facetime web 2.0

Enable and Secure the New Internet

CONFIDENTIAL

Capabilities

The Internet has Changed and getting more Complex(from text & file sharing to Unified Communications and Collaboration)

Net

wo

rk B

ehav

ior

IM

IMAggregators

Public IM

VoIP

WebConferencing

File Sharing Video

MultimediaText Chat

Eva

sive

Go

od

Anonymizers

UnifiedCommunication

s

Social Networking

CONFIDENTIAL

The Social Generation: Networking or Not Working

Survey conducted in May/June 2009 Focus on Web2.0 with emphasis on social networking Target: IT Professionals (Email, Social Networks) 1199 respondents

– 43% represented

organisations with greater

than 1000 employees

65% of respondents use Social Networking at least once or twice per week

Less than 15% don’t use it at all

Frequency of Social Networking Use

0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

<100 100-500 500-2500 2500+ All

Daily Weekly Monthly Never

CONFIDENTIAL

Key Findings – your biggest concern

Biggest concern is Information Leakage

Concern over use of Social Networking: None (0) to High (4)

2.00

2.20

2.40

2.60

2.80

3.00

3.20

3.40

3.60

<100 101-500 501-2,500 >2,500 All

Brand Reputation Productivity Malw are Information Leakage

CONFIDENTIAL

The Internet has Changed

Actual customer traffic history (~80 USGs)– Representing all Internet activity from over 100K end users

IT is underestimating application use by employees

CONFIDENTIAL

Social Networking at Work

39% log into Social Networks at least once a day But 13% never use sites such as Twitter, Facebook and

LinkedIn

Nearly 40% believe their employees are using Social Networking sites for between 1-5 hours/week

46% of respondents view Social Networking as having some business value.

73% view virtual worlds (such as Second Life) as having “no business value” – 58% feel same about IPTV and 45% about iTunes

CONFIDENTIAL

Concerns and Attitudes about Social Networking

It should only be allowed if it can be controlled (43%) It is critical to business (3%) It should be banned in the workplace (10%)

Benefits cited

1. Better employee communications2. Faster decision times due to collaboration3. Improved marketing communications4. Improved customer service and support5. Lead generation for sales6. Increased productivity7. More efficient recruiting8. Effective analyst relations

CONFIDENTIAL

These Applications are Highly Evasive

IM Sessions

P2P Sessions

• 13 unique networks• 25,000+ connections• 19GB of Traffic

• 9 applications• Nearly 10,000 sessions• 20 GB of Traffic• Proxy bypass apps

Goal: Enable ubiquitous access to create a positive end-user experience

–Port HoppingYahoo runs over port 23 when the native port is blocked

–Port/Protocol TunnelingMSN/Yahoo/AIM over HTTP, WebEx, etc.

–P2P/Onion RoutingMSN Peer to Peer for file sharing, Skype/TOR use Onion Routing

–EncryptionSkype, GoogleTalk, AIM Pro encrypt their payload contents

–Random Session BehaviorSkype

CONFIDENTIAL

Which Present Significant Risks When Unmanaged

Information LeakageIncreasingly Complex

Viruses, Malware, SPIM

Inappropriate Content

Commercially Motivated

Viruses, Malware, SPIM

Inappropriate Content

Commercially Motivated

Intellectual Property

Credit Card #, Personal Data,

Social Security / NI #

Intellectual Property

Credit Card #, Personal Data,

Social Security / NI #

Employee Productivity

Corporate AUP

SEC 17a, FSA, HIPAA,

SOX, GLBA, NASD, MiFiD

Corporate AUP

SEC 17a, FSA, HIPAA,

SOX, GLBA, NASD, MiFiD

Compliance and eDiscovery

Bandwidth Explosion / Cost

CONFIDENTIAL

Key Requirements for Securing the New Internet

Visibility and control of all real-time applications

– Detect and control network evasive applications

– Web, IM, P2P, VoIP, social networks

Comprehensive malware protection against new threats

– Rootkits, worms, spyware, adware, botnets

– Automated updates and Day Zero capabilities

Web and URL filtering

– Monitor and control employee web use

High efficacy with minimal latency

“URL Filtering will be cannibalized by a broader

Secure Web Gateway Market.”- Peter Firstbrook, Gartner, July 2008

“FaceTime is an outstanding choice for organizations looking for fine-grained Web communication application controls”

CONFIDENTIAL

Unified Communications Today – Heterogeneous Silos

Workspace Client IM Client Email Client VoIP Client Conf Client

Identity (Active Directory)

Presence

Policy

Reporting

Presence

Policy

Reporting

Presence

Policy

Reporting

Presence

Policy

Reporting

Presence

Policy

Reporting

Ad-hoc

CONFIDENTIAL

FaceTime’s Vision of Unified Communications

Security

Presence, Identity &

Federation

Policy &Management

Reporting

Compliance

CONFIDENTIAL

Regulatory Compliance– NASD, SEC, FERC regulations mandate archiving and review of

all communications– PCI, HIPAA regulations mandate tight control over confidential

information eDiscovery

– allows all ESI to be discoverable in courts Information Control

– Control information flows across myriad channels such as IM, P2P, Web 2.0

– Enforce communication boundaries in contact centers, on trading desks, etc.

Security– Block malware and SpIM especially across multiple channels and

federation boundaries

“Must-Have” Requirements for UC and Web 2.0

CONFIDENTIAL

Key Requirements for Secure Web Gateway

Application Control

– Granular, policy-based control of applications, such as IM, P2P, public voice over IP (VoIP),

blogs, data-sharing portals, Web conferencing, chat, etc.

– Selectively block or manage features of applications based on numerous policy parameters

and the presence of pre-developed policies to simplify deployment.

URL Filtering

– Databases of known Web sites categorized into groups to enforce acceptable usage and

productivity and to reduce security risks.

Malware Filtering

– Filtering malware from all aspects of inbound and outbound Web traffic using signature-

based malware filtering and non-signature-based techniques as well as the range of

inspected protocols, ports and traffic types.

End-point management

– Identification of infected PCs and the infection by name and enable prioritized remediation

Manageability/Scalability

– Mature management interface, consolidated monitoring and reporting capability, and role-

based administration capability.Source: Gartner Secure Web Gateway Magic Quadrant, June 2007

CONFIDENTIAL

Level 10:

Extremely dangerous

Unified Security Gateway - Secure & Enable the New Internet

Unified CommsWeb 2.0 URLFiltering

Management and Reporting

Application Control Engine

EnablementVisibility, Application Control & Enforcement

MalwareSocialNets

Over 2000 Applications

IMP2P

StreamingSocial

Networking.

GatewayPrevention

GatewayDetection

Enterprise class URL database

CONFIDENTIAL

Pass-by Deployment Ensures Zero Latency

Unified Security GatewayUnified Security Gateway

End Users Egress Switch

Internet

LDAP/ADAnti-Virus

Archiving

Web Filtering & Anti-malware Application Control (>2,000 apps) Social Networking Control UC Enablement: Sec, Mgmt & Compliance Granular Policy Control:

– By User / Group – Time of Day– Time Quota– Bandwidth

CONFIDENTIAL Pg. 17

USG Architecture – Security and Enablement

Physical Port Security/Flexibility

-SSH Access-Dedicated Mgmt/Proxy port services- 2/3 Port Options

Hardened FT OS-Cent OS-Locked down services-Common Scripting Attack tested

State-of-the-art Application Inspection

IM P2P Malware Web-High Fidelity Greynet Enforcement and Enablement-Signature/Behavior based analysis- Control Clear or Encrypted traffic-Day Zero, SpIM, Content Filtering

Hierarchical User/Group Policy

-User/Group level policies with inheritance-User Authentication-LDAP integration with auto-synchronization

CONFIDENTIAL

The USG Family – Small Business to Large Enterprise

USG1030

USG220

USG320

USG530

Performance

250 1,000 5,000MaxUsers

Corporate Headquarters

Max Throughput 100Mbps 200Mbps 400Mbps

10,000

600Mbps

Small Business & Remote Offices

CONFIDENTIAL

FaceTime’s Mission

Block worms, viruses, spIM, malware Protect intellectual property

SecuritySecurity

Complete visibility over network traffic Apply powerful and granular policies

Visibility & Control

Visibility & Control

Tamper-proof archiving and auditing Detect and prevent data leakage

ComplianceCompliance

Help businesses realize the benefits ofThe New Internet by delivering enterprise solutions

that provide Unified Security, Management and Compliance across the broadest set of

applications and modalities.

CONFIDENTIAL

About FaceTime Communications

Focus: Secure and Enable the New Internet

– Longest track record in securing Internet apps such as IM, P2P

– Ranked No.1 in IM Security for 5 consecutive years by IDC

– Partner with Microsoft, IBM, Skype, MSN, AOL, Google, Yahoo

– Visionary in Gartner Web Security Quadrant Global operations

– USA, EMEA, India, Asia Pacific Supporting major global enterprises

– 9 of the top 10 US banks

– More than 5m managed users in over 1,500 organizations Natural progression to Web 2.0 applications

– From IM & P2P to social networking, microblogging etc. FaceTime Security Labs

– 8 years experience in real-time applications research

– Widest coverage available for Internet applications

CONFIDENTIAL

FaceTime is Mission Critical for Today’s Enterprises

Financial Services &Insurance

Manufacturing &Consumer

Technology &Telecommunications

Over 1,500 customers and 7+ Million seats deployed

Energy & Healthcare

Thank you.

CONFIDENTIAL

Real Time Communications Applications – Masters of Evasive Techniques

Goal: Enable ubiquitous access to create a positive end-user experience Methods (exhibited by most real-time applications):

– Port Hopping Exhibit a non-deterministic behavior by altering application port usage Bypass access-control policies that look for applications on “well-known” ports Examples: Yahoo runs over port 23 when the native port is blocked

– Port/Protocol Tunneling Masquerade IM/P2P traffic over common protocols such as HTTP, FTP Examples: MSN/Yahoo/AIM over HTTP, WebEX, etc.

– P2P/Onion Routing Enables pseudonymous (or anonymous) communication Messages travel from source to destination via a sequence of proxies ("onion

routers"), which re-route encrypted messages in an unpredictable path Examples: MSN Peer to Peer for file sharing, Skype/TOR use Onion Routing

– Encryption Prevents content visibility and control Examples: Skype, GoogleTalk, AIM Pro encrypt their payload contents

– Random Session Behavior Alters anticipated session content information such as payload/packet size/rate Examples: Skype

CONFIDENTIAL

USG: Purpose-built for the New Internet

Packet Assembly

IdentificationInspection Enablement

Granular Policy

Control

Application Activity

Identifier

Signature AnalysisBehavioral Analysis

Port/Protocol Analysis

Application Control Engine™

Application Identification

Uses well-defined

port/ protocol

for IM

Application ActivityUser traffic

For User: Joe in Sales

Allow only native MSN &

within IM allow only

PDF file transfers after AV scanning

However, uses P2P protocol for file

transfer within IM

Policy Enforcement & Logging

CONFIDENTIAL

USG: Management, Security & Compliance For Greynets

Web Filtering•Support for 3 URL databases•Integration with AD & LDAP•Role Based Access Control

•Policies at global, group, user levels

•Pre-defined and custom reports•Reporting and integration with 3rd party reporting apps

Malware Control•Day Zero worm blocking•Enhanced SPIM blocking and challenge/response capabilities•Real-time content leakage prevention•Targeted remediation of infected endpoints•AV scanning of file transfers•Standardization on EIM/UC

Archival & Compliance• Selective or global archival of messages and

files in database• Full Capture of Meta Data and Rich Text• Full binary message capture• Message anti-tampering checksums• Easy identification and retrieval of specific IM

conversations• Strict archiving into email/WORM storage• Rich reporting and workflow, including audit

reports

Web Filtering

Malware Control

Application Control

Archival & Compliance

Application Control•Support for 600+ greynet applications•Management of OCS & Sametime•Granular controls for Skype•Integration with AD & LDAP•Role Based Access Control

•Policies at global, group, user levels

•Group level ethical boundaries•File transfer restrictions

CONFIDENTIAL

USG: Optimized For Skype

Packet Assembly



Port hoppingRandom session

behavior


For User: John in

MarketingAllow Skype

only for users in

marketing group

Granular Policy

Control


Identifier



Identify users


Greynet Dissector

CONFIDENTIAL

USG: Optimized For Greynets – Public IM


Uses well-defined

port/ protocol

for IM


For User: Joe in Sales

Allow only native MSN &

within IM allow only PDF file

transfers after AV scanning

However, uses P2P

protocol for file transfer

within IM


Packet Assembly


Granular Policy

Control


Identifier



Greynet Dissector

CONFIDENTIAL

Granular Policy and Reporting

Enhanced Policy Framework– Policy Objects

Create a policy once, apply it many times to Groups/Employees– Time of Day Policies

Block all IM, P2P and Web access for the “Entertainment” and “Sports” categories except during lunch hours from Monday to Friday

– Time based User Quotas Allow access to Proxy IM, and Web traffic for only X hours per

week– Bandwidth based User Quotas

Allow access to Passby IM, P2P, Greynet and Web traffic as long as traffic is within the bounds specified by IT

Enhanced reporting – Browse time reports for URL Filtering– Sorting reports by Hits and Byte Counts– Central Aggregation of reporting data from multiple geo-diverse

USGs

CONFIDENTIAL

Example Policies for Internet Apps

Application / PolicyAllow/Block Groups Content Control Time of Day Quota Max Bandwidth

MSN Allow ALL AV, ILP, Logging ALL ALL ALL

GoogleTalk Allow LEGAL AV, ILP, Logging 8am - 6pm All ALL

All other IM Block NONE N/A N/A N/A N/A

Skype Allow SALES N/A ALL ALL 1%

BitTorrent Allow IT N/A ALL 4 hours 2%

All other P2P Block NONE N/A N/A N/A N/A

IPTV Block NONE N/A N/A N/A N/A

Anonymisers Block NONE N/A N/A N/A N/A

Webex Allow ALL N/A 8am - 6pm 4 hours 2%

All other Web Conf Block NONE N/A N/A N/A N/A

CONFIDENTIAL

Unified Security Gateway

P2P

LAN/WANLAN/WAN PerimeterPerimeter InternetInternet

Unified Security Gateway Deployment Topology

LDAPWORMArchive

PoliciesAudit

DMZEgressSwitch

Public IM!

FaceTimeSecurity Labs

Spyware/Adware

UnauthorizedPublic IM

VoIP http://badurl.com/

NetworkNetwork

• Block Unauthorized IM/P2P• Gateway Malware Prevention• Web Filtering• IM Security & Compliance• User Policy Enforcement• Logging & Auditing

GreynetDatabase

• Greynet Protocols• Malware Signatures• Auto Updates of

Greynets Database

Enterprise IM