Früher war Stonesoft System Integrator für Checkpoint. 1st Company für High-Availability Firewall .. aktive und passive Komponente für failover
2001 Cebit: Stonesoft launched Stonegate FW Checkpoint: FW1, Stonesoft Dynamic Loadbalancing/high availability with Stonebeat full Cluster, Sun Solar provided HW + OS; Patents: for Dynamic Loadbalancing (FW,VPN), Multi-link, Active Responses of IPS (cutting connexion in the cable)
Growth is varying between the verticals. Retail Finance Public Sector Healthcare Business Service
SOX, HIPAA, FIPS: USA Audit trail: actions done by administrator are recorded Stonesoft: CC EAL 4+ RSA compliant „ Need to Know“: transparent für den Nutzer
Hamburg Süd: Oetker-Gruppe OPEC: public reference in Austria
Maintenance during business hours
Consolidated view of alerts, rule bases, own patent for hierarchal rules, role-based admins (different rights), centralized responses, not only fingerprints,all communication is encrypted (SSL-traffic), Triple-DES (168 bits), between GUI and management centre: RC4 ; authentication based on PKI, CA installed also in Management Centre, own customer CA possible; Compliance: incident response
Cluster of FW and VPN, several ISP‘s not needing to know for them they are hitting different FW, no need for dynamic routing, no ISP peering needed; Some locations redundant, some not:
Own mature technology from Stonebeat, 9 years experience, maintenance during business hrs possible; Node: single device (Intel server or own Stonesoft devices from Microlog/SF) Dynamic Loadbalancing and Failover with VPN connections as well!! USP ! (Nokia boxes cannot failover VPN connections) Failover VPN connections: we syncronize the SPI values (Security Paramenter Index) in the Security Gateway (Router) 10 node cluster is maximum
Make a contract with several providers and connect them into the same FW; dataflow never interrupted (balance the traffic between best performing providers)
To combine hardware load balancers, no dynamic route balancing necessary ; Multilink
A HTTP Protocol Agent has been included in the StoneGate Firewall since the first release. The current version of the PA (v1.1) already does some basic protocol validation so that connections using other protocols are not allowed when the HTTP PA is used in the corresponding access rule. On the other hand, StoneGate IPS is able to do more detailed inspection of HTTP connections by performing protocol validation and misuse detection. StoneGate Firewall/VPN 3.0 introduces the same inspection capabilities in the firewall that already exists in the IPS. StoneGate uses fingerprinting for misuse detection. Currently, there are already about 500 situations detected from HTTP traffic in StoneGate IPS, and now all of them will be available also for the firewall. It is also possible to create custom fingerprints or to make a copy of a system fingerprint and customize it for a specific purpose. Obviously, the amount of system fingerprints will increase between now and StoneGate Firewall 3.0 release but also later when dynamic updates are in use. The HTTP inspection does not rely solely on the fingerprints but it also uses protocol analysis to detect known anomalies in the HTTP traffic. All protocol checks and fingerprints can be applied to a certain part of the traffic only. IM = Instant Messaging In this case we can detect this traffic if it uses port 80. IPS sensor and active mode (cutting the connectivity).
Save money by putting internal tel. calls into IP network ! We keep only one port open .. Open others only when protocol asks for it! Cluster of FW: for dynamic load balancing and encryption (several VPN links available) VoIP: needs lots of bandwith, takes all if not stopped ! Packages are time-sensitive