EpiForce Security Software

Document Sample
EpiForce Security Software Powered By Docstoc
					                                                                                                                     EpiForce

EpiForce: Protecting Personal Information

What is EpiForce?

 A      pani® EpiForce® is a software-based, cross-platform server isolation,
        encryption and access management solution that enables logical
 security zoning and policy-based protection of data in motion. EpiForce has a
                                                                                                     Benefits
                                                                                                     • Cross-platform support to protect
                                                                                                       heterogeneous environments
 distributed, centrally managed architecture that is transparent to end users,
                                                                                                     • Apply network security policies to
 applications and infrastructure, making it quicker to deploy and less costly to
                                                                                                       legacy applications
 manage than hardware-centric solutions.
                                                                                                     • Selectively apply strong encryption
                                                                                                        policies
Single Solution: Physical and Virtual Servers
                                                                                                     • Transparent to existing applications,
 EpiForce security software delivers cross-platform server protection for both
                                                                                                       without code rewrites
 virtual and physical environments with a single solution. Server isolation
                                                                                                     • Create logical security zones regardless
 eliminates vulnerabilities within the corporate network by isolating servers and
                                                                                                       of platform or physical location
 desktops containing business critical data into logical security zones, regardless of
 platform and physical location. Access to these zones is strictly based on policy,                  • Prevent security gaps when relocating a

 and communication between the systems may be selectively encrypted. Cross-                            virtual machine to another server

 platform server isolation provides flexibility and efficiency not available with                    • Highly scalable architecture
 traditional network security solutions, and mitigates risk in the event of a breach.                • No end user training
                                                                                                     • Limit audit scope and provide a strong
Logical Security Zoning                                                                                audit trail
 Logical security zones offer a superior, software-based alternative to traditional                  • FIPS 140-2 Level 1 validation
 network segmentation accomplished with firewalls and VLANs. Zones enable flat
                                                                                                     EpiForce is ideal for:
 corporate networks to be separated into isolated security communities without
                                                                                                     • Remote worker/contractor isolation
 reconfiguring the network and without regard to the physical location of computers.
 Servers and endpoints are assigned membership into one or more logical security                     • PCI-DSS, HIPAA, SOX and CoCo

 zones, creating a flexible, layered security approach within the corporate network.                 • Mergers, acquisitions and divestitures
 Logical security zones can be based on endpoint identity, IP address, user identity                 • Financial institutions, retail stores,
 and port.                                                                                             health care and public sector




                                          www.apani.com, 2929 E. Imperial Hwy Suite 110, Brea, CA,92821, USA,
                                            America +1.714.577.1600, United Kingdom +44 (0)118 9298060
 With EpiForce, logical security zones can span across physical and virtual environments, and systems can belong
 to one or more zones. Inclusion in a logical security zone is persistent and does not cease when a system is
 physically relocated or a virtual machine is moved, providing organizations the flexibility to locate systems
 where warranted by business demands. Logical security zones can be virtually unlimited in size,
 a contrast to the constraints of available ports on a switch or a firewall in traditional
 network segments.


 Logical security zones are centrally administered through one or
 more Epiforce Administration Consoles, enabling zones and security
 policies for an entire network to be modified with only a few
 mouse clicks. Administration can be delegated and workflow
 enabled for approving and committing policy changes.


 Logical security zones may be created, moved or modified without the
 need to physically reconfigure the network. EpiForce controls access to members                              Logical security zones enable layered security
 of logical security zones and dictates which systems can communicate with each other.                        without regard to platform or physical location.



Policy-Based Encryption of Data in Motion
 Policy-based encryption of data in motion offers a superior alternative to the rigid encryption approaches common in link encryptors,
 network firewalls and personal firewalls. Policy-based encryption of data in motion secures communications between servers and/or
 clients based on policies configured by the security administrator.


 Apani EpiForce takes a unique two-pronged approach to encryption – delivering an efficient, low-overhead encryption mechanism and
 enabling security administrators to selectively deploy encryption policy at the port level. This approach allows EpiForce to strike an optimal
 balance between communications security and application performance, while reducing overall bandwidth requirements due to encryption.
 Policy-based encryption of data in motion offers a superior alternative to the rigid, all-or-nothing encryption approaches common today. It
 secures communications between users, virtual machines, physical servers and clients based on policies set by the security administrator.




                                        Policy-based encryption offers efficient and selective encryption at the port level.




                                          www.apani.com, 2929 E. Imperial Hwy Suite 110, Brea, CA, 92821, USA
                                            America +1.714.577.1600, United Kingdom +44 (0)118 9298060
                                                                                                                                      EpiForce                  ®




Features & Benefits
 Management
 Centralized Management Interface                                                 Auto Create and “Push” Install Support
 Manage security policy for all EpiForce-enabled servers and endpoints            EpiForce enables thousands of servers and endpoints to be added and
 from a single administration console. One or more administration consoles        assigned security policy at once, streamlining initial and incremental
 can be utilized simultaneously, enabling the flexibility to manage               deployments. Client software can be deployed through most standard
 centrally, regionally or by business unit.                                       “push” installation packages such as Microsoft Acitve Directory and
                                                                                  LANDesk.
 Role-Based Delegation of Admin Privileges
 Maximize flexibility in operationalizing security policy by delegating           Operations
 administrator privileges to five roles including Super User, Account             Logical Security Zones
 Management, System Settings, Operations, Audit and Read-Only.                    Isolate servers and endpoints into one or more private communities without
                                                                                  regard to their physical location. Logical security zones can be based on IP
 Powerful Administrator Workflow                                                  address or range, port, geographic region or user group. Logical security
 Utilize powerful workflows to create, submit, approve and commit                 zones can be spanned across physical and geographic boundaries.
 security policy. All administrator actions are tracked as Change Sets and
 entered into the workflow process.                                               Policy-Based Encryption of Data in Motion
                                                                                  Efficiently secure communications between servers and endpoints based
 Enhanced Alert and Activity Logging                                              on port-level policy. Policy-based encryption is highly scalable, maximizes
 Monitor operations of all client software through real-time alerts on            application performance and minimizes bandwidth requirements.
 penetration attempts, operational status, IPSec protocol status and an           EpiForce combines strong encryption and data integrity using
 audit trail of key management and encapsulation protocols. EpiForce              industry-standard protocols.
 stores activity logs in standard Syslog and Windows Events Log formats.
                                                                                  Distributed Architecture
 Easy Deployment and Upgrades                                                     EpiForce is a distributed architecture with policy enforced between servers
 EpiForce is compatible with most third party deployment tools including          and clients themselves, eliminating the bottlenecks and single points of
 Microsoft Active Directory and LANDesk.                                          failure common in hardware-based solutions like firewalls, VLANs and NAC.

 Installation and Interoperability                                                Policy Persistence
 Cross-Platform Support                                                           Security policy deployed by EpiForce remains persistent, regardless of the
 EpiForce agent software is available for a broad range of operating              physical location of a server or endpoint. When a machine is moved, the
 systems, providing the flexibility to secure complex, heterogeneous              security policy goes with the machine and does not require any policy
 enterprise environments common in large companiess.                              changes or administrative action.

 Network Layer Transparency                                                       Customizable Failover Procedures
 EpiForce operationalizes IPSec at the network layer and is transparent           Granular and customizable failover procedures enable more flexibility to
 to existing infrastructure and software applications. Legacy applications        deploy EpiForce into normal business processes.
 can easily be secured, eliminating the cost, time and incompatibilities
 associated with rewriting applications.                                          Support for Unprotected Hosts
                                                                                  Enforce policy for servers, endpoints and devices that don’t have EpiForce
 Broad VPN Client Support                                                         installed, allowing printers and other devices to be included in logical
 EpiForce is compatible with VPN client software from leading vendors             security zones.
 including Cisco and Nortel.
                                                                                  On-Demand Policy Distribution
                                                                                  Facilitate large deployments and the extension of EpiForce to servers and
                                                                                  endpoints that have minimal disk and memory resources.




                                              www.apani.com, 2929 E. Imperial Hwy Suite 110, Brea, CA, 92821, USA
                                                America +1.714.577.1600, United Kingdom +44 (0)118 9298060
                                                                                                                                                                               EpiForce
                                                                                                                                                                                      ®




EpiForce Specifications
 Management Platforms Supported
 EpiForce Management                      • Windows Server 2008, Standard and Enterprise Editions (x86-32 and x86-64)
 (Admin Server & Database)                • Windows Server 2008 R2 Standard and Enterprise Editions (x86-32 and x86-64)
                                          • Windows Server 2003 Standard and Enterprise Editions with SP2 (x86-32 and x86-64)
                                          • Windows Server 2003 R2 Standard and Enterprise Editions with SP2 (x86-32 and x86-64)

 Admin Console                            • Windows Server 2008, Standard and Enterprise Editions (x86-32 and x86-64)
                                          • Windows Server 2008 R2 Standard and Enterprise Editions (x86-32 and x86-64)
                                          • Windows Server 2003 Standard and Enterprise Editions with SP2 (x86-32 and x86-64)
                                          • Windows Server 2003 R2 Standard and Enterprise Editions with SP2 (x86-32 and x86-64)
                                          • Windows 2008




 Agent Platforms Supported
 Microsoft Windows                                                                                  Linux
 • Windows XP, SP2 or SP3 (x86-32)                                                                  • Red Hat Enterprise Linux 4 (x86-32 and x86-64)
 • Windows 7 (x86-32 and x86-64)                                                                    • Red Hat Enterprise Linux 5 (x86-64)
 • Windows 2003 Standard Edition, SP2 (x86-32 and x86-64)                                           • Red Hat Enterprise Linux 6 (x86-64)
 • Windows 2003 Enterprise Edition, SP2 (x86-32 and x86-64)                                         • SuSE Linux Enterprise Server 11
 • Windows 2008 Standard Edition (x86-64)                                                           • Linux on System z
 • Windows 2008 Standard Edition, R2 (x86-64)
 • Windows 2008 Enterprise Edition (x86-64)                                                         Apple
 • Windows 2008 Enterprise Edition, R2 (x86-64)                                                     • Mac OS X 10.6, 10.7


 IBM                                                                                                Community Enterprise Operating Systems
 • IBM AIX 5.3 (POWER, 64-bit)                                                                      • CentOS 5 (x86-64)
 • IBM AIX 6.1 & 7.1 (POWER, 64-bit)

 Solaris                                                                                            HP
 • Solaris 8 (64-bit SPARC)                                                                         • HP-UX 11i v1 (64-bit PA-RISC)
 • Solaris 9 (64-bit SPARC)                                                                         • HP-UX 11i v2 (64-bit Itanium)
 • Solaris 10 (64-bit SPARC)



 Technical Specifications
 Authentication                           x.509v3 certificate-based
 Security Standards                       IPsec, IKE, x.509v3, FIPS 140-2
 IPsec Data Encryption                    3DES (168-bit key), AES-128, AES-256
 IPsec Data Integrity                     HMAC SHA-1
 Certificate Authority                    Embedded x.509v3 certificate-based with automatic certificate management
 Connection Authentication                x.509v3 certificate-based with verification using DSS
 Key Management                           Automatic key generation and updating using IPsec standard Internet Key Exchange protocol (IKE), Diffie-
                                          Hellman Key Exchange, Identity Protection
 Scalability                              Supports up to 100,000 agents




                                              www.apani.com, 2929 E. Imperial Hwy Suite 110, Brea, CA, 92821, USA,
                                 America +1.714.577.1600, United Kingdom +44 (0)118 9298060 Document Number 003ds1010v10
                         © 2011 Apani Networks. Apani and EpiForce are registered trademarks of Apani Networks. All other marks are the property of their respective owners.

				
DOCUMENT INFO