cyberoam - unified threat management unified threat management cyberoam identity-based unified...

Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam

Identity-based Unified Threat Management

One Identity – One Security


Agenda

• Evolution of IT Security• Challenges of Unified Threat Management• Introduction to Cyberoam UTM• Cyberoam Product Walk-thru• Cyberoam Credentials Awards & Accreditations


Increase in Threats & its Total damage cost


• Basic security began with firewalls

• As threats increased, other solutions were introduced• Virus attacks rose in number and intensity

6 % business emails contained viruses – IBM That’s a staggering cost of $281-$304 per PC Email became more prevalent

• Spam rose

Average spam messages per day – 18.5

Time spent deleting them – 2.8 mintues.

Average time lost in a day – 51.8 mts

14 % spam recipients actually read spam

4 % buy products advertised by spam 21 % spam in Jan 2005 was porn

• Slammer fueled the need for Intrusion Detection & Prevention • High number of employees start accessing the Internet

• Connectivity to branches, partners and remote workers

But multiple solutions brought in their share of problems

25 % systems to be infected with spyware by this year– Forrester

65 % companies say they will invest in anti-spyware tools and upgrades

Phishing mails grew 5,000 % last year Pharming makes an entry

1 in 5 employees view online pornography at work

70 percent of adult websites are hit between 9 am and 5 pm

30-40 percent of employees' Internet activity is not business related

• Blended threats emerge to exploit extensive Internet usage

Slammer Hit on Saturday, January 25, 2003, 0030

Lost revenue spilled over halfway into the next week

Total cost of the bailout: more than $1 billion

Till today, no accountability has been established

Firewalls enjoyed a monopoly until the starting of the 21st century

Initial Firewalls were Stateless Firewalls which could not control the initiation of communication

Later Stateful became more prevalent

Evolution of Internet security solutions


Current Challenges due to Multiple Internet Security Solutions

• Higher purchase cost of Individual Appliances• Problems in handling multiple Maintenance & Subscription Contracts• Requirement of highly Technical man power to maintain Multiple Appliances & Solutions• Difficult for a single network admin to handle increasing complexity of LAN Networks • Excessive time taken to understand threat patterns with Individual Reports by Appliances• Inadequacy in handling new blended attacks

Need For Single Unified Appliance for all Internet Security Problems


UTM : Unified Threat Management

A solution to fight against multiple attacks and threats


A true UTM Appliance should have following features in single solution:

1. Firewall

2. VPN

3. Intrusion Prevention System

4. Gateway Level Anti-virus for Mails, Website, File Transfers

5. Gateway level Anti-spam

6. Content Identification & Filtering

7. Bandwidth Management for Applications & Services

8. Load Balancing & Failover Facilities

UTM

UTM

Unified threat management (UTM) refers to a comprehensive security product which integrates a range of security features into a single appliance.


Benefits of UTM Appliances

Reduced complexity

All-in-one approach simplifies product selection, integration and support

Easy to deploy

Customers, VARs, VADs, MSSPs can easily install and maintain the products

Remote Management

Remote sites may not have security professionals – requires plug-&-play appliance for

easy installation and management

Better Man Power Management

Reduction in dependency and number of high-end skilled Human resources

Managed Services

Security requirements & day to day operations can be outsourced to MSSPs


Lack of user Identity recognition and control Inadequate in handling threats that target the user – Phishing, Pharming

Unable to Identify source of Internal Threats Employee with malicious intent posed a serious internal threat Indiscriminate surfing exposes network to external threats 50 % of security problems originate from internal threats – Yankee Group Source of potentially dangerous internal threats remain anonymous

Unable to Handle Dynamic Environments Wi-Fi DHCP

Unable to Handle Blended Threats Threats arising out of internet activity done by internal members of organization External threats that use multiple methods to attack - Slammer

Lack of In-depth Features Sacrificed flexibility as UTM tried to fit in many features in single appliance. Inadequate Logging, reporting, lack of granular features in individual solutions

Challenges with Current UTM Products

Need for Identity based UTM…


Patent pending: Identity-based technology

User


Layer 8 Firewall (Patent-pending Technology)


Cyberoam is the only Identity-based Unified Threat Management appliance that provides integrated Internet security to enterprises and educational institutions through its unique granular user-based controls.

Cyberoam – Identity Based Security


CRi series for SOHO (Small Office-Home Office) & ROBO (Remote Office-Branch Office)

CR 25i

CRi series for Small to Medium Business

CR 50i CR 100i

CRi series for Medium Enterprises

CR 250iCR 500i

CRi series for Large Enterprises

CR 1000i CR 1500i

Cyberoam Appliances


Identity - based UTM


Cyberoam Product walk thru


Cyberoam Unified Threat Management Features

Cyberoam offers comprehensive threat protection with:

• Identity-based Firewall• VPN• Gateway Anti-Virus • Gateway Anti-Spam • Intrusion Prevention System• Content Filtering• Bandwidth Management • Multiple Link Management• On-Appliance Reporting


Normal Firewall

• Rule matching criteria - Source address

- Destination address - Service (port) - Schedule

• Action - Accept

- NAT - Drop - Reject

- Identity

Cyberoam - Identity Based UTM

• Unified Threat Controls (per Rule Matching Criteria) - IDP Policy - Internet Access Policy - Bandwidth Policy - Anti Virus & Anti Spam - Routing decision

• However, fails in DHCP, Wi-Fi environment


Identity-based Security

Identity vs. Authentication

Stateful Inspection Firewall

Centralized management for

multiple security features

Multiple zone security

Granular IM, P2P controls

Enterprise-Grade Security

All the security features can be

applied to each FW rule

Identity-based Firewall


Gateway Anti-Virus


Scans HTTP, FTP, SMTP, POP3, IMAP traffic on a combination of Source, Destination, Identity, Service and Schedule.

Self-service quarantine area

Identity-based HTTP virus reports

Updates every ½ hour

Spyware and other malware protection included

Blocks “Phishing” emails.

Gateway Anti- Virus Features


Gateway Anti-Spam


Spam filtering with (RPD) Recurrent Pattern Detection

technology

Virus Outbreak Detection (VOD) for zero hour

protection

Self-Service quarantine area

Content-agnostic

Change recipients of emails

Scans SMTP, POP3, IMAP traffic

Gateway Anti-Spam Features


Cyberoam’s Integration with Commtouch

Protects against Image-based Spam and spam in different languages

The spam catch rate of over 98%

0.007 false positives in spam

Local cache is effective for >70% of all spam resolution cases

RPD (Recurrent Pattern Detection)


Intrusion Prevention System (IPS)


Multiple and Custom IPS policies

Identity-based policies

Identity-based intrusion reporting

Ability to define multiple policies

Reveals User Identity in Internal Threats

scenario

IPS Features


Cyberoam’s Customizable IPS Policy


Identity-Based Content Filtering


Database of millions of sites in 82+ categories

Blocks phishing, pharming, spyware URLs

HTTP upload control

Ability to control & Block Applications such as P2P, Streaming,

Videos/Flash

Local Database for the content filter reduces latency and dependence

on network connectivity.

Customized blocked message to educate users about organizational

policies and reduce support calls

Web and Application Filtering Features


Identity Based Policies


Internet Access Policies for Individuals and Groups


Educate Users with Custom Denied Messages and Reduce Your Support Calls

James

http://www.screensaver.com

Dear Mark,

The web site you are trying to access is listed within the category SpywareandP2P

It can result in download of spyware and adware which result in popups. They are a threat to you and the enterprise and can slow the network down.

http://www.screensaver.comhttp://www.screensaver.com

Dear Mark,

The web site you are trying to access is listed within the category SpywareandP2P

It can result in download of spyware and adware which result in popups. They are a threat to you and the enterprise and can slow the network down.


Key Features

Pasted from <http://cyberoam.com/bandwidthmanagement.html>

Application and Identity-based bandwidth allocation

Committed and burstable bandwidth

Time-based, schedule-based bandwidth allocation

Restrict Bandwidth usage to a combination of source, destination and

service/service group

Identity-based Bandwidth Management


Advanced Multiple Gateway Features

Auto failover

Complex rule support for auto failover checking.

Weighted round robin load balancing

Policy routing per application ,user, source and destination.

Gateway status on dashboard

No restriction on number of WAN Ports

Schedule based bandwidth assignment


External Authentication


Authentication and External Integration


Traffic Discovery


Identity Based “On Appliance” Reporting


Cyberoam Reports are placed on Appliance

Other UTMsReporting Module/

Device


Policy violation attempts


Identification of User Surfing Patterns


Application Wise Usage reports


User Wise Usage reports


Web Category Visit wise Report


Category – Data Transfer reports


Documents Uploaded across Organization


Mail Spam Summary Report (On Appliance)


Traffic Discovery


Reports in Compliance with:

CIPA HIPAA GLBA SOX FISMA PCI


Networking Features

Features

• Active- Passive High Availability

• Stateful Failover

• VPN Failover

• Dynamic Routing (RIP, OSPF, BGP)


ASIC Vs. Multi-core Architecture


What is ASIC:

Built to handle certain tasks faster than general purpose processors

For e.g: Packet Filtering

Drawbacks:

Serial Processing

ASICs cannot be reprogrammed to address new attacks

ASICs accelerate traffic, but for complex tasks (VOIP, email, web traffic), tasks are sent to

secondary processor - thus depending on processor performance

With each attack (not programmed) closed Systems become slower & Slower

ASICs (Application Specific Integrated Circuits) - Closed Systems


What is Multi-core:

More than one processors working together to achieve high processing power.

Benefits:

Purpose-built Hardware

True Parallel Processing

Each processor is programmed to run tasks parallel

In case of a new attack, Cyberoam appliances do not suffer from

performance degradation associated with switching from ASIC-

based acceleration to general-purpose processors.

Multicore Processor-based Cyberoam


Cyberoam – Appliance Details


Cyberoam in Numbers

More than virus signatures in the anti-virus database

URLs categorized in categories

Spam Detection

False Positives

Intrusion Detection and Prevention Signatures

370,000

40 Million

82+

* 98%* 0.007%

3500+


• Identity-based Firewall• VPN• Bandwidth Management• Multiple Link Management• On Appliance Reporting• 8*5 Tech Support & 1 Year Warranty

Subscriptions

•Gateway Anti-Virus Subscription (Anti-malware, phishing, spyware protection included)•Gateway Anti-spam Subscription•Web & Application Filtering Subscription•Intrusion Detection & Prevention (IDP)

Subscription services are available on 1 Year, 2 Year or 3 Year subscription basis

Basic Appliance – One time sale


Cyberoam can be deployed in two modes:

Deployment Modes

Bridge / Transparent Mode

Gateway / Route / NAT Mode

Proxy Mode


Cyberoam in Gateway Mode


Default Gateway: 192.168.0.1

Cyberoam in Bridge Mode

Users

Router

Network:192.168.0.x/24

FirewallINT IP: 192.168.0.1/24


Reduces operational complexity and

deployment time

Minimizes errors and lowers administration

cost Enables the MSSPs to have different

personnel for managing different customer

deployments

Ease of use with view of multiple devices and

network status at a glance

Cyberoam Central Console - CCC


Overview of Cyberoam’s Security Approach:

Who do you give access to: An IP Address or a User?

Whom do you wish to assign security policies:

Username or IP Addresses?

In case of an insider attempted breach, whom do you wish to

see: User Name or IP Address?

How do you create network address based policies in a DHCP

and a Wi-Fi network?

How do you create network address based policies for shared

desktops?

Cyberoam: Identity-based Security


Cyberoam Credentials


“IDC believes that identity-based UTM represents the next generation in the burgeoning UTM marketplace. When enterprises realize the value of having identity as a full component of their UTM solution the increased internal security, protection against insidious and complex attacks,understanding individual network usage patterns, and compliance reporting - Cyberoam will benefit as the innovator.”

Source: Unified Threat Management Appliances and Identity-Based Security: The Next Level in Network Security, IDC Vendor Spotlight (2007)


2008 - Emerging Vendor of the Year


Certifications

UTM Level 5

Anti-Virus Anti-Spyware Anti-Spam URL Filtering Firewall VPN IPS/IDP

Premium

ICSA Certified Firewall

VPNC Certified for Basic VPN & AES Interoperability

Cyberoam holds a unique & complete UTM certification

Certifications Applied

ICSA Certification for High Availability


Enter

prise

SMB

“Fully loaded, with many great features”

“packs a more serious punch”

“can restrict or open internet access by bandwidth usage, surf time or data transfer”.

“console is well organized and intuitive to navigate”

“flexible and very powerful”

“this appliance is a good value for almost any size environment”.

Five Star Rated – Two Years Running

July 2007 – UTM Roundup

Cyberoam CR250i

March 2008 – UTM RoundupCyberoam CR1000i


“deserves credit for its flexible configuration options, extensive security, content filtering, and bandwidth management features. “


LORD OF THE NETWORKS

If there is no network security and discipline in small or large networks, the chaos may result with serious work and data loss.

Cyberoam CR25i, which was sent to our test center, is a good solution for networks.

This UTM (unified threat management) appliance has 100% control over the users in your network in addition to its firewall, package inspection and other similar features.

It prevents you from the threats of anti-viruses and other harmful softwares with built in Kaspersky solution.

It also provides you antispam feature.

In addition to its advanced security features, you can manage your network in terms of identity based bandwith management, application control, site visiting logs.

Normally you need a separate PC or similar device so as to record logs. But there is a hard disk of 80 GB in this appliance for this feature. (It was written 160 GB on original copy of the magazine by mistake.)

You can also visit the website www.cyberoam.com and inspect the online demo before buying the product.

RESULT

Cyberoam CR25i is a successful solution for security and network management especially for small business companies.

Other advantages:- Advanced features- Flexible licensing options- Free of charge service


Product Excellence Award in the 3 categories: (2007)

Integrated Security Appliance Security Solution for

Education Unified Security

Tomorrow’s Technology Today 2007

2007 Finalist American Business Awards

2007 Finalist Network Middle East Award

Best Security Product Best SMB Networking Vendor

VAR Editor’s Choice for Best UTM (2007)

Finalist - 2008 Global Excellence in Network Security Solution

CRN – Emerging Tech Vendors 2007

Awards


GLOBAL PRESENCE (Over 55 Countries)


Partial Clientele


Business alliances


Thank you!