2Cyberoam Unified Threat Management Gateway Integrated security over single platformUnique Identity-based Layer 8 approach penetrates through each security module2
3KEY QUESTION TO ASK:How do you Identify users and grant access?
4How do you Identify users and grant access? “Certain employees are using their hand- held devices like Iphones & Blackberrys to access internal resources in my company. Some are working from home.”“Our Network works on Citrix, and we would like to block certain users from accessing particular applications and apply unique policy for each user across the network.”“How can I create special privilege for the technical team to access only specific servers / applications in my DMZ zone?”
5How do you Identify users and grant access? “How can I know have information of which users logging when and what he is accessing from network or even from HOME. (Work from HOME)”“How can I have AAA (Authenticate, Authorize and Audit) in my single security device.”
6SOLUTION – Unique Identity Based Cyberoam Firewall Cyberoam features:Stateful Inspection FirewallApplication based FirewallIdentity based FirewallAdmin can define the policies based on Username or IP Addresses and follows wherever he goesAdmin can bind the policies with user-name, IP address, MAC and session id (For Windows Terminal Sever and Citrix) as wellTerminal ServerXenServer
7Cyberoam’s Layer 8 Technology treats User Identity as the 8th layer in the protocol stack. Cyberoam UTM applies User Identity based Security Policy Controls across Layer 2 – Layer 7
8KEY QUESTION TO ASK:HOW DO YOU PROVIDE ACCESS PRIVILEDGES TO USERS?
9How do you enable access policies for your users? “Blanket policies for all departments do not work for us anymore.”“I want my HR department to have access to Job & Recruitment websites.”“I want to apply a daily download quota to certain users in my network”“I want to block certain websites for a specific group of users. Although, these websites are hosted on HTTPS”“I want to allow IM access to our Senior Management & Sales Team”
10How do you enable access policies for your users? “How can I give access to FACEBOOK to specific users only one hr a day that too after office hrs?”“How can I manage B/W to social networking websites to (for eg: Facebook) 2kbps so that business application gets right b/w?”“How to block P2P applications, Proxy applications or Secured application like Ultrasurf acoross my organization?”“How can I monitor/log DATA Transfer over HTTPS?”
11SOLUTION: WEB CONTENT & APPLICATION FILTER Block, Control & Monitor internet access & application access of Users.Over 44 million+ websites in 82+ categoriesBlocks and inspectHTTPS websitesGoogle Cached pagesAll known proxies such as Ultrasurf etc.Educate healthy-usage policy by providing customized messages on blocked websites.Premium
13Username / IP Address SOLUTION: APPLICATION CONTROL Blocks over ApplicationsUsername / IP Address13
14SOLUTION: IM MANAGEMENT & CONTROL Log & Monitor leading Instant MessengersYahoo,Windows LiveFilter content over IM: Blacklist certain keywords or regular expressionsBlock File transfer over messengers
15IM Controls for Yahoo MSG: Logging of Chat ConversationsWho can chat with whom!Data Leak Protection (File Transfer Control)15
16KEY QUESTION TO ASK:HOW DO YOU OPTIMIZE NETWORK & RESOURCE AVAILABILITY?
17How do you optimize Network & Resource Availability? “We want to allot dedicated bandwidth to our VOIP/CRM/ERP”“My CEO – wherever he logs in – Wifi/Lan/Handheld – should receive committed bandwidth at all times and hours.”“I want to assign burstable (128kbps – 1 Mbps) to users/group and burst it when the B/W is free from other users”
18How do you optimize Network & Resource Availability? “How can I provide Dedicated B/W to Video Conferencing/ Backup device for only 2 hrs on specific date?”“We would like to prioritize applications that utilize applications. CRM should have highest priority.”“How can I analyze that which application / User is using how much B/W in real time?”
19SOLUTION: BANDWIDTH MANAGEMENT Allocate/Restrict bandwidth to specific application or users/groupsAllocate/Restrict bandwidth to specific categoriesSchedule bandwidth allocation/restrictionAllocate dedicated bandwidth or as per availability (burstable)
20Web mail IM ERP CRM You Tube Application Firewall CasualTrafficSalesforceApplication FirewallCrowd of ApplicationsBandwidth Management20
21SOLUTION: TRAFFIC DISCOVERY Real-time visibility into bandwidth utilization byUserProtocolApplicationProvides visibility of unproductive usage of resources and threat incidence
22Traffic Discovery:Live Traffic Analysis including Bandwidth, Data Transfer Connection InformationFilter traffic for specific applicationLive traffic filtering by Application, User, IP AddressTraffic Filtering by Firewall Rule-ID, IP Address, Port etc.22
23KEY QUESTION TO ASK:HOW DO YOU ENSURE BUSINESS CONTINUITY?
24How do you ensure Business Continuity? “Internet access should not be interrupted even though one of our link fails”“We want the traffic of our finance department to route via a separate gateway”“How can I ensure my VPN connectivity is having 100% uptime?”“How can I use my 3G modem as back-up link when ADSL goes down?”
25SOLUTION: MULTIPLE LINK MANAGER Automated Link Load balancing assures ROI/investmentSupport for more than 2 ISP linksSupports Wireless WAN (3G USB modems, Wimax)Link FailoverPolicy-based routing: Source ID/Users/ProtocolsVPN FailoverHigh AvailabilityActive ActiveActive Passive
27KEY QUESTION TO ASK:HOW DO REMOTE WORKERS ACCESS YOUR NETWORK?
28How do remote workers access your network? “I want a connect all branches to my HO using secure and stable connection with zero downtime”“I would like to grant our employees secured access to internal resources from hand-held devices like iPhone”“I want my work-from-home employees/Roaming users to have limited access to only specific application ”I want to SCAN my Remote/Roaming users traffic before they connect to my NETWORK?
29SOLUTION: VIRTUAL PRIVATE NETWORK (VPN) Secure & Seamless connectivity between branch officesThreat Free Tunneling (TFT) TechnologyScans traffic entering VPN tunnel for:MalwareSpamInappropriate contentIntrusion attemptsSupportsIPSec, L2TP, PPTP technologies (client-based)SSL-VPN enables access to internal resources from any device (Does not require a client)
31KEY QUESTION TO ASK:ARE DESKTOP ANTI-VIRUS & ANTI-SPAM SUFFICIENT?
32Are Desktop Anti-virus & Anti-spam sufficient? “I want to optimize my bandwidth by blocking spam at the source/gateway itself”“I want to provide users the ability to release/tag their messages from/to the quarantine area”“Even HTTPS websites/applications need to be scanned for viruses”“I want my F/W/UTM to use trusted AV and use all the signatures of Virus and give 100% protection”“How can I create User based Anit-SPAM rules? ““How can I comply SOX?”
33SOLUTION: GATEWAY ANTI-MALWARE Contains 4 million+ signaturesSignatures are updated automatically every 30 mins.OEM Tieup with industry’s best anti-virus Kaspersky LabsBlock attachments based on extension (*.exe, *.bat etc.)ScansHTTP, FTP, SMTP, POP3HTTPS, IMAPInstant Messenger trafficAnti-VirusAnti-Spyware
34SOLUTION : GATEWAY ANTI-SPAM Detects & blocks 98% of all spamFalse positive rate of 1 in a million.Unique Recurrent Pattern Detection (RPD) technology blocks all types of spam including excel,pdf, multi-lingual spam etc.Self-Service Quarantine Area for users, allowing them to check quarantined s and reduce administrator overheadUsers Receive daily/weekly/monthly spam digestIP Reputation filtering:Stops 85% of spam at GatewayDoes not let it enter the networkSaves bandwidth & resourcesPremium
35How do you safe-guard your network from Hacking attempts? “How can I protect my network from DDOS & SQL Injection attacks?”“I wan to block a specific (custom) application for Specific users by creating signature in my firewall?”“How do I get immediate intimation on a hacking attempt on my network?”
36SOLUTION: INTRUSION PREVENTION SYSTEM (IPS) More than signatures to block a plethora of intrusion attempts.Complete protection against DOS, DDOS, Syn Flood attacks and more.Identity-based IPS policies per user or groupOverview of threat status:Top alerts, top attackers, top victims
37KEY QUESTION TO ASK:DO YOU HAVE COMPLETE VISIBILITY OF YOUR NETWORK?
38Do you have complete visibility of your network? “I want to identify the most dangerous users in my network”“I would like to discover which users receive the most spam”“Can I find out what people are surfing on the net in my company?”“I want to monitor IM conversations of employees in my company”“I want to monitor what files are being uploaded on the net”“I want know know what google searches are being made”
39SOLUTION: ON-APPLIANCE REPORTING More than on appliance reports.No Additional Purchase needed of hardware/service to access reports.Collects logs and assists in Network ForensicsReports in compliance withCIPA – Children’s Internet Protection ActHIPAA – Health Insurance Portability & Accountability ActGLBA – Gramm-Leach-Bliley ActSOX – Sarbanex-OxleyFISMA – Federal Information Security Management ActPCI – Payment Card Industry Data Security StandardsPowered By:
46Cyberoam Authenticates Cyberoam Layer 8 AdvantageOther UTMsUser LoginCyberoam AuthenticatesUserIP AddressMAC IdSession IdCyberoam AuthorizesAccess TimeInternet QuotaSecurity PoliciesWeb FilteringLayer 7 ControlsQoSIM ControlsCyberoam AuditsIdentity - basedLogs + ReportsMAC IdSession IdCyberoam has been the pioneer for bringing User Identity in UTMs and continues to lead in this area.There are few other UTMs that talk about identity but are no where close to Cyberoam’s User Identity approach.Let’s see the level of detail Cyberoam provides for User Identity and Cyberoam’s Layer 8 advantage over all others.Cyberoam’s approach to User Identity is based on its AAA formula i.e. Authentication, Authorization, Auditing once a user logins.Cyberoam provides facility to authenticate a user based on User name, IP Address and even MAC Id and Session Id…… Cyberoam Authorizes a User to work based on listed features and more …Cyberoam Audits a user based on detailed Identity based Logs and ReportsWhile Cyberoam satisfies all the A’s of the AAA approach, all other UTMs stop at Authentication level or at most some level of detail in the Authorization Level. At Authentication stage, most other UTMs do not even have facility to authorize on Mac Id and Session ID.
47Cyberoam UTM solves Organizational Concerns Keeping these business concerns in mind, Cyberoam UTM has developed features that enables organizations to grow by assuring Security, Connectivity and Productivity.Cyberoam UTM approaches all its features for organizations benefits.………………………………………………………..In further slides, we will talk about each of these features.
52CYBEROAM UTM APPLIANCE RANGE Large EnterprisesCR 1500iCR 1000iCR 750iaCR 500iaSmall to Medium EnterprisesCR 300iCR 200iCR 100iaCR 50iaRemote OfficesCR 35iaCR 25iaCR 15iCR 15wi52
53SUBSCRIPTION MODEL Subscription bundle Basic Appliance Bundled SubscriptionsIdentity-based FirewallVPNFree SSL-VPNBandwidth ManagementMultiple Link ManagementOn Appliance ReportingBasic Anti-Spam (RBL Service)8x5 Tech Support & WarrantyGateway Anti-Virus Subscription (Anti-malware, phishing, spyware protection included)Gateway Anti-spam SubscriptionWeb & Application Filtering SubscriptionIntrusion Prevention System (IPS)24 x 7 Tech Support & WarrantySubscription bundleTotal Value Subscription (TVS) – Includes all the licensesSecurity Value Subscription (SVS) – Includes all licenses except Gateway level Antispam53
54PRICING HARDWARE One Time Payment Need to renew 8x5 to get updates and keep the appliance under warrantySOFTWAREYearly Renewal RequiredAV/AS/CF/IPS Database needs to update regularly to provide up-to-date protection
55HOW TO CHOOSE A CYBEROAM MODEL? USER MODEL MATRIXPlease Note: Chart is an approximation Only. Number of users may vary on the network load & configuration.
56SAMPLE QUOTE Product Description List Price (US$) Qty Final Price (US$)Cyberoam 300i Appliance - Firewall, Bandwidth Management , Multiple Gateway & Load Balancing including 1 year of 8x5 Support & WarrantySKU : 01-CRI3 Year Antivirus-Antispam for CR 300i3 Year Web & Application Filtering for CR1500i3 Year IPS for CR1500i3 year TVS ( AV+AS+IPS+WAF with 8*5 support)3 year SVS (AV+IPS+WAF with 8*5 support)Total
57IMPORTANT RESOURCES FOR CYBEROAM PARTNERS Partner Portal >> Knowledge-base
58IMPORTANT RESOURCES FOR CYBEROAM PARTNERS Stay updated with Cyberoam Newsletters
59IMPORTANT RESOURCES FOR CYBEROAM PARTNERS Register for Cyberoam WebinarsRegister for Cyberoam Cerfication
60www.cyberoam.com/presalessupport/ DEDICATED CONSULTANTS FOR PARTNERS Cyberoam Presales Consultants are available 24x7 for Channel PartnersDedicated SupportChatTelephone: Toll Free for some regionsPresales Consultants help you withInstallation Support,Network ConsultationDocumentation Support for Tenders/RFPsFeature RequestsTraining/Certification requests
62Analysts Speak:“IDC believes that identity-based UTM represents the next generation in the burgeoning UTM marketplace. When enterprises realize the value of having identity as a full component of their UTM solution the increased internal security, protection against insidious and complex attacks, understanding individual network usage patterns, and compliance reporting - Cyberoam will benefit as the innovator.”Source: Unified Threat Management Appliances and Identity-Based Security: The Next Level in Network Security, IDC Vendor Spotlight62
63“Completeness of Vision” Gartner ranks Cyberoam as a “Visionary” in July 2009 Magic Quadrant for SMB Multifunction FirewallsCyberoam ranks 5th in“Completeness of Vision”FortinetSonicwallWatchGuardAstaroCyberoam63
67Cyberoam is IPV6 Certified IPv6 (Future Ready Connectivity)‘IPv6 Ready’ gold logoCyberoam identifies and processes IPv6 trafficThird-party validationInternational Testing Program with rigorous test casesIPv6 compliance to become mandatory in government and other enterprisesDriven by diplomatic initiatives67
68SC Magazine Five Star Rating – Five Times in a Row! July 2010 – UTM Group Test Cyberoam CR50iaA Solid Product and the Price is RightCR50ia is more than a Usual UTMApril 2009 – Product review Cyberoam CR200iA lot of functionality, including good integration support, in a single easy-to-use appliance”also includes a solid web content filter and blocking for applications such as IM and P2P“December 2008 – Product review Cyberoam CR100i“Cyberoam delivers a wealth of features for the price, which include versatile identity- and policy-based security measures ”March 2008 – UTM Roundup Cyberoam CR1000i“Fully loaded, with many great features”“packs a more serious punch”July 2007 – UTM Roundup Cyberoam CR250i“flexible and very powerful”“this appliance is a good value for almost any size environment”.68
69Awards ZDNET Asia- IT Leader Of the Year 2008 Winner Network Middle-East Awards 20102008 – BestContent FilteringTomorrow’s TechnologyToday 2007Most Valued PrincipalChannelWorldVARIndia Editor’s Choice for Best UTM (2007)SMB Productof the YearChannel's Favorite Security Company (2008)Best Integrated SecurityApplianceBest Security Solution forEducationBest Unified SecurityCR50ia (2010), CR15i (2009)CR50ia (2009)CR15i (2009)CR1500i (2009)
76Scenario 1 What solution will you recommend to the IT Manager? A Finance Company has offices at different citiesHead Office: 150 EmployeesBranch Offices: 15 Employees eachIT Managers’ Challenge:Wants to deploy security solution for their networkWants to store all reports at central locationWhat solution will you recommend to the IT Manager?
77Scenario 1: The Solution At Head QuartersCR200iAV & ASIPS for Mail ServerWeb & App FilteriView & CCCAt Branch OfficesCR15wi
78Scenario 2 What will you recommend to the IT Manager? A Retail Marketing CompanyHead Office: 50 EmployeesIT Managers’ Challenge:Wants marketing executives to have secured access to their CRMWhat will you recommend to the IT Manager?
79Scenario 2: The Solution At Head QuartersCR50iaSSL VPNCRM Access to Marketing Executives
80Scenario 3 An Educational Institution 1500 Students accessing Internet2 ISP Links with 50 Mbps bandwidth on each linksIT Managers’ Challenge:Wants to grant user access based on profile.Control access of unwanted & bandwidth guzzling websitesGamesMusicYoutube, FacebookP2PLoad Balancing on both Links. No Auto Failover AvailableStaff is getting lot of spam & virus infected s.Mail server gets listed in spam database due to student infected laptops sending 1000s of s
81Solution: Scenario 3 At Head Quarters 2 x CR1500i for redundancy One link for Hosted ServersSecond for Internet BrowsingAV & AS for:Outgoing & Incoming Mail trafficCF For:Blocking Im’s, P2P, Music etc.
82Scenario 4 What will you recommend to the IT Manager? A Small Company Head Office: 50 Employees3 Remote Offices: 15 EmployeesDSL Line Connectivity at all 4 PlacesIT Managers’ Challenge:All remote offices need to be connected to main office securelyWhat will you recommend to the IT Manager?
83Solution: Scenario 4 All remote offices: Dynamic DNS Support Site-to-Site VPNTunnel is established