facetime web 2.0
DESCRIPTION
TRANSCRIPT
Enable and Secure the New Internet
CONFIDENTIAL
Capabilities
The Internet has Changed and getting more Complex(from text & file sharing to Unified Communications and Collaboration)
Net
wo
rk B
ehav
ior
IM
IMAggregators
Public IM
VoIP
WebConferencing
File Sharing Video
MultimediaText Chat
Eva
sive
Go
od
Anonymizers
UnifiedCommunication
s
Social Networking
CONFIDENTIAL
The Social Generation: Networking or Not Working
Survey conducted in May/June 2009 Focus on Web2.0 with emphasis on social networking Target: IT Professionals (Email, Social Networks) 1199 respondents
– 43% represented
organisations with greater
than 1000 employees
65% of respondents use Social Networking at least once or twice per week
Less than 15% don’t use it at all
Frequency of Social Networking Use
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
<100 100-500 500-2500 2500+ All
Daily Weekly Monthly Never
CONFIDENTIAL
Key Findings – your biggest concern
Biggest concern is Information Leakage
Concern over use of Social Networking: None (0) to High (4)
2.00
2.20
2.40
2.60
2.80
3.00
3.20
3.40
3.60
<100 101-500 501-2,500 >2,500 All
Brand Reputation Productivity Malw are Information Leakage
CONFIDENTIAL
The Internet has Changed
Actual customer traffic history (~80 USGs)– Representing all Internet activity from over 100K end users
IT is underestimating application use by employees
CONFIDENTIAL
Social Networking at Work
39% log into Social Networks at least once a day But 13% never use sites such as Twitter, Facebook and
Nearly 40% believe their employees are using Social Networking sites for between 1-5 hours/week
46% of respondents view Social Networking as having some business value.
73% view virtual worlds (such as Second Life) as having “no business value” – 58% feel same about IPTV and 45% about iTunes
CONFIDENTIAL
Concerns and Attitudes about Social Networking
It should only be allowed if it can be controlled (43%) It is critical to business (3%) It should be banned in the workplace (10%)
Benefits cited
1. Better employee communications2. Faster decision times due to collaboration3. Improved marketing communications4. Improved customer service and support5. Lead generation for sales6. Increased productivity7. More efficient recruiting8. Effective analyst relations
CONFIDENTIAL
These Applications are Highly Evasive
IM Sessions
P2P Sessions
• 13 unique networks• 25,000+ connections• 19GB of Traffic
• 9 applications• Nearly 10,000 sessions• 20 GB of Traffic• Proxy bypass apps
Goal: Enable ubiquitous access to create a positive end-user experience
–Port HoppingYahoo runs over port 23 when the native port is blocked
–Port/Protocol TunnelingMSN/Yahoo/AIM over HTTP, WebEx, etc.
–P2P/Onion RoutingMSN Peer to Peer for file sharing, Skype/TOR use Onion Routing
–EncryptionSkype, GoogleTalk, AIM Pro encrypt their payload contents
–Random Session BehaviorSkype
CONFIDENTIAL
Which Present Significant Risks When Unmanaged
Information LeakageIncreasingly Complex
Viruses, Malware, SPIM
Inappropriate Content
Commercially Motivated
Viruses, Malware, SPIM
Inappropriate Content
Commercially Motivated
Intellectual Property
Credit Card #, Personal Data,
Social Security / NI #
Intellectual Property
Credit Card #, Personal Data,
Social Security / NI #
Employee Productivity
Corporate AUP
SEC 17a, FSA, HIPAA,
SOX, GLBA, NASD, MiFiD
Corporate AUP
SEC 17a, FSA, HIPAA,
SOX, GLBA, NASD, MiFiD
Compliance and eDiscovery
Bandwidth Explosion / Cost
CONFIDENTIAL
Key Requirements for Securing the New Internet
Visibility and control of all real-time applications
– Detect and control network evasive applications
– Web, IM, P2P, VoIP, social networks
Comprehensive malware protection against new threats
– Rootkits, worms, spyware, adware, botnets
– Automated updates and Day Zero capabilities
Web and URL filtering
– Monitor and control employee web use
High efficacy with minimal latency
“URL Filtering will be cannibalized by a broader
Secure Web Gateway Market.”- Peter Firstbrook, Gartner, July 2008
“FaceTime is an outstanding choice for organizations looking for fine-grained Web communication application controls”
CONFIDENTIAL
Unified Communications Today – Heterogeneous Silos
Workspace Client IM Client Email Client VoIP Client Conf Client
Identity (Active Directory)
Presence
Policy
Reporting
Presence
Policy
Reporting
Presence
Policy
Reporting
Presence
Policy
Reporting
Presence
Policy
Reporting
Ad-hoc
CONFIDENTIAL
FaceTime’s Vision of Unified Communications
Security
Presence, Identity &
Federation
Policy &Management
Reporting
Compliance
CONFIDENTIAL
Regulatory Compliance– NASD, SEC, FERC regulations mandate archiving and review of
all communications– PCI, HIPAA regulations mandate tight control over confidential
information eDiscovery
– allows all ESI to be discoverable in courts Information Control
– Control information flows across myriad channels such as IM, P2P, Web 2.0
– Enforce communication boundaries in contact centers, on trading desks, etc.
Security– Block malware and SpIM especially across multiple channels and
federation boundaries
“Must-Have” Requirements for UC and Web 2.0
CONFIDENTIAL
Key Requirements for Secure Web Gateway
Application Control
– Granular, policy-based control of applications, such as IM, P2P, public voice over IP (VoIP),
blogs, data-sharing portals, Web conferencing, chat, etc.
– Selectively block or manage features of applications based on numerous policy parameters
and the presence of pre-developed policies to simplify deployment.
URL Filtering
– Databases of known Web sites categorized into groups to enforce acceptable usage and
productivity and to reduce security risks.
Malware Filtering
– Filtering malware from all aspects of inbound and outbound Web traffic using signature-
based malware filtering and non-signature-based techniques as well as the range of
inspected protocols, ports and traffic types.
End-point management
– Identification of infected PCs and the infection by name and enable prioritized remediation
Manageability/Scalability
– Mature management interface, consolidated monitoring and reporting capability, and role-
based administration capability.Source: Gartner Secure Web Gateway Magic Quadrant, June 2007
CONFIDENTIAL
Level 10:
Extremely dangerous
Unified Security Gateway - Secure & Enable the New Internet
Unified CommsWeb 2.0 URLFiltering
Management and Reporting
Application Control Engine
EnablementVisibility, Application Control & Enforcement
MalwareSocialNets
Over 2000 Applications
IMP2P
StreamingSocial
Networking.
GatewayPrevention
GatewayDetection
Enterprise class URL database
CONFIDENTIAL
Pass-by Deployment Ensures Zero Latency
Unified Security GatewayUnified Security Gateway
End Users Egress Switch
Internet
LDAP/ADAnti-Virus
Archiving
Web Filtering & Anti-malware Application Control (>2,000 apps) Social Networking Control UC Enablement: Sec, Mgmt & Compliance Granular Policy Control:
– By User / Group – Time of Day– Time Quota– Bandwidth
CONFIDENTIAL Pg. 17
USG Architecture – Security and Enablement
Physical Port Security/Flexibility
-SSH Access-Dedicated Mgmt/Proxy port services- 2/3 Port Options
Hardened FT OS-Cent OS-Locked down services-Common Scripting Attack tested
State-of-the-art Application Inspection
IM P2P Malware Web-High Fidelity Greynet Enforcement and Enablement-Signature/Behavior based analysis- Control Clear or Encrypted traffic-Day Zero, SpIM, Content Filtering
Hierarchical User/Group Policy
-User/Group level policies with inheritance-User Authentication-LDAP integration with auto-synchronization
CONFIDENTIAL
The USG Family – Small Business to Large Enterprise
USG1030
USG220
USG320
USG530
Performance
250 1,000 5,000MaxUsers
Corporate Headquarters
Max Throughput 100Mbps 200Mbps 400Mbps
10,000
600Mbps
Small Business & Remote Offices
CONFIDENTIAL
FaceTime’s Mission
Block worms, viruses, spIM, malware Protect intellectual property
SecuritySecurity
Complete visibility over network traffic Apply powerful and granular policies
Visibility & Control
Visibility & Control
Tamper-proof archiving and auditing Detect and prevent data leakage
ComplianceCompliance
Help businesses realize the benefits ofThe New Internet by delivering enterprise solutions
that provide Unified Security, Management and Compliance across the broadest set of
applications and modalities.
CONFIDENTIAL
About FaceTime Communications
Focus: Secure and Enable the New Internet
– Longest track record in securing Internet apps such as IM, P2P
– Ranked No.1 in IM Security for 5 consecutive years by IDC
– Partner with Microsoft, IBM, Skype, MSN, AOL, Google, Yahoo
– Visionary in Gartner Web Security Quadrant Global operations
– USA, EMEA, India, Asia Pacific Supporting major global enterprises
– 9 of the top 10 US banks
– More than 5m managed users in over 1,500 organizations Natural progression to Web 2.0 applications
– From IM & P2P to social networking, microblogging etc. FaceTime Security Labs
– 8 years experience in real-time applications research
– Widest coverage available for Internet applications
CONFIDENTIAL
FaceTime is Mission Critical for Today’s Enterprises
Financial Services &Insurance
Manufacturing &Consumer
Technology &Telecommunications
Over 1,500 customers and 7+ Million seats deployed
Energy & Healthcare
Thank you.
CONFIDENTIAL
Real Time Communications Applications – Masters of Evasive Techniques
Goal: Enable ubiquitous access to create a positive end-user experience Methods (exhibited by most real-time applications):
– Port Hopping Exhibit a non-deterministic behavior by altering application port usage Bypass access-control policies that look for applications on “well-known” ports Examples: Yahoo runs over port 23 when the native port is blocked
– Port/Protocol Tunneling Masquerade IM/P2P traffic over common protocols such as HTTP, FTP Examples: MSN/Yahoo/AIM over HTTP, WebEX, etc.
– P2P/Onion Routing Enables pseudonymous (or anonymous) communication Messages travel from source to destination via a sequence of proxies ("onion
routers"), which re-route encrypted messages in an unpredictable path Examples: MSN Peer to Peer for file sharing, Skype/TOR use Onion Routing
– Encryption Prevents content visibility and control Examples: Skype, GoogleTalk, AIM Pro encrypt their payload contents
– Random Session Behavior Alters anticipated session content information such as payload/packet size/rate Examples: Skype
CONFIDENTIAL
USG: Purpose-built for the New Internet
Packet Assembly
IdentificationInspection Enablement
Granular Policy
Control
Application Activity
Identifier
Signature AnalysisBehavioral Analysis
Port/Protocol Analysis
Application Control Engine™
Application Identification
Uses well-defined
port/ protocol
for IM
Application ActivityUser traffic
For User: Joe in Sales
Allow only native MSN &
within IM allow only
PDF file transfers after AV scanning
However, uses P2P protocol for file
transfer within IM
Policy Enforcement & Logging
CONFIDENTIAL
USG: Management, Security & Compliance For Greynets
Web Filtering•Support for 3 URL databases•Integration with AD & LDAP•Role Based Access Control
•Policies at global, group, user levels
•Pre-defined and custom reports•Reporting and integration with 3rd party reporting apps
Malware Control•Day Zero worm blocking•Enhanced SPIM blocking and challenge/response capabilities•Real-time content leakage prevention•Targeted remediation of infected endpoints•AV scanning of file transfers•Standardization on EIM/UC
Archival & Compliance• Selective or global archival of messages and
files in database• Full Capture of Meta Data and Rich Text• Full binary message capture• Message anti-tampering checksums• Easy identification and retrieval of specific IM
conversations• Strict archiving into email/WORM storage• Rich reporting and workflow, including audit
reports
Web Filtering
Malware Control
Application Control
Archival & Compliance
Application Control•Support for 600+ greynet applications•Management of OCS & Sametime•Granular controls for Skype•Integration with AD & LDAP•Role Based Access Control
•Policies at global, group, user levels
•Group level ethical boundaries•File transfer restrictions
CONFIDENTIAL
USG: Optimized For Skype
Packet Assembly
IdentificationInspection Enablement
Application Identification
Port hoppingRandom session
behavior
Application ActivityUser traffic
For User: John in
MarketingAllow Skype
only for users in
marketing group
Granular Policy
Control
Application Activity
Identifier
Signature AnalysisBehavioral Analysis
Port/Protocol Analysis
Identify users
Policy Enforcement & Logging
Greynet Dissector
CONFIDENTIAL
USG: Optimized For Greynets – Public IM
Application Identification
Uses well-defined
port/ protocol
for IM
Application ActivityUser traffic
For User: Joe in Sales
Allow only native MSN &
within IM allow only PDF file
transfers after AV scanning
However, uses P2P
protocol for file transfer
within IM
Policy Enforcement & Logging
Packet Assembly
IdentificationInspection Enablement
Granular Policy
Control
Application Activity
Identifier
Signature AnalysisBehavioral Analysis
Port/Protocol Analysis
Greynet Dissector
CONFIDENTIAL
Granular Policy and Reporting
Enhanced Policy Framework– Policy Objects
Create a policy once, apply it many times to Groups/Employees– Time of Day Policies
Block all IM, P2P and Web access for the “Entertainment” and “Sports” categories except during lunch hours from Monday to Friday
– Time based User Quotas Allow access to Proxy IM, and Web traffic for only X hours per
week– Bandwidth based User Quotas
Allow access to Passby IM, P2P, Greynet and Web traffic as long as traffic is within the bounds specified by IT
Enhanced reporting – Browse time reports for URL Filtering– Sorting reports by Hits and Byte Counts– Central Aggregation of reporting data from multiple geo-diverse
USGs
CONFIDENTIAL
Example Policies for Internet Apps
Application / PolicyAllow/Block Groups Content Control Time of Day Quota Max Bandwidth
MSN Allow ALL AV, ILP, Logging ALL ALL ALL
GoogleTalk Allow LEGAL AV, ILP, Logging 8am - 6pm All ALL
All other IM Block NONE N/A N/A N/A N/A
Skype Allow SALES N/A ALL ALL 1%
BitTorrent Allow IT N/A ALL 4 hours 2%
All other P2P Block NONE N/A N/A N/A N/A
IPTV Block NONE N/A N/A N/A N/A
Anonymisers Block NONE N/A N/A N/A N/A
Webex Allow ALL N/A 8am - 6pm 4 hours 2%
All other Web Conf Block NONE N/A N/A N/A N/A
CONFIDENTIAL
Unified Security Gateway
P2P
LAN/WANLAN/WAN PerimeterPerimeter InternetInternet
Unified Security Gateway Deployment Topology
LDAPWORMArchive
PoliciesAudit
DMZEgressSwitch
Public IM!
FaceTimeSecurity Labs
Spyware/Adware
UnauthorizedPublic IM
VoIP http://badurl.com/
NetworkNetwork
• Block Unauthorized IM/P2P• Gateway Malware Prevention• Web Filtering• IM Security & Compliance• User Policy Enforcement• Logging & Auditing
GreynetDatabase
• Greynet Protocols• Malware Signatures• Auto Updates of
Greynets Database
Enterprise IM