cyberoam - unified threat management unified threat management cyberoam identity-based unified...
TRANSCRIPT
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Identity-based Unified Threat Management
One Identity – One Security
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Agenda
• Evolution of IT Security• Challenges of Unified Threat Management• Introduction to Cyberoam UTM• Cyberoam Product Walk-thru• Cyberoam Credentials Awards & Accreditations
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Increase in Threats & its Total damage cost
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
• Basic security began with firewalls
• As threats increased, other solutions were introduced• Virus attacks rose in number and intensity
6 % business emails contained viruses – IBM That’s a staggering cost of $281-$304 per PC Email became more prevalent
• Spam rose
Average spam messages per day – 18.5
Time spent deleting them – 2.8 mintues.
Average time lost in a day – 51.8 mts
14 % spam recipients actually read spam
4 % buy products advertised by spam 21 % spam in Jan 2005 was porn
• Slammer fueled the need for Intrusion Detection & Prevention • High number of employees start accessing the Internet
• Connectivity to branches, partners and remote workers
But multiple solutions brought in their share of problems
25 % systems to be infected with spyware by this year– Forrester
65 % companies say they will invest in anti-spyware tools and upgrades
Phishing mails grew 5,000 % last year Pharming makes an entry
1 in 5 employees view online pornography at work
70 percent of adult websites are hit between 9 am and 5 pm
30-40 percent of employees' Internet activity is not business related
• Blended threats emerge to exploit extensive Internet usage
Slammer Hit on Saturday, January 25, 2003, 0030
Lost revenue spilled over halfway into the next week
Total cost of the bailout: more than $1 billion
Till today, no accountability has been established
Firewalls enjoyed a monopoly until the starting of the 21st century
Initial Firewalls were Stateless Firewalls which could not control the initiation of communication
Later Stateful became more prevalent
Evolution of Internet security solutions
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Current Challenges due to Multiple Internet Security Solutions
• Higher purchase cost of Individual Appliances• Problems in handling multiple Maintenance & Subscription Contracts• Requirement of highly Technical man power to maintain Multiple Appliances & Solutions• Difficult for a single network admin to handle increasing complexity of LAN Networks • Excessive time taken to understand threat patterns with Individual Reports by Appliances• Inadequacy in handling new blended attacks
Need For Single Unified Appliance for all Internet Security Problems
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
UTM : Unified Threat Management
A solution to fight against multiple attacks and threats
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
A true UTM Appliance should have following features in single solution:
1. Firewall
2. VPN
3. Intrusion Prevention System
4. Gateway Level Anti-virus for Mails, Website, File Transfers
5. Gateway level Anti-spam
6. Content Identification & Filtering
7. Bandwidth Management for Applications & Services
8. Load Balancing & Failover Facilities
UTM
UTM
Unified threat management (UTM) refers to a comprehensive security product which integrates a range of security features into a single appliance.
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Benefits of UTM Appliances
Reduced complexity
All-in-one approach simplifies product selection, integration and support
Easy to deploy
Customers, VARs, VADs, MSSPs can easily install and maintain the products
Remote Management
Remote sites may not have security professionals – requires plug-&-play appliance for
easy installation and management
Better Man Power Management
Reduction in dependency and number of high-end skilled Human resources
Managed Services
Security requirements & day to day operations can be outsourced to MSSPs
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Lack of user Identity recognition and control Inadequate in handling threats that target the user – Phishing, Pharming
Unable to Identify source of Internal Threats Employee with malicious intent posed a serious internal threat Indiscriminate surfing exposes network to external threats 50 % of security problems originate from internal threats – Yankee Group Source of potentially dangerous internal threats remain anonymous
Unable to Handle Dynamic Environments Wi-Fi DHCP
Unable to Handle Blended Threats Threats arising out of internet activity done by internal members of organization External threats that use multiple methods to attack - Slammer
Lack of In-depth Features Sacrificed flexibility as UTM tried to fit in many features in single appliance. Inadequate Logging, reporting, lack of granular features in individual solutions
Challenges with Current UTM Products
Need for Identity based UTM…
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Patent pending: Identity-based technology
User
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Layer 8 Firewall (Patent-pending Technology)
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Cyberoam is the only Identity-based Unified Threat Management appliance that provides integrated Internet security to enterprises and educational institutions through its unique granular user-based controls.
Cyberoam – Identity Based Security
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
CRi series for SOHO (Small Office-Home Office) & ROBO (Remote Office-Branch Office)
CR 25i
CRi series for Small to Medium Business
CR 50i CR 100i
CRi series for Medium Enterprises
CR 250iCR 500i
CRi series for Large Enterprises
CR 1000i CR 1500i
Cyberoam Appliances
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Identity - based UTM
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Cyberoam Product walk thru
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Cyberoam Unified Threat Management Features
Cyberoam offers comprehensive threat protection with:
• Identity-based Firewall• VPN• Gateway Anti-Virus • Gateway Anti-Spam • Intrusion Prevention System• Content Filtering• Bandwidth Management • Multiple Link Management• On-Appliance Reporting
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Normal Firewall
• Rule matching criteria - Source address
- Destination address - Service (port) - Schedule
• Action - Accept
- NAT - Drop - Reject
- Identity
Cyberoam - Identity Based UTM
• Unified Threat Controls (per Rule Matching Criteria) - IDP Policy - Internet Access Policy - Bandwidth Policy - Anti Virus & Anti Spam - Routing decision
• However, fails in DHCP, Wi-Fi environment
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Identity-based Security
Identity vs. Authentication
Stateful Inspection Firewall
Centralized management for
multiple security features
Multiple zone security
Granular IM, P2P controls
Enterprise-Grade Security
All the security features can be
applied to each FW rule
Identity-based Firewall
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Gateway Anti-Virus
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Scans HTTP, FTP, SMTP, POP3, IMAP traffic on a combination of Source, Destination, Identity, Service and Schedule.
Self-service quarantine area
Identity-based HTTP virus reports
Updates every ½ hour
Spyware and other malware protection included
Blocks “Phishing” emails.
Gateway Anti- Virus Features
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Gateway Anti-Spam
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Spam filtering with (RPD) Recurrent Pattern Detection
technology
Virus Outbreak Detection (VOD) for zero hour
protection
Self-Service quarantine area
Content-agnostic
Change recipients of emails
Scans SMTP, POP3, IMAP traffic
Gateway Anti-Spam Features
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Cyberoam’s Integration with Commtouch
Protects against Image-based Spam and spam in different languages
The spam catch rate of over 98%
0.007 false positives in spam
Local cache is effective for >70% of all spam resolution cases
RPD (Recurrent Pattern Detection)
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Intrusion Prevention System (IPS)
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Multiple and Custom IPS policies
Identity-based policies
Identity-based intrusion reporting
Ability to define multiple policies
Reveals User Identity in Internal Threats
scenario
IPS Features
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Cyberoam’s Customizable IPS Policy
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Identity-Based Content Filtering
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Database of millions of sites in 82+ categories
Blocks phishing, pharming, spyware URLs
HTTP upload control
Ability to control & Block Applications such as P2P, Streaming,
Videos/Flash
Local Database for the content filter reduces latency and dependence
on network connectivity.
Customized blocked message to educate users about organizational
policies and reduce support calls
Web and Application Filtering Features
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Identity Based Policies
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Internet Access Policies for Individuals and Groups
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Educate Users with Custom Denied Messages and Reduce Your Support Calls
James
http://www.screensaver.com
Dear Mark,
The web site you are trying to access is listed within the category SpywareandP2P
It can result in download of spyware and adware which result in popups. They are a threat to you and the enterprise and can slow the network down.
http://www.screensaver.comhttp://www.screensaver.com
Dear Mark,
The web site you are trying to access is listed within the category SpywareandP2P
It can result in download of spyware and adware which result in popups. They are a threat to you and the enterprise and can slow the network down.
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Key Features
Pasted from <http://cyberoam.com/bandwidthmanagement.html>
Application and Identity-based bandwidth allocation
Committed and burstable bandwidth
Time-based, schedule-based bandwidth allocation
Restrict Bandwidth usage to a combination of source, destination and
service/service group
Identity-based Bandwidth Management
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Advanced Multiple Gateway Features
Auto failover
Complex rule support for auto failover checking.
Weighted round robin load balancing
Policy routing per application ,user, source and destination.
Gateway status on dashboard
No restriction on number of WAN Ports
Schedule based bandwidth assignment
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
External Authentication
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Authentication and External Integration
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Traffic Discovery
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Identity Based “On Appliance” Reporting
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Cyberoam Reports are placed on Appliance
Other UTMsReporting Module/
Device
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Policy violation attempts
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Identification of User Surfing Patterns
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Application Wise Usage reports
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
User Wise Usage reports
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Web Category Visit wise Report
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Category – Data Transfer reports
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Documents Uploaded across Organization
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Mail Spam Summary Report (On Appliance)
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Traffic Discovery
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Reports in Compliance with:
CIPA HIPAA GLBA SOX FISMA PCI
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Networking Features
Features
• Active- Passive High Availability
• Stateful Failover
• VPN Failover
• Dynamic Routing (RIP, OSPF, BGP)
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
ASIC Vs. Multi-core Architecture
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
What is ASIC:
Built to handle certain tasks faster than general purpose processors
For e.g: Packet Filtering
Drawbacks:
Serial Processing
ASICs cannot be reprogrammed to address new attacks
ASICs accelerate traffic, but for complex tasks (VOIP, email, web traffic), tasks are sent to
secondary processor - thus depending on processor performance
With each attack (not programmed) closed Systems become slower & Slower
ASICs (Application Specific Integrated Circuits) - Closed Systems
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
What is Multi-core:
More than one processors working together to achieve high processing power.
Benefits:
Purpose-built Hardware
True Parallel Processing
Each processor is programmed to run tasks parallel
In case of a new attack, Cyberoam appliances do not suffer from
performance degradation associated with switching from ASIC-
based acceleration to general-purpose processors.
Multicore Processor-based Cyberoam
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Cyberoam – Appliance Details
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Cyberoam in Numbers
More than virus signatures in the anti-virus database
URLs categorized in categories
Spam Detection
False Positives
Intrusion Detection and Prevention Signatures
370,000
40 Million
82+
* 98%* 0.007%
3500+
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
• Identity-based Firewall• VPN• Bandwidth Management• Multiple Link Management• On Appliance Reporting• 8*5 Tech Support & 1 Year Warranty
Subscriptions
•Gateway Anti-Virus Subscription (Anti-malware, phishing, spyware protection included)•Gateway Anti-spam Subscription•Web & Application Filtering Subscription•Intrusion Detection & Prevention (IDP)
Subscription services are available on 1 Year, 2 Year or 3 Year subscription basis
Basic Appliance – One time sale
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Cyberoam can be deployed in two modes:
Deployment Modes
Bridge / Transparent Mode
Gateway / Route / NAT Mode
Proxy Mode
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Cyberoam in Gateway Mode
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Default Gateway: 192.168.0.1
Cyberoam in Bridge Mode
Users
Router
Network:192.168.0.x/24
FirewallINT IP: 192.168.0.1/24
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Reduces operational complexity and
deployment time
Minimizes errors and lowers administration
cost Enables the MSSPs to have different
personnel for managing different customer
deployments
Ease of use with view of multiple devices and
network status at a glance
Cyberoam Central Console - CCC
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Overview of Cyberoam’s Security Approach:
Who do you give access to: An IP Address or a User?
Whom do you wish to assign security policies:
Username or IP Addresses?
In case of an insider attempted breach, whom do you wish to
see: User Name or IP Address?
How do you create network address based policies in a DHCP
and a Wi-Fi network?
How do you create network address based policies for shared
desktops?
Cyberoam: Identity-based Security
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Cyberoam Credentials
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
“IDC believes that identity-based UTM represents the next generation in the burgeoning UTM marketplace. When enterprises realize the value of having identity as a full component of their UTM solution the increased internal security, protection against insidious and complex attacks,understanding individual network usage patterns, and compliance reporting - Cyberoam will benefit as the innovator.”
Source: Unified Threat Management Appliances and Identity-Based Security: The Next Level in Network Security, IDC Vendor Spotlight (2007)
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
2008 - Emerging Vendor of the Year
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Certifications
UTM Level 5
Anti-Virus Anti-Spyware Anti-Spam URL Filtering Firewall VPN IPS/IDP
Premium
ICSA Certified Firewall
VPNC Certified for Basic VPN & AES Interoperability
Cyberoam holds a unique & complete UTM certification
Certifications Applied
ICSA Certification for High Availability
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Enter
prise
SMB
“Fully loaded, with many great features”
“packs a more serious punch”
“can restrict or open internet access by bandwidth usage, surf time or data transfer”.
“console is well organized and intuitive to navigate”
“flexible and very powerful”
“this appliance is a good value for almost any size environment”.
Five Star Rated – Two Years Running
July 2007 – UTM Roundup
Cyberoam CR250i
March 2008 – UTM RoundupCyberoam CR1000i
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
“deserves credit for its flexible configuration options, extensive security, content filtering, and bandwidth management features. “
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
LORD OF THE NETWORKS
If there is no network security and discipline in small or large networks, the chaos may result with serious work and data loss.
Cyberoam CR25i, which was sent to our test center, is a good solution for networks.
This UTM (unified threat management) appliance has 100% control over the users in your network in addition to its firewall, package inspection and other similar features.
It prevents you from the threats of anti-viruses and other harmful softwares with built in Kaspersky solution.
It also provides you antispam feature.
In addition to its advanced security features, you can manage your network in terms of identity based bandwith management, application control, site visiting logs.
Normally you need a separate PC or similar device so as to record logs. But there is a hard disk of 80 GB in this appliance for this feature. (It was written 160 GB on original copy of the magazine by mistake.)
You can also visit the website www.cyberoam.com and inspect the online demo before buying the product.
RESULT
Cyberoam CR25i is a successful solution for security and network management especially for small business companies.
Other advantages:- Advanced features- Flexible licensing options- Free of charge service
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Product Excellence Award in the 3 categories: (2007)
Integrated Security Appliance Security Solution for
Education Unified Security
Tomorrow’s Technology Today 2007
2007 Finalist American Business Awards
2007 Finalist Network Middle East Award
Best Security Product Best SMB Networking Vendor
VAR Editor’s Choice for Best UTM (2007)
Finalist - 2008 Global Excellence in Network Security Solution
CRN – Emerging Tech Vendors 2007
Awards
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
GLOBAL PRESENCE (Over 55 Countries)
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Partial Clientele
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Business alliances
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
Thank you!