Upload
hakhuong
View
239
Download
3
Embed Size (px)
Citation preview
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Identity-Based Unified Threat ManagementOne Identity – One Security
Presentation
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Agenda of Presentation
• About Company• Challenges of UTM Scenario• Introduction to Cyberoam• Cyberoam Credentials / Awards/ Accreditations• Cyberoam Product Walk-thru
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Est. in 1999 500+ Employees ISO 9001-2000 Certified Presence in USA, Asia, Middle East Product installations in 55+ Countries Invested by $90bn World’s Largest
Private Equity Group
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
UTM : Unified Threat Management
A solution to fight against multiple attacks and threats
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
A true UTM Appliance should have following features in single solution:
1. Firewall
2. VPN
3. Intrusion Detection & Prevention
4. Gateway Level Anti-virus for Mails, Website, File Transfers
5. Gateway level Anti-spam
6. Content Identification & Filtering
7. Bandwidth Management for Applications & Services
8. Load Balancing & Failover Facilities
UTM
UTM
Unified threat management (UTM) refers to a comprehensive security product which integrates a range of security features into a single appliance.
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Benefits of UTM Appliances
Reduced complexity All-in-one approach simplifies product selection, integration and support
Easy to deployCustomers, VARs, VADs, MSSPs can easily install and maintain the products
Remote Management Remote sites may not have security professionals – requires plug-and-play appliance for easy installation and management
Better Man Power ManagementReduction in dependency and number of high end skilled Human resources
Managed ServicesSecurity requirements & day to day operations can be outsourced to MSSPs
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Lack of user Identity recognition and control Inadequate in handling threats that target the user – Phishing, Pharming
Unable to Identify source of Internal Threats Employee with malicious intent posed a serious internal threat Indiscriminate surfing exposes network to external threats 50 % of security problems originate from internal threats – Yankee Group Source of potentially dangerous internal threats remain anonymous
Unable to Handle Dynamic Environments Wi-Fi DHCP
Unable to Handle Blended Threats Threats arising out of internet activity done by internal members of organization External threats that use multiple methods to attack - Slammer
Lack of In-depth Features Sacrificed flexibility as UTM tried to fit in many features in single appliance. Inadequate Logging, reporting, lack of granular features in individual solutions
Challenges with Current UTM Products
Need for Identity based UTM…
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Layer 8 Firewall (Patent-pending Technology)
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Patent Pending: Identity-Based Technology
User
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Cyberoam is the only Identity-based Unified Threat Management appliance that provides integrated Internet security to enterprises and educational institutions through its unique granular user-based controls.
Cyberoam – Identity Based Security
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Cyberoam Appliances CRi Series
CRi series for SOHO (Small Office-Home Office) & ROBO (Remote Office-Branch Office)CR 15wi - WirelessCR 15iCR 25iaCR 35ia
CRi series for Small to Medium Business
CR 50iaCR 100iaCR 200i
CRi series for Medium Enterprises CR 300i
CR 500iaCR 750ia
CRi series for Large Enterprises
CR 1000i CR 1500i
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
• Identity-based Firewall• VPN• Bandwidth Management• Multiple Link Management• On Appliance Reporting• 8*5 Tech Support & 1 Year Warranty
Subscriptions• Gateway Anti-Virus Subscription (Anti-malware, phishing, spyware protection included)• Gateway Anti-spam Subscription• Web & Application Filtering Subscription• Intrusion Prevention System (IPS)• 8*5 Tech Support & 1 Year Warranty
Subscription services are available on 1 Year, 2 Year or 3 Year subscription basis
Basic Appliance
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
2008 - Emerging Vendor of the Year
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
CertificationsUTM Level 5 complete UTM certification
Anti-Virus Anti-Spyware Anti-Spam URL Filtering Firewall VPN IPS/IDP
Premium
ICSA Certified Firewall
VPNC Certified for Basic VPN & AES Interoperability
Certifications - pipeline
ICSA Certification for High AvailabilityIPv6 compliance
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
“console is well organized and intuitive to navigate”
“flexible and very powerful”
“Fully loaded, with many great features”
“packs a more serious punch” “can restrict or open internet access
by bandwidth usage, surf time or data transfer”.
Enterpr
iseMarch 2008 – UTM Roundup
Cyberoam CR1000iSMB
Five Star Rated – Three Years RunningJuly 2007 – UTM Roundup
Cyberoam CR250i
Finalist in SC Magazine Awards 2009, Europe
Cyberoam has been short-listed as a finalist for the Best SME Security Category
Year 2009 – UTM RoundupOne of the best UTM
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
“deserves credit for its flexible configuration options, extensive security, content filtering, and bandwidth management features. “
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Get top tech companyFrom Zdnet Asia 2008/09
Tomorrow’s Technology Today 2007
2007 Finalist American Business Awards
2007 Finalist Network Middle East Award
Best Security Product Best SMB Networking Vendor
VAR Editor’s Choice for Best UTM (2007 –left , 2008-right)
Finalist - 2008 Global Excellence in Network Security Solution
CRN – Emerging Tech Vendors 2007
Awards
Finalist – PC pro awards 2009for the Business Hardware of the year
Received Gold Award from IDG Channel World Magazine
Best network security vendor 2009
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
GLOBAL PRESENCE (Over 55 Countries)
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Global Clientele
USA Largest Chain Store
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Education:
DY Patil Institute of Management
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
客戶參考
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
BFSI & Govt. Clientele
BSNL
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Malaysia Government Clients
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Malaysia Corporate Clients
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Cyberoam Product walk thru
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Normal Firewall
• Rule matching criteria - Source address
- Destination address - Service (port) - Schedule
• Action - Accept
- NAT - Drop - Reject
- Identity
Cyberoam - Identity Based UTM
• Unified Threat Controls (per Rule Matching Criteria) - IDP Policy - Internet Access Policy - Bandwidth Policy - Anti Virus & Anti Spam - Routing decision
• However, fails in DHCP, Wi-Fi environment
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Next Generation Layer 7 Firewall
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Port 443
Port 80
443
80
443
80 21
1st Generation Firewalls
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
MailSkype WebBit
Torrent
Application Firewalls – CR Version 9
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
CRM ERPSalesforceYouTubeIM
ApplicationWebmailCasualTraffic
Application Firewall Crowd of Applications Bandwidth Management
Next Generation Firewalls – Version X
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
CRM ERP
Salesforce
YouTube
IM Application
Webmail
CasualTraffic
Application Firewall Crowd of Applications Bandwidth Management
Next Generation Firewalls
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
New Architecture &Firmware
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Salient Features of theNG GUI
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Accordion Menu & TABs for easy navigation of menu items
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Easy Access Top Panel
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Identity-Based Content Filtering
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Database of millions of sites in 82+ categories
Blocks phishing, pharming, spyware URLs
HTTP upload control & reporting
Web and Application Filtering Features
Block & Control Applications such as P2P, Streaming, Videos/Flash
Local Content Filter Database to reduces latency and dependence
on network connectivity.
Customized blocked message to educate users about
organizational policies and reduce support calls
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Identity Based Policies
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Educate Users with Custom Denied Messages and Reduce Your Support Calls
James
http://www.screensaver.com
Dear Mark,
The web site you are trying to access is listed within the category SpywareandP2P
It can result in download of spyware and adware which result in popups. They are a threat to you and the enterprise and can slow the network down.
http://www.screensaver.comhttp://www.screensaver.com
Dear Mark,
The web site you are trying to access is listed within the category SpywareandP2P
It can result in download of spyware and adware which result in popups. They are a threat to you and the enterprise and can slow the network down.
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Key Features
Pasted from <http://cyberoam.com/bandwidthmanagement.html>
Application and Identity-based bandwidth allocation
Committed and burstable bandwidth
Time-based, schedule-based bandwidth allocation
Restrict Bandwidth usage to a combination of source, destination and
service/service group
Identity-based Bandwidth Management
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
External Authentication
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Authentication and External Integration
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Advanced Multiple Gateway Features
Schedule based bandwidth assignment
Gateway Alerts on Dashboard
Bandwidth Utilization Graphs
Active-Active Auto Link Failover & Load Balancing
Active-Passive Auto Link Failover
Source & Destination Routing
Support for more than 2+ ISP links
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Gateway Anti-Virus
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Scans WEB, FTP, Pop3, SMTP & IMAP traffic Self-service quarantine area Signature update ever 30 Mins Identity-based HTTP virus reports Disclaimer Addition to outbound emails Spyware and other malware protection including “Phishing” emails Block attachment based on Extensions (exe, .bat, .wav etc)
Gateway Anti- Virus Features
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Gateway Anti-Spam
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Spam filtering with (RPD) Recurrent Pattern Detection technology
Virus Outbreak Detection (VOD) for zero hour protection
Self-Service quarantine area
Content-agnostic
Change recipients of emails
Scans SMTP, POP3, IMAP traffic
Gateway Anti-Spam Features
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Protects against Image-based Spam and spam in different languages The spam catch rate of over 98% 1 in Million false positives in spam Local cache is effective for >70% of all spam resolution cases
RPD (Recurrent Pattern Detection)
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Intrusion Prevention System (IPS)
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Multiple and Custom IPS policies Identity-based policies
Identity-based intrusion reporting
Ability to define multiple policies
Reveals User Identity in Internal Threats scenario
IPS Features
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Cyberoam in Numbers
More than virus signatures in the anti-virus database
URLs categorized in categories
Spam Detection
False Positives
IPS Signatures
500,000
More than 50 Million
82+
* 98%* 1 in million
More than 5500+
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Other Network / System Features
• High Availability (Active-Active / Active-Passive)
• Stateful Failover
• VPN Failover
• Dynamic Routing (RIP, OSPF, BGP)
• NTP Support
• Multiple Configurable Syslog Server Support
• GUI based Real Time Firewall Log
• Roll Back (Roll back to last upgraded version)
… And Much More
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
What is Multi-core:
More than one processors working together to achieve high processing power.
Benefits: Purpose-built Hardware
True Parallel Processing
Each processor is programmed to run tasks parallel
In case of a new attack, Cyberoam appliances do not suffer
from performance degradation associated with switching from
ASIC-based acceleration to general-purpose processors.
Multicore Processor-based Cyberoam
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Cyberoam Reports are placed on Appliance
Other UTMsReporting Module/
Device
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Integrated iView Reporting
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Subscription free On-Appliance Reporting Real-time Monitoring and Alerting
Over 1100+ Drilldown Reports Reports in HTML, MHTML, PDF, & CSV formats & Email Alerts
Web 2.0 GUI and Reporting interface.
iView(Cyberoam Aggregated Reporting & Logging Software)
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Instant Messaging Logging & Control
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Instant Messaging Logging & Control
• Yahoo & Windows Live Messaging• Control Who Communicates with Whom• Control Webcam usage• Control Voice Usage• Individual as well as Group Control
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Control who can chat with whom
Archive Communication
Control communication medium(chat, video, voice)
Data Protection
Productivity
Instant Messaging & Control
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Cyberoam supports IPSec, SSL VPN, L2TP, PPTP
Threat Free Tunneling (TFT) VPN Firewall Management VPN Bandwidth Management VPN Protection – Antivirus / Antispam / IPS / Content Filtering / DoS
VPN Topologies: Road-Warrior (Remote Access), Site to Site Hub & Spoke VPN Failover
Main Mode / Aggressive Mode
Identity based VPN control using xAuth
Local digital certification authority (CA) and support external CA
VPN Features
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
SSL VPN Enhancements• Application Access Mode within Web Browzer
• HTTP, HTTPS• RDP• Telnet , SSH• FTP
• SSL VPN Client• Save Password• Auto Start VPN Connection
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Stability & Performance
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Stability & Performance
• Firmware based approach• ~10 second Soft Reboot Time• Fast GUI Access
• Extensible Architecture vs ASIC• Preparing for upcoming threats
• HTTP Proxy Enhancements for HTTP 1.1 protocol• Extensive Logging and Log Viewer for Instant Troubleshooting• Getting ready for the Enterprise.
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
…And Much More• Role Based Access Control• Multiple Authentication Support for User• External Authentication for Administrator• Customer My Account Revamp• HTTP DDoS attack protection• Naming Firewall Rules for easy troubleshooting• HTTP & FTP scanning over custom ports
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
…And Much More
• Inline Captive Portal• HTTPS
• Super Enhanced Packet Capture Log & Log Viewer• VLAN over WAN• Support for MD5 Authentication for RIP & OSPF• Enhanced IPS Actions
• Drop Connection• Drop Attack Source
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
IPv6 Ready
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
IPV4
Cyberoam – With IPv6 Ready Logo – Only 2
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
IPv6 Ready• Only the 2nd UTM• IPv4IPv6 tunneling• IPv6IPv4 tunneling
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
3G & Wimax USB Card Connectivity
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Version X Summary
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Security
Productivity
Connectivity
• Application Control• SSL (HTTPS)
Scanning• Instant Messaging
Control • Firmware based Approach
• Usable GUI• Performance
• 3G Support• IPv6 Ready• SSL VPN
Application Access Mode
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Overview of Cyberoam’s Security Approach:
Who do you give access to: An IP Address or a User?
Whom do you wish to assign security policies:
Username or IP Addresses?
In case of an insider attempted breach, whom do you wish to
see: User Name or IP Address?
How do you create network address based policies in a DHCP
and a Wi-Fi network?
How do you create network address based policies for shared
desktops?
Cyberoam: Identity-based Security
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Question/Answer Session
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Please visit us at www.secureone.com.my
Thank You