White Papers

An all-in-one approach to security

The UTM explosion

Videos

Intrusion Prevention

Content Filtering

Partners - Astaro & Brocade & Motorola

Unified Threat Management

Astaro's Unified Threat Management (UTM) appliances (physical/virtual) protect your corporate infrastructure with a: Firewall, IPS/IDS, VPN, and wireless access points

What is a firewall?

A firewall is fundamentally a tool to manage access to network services, filter SPAM, block access to inappropriate content, automatically upholds corporate policies and regulatory compliance during surfing and emailing, reliably block all malware, provide auditability through forensics, and provide robust reporting – across each interface defined on your appliance.

Why do I need a unified threat management system, firewall, IDS / IPS, VPN?

Today's cyber-criminals are more organized than ever before, some are even state-sponsored. They seek to monetize your network vulnerabilities. Your network is wide open without a corporate grade Unified Threat Management appliance.

Threats are abundant and constantly changing:

• Approximately 35,000 new malware (spyware, viruses, worms, & Trojans) are released into the internet every day.
• Anti-malware companies release approximately 3,000 new malware patterns each day.

Astaro's Unified Threat Management System secures your network:

• Protects mission critical data
• Protects intellectual property
• Provides administrator control of policies
• Block threats and simultaneously provide automatic alerts

Your corporate network is a compelling target that must be zealously guarded

What are the benefits to purchasing an Astaro UTM?

• Dynamically protect web servers from today's most advanced attacks & scripted exploits
• Astaro logs every configuration changethat leaves no doubt who did what, when and why
• Powerful flash-based reporting engine
• Loyal open-source user community that functions as a 'brain trust' willing to freely invest their time to make Astaro the world's best firewall operating system
• Content-filtering engine is capable of granular user/group-based filtering rules including the unique ability to block nudity using a revolutionary algorithm that sees skin tones
• Intrusion detection/protection leverages 'SNORT' – the de facto standard across the globe
• Astaro has the unique ability to, with a single click, block all traffic from a particular country
• Click here (open in new window http://www.astaro.com/sites/default/files/Other/watch-2-minute-explainer.jpg) to view a short 2-minute flash presentation describing the Astaro Unified Threat Management System

Contact us today for an evaluation of your network infrastructure and risk assessment.

• Astaro corporate grade firewall compared to an inexpensive consumer grade firewall
• Astaro corporate grade firewall features
• Astaro licensing models – Pricing
• Astaro Hardware Appliance Licensing Model
• Software & Virtual Licensing Model

Astaro corporate grade firewall compared to an inexpensive consumer grade firewall (like you find at Best Buy)

A consumer grade firewall doesn’t include any malware scanning engines. An Astaro firewall includes two independent malware scanners that receive hourly pattern file updates. A consumer grade firewall lacks the ability to ‘identify’ or ‘prevent’ automated or directed hacker intrusion attempts. An Astaro firewall’s IDS & IPS received hourly pattern file updates allowing the appliance to alert staff to an intrusion attempt while automatically blocking it. A consumer grade firewall provides no protection against malware & hackers! Need I say more?

Astaro corporate grade firewall features:

• Subscription-based protection services:
• Web Content Filtering & Malware Filtering
• Email Content Filtering, Malware Filtering & SPAM Filtering
• Network VPN & IDS/IPS & Automatic Malware & Intrusion pattern file downloads,
• Web / Application Server Firewall,
• Wireless Access Points
• Full featured group policies and role based administration - allows you to selectively grant privileges only to trusted senior administrators while limiting the privileges of your junior administrators at a granular level
• Web Content Filtering - Content-filtering has been repeatedly proven to increase employee efficiency and mitigate legal pitfalls. Web content filtering blocks all malware. It blocks offensive material. Web content filtering is flexible enough to relax some restrictions during non-business hours. Passwords can be given to senior staff allowing them to bypass content filtering policies on-demand. Group policies can allow unrestricted access , if needed, for select groups.
• Email Content Filtering – Email content filtering blocks all malware. It blocks all spam. An email content filter prevents your employees from receiving adult emails at work while notifying the sender that his message has been rejected. It prevents employees from violating compliance regulations, such as sending unencrypted social security or credit card numbers. An Email content filter can be configured so to allow access without restrictions, if required, for select groups.
• VPN aggregator – The number of VPN connections an appliance can support is directly proportional to the processor size and the amount of memory. The entry level model 110 Astaro hardware appliance contains a faster processor and more memory than the top of the line consumer grade appliance. Astaro automatically blocks all malware across all VPN tunnels with two independent scanning engines, vastly enhancing business continuity.
• Packet Filter rules is where companies impose corporate & regulatory compliance with granular control over the ‘services’ that traverse a defined interface on the appliance. For example: FTP can be configured so it is allowed across the WAN & LAN but not across the Wireless LAN (WLAN).
• Intrusion detection system (IDS) instantly alerts administrators upon detecting a hacking attempt. The Astaro Intrusion detection system uses a dynamic set of intrusion detection patterns that are updated hourly.
• Intrusion prevention system (IPS) – thwarts hacking attempts automatically using a dynamic set of intrusion prevention patterns that are updated hourly
• You can choose between physical, software and virtual appliances
• Simple to use. Astaro’s user interface is the most user-friendly on the market!

Astaro licensing models

Astaro Hardware Appliance Licensing Model – Branded Linux servers with multiple network interfaces

• The hardware models list a range of supported users depending upon how many ‘services’ are turned-on. The first number in the range is what you should go by if you intend to turn-on everything, which includes: web filtering, email filtering, IDS/IPS, web application server protection/filtering, & wireless access. These prices are for the hardware only! The services are purchased in 1-year, 3-year, & 5-year increments:
• Model 110 supports a maximum of 10 users - $595
• Model 120 supports 25-80 users - $595
• Model 220 supports 75-300 users - $1,275
• Model 320 supports 200-800 users - $2,875
• Model 425 supports 600-1500 users - $4,875
• Model 525 supports 1300-3500 users -$8,750
• Model 625 supports 2000-5000 users - $11,975
• Example: Fully configured Model 220
• Hardware Appliance – Model 220 – $1,275 price includes unlimited user licenses but depending on the features you enable this unit is physically capable of supporting between 75-300 users.
• Network Subscription – 1-year/3-year/5-year model 220-only ‘Network Subscription’ is $795/$1,910/$2,865 – and includes 10x5 support. This is required to activate the IDS/IPS & malware scanning functionality – including automatic hourly IDS/IPS & malware pattern-file updates. This subscription is also required for VPN functionality.
• Web Subscription – 1-year/3-year/5-year model 220-only ‘Web Subscription’ is $1,430/$3,435/$5,150 – includes 10x5 support. This is required to block malware accessed while surfing, and block access to web content that violates your defined corporate policy (content-filtering), and provides a forensic audit trail for all web traffic & pre-defined & ad hoc web reporting!
• Mail Subscription – 1-year/3-year/5-year model 220-only ‘Mail Subscription’ is $1,150/$2,760/$4,140 – includes 10x5 support and the following features:
• blocks malware attached to emails
• allows SPAM blocking using the regularly updated lists & algorithms
• allows automatic blocking of inbound/outbound emails that violate your defined corporate policy (this is content-filtering). Preventing inbound offensive emails is a “nice to have,” but preventing employees from sending unencrypted social security or credit card numbers (in violation of federal regulations) is a “must have!”
• allows forensic audits to be performed on all email traffic
• ad hoc reporting capabilities plus many pre-defined executive reports!
• provides automatic encryption between partners who also have this Astario service to seamlessly encrypt/decrypt mail between one another without any hassle!
• Premium Support Upgrade – 1-year/3-year/5-year model 220-only ‘Premium Support Upgrade’ is $310/$775/$1,180. This upgrades 10x5 to 7x24 support plus increases the priority your calls receive!
• Full Guard with Premium Support – 1-year/3-year/5-year model 220-only ‘Full-Guard with Premium Support’ is $3,135/$7,105/$10,670. This is an all-inclusive price for full functionality and premium support rights – includes protection of web servers but email archiving & wireless access carry additional charges!

Software & Virtual Licensing Model – (see critical consideration below)

This is for customers who wish to use their own hardware – either as a physical server or a virtual server. Contrary to hardware licensing, the software license model does not include unlimited user licenses as a standard. This licensing model has (2) variables: the duration of the license (1-year, 3-year, or 5-year) as well as the number of concurrent users (10, 25, 50, 100, 250, 500, 1000 or unlimited).

• Example: 100-user software license (no hardware included)
• Network Subscription – {described above} 1-year/3-year/5-year 100-user Software Appliance Only ‘Network Subscription’ is $955/$2,390/$3,630 – and includes 10x5 support
• Web Subscription – {described above} 1-year/3-year/5-year 100-user Software Appliance Only ‘Web Subscription’ is $1,720/$4,300/$6,540 – includes 10x5 support
• Mail Subscription – {described above} 1-year/3-year/5-year 100-user Software Appliance Only ‘Mail Subscription’ is $1,380/$3,450/$5,245 – includes 10x5 support
• Premium Support Upgrade – {described above} 1-year/3-year/5-year 100-user Software Appliance Only ‘Premium Support Upgrade’ is $190/$475/$725.
• Full Guard with Premium Support – 1-year/3-year/5-year 100-user ‘Full-Guard with Premium Support’ is $3,610/$9,025/$13,720. This is an all-inclusive price for full functionality and premium support rights – includes protection of web servers but email archiving & wireless access carry additional charges!
• CRITICAL CONSIDERATION – For the purpose of sizing the number of ‘users’ when considering purchasing a software or virtual license, a ‘user license’ is required for ALL ‘hosts’ that the Astaro communicates with.

Contact us to define your requirements and for pricing meeting your specific needs.

Configuration Examples:

• Example #1: The domain server is running DHCP - not the Astaro UTM.

  In this organization, employees have a desktop or laptop and a single IP phone. However, the IP Phone communicates solely with the IP PBX server – meaning phones do NOT have Internet access. Employees would only require a single ‘user license’ for their PC or laptop since the Astaro system is not aware of the IP Phones. A ‘user license’ is required for all servers (physical & virtual) as well as the IP PBX and anything else with Internet (WAN) or VPN access.

• Example #2: Astaro manages DHCP (smart choice!) for the entire organization (LAN & WLAN).

  In this case, an inventory of IP devices hard wired in your LAN and connecting daily to your WLAN should be performed. How many have static IP assignments? Does it make sense to increase the number of devices with a static IP assignment before deploying the Astaro? Once that work is completed, determine the maximum concurrent hosts expected across the LAN & WLAN environment to request an IP assignment (printers, scanners, desktops, laptops, IP phones, physical servers & virtual servers) &/or have Internet (WAN) or VPN access. That is the minimum number of ‘user licenses’ required.