Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Identity-Based Unified Threat Management One Identity – One Security Shailesh Mecwan

Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam

Identity-Based Unified Threat Management

One Identity – One Security

Shailesh MecwanManager – Business Development (Europe)


Agenda of Presentation

• About Company• Challenges of UTM Scenario• Introduction to Cyberoam• Cyberoam Credentials / Awards/ Accreditations• Cyberoam Product Walk-thru


Est. in 1999 YoY Growth 200% 500+ Employees ISO 9001-2000 Certified Presence in USA, Asia, Middle East Cyberoam Channel network in more

than 75 Countries Invested by $90bn World’s Largest

Private Equity Group


Elitecore Products


UTM : Unified Threat Management

A solution to fight against multiple attacks and threats


A true UTM Appliance should have following features in single solution:

1. Firewall

2. VPN

3. Intrusion Detection & Prevention

4. Gateway Level Anti-virus for Mails, Website, File Transfers

5. Gateway level Anti-spam

6. Content Identification & Filtering

7. Bandwidth Management for Applications & Services

8. Load Balancing & Failover Facilities

UTM

UTM

Unified threat management (UTM) refers to a comprehensive security product which integrates a range of security features into a single appliance.


Benefits of UTM Appliances

Reduced complexity

All-in-one approach simplifies product selection, integration and support

Easy to deploy

Customers, VARs, VADs, MSSPs can easily install and maintain the products

Remote Management

Remote sites may not have security professionals – requires plug-and-play appliance for

easy installation and management

Better Man Power Management

Reduction in dependency and number of high end skilled Human resources

Managed Services

Security requirements & day to day operations can be outsourced to MSSPs


Lack of user Identity recognition and control Inadequate in handling threats that target the user – Phishing, Pharming

Unable to Identify source of Internal Threats Employee with malicious intent posed a serious internal threat Indiscriminate surfing exposes network to external threats 50 % of security problems originate from internal threats – Yankee Group Source of potentially dangerous internal threats remain anonymous

Unable to Handle Dynamic Environments Wi-Fi DHCP

Unable to Handle Blended Threats Threats arising out of internet activity done by internal members of organization External threats that use multiple methods to attack - Slammer

Lack of In-depth Features Sacrificed flexibility as UTM tried to fit in many features in single appliance. Inadequate Logging, reporting, lack of granular features in individual solutions

Challenges with Current UTM Products

Need for Id

entity based U

TM


Layer 8 Firewall


Identity-Based Technology

User


Cyberoam is the only Identity-based Unified Threat Management appliance that provides integrated Internet security to enterprises and educational institutions through its unique granular user-based controls.

Cyberoam – Identity Based Security


Cyberoam Credentials


Gartner MarketScope (Q2 2008) SMB Multifunction Firewalls

Astaro x

Checkpoint x

Cisco x

Cyberoam x

eSoft

Fortinet x

IBM x

NetAsq x

Secure Computing x

Sonicwall x

StillSecure x

Untangle x

Watchguard x

Strong Positive

RATING

Strong Negative

Caution Promising Positive

x

Source: Gartner’s MarketScope Q2 2008


Gartner Magic Quadrant SMB Multifunction Firewalls 2009

Gartner Rates Cyberoam a Visionary

“Cyberoam has a strong presence in Asia, and, in 2008, saw significant growth in EMEA.”

“Cyberoam is fast to market with new features.”


“IDC believes that identity-based UTM represents the next generation in the burgeoning UTM marketplace. When enterprises realize the value of having identity as a full component of their UTM solution the increased internal security, protection against insidious and complex attacks,understanding individual network usage patterns, and compliance reporting - Cyberoam will benefit as the innovator.”

Source: Unified Threat Management Appliances and Identity-Based Security: The Next Level in Network Security, IDC Vendor Spotlight (2007)


2008 - Emerging Vendor of the Year


Certifications

Anti-Virus Anti-Spyware Anti-Spam URL Filtering Firewall VPN IPS/IDP

Premium

UTM Level 5: Cyberoam holds a unique & complete UTM certification

Premium

ICSA Certified Firewall

VPNC Certified for Basic VPN & AES Interoperability

ICSA Certified

High-Availabilit

y


GLOBAL PRESENCE (Over 75 Countries)


“console is well organized and intuitive to navigate”

“flexible and very powerful” “this appliance is a good value for almost

any size environment”.

“Fully loaded, with many great features” “packs a more serious punch” “can restrict or open internet access by

bandwidth usage, surf time or data transfer”.

March 2008 – UTM RoundupCyberoam CR1000i

Five Star Rating – Four Times in a Row!

July 2007 – UTM RoundupCyberoam CR250i

April 2009 – Product review Cyberoam CR200i

A lot of functionality, including good integration support, in a single easy-to-use appliance”also includes a solid web content filter and blocking for applications such as IM and P2P“

December 2008 – Product review Cyberoam CR100i

“Cyberoam delivers a wealth of features for the price, which include versatile identity- and policy-based security measures ”


Best Integrated SecurityAppliance Best Security Solution forEducation Best Unified Security

Tomorrow’s TechnologyToday 2007

2007 Finalist American Business Awards

2007, 2008 FinalistNetwork MiddleEast Award2008 Finalist ChannelMiddle East Award

VAR Editor’s Choice for Best UTM (2007)

Finalist - 2008 GlobalExcellence inNetwork SecuritySolution

CRN – EmergingTech Vendors 2007

Awards

ZDNET Asia- IT Leader ofthe Year 2008

SMB Product of the Year

2008 Emerging Vendor of the Year forNetwork Security

2008 – Best Content Filtering


Sample Clientele


“ By offering identity-based policy making and visibility across all its security features, Cyberoam allows administrators to create customized user-based policies based on the user or department work profile. In addition, it offers instant visibility into "who is accessing what in the enterprise." In doing so, it enables enterprises to meet compliance requirements in addition to facilitating instant action in case of a security breach even in dynamic IP environments such as DHCP and Wi-Fi.”

2008 Emerging Vendor of the Year – Asia-Pacific Frost & Sullivan “One of the biggest strength behind the success of Cyberoam is its innovative product line –

identity-based integrated security appliances. “

Cyberoam differentiates on identity-based network access - which provides access control linking IP addresses with directory identity. Cyberoam's products have unique features and serve some distinct vertical markets. They are also potentially disruptive to competitors that are trying to enter emerging markets.”

The UTM solution marketplace, a fairly nascent sector, is populated with over ten key vendors. In this crowded and extremely competitive market, Cyberoam performs well alongside its competitors with its identity-centric approach (which enables a more flexible and intuitive approach to security management in Butler Group’s opinion), and the combination of functional capabilities and strategies that are in close alignment with UTM’s target market.”


Business alliances


Cyberoam Product walk thru


Identity-Based Firewall


Normal Firewall

• Rule matching criteria - Source address

- Destination address - Service (port) - Schedule

• Action - Accept

- NAT - Drop - Reject

- Identity

Cyberoam - Identity Based UTM

• Unified Threat Controls (per Rule Matching Criteria) - IDP Policy - Internet Access Policy - Bandwidth Policy - Anti Virus & Anti Spam - Routing decision

• However, fails in DHCP, Wi-Fi environment



MAC Base Filtering (Layer 2 to Layer 8 Security)


MAC Based User Identity Control


Identity-Based Content Filtering


Database of millions of sites in 82+ categories

Blocks phishing, pharming, spyware URLs

Data Leakage Prevention (HTTP upload control & reporting)

Web and Application Filtering Features

Block & Control Applications such as P2P, Streaming, Videos/Flash

Local Content Filter Database to reduces latency and dependence

on network connectivity.


Google content categorization based on user policy:

Cache Pages

Translated Pages (http://translate.google.com)

Enforcement of Google Safe Search Based on User Policy.

Customized blocked message to educate users about organizational

policies and reduce support calls

Web and Application Filtering Features


Identity Based Policies


Advantages:

Restrict bandwidth for non work related categories.

Ensure bandwidth for productive categories.

Category Based Bandwidth Management


Key Features

Pasted from <http://cyberoam.com/bandwidthmanagement.html>

Application and Identity-based bandwidth allocation

Committed and burstable bandwidth

Time-based, schedule-based bandwidth allocation

Restrict Bandwidth usage to a combination of source, destination and

service/service group

Identity-based Bandwidth Management


External Authentication


Authentication and External Integration


Automated Single Sign On (SSO) for Active Directory

Agent based Clientless Single Sign On.

Platform Independent:

Windows All Versions

Macintosh (Mac OS X)

All Linux OS

Just need to install one agent software on Active Directory Controller.


Advanced Multiple Gateway Features

Schedule based bandwidth assignment

Gateway Alerts on Dashboard

Bandwidth Utilization Graphs

Active-Active Auto Link Failover & Load Balancing

Active-Passive Auto Link Failover

Source & Destination Routing

Support for more than 2+ ISP links


Gateway Anti-Virus


Scans WEB, FTP, Pop3, SMTP & IMAP traffic Self-service quarantine area Signature update ever 30 Mins Identity-based HTTP virus reports Disclaimer Addition to outbound emails Spyware and other malware protection including “Phishing” emails Block attachment based on Extensions (exe, .bat, .wav etc)

Gateway Anti- Virus Features


Gateway Anti-Spam


IP Reputation Filtering to block 85% of incoming messages at entry-point

even before these messages enter the network.

Spam filtering with (RPD) Recurrent Pattern Detection technology

Virus Outbreak Detection (VOD) for zero hour protection

Self-Service quarantine area

User based Spam Digest

Change recipients of emails

Scans SMTP, POP3, IMAP traffic

Content-agnostic

Gateway Anti-Spam Features


Antispam Quarantine Area:


Intrusion Prevention System (IPS)


Multiple and Custom IPS policies Identity-based policies

Identity-based intrusion reporting

Ability to define multiple policies

Reveals User Identity in Internal Threats scenario

IPS Features


Cyberoam IPS can log / block all type of applications:

Anonymous Surfing:

UltraSurf, TOR, Hotspot, FreeGate, JAP

All external proxies (Regardless of IP / Port)

P2P Applications:

BitTorrent, Limewire, Ares, Bearshare, Shareazaa

Morpheus,

File transfer over MSN, Yahoo, Google Talk

Anonymous VOIP:

Justvoip, LowRateVOIP

IPS Features


Identity Based “On Appliance” Reporting


Cyberoam Reports are placed on Appliance

Other UTMsReporting Module/

Device


Policy violation attempts


Identification of User Surfing Patterns


Application Wise Usage reports


User Wise Usage reports


Web Category Visit wise Report


Category – Data Transfer reports


Data Leakage Report (HTTP Upload)


Mail Spam Summary Report (On Appliance)


Traffic Discovery


Reports in Compliance with:

CIPA HIPAA GLBA SOX FISMA PCI



Cyberoam supports SSL-VPN, IPSec, L2TP, PPTP

Threat Free Tunneling (TFT) VPN Firewall Management VPN Bandwidth Management VPN Protection – Antivirus / Antispam / IPS / Content Filtering / DoS

VPN Topologies: Road-Warrior (Remote Access), Site to Site Hub & Spoke

Branch Office Internet Traffic Tunneling over VPN Inter Branch Office Communication

VPN Failover

Main Mode / Aggressive Mode Identity based VPN control using xAuth Local digital certification authority (CA) and support external CA

VPN Features


Client and Location independent access Authentication - AD, LDAP, RADIUS, Cyberoam Multi-layered Client Authentication - Certificate, Username/Password User & Group policy enforcement Network access - Split and Full tunneling End user Web Portal - Clientless access SSL VPN Tunneling Client - Granular access control to all the Enterprise Network resources Administrative controls: Session timeout, Dead Peer Detection, Portal customization

License Free SSL-VPN:


Cyberoam can be deployed in two modes:

Deployment Modes

Bridge / Transparent Mode

Gateway / Route / NAT Mode

Cyberoam can be used as a HTTP Proxyin both the modes.


Other Network / System Features

• High Availability (Active-Active / Active-Passive)

• Stateful Failover

• VPN Failover

• Dynamic Routing (RIP, OSPF, BGP)

• NTP Support

• Multiple Configurable Syslog Server Support

• GUI based Real Time Firewall Log

• Roll Back (Roll back to last upgraded version)


What is Multi-core:

More than one processors working together to achieve high processing power.

Benefits:

Purpose-built Hardware

True Parallel Processing

Each processor is programmed to run tasks parallel

In case of a new attack, Cyberoam appliances do not suffer from

performance degradation associated with switching from ASIC-

based acceleration to general-purpose processors.

Multicore Processor-based Cyberoam


Cyberoam in Numbers

More than virus signatures in the anti-virus database

URLs categorized in categories

Spam Detection

False Positives

IPS Signatures

2 Million

44+ Million

82+

* 98%* 1 in million

3500+


Large Enterprises

CR 1500iCR 1000i CR 500i

Small to Medium Enterprises

CR 300iCR 200i CR 100ia

Small Offices

CR 50ia CR 25i CR 15i

Cyberoam CRi UTM Appliance Range


Cyberoam Demo:

http://demo.cyberoam.com


Question/Answer Session


Thank you!

Documents

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Identity-Based Unified Threat Management One Identity – One Security Shailesh Mecwan