1. Comprehensive Network Security
CYBEROAM
Comprehensive Network Security
Our Products
Cyberoam – Endpoint Data Protection
Data Protection & Encryption
Device Management
Application Control
Asset Management
Unified Threat Management
Cyberoam Central Console (CCC)
SSL VPN 1

2. Cyberoam Unified Threat Management
Gateway Integrated security over single platform
Unique Identity-based Layer 8 approach penetrates through each security module 2

3. KEY QUESTION TO ASK:
How do you Identify users and grant access?

4. How do you Identify users and grant access?
“Certain employees are using their hand- held devices like Iphones & Blackberrys to access internal resources in my company. Some are working from home.”
“Our Network works on Citrix, and we would like to block certain users from accessing particular applications and apply unique policy for each user across the network.”
“How can I create special privilege for the technical team to access only specific servers / applications in my DMZ zone?”

5. How do you Identify users and grant access?
“How can I know have information of which users logging when and what he is accessing from network or even from HOME. (Work from HOME)”
“How can I have AAA (Authenticate, Authorize and Audit) in my single security device.”

6. SOLUTION – Unique Identity Based Cyberoam Firewall
Cyberoam features:
Stateful Inspection Firewall
Application based Firewall
Identity based Firewall
Admin can define the policies based on Username or IP Addresses and follows wherever he goes
Admin can bind the policies with user-name, IP address, MAC and session id (For Windows Terminal Sever and Citrix) as well
Terminal Server
XenServer

7. Cyberoam’s Layer 8 Technology treats User Identity as the 8th layer in the protocol stack. Cyberoam UTM applies User Identity based Security Policy Controls across Layer 2 – Layer 7

8. KEY QUESTION TO ASK:
HOW DO YOU PROVIDE ACCESS PRIVILEDGES TO USERS?

9. How do you enable access policies for your users?
“Blanket policies for all departments do not work for us anymore.”
“I want my HR department to have access to Job & Recruitment websites.”
“I want to apply a daily download quota to certain users in my network”
“I want to block certain websites for a specific group of users. Although, these websites are hosted on HTTPS”
“I want to allow IM access to our Senior Management & Sales Team”

10. How do you enable access policies for your users?
“How can I give access to FACEBOOK to specific users only one hr a day that too after office hrs?”
“How can I manage B/W to social networking websites to (for eg: Facebook) 2kbps so that business application gets right b/w?”
“How to block P2P applications, Proxy applications or Secured application like Ultrasurf acoross my organization?”
“How can I monitor/log DATA Transfer over HTTPS?”

11. SOLUTION: WEB CONTENT & APPLICATION FILTER
Block, Control & Monitor internet access & application access of Users.
Over 44 million+ websites in 82+ categories
Blocks and inspect
HTTPS websites
Google Cached pages
All known proxies such as Ultrasurf etc.
Educate healthy-usage policy by providing customized messages on blocked websites.
Premium

12. COMPLETE CONTROL WITH
USER IDENTITY 12

13. Username / IP Address SOLUTION: APPLICATION CONTROL
Blocks over Applications
Username / IP Address 13

14. SOLUTION: IM MANAGEMENT & CONTROL
Log & Monitor leading Instant Messengers
Yahoo,
Windows Live
Filter content over IM: Blacklist certain keywords or regular expressions
Block File transfer over messengers

15. IM Controls for Yahoo MSG:
Logging of Chat Conversations
Who can chat with whom!
Data Leak Protection (File Transfer Control) 15

16. KEY QUESTION TO ASK:
HOW DO YOU OPTIMIZE NETWORK & RESOURCE AVAILABILITY?

17. How do you optimize Network & Resource Availability?
“We want to allot dedicated bandwidth to our VOIP/CRM/ERP”
“My CEO – wherever he logs in – Wifi/Lan/Handheld – should receive committed bandwidth at all times and hours.”
“I want to assign burstable (128kbps – 1 Mbps) to users/group and burst it when the B/W is free from other users”

18. How do you optimize Network & Resource Availability?
“How can I provide Dedicated B/W to Video Conferencing/ Backup device for only 2 hrs on specific date?”
“We would like to prioritize applications that utilize applications. CRM should have highest priority.”
“How can I analyze that which application / User is using how much B/W in real time?”

19. SOLUTION: BANDWIDTH MANAGEMENT
Allocate/Restrict bandwidth to specific application or users/groups
Allocate/Restrict bandwidth to specific categories
Schedule bandwidth allocation/restriction
Allocate dedicated bandwidth or as per availability (burstable)

20. Web mail IM ERP CRM You Tube Application Firewall
Casual
Traffic
Sales
force
Application Firewall
Crowd of Applications
Bandwidth Management 20

21. SOLUTION: TRAFFIC DISCOVERY
Real-time visibility into bandwidth utilization by
User
Protocol
Application
Provides visibility of unproductive usage of resources and threat incidence

22. Traffic Discovery:
Live Traffic Analysis including Bandwidth, Data Transfer Connection Information
Filter traffic for specific application
Live traffic filtering by Application, User, IP Address
Traffic Filtering by Firewall Rule-ID, IP Address, Port etc. 22

23. KEY QUESTION TO ASK:
HOW DO YOU ENSURE BUSINESS CONTINUITY?

24. How do you ensure Business Continuity?
“Internet access should not be interrupted even though one of our link fails”
“We want the traffic of our finance department to route via a separate gateway”
“How can I ensure my VPN connectivity is having 100% uptime?”
“How can I use my 3G modem as back-up link when ADSL goes down?”

25. SOLUTION: MULTIPLE LINK MANAGER
Automated Link Load balancing assures ROI/investment
Support for more than 2 ISP links
Supports Wireless WAN (3G USB modems, Wimax)
Link Failover
Policy-based routing: Source ID/Users/Protocols
VPN Failover
High Availability
Active Active
Active Passive

26. Active-Active gateway load balancing
ISP1 (MPLS)
(10 mbps)
ISP2 (ADSL)
(5 mbps)
ISP3 (3G)
(1 mbps)
Failover Link
Sales Dept.
Dev. Dept.
Finance Dept. 26

27. KEY QUESTION TO ASK:
HOW DO REMOTE WORKERS ACCESS YOUR NETWORK?

28. How do remote workers access your network?
“I want a connect all branches to my HO using secure and stable connection with zero downtime”
“I would like to grant our employees secured access to internal resources from hand-held devices like iPhone”
“I want my work-from-home employees/Roaming users to have limited access to only specific application ”
I want to SCAN my Remote/Roaming users traffic before they connect to my NETWORK?

29. SOLUTION: VIRTUAL PRIVATE NETWORK (VPN)
Secure & Seamless connectivity between branch offices
Threat Free Tunneling (TFT) Technology
Scans traffic entering VPN tunnel for:
Malware
Spam
Inappropriate content
Intrusion attempts
Supports
IPSec, L2TP, PPTP technologies (client-based)
SSL-VPN enables access to internal resources from any device (Does not require a client)

30. SSL VPN User Portal 30

31. KEY QUESTION TO ASK:
ARE DESKTOP ANTI-VIRUS & ANTI-SPAM SUFFICIENT?

32. Are Desktop Anti-virus & Anti-spam sufficient?
“I want to optimize my bandwidth by blocking spam at the source/gateway itself”
“I want to provide users the ability to release/tag their messages from/to the quarantine area”
“Even HTTPS websites/applications need to be scanned for viruses”
“I want my F/W/UTM to use trusted AV and use all the signatures of Virus and give 100% protection”
“How can I create User based Anit-SPAM rules? “
“How can I comply SOX?”

33. SOLUTION: GATEWAY ANTI-MALWARE
Contains 4 million+ signatures
Signatures are updated automatically every 30 mins.
OEM Tieup with industry’s best anti-virus Kaspersky Labs
Block attachments based on extension (*.exe, *.bat etc.)
Scans
HTTP, FTP, SMTP, POP3
HTTPS, IMAP
Instant Messenger traffic
Anti-Virus
Anti-Spyware

34. SOLUTION : GATEWAY ANTI-SPAM
Detects & blocks 98% of all spam
False positive rate of 1 in a million.
Unique Recurrent Pattern Detection (RPD) technology blocks all types of spam including excel,pdf, multi-lingual spam etc.
Self-Service Quarantine Area for users, allowing them to check quarantined s and reduce administrator overhead
Users Receive daily/weekly/monthly spam digest
IP Reputation filtering:
Stops 85% of spam at Gateway
Does not let it enter the network
Saves bandwidth & resources
Premium

35. How do you safe-guard your network from Hacking attempts?
“How can I protect my network from DDOS & SQL Injection attacks?”
“I wan to block a specific (custom) application for Specific users by creating signature in my firewall?”
“How do I get immediate intimation on a hacking attempt on my network?”

36. SOLUTION: INTRUSION PREVENTION SYSTEM (IPS)
More than signatures to block a plethora of intrusion attempts.
Complete protection against DOS, DDOS, Syn Flood attacks and more.
Identity-based IPS policies per user or group
Overview of threat status:
Top alerts, top attackers, top victims

37. KEY QUESTION TO ASK:
DO YOU HAVE COMPLETE VISIBILITY OF YOUR NETWORK?

38. Do you have complete visibility of your network?
“I want to identify the most dangerous users in my network”
“I would like to discover which users receive the most spam”
“Can I find out what people are surfing on the net in my company?”
“I want to monitor IM conversations of employees in my company”
“I want to monitor what files are being uploaded on the net”
“I want know know what google searches are being made”

39. SOLUTION: ON-APPLIANCE REPORTING
More than on appliance reports.
No Additional Purchase needed of hardware/service to access reports.
Collects logs and assists in Network Forensics
Reports in compliance with
CIPA – Children’s Internet Protection Act
HIPAA – Health Insurance Portability & Accountability Act
GLBA – Gramm-Leach-Bliley Act
SOX – Sarbanex-Oxley
FISMA – Federal Information Security Management Act
PCI – Payment Card Industry Data Security Standards
Powered By:

40. User Dashboard 40

41. Combined Report 41

42. Top Categories 42

43. Top Web Users 43

44. Search Engine – Google Search Results44

45. Top Spam Recipients 45

46. Cyberoam Authenticates
Cyberoam Layer 8 Advantage
Other UTMs
User Login
Cyberoam Authenticates
User
IP Address
MAC Id
Session Id
Cyberoam Authorizes
Access Time
Internet Quota
Security Policies
Web Filtering
Layer 7 Controls
QoS
IM Controls
Cyberoam Audits
Identity - based
Logs + Reports
MAC Id
Session Id
Cyberoam has been the pioneer for bringing User Identity in UTMs and continues to lead in this area.
There are few other UTMs that talk about identity but are no where close to Cyberoam’s User Identity approach.
Let’s see the level of detail Cyberoam provides for User Identity and Cyberoam’s Layer 8 advantage over all others.
Cyberoam’s approach to User Identity is based on its AAA formula i.e. Authentication, Authorization, Auditing once a user logins.
Cyberoam provides facility to authenticate a user based on User name, IP Address and even MAC Id and Session Id…… Cyberoam Authorizes a User to work based on listed features and more …
Cyberoam Audits a user based on detailed Identity based Logs and Reports
While Cyberoam satisfies all the A’s of the AAA approach, all other UTMs stop at Authentication level or at most some level of detail in the Authorization Level. At Authentication stage, most other UTMs do not even have facility to authorize on Mac Id and Session ID.

47. Cyberoam UTM solves Organizational Concerns
Keeping these business concerns in mind, Cyberoam UTM has developed features that enables organizations to grow by assuring Security, Connectivity and Productivity.
Cyberoam UTM approaches all its features for organizations benefits.
………………………………………………………..
In further slides, we will talk about each of these features.

48. DEPLOYMENT MODES CYBEROAM

49. BRIDGE MODE Default Gateway: 192.168.0.1 Router
Users
Router
Network: x/24
Firewall INT IP: /24
Default Gateway:

50. GATEWAY MODE DMZ Zone Router IP:61.0.5.1/29 Users
Network: x/24
Router IP: /29
Users
Mail Server IP: Gateway:
Database Server IP: Gateway:
Switch
Web Server IP: Gateway:
Console
INT IP: /24
DMZ IP: /24
EXT IP: /29
Gateway IP:
DMZ Zone
Default Gateway:

51. OVERVIEW:
CYBEROAM APPLIANCE RANGE
& SUBSCRIPTION SERVICES

52. CYBEROAM UTM APPLIANCE RANGE
Large Enterprises
CR 1500i
CR 1000i
CR 750ia
CR 500ia
Small to Medium Enterprises
CR 300i
CR 200i
CR 100ia
CR 50ia
Remote Offices
CR 35ia
CR 25ia
CR 15i
CR 15wi 52

53. SUBSCRIPTION MODEL Subscription bundle Basic Appliance
Bundled Subscriptions
Identity-based Firewall
VPN
Free SSL-VPN
Bandwidth Management
Multiple Link Management
On Appliance Reporting
Basic Anti-Spam (RBL Service)
8x5 Tech Support & Warranty
Gateway Anti-Virus Subscription (Anti-malware, phishing, spyware protection included)
Gateway Anti-spam Subscription
Web & Application Filtering Subscription
Intrusion Prevention System (IPS)
24 x 7 Tech Support & Warranty
Subscription bundle
Total Value Subscription (TVS) – Includes all the licenses
Security Value Subscription (SVS) – Includes all licenses except Gateway level Antispam 53

54. PRICING HARDWARE One Time Payment
Need to renew 8x5 to get updates and keep the appliance under warranty
SOFTWARE
Yearly Renewal Required
AV/AS/CF/IPS Database needs to update regularly to provide up-to-date protection

55. HOW TO CHOOSE A CYBEROAM MODEL?
USER MODEL MATRIX
Please Note: Chart is an approximation Only. Number of users may vary on the network load & configuration.

56. SAMPLE QUOTE Product Description List Price (US$) Qty
Final Price (US$)
Cyberoam 300i Appliance - Firewall, Bandwidth Management , Multiple Gateway & Load Balancing including 1 year of 8x5 Support & Warranty
SKU : 01-CRI
3 Year Antivirus-Antispam for CR 300i
3 Year Web & Application Filtering for CR1500i
3 Year IPS for CR1500i
3 year TVS ( AV+AS+IPS+WAF with 8*5 support)
3 year SVS (AV+IPS+WAF with 8*5 support)
Total

57. IMPORTANT RESOURCES FOR CYBEROAM PARTNERS
Partner Portal >> Knowledge-base

58. IMPORTANT RESOURCES FOR CYBEROAM PARTNERS
Stay updated with Cyberoam Newsletters

59. IMPORTANT RESOURCES FOR CYBEROAM PARTNERS
Register for Cyberoam Webinars
Register for Cyberoam Cerfication

60. www.cyberoam.com/presalessupport/ DEDICATED CONSULTANTS FOR PARTNERS
Cyberoam Presales Consultants are available 24x7 for Channel Partners
Dedicated Support
Chat
Telephone: Toll Free for some regions
Presales Consultants help you with
Installation Support,
Network Consultation
Documentation Support for Tenders/RFPs
Feature Requests
Training/Certification requests

61. CYBEROAM
CREDENTIALS

62. Analysts Speak:
“IDC believes that identity-based UTM represents the next generation in the burgeoning UTM marketplace. When enterprises realize the value of having identity as a full component of their UTM solution the increased internal security, protection against insidious and complex attacks, understanding individual network usage patterns, and compliance reporting - Cyberoam will benefit as the innovator.”
Source: Unified Threat Management Appliances and Identity-Based Security: The Next Level in Network Security, IDC Vendor Spotlight 62

63. “Completeness of Vision”
Gartner ranks Cyberoam as a “Visionary” in July 2009 Magic Quadrant for SMB Multifunction Firewalls
Cyberoam ranks 5th in
“Completeness of Vision”
Fortinet
Sonicwall
WatchGuard
Astaro
Cyberoam 63

64. Gartner Market Scope (Q2 2008) SMB Multifunction Firewalls64

65. 2008 - Emerging Vendor of the Year
Cyberoam has been awarded the 2008 Asia Pacific Frost & Sullivan Emerging Company of the Year Award in the Network Security Market 65

66. Cyberoam Certifications
Premium
Premium
Anti-Virus
Anti-Spyware
Anti-Spam
URL Filtering
Firewall
VPN
IPS/IDP
UTM Level 5: Cyberoam holds a unique & complete UTM certification
ICSA Certified Firewall
ICSA Certified
High-Availability
VPNC Certified for Basic VPN & AES Interoperability 66

67. Cyberoam is IPV6 Certified
IPv6 (Future Ready Connectivity)
‘IPv6 Ready’ gold logo
Cyberoam identifies and processes IPv6 traffic
Third-party validation
International Testing Program with rigorous test cases
IPv6 compliance to become mandatory in government and other enterprises
Driven by diplomatic initiatives 67

68. SC Magazine Five Star Rating – Five Times in a Row!
July 2010 – UTM Group Test Cyberoam CR50ia
A Solid Product and the Price is Right
CR50ia is more than a Usual UTM
April 2009 – Product review Cyberoam CR200i
A lot of functionality, including good integration support, in a single easy-to-use appliance”
also includes a solid web content filter and blocking for applications such as IM and P2P“
December 2008 – Product review Cyberoam CR100i
“Cyberoam delivers a wealth of features for the price, which include versatile identity- and policy-based security measures ”
March 2008 – UTM Roundup Cyberoam CR1000i
“Fully loaded, with many great features”
“packs a more serious punch”
July 2007 – UTM Roundup Cyberoam CR250i
“flexible and very powerful”
“this appliance is a good value for almost any size environment”. 68

69. Awards ZDNET Asia- IT Leader Of the Year 2008
Winner Network Middle-East Awards 2010
2008 – Best
Content Filtering
Tomorrow’s Technology
Today 2007
Most Valued Principal
ChannelWorld
VARIndia Editor’s Choice for Best UTM (2007)
SMB Product
of the Year
Channel's Favorite Security Company (2008)
Best Integrated Security
Appliance
Best Security Solution for
Education
Best Unified Security
CR50ia (2010), CR15i (2009)
CR50ia (2009)
CR15i (2009)
CR1500i (2009)

70. Partial Clientele 70

71. Partial Clientele 71

72. Product Line Unified Threat Management Cyberoam Central Console (CCC)
SSL VPN
Cyberoam
End Point Data Protection 72

73. ABOUT ELITECORE

74. About Elitecore Technologies
Established in 1999
400+ Employees
ISO 9001:2000 certified company
Backed by  World’s Largest Private Equity Group ($90bn)
Sales, Distribution Channel & Customers across 75+ countries
Communication - Networks – Security
Cyberoam - Network to Endpoint Security
CRESTEL - Telecommunication OSS BSS
EliteAAA - Telecommunication
24online - Bandwidth Management Solution 74

75. LET’S RECAP THROUGH SOME SCENARIOS

76. Scenario 1 What solution will you recommend to the IT Manager?
A Finance Company has offices at different cities
Head Office: 150 Employees
Branch Offices: 15 Employees each
IT Managers’ Challenge:
Wants to deploy security solution for their network
Wants to store all reports at central location
What solution will you recommend to the IT Manager?

77. Scenario 1: The Solution
At Head Quarters
CR200i
AV & AS
IPS for Mail Server
Web & App Filter
iView & CCC
At Branch Offices
CR15wi

78. Scenario 2 What will you recommend to the IT Manager?
A Retail Marketing Company
Head Office: 50 Employees
IT Managers’ Challenge:
Wants marketing executives to have secured access to their CRM
What will you recommend to the IT Manager?

79. Scenario 2: The Solution
At Head Quarters
CR50ia
SSL VPN
CRM Access to Marketing Executives

80. Scenario 3 An Educational Institution
1500 Students accessing Internet
2 ISP Links with 50 Mbps bandwidth on each links
IT Managers’ Challenge:
Wants to grant user access based on profile.
Control access of unwanted & bandwidth guzzling websites
Games
Music
Youtube, Facebook
P2P
Load Balancing on both Links. No Auto Failover Available
Staff is getting lot of spam & virus infected s.
Mail server gets listed in spam database due to student infected laptops sending 1000s of s

81. Solution: Scenario 3 At Head Quarters 2 x CR1500i for redundancy
One link for Hosted Servers
Second for Internet Browsing
AV & AS for:
Outgoing & Incoming Mail traffic
CF For:
Blocking Im’s, P2P, Music etc.

82. Scenario 4 What will you recommend to the IT Manager? A Small Company
Head Office: 50 Employees
3 Remote Offices: 15 Employees
DSL Line Connectivity at all 4 Places
IT Managers’ Challenge:
All remote offices need to be connected to main office securely
What will you recommend to the IT Manager?

83. Solution: Scenario 4 All remote offices: Dynamic DNS Support
Site-to-Site VPN
Tunnel is established

84. Question/Answer Session84