HARI GUNAWANFIT 04 Juni 2010PT. Jerbee Indonesia

EKSTERNAL•VIRUS•SPAM•SPYWARE•HACKING•PHISHING,PHARMING•ROOTKITS

INTERNAL•MALICIOUS INTENT•INFORMATION LEAKAGE•IDENTITY THEFT

ANCAMAN KEAMANAN JARINGAN

Unified Threat Management (UTM)

Evolution of the traditional firewall into an all-inclusive security product that has the ability to perform multiple security functions in one single appliance: network firewalling, network intrusion prevention and gateway antivirus (AV), gateway anti-spam, VPN, content filtering, load balancing and on-appliance reporting.

1.Firewall

2. VPN

3. Intrusion Detection & Prevention

4. Gateway Level Anti-virus for Mails, Website, File Transfers

5. Gateway level Anti-spam

6. Content Identification & Filtering

7. Bandwidth Management for Applications & Services

8. Load Balancing & Failover Facilities

Unified Threat Management (UTM)

Benefits of UTM Appliances

Reduced complexity All-in-one approach simplifies product selection, integration and support

Easy to deployCustomers, VARs, VADs, MSSPs can easily install and maintain the products

Remote Management Remote sites may not have security professionals – requires plug-and-play appliance for easy installation and management

Better Man Power ManagementReduction in dependency and number of high end skilled Human resources

Managed ServicesSecurity requirements & day to day operations can be outsourced to MSSPs

Lack of user Identity recognition and control Inadequate in handling threats that target the user – Phishing,

Pharming

Unable to Identify source of Internal Threats Employee with malicious intent posed a serious internal threat Indiscriminate surfing exposes network to external threats 50 % of security problems originate from internal threats – Yankee

Group Source of potentially dangerous internal threats remain anonymous

Unable to Handle Dynamic Environments Wi-Fi DHCP

Unable to Handle Blended Threats Threats arising out of internet activity done by internal members of

organization External threats that use multiple methods to attack - Slammer

Lack of In-depth Features Sacrificed flexibility as UTM tried to fit in many features in single

appliance. Inadequate Logging, reporting, lack of granular features in individual

solutions

Challenges with Current UTM Products

Need for Identity based UTM…

Identity is missing on firewall, antivirus & Anti-spam

Products

• Cyberoam UTM• Cyberoam iView (Open source Logging & Reporting)• Cyberoam Central Console (Centralized Management)• Cyberoam EndPoint Data Protection

Layer 8 Firewall (Patent-pending Technology)

Cyberoam Unified Threat Management (UTM)

Patent Pending: Identity-Based Technology

User

Cyberoam is the only Identity-based Unified Threat Management appliance that provides integrated Internet security to enterprises and educational institutions through its unique granular user-based controls.

Database of millions of sites in 82+ categories

Blocks phishing, pharming, spyware URLs

HTTP upload control & reporting

Web and Application Filtering Features

Block & Control Applications such as P2P, Streaming,

Videos/Flash

Local Content Filter Database to reduces latency and

dependence on network connectivity.

Customized blocked message to educate users about

organizational policies and reduce support calls

Application and Identity-based bandwidth allocation

Committed and burstable bandwidth

Time-based, schedule-based bandwidth allocation

Restrict Bandwidth usage to a combination of source, destination and

service/service group

Identity-based Bandwidth Management

Authentication and External Integration

Advanced Multiple Gateway Features

Schedule based bandwidth assignment

Gateway Alerts on Dashboard

Bandwidth Utilization Graphs

Active-Active Auto Link Failover & Load

Balancing

Active-Passive Auto Link Failover

Source & Destination Routing

Support for more than 2+ ISP links

Educate Users with Custom Denied Messages and Reduce Your Support Calls

James

http://www.screensaver.com

Dear Mark,

The web site you are trying to access is listed within the category SpywareandP2P

It can result in download of spyware and adware which result in popups. They are a threat to you and the enterprise and can slow the network down.

http://www.screensaver.comhttp://www.screensaver.com

Dear Mark,

The web site you are trying to access is listed within the category SpywareandP2P

It can result in download of spyware and adware which result in popups. They are a threat to you and the enterprise and can slow the network down.

Scans WEB, FTP, Pop3, SMTP & IMAP traffic Self-service quarantine area Signature update ever 30 Mins Identity-based HTTP virus reports Disclaimer Addition to outbound emails Spyware and other malware protection including “Phishing” emails Block attachment based on Extensions (exe, .bat, .wav etc)

Gateway Anti- Virus Features

Spam filtering with (RPD) Recurrent Pattern Detection technology

Virus Outbreak Detection (VOD) for zero hour protection

Self-Service quarantine area

Content-agnostic

Change recipients of emails

Scans SMTP, POP3, IMAP traffic

Gateway Anti-Spam Features

Protects against Image-based Spam and spam in different languages

The spam catch rate of over 98%

1 in Million false positives in spam

Local cache is effective for >70% of all spam resolution cases

RPD (Recurrent Pattern Detection)

Multiple and Custom IPS policies Identity-based policies

Identity-based intrusion reporting

Ability to define multiple policies

Reveals User Identity in Internal Threats scenario

IPS Features

Intrusion Prevention System (IPS)

Cyberoam in Numbers

More than virus signatures in the anti-virus

database

URLs categorized in

categories

Spam Detection

False Positives

IPS Signatures

500,00

0

More than 50

Million

82+

* 98%* 1 in million

More than 5500+

Other Network / System Features

• High Availability (Active-Active / Active-Passive)

• Stateful Failover

• VPN Failover

• Dynamic Routing (RIP, OSPF, BGP)

• NTP Support

• Multiple Configurable Syslog Server Support

• GUI based Real Time Firewall Log

• Roll Back (Roll back to last upgraded version)

… And Much More

CONTOH APLIKASI CYBEROAM

Subscription free On-Appliance Reporting

Real-time Monitoring and Alerting

Over 1100+ Drilldown Reports

Reports in HTML, MHTML, PDF, & CSV formats & Email Alerts

Web 2.0 GUI and Reporting interface.

iView(Cyberoam Aggregated Reporting & Logging Software)

Instant Messaging Logging & Control

• Yahoo & Windows Live Messaging

• Control Who Communicates with Whom

• Control Webcam usage

• Control Voice Usage

• Individual as well as Group Control

Control who can chat with whom

Archive Communication

Control communication medium(chat, video, voice)

Data Protection

Productivity

Reduces operational complexity and deployment time

Minimizes errors and lowers administration cost Enables the MSSPs to

have different personnel for managing different customer deployments

Ease of use with view of multiple devices and network status at a

glance

Cyberoam Central Console – CCC Series

Cyberoam for End Point Data Protection

1. Need for Data Protection

2. Data Protection & Encryption

3. Device Management

4. Application Control

5. Asset Management

Medical records of 741 patients lost by a hospital

60% corporate data lies unprotected on endpoints

Lost USBs

Lost Multimedia Discs

Wrong Email Attachment

Lost iPods

Personal information of 11.1mn customers of leading oil refinery (USA) found on streets

Bank employee accidentally sent sensitive customer details to wrong email address

12,500 handheld devices forgotten at the back of taxis every 6 months in UK

9000 USB sticks found in people's pockets at the local dry cleaners in UK

Need for Data Protection

What Places Data At Risk?

ApplicationsWeb, Mail, IM, P2P, Printing, FTP

Removable DevicesUSBs, CDs/DVDs, MP3, Digital cameras

InsidersUnauthorized transfer of sensitive data; Malware-laden email for information access; Sensitive data sent to wrong person

Data At Risk• Intellectual property related to R&D

• Business plans, RFP / Tender quotes • Product launch dates and

roadmap • Customer data

MaliciousUnintentional

Cyberoam End Point Data

ProtectionProtect your Data. Protect your Assets.

Cyberoam End Point Data Protection

• Comprehensive End Point Data Protection Suite

• Modules

• Data Protection & Encryption• Device Management• Application Control• Asset Management

Prevent Data Leakage – Email Attachments

Control data shared as attachment in emails Send customized warning message to user and alert to

administrator

Data Protection & Encryption

Record Data Shared over Webmails

Record content of Webmail such as Yahoo, Gmail & Msn

Prevent Data Leakage - Attachments over Instant Messengers

Attachment:

.doc NOT ALLOWED

File name: confident NOT ALLOWED

Size: > 2 MB

Control data shared as attachment over Instant Messengers Send customized warning message to user and alert to

administrator

.exe

.jpg

Before deleting

Operation

Modify

Delete

Fixed

Floppy

CD rom

RemovableNetwork

Unknown

.jpg

.doc

Before modifying

Before copying/cut to

Before copying/cut from

Mode of Transfer

File Name/Extn.

Back up

Read

Document

Prevent Accidental / Malicious Deletion of Data

Selective Action & Back-up of Document

• Control operations over a document and its mode of transfer• Back up files before specific actions

PrinterPrinter Type Selected files/Extn.

Attachment:.xls

Attachment:.doc

Shared

Local

NetworkVirtual

Database Server

PrinterPrinter Type Selected files/Extn.

Attachment:.xls

Attachment:.doc

Shared

Local

NetworkVirtual

Database Server

Prevent Data Leakage through Printed Files

Copy of Printed File Saved in Database Server

• Control access to printers in the system• Save shadow copy of printed file

Encrypt entire device

Attachment:.xls

Attachment:.doc

Attachment:.jpg

Decrypt before reading

Encrypt selected files

Data Sharing Through Removable Devices

• Encrypt all/selected files while writing to removable device• Decrypt files while reading from a removable device only in

organization network

• - Data in your lost USB device cannot be decrypted and is safe

Encrypts Data, Blocks Data Sharing

Record Chat Sessions even for SKYPE

Chat session

logs

Back up server

Protect your Data by controlling data over device

• Allow only authorized devices

Device Management

Storage Device

Communication Interface Device

USB Device

Network Devices Others

Dial Floppy, CD, Burning device, Tape, Removable device

Serial ports, parallel ports, modems, Bluetooth

Dial-up connection

USB keyboard, mouse, modem, storage, hard disk, others

Wireless LAN adapter, PnP adapter, Virtual LAN adapter

Audio equipment, Virtual CDROM, any new device

Device Management

Protect your Data by Controlling Applications

• Prevent data loss through unauthorized/indiscriminate use of applications

• Granular, policy-based application controls

- Protect sensitive data & enhance employee productivity- Prevent legal liability, network outages

IM tools

Entertainment(MP3, MP4, MPEG)

Pirated software Screensavers

Password crackers

Application Control

QUESTION ?

TERIMA KASIH