GateMARA: The firewall that allows you to segment your internal network in a secure, fast and manageable manner

Today most organizations have implemented network perimeter security, but are missing proper solutions for the internal network. People begin to understand that internal threats pose an even greater danger than external ones. According to recent studies, almost all attacks with a significant impact have their origin in the internal network.

Today many organizations either refuse network access to consultants' and visitors' laptops or expose themselves to an unpredictable level. Users who are switching between internal and exteral networks with their laptops and PDAs, are often easy to attack and represent a nice entrance into the internal network. Discontent regular users and unknown visitors with unauthorized ad hoc connections to your network, pose an often underestimated risk. Not least to mention the never ending flow of malware.

MARA Systems developed GateMARA, a powerful RBAC based firewall specifically designed to fulfill the special requirements of the internal network.

Performance
GateMARA uses an advanced, state-of-the-art and highly optimized session classification algorithm based on the latest findings in computer science.

The high efficiency in its non-linear algorithm results in extremely quick evaluation and low latency for each packet. Even when the actual internal ruleset is huge and complex, GateMARA will scale smoothly under heavy loads. This gives security officials the power to specify security policies with arbitrary granularity even down to the detail of defining the rights to access a specific resource. It is not only possible to add any number of rules, but also easy. With GateMARA's unique administrative tools, translating even the most detailed security policy into firewall rules, is not an impossible task any longer.

Manageability
A fundamental rule true for all security devices is to keep complexity on a manageable level, since setup and maintenance tends to get more cumbersome and error-prone as the overall system complexity increases.

GateMARA considers this fundamental rule by incorporating Role Based Access Control (RBAC) into the administration of the firewall. RBAC allows to create administrative roles in an hierarchical tree. Responsibility of security zones can then be delegated to parts further down the tree which only have administrative power to the resources required for this security zone. Thus it is possible to have a very precise segmentation, enabling to manage even large and complicated networks. Tasks and results can be controlled by administrators knowing most about the specific segment.


The straightforward rule administration provides a better general view on the actual configuration which will help to create a correct rule set. Before committing changes to the rule set, each administrative role can test out and verify their own rules independently and in a sandbox without clashing with network traffic or other roles.

Low cost of ownership
The role based administration based on RBAC makes it easy to provide each administrator with as much authority as is required without giving away too much power. This feature will not only increase security, but also productivity. The core network administrators can concentrate on issues beneficial to the whole organization and staff members of different departments who will be able to take care of their local problems. This reduces the amount of highly skilled expensive security experts, needed to maintain a high level of security. A well designed RBAC tree will make daily modifications possible without unpredictable risks.

Easy roll out
A displacement with GateMARA will allow organizations which are already using traditional firewalls between different departments to achieve a much more fine grained supervision of their network and reduce the number of administration points.

When GateMARA is installed, the network can easily be divided into many logical levels where the points of inspection reflect security needs rather than physical wiring issues.

Thanks to its bridging and routing firewall technology, GateMARA is capable of controlling the communication between VLANs without the risk of spoofing. Isolation of different security zones can be kept intact even when the segmentation is done without changes to the IP addressing.

GateMARA incorporates dynamic user based firewall rules and integrates with Active Directory, LDAP, RADIUS and 802.1x. This ensures compatibility to well-known standards and allows to base your rules not only on machines, but also on users. The security policy will apply independently to the machine or part of your network to which your users log in.

These unique features make the transition to GateMARA quick and painless.