1 Identity-Based Unified Threat Management One Identity – One SecurityShailesh Mecwan Manager – Business Development (Europe)
2 Agenda of PresentationAbout Company Challenges of UTM Scenario Introduction to Cyberoam Cyberoam Credentials / Awards/ Accreditations Cyberoam Product Walk-thru 2
3 Presence in USA, Asia, Middle East Est. in 1999 YoY Growth 200% 500+ Employees ISO Certified Presence in USA, Asia, Middle East Cyberoam Channel network in more than 75 Countries Invested by $90bn World’s Largest Private Equity Group 3
4 Elitecore Products
5 UTM : Unified Threat ManagementA solution to fight against multiple attacks and threats
6 UTM Unified threat management (UTM) refers to a comprehensivesecurity product which integrates a range of security features into a single appliance. A true UTM Appliance should have following features in single solution: Firewall VPN Intrusion Detection & Prevention Gateway Level Anti-virus for Mails, Website, File Transfers Gateway level Anti-spam Content Identification & Filtering Bandwidth Management for Applications & Services Load Balancing & Failover Facilities UTM
7 Benefits of UTM AppliancesReduced complexity All-in-one approach simplifies product selection, integration and support Easy to deploy Customers, VARs, VADs, MSSPs can easily install and maintain the products Remote Management Remote sites may not have security professionals – requires plug-and-play appliance for easy installation and management Better Man Power Management Reduction in dependency and number of high end skilled Human resources Managed Services Security requirements & day to day operations can be outsourced to MSSPs
8 Need for Identity based UTMChallenges with Current UTM Products Lack of user Identity recognition and control Inadequate in handling threats that target the user – Phishing, Pharming Unable to Identify source of Internal Threats Employee with malicious intent posed a serious internal threat Indiscriminate surfing exposes network to external threats 50 % of security problems originate from internal threats – Yankee Group Source of potentially dangerous internal threats remain anonymous Unable to Handle Dynamic Environments Wi-Fi DHCP Unable to Handle Blended Threats Threats arising out of internet activity done by internal members of organization External threats that use multiple methods to attack - Slammer Lack of In-depth Features Sacrificed flexibility as UTM tried to fit in many features in single appliance. Inadequate Logging, reporting, lack of granular features in individual solutions Need for Identity based UTM 50 % of security problems originate from internal threats – Yankee Group.
9 Layer 8 Firewall Cyberoam firewall is the only UTM firewall that embeds user identity in firewall rule matching criteria, enabling enterprises to configure policies and identify users directly by the username rather than through IP addresses. Cyberoam’s powerful hardware firewall provides stateful and deep packet inspection, access control, user authentication, network and application-level protection. 9
10 Identity-Based TechnologyUser
11 Cyberoam – Identity Based SecurityCyberoam is the only Identity-based Unified Threat Management appliance that provides integrated Internet security to enterprises and educational institutions through its unique granular user-based controls.
12 Cyberoam Credentials 12
13 Gartner MarketScope (Q2 2008) SMB Multifunction Firewallsx Source: Gartner’s MarketScope Q2 2008
14 Gartner Magic Quadrant SMB Multifunction Firewalls 2009Gartner Rates Cyberoam a Visionary “Cyberoam has a strong presence in Asia, and, in 2008, saw significant growth in EMEA.” “Cyberoam is fast to market with new features.”
15 “IDC believes that identity-based UTM represents the next generation in the burgeoning UTM marketplace. When enterprises realize the value of having identity as a full component of their UTM solution the increased internal security, protection against insidious and complex attacks, understanding individual network usage patterns, and compliance reporting - Cyberoam will benefit as the innovator.” Source: Unified Threat Management Appliances and Identity-Based Security: The Next Level in Network Security, IDC Vendor Spotlight (2007)
16 2008 - Emerging Vendor of the Year
17 Certifications Premium Premium Anti-Virus Anti-Spyware Anti-Spam URL Filtering Firewall VPN IPS/IDP UTM Level 5: Cyberoam holds a unique & complete UTM certification ICSA Certified Firewall ICSA Certified High-Availability VPNC Certified for Basic VPN & AES Interoperability
18 GLOBAL PRESENCE (Over 75 Countries)
19 Five Star Rating – Four Times in a Row!December 2008 – Product review Cyberoam CR100i April 2009 – Product review Cyberoam CR200i “Cyberoam delivers a wealth of features for the price, which include versatile identity- and policy-based security measures ” A lot of functionality, including good integration support, in a single easy-to-use appliance” also includes a solid web content filter and blocking for applications such as IM and P2P“ March 2008 – UTM Roundup Cyberoam CR1000i “Fully loaded, with many great features” “packs a more serious punch” “can restrict or open internet access by bandwidth usage, surf time or data transfer”. July 2007 – UTM Roundup Cyberoam CR250i “console is well organized and intuitive to navigate” “flexible and very powerful” “this appliance is a good value for almost any size environment”.
20 Awards 2008 Emerging Vendor of the Year for Network SecurityZDNET Asia- IT Leader of the Year 2008 Best Integrated Security Appliance Best Security Solution for Education Best Unified Security Tomorrow’s Technology Today 2007 SMB Product of the Year 2008 – Best Content Filtering CRN – Emerging Tech Vendors 2007 2007, Finalist Network Middle East Award 2008 Finalist Channel Middle East Award Finalist Global Excellence in Network Security Solution VAR Editor’s Choice for Best UTM (2007) 2007 Finalist American Business Awards
21 Sample Clientele
22 2008 Emerging Vendor of the Year – Asia-Pacific Frost & SullivanCyberoam differentiates on identity-based network access - which provides access control linking IP addresses with directory identity. Cyberoam's products have unique features and serve some distinct vertical markets. They are also potentially disruptive to competitors that are trying to enter emerging markets.” “ By offering identity-based policy making and visibility across all its security features, Cyberoam allows administrators to create customized user-based policies based on the user or department work profile. In addition, it offers instant visibility into "who is accessing what in the enterprise." In doing so, it enables enterprises to meet compliance requirements in addition to facilitating instant action in case of a security breach even in dynamic IP environments such as DHCP and Wi-Fi.” 2008 Emerging Vendor of the Year – Asia-Pacific Frost & Sullivan “One of the biggest strength behind the success of Cyberoam is its innovative product line – identity-based integrated security appliances. “ The UTM solution marketplace, a fairly nascent sector, is populated with over ten key vendors. In this crowded and extremely competitive market, Cyberoam performs well alongside its competitors with its identity-centric approach (which enables a more flexible and intuitive approach to security management in Butler Group’s opinion), and the combination of functional capabilities and strategies that are in close alignment with UTM’s target market.” 22
23 Business alliances 23
24 Cyberoam Product walk thru24
25 Identity-Based Firewall25
26 Cyberoam - Identity Based UTM Normal FirewallRule matching criteria - Source address - Destination address - Service (port) - Schedule Action - Accept - NAT - Drop - Reject - Identity However, fails in DHCP, Wi-Fi environment Unified Threat Controls (per Rule Matching Criteria) - IDP Policy - Internet Access Policy - Bandwidth Policy - Anti Virus & Anti Spam - Routing decision
27
28 MAC Base Filtering (Layer 2 to Layer 8 Security)Cyberoam firewall is the only UTM firewall that embeds user identity in firewall rule matching criteria, enabling enterprises to configure policies and identify users directly by the username rather than through IP addresses. Cyberoam’s powerful hardware firewall provides stateful and deep packet inspection, access control, user authentication, network and application-level protection. 28
29 MAC Based User Identity ControlCyberoam firewall is the only UTM firewall that embeds user identity in firewall rule matching criteria, enabling enterprises to configure policies and identify users directly by the username rather than through IP addresses. Cyberoam’s powerful hardware firewall provides stateful and deep packet inspection, access control, user authentication, network and application-level protection. 29
30 Identity-Based Content Filtering
31 Web and Application Filtering FeaturesDatabase of millions of sites in 82+ categories Blocks phishing, pharming, spyware URLs Data Leakage Prevention (HTTP upload control & reporting) Block & Control Applications such as P2P, Streaming, Videos/Flash Local Content Filter Database to reduces latency and dependence on network connectivity.
32 Web and Application Filtering FeaturesGoogle content categorization based on user policy: Cache Pages Translated Pages (http://translate.google.com) Enforcement of Google Safe Search Based on User Policy. Customized blocked message to educate users about organizational policies and reduce support calls 32
33 Identity Based Policies
34 Category Based Bandwidth ManagementAdvantages: Restrict bandwidth for non work related categories. Ensure bandwidth for productive categories. 34
35 Identity-based Bandwidth Management Key Features Pasted from
36 External Authentication36
37 Authentication and External Integration37
38 Automated Single Sign On (SSO) for Active DirectoryAgent based Clientless Single Sign On. Platform Independent: Windows All Versions Macintosh (Mac OS X) All Linux OS Just need to install one agent software on Active Directory Controller. 38
39 Advanced Multiple Gateway FeaturesActive-Active Auto Link Failover & Load Balancing Active-Passive Auto Link Failover Source & Destination Routing Support for more than 2+ ISP links Schedule based bandwidth assignment Gateway Alerts on Dashboard Bandwidth Utilization Graphs 39
40 Gateway Anti-Virus 40
41 Gateway Anti- Virus FeaturesScans WEB, FTP, Pop3, SMTP & IMAP traffic Self-service quarantine area Signature update ever 30 Mins Identity-based HTTP virus reports Disclaimer Addition to outbound s Spyware and other malware protection including “Phishing” s Block attachment based on Extensions (exe, .bat, .wav etc) 41
42 Gateway Anti-Spam 42
43 Gateway Anti-Spam FeaturesIP Reputation Filtering to block 85% of incoming messages at entry-point even before these messages enter the network. Spam filtering with (RPD) Recurrent Pattern Detection technology Virus Outbreak Detection (VOD) for zero hour protection Self-Service quarantine area User based Spam Digest Change recipients of s Scans SMTP, POP3, IMAP traffic Content-agnostic 43
44 Antispam Quarantine Area:44
45 Intrusion Prevention System (IPS)45
46 IPS Features Multiple and Custom IPS policies Identity-based policiesIdentity-based intrusion reporting Ability to define multiple policies Reveals User Identity in Internal Threats scenario 46
47 IPS Features Cyberoam IPS can log / block all type of applications:Anonymous Surfing: UltraSurf, TOR, Hotspot, FreeGate, JAP All external proxies (Regardless of IP / Port) P2P Applications: BitTorrent, Limewire, Ares, Bearshare, Shareazaa Morpheus, File transfer over MSN, Yahoo, Google Talk Anonymous VOIP: Justvoip, LowRateVOIP 47
48 Identity Based “On Appliance” Reporting48
49 Reporting Module/ DeviceCyberoam Reports are placed on Appliance Other UTMs Reporting Module/ Device 49
50 Policy violation attempts50
51 Identification of User Surfing Patterns51
52 Application Wise Usage reports52
53 User Wise Usage reports53
54 Web Category Visit wise Report54
55 Category – Data Transfer reports55
56 Data Leakage Report (HTTP Upload)
57 Mail Spam Summary Report (On Appliance)57
58 Traffic Discovery 58
59 Reports in Compliance with:CIPA HIPAA GLBA SOX FISMA PCI
60 60
61 VPN Features Cyberoam supports SSL-VPN, IPSec, L2TP, PPTPThreat Free Tunneling (TFT) VPN Firewall Management VPN Bandwidth Management VPN Protection – Antivirus / Antispam / IPS / Content Filtering / DoS VPN Topologies: Road-Warrior (Remote Access), Site to Site Hub & Spoke Branch Office Internet Traffic Tunneling over VPN Inter Branch Office Communication VPN Failover Main Mode / Aggressive Mode Identity based VPN control using xAuth Local digital certification authority (CA) and support external CA 61
62 License Free SSL-VPN: Client and Location independent accessAuthentication - AD, LDAP, RADIUS, Cyberoam Multi-layered Client Authentication - Certificate, Username/Password User & Group policy enforcement Network access - Split and Full tunneling End user Web Portal - Clientless access SSL VPN Tunneling Client - Granular access control to all the Enterprise Network resources Administrative controls: Session timeout, Dead Peer Detection, Portal customization 62
63 Cyberoam can be used as a HTTP ProxyDeployment Modes Cyberoam can be deployed in two modes: Bridge / Transparent Mode Gateway / Route / NAT Mode Cyberoam can be used as a HTTP Proxy in both the modes.
64 Other Network / System FeaturesHigh Availability (Active-Active / Active-Passive) Stateful Failover VPN Failover Dynamic Routing (RIP, OSPF, BGP) NTP Support Multiple Configurable Syslog Server Support GUI based Real Time Firewall Log Roll Back (Roll back to last upgraded version) 64
65 Multicore Processor-based CyberoamWhat is Multi-core: More than one processors working together to achieve high processing power. Benefits: Purpose-built Hardware True Parallel Processing Each processor is programmed to run tasks parallel In case of a new attack, Cyberoam appliances do not suffer from performance degradation associated with switching from ASIC-based acceleration to general-purpose processors.
66 Spam Detection URLs categorized in categories False PositivesCyberoam in Numbers More than virus signatures in the anti-virus database 2 Million URLs categorized in categories 82+ 44+ Million * 98% 3500+ Spam Detection False Positives IPS Signatures * 1 in million
67 Cyberoam CRi UTM Appliance RangeLarge Enterprises CR 1500i CR 1000i CR 500i Small to Medium Enterprises CR 300i CR 200i CR 100ia Small Offices CR 50ia CR 25i CR 15i 67
68 Cyberoam Demo:
69 Question/Answer Session69
70 Thank you!