Prepared by: Ricoh IT ServicesNSE: Serhat Cakmakoglu

Network Infrastructure Upgrade

Internet Service Component:Current Customer is restricted to using only a No Gateway Security Cisco VPN Router managed by UAP-NAPA IT. Advanced document management tools are not accessible to Mobile Devices on Public Networks via SSL VPN and Customers via HTTPS. There is no Secure WiFi. ProposedWatchGuard XTM330 & AP200 WiFi Access Point with Advanced UTM & Next Generation Firewall features. The proposed appliances will allow customer to securely connect to specific Servers on specific ports only as per configuration.The WatchGuard XTM330 appliance has a superior layer of security allowing only the specified traffic to enter the internal network using policy proxy zone routing.WHY?•To allow access to Laserfiche Web link and Planet Press Capture On The Go for the mobile devices.Network Infrastructure & Security Component:CurrentNO NEXT GENERATION FIREWALL & UNIFIED TREAT MANAGEMENT Appliance. No Application Control, URL Content Management, Malware and Intrusion (IPS) protection.

Network Infrastructure Upgrade Cont.…

ProposedState of the Art WatchGuard XTM330 Single Solution Security Appliance with Next Generation Firewall and AP200 WiFi Access Point, Site to Site and Client VPN up to 50 users simultaneously and Unified Treat Management Gateway Security with IPS (Intrusion Detection & Prevention),Gateway Antivirus, WebBlocker, SpamBlocker , Application Control, Reputation Enabled Defense to support all your current networks needs. For your future needs, WG has optional APT (Advances Persistent Threat) Detection and DLP (Data Loss Prevention) Services available as an additional option.State of the Art 1xCisco SG200-8, 8 Gigabit Port, Layer 3 compatible Fully Managed Switch with VoIP, VPN, Virtual LAN QoS and Traffic Prioritization support.

WHY?•To provide the ability to securely segment the 2-WAN networks in order to provide segregation.•Simple, Powerful, Reliable Network Security to meet today’s and tomorrow’s maximum distribution compliancy expectations.

04/15/23

About WatchGuardAccolades

Taken private in 2006: enabled strategic shift

2007-2009: 3-year effort to re-architect platform, business model

Firewall appliance pioneer HQ in Seattle, WA ~1,000,000 appliances shipped to

business customers worldwide 100% channel – 5,000 partners (1,200

with advanced certification) in 120 countries

Worldwide sales: 48% from Americas, 38% EMEA and 14% APAC

201

2

2006

Taken private in October

2007-2009

Re-Engineering of Product

2010 2011 2012

Launched re-architected product with Best-of-Breed HW Best-of-Breed SW

Launched RED / Next

Gen Firewall

Virtual solutions: XTMv and

XCSv,Hardware Refresh

2013

Launched WatchGuard Dimension™

Why Customers Choose WatchGuard

#1 UTM Performance at all

price points

Top UTM Performance

#1 IndustryLeading Modules

Best-of-Breed

Technology#1 Most

Highly Recognized

StrongManageabili

ty

WatchGuard’s Industry-Leading Platform Yields Key Benefits

Why DO We Need WatchGuard•Manage users to access internet.•Intrusion Prevention and Advanced Application Control•Filtering content and URL of the website.•Filtering by keyword•Filtering and Deep Pocket Inspection of HTTPS.•Web blocker has over 130 categories for IT manager to manage the internet access.•Reports and logs all content accessed by users via Dimension.•Secure e-mail and web access.•Can be integrated to the Domain AD controller to apply the policy to manage users.•Advanced Persistent & Zero Day Malware Threat Detection.•Data Loss Prevention and many more features….

WatchGuard is NOT ONLY a Secure Firewall but also it is a good tool for IT Managers to Manage their Network.

New Technologies & Threats Shape Security Needs

8

Businesses Have Complex Security Needs

Broad Security Needs - Varying Budgets & Facilities

9

10

…And Steal Headlines

11

….”SMBs don't know how defenseless they've become, especially to automated and industrialized attack methodologies by organized crime," Christopher Porter, Verizon RISK Team.

Retrieved from (2-28-13): http://www.pcworld.com/article/252302/why_hackers_set_their_sights_on_small_businesses.html12

You Can’t Control What You Can’t See

• Traditional port-based firewalls lack the ability to see, let alone control, many apps

• Productivity Loss

–Bandwidth-hungry apps slow networks

• Data Loss / Attack Vector

– Social networks breed a culture of trust

– Rife with technical vulnerabilities

• Traditional port-based firewalls lack the ability to see, let alone control, many apps

• Productivity Loss

–Bandwidth-hungry apps slow networks

• Data Loss / Attack Vector

– Social networks breed a culture of trust

– Rife with technical vulnerabilities

13

Security Implications of Virtualization

Physical Network

Firewall sees & protects all traffic between servers

Virtual Network

Physical security is blind to traffic between virtual machines

VM 1 VM 2 VM 3

Hypervisor

VS

Host

14

Virtualization Poses New Security Challenges

15

Visibility of Virtual Networks is Key

“…Unless you put virtualized security controls—virtual sniffers, virtual firewalls, all the same controls you'd use on a physical server, inside that network, you don't see what's going on." Neil MacDonald, security and infrastructure analyst at Gartner.

16

Converging Trends

Distributed Work• 23% of employees do some work

from home1

• High Salary employees ($100k+) are more likely to work from home2

– 70% at least once

– 20% more than 5 days per week

• 23% of employees do some work from home1

• High Salary employees ($100k+) are more likely to work from home2

– 70% at least once

– 20% more than 5 days per week

Small Businesses Handle Confidential Information

– Insurance Agents– Tax Accountants– Lawyers– HealthCare– Consultants

Use Routers supplied by ISP– Use Defaults– Not Patched– Offer just NAT– ISPs are Not Security Experts

Handle Confidential Information– Insurance Agents– Tax Accountants– Lawyers– HealthCare– Consultants

Use Routers supplied by ISP– Use Defaults– Not Patched– Offer just NAT– ISPs are Not Security Experts

Small Retail Outlets

• Self service kiosks• Staffed retail booths/kiosks• Small shops• Even the smallest outlets now

collect credit cards and personal data

• Self service kiosks• Staffed retail booths/kiosks• Small shops• Even the smallest outlets now

collect credit cards and personal data

© 2011 WatchGuard Technologies

Rethinking the Perimeter

Retail / Kiosk

XTM Defense-In-Depth In Action

WatchGuard vs. Web 2.0 Security Issues

24

An Application Proxy checks Source IP, Destination IP, Port, Protocol

If a matching rule (or service) is found:

The proxy then performs deep inspection on the content of the packet, including application layer data.

Cornerstone – The Application Proxy

Packet Reassembly – since 1996

This is the key to finding threats that OTHER FIREWALLS MISS!

25

Fireware XTM: Making the Most of Your Network

26

Secure Your Virtualized World with XTMv

• Easy to download, enable, deploy, and manage (WSM, web, CLI)

• Leverages vSphere and Hyper-V flexibility and availability

• Multiple models for organizations of all sizes

• Per-customer, -department, or -app deployment

• Delivers same best-in-class security of XTM devices to the virtual environment

• Easy to download, enable, deploy, and manage (WSM, web, CLI)

• Leverages vSphere and Hyper-V flexibility and availability

• Multiple models for organizations of all sizes

• Per-customer, -department, or -app deployment

• Delivers same best-in-class security of XTM devices to the virtual environment

27

Secure Your Wireless Networks with

WatchGuard Access Point Devices

• Extend XTM best-in-class security to the WLAN

• Harness the power of mobile devices without jeopardizing your network

• Apply security policies to wired and WLAN resources

• Leverage XTM tools for ease of administration

• Extend XTM best-in-class security to the WLAN

• Harness the power of mobile devices without jeopardizing your network

• Apply security policies to wired and WLAN resources

• Leverage XTM tools for ease of administration

28

Turn Oceans of Data into Security Intelligence

WatchGuard Dimension – Launched Oct. 2013

29

Bring Big Data Visibility to Network Security

Bring Big Data Visibility to Network Security

Real-time monitoring lets you take instant action

Many View Options:Drill-down in FireWatch TreeMap View to Hone in on Insights

Managing XTM Solutions: Satisfy Auditors

Over 90 pre-defined reports included. Drill-down for the data you need.

31

XTM Multi-Box Management Saves Time

Simultaneously manage from 2 to 100’s of boxes.

Implementing the WatchGuard solution was a breeze. The policy setting and system configuration is easy because it is all very logical and straightforward.Francis Lim, IT Manager, Eurokars Group

Align security policies across an organization – or apply modifications

between boxes

Align security policies across an organization – or apply modifications

between boxes

32

I can’t remember the last time I had to call someone with a security problem. With WatchGuard, we are always connected.Lucas Goh, Head of IT Operations for Asia, Berg Propulsion

Securely Connecting Users:

VPN• Create VPN by simple drag and drop• Dynamic Routing can be applied to branch office

VPN connections• Select from IPSec, SSL, L2TP for Mobile Users• Choose your device: laptop, smartphone, tablet• Define flexible rules to restrict data access to

authorized individuals only

33

Small Business 1- 50 Users 50 - 250

Users

Service Providers / Headquarters 1,000+ Users

Midsize Business250 – 500 Users 500 – 1,000 Users

XTM 3 Series

Industry-Leading Performance at Each

Price Point

FIREBOX T10 & XTM 2 Series

XTM 5 Series

XTM 8 Series

XTM 1050

XTM 2050

XTM 3 Series

XTM 1500 Series

XTM 800 Series

XTM 2520

34

Strong Suite of Security Products…

WatchGuard Security Solutions combine firewall, VPN, and security services to protect networks from data loss, spam, viruses, malware, and intrusions.

XTM 2520: Large enterprises and corporate data centers*

XTMvFour virtual software license versions with full UTM features

XTM 2 & 3 Series: Small offices, branch offices and wireless hotspots

XTM 5 & 800 Series: Mid-sized businesses and distributed enterprises

Software Scalability: Single version of WatchGuard Fireware® OS runs on all solutions, including virtual

XTM 1500 Series: Large distributed enterprises

Wireless Access Points AP100/200 & AP102Businesses can harness the power of mobile devices without putting network assets at risk.

… with leading performance that meets the needs of businesses of all sizesCore Business Product Line

Incr

easing th

roughput t

o meet b

usiness

es

needs

*XTM 2520: World’s fastest, greenest 1 rack unit UTM Firewall

Firebox® T10: Small office/home office and small retail environments Indoo

rOutdoor

Smart Security with Watchguard XTM & XTMv

• “Best-of-breed” multilayered security for physical and virtual environments

• Recognized security “Trend Setter,” industry “Champion” and “Value Leader”

• 90 reports included at no extra cost

• ICSA Firewall & IPSec certification

• Real-time monitoring• Intuitive set-up wizards • Multi-WAN support• RapidDeploy capability

• “Best-of-breed” multilayered security for physical and virtual environments

• Recognized security “Trend Setter,” industry “Champion” and “Value Leader”

• 90 reports included at no extra cost

• ICSA Firewall & IPSec certification

• Real-time monitoring• Intuitive set-up wizards • Multi-WAN support• RapidDeploy capability

36

What is “Next-Generation”?

(XTM = Next-Generation UTM) “XTM platforms will take security appliances beyond traditional boundaries by vastly expanding security features, networking capabilities and management flexibility.”

“Firewalls need to evolve to be more proactive in blocking new threats, such as botnets and targeted attacks. Enterprises need to update their network firewall and intrusion prevention capabilities to protect business systems as attacks get more sophisticated.”

37

Industry-Leading Value

“The product’s reporting functionswere a differentiator amongstother NGFW”

Source: Info-Tech Research Group. Vendor Landscape: Next Gen Firewall. August 2014. 38

Segment Leading Manageability & Usability

“Through 2018, more than 95% of firewall breaches will be caused by firewall misconfigurations, not firewall flaws”

-Gartner “One Brand of Firewall is a Best Practice for Most Enterprise Firewalls”, 28 Nov 2012

39

Leader in Gartner UTM Magic Quadrant for 5th Year Running

40 | Confidential

Source: Gartner, March 2012 and June, 2013

“A balance between ease of use and strong security”

“Users and channel partners report high reliability on the appliances and

strong support from WatchGuard”

“[H]ighest use rate of multiple features (beyond firewall, IPS and

URL blocking) of all vendors”

“Recent hardware and software upgrades bring significant

performance improvements”

LeadersChallengers

VisionariesNiche PlayersCompleteness of Vision

Ab

ilit

y t

o E

xe

cu

te

Source: Gartner Magic Quadrant for Unified Threat Management, July, 2013

WatchGuard UTM – Architected for Speed

43

XTM: WatchGuard’s Security Platform

Red boxes = WatchGuard IPRed boxes = WatchGuard IP

Latest, highest performance platform available

Common management console gives policy-driven control of technologies

Standardized across products

Unparalleled security foundation

Best of Breed Technologies from leading vendors

Designed for modularity; easy to add or replace technologies

The value is in the platform

WatchGuard XTM Platform

WatchGuard Proxy-based Engine

WatchGuard

Industry Standard Platforms

Ant

iViru

s

UR

L F

ilter

ing

VP

N

Rep

utat

ion

Ena

bled

D

efen

se

Ant

iSP

AM

Intr

usio

n P

reve

ntio

n

App

Con

trol

Hyper-V

Dat

a Lo

ss

Pre

vent

ion

AP

T

Blo

cker

VMware

…

Policy-based Management Console

WatchGuard Best of Breed

RapidDeploy

• Large MSSPs• Retail Chains

• Technical staff are not required at remote location

• When connected, device securely gets its configuration from the WatchGuard cloud

• Large MSSPs• Retail Chains

• Technical staff are not required at remote location

• When connected, device securely gets its configuration from the WatchGuard cloud

February 5, 2014 49

Simplify large multi-box deployments

Central Management Console

Why WatchGuard

Wins

Watch Video Comparisons http://www.watchguard.com/latest/us-vs-them.asp

50

UTM Combines Multiple Perimeter Services

Unified Threat Management in a single form

factor

ApplicationControl

URLFiltering

AntiSPAM

GatewayAntiViru

sIntrusionPreventio

nServiceFirewall

Data Loss Preventio

nAdvanced Persistent

Threats

© 2011 WatchGuard Technologies

Large Customer Base of Enterprise Businesses

Education HospitalityRetail

Diversified

Food & Beverage

OtherTech, Media & Telecom

A large number of distributed enterprise customers are recognizing WatchGuard’s scalable architecture and best-in-class manageability

TV Globo

Thank You!

76