Embed Size (px)
Citation preview
CyberoamComplete Network Security for Banks
Cyberoam for Security in Banks
Dimensions of Banking Security
Cyberoam Solution
User Identity in Security
Solution Range
Dimension - 1 – External threats
External Threats – Attackers are after financial gain
• Targeting the Internal User
• Blended threats over multiple protocol
• Email: Over 90 % mail is spam carrying spyware, phishing, viruses, worm
• HTTP - Drive-by downloads, Pharming, Spyware via P2P sites
• IM: Malicious links and attachments
• FTP – Malicious uploads & downloads
Q1: Point Solutions? A combination? or UTM?
Dimension - 2 – Insider Threats
Insider Threats – Over 50% threats are from insiders
• Most attackers are current or former employees
• Majority of insiders plan their activities in advance using remote access
• Methods –Using someone else’s computer, Social engineering, Unattended terminal
• Malicious Intent: Selling corporate/customer data for financial gain
• User Ignorance: Indiscriminate surfing = Malware, Spyware
Q.2. Would you settle for Plain Security if you had the choice of Identity-based security?
Dimension – 3 – Remote Office Security
Remote Office Security – Greater Granularity and Control over system resources
• High Security Levels at par with Head Office
• External threats
• Internal threats
• Limited Technical Resources at Remote Office
• Centralized control and visibility required
• Regulatory Compliance: BS 7799/ ISO 27001, Basel II Norms, PCI-DSS
Q. 3. Are your remote offices as secure as the Head Office? At what cost?
Dimension – 4 – Safe Guarding Your EndPoints
Medical records of 741 patients lost by a hospital
60% corporate data lies unprotected on endpoints
Lost USBs
Lost Multimedia Discs
Wrong Email Attachment
Lost iPods
Personal information of 11.1mn customers of leading oil refinery (USA) found on streets
Bank employee accidentally sent sensitive customer details to wrong email address
12,500 handheld devices forgotten at the back of taxis every 6 months in UK
9000 USB sticks found in people's pockets at the local dry cleaners in UK
Dimension – 4 –Safe Guarding Your Network EndPoints
What Places Data At Risk?
ApplicationsWeb, Mail, IM, P2P, Printing, FTP
Removable DevicesUSBs, CDs/DVDs, MP3,
Digital cameras
InsidersUnauthorized transfer of sensitive data;
Malware-laden email for information access; Sensitive data sent to wrong person
Data At Risk• Intellectual property related to R&D • Business plans, RFP / Tender quotes
• Product launch dates and roadmap • Customer data
MaliciousUnintentional
Core Banking System Components
Datacenter
Network Administrators
Core-Banking Application
OS, Database
Internet-Banking
ATM
Desktops, Branch Servers
WAN, InternetWAN, Internet
Branches
Application Developers
System AdministratorsBranch User/Admins
Alternative Channels
Challenges
Existing Firewall inadequate for 1500 users. To be replaced or not?
Limitations of IP-based security – No tracing of malicious users, No reporting on Net use
No Anti-Malware / Content Filtering / Bandwidth Management / Multiple link management
No Endpoint Security
Cyberoam Solution
2 Cyberoam CR 1500i appliances act as Proxy. Active-Active, High Availability mode.
Firewall, IPS, Anti-Virus & Anti-Spam, Content Filtering
SSL-VPN Secure Remote Clientless, Access
Threat Free Tunnelling prevents malware
CR Protects Customer data in DMZ and LAN, does Load Balancing for 2 ISP’s
On-appliance reporting and Identity-based Surfing policies
Protection in dynamic and Wi-fi environments
Bank X– Case Study
Confidentiality – Only Authorized users may access
Restricted Zonal access –User Identity, VLAN
Incident Management – Identity-based logging & reporting
Device Control – Block unauthorized file copies, USBs etc.
Application Control – Authorized use of Applications Only
Summary of Benefits
Prevents unauthorized access, leakage / damage to information
Reduces the risk of human error, theft, fraud, misuse of infrastructure
Zero-hour threat detection and alerts with username
Ensures Quick and Suitable Response
Ongoing monitoring with username reports
Cyberoam Security to X Bank
Cyberoam Unified Threat Management
What is Cyberoam?
1. Comprehensive Security with
• Performance-Effectiveness-Granularity
• Firewall-VPN-IPS
• Gateway Anti-virus & Antispam
• Content Filtering & Bandwidth Management
• High-Availability &
Multiple Link Management
• On-Appliance Reporting
2. Identity-based Security
3. Comprehensive Branch Office Security
Firewall-VPN-IPS
Dimension 1
Why Cyberoam Firewall-VPN-IPS?
• Enterprise-class performance
• 6 Gbps Firewall Throughput, 2.5 Gbps IPS Throughput
Certifications
• ICSA certified Firewall
• Checkmark certified Enterprise UTM
• Interoperability with 3rd party VPN - VPNC certified
Benefits
• Prevents file uploads and data leakage via IM
• IPS signatures to prevent abnormal activity
• Works on Layer 8 – The Human layer
• Allows users to carry their access rights anywhere in the network
Dimension 1
Anti-virus & Anti-Spam
Dimension 1
Why Cyberoam Anti-Virus and Anti-Spam?
Anti-Virus:
99 % Anti-Virus detection rate; Zero-hour protection
Virus Outbreak Detection – Zero-hour protection
Anti-Spam:
98 % Spam detection rate – Low False Positive
Scans SMTP, POP3, IMAP with Recurrent Pattern Detection (RPDTM)
Content-agnostic and language independent – Image spam and emerging spam
Certification
Checkmark certified Anti-virus and Anti-spam
Dimension 1
Content Filtering
Dimension 1
Why Cyberoam Content Filtering?
• Database of millions of sites – 82 + categories
• HTTP upload control
• Categorizes Google cached pages with dynamic URLs
• Prevents Proxy surfing eg: tunnel proxy utility, open proxy, web proxy.
Certifications
• Checkmark certified Content Filtering
• Network Products Guide award - 2008
Dimension 1
Benefits
• Prevents entry of malware through unrestricted surfing
• Policies based on user identity
• Prevents Data Leakage
Bandwidth Management&
Multiple Link Management
Committed and burstable bandwidth
Restricts bandwidth usage by proper allocation on requirements basis
Prevents Bandwidth Choking
Controls cost – prevents excessive bandwidth usage
Why Cyberoam? Bandwidth Management
User Identity in Security
• Assigns bandwidth to critical users and applications – supports business agility
• Application and Identity-based bandwidth allocation
Dimension 1
Advanced Multiple Gateway Features
Auto gateway failover
Weighted round robin load balancing
Policy routing per application, user, source and destination
Gateway status on dashboard
No restriction on number of WAN Ports
Schedule based bandwidth assignment
What does it solve? Provides continuous connectivity
Security over multiple ISP links
Dimension 1
Why Cyberoam?Dimension - 2
Identity-based Security
Why Identity? – AAA through Cyberoam UTM Security
User
Authentication by Username – including Wi-Fi
Authorization - Access Rights based on pre-defined
corporate policies
Username – Not IP Addresses
Need-to-Use basis
Across distributed locations
Accounting – Centralized Logging and Reporting
with Username
Shows Who is Doing What even in Dynamic
Environments
DHCP - Wi-Fi - Shared Machine Scenarios
Data Leakage Control & Reporting (HTTP Upload)
Why Cyberoam?Dimension - 3
Branch Office Security
Why Cyberoam?
Branch Office Security
Comprehensive security
Branch user visibility and controls at HQ
Proven interoperability with 3rd party VPNs – VPNC certified
WAN optimization at branches
Bandwidth efficiency
Simplified Operations – No need for technical resource
Remote web-GUI management
Dimension 3
Secure Remote Access
• IPSec & SSL VPN on UTM Appliance
• Anywhere Secure Access to telecommuters, road warriors,
partners
• Threat Free Tunneling Technology – Scans endpoint for
malware
• Clientless VPN
• Full or limited access based on user work profile
• High scalability
• Easy to use and manage
Dimension 3
