apani ov v9
DESCRIPTION
EpiForce Protecting Personal DataTRANSCRIPT
1 ©2010 Apani, All rights reserved ©2010 Apani, All rights reserved
…..Protecting Your Data
2 ©2010 Apani, All rights reserved ©2010 Apani, All rights reserved
Apani Security
“Apani delivers security software protecting sensitive data from internal and external intruders.”
3 ©2010 Apani, All rights reserved ©2010 Apani, All rights reserved
About Apani
Global CompanyHeadquartered: Southern CaliforniaOffices in United States, United Kingdom and Japan
Company Founded 2003, Privately Funded Takahara Group, Tokyo, Japan
Strong Security Software ExperienceHughes AircraftDeveloped VPN software for Nortel & Cisco
Citigroup, Inc. First Major Enterprise Customer
4 ©2010 Apani, All rights reserved ©2010 Apani, All rights reserved
Security Solution ProviderEnterprise wide security software company
Professional Services
24/7 Technical Support
Market FocusRetail
Healthcare
Financial Services
Public Sector
About Apani
5 ©2010 Apani, All rights reserved ©2010 Apani, All rights reserved
The Apani Solution
Support for heterogeneous environments
Enterprise wide and centrally managed
Software based network segmentation
Deploy over existing network infrastructure
Physical and virtual machines
Identity based access and control
Transparent to both users and applications
Protect against insider and outsider threats
Encrypt data-in-motion
Meet compliance mandates
6 ©2010 Apani, All rights reserved ©2010 Apani, All rights reserved
Financial Services Success
Citigroup, Inc., Global financial services companyprovides consumers, corporations, governments, and institutions with a range of financial products and services 200 million customer accounts and operates in approximately 140 countries
First major enterprise customer
PCI – DSS compliance
Security implementation: “Details are proprietary to Citi”
7 ©2010 Apani, All rights reserved ©2010 Apani, All rights reserved
Health Care Success
Pennsylvania School of MedicineOldest and one of the finest 3 hospitals with over 1500 beds
PCI – DSS compliance
Encrypt data in motion
Server segmentation
Central management in a heterogeneous environment
8 ©2010 Apani, All rights reserved ©2010 Apani, All rights reserved
Public Sector Success
Staffordshire PoliceStaffordshire, EnglandEmploys 4500 personnel
350 servers and 2500 workstations
CoCo compliance, United Kingdom
Support legacy applications
Encrypt data in motion for LAN and WAN
Server segmentation
9 ©2010 Apani, All rights reserved ©2010 Apani, All rights reserved
Retail Success
Financial services company providing credit card, insurance, and banking services worldwide
Canadian Tire Corporation, Ltd has more than 475 stores across CanadaCTFS is financial services arm of Canadian Tire Corporation, Ltd
• Managing 5 million credit card accountsThe Options MasterCard accepted at 24 million locations worldwide
PCI – DSS compliance
Encrypt data in motion
Server segmentation
Central management in a heterogeneous environment
10 ©2010 Apani, All rights reserved ©2010 Apani, All rights reserved
Retail Success
UK luxury department storeLandmark Knightsbridge department store, one of London's biggest attractionsSignature shops in airports and department stores in Asia and Europe
PCI – DSS compliance
Encrypt data in motion
Server segmentation
Central management in a heterogeneous environment
11 ©2010 Apani, All rights reserved ©2010 Apani, All rights reserved
…..EpiForce Technical Overview
12 ©2010 Apani, All rights reserved ©2010 Apani, All rights reserved
Apani Product Overview
EpiForce – Apani Security Software Solution
EpiForce includes:
Encryption of data-in-motion
Network security segmentation
Identity based access
Central security management
13 ©2010 Apani, All rights reserved ©2010 Apani, All rights reserved
EpiForce Architecture
Flexible, granular policyUser- and host-based network access controlNetwork layer implementation
Distributed, failover protectionNo single point of failureNo bottlenecks
Secure, standards-basedIPSec, X.509v33DES, 128/256 bit AESFIPS 140.2 level 1
Highly scalableOn-demand policy distributionUp to 300,000 agents
InteroperabilitySupports AIX, HP-UX, Linux, Solaris, VMware, Windows and legacy platforms
14 ©2010 Apani, All rights reserved ©2010 Apani, All rights reserved
Software Agent integrated with host TCP/IP stack
Communicates with admin server to update and monitor host security policies
Authenticates hosts via X.509v3 certificates
Mediates all inbound and outbound network access
Software Agents
PhysicalPhysicalPhysicalPhysical
LinkLinkLinkLink
IPIPIPIP
TCPTCPTCPTCP
ApplicationApplicationApplicationApplication
Key ManagerKey ManagerIKE Negotiation Manager
IKE Negotiation Manager
Cryptographic Engine
Cryptographic Engine
• Access Control• Authentication• Confidentiality• Integrity
• Access Control• Authentication• Confidentiality• Integrity
Security Policy Manager
User SpaceUser Space
Kernel SpaceKernel Space
15 ©2010 Apani, All rights reserved ©2010 Apani, All rights reserved
Security Zones
Zones are configured to create security policies
Zones bring lists of Agents or users together with rules (clear, deny or protect) and ports
There are three zone types in priority order:
Client/Server Zones Internal Access Zones External Access Zones
Zones overlay existing security architecture
16 ©2010 Apani, All rights reserved ©2010 Apani, All rights reserved
EpiForce Deployment Scenarios
Network segmentation into security zones
Partner & outsource isolation
Encrypt data in motion
Virtualization
Identity based access
17 ©2010 Apani, All rights reserved ©2010 Apani, All rights reserved
Security zones provide defense in depth
Real time policy management
Host-based access control
Authenticate, authorize, administer and audit
Network Segmentation
18 ©2010 Apani, All rights reserved ©2010 Apani, All rights reserved
Contractorwith VPN
Firewall/VPN
Windows/Citrix Terminal Server
Contractor Isolation
Single EpiForce Agent on the server can control multiple remote users and their security policies
Mitigates the risk of unauthorized access to critical data
19 ©2010 Apani, All rights reserved ©2010 Apani, All rights reserved
Highly effective, low-overhead encryption engine
Selective encryption at the port level
Secure legacy applications without rewrites
Industry-standard, strong encryption
Policy persistence with migration
Encrypt Data in Motion
20 ©2010 Apani, All rights reserved ©2010 Apani, All rights reserved
Virtualization
Manage virtual and physical environments
No bottle neck or single point of failure
Support for VMotion
Protect communication between virtual machines on same ESX host
No impact on current architecture
21 ©2010 Apani, All rights reserved ©2010 Apani, All rights reserved
Identity Based Access
Network access control based on identity
Policy follows user
Flexible & dynamic
Data invisible to unauthorized users, reducing risk
Central management of security policies
Audit user activity
ContractorsPartners
Employees
HRFinance Test
Portal
Sales
Marketing
22 ©2010 Apani, All rights reserved ©2010 Apani, All rights reserved
EpiForce Feature Summary
Uses industry standard cryptographic protocols to secure Agents and
network data
Automates all cryptographic tasks, for example, certificate renewals and key creation
Provides selective data protection for data on the corporate network
Manages network security for all VMs within a host as well as between hosts.
Implements identical network security policies on both virtual and physical systems transparently
23 ©2010 Apani, All rights reserved ©2010 Apani, All rights reserved
The Ideal Security Solution
Easier to deploy than hardware based security products
Investment protection of legacy applications
Lower cost of ownership 100% software based Easily maintained Limited training
• Scalability Accommodates growth Adapts to changes in the network infrastructure Virtual and physical environments
• Promotes green IT Install on existing servers and desktops Added security without adding to the footprint
A Solution Backed by a Company with a Passion for Client Satisfaction