Identity-based Unified Threat Management

1 Identity-based Unified Threat ManagementOne Identity – One Security 2 Agenda Evolution of...
Author: Helen Eagar
0 downloads 148 Views

1 Identity-based Unified Threat ManagementOne Identity – One Security

2 Agenda Evolution of IT SecurityChallenges of Unified Threat Management Introduction to Cyberoam UTM Cyberoam Product Walk-thru Cyberoam Credentials Awards & Accreditations 2

3 Increase in Threats & its Total damage cost

4 Evolution of Internet security solutionsBasic security began with firewalls Connectivity to branches, partners and remote workers High number of employees start accessing the Internet Slammer fueled the need for Intrusion Detection & Prevention As threats increased, other solutions were introduced Virus attacks rose in number and intensity Spam rose Blended threats emerge to exploit extensive Internet usage Average spam messages per day – 18.5 Time spent deleting them – 2.8 mintues. Average time lost in a day – 51.8 mts 14 % spam recipients actually read spam 4 % buy products advertised by spam 21 % spam in Jan 2005 was porn 1 in 5 employees view online pornography at work 70 percent of adult websites are hit between 9 am and 5 pm 30-40 percent of employees' Internet activity is not business related Slammer Hit on Saturday, January 25, 2003, 0030 Lost revenue spilled over halfway into the next week Total cost of the bailout: more than $1 billion Till today, no accountability has been established Firewalls enjoyed a monopoly until the starting of the 21st century Initial Firewalls were Stateless Firewalls which could not control the initiation of communication Later Stateful became more prevalent 6 % business s contained viruses – IBM That’s a staggering cost of $281-$304 per PC became more prevalent 25 % systems to be infected with spyware by this year– Forrester 65 % companies say they will invest in anti-spyware tools and upgrades Phishing mails grew 5,000 % last year Pharming makes an entry But multiple solutions brought in their share of problems

5 Current Challenges due to Multiple Internet Security SolutionsHigher purchase cost of Individual Appliances Problems in handling multiple Maintenance & Subscription Contracts Requirement of highly Technical man power to maintain Multiple Appliances & Solutions Difficult for a single network admin to handle increasing complexity of LAN Networks Excessive time taken to understand threat patterns with Individual Reports by Appliances Inadequacy in handling new blended attacks Need For Single Unified Appliance for all Internet Security Problems

6 UTM : Unified Threat ManagementA solution to fight against multiple attacks and threats

7 UTM Unified threat management (UTM) refers to a comprehensivesecurity product which integrates a range of security features into a single appliance. A true UTM Appliance should have following features in single solution: Firewall VPN Intrusion Prevention System Gateway Level Anti-virus for Mails, Website, File Transfers Gateway level Anti-spam Content Identification & Filtering Bandwidth Management for Applications & Services Load Balancing & Failover Facilities UTM

8 Benefits of UTM AppliancesReduced complexity All-in-one approach simplifies product selection, integration and support Easy to deploy Customers, VARs, VADs, MSSPs can easily install and maintain the products Remote Management Remote sites may not have security professionals – requires plug-&-play appliance for easy installation and management Better Man Power Management Reduction in dependency and number of high-end skilled Human resources Managed Services Security requirements & day to day operations can be outsourced to MSSPs

9 Challenges with Current UTM ProductsLack of user Identity recognition and control Inadequate in handling threats that target the user – Phishing, Pharming Unable to Identify source of Internal Threats Employee with malicious intent posed a serious internal threat Indiscriminate surfing exposes network to external threats 50 % of security problems originate from internal threats – Yankee Group Source of potentially dangerous internal threats remain anonymous Unable to Handle Dynamic Environments Wi-Fi DHCP Unable to Handle Blended Threats Threats arising out of internet activity done by internal members of organization External threats that use multiple methods to attack - Slammer Lack of In-depth Features Sacrificed flexibility as UTM tried to fit in many features in single appliance. Inadequate Logging, reporting, lack of granular features in individual solutions 50 % of security problems originate from internal threats – Yankee Group. Need for Identity based UTM…

10 Patent pending: Identity-based technologyUser

11 Layer 8 Firewall (Patent-pending Technology)Cyberoam firewall is the only UTM firewall that embeds user identity in firewall rule matching criteria, enabling enterprises to configure policies and identify users directly by the username rather than through IP addresses. Cyberoam’s powerful hardware firewall provides stateful and deep packet inspection, access control, user authentication, network and application-level protection. 11

12 Cyberoam – Identity Based SecurityCyberoam is the only Identity-based Unified Threat Management appliance that provides integrated Internet security to enterprises and educational institutions through its unique granular user-based controls.

13 Cyberoam Appliances CRi series for SOHO (Small Office-Home Office)& ROBO (Remote Office-Branch Office) CR 25i CRi series for Small to Medium Business CR 50i CR 100i CRi series for Medium Enterprises CR 250i CR 500i CRi series for Large Enterprises CR 1000i CR 1500i

14 Identity - based UTM

15 Cyberoam Product walk thru15

16 Cyberoam Unified Threat Management FeaturesCyberoam offers comprehensive threat protection with: Identity-based Firewall VPN Gateway Anti-Virus Gateway Anti-Spam Intrusion Prevention System Content Filtering Bandwidth Management Multiple Link Management On-Appliance Reporting 16

17 Cyberoam - Identity Based UTM Normal FirewallRule matching criteria - Source address - Destination address - Service (port) - Schedule Action - Accept - NAT - Drop - Reject - Identity However, fails in DHCP, Wi-Fi environment Unified Threat Controls (per Rule Matching Criteria) - IDP Policy - Internet Access Policy - Bandwidth Policy - Anti Virus & Anti Spam - Routing decision

18 Identity-based FirewallIdentity-based Security Identity vs. Authentication Stateful Inspection Firewall Centralized management for multiple security features Multiple zone security Granular IM, P2P controls Enterprise-Grade Security All the security features can be applied to each FW rule Cyberoam firewall is the only UTM firewall that embeds user identity in firewall rule matching criteria, enabling enterprises to configure policies and identify users directly by the username rather than through IP addresses. Cyberoam’s powerful hardware firewall provides stateful and deep packet inspection, access control, user authentication, network and application-level protection. 18


20 Gateway Anti-Virus 20

21 Gateway Anti- Virus FeaturesScans HTTP, FTP, SMTP, POP3, IMAP traffic on a combination of Source, Destination, Identity, Service and Schedule. Self-service quarantine area Identity-based HTTP virus reports Updates every ½ hour Spyware and other malware protection included Blocks “Phishing” s. 21

22 Gateway Anti-Spam 22

23 Gateway Anti-Spam FeaturesSpam filtering with (RPD) Recurrent Pattern Detection technology Virus Outbreak Detection (VOD) for zero hour protection Self-Service quarantine area Content-agnostic Change recipients of s Scans SMTP, POP3, IMAP traffic 23

24 Cyberoam’s Integration with CommtouchRPD (Recurrent Pattern Detection) Cyberoam’s Integration with Commtouch Threats over like spam, phishing, viruses, worms, are released in the billions within a short span of time. Today’s attackers launch threats for financial gain rather than out of malicious intent. They mask the originator and launch the attack using a network of zombie machines. With Zombie botnets carrying the ability to send up to 1 billion spam messages within a few hours, the spread of the attack is rapid. Gateway level spam protection for Zero-hour spam detection  To effectively match the speed with which attacks spread, zero-hour responsiveness is required to deliver enterprise security. Zero-hour protection swings into action, generating defenses in the first hour of an attack. Further, the content and characteristics of the message within a single attack differ, making it difficult to identify the threat through traditional methods. Solutions that rely on signature databases are likely to leave the enterprise defenses lowered during the critical first hours of attack. Cyberoam in Partnership with CommTouch RPD (Recurrent Pattern Detection) Cyberoam delivers zero-hour spam protection in addition to image spam defense though Recurrent Pattern Detection (RPD) technology. This unique content-agnostic technology detects and blocks image spam which accounts for almost 35 % of worldwide spam mail and 70% of bandwidth taken by spam.   Cyberoam’s anti-spam protection delivers maximum spam detection with low false positives through relevant, continuous and real-time spam detection. The solution reduces spyware, phishing and adware attempts, controls spam involving pornography while enhancing enterprise productivity by preventing mail systems from being submerged by spam Protects against Image-based Spam and spam in different languages The spam catch rate of over 98% 0.007 false positives in spam Local cache is effective for >70% of all spam resolution cases 24

25 Intrusion Prevention System (IPS)25

26 IPS Features Multiple and Custom IPS policies Identity-based policiesIdentity-based intrusion reporting Ability to define multiple policies Reveals User Identity in Internal Threats scenario 26

27 Cyberoam’s Customizable IPS Policy27

28 Identity-Based Content Filtering

29 Web and Application Filtering FeaturesDatabase of millions of sites in 82+ categories Blocks phishing, pharming, spyware URLs HTTP upload control Ability to control & Block Applications such as P2P, Streaming, Videos/Flash Local Database for the content filter reduces latency and dependence on network connectivity. Customized blocked message to educate users about organizational policies and reduce support calls

30 Identity Based Policies

31 Internet Access Policies for Individuals and Groups

32 Educate Users with Custom Denied Messages and Reduce Your Support CallsJames 32

33 Identity-based Bandwidth Management   Key Features            Pasted from Identity-based Bandwidth Management Application and Identity-based bandwidth allocation Committed and burstable bandwidth Time-based, schedule-based bandwidth allocation Restrict Bandwidth usage to a combination of source, destination and service/service group 33

34 Advanced Multiple Gateway FeaturesAuto failover Complex rule support for auto failover checking. Weighted round robin load balancing Policy routing per application ,user, source and destination. Gateway status on dashboard No restriction on number of WAN Ports Schedule based bandwidth assignment 34

35 External Authentication35

36 Authentication and External Integration36

37 Traffic Discovery 37

38 Identity Based “On Appliance” Reporting38

39 Reporting Module/ DeviceCyberoam Reports are placed on Appliance Other UTMs Reporting Module/ Device 39

40 Policy violation attempts40

41 Identification of User Surfing Patterns41

42 Application Wise Usage reports42

43 User Wise Usage reports43

44 Web Category Visit wise Report44

45 Category – Data Transfer reports45

46 Documents Uploaded across Organization

47 Mail Spam Summary Report (On Appliance)47

48 Traffic Discovery 48

49 Reports in Compliance with:CIPA HIPAA GLBA SOX FISMA PCI

50 50

51 Networking Features Features Active- Passive High AvailabilityStateful Failover VPN Failover Dynamic Routing (RIP, OSPF, BGP) 51

52 ASIC Vs. Multi-core Architecture52

53 ASICs (Application Specific Integrated Circuits) - Closed SystemsWhat is ASIC: Built to handle certain tasks faster than general purpose processors For e.g: Packet Filtering Drawbacks: Serial Processing ASICs cannot be reprogrammed to address new attacks ASICs accelerate traffic, but for complex tasks (VOIP, , web traffic), tasks are sent to secondary processor - thus depending on processor performance With each attack (not programmed) closed Systems become slower & Slower

54 Multicore Processor-based CyberoamWhat is Multi-core: More than one processors working together to achieve high processing power. Benefits: Purpose-built Hardware True Parallel Processing Each processor is programmed to run tasks parallel In case of a new attack, Cyberoam appliances do not suffer from performance degradation associated with switching from ASIC-based acceleration to general-purpose processors.

55 Cyberoam – Appliance DetailsThreats instead

56 Intrusion Detection and Prevention SignaturesCyberoam in Numbers More than virus signatures in the anti-virus database 370,000 82+ URLs categorized in categories 40 Million 3500+ * 98% Spam Detection False Positives Intrusion Detection and Prevention Signatures * 0.007%

57 Basic Appliance – One time saleIdentity-based Firewall VPN Bandwidth Management Multiple Link Management On Appliance Reporting 8*5 Tech Support & 1 Year Warranty Subscriptions Gateway Anti-Virus Subscription (Anti-malware, phishing, spyware protection included) Gateway Anti-spam Subscription Web & Application Filtering Subscription Intrusion Detection & Prevention (IDP) Subscription services are available on 1 Year, 2 Year or 3 Year subscription basis 57

58 Deployment Modes Cyberoam can be deployed in two modes:Bridge / Transparent Mode Gateway / Route / NAT Mode Proxy Mode

59 Cyberoam in Gateway Mode

60 Cyberoam in Bridge ModeUsers Router Network: x/24 Firewall INT IP: /24 Default Gateway:

61 Cyberoam Central Console - CCCReduces operational complexity and deployment time Minimizes errors and lowers administration cost Enables the MSSPs to have different personnel for managing different customer deployments Ease of use with view of multiple devices and network status at a glance Cyberoam Central Console enables enforcement of global policies for Firewall, Intrusion Detection & Prevention and Anti-virus scanning. This supports the creation and implementation of enterprise-wide security policy to strengthen branch and remote office security while lowering operational complexity.   The Cyberoam Central Console enables administrators to assign security policies based on user’s work profile even in remote locations. This fully leverages Cyberoam's unique user identity-based security approach.  

62 Cyberoam: Identity-based SecurityOverview of Cyberoam’s Security Approach: Who do you give access to: An IP Address or a User? Whom do you wish to assign security policies: Username or IP Addresses? In case of an insider attempted breach, whom do you wish to see: User Name or IP Address? How do you create network address based policies in a DHCP and a Wi-Fi network? How do you create network address based policies for shared desktops? 62

63 Cyberoam Credentials 63

64 “IDC believes that identity-based UTM represents the next generation in the burgeoning UTM marketplace. When enterprises realize the value of having identity as a full component of their UTM solution the increased internal security, protection against insidious and complex attacks, understanding individual network usage patterns, and compliance reporting - Cyberoam will benefit as the innovator.” Source: Unified Threat Management Appliances and Identity-Based Security: The Next Level in Network Security, IDC Vendor Spotlight (2007)

65 2008 - Emerging Vendor of the Year

66 Certifications AppliedPremium Anti-Virus Anti-Spyware Anti-Spam URL Filtering Firewall VPN IPS/IDP Cyberoam holds a unique & complete UTM certification                                           UTM Level 5 Certifications Applied ICSA Certification for High Availability ICSA Certified Firewall VPNC Certified for Basic VPN & AES Interoperability

67 Five Star Rated – Two Years RunningEnterprise March 2008 – UTM Roundup Cyberoam CR1000i July 2007 – UTM Roundup Cyberoam CR250i SMB “console is well organized and intuitive to navigate” “flexible and very powerful” “this appliance is a good value for almost any size environment”. “Fully loaded, with many great features” “packs a more serious punch” “can restrict or open internet access by bandwidth usage, surf time or data transfer”.

68 “deserves credit for its flexible configuration options, extensive security, content filtering, and bandwidth management features. “

69 LORD OF THE NETWORKS If there is no network security and discipline in small or large networks, the chaos may result with serious work and data loss. Cyberoam CR25i, which was sent to our test center, is a good solution for networks. This UTM (unified threat management) appliance has 100% control over the users in your network in addition to its firewall, package inspection and other similar features. It prevents you from the threats of anti-viruses and other harmful softwares with built in Kaspersky solution. It also provides you antispam feature. In addition to its advanced security features, you can manage your network in terms of identity based bandwith management, application control, site visiting logs. Normally you need a separate PC or similar device so as to record logs. But there is a hard disk of 80 GB in this appliance for this feature. (It was written 160 GB on original copy of the magazine by mistake.) You can also visit the website and inspect the online demo before buying the product. RESULT Cyberoam CR25i is a successful solution for security and network management especially for small business companies. Other advantages: Advanced features Flexible licensing options Free of charge service

70 Awards Tomorrow’s Technology Today 20072007 Finalist American Business Awards Product Excellence Award in the 3 categories: (2007) Integrated Security Appliance Security Solution for Education Unified Security 2007 Finalist Network Middle East Award Best Security Product Best SMB Networking Vendor VAR Editor’s Choice for Best UTM (2007) CRN – Emerging Tech Vendors 2007 Finalist Global Excellence in Network Security Solution

71 GLOBAL PRESENCE (Over 55 Countries)

72 Partial Clientele 72

73 Business alliances 73

74 Thank you!