There Is Intelligent Life On Protego's New Security Appliance, PN-MARS

The Protego MARS series of security appliances is built around standard Intel platforms with a hardened operating system, embedded Oracle database, proprietary logic, scalable architecture and Web-based user interface. Performance characteristics and price points vary by model to accommodate a wide range of deployment scenarios, network sizes and corporate budgets. CRN Test Center engineers reviewed the PN-MARS 100, which can process up to 5,000 events per second. The unit contains a 750-Gbyte RAID 10 storage array in a 3U chassis and operates in a fashion similar to a dual-honed firewall.

Protego's automated network discovery function obtains device configuration information and captures events and logs from a wide range of network devices, security devices, hosts and host applications. It also builds a virtual network topology complete with device configuration and security policies. The appliance operates out of line, so its presence does not affect network performance. The PN-MARS 100 identifies network and application threats through sophisticated event correlation and threat validation. Once the MARS 100 makes administrators aware of an attack, they can prevent or contain it in realtime by initiating specific mitigation commands to network enforcement devices.

Information about the attack is then normalized and grouped with information about similar attack types. Protego's ContextCorrelation technology groups multiple events and network behavior across network address translation (NAT) boundaries in a session. System and user-defined correlation rules are then applied to multiple sessions to identify valid incidents. Predefined rules are regularly updated by Protego so the appliance is able to identify most types of attacks. A GUI-based utility lets administrators create custom rules that consider business-specific information when searching for and identifying attacks.

Protego's SureVector Analysis technology helps identify the source of an attack by assessing the end-to-end attack path components. Attackers are identified by MAC address, workstation and user name, and the appliance maps the full attack path from source to destination. The AutoMitigate capability identifies vulnerable devices along the attack path and pinpoints what security measures administrators should take to eliminate the threat. Network traffic behavior analysis is obtained using Netflow baselines gathered from routers and switches, and complements data obtained from firewall logs, network intrusion-detection system (NIDS) and host intrusion-protection system (HIPS) events. By comparing network traffic against a "normal" view of activity, the appliance can help identify new, unregistered attacks.

The PN-MARS 100 appliance is centrally managed through a secure Web-based interface. More than 50 predefined reports can satisfy typical management, operational and regulatory compliance requirements, and a report generator can modify the predefined reports to meet the special needs of specific businesses or industries. An optional device, the PN-MARS Global Controller (GC), can communicate with and manage more than 50 PN-MARS appliances simultaneously.

The PN-MARS 100 is installed on a TCP/IP network where it sends and receives Syslog information and simple network management protocol (SNMP) traps and establishes secure sessions with deployed network and security devices. No additional hardware or software is required.

The installer simply configures all log sources to point to the MARS appliance and enables those sources on the appliance. An unlimited number of devices can be supported by the appliance, and there are no additional costs for additional devices, user or administrative seats, hardware, server software, database or database management.

Prices for the PN-MARS series range from $10,995 to $99,995. The PN-MARS 100 model evaluated by the CRN Test Center costs $79,995.

Protego's channel program separates partners into Pro and Pro Advantage levels based on networking and security sales and support infrastructure, the partner's ability to maintain trained personnel, and a business plan approved by Protego. Partners at both levels must meet additional training and sales volume commitments.

Pro Advantage partners receive training, technical support, pre-and post-sales integration assistance and marketing support, and earn market development funds. Pro Advantage partners earn at least a 30 percent margin. Partners at this level also receive leads, marketing and sales collateral and event participation opportunities. Technical support is available online and by phone through a partner designated technical support line during normal business hours.

CHANNEL PROGRAM SNAPSHOTS
>Protego PN-MARS

COMPANY: Protego Networks, Inc.
Sunnyvale, Calif.
(408) 329-5800
www.protegonetworks.com
DISTRIBUTORS: Direct from vendor
AUTHORIZATION REQUIREMENTS: None
TECH RATING:

CHANNEL RATING:

Note: Recommended status is earned with a score of eight stars out of 10