1 / 72

Next-Gen USG Series: Unified UTM Power

Get full control over your network with the new ZyXEL USG series. This series offers a range of advanced features including anti-virus, anti-spam, content filtering, intrusion detection & prevention, application intelligence, VPN, SSL inspection, and more.

epolk
Download Presentation

Next-Gen USG Series: Unified UTM Power

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Next Generation USG SeriesUnified UTM PowerGet full control over your network with the new ZyXEL USG series GSBU/ ZyXEL Communications Corp. April, 2014

  2. Table of Contents • Introducing Next-Gen USG Series • Technology Details • Anti-Virus • Anti-Spam • Content Filtering • Intrusion Detection & Prevention • Application Intelligence • VPN • SSL Inspection • Profile Overview • Competition Analysis • Why ZyXEL • Ordering Information • Ultra-high Performance • Unified Security Policy • Single-sign-on • WLAN Controller • High Availability • Bundled License & myZyXEL.com 2.0

  3. A Most Danger Just Happened The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet…..

  4. Threats actually happens every day… 2013 security timeline

  5. And it will never ends… More and more new applications, plus more creative threats!

  6. What’s NG Firewall? • UTM needs to be renewed! • To stay ahead of more and new threats • Next generation firewall • Gartner “Magic Quadrant” defines the capabilities of a next-gen firewall • Deep packet inspection • Intrusion detection • Application identification • Granular control • Reduced complexity

  7. Next Generation USG • Anti-malware protection • Deeper inspection • Ultra-high performance • Broad coverage of VPN applications • To policy with ease • Enhanced user experience • Non-stop availability

  8. Gateway Level Protection Reasons your network still needs strong protection at Gateway point: • Endpoint software, ex. AV, can be disabled by end-users • Not all devices on the network have endpoint protection software; ex. printer and other peripherals • Mobile devices are a risk • Endpoints are often out of date • Guest systems need protection too!

  9. Anti-Malware Protection • Best-of-breed technologies Anti-Virus Content Filtering IDP App Mgmt Anti-Spam

  10. Next-Gen USG Series TECHNOLOGY DETAILS

  11. Anti-Virus World Best Anti-Virus • GOLD zero-day protection awards from AV-Comparatives • First-class detection rates • AV-Comparatives consistently awards Kaspersky the highest possible rating (Advanced+)

  12. Anti-Virus World Best Anti-Virus • Integrate Kaspersky’s newest SafeStream II gateway anti-virus • Blocks unknown threats and over 650,000 viruses at the gateway • Fast stream-based scanning provides real-time protection with no file size limitation • Optimum frequency of updates • 10 to 25 per day and each are less than 50 KB • best frequency-to-content ratio • Fast response time and the best defense from new & unknown threats.

  13. Anti-Virus Spam Is Still There… • Around 3 out of every 4 emails are Spam • Most of these deliver threats, but ‘traditional’ Spam content is still there • Impacts to users • Cluttered inboxes • Unnecessary exposure to threats, e.g. Phishing • Lost communications & productivity • Impact to business (IT) • Increased support burden • Increased infrastructure load • User complains

  14. Anti-Spam Cloud-based Anti-Spam Proven, high-performance protection with strict content privacy • Identify new spam, malware and phishing attacks - the moment they emerge • Recurrent Pattern Detection™ (RPD) technology blocks spam based on its most fundamental characteristics - mass distribution and repeating patterns • Global detection from a patented content and language agnostic solution • Powered by the GlobalView™ Cloud • Deployed across 12 carrier-grade data centers • Gathering billions of Internet transaction daily

  15. Anti-Spam How It Works RPD looks at the ‘macro picture’ across the global Internet and output to GlobalView Cloud Next-Gen USG Series

  16. Web: The Primary Attack Factor Content Filtering Malware attacks come from the Web 92%(1) Attacks die in less than 24 hours 54%(1) Companies are hit by targeted attacks 50%(1) ATTACKS Malware comes from legitimate sites 85%(3) Companies are hit by Web attacks 72%(2) ¹ M86 Security, 2011 ² Verizon Data Breach Report, 2012 ³ Websense, 2012

  17. Core Of Content Filtering Content Filtering • RELEVANT COVERAGE • Full detail on the URLs you need – not the ones you don’t Global URLs Locall URLs • FRESH DATA • Base decisions on the state of the web right now • MASSIVE SCALABILITY • Global coverage with low latency

  18. Cloud-based Content Filtering Sets the performance standard for URL filtering applications: • Broad, high-accuracy coverage • Near zero latency • Real-time threat identification • Customize cache by location • Custom categorization Content Filtering Next-Gen USG Series

  19. Threat Prevention IDP Threat prevention and blocking malicious traffic is the 1st step to keep your biz safe. Application Control Traffic Shaping Step 1: Block malicious traffic Step 2: Allocate network bandwidth properly Step 3: Granular control to applications Threat Prevention

  20. Leading IDP Engine IDP Powered by Next-Gen USG Series • Single-Pass Scanning Engine: • 3-in-1 DPI engine • Multi-Functional, • Low Latency, • High Performance. Intrusion Detection & Prevention Packet Classification Anti-Virus Application Intelligence & Optimization Traditional solutions: High Latency, Low Performance, Difficult to Integrate with Multi-Vendors Packet Intrusion Prevention Anti-Virus Application Recognition Vendor A Vendor B Vendor C

  21. Full coverage of IDP IDP DoS/DDoS Buffer Overflow Access Control Scan Virus/Worm Trojan/Backdoor Web Attack Other

  22. Advanced IDP Technology IDP Intrusion detection and prevention (IDP) • Layer 7 context-aware threat analyzing • Behavior analysis for encrypted threats and applications • Protection for both client-side and server-side vulnerabilities • Provide anomaly-based and vulnerability-based threats protection • Awards-winning engine (certified by NSS and ICSA) • Support both Exploit-based and Vulnerability-based protection • Support Web Attacks like XSS and SQL Injection • Management/Reporting system

  23. App Intelligence (1) App Intelligence The dilemma of control v.s. vulnerability: • Internet and social media applications are main source of attacks and vulnerabilities • They are also modern tools to improve productivity • Challenges to IT now is to manage a bunch of applications without hindering productivity

  24. App Intelligence (2) App Intelligence • Granular, precise and flexible control • Identify, categorize and control over 3,000 Web apps and behaviors • Various control mode: Prioritize, BWM (bandwidth mgmt) , Block • Effective policy enforcement over social media, gaming, P2P and other Web apps • Industry-leading signature development per week update

  25. Protected Cloud Access VPN Challenges in adopting cloud service and applications • Retrieving data in cloud from multiple sites or during travel shall be protected from data breach Server/ applications in cloud Mobile User Internet Headquarters Branch

  26. Hybrid VPN! VPN USG series supports various VPN algorithm and adaptive to different VPN connectivity • IPSec VPN • SSL VPN • L2TP over IPSec • GRE over IPSec Commuter L2TP VPN Mobile User Internet Headquarters IPSec VPN GRE over IPSec VPN Branch Branch

  27. EASY VPN VPN Zero-touch client configuration required • Pre configured profile assigned to user according to their privilege

  28. VPN Enhancement VPN Next-gen USG series comes with more enhancements Future Proof IPv6 IPSec VPN • Able to establish IPSec VPN tunnels between IPv6 network environments Fast Hand-shaking IKEv2 IPSec VPN • More efficient: faster negotiation, faster rekey time, less IOP issues (build-in DPD, NAT-T protocol) • More secure: DoS (IP spoofing) protection, EAP user authentication support Easier Deployment IPSec VPN user-based PSK • Assign a unique ID and PSK (pre-shared key) for every client site • More secure for different sites High Compatibility SSL VPN client for Mac OS X • Mac computers running on OS X are now supported

  29. SSL Hides Threats… SSL Inspection Challenges from SSL encryption: • SSL encrypted connections are potential security blind spots • Sophisticated threats, bots and other malware hide in SSL encrypted connections to avoid inspection • Without SSL inspection, Web applications that use HTTPS (e.g. Facebook, Dropbox, Gmail, etc.) cannot be blocked, throttled or prioritized

  30. SSL Inspection SSL Inspection Benefits of enforcing SSL inspection • Deeper policy enforcement • Apply application control policies even for SSL encrypted traffic • Block invisible threats • Stop threats, bots and other malware that usually go unseen inside SSL encrypted traffic • Comply with user privacy regulations • Create an exclude list to bypass traffic that is related to user privacy • Visible certificate cache list enables users to add items in the exclude list quick and easily

  31. How It Works SSL Inspection Scan Content filtering IDP Anti-virus Application Intelligence Client USG Server SSL connection SSL connection Decrypt Encrypt

  32. Don’t Be the Bottleneck Performance Gateway performance is challenged due to • Multi-media is taking majority of Internet traffics • Global IP traffic to grow by triple from 2012 to 2017 • Broadband infrastructure keeps upgrading

  33. Ultra-high Performance Performance Faster, better, stronger New multi-core hardware platform • Multi-core and higher frequency CPUs • Higher system throughput level

  34. Overwhelming Policies Unified Policy In the past… Users had to configure policies for each UTM feature separately in multiple pages

  35. Repetitive Policies Unified Policy Also… • Users also had to configure the same policies for different Web applications one at a time • This meant a lot of repetitive work and redundant effort

  36. One-glance Policing Unified Policy Unified Security Policy Integrates firewall and all UTM features into a single configuration flow • Zone • Source IP • Destination IP • Destination port • User • Time • App. intelligence • Content filtering • IDP • Anti-virus • Anti-spam • SSL inspection

  37. Unified Security Policy Unified Policy One-Glance configuring Users can apply a policy across firewall and every UTM feature from a single interface Firewall Rules UTM Profiles

  38. Unified Security Policy Unified Policy Consolidated policing • Users can also create policies and easily add all the Web applications that need to be regulated • Redundant effort is eliminated, configuration time is reduced

  39. Enhanced User Experience SSO Single sign-on • Sign in once for domain and Internet authentication • Supports Microsoft Active Directory • SSO agent supports Windows 7 Pro (and above), Server 2008, Server 2008 R2, Server 2012 Benefits to ITs • Reduces IT help desk calls about passwords • Compatible with native Microsoft Windows features • No need to inject or replace any Microsoft AD components Benefits to end-users • Sign in once to access multiple services • Reduces password fatigue and time spent re-entering passwords for the same identity

  40. Single-sign-on SSO Users need to install the ZyXEL SSO agent on a Windows platform server and configure corresponding settings on the USG Internet USG allows Internet access based on user-aware policy match USG sends acknowledgement to SSO agent SSO agent queries group info from DC 7 Microsoft AD domain controllers SSO agent USG 5 3 4 2 User attempts to send traffic through USG SSO agent forwards user login info to USG DC forwards user login info to SSO agent 6 User User logs in domain 1

  41. Integrated WLAN Controller Controller Investment protection plus easy to deploy Wi-Fi • Centralized AP provisioning, authentication, firmware upgrade • Supported amount of managed APs:

  42. Integrated WLAN Controller Controller • No extra device integration and configuration needed • No worries about interoperability Other solutions ZyXEL’s solution Next-gen USG Series Gateway WLAN controller

  43. Non-stop Availability High Availability 3-tier high availability Driving highest business robustness

  44. Mobile Broadband Back-up High Availability USG series supports various mobile broadband clients to provide WAN connectivity back-up • WAN resiliency with active-active Ethernet WAN load balancing or active-passive failover • Supports more 3G/4G USB modems for WAN backup (drivers downloadable from cloud) WAH1000

  45. VPN High Availability (1) High Availability • Utilizes GRE over IPSec and GRE trunk technology • Provides resilient IPSec VPNs with active-active load balancing or active-passive failover HQ Network Remote Office B Network Remote Office A Network WAN1 WAN2 Internet WAN1 WAN2 WAN1

  46. VPN High Availability (2) High Availability • Provides resilient IPSec VPNs with active-active load balancing or active-passive failover GRE Trunk GRE Tunnel 2 GRE Tunnel 1 GRE Trunk IP network Site B Site A

  47. Device High Availability High Availability • Active-passive device backup and failover • Available on Advanced and Extreme Series (USG110 to USG1900) LAN WAN ISP1 Switch USG (Master, Active) DSL CPE/Router Failover Switch ISP2 USG (Backup, Standby) DSL CPE/Router Switch

  48. Bundled Security Services Security Licenses • Default bundles with 13-month service license, including 30-day trial • One-click to quickly activate the services; no additional purchasing required • Service license types • Karspersky anti-virus • Anti-spam • Content filtering • IDP & Application Intelligence • Managed AP scale-up

  49. License Mgmt – MyZyXEL.com 2.0 Security Licenses • ZyXEL cloud-based license management platform End Customers’ Networks Status synchronized service Internet service service Data Center service Registration & activation Management Service service service service Channel Partner

  50. MyZyXEL.com 2.0 Allows You… Security Licenses Saving the OPEX of Managing Your Businesses • Tiered registration and management portals • When providing services to multiple networks, ZyXEL channel partners can manage network via signal platform • Preventing multiple log-in’s to view customers’ status • Batch information upload • Device registration, license key and service activation • Via uploading .csv file • Reporting • Expired services, activated services, registered devices • By user-defined

More Related