireless LAN traffic.

AirDefense correlates events across the network and its intrusion detection engines analyzing all activities with a complete, encompassing view of the airwaves. In most environments, more than one sensor may recognize the same access points and wireless devices. Threats and policy violations against these devices are correlated to provide accurate alerts and eliminate false positives.

The mobile edge is built on the notion of identity-based security. Mobile users and devices, by definition, do not connect to the network through a fixed port. For this reason, the network must identify every user and device that joins the network. Once this identity is known, custom security policies may be applied to the network so that only access appropriate to the business needs of the user or device is provided.