Identity-Based Unified Threat Management One Identity – One Security Shailesh Mecwan Manager – Business Development (Europe)
Agenda of Presentation • About Company • Challenges of UTM Scenario • Introduction to Cyberoam • Cyberoam Credentials / Awards/ Accreditations • Cyberoam Product Walk-thru
Est. in 1999 • YoY Growth 200% • 500+ Employees • ISO 9001-2000 Certified • Presence in USA, Asia, Middle East • Cyberoam Channel network in more than 75 Countries • Invested by $90bn World’s Largest Private Equity Group
UTM : Unified Threat Management A solution to fight against multiple attacks and threats
UTM UTM Unified threat management (UTM) refers to a comprehensive security product which integrates a range of security features into a single appliance. • A true UTM Appliance should have following features in single • solution: • Firewall • VPN • Intrusion Detection & Prevention • Gateway Level Anti-virus for Mails, Website, File Transfers • Gateway level Anti-spam • Content Identification & Filtering • Bandwidth Management for Applications & Services • Load Balancing & Failover Facilities
Benefits of UTM Appliances Reduced complexity All-in-one approach simplifies product selection, integration and support Easy to deploy Customers, VARs, VADs, MSSPs can easily install and maintain the products Remote Management Remote sites may not have security professionals – requires plug-and-play appliance for easy installation and management Better Man Power Management Reduction in dependency and number of high end skilled Human resources Managed Services Security requirements & day to day operations can be outsourced to MSSPs
Challenges with Current UTM Products Lack of user Identity recognition and control • Inadequate in handling threats that target the user – Phishing, Pharming Unable to Identify source of Internal Threats • Employee with malicious intent posed a serious internal threat • Indiscriminate surfing exposes network to external threats • 50 % of security problems originate from internal threats – Yankee Group • Source of potentially dangerous internal threats remain anonymous Unable to Handle Dynamic Environments • Wi-Fi • DHCP Unable to Handle Blended Threats • Threats arising out of internet activity done by internal members of organization • External threats that use multiple methods to attack - Slammer Lack of In-depth Features • Sacrificed flexibility as UTM tried to fit in many features in single appliance. • Inadequate Logging, reporting, lack of granular features in individual solutions Need for Identity based UTM
User Identity-Based Technology
Cyberoam – Identity Based Security Cyberoam is the only Identity-based Unified Threat Management appliance that provides integrated Internet security to enterprises and educational institutions through its unique granular user-based controls.
x GartnerMarketScope (Q2 2008)SMB Multifunction Firewalls Source:Gartner’s MarketScope Q2 2008
GartnerMagic Quadrant SMB Multifunction Firewalls 2009 Gartner Rates Cyberoam a Visionary “Cyberoam has a strong presence in Asia, and, in 2008, saw significant growth in EMEA.” “Cyberoam is fast to market with new features.”
“IDC believes that identity-based UTM represents the next generation in the burgeoning UTM marketplace. When enterprises realize the value of having identity as a full component of their UTM solution the increased internal security, protection against insidious and complex attacks, understanding individual network usage patterns, and compliance reporting - Cyberoam will benefit as the innovator.” Source: Unified Threat Management Appliances and Identity-Based Security: The Next Level in Network Security, IDC Vendor Spotlight (2007)
Certifications Premium Premium IPS/IDP URL Filtering Firewall Anti-Spyware Anti-Spam VPN Anti-Virus UTM Level 5: Cyberoam holds a unique & complete UTM certification ICSA Certified High-Availability VPNC Certified for Basic VPN & AES Interoperability ICSA Certified Firewall
“Fully loaded, with many great features” “packs a more serious punch” “can restrict or open internet access by bandwidth usage, surf time or data transfer”. March 2008 – UTM RoundupCyberoam CR1000i Five Star Rating – Four Times in a Row! July 2007 – UTM RoundupCyberoam CR250i December 2008 – Product review Cyberoam CR100i April 2009 – Product review Cyberoam CR200i “Cyberoam delivers a wealth of features for the price, which include versatile identity- and policy-based security measures ” • A lot of functionality, including good integration support, in a single easy-to-use appliance” • also includes a solid web content filter and blocking for applications such as IM and P2P“ • “console is well organized and intuitive to navigate” • “flexible and very powerful” • “this appliance is a good value for almost any size environment”.
Awards 2008 Emerging Vendor of the Year for Network Security ZDNET Asia- IT Leader of the Year 2008 Best Integrated Security Appliance Best Security Solution for Education Best Unified Security Tomorrow’s Technology Today 2007 SMB Product of the Year 2008 – Best Content Filtering CRN – Emerging Tech Vendors 2007 2007, 2008 Finalist Network Middle East Award 2008 Finalist Channel Middle East Award Finalist - 2008 Global Excellence in Network Security Solution VAR Editor’s Choice for Best UTM (2007) 2007 Finalist American Business Awards
Cyberoam differentiates on identity-based network access - which provides access control linking IP addresses with directory identity. Cyberoam's products have unique features and serve some distinct vertical markets. They are also potentially disruptive to competitors that are trying to enter emerging markets.” “ By offering identity-based policy making and visibility across all its security features, Cyberoam allows administrators to create customized user-based policies based on the user or department work profile. In addition, it offers instant visibility into "who is accessing what in the enterprise." In doing so, it enables enterprises to meet compliance requirements in addition to facilitating instant action in case of a security breach even in dynamic IP environments such as DHCP and Wi-Fi.” 2008 Emerging Vendor of the Year – Asia-Pacific Frost & Sullivan “One of the biggest strength behind the success of Cyberoam is its innovative product line – identity-based integrated security appliances. “ The UTM solution marketplace, a fairly nascent sector, is populated with over ten key vendors. In this crowded and extremely competitive market, Cyberoam performs well alongside its competitors with its identity-centric approach (which enables a more flexible and intuitive approach to security management in Butler Group’s opinion), and the combination of functional capabilities and strategies that are in close alignment with UTM’s target market.”
Normal Firewall Cyberoam - Identity Based UTM • Rule matching criteria - Source address - Destination address - Service (port) - Schedule • Action - Accept - NAT - Drop - Reject - Identity • However, fails in DHCP, Wi-Fi environment • Unified Threat Controls (per Rule Matching Criteria) • - IDP Policy • - Internet Access Policy • - Bandwidth Policy • - Anti Virus & Anti Spam • - Routing decision
Web and Application Filtering Features • Database of millions of sites in 82+ categories • Blocks phishing, pharming, spyware URLs • Data Leakage Prevention (HTTP upload control & reporting) • Block & Control Applications such as P2P, Streaming, Videos/Flash • Local Content Filter Database to reduces latency and dependence on network connectivity.
Web and Application Filtering Features • Google content categorization based on user policy: • Cache Pages • Translated Pages (http://translate.google.com) • Enforcement of Google Safe Search Based on User Policy. • Customized blocked message to educate users about organizational policies and reduce support calls
Category Based Bandwidth Management Advantages: • Restrict bandwidth for non work related categories. • Ensure bandwidth for productive categories.
Key Features Pasted from <http://cyberoam.com/bandwidthmanagement.html> Identity-based Bandwidth Management • Application and Identity-based bandwidth allocation • Committed and burstable bandwidth • Time-based, schedule-based bandwidth allocation • Restrict Bandwidth usage to a combination of source, destination and service/service group
Automated Single Sign On (SSO) for Active Directory • Agent based Clientless Single Sign On. • Platform Independent: Windows All Versions Macintosh (Mac OS X) All Linux OS • Just need to install one agent software on Active Directory Controller.
Advanced Multiple Gateway Features • Active-Active Auto Link Failover & Load Balancing • Active-Passive Auto Link Failover • Source & Destination Routing • Support for more than 2+ ISP links • Schedule based bandwidth assignment • Gateway Alerts on Dashboard • Bandwidth Utilization Graphs
Gateway Anti- Virus Features • Scans WEB, FTP, Pop3, SMTP & IMAP traffic • Self-service quarantine area • Signature update ever 30 Mins • Identity-based HTTP virus reports • Disclaimer Addition to outbound emails • Spyware and other malware protection including “Phishing” emails • Block attachment based on Extensions (exe, .bat, .wav etc)
Gateway Anti-Spam Features • IP Reputation Filtering to block 85% of incoming messages at entry-point even before these messages enter the network. • Spam filtering with (RPD) Recurrent Pattern Detection technology • Virus Outbreak Detection (VOD) for zero hour protection • Self-Service quarantine area • User based Spam Digest • Change recipients of emails • Scans SMTP, POP3, IMAP traffic • Content-agnostic
IPS Features • Multiple and Custom IPS policies Identity-based policies • Identity-based intrusion reporting • Ability to define multiple policies • Reveals User Identity in Internal Threats scenario
IPS Features • Cyberoam IPS can log / block all type of applications: • Anonymous Surfing: • UltraSurf, TOR, Hotspot, FreeGate, JAP • All external proxies (Regardless of IP / Port) • P2P Applications: • BitTorrent, Limewire, Ares, Bearshare, Shareazaa • Morpheus, • File transfer over MSN, Yahoo, Google Talk • Anonymous VOIP: • Justvoip, LowRateVOIP
Cyberoam Reports are placed on Appliance Other UTMs Reporting Module/ Device