Infrastructure Protection – DCS Website
 
 
 
 
 

  Next Generation Firewall

 
 
Quantum Maestro
Check Point Maestro introduces to the industry a new way to utilize current hardware investment and maximize appliance capacity in an easy-to manage Hyperscale network security solution to bring our networks and data center to the world of hybrid clouds.With Maestro, organizations can simplify their data center workflow orchestration and scale up their existing Check Point security gateways on demand — the same way as they can spin up new servers and compute resources in public clouds.
Quantum NGFW
Check Point gateways provide superior security beyond any Next Generation Firewall (NGFW). Best designed for SandBlast’s Zero Day protection, these gateways are the best at preventing the fifth generation of cyber-attacks with more than 60 innovative security services. Based on the Infinity Architecture, the new Quantum Security Gateway™ line up of 15 models can deliver up to 1.5 Tbps of threat prevention performance and can scale on demand.
Cisco Secure Firewall Threat Defense
Cisco Secure Firewall Threat Defense combines Cisco’s proven network firewall with Snort IPS, URL filtering, and malware defense. It simplifies threat protection with consistent security policies across physical, private, and public cloud environments. Get deep visibility into your network and quickly detect threat origin and activity. Then, stop attacks before they impact on your operations.

Features
Cisco Firewall device manager (local management): ESXi, KVM and Openstack: Version 7.0 and above; Azure: Version 6.5 and above; AWS: 6.6 and above, Cisco Hyperflex: Version 7.0 and above; Nutanix AHV: Version 7.0 and above
Centralized management: Centralized configuration, logging, monitoring, and reporting are performed by the Cisco Firewall Management Center (all platforms including on-premises and in AWS, Azure, GCP and OCI(6.7 and above)) or alternatively in the cloud with Cisco Defense Orchestrator (ESXi and KVM; Azure: Version 6.5 and above, Cisco Hyperflex: Version 7.0 and above; Nutanix AHV: Version 7.0 and above)
Application Visibility and Control (AVC): Supporting more than 4000 applications, as well as geolocations, users, and websites. OpenAppID support for custom, open-source, application detectors.
Cisco Security Intelligence: Standard with IP, URL, and DNS threat intelligence
IPS license for Cisco Secure Firewall: Snort 3 IPS can passively detect endpoints and infrastructure for threat correlation and Indicators of Compromise (IoC)
Malware Defense license for Cisco Secure Firewall: Enables detection, blocking, tracking, analysis, and containment of targeted and persistent malware, addressing the attack continuum both during and after attacks. Integrated threat correlation with Cisco Secure Endpoint is also optionally available.
Cisco Secure Malware Analytics sandboxing URL filtering: Support more than 80 categories and 280 million of URLs categorized.
Automated threat feed and IPS signature updates: Third-party and open-source ecosystem: Open API for integrations with third-party products; Snort and OpenAppID community resources for new and specific threats
High availability and clustering: Active/standby (ESXi and KVM only) Deployment modes: Routed, transparent (inline set IPS-only), and passive; AWS, Azure, GCP and OCI: routed mode only

Meraki MX Cloud-Managed Security
The Cisco Meraki MX is a multifunctional security and SD-WAN enterprise appliance with a wide set of capabilities to address multiple use cases—from an all-in-one device. Organizations of all sizes and across all industries rely on the MX to deliver secure connectivity to hub locations or multi-cloud environments, as well as application quality of experience (QoE), through advanced analytics with machine learning.The MX is 100% cloud managed, so installation and remote management is truly zero touch, making it ideal for distributed branches, campuses, and data center locations. Natively integrated with a comprehensive suite of secure network and assurance capabilities, the MX eliminates the need for multiple appliances. These capabilities include application-based firewalling, content filtering, web search filtering, SNORT®-based intrusion detection and prevention, Cisco Advanced Malware Protection (AMP), site-to-site Auto VPN, client VPN, WAN and cellular failover, dynamic path selection, web application health, VoIP health, and more. SD-WAN can easily be extended to deliver optimized access to resources in public and private cloud environments with virtual MX (vMX) appliances. Public clouds supported with vMX include Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform, Alibaba Cloud, and private cloud support through Cisco NFVIS.Advanced quality of experience (QoE) analytics

  • Monitor end-to-end health of web applications at-a-glance across the LAN, WAN, and application server
  • Machine-learned smart application thresholds autonomously apply to identify true anomalies based on past behavioral patterns
  • Monitor the health of all MX WAN links, including cellular, across your entire organization
  • Get detailed hop-by-hop VoIP performance analysis across all uplinks

Agile on-premises and cloud security capabilities informed by Cisco Talos

  • Next-gen layer 7 firewall for identity-based security policies and application management
  • Advanced Malware Protection with sandboxing; file reputation-based protection engine powered by Cisco AMP
  • Intrusion prevention: PCI-compliant IPS sensor using industry-leading SNORT® signature database from Cisco
  • Granular and automatically updated category-based content filtering
  • Other capabilities: SSL decryption/inspection, data loss prevention (DLP), cloud access security broker (CASB), SaaS tenant restrictions, granular app control, file type control.

Branch gateway services

  • Built-in DHCP, NAT, QoS, and VLAN management services
  • Web caching: accelerates frequently accessed content
  • Load balancing: combines multiple WAN links into a single high-speed interface, with policies for QoS, traffic shaping, and failover
  • art connection monitoring provides automatic detection of layer 2 and layer 3 outages and fast failover, including the option of integrated LTE Advanced or 3G/4G modems

Industry-leading cloud management

  • Unified firewall, switching, wireless LAN, and mobile device management through an intuitive web-based dashboard
  • Template-based settings scale easily from small deployments to tens of thousands of devices
  • Role-based administration, configurable email alerts for a variety of important events, and easily auditable change logs
  • Summary reports with user, device, and application usage details archived in the cloud.

Intelligent site-to-site VPN with Cisco SD-WAN powered by Meraki

  • Auto VPN allows automatic VPN route generation using IKE/IKEv2/IPsec setup; runs on physical MX appliances and as a virtual instance in public and private clouds
  • SD-WAN with active/active VPN, policy-based routing, dynamic VPN path selection, and support for application-layer performance profiles to ensure prioritization of applications types that matter
  • Interoperates with all IPsec VPN devices and services
  • Automated MPLS to VPN failover within seconds of a connection failure
  • Layer2 TP IPsec remote client VPN included at no extra cost with support for native Windows, Mac OS X, iPad, and Android clients
  • Support for Cisco AnyConnect remote client VPN (AnyConnect license required)
FortiGate Next Generation Firewall
FortiGate provides flawless convergence that can scale to any location: remote office, branch, campus, data center, and cloud. We’ve always delivered on the concept of hybrid mesh firewalls with FortiManager for unified management and consistent security across complex hybrid environments. The Fortinet FortiOS operating system provides deep visibility and security across a variety of form factors.
Palo Alto NGFW
Security capabilities on the Palo Alto Networks ML-Powered NGFW are delivered in an integrated platform that offers application, user and device-based policies, decryption of encrypted traffic, networking capabilities, high availability, and a host of cloud-delivered security subscriptions. Core security capabilities are built into the PAN-OS operating system, which powers all Palo Alto Networks ML-Powered NGFWs. Additional security capabilities are available through the deployment of Cloud-Delivered Security Services on the ML-Powered NGFW.With the integrated platform, all Cloud-Delivered Security Services work seamlessly with each other. Also, the ML-Powered NGFWs’ single-pass architecture ensures no additional performance overhead when enabling additional features.

Seamlessly integrated with our industry-leading NGFWs, our Cloud-Delivered Security Services use the network effect of 85,000 customers to instantly coordinate intelligence and protect against all threats across all vectors. Eliminate coverage gaps across your locations and take advantage of best‑in-class security delivered consistently in a platform to stay safe from even the most advanced and evasive threats.

The ML-Powered NGFW is available in hardware (PA-Series), software (VM-Series and CN-Series), and cloud-delivered (Prisma Access) form factors.

Sangfor Network Secure
Sangfor Network Secure (previously known as NGAF) takes Next Generation Firewall technology to the next level to meet the evolving security needs of modern enterprises. Through market foresight and technical prowess, Sangfor Network Secure holds several “world’s first” titles.Sangfor Network Secure Advantages Advanced Threat Detection
Sangfor Network Secure leverages artificial intelligence, machine learning, and real-time threat intelligence to deliver a superior malware detection rate of 99.76%, keeping the vast majority of security threats outside the network perimeter. Cloud Deception
Sangfor Network Secure is the first NGFW with built-in deception technology. The cloud deception feature sets up decoy systems in the cloud to help administrators locate and stop malicious actors and lateral movement.Next-Gen WAF Sangfor Network Secure is the first NGFW integrated with NG-WAF. The groundbreaking WISE Engine utilizes semantic analysis and machine learning techniques to empower NG-WAF to stop known and unknown web attacks.

SOC Lite
SOC (Security Operations Center) Lite is a lifesaver for security administrators of small to mid-size enterprises. Network Secure provides intuitive security visibility with response guidance that allows administrators to quickly determine the threat level of users, servers, and ransomware events.

Anti-Ransomware
Sangfor Network Secure integrates with Sangfor Endpoint Secure (Endpoint Detection and Response – EDR) and Cyber Command (Network Detection and Response – NDR) as part of Sangfor’s Anti-Ransomware solution.
Forensic threat intelligence data, collected from the network and endpoints, visualizes the hidden ransomware process through the GUI and provides “one-click quarantine” to eradicate the encryption-controlling application from all infected hosts.

Security Integration
Sangfor Network Secure integrates seamlessly with endpoint and network security products to create a truly holistic solution. Each product works in tandem to close the gaps between their spheres of influence to deliver a foolproof security system.

 

 

 
 
 
 

Advanced Threat Protection

Cloud Security

DDoS Protection

DNS Security

Firewall Management

IPS (Threat Protection System)

Load Balancer

Next Generation Firewall

SASE

SD-WAN

Secure Remote Access

Workload Protection