Giai Phap Va San Pham Bao Mat Thong Tin - DASS - r0.1

SN PHM V GII PHP
BO MT THNG TIN
Trnh by bi
Ging Hn Ph
Gim c K Thut
Email: phugh@dass.vn | Phone: 098 899 6104
2013
Ni dung
Gii thiu
Sn phm
Sophos Endpoint Security
Sophos Safeguard Enterprise
Sophos Unified Threat Management
Sourcefire Next-Generation IPS
Trustwave SIEM
Rapid7 Nexpose & Metasploit
Tch hp h thng - Gii php tng th
CC VNG BO MT THNG TIN
GII THIU
Cc vng bo mt thng tin

Security Management
Qun l bo mt
Application Security
Bo mt ng dng
Content Security
Bo mt ni dung
Network Security
Bo mt mng
Endpoint Security
Bo mt thit b cui
Theo qu trnh tn cng

Trc
Trong
Sau
Chnh sch & iu khin
Xc nh & Ngn chn
Phn tch & Sa cha
Khm ph mi trng
Pht hin
Xc nh phm vi
Thc thi chnh sch

truy cp
Ngn chn
Phn tch s kin

Sa cha h thng
Cng c ti nguyn
Firewall
Application Control
Vulnerability Management
Patch Management
Encryption
IPS
Anti-virus
Anti-malware
IDS
SIEM & Log Mgmt
Forensics
Full Packet Capture
Sn phm & Gii php bo mt

Trc
Trong
Sau
Chnh sch & iu khin
Xc nh & Ngn chn
Phn tch & Sa cha
Intrusion Prevention System
Endpoint Security
Firewall
Next-Generation IPS
SIEM& Log Management
Sn phm c th hot ng trn

nn tng o ha
Sophos Endpoint for Vsphere

Sophos UTM
Sourcefire Next Generation IPS
Rapid7 Nexpose
SOPHOS ENDPOINT SECURITY

6 tnh nng c bn
Anti-Malware
Intrusion Prevention System
Pht hin v ngn chn virus,

Trojan, worm, spyware, adware,
rootkit
Pht hin v ngn chn cc tn

cng t bn ngoi vo my tnh
nh buffer overflow
Client Firewall
Web Protection/Filtering
ng, m cc dch v, giao

thc, cng mng trn my trm,
theo di lung d liu
Lc a ch web, pht hin

nhng trang web mang m c
hi
Device Control
Application Control
Kim sot vic s dng cc thit

b ngoi vi nh USB, Wifi,
Modem, CD/DVD
Pht hin v ngn chn vic ci

t cc loi phn mm ln my
tnh ngi dng

6 tnh nng nng cao
Data Encryption
M ha ton b a cng
bo v d liu khi mt a cng,
hay laptop.
Path Assessment
nh gi cc bn v bo mt
ca phn mm, h iu hnh
cha ci t trn my trm.
Centralize Management
Qun tr, bo co, trin khai, ci
t tp trung.
Data Control (DLP)

Pht hin v ngn chn mt
thng tin do v khi gi qua
mail, ti ln web, chp ra usb
Network Access Control (NAC)
Kim sot s tun th chnh
sch ANTT ca my tnh truy
cp vo h thng mng.
Virtualization Optimize
H tr ti u cho cc h thng
o ha my ch.
Sophos Complete Security Suite

All in one license
Endpoint: Anti-Malware, Path, Apps, Device, DLP
Web: Proxy, Anti-virus, Web Filtering, DLP
Email: Spam, virus -> Appliance, Exchange, Lotus
Encryption: Full disk Encryption
Mobile control: iOS, Android, Blackberry, Windows
MS Sharepoint, Storage anti-virus (Netapp/EMC)
Content Security
Bo v Web
Bo co v tnh
trng s dng
Internet
Application Control Qun l ng dng

Gim b mt nguy c b tn cng v khai thc, gim ri ro cho ngi dng v h thng
File Type Control Kim sot cc loi file
Ngn chn ti v cc loi file c nguy c cao
Productivity Filtering Kim sot nng sut lao ng
Ngn chn truy cp nhng website khng cn thit v nhng trang web ri ro cao.
Live URL Filtering Lc a ch URL theo thi gian thc
Ngn chn truy cp website nguy him, pht tn virus
Proxy Filtering Kim sot vic s dng Proxy
Bo m ngi dng tun th chinh sch v c bo v, khng vt qua chnh sch
HTTPS Filtering Kim sot lung d liu m ha
Bo m chnh sch ng b trn ton b lung d liu k c khi b m ha.
Anti-malware Filtering Kim sot phn mm c hi
Ngn chn ly lan virus qua vic truy cp website, ti file. Ngn chn ngay ti cng Internet
Data Loss Prevention Ngn chn r r thng tin
Ngn chn vic ti ln cc ti liu, ni dung nhy cm
Content Security
Bo v Email
Chc nng yu cu
Anti-malware Filtering Kim
sot phn mm c hi
Ngn chn ly lan virus qua h
thng email
Data Loss Prevention Ngn

chn r r thng tin
Ngn chn vic gi cc ti liu, ni
dung nhy cm ra bn ngoi
Anti-Spam Ngn chn th rc
Ngn chn th rc, la o trc
tuyn qua email
Encryption M ha Email
T ng m ha mt s email c
ni dung nhy cm hoc theo chnh
sch ca t chc
Phng thc trin khai

Email Appliance t ti
Gateway
Bo v email ngay ti cng internet,
thit b cng c lp vi email
server
Software Phn mm ci t trn

Email server
Bo v email ngay ti email server,
thng ch h tr mt s h thng
email thng dng
UTM Tnh nng bo v Email

tch hp trn tng la
Bo v email ngay ti gateway, tch
hp vo ngay ti tng la
Anti-Virus for VMware vShield

vCenter 5.1 or later
vSphere Client 5.1 or later
VMware ESXi 5.1 or later
vShield Manager 5.1 or later
vShield Endpoint 5.1 or later
vShield Endpoint Thin Agent 5.1 or later
ENCRYPTION CONTENT, DATA SECURITY
SOPHOS SAFEGUARD ENTERPRISE
Content Security
Bo v d liu M ha
Nguy c mt d liu
M ha d liu
Firewall
D liu
Mobile
workers
/
Malicious
insiders
Contractors,
outsourcing
Partners,
customers
Web 2.0
Full Disk Encryption M ha a

cng
M ha ton b a cng trnh mt d
liu khi mt Laptop
File Share Encryption M ha
File/Folder
M ha d liu chia s, ch nhng ngi
c KEY mi c quyn truy cp
Cloud Share Encryption
M ha d liu chia s trn cloud, ngi
dng c th truy cp bt k ni u
Device Encryption
M ha d liu lu tr trn thit b nh
USB, CD, DVD
Sophos SafeGuard Enterprise

BO V D LIU MI NI
Next-Generation Firewall Astaro Security Gateway
SOPHOS UTM
Tnh nng bo mt
UTM Endpoint
Protection Antivirus
UTM Wireless
Protection
Antivirus
HIPS
Device Control
UTM Network
Protection
optional
Wireless controller
Multi-zone (SSID) support
Captive Portal
Intrusion prevention
IPSec/SSL VPN & RED
HTML5 VPN Portal
Essential Network
Firewall
Stateful firewall
Network address translation
PPTP/L2TP remote access
UTM Web
Protection
UTM Webserver
Protection
Reverse proxy
Web application firewall
Antivirus
optional
UTM Email
Protection
Anti-spam & -phishing

Dual virus protection
Email encryption
URL filter
Antivirus & antispyware
Application control
Chc nng su v rng

10 V d
20
Bo v hon chnh
M ha Email
Tch hp Wireless Controller
Tng la min ph
Tch hp Endpoint Protection
Qut lung d liu HTTPS
Tch hp 2 Virus Scanners
H tr nhiu giao thc VPN
Web Application Firewall
10
Tt c tnh nng cho mi thit b
Qun l d dng
Intuitive dashboard
21
Individual user portal
Comprehensive reporting
S dng n gin
10 V d
22
Giao din Web trc quan
PM Qun tr tp trung min ph
HTML5 VPN Portal
Theo di s thay i cu hnh
Zero-Config RED & Access Point setup
Phc hi v sao lu nhanh chng
Zero-Config HA
UserPortal cho ngi dng cui
One-click VPN
10
Tch hp AD
Sn phm Sophos UTM

(Astaro Seucrity Gateway)
Hardware
Appliance
UTM
110/120
UTM 220
UTM 320
UTM 425
UTM 525
UTM 625
Multiple
+ RED
Environment
Small
network
Medium
network
Medium
network
Large
network
Large
network
Large
network
Large
networks
+ branches
Network ports
6 & 2 SFP
10 & 4 SFP
10 & 8 SFP
Multiple
Max.
recommended
firewall users
10/80
300
800
1.500
3.500
5.000
10.000+
Max.
recommended
UTM users
10/35
75
200
600
1.300
2.000
5.000
Software
Appliance *
Runs on Intel-compatible PCs and servers
Virtual
Appliance *
VMware Ready & Citrix Ready certified

Runs in Hyper-V, KVM, and other virtual environments
*Pricing based #IPs/Users
23
Trin khai a dng cho mi trng

mng phc tp a chi nhnh
UTM trung tm: clustering
ln n 10 nodes
UTM Manager: FREE
Chi nhnh ln: UTM
425/320/220
Chi nhnh nh: UTM 120 /
Virtual Appliance
VP nh: RED 10/50
Client to site VPN: SSL/IPSec/PPTP/L2TP
VPN client software: Windows, Linux, MAC OS
Mobile: Iphone, Ipad, Android, Windows Mobile
WIFI: AP 5/10/30/50
H tr USB 3G: UTM / RED
SOURCEFIRE NEXT-GENERATION IPS
nh hng tip cn ca Sourcefire :

Agile Security
a continuous process before, during & after an attack
Khng th bo v
nhng nhng g m
ta khng bit
Chuyn d liu
thnh thng tin
iu chnh chnh
sch t ng
hnh ng
theo thi gian thc
Tt c mi thi im
Gii php bo mt Sourcefire Agile Security
Management Center
APPLIANCES | VIRTUAL
NEXTGENERATION
FIREWALL
NEXTGENERATION
INTRUSION
PREVENTION
CONTEXTUAL AWARENESS
APPLIANCES | VIRTUAL
ADVANCED
MALWARE
PROTECTION
COLLECTIVE
SECURITY
INTELLIGENCE
HOSTS | VIRTUAL MOBILE
Sourcefire dn u v cng ngh v

c cng nhn
Leadership*
#1 in detection
#1 in performance
#1 in vulnerability coverage
100% evasion free
Ratings*
99% detection & protection
34Gbps inspected throughput
60M concurrent connections
$15 TCO / protected Mbps
"For the past five years, Sourcefire has

consistently achieved excellent results in
security effectiveness based on our realworld evaluations of exploit evasions,
threat block rate and protection
capabilities.
Vikram Phatak, CEO NSS Labs, Inc.
Networks looking to update their

defenses with a Next-Generation
Firewall would do well to consider
Sourcefire's entry into the NGFW market
as a solid contender.
Ratings*
99% protection
10Gbps inspected throughput
15M concurrent connections
$33 TCO / protected Mbps
Leadership*
#1 in detection
Class leader in performance
Class leader for TCO
100% evasion free
Bob Walder NSS Labs, Inc.
NSS Labs, Network IPS 2010 Comparative Test Results, December 2010
NSS Labs, Network IPS Product Analysis Sourcefire 3D8260 v4.10, April 2012
NSS Labs, Next-Generation Firewall Product Analysis Sourcefire October 2012
So snh gia NGIPS-NGFW

Phn loi
V d
Sourcefire
NGIPS & NGFW
Typical
IPS
Typical
NGFW
Threats
Attacks, Anomalies
Users
AD, LDAP, POP3
Web Applications
Facebook Chat, Ebay
Application Protocols
HTTP, SMTP, SSH
Client Applications
Firefox, IE6, Chrome
Network Servers
Apache 2.3.1, IIS4
Operating Systems
Windows, Linux
Routers & Switches
Cisco, Nortel
Wireless Access Points
Linksys, Netgear
Mobile Devices
iPhone, Android
Printers
HP, Xerox, Canon
VoIP Phones
Avaya, Polycom
Virtual Machines
VMware, Xen
Source: Sourcefire
Cc dng thit b Sourcefire

Sourcefire Defense Center
DC3500
DC1500
Sourcefire 3D
Appliances
DC750
3D7120
1 Gbps
3D8120
2 Gbps
3D8130
4 Gbps
3D8140
6 Gbps
3D8260 20
Gbps
3D8250 10
Gbps
3D7110
500 Mbps
3D2100
250 Mbps
3D2000 100
Mbps
3D5005
Mbps
3D1000
45 Mbps
Sourcefire
SSL Appliance
Security Information and Event Management
TRUSTWAVE SIEM
Security Management
SIEM
Qu nhiu thit b, qu nhiu d liu, nhiu cng c, nhiu bo co, nhiu s kin
Security Management
SIEM
Security Portal
Enterprise Management Console
Security Information and Event Management (SIEM)

Data
Security Platform
Global Threat Database

Source: Trustwave
Data
Endpoint Security
powered by
Data
Data
Security Management
SIEM
Log Management
- Thu thp log vi hiu sut cao cho
nhiu thit b
- Lu tr log, nn log
- Thu thp khng cn agent hoc c
agent
Event Management
- Thu thp event vi hiu sut cao cho
nhiu thit b
- Sp xp li s kin thng minh
tm kim nhanh
- Phn tch bng giao din trc quan
Bo co
- Bo co theo chun: PCI, SOX,
HIPAA, ISO 27002
Cnh bo
- nh thi cnh bo hay thit lp
cnh bo khi c im bt thng
Vulnerability Management Penetration testing
RAPID7 NEXSPOSE & METASPLOIT
Rapid7 Nexpose
Vulnerability, Risk Assessment & Management
Asset Discovery
Pht hin nhng ti nguyn tn ti
trn ton h thng
Risk Prioritization
Chm im cc ri ro, phn loi
theo u tin cn x l
Comprehensive Assessment
nh gi hon chnh v l hng
(Vulnerabilities), li cu hnh
(misconfigurations), vi phm chnh
sch (policy violations) bao gm: h
iu hnh, mng, c s d liu,
ng dng web
Automated Workflow
- T ng nh thi thc hin cc
tc v qut, bo co
- xut phng n x l chi tit
trong bo co
Source: Rapid7
Compliance
So snh, theo di, nh gi s tha
mn chnh sch bo mt vi nhng
chun PCI, HIPAA, NERC, FISMA,
SANS
Rapid7 Nexpose
Bo co v hng x l
Rapid7 Nexpose
Enterprise
M hnh trin khai
Rapid7
SIEM/
Log Mgmt
GRC
IDS/IPS
Network
Topology
Network
Performance Analysis
Pen Testing &

Exploit Analysis
Cung cp d liu
cho cc h thng
khc
Rapid7 Metasploit
Penetration Testing Solutions
KIM CHNG L HNG BO MT
Validate Security Risks
Kim chng l hng bo mt tht t
Penetration Tests
Kim tra xm nhp nh hacker thc th
Quy trnh t ng kim tra
D tm mt khu
Tn cng dng Social Engineer
Bo co cc l hng b khai thc
Rapid7 Metasploit
Penetration Testing
Quy trnh tn cng
Source: Rapid7
M hnh gii php tng th
TCH HP H THNG
M hnh gii php bo mt tng th
Cc thit b v ng dng trong gii php

STT
Chc nng
M t
Public Firewall
Astaro Security Gateway 525 (Firewall + WAF)
Internal Firewall
Astaro Security Gateway 625 (Network Security)
Local Internet Firewall
Astaro Security Gateway 525 (Network + Web Security)
Wireless Internet Firewall Astaro Security Gateway 525 (Network + Web Security)
Branch Internet Firewall
Astaro Security Gateway 320 (Network + Web Security)
Inline IPS
SourceFire 3D7110 (Bo v c 2 vng Server Farm)
IPS Management
SourceFire Defense Center DC750
SIEM
TrustWave SIEM Appliance LP2
Vulnerability Scanner
Rapid7 NEXPOSE ENTERPRISE EDITION
10
Penetration Testing
METASPLOIT PRO
11
Endpoint Security
Sophos Endpoint Protection
HI V P
CHN THNH CM N

Giai Phap Va San Pham Bao Mat Thong Tin - DASS - r0.1

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Giai Phap Va San Pham Bao Mat Thong Tin - DASS - r0.1

Uploaded by

Copyright:

Available Formats

SN PHM V GII PHP

Tch hp h thng - Gii php tng th

CC VNG BO MT THNG TIN

Cc vng bo mt thng tin

Theo qu trnh tn cng

Chnh sch & iu khin

Xc nh & Ngn chn

Phn tch & Sa cha

Thc thi chnh sch

Phn tch s kin

Sn phm & Gii php bo mt

Chnh sch & iu khin

Xc nh & Ngn chn

Phn tch & Sa cha

Intrusion Prevention System

SIEM& Log Management

Sn phm c th hot ng trn

Sophos Endpoint for Vsphere

SOPHOS ENDPOINT SECURITY

Sophos Endpoint Security

Intrusion Prevention System

Pht hin v ngn chn virus,

Pht hin v ngn chn cc tn

ng, m cc dch v, giao

Lc a ch web, pht hin

Kim sot vic s dng cc thit

Pht hin v ngn chn vic ci

Sophos Endpoint Security

Data Control (DLP)

Sophos Complete Security Suite

Application Control Qun l ng dng

Data Loss Prevention Ngn

Phng thc trin khai

Software Phn mm ci t trn

UTM Tnh nng bo v Email

Anti-Virus for VMware vShield

ENCRYPTION CONTENT, DATA SECURITY

SOPHOS SAFEGUARD ENTERPRISE

Full Disk Encryption M ha a

Sophos SafeGuard Enterprise

Next-Generation Firewall Astaro Security Gateway

Anti-spam & -phishing

Chc nng su v rng

Tch hp Wireless Controller

Tch hp Endpoint Protection

Qut lung d liu HTTPS

Tch hp 2 Virus Scanners

H tr nhiu giao thc VPN

Web Application Firewall

Tt c tnh nng cho mi thit b

Individual user portal

Giao din Web trc quan

PM Qun tr tp trung min ph

HTML5 VPN Portal

Theo di s thay i cu hnh

Zero-Config RED & Access Point setup

Phc hi v sao lu nhanh chng

UserPortal cho ngi dng cui

Sn phm Sophos UTM

Runs on Intel-compatible PCs and servers

VMware Ready & Citrix Ready certified

*Pricing based #IPs/Users

Trin khai a dng cho mi trng

SOURCEFIRE NEXT-GENERATION IPS