umbrella for msps: cloud security via n-able
DESCRIPTION
Last week, at N-Able's Global Partner Summit, our Sr. Product Manager for MSPs,Dima Kumets, had a great session on "Cloud Security via N-able". During the presentation, he discussed how easy it was to deploy and monitor OpenDNS Umbrella for MSPs in N-able's Automation Manager. If you missed out on his awesome discussion, here is a recap.TRANSCRIPT
Umbrella Con!dential
1_Title (1) UMBRELLA FOR MSPs: Cloud Security via N-Able Dima Kumets MSP Product Manager
#2
1_Light Title Only
#2 ! 29-Oct-13 ! Umbrella Con!dential
ASIA-PACIFIC
EUROPE, MIDDLE EAST & AFRICA
AMERICAS
COMPANY BACKGROUND
! 50M+ ACTIVE USERS DAILY ! 19 DATA CENTER LOCATIONS ! ZERO DOWNTIME, SINCE 2006
! 50B+ REQUESTS DAILY ! 160+ COUNTRIES W/USERS ! ZERO NET NEW LATENCY
GLOBAL SECURITY NETWORK 208.67.220.220 208.67.222.222
#3
1_Light Title Only
#3 ! 29-Oct-13 ! Umbrella Con!dential
CLOUD SECURITY SERVICE
PARTNERING WITH
TO MAKE DEPLOYMENT FAST AND SEAMLESS
#4
CHANGING THREAT LANDSCAPE
VELOCITY & PACE
#5 #5 ! 29-Oct-13 ! Umbrella Con!dential
TODAY
MALWARE HAS EXPLODED ! PROFIT MOTIVE + LIQUIDITY
CYBERCRIME AS A SERVICE
! DISTRIBUTED CRIMINAL ORGANIZATIONS ! SPECIALIZED TALENT ! MORE EFFICIENT + MORE DANGEROUS
#6 #6 ! 29-Oct-13 ! Umbrella Con!dential
DISTRIBUTION VECTORS
#7 #7 ! 29-Oct-13 ! Umbrella Con!dential
DIY EXPLOIT KITS
DO-IT-YOURSELF EXPLOIT KITS ! PRE-PACKAGED SCRIPTS ! NO “HACKER” SKILLS NECESSARY
! USES MANY ATTACK VECTORS TO INSTALL MALWARE
! EMBED ON A WEBSITE – EASY TO USE ! RESULT
! EXPANDS CYBERCRIME TO TRADITIONAL CRIMINAL ORGANIZATIONS
! BIGGER PROFIT FOR BLACK-HAT HACKERS ! $200-$20,000
#8
1_Light Title Only
#8 ! 29-Oct-13 ! Umbrella Con!dential
DIY EXPLOIT KIT
#9
1_Light Title Only
#9 ! 29-Oct-13 ! Umbrella Con!dential
DIY EXPLOIT KIT
#10
1_Light Title Only
#10 ! 29-Oct-13 ! Umbrella Con!dential
EXPLOIT KIT REPORTING!
#11 #11 ! 29-Oct-13 ! Umbrella Con!dential
DISTRIBUTION VECTORS
! ACTIVE/WIDE NET ! MALVERTISING ! SPAM
! TARGETED ! SPEARPHISHING ! WATERING HOLE ATTACKS
! EMERGING ! MOBILE THREATS ! SMiShing (SMS PHISHING)
#12 #12 ! 29-Oct-13 ! Umbrella Con!dential
MALWARE PAYLOAD
#13 #13 ! 29-Oct-13 ! Umbrella Con!dential
UNWITTING PARTICIPATION IN EXTORTION
DDOS BOTS
#14 #14 ! 29-Oct-13 ! Umbrella Con!dential
MALWARE RUINS EMAIL REPUATION
SPAMBOTS
#15 #15 ! 29-Oct-13 ! Umbrella Con!dential
MALWARE SEIZES COMPUTERS
FAKE ANTI-VIRUS
#16 #16 ! 29-Oct-13 ! Umbrella Con!dential
MALWARE HAS BECOME MORE DANGEROUS
RANSOMWARE
#17 #17 ! 29-Oct-13 ! Umbrella Con!dential
MALWARE CAN DESTROY SMBs
KEYLOGGERS AND BACKDOORS
#18 #18 ! 29-Oct-13 ! Umbrella Con!dential
ATTACKS INCREASINGLY TARGET SMBs UNDER 250 USERS
PROPORTION OF BREACHES BY ORG SIZE
15x
1x ORGS WITH 11-100 EMPLOYEES
ORGS WITH <11 or >100 EMPLOYEES
TARGETED ATTACKS AGAINST SMBS
36%
18%
2011 JUNE 2012
HAVE NO FORMAL WRITTEN INTERNET SECURITY POLICY FOR EMPLOYEES
HAVE NO INFORMAL INTERNET SECURITY POLICY FOR EMPLOYEES
THINK THEIR COMPANY IS SAFE FROM HACKERS, VIRUSES AND MALWARE
83%
77%
69%
SMBs NEED MANAGED ENTERPRISE-GRADE
SECURITY
#19 #19 ! 29-Oct-13 ! Umbrella Con!dential
HOW DO YOU PROTECT CUSTOMERS?
ANTI-VIRUS IS JUST
A SINGLE LAYER
IN A DEFENSE IN DEPTH STRATEGY “SIGNATURE-BASED TOOLS (AV, FW & IPS) ARE ONLY EFFECTIVE AGAINST 30-50% OF CURRENT SECURITY THREATS”
“CLOUD-BASED PROVIDERS SHOULD HAVE BETTER REAL-TIME TELEMETRY OF GLOBAL EVENTS AND THE ABILITY TO RESPOND TO THESE EVENTS RAPIDLY BY MODIFYING THE SOLUTION.”
#20
CLOUD SECURITY TO REDUCE
COMPLEXITY, TIME AND COST
#21
1_Light Title Only
#21 ! 29-Oct-13 ! Umbrella Con!dential
FOR MSPs
introducing…
#22 #22 ! 29-Oct-13 ! Umbrella Con!dential
ALLOWING AN MSP TO
Decrease Costs
50%-90% reduction in malware clean up time
Improve
Retention Improved customer uptime and value
reports
Increase Revenue
Per-user Web Filter as a value added
service
#23 #23 ! 29-Oct-13 ! Umbrella Con!dential
EASY TO DO BUSINESS WITH
VOLUME PRICING
MONTHLY BILLING
MULTI-TENANT DASHBOARD
MANAGE SEATS ON-DEMAND
BUSINESS PRACTICES ALIGNED WITH MONTHLY
RECURRING REVENUE MODELS
#24 #24 ! 29-Oct-13 ! Umbrella Con!dential
Improve
Retention Improved customer uptime and value
reports
HOW DO WE HELP MSPs TO
Increase Revenue
Per-user Web Filter as a value added
service
Decrease Costs
50%-80% reduction in malware clean up time
#25 #25 ! 29-Oct-13 ! Umbrella Con!dential
INFECTED DEVICES IMPACT MSP MARGINS
YOUR ENGINEER’S
TIME
CLIENTS’ EMPLOYEE DOWNTIME
MALWARE COSTS
#26
1_Light Title Only
#26 ! 29-Oct-13 ! Umbrella Con!dential
DECREASE MALWARE CLEAN UP EXPENSES
BLOCKS PHISHING ATTEMPTS & INAPPROPRIATE USAGE
PREVENTS MALWARE
CONTAINS BOTNETS
WEB
WEB (PORTS ???)
WEB & NON-WEB
ANY APP
ANY PROTOCOL
ANY PORT
! THE INTERNET YOUR CUSTOMERS" CLOUD SERVICE
WITH ZERO ADDED LATENCY
#27 #27 ! 29-Oct-13 ! Umbrella Con!dential
SECURE EVERYWHERE
! COVERAGE FOR WORKERS ON AND OFF THE NETWORK ! COVERAGE FOR BYOD AND UNMANAGED DEVICES
#28
1_Light Title Only
#28 ! 29-Oct-13 ! Umbrella Con!dential
UMBRELLA BY OPENDNS
80M+ REQUESTS TO ADVANCED MALWARE, BOTNET & PHISHING THREATS BLOCKED DAILY
NEW THREAT ORIGINS DISCOVERED OR PREDICTED DAILY 100K+
THE ONLY CLOUD-DELIVERED AND DNS-BASED WEB SECURITY SOLUTION
#29 #29 ! 29-Oct-13 ! Umbrella Con!dential
ANALYZING DATA TO EXTRACT ACTIONABLE SECURITY INFORMATION
#30 #30 ! 29-Oct-13 ! Umbrella Con!dential
! Goal: try to tell if a domain has been machine generated by malware ! Look at name: bigrams, trigrams, length, entropy, etc.
! Look at timing: concentrated DNS queries with short life spans (temporal progression)
! High level of activity at the time of domain generation -> fades over time
! Result: Predict if a domain is a botnet command and control server and block it.
! Bene!t: Malware is contained and doesn’t update or become part of a botnet
Instance 1 cso0vm2q6g86owao.thepohzi.su 5qloxxe.tohk5ja.cc k2s0euuz.oogagh.su Instance 2 v8ylm8e.thepohzi.su 2g24ar4vu8ay6.tohk5ja.cc d6vh5x1cic1yyz1i.oogagh.su Instance 3 t2250p29079m6oq8.thepohzi.su ngb0ef99.tohk5ja.cc nxdhetohak91794.oogagh.su
BIG DATA EXAMPLE – DGA ALGORITHM
#31 #31 ! 29-Oct-13 ! Umbrella Con!dential
LABS.UMBRELLA.COM http://labs.umbrella.com/2013/09/25/ripple-effect/
#32 #32 ! 29-Oct-13 ! Umbrella Con!dential
PREDICTING ADVANCED ATTACKS FROM HIGH-RISK SITES AND LOCATIONS: ! MALWARE HOSTS ! BOTNET CONTROLLERS ! PHISHING WEBSITES
#33 #33 ! 29-Oct-13 ! Umbrella Con!dential
Improve
Retention Improved customer uptime and value
reports
HOW DO WE HELP MSPs TO
Increase Revenue
Per-user Web Filter as a value added
service
Decrease Costs
50%-80% reduction in malware clean up time
#34 #34 ! 29-Oct-13 ! Umbrella Con!dential
PROFITABLE WEB FILTER
WEB FILTER AS A VALUE ADDED SERVICE ! 60 CATEGORIES ! GRANULAR WHITELIST/BLACKLIST ! CUSTOM BLOCK PAGE
FEATURES TO CHARGE A PREMIUM PRICE ! PER-COMPUTER POLICY ! BYOD AND GUEST FILTERING ! BLOCK PAGE BYPASS CODES
REPORTING AND MONITORING ! REAL-TIME ACTIVITY REPORT ! TOP DOMAINS/TOP CATEGORIES/TOP USERS ! SAVED REPORTS WITH EXPORT
#35 #35 ! 29-Oct-13 ! Umbrella Con!dential
PROFITABLE WEB FILTER
FAST AND EASY TO MANAGE ! SPEND LESS TIME MANAGING FILTERING
! EASY TO USE AND UNDERSTAND
! CENTRALIZED WEB DASHBOARD ! REMOTE MANAGEMENT ! ALL IN THE BACKGROUND
! MULTI-TENANT ! MULTIPLE CUSTOMER ORGANIZATIONS ! MSP ADMINS HAVE ACCESS TO ALL CUSTOMERS ! CUSTOMERS ARE ISOLATED TO THEIR OWN
ORGANIZATION
#36 #36 ! 29-Oct-13 ! Umbrella Con!dential
Improve
Retention Improved customer uptime and value
reports
HOW DO WE HELP MSPs TO
Increase Revenue
Per-user Web Filter as a value added
service
Decrease Costs
50%-80% reduction in malware clean up time
#37
1_Light Title Only
#37 ! 29-Oct-13 ! Umbrella Con!dential
IMPROVE RENEWALS AND RETENTION
IMPROVED UPTIME ! PROACTIVE SECURITY PROTECTION ! FEWER INFECTIONS = ALWAYS ON TECHNOLOGY
VALUE REPORTS ! INFECTIONS PREVENTED ! MALWARE CONTAINED ! PHISHING BLOCKED
VIRTUAL CIO ! ASSIST HR AND STAFFING DECISIONS ! ASSESS AND PLAN NETWORK USAGE
#38 #38 ! 29-Oct-13 ! Umbrella Con!dential
ENTERPRISE-CLASS MANAGEMENT WITHOUT THE ENTERPRISE COMPLEXITY
LIGHTWEIGHT AGENT WITH AUTOMATION POLICY TO DEPLOY
NETWORK-LEVEL PROVISIONING
(ALL DEVICES ON NETWORK INCLUDING BYOD AND UNMANAGED)
23.4.2.4/32 214.41.3.1/32 155.21.1.1/28
CLIENT-A:155.21.1.1/28 CLIENT-B: 214.41.3.1/32 CLIENT-C: 23.4.2.4/32
#39 #39 ! 29-Oct-13 ! Umbrella Con!dential
SUMMARY
CLOUD FIRST
! MULTI-TENANT console for reports and policy con!g.
! ON-DEMAND license re-allocation.
! IMMEDIATE network-level provisioning.
! RMM-compatible device provisioning.
! SECURITY WITHOUT APPLIANCES to reduce infected devices.
! VOLUME pricing for your entire license pool.
! MONTHLY billing to reduce OpEx while aligning with billing cycles.
! COVERAGE for all devices regardless of location.
! VISIBILITY into all network traf!c regardless of port or protocol.
! ACCURACY to prevent, contain and inform on the latest and most complex threats.
! SCALABILITY to meet all traf!c throughput without bottlenecks.
! RELIABILITY for 100% uptime, everywhere.
! LATENCY to enforce policies & protections is as fast as direct Internet connections.
#40 #40 ! 29-Oct-13 ! Umbrella Con!dential
THANK YOU! ANY QUESTIONS?...
FOR MORE INFORMATION
EMAIL US [email protected]
OR VISIT US AT
umbrella.com/msp
OR JUST TWEET @OPENDNS