4 Evolution of Internet security solutions Basic security began with firewallsConnectivity to branches, partners and remote workersHigh number of employees start accessing the InternetSlammer fueled the need for Intrusion Detection & PreventionAs threats increased, other solutions were introducedVirus attacks rose in number and intensitySpam roseBlended threats emerge to exploit extensive Internet usageAverage spam messages per day – 18.5Time spent deleting them – 2.8 mintues.Average time lost in a day – 51.8 mts14 % spam recipients actually read spam4 % buy products advertised by spam21 % spam in Jan 2005 was porn1 in 5 employees view online pornography at work70 percent of adult websites are hit between 9 am and 5 pm30-40 percent of employees' Internet activity is not business relatedSlammer Hit on Saturday, January 25, 2003, 0030Lost revenue spilled over halfway into the next weekTotal cost of the bailout: more than $1 billionTill today, no accountability has been establishedFirewalls enjoyed a monopoly until the starting of the 21st centuryInitial Firewalls were Stateless Firewalls which could not control the initiation of communicationLater Stateful became more prevalent6 % business s contained viruses – IBMThat’s a staggering cost of $281-$304 per PCbecame more prevalent25 % systems to be infected with spyware by this year– Forrester65 % companies say they will invest in anti-spyware tools and upgradesPhishing mails grew 5,000 % last yearPharming makes an entryBut multiple solutions brought in their share of problems
5 Current Challenges due to Multiple Internet Security Solutions Higher purchase cost of Individual AppliancesProblems in handling multiple Maintenance & Subscription ContractsRequirement of highly Technical man power to maintain Multiple Appliances & SolutionsDifficult for a single network admin to handle increasing complexity of LAN NetworksExcessive time taken to understand threat patterns with Individual Reports by AppliancesInadequacy in handling new blended attacksNeed For Single Unified Appliance for all Internet Security Problems
6 UTM : Unified Threat Management A solution to fight against multiple attacks and threats
7 UTM Unified threat management (UTM) refers to a comprehensive security product which integrates a range of security featuresinto a single appliance.A true UTM Appliance should have following features in singlesolution:FirewallVPNIntrusion Prevention SystemGateway Level Anti-virus for Mails, Website, File TransfersGateway level Anti-spamContent Identification & FilteringBandwidth Management for Applications & ServicesLoad Balancing & Failover FacilitiesUTM
8 Benefits of UTM Appliances Reduced complexityAll-in-one approach simplifies product selection, integration and supportEasy to deployCustomers, VARs, VADs, MSSPs can easily install and maintain the productsRemote ManagementRemote sites may not have security professionals – requires plug-&-play appliance for easy installation and managementBetter Man Power ManagementReduction in dependency and number of high-end skilled Human resourcesManaged ServicesSecurity requirements & day to day operations can be outsourced to MSSPs
9 Challenges with Current UTM Products Lack of user Identity recognition and controlInadequate in handling threats that target the user – Phishing, PharmingUnable to Identify source of Internal ThreatsEmployee with malicious intent posed a serious internal threatIndiscriminate surfing exposes network to external threats50 % of security problems originate from internal threats – Yankee GroupSource of potentially dangerous internal threats remain anonymousUnable to Handle Dynamic EnvironmentsWi-FiDHCPUnable to Handle Blended ThreatsThreats arising out of internet activity done by internal members of organizationExternal threats that use multiple methods to attack - SlammerLack of In-depth FeaturesSacrificed flexibility as UTM tried to fit in many features in single appliance.Inadequate Logging, reporting, lack of granular features in individual solutions50 % of security problems originate from internal threats – Yankee Group.Need for Identity based UTM…
11 Layer 8 Firewall (Patent-pending Technology) Cyberoam firewall is the only UTM firewall that embeds user identity in firewall rule matching criteria, enabling enterprises to configure policies and identify users directly by the username rather than through IP addresses. Cyberoam’s powerful hardware firewall provides stateful and deep packet inspection, access control, user authentication, network and application-level protection.11
12 Cyberoam – Identity Based Security Cyberoam is the only Identity-based Unified Threat Management appliance that provides integrated Internet security to enterprises and educational institutions through its unique granular user-based controls.
13 Cyberoam Appliances CRi series for SOHO (Small Office-Home Office) & ROBO (Remote Office-Branch Office)CR 25iCRi series for Small to Medium BusinessCR 50iCR 100iCRi series for Medium EnterprisesCR 250iCR 500iCRi series for Large EnterprisesCR 1000iCR 1500i
17 Cyberoam - Identity Based UTM Normal Firewall Rule matching criteria- Source address- Destination address- Service (port)- ScheduleAction- Accept- NAT- Drop- Reject- IdentityHowever, fails in DHCP, Wi-Fi environmentUnified Threat Controls (per Rule Matching Criteria)- IDP Policy- Internet Access Policy- Bandwidth Policy- Anti Virus & Anti Spam- Routing decision
18 Identity-based Firewall Identity-based SecurityIdentity vs. AuthenticationStateful Inspection FirewallCentralized management for multiple security featuresMultiple zone securityGranular IM, P2P controlsEnterprise-Grade SecurityAll the security features can be applied to each FW ruleCyberoam firewall is the only UTM firewall that embeds user identity in firewall rule matching criteria, enabling enterprises to configure policies and identify users directly by the username rather than through IP addresses. Cyberoam’s powerful hardware firewall provides stateful and deep packet inspection, access control, user authentication, network and application-level protection.18
21 Gateway Anti- Virus Features Scans HTTP, FTP, SMTP, POP3, IMAP traffic on a combination of Source, Destination, Identity, Service and Schedule.Self-service quarantine areaIdentity-based HTTP virus reportsUpdates every ½ hourSpyware and other malwareprotection includedBlocks “Phishing” s.21
23 Gateway Anti-Spam Features Spam filtering with (RPD) Recurrent Pattern Detection technologyVirus Outbreak Detection (VOD) for zero hour protectionSelf-Service quarantine areaContent-agnosticChange recipients of sScans SMTP, POP3, IMAP traffic23
24 Cyberoam’s Integration with Commtouch RPD (Recurrent Pattern Detection)Cyberoam’s Integration with CommtouchThreats over like spam, phishing, viruses, worms, are released in the billions within a short span of time. Today’s attackers launch threats for financial gain rather than out of malicious intent. They mask the originator and launch the attack using a network of zombie machines. With Zombie botnets carrying the ability to send up to 1 billion spam messages within a few hours, the spread of the attack is rapid.Gateway level spam protection for Zero-hour spam detection To effectively match the speed with which attacks spread, zero-hour responsiveness is required to deliver enterprise security. Zero-hour protection swings into action, generating defenses in the first hour of an attack. Further, the content and characteristics of the message within a single attack differ, making it difficult to identify the threat through traditional methods. Solutions that rely on signature databases are likely to leave the enterprise defenses lowered during the critical first hours of attack.Cyberoam in Partnership with CommTouch RPD (Recurrent Pattern Detection) Cyberoam delivers zero-hour spam protection in addition to image spam defense though Recurrent Pattern Detection (RPD) technology. This unique content-agnostic technology detects and blocks image spam which accounts for almost 35 % of worldwide spam mail and 70% of bandwidth taken by spam. Cyberoam’s anti-spam protection delivers maximum spam detection with low false positives through relevant, continuous and real-time spam detection. The solution reduces spyware, phishing and adware attempts, controls spam involving pornography while enhancing enterprise productivity by preventing mail systems from being submerged by spamProtects against Image-based Spam and spam in different languagesThe spam catch rate of over 98%0.007 false positives in spamLocal cache is effective for >70% of all spam resolution cases24
29 Web and Application Filtering Features Database of millions of sites in 82+ categoriesBlocks phishing, pharming, spyware URLsHTTP upload controlAbility to control & Block Applications such as P2P, Streaming, Videos/FlashLocal Database for the content filter reduces latency and dependence on network connectivity.Customized blocked message to educate users about organizational policies and reduce support calls
31 Internet Access Policies for Individuals and Groups
32 Educate Users with Custom Denied Messages and Reduce Your Support Calls James32
33 Identity-based Bandwidth Management Key FeaturesPasted from <http://cyberoam.com/bandwidthmanagement.html>Identity-based Bandwidth ManagementApplication and Identity-based bandwidth allocationCommitted and burstable bandwidthTime-based, schedule-based bandwidth allocationRestrict Bandwidth usage to a combination of source, destination and service/service group33
34 Advanced Multiple Gateway Features Auto failoverComplex rule support for auto failover checking.Weighted round robin load balancingPolicy routing per application ,user, source and destination.Gateway status on dashboardNo restriction on number of WAN PortsSchedule based bandwidth assignment34
53 ASICs (Application Specific Integrated Circuits) - Closed Systems What is ASIC:Built to handle certain tasks faster than general purpose processorsFor e.g: Packet Filtering Drawbacks:Serial ProcessingASICs cannot be reprogrammed to address new attacksASICs accelerate traffic, but for complex tasks (VOIP, , web traffic), tasks are sent to secondary processor - thus depending on processor performanceWith each attack (not programmed) closed Systems become slower & Slower
54 Multicore Processor-based Cyberoam What is Multi-core:More than one processors working together to achieve high processing power.Benefits:Purpose-built HardwareTrue Parallel ProcessingEach processor is programmed to run tasks parallelIn case of a new attack, Cyberoam appliances do not suffer from performance degradation associated with switching from ASIC-based acceleration to general-purpose processors.
56 Intrusion Detection and Prevention Signatures Cyberoam in NumbersMore than virus signatures in the anti-virus database370,00082+URLs categorized in categories40 Million3500+* 98%Spam DetectionFalse PositivesIntrusion Detection and Prevention Signatures* 0.007%
57 Basic Appliance – One time sale Identity-based FirewallVPNBandwidth ManagementMultiple Link ManagementOn Appliance Reporting8*5 Tech Support & 1 Year WarrantySubscriptionsGateway Anti-Virus Subscription (Anti-malware, phishing, spyware protection included)Gateway Anti-spam SubscriptionWeb & Application Filtering SubscriptionIntrusion Detection & Prevention (IDP)Subscription services are available on 1 Year, 2 Year or 3 Year subscription basis57
58 Deployment Modes Cyberoam can be deployed in two modes: Bridge / Transparent ModeGateway / Route / NAT ModeProxy Mode
60 Cyberoam in Bridge Mode UsersRouterNetwork: x/24Firewall INT IP: /24Default Gateway:
61 Cyberoam Central Console - CCC Reduces operational complexity and deployment timeMinimizes errors and lowers administration cost Enables the MSSPs to have different personnel for managing different customer deploymentsEase of use with view of multiple devices and network status at a glanceCyberoam Central Console enables enforcement of global policies for Firewall, Intrusion Detection & Prevention and Anti-virus scanning. This supports the creation and implementation of enterprise-wide security policy to strengthen branch and remote office security while lowering operational complexity. The Cyberoam Central Console enables administrators to assign security policies based on user’s work profile even in remote locations. This fully leverages Cyberoam's unique user identity-based security approach.
62 Cyberoam: Identity-based Security Overview of Cyberoam’s Security Approach:Who do you give access to: An IP Address or a User?Whom do you wish to assign security policies:Username or IP Addresses?In case of an insider attempted breach, whom do you wish to see: User Name or IP Address?How do you create network address based policies in a DHCP and a Wi-Fi network?How do you create network address based policies for shared desktops?62
64 “IDC believes that identity-based UTM represents the next generation in the burgeoning UTM marketplace. When enterprises realize the value of having identity as a full component of their UTM solution the increased internal security, protection against insidious and complex attacks,understanding individual network usage patterns, and compliance reporting - Cyberoam will benefit as the innovator.”Source: Unified Threat Management Appliances and Identity-Based Security: The Next Level in Network Security, IDC Vendor Spotlight (2007)
66 Certifications Applied PremiumAnti-VirusAnti-SpywareAnti-SpamURL FilteringFirewallVPNIPS/IDPCyberoam holds a unique & complete UTM certificationUTM Level 5Certifications AppliedICSA Certification for High AvailabilityICSA Certified FirewallVPNC Certified for Basic VPN & AES Interoperability
67 Five Star Rated – Two Years Running EnterpriseMarch 2008 – UTM RoundupCyberoam CR1000iJuly 2007 – UTM RoundupCyberoam CR250iSMB“console is well organized and intuitive to navigate”“flexible and very powerful”“this appliance is a good value for almost any size environment”.“Fully loaded, with many great features”“packs a more serious punch”“can restrict or open internet access by bandwidth usage, surf time or data transfer”.
68 “deserves credit for its flexible configuration options, extensive security, content filtering, and bandwidth management features. “
69 LORD OF THE NETWORKSIf there is no network security and discipline in small or large networks, the chaos may result with serious work and data loss.Cyberoam CR25i, which was sent to our test center, is a good solution for networks.This UTM (unified threat management) appliance has 100% control over the users in your network in addition to its firewall, package inspection and other similar features.It prevents you from the threats of anti-viruses and other harmful softwares with built in Kaspersky solution.It also provides you antispam feature.In addition to its advanced security features, you can manage your network in terms of identity based bandwith management, application control, site visiting logs.Normally you need a separate PC or similar device so as to record logs. But there is a hard disk of 80 GB in this appliance for this feature. (It was written 160 GB on original copy of the magazine by mistake.)You can also visit the website and inspect the online demo before buying the product.RESULTCyberoam CR25i is a successful solution for security and network management especially for small business companies.Other advantages:Advanced featuresFlexible licensing optionsFree of charge service
70 Awards Tomorrow’s Technology Today 2007 2007 Finalist American Business AwardsProduct Excellence Award in the 3 categories: (2007)Integrated Security ApplianceSecurity Solution for EducationUnified Security2007 Finalist Network Middle East AwardBest Security ProductBest SMB Networking VendorVAR Editor’s Choice for Best UTM (2007)CRN – Emerging Tech Vendors 2007Finalist Global Excellence in Network Security Solution