Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secured Connectivity Release 6.2.0

Published byEstella Howard Modified over 7 years ago

Similar presentations

Presentation on theme: "Secured Connectivity Release 6.2.0"— Presentation transcript:

1 Secured Connectivity Release 6.2.0
Barracuda NextGen Firewall F-Series Secured Connectivity Release Enterprise Firewall Criteria v4.2 The first Microsoft Azure Certified security solution provider Reader‘s Choice Awards Best Security Hardware Vendor Silver Winner

2 Transportation Financial Retail Manufacturing Industry Broadcasting
Government NGO Healthcare Legal Food Reference Customers We are not focusing on a single business – everywhere when it comes to multiple remote sites

3 Operations Deployment Security Connectivity
Central Management & Lifecycle Granular Admin Concept Revision Control Troubleshooting GTI & Live Status Cost Control Reporting Scalable Deployment Disaster Recovery Multi-Tentancy Hardware Virtual Cloud Operations Deployment Security Connectivity VPN IPS/IDS Stateful Firewall SSL Interception User Awareness AV / ATD / Web Filter Application Detection VPN Multiple ISP Traffic Intelligence Wan Optimization Traffic Shaping / QoS Virtual WAN Balancing Application-Based Link Selection

4

5 Full NextGen Security feature set
Energize Updates Advanced Threat Detection Web Filtering Malware (AV/IPS) on-box Geo IP Control DoS / DDoS Web filtering SSL Interception File Content & User Agent Filtering Traffic Shaping / Quality of Service Full NG featureset: - Traditional Stateful Firewall (DoS, DDoS, Anti-Spoofing, Port Scan etc) - Application Detection & Control - Geo IP (Source & Destination) - Inline Malware scanning (for HTTP+S, SMTP+S, FTP) - Inline URL filtering - SSL Interception (Full & Light) - QoS & Traffic Shapping - Customizable Block Page & Continue - Inline SaveSearch, YouTube for Schools & Google Accounts - File Content (for HTTP+S, SMTP+S, FTP) & User Agent (for HTTP+S) Filtering

6 App Detection - Protect the Business
Control and throttle acceptable traffic Preserve bandwidth and speed-up business critical applications Example of an Application ruleset: 1) Block unwanted traffic like „P2P“ 2) Allow „Facebook“ and „Twitter“ on Lunch Breack but block all other „Social“ content based on URL category. 3) Everything goes for „MGMT“ users 4) Lower priority for „Updates“ for everyone 5) Give business critical application highes priority but the application must use HTTP/HTTPS

7 User Awareness RADIUS RSA SecurID x.509 TACACS+ LDAP/S
SMS Passcode (VPN) NTLM Local authentication database Active Directory DC Agent TS Agent Wi-Fi Controlers Citrix TS Microsoft TS Transparent Authentication via DS Agent TS Agent for MS and Citrix Terminal Server Non transparent authentication provides via Portal login like MSAD, LDAP, TACACS, LOCAL DB etc… WiFi Access Controller Support - Aerohive, Ruckus and Aruba

8 Advanced Threat Detection
Example for a Barracuda ATD Report that shows why a specific file was identified as advanced malware Advanced Threat Detection on-box IPS on-box malware protection Block file Allow file Prevent malicious files – even unknown ones – from entering the organization and avoid network breaches. Identify zero-day malware exploits, targeted attacks, advanced persistent threats and other advanced malware which routinely bypass traditional signature based IPS and anti-virus engines. Granular Control over PDFs, EXEs/MSIs/DLLs, Android APKs, Microsoft Office files, and compressed files and archives Full interoperability with the integrated SSL Inspection files can be extracted and checked in order to detect advanced malware in the encrypted stream Cloud-based emulation allows resource intensive file emulation to be offloaded to the Barracuda Cloud Learning local cryptographic hash database for emulation optimization Multiple and simultaneous OS environments for emulated files Automatic notifications in case malware activity is identified can help minimize the time for reaction of the administrator in order to mitigate the network breach Available for hardware and virtual appliances as well as for Microsoft Azure and the Amazon AWS Cloud to fit your IT strategy as you standardize across hypervisors for network security and securely leverage public cloud infrastructures.

9 Advanced Threat Detection
Sharing ATD signatures and hashes with the Barracuda Cloud

10 URL Filtering URL filter service with 96 categories
Customizable response pages Allow / Block / Alert / Warn & Continue / Override actions White & Blacklists

11

12 Application-Based Provider Selection
IPS selection based on applications, application category and/or URLfilter category

13 Adaptive WAN Virtualization
xDSL xDSL MPLS MPLS

14 Adaptive WAN Virtualization
xDSL xDSL Surfing: 50% Class2 50% Class1 MPLS MPLS VoIP 50%: NoDelay Business 50%: Class1

15 Adaptive WAN Virtualization
xDSL xDSL MPLS VoIP: 70% NoDelay Business: 70% Class1 20% Class2 Surfing: 10% Class3 MPLS

16 Adaptive WAN Virtualization
No surfing xDSL xDSL MPLS MPLS 3G VoIP: 90% NoDelay Business: 90% Class1 10% Class2 No surfing 3G Only important applications

17 Adaptive WAN Virtualization
xDSL xDSL MPLS VoIP: 70% NoDelay Business: 70% Class1 20% Class2 Surfing: 10% Class3 MPLS 3G 3G

18 Adaptive WAN Virtualization
xDSL xDSL Surfing: 50% Class2 50% Class1 MPLS MPLS VoIP 50%: NoDelay Business 50%: Class1 3G 3G

19 Up to 24 Transports for one Tunnel
Virtual WAN Balancing Up to 24 Transports for one Tunnel Session Balancing Packet Balancing Paket balancing has only really a benefit if you have same up/down stream for ISPs and the same latency.

20 Virtual WAN Acceleration
De-Duplication & Data Caching Multiple Transport modes (Encapsulation) Compression (Stream/Packet) Application Acceleration De-Duplication Compression Application Accel. Caching TCP encapsulation De-Duplication Compression UDP encapsulation Transport mode, compression, application acceleration, de-duplication can be set independently for each transport. Various setup are possible to fulfill the needs. HYBRID encapsulation

21 Dynamic Meshed VPN Branches create temporary tunnel
Hub triggers automatic configuration update Hub detects traffic between branches Classic Hub&Spoke setup Hub (HQ) detects traffic between branches e.g. VoIP Hub (HQ) will update automatically Branches which communicate to each other directly Branches create a temporary tunnel - Tunnel is displayed on hub - Hub-branch tunnels stay active (for other connections and for failover)

22 Effective Operations VPN is hard to setup, to maintain, to troubleshoot? Easiest and fastest way to create VPN tunnels in the market. Even more faster with Fully-meshed VPN.

23 User VPN access VPN access from anywhere and from any device.
Fat Client: Windows, Linux, MacOSx SSLVPN: OS independed – Needs Browser with Java Mobile Client: CudaLaunch for iOS and Android

24

25

26 Hardware Deployment

27 Virtual Deployment

28 Public Cloud Deployment

29 Rollout Process = Disaster Recovery
Ist „CEO“ proof… Take a USB jumpdrive, put the configuration file (box.par) and the ISO image on. Plug it into the NG, reboot and wait until a „beep“ occurs, plug off the jumpdrive and reboot – DONE.

30

31 Cost saving customer example
Initial Situation Customer has 2 Locations connected with MPLS (40 Mbps) Line Cost of € 13,800 per month Barracuda Solution 4 units Barracuda NG Firewall F280 with EU+IR for 5 Years (two HA clusters) Switching from MPLS to Business Grade Uplink (30 Mbps) + Low Cost Broadband Link (10 Mbps) Initial investment € 24,388 Result Monthly bandwidth savings of € 6,000 Line redundancies and ability to load balance traffic as additional benefit Break Even in approx. 4 month and total Savings after 5 years € 311,612

32 Cost saving customer example

33 Management & Control

34 Barracuda NextGen Control Center
For efficient and flexible management, Barracuda offers five different control centers. C400 (hardware appliance) and VC400 (virtual appliance fof VMware, KVM, XenCitrix) Unlimited firewalls (recommended 20) 1 tenant (one range, one cluster) Multiadmin support Role-based administration Revision control system Central statistics Central syslog (host/relay) Firewall audit collector/viewer NG access monitor C610 (hardware appliance) and VC610 (virtual appliance fof VMware, KVM, XenCitrix) The above plus: Unlimited firewall (recommend 200 hardware-based; unlimited, but depending on hardware for virtual appliance) Multitenancy on cluster-base Barracuda NG Earth PKI Service VC820 Unlimited firewall (depending on hardware for virtual appliance) Multitenancy on range-base (5 tenants included; more available for purchase) High Availability license included

35 Live Status Polling Live Status polling
Multi-tenancy configuration and managed topology Easy roll-out, maintenance and disaster recovery Repository links & object database Granular administration concept Centralized lifecyle management Graphical VPN tunnel editor (drag‘n‘drop)

36 Hirarchical Multi-Tenancy Concept
Global Range Europe Admin access to global enviroment Admin access to continent “The control of a large force is the same principle as the control of a few men: It is merely a question of dividing up their numbers.” *Sun Tzu – The Art of War Cluster Austria Admin access to country Box Vienna The CC configuration is a hirarchical tree. - Splitted up into Ranges - Every Range as Clusters - Every Cluster has Boxes (the actual NG firewall gateway) - The admin scope can be set on „box“, „cluster“ or „range“ level Admin access to single gateway

37 Granular Configuration Levels
Global Asia Europe R2 / W2 Admin A: R/W=50, Austria only Admin B: R/W=20, Europe only R99 / W80 R99 / W10 Italy Austria R99 / W10 R99 / W60 Graz Vienna Read Level R W Write Level R80 / W50 The adminisdtration concept is evenmore powerful by using „Configuration Levels“. Every node has its own „read“ and „write“ level. As lower the number as higher the permissions. The „root“ user is „-1“. Per default all nodes have read=99 and write=2. Example: „Admin A“ has level „50“. That means he can read/write box „Vienna“ but only read cluster „Austria“. „Admin B“ has level „20“. That means he can read/write the whole cluster „Austria“ but only read the range „Europe“. R80 / W20

38 Revision Control System
Integrated „Revision Control System“. Every change on every config node is logged in a own version. Who did changed what and when. Its possible to revert to any former version at any time.

39 Lifecycle Management HW VF SF CL
Regardless which deployment 1 Installation Image… 1 Major Release Update… 1 Minor Release Update… 1 Hotfix… …. for everything! Centralized and Schedulable Distribution Installation Regardless if a NG hardware appliance, a NG virtual appliance, NG in the cloud or just the software on a 3rd party server is used. Its always the same software. So one installation image, one major update, one minor update, one hotfix for everything.

40 Consolidated Configuration
Daily Task for 100 firewalls 10 minutes Daily Task for 100 firewalls 16 hours Daily Task for 1 firewall 10 minutes In our experience, it takes 10 minutes per day to manage a single firewall Example: Changing root password on one gateway takes 10sec. Do it on 100 gateways and will take a way longer. With NG CC and the global config node templates and global object database, you link all 100 boxes to one config file and just change the root password there and all gateways get this change.

41 Simple Licensing Base Hardware License [F] Virtual License [VF] Software License [SF] Maintenance Energize Update [EU] Instant Replacement [IR] Premium Support [PS] Additional Malware Protection [M] Advanced Thread Detection [A] Basic Remote Access [VB] Premium Remote Access [VP] A very simple licensing for NG. There are only 9 licenses per gateway possible.

42 Troubleshooting

43 All you need to know with just 1-click
Realtime information & manipulation „Live“ Tab(active connections) - Live session table of active connections. - Detailed information about application

44 All you need to know with just 1-click
Historic information „History“ Tab (recent connections) Allowed traffic (allowed via rule) Blocked traffic (based on rule) Dropped traffic (based on AV, IPS or URL violation) Failed traffic (traffic which was allowed by rule but did not establish because Host or Port unreachable) Unique in the marked is also to show the SRC and DST NAT IPs in the live session table as well in the history.

45 All you need to know with just 1-click
Application Context Application Context Trying to discover intention of an applicaton Showing Youtube video ID and jump on this video

46 Threat Monitor „Threat Monitor“ Tab
Shows all detected threats for IPS, AV, Protocol Detection, ATD

47 Application Monitor and Drilldown
„Monitor“ Tab (Applications only) First Image shows Monitor in general Second Image shows drilldown for „facebook“

48 Reporting, Alerting, Logging & Statistics

49 Customized Reports Create customizable Top-Reports for:
Applications & Categories Sources & Destinations Geo Locations (SRC/DST) URLs & URL Categories Risk & Usage Protocols Users Schedulable and automated Reports are generated on-demand on the box directly or via „NG Report Creator“ tool for windows. Reporter create scheduled reports (once a day, week, month) and distribute it via . Consolidated reports for more than one box are available Anonymized reports for management are available for privacy reasons.

50 Splunk Integration Splunk integration with own „Barracuda NG firewall app“.

51 Security Information & Event Management
Logs (Support for Syslog, IPFIX, NetFLOW) Lancope Partnership Firewall Audit Log Eventing and Notifications SNMP (Service & Traps) Statistics

52

Download ppt "Secured Connectivity Release 6.2.0"

Similar presentations

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
BalaBit Shell Control Box

BalaBit Shell Control Box
QoS Solutions Confidential 2010 NetQuality Analyzer and QPerf.

QoS Solutions Confidential 2010 NetQuality Analyzer and QPerf.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.

Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Blue Coat Systems Securing and accelerating the Remote office Matt Bennett.

Blue Coat Systems Securing and accelerating the Remote office Matt Bennett.
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.

Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
Barracuda Networks Steve Scheidegger Commercial Account Manager 734-887-2422

Barracuda Networks Steve Scheidegger Commercial Account Manager
Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.

Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Barracuda Load Balancer Server Availability and Scalability.

Barracuda Load Balancer Server Availability and Scalability.
Net Optics Confidential and Proprietary Net Optics appTap Intelligent Access and Monitoring Architecture Solutions.

Net Optics Confidential and Proprietary Net Optics appTap Intelligent Access and Monitoring Architecture Solutions.
Overview of Microsoft ISA Server. Introducing ISA Server New Product—Proxy Server In 1996, Netscape had begun to sell a web proxy product, which optimized.

Overview of Microsoft ISA Server. Introducing ISA Server New Product—Proxy Server In 1996, Netscape had begun to sell a web proxy product, which optimized.
Exchange Deployment Planning Services Exchange 2010 Complementary Products.

Exchange Deployment Planning Services Exchange 2010 Complementary Products.
Microsoft TMG End of Life. Who is Barracuda? Barracuda Networks Established: 2003 Headquarter: Campell, CA Employees: 1100+ Customers: 150.000+ Market:

Microsoft TMG End of Life. Who is Barracuda? Barracuda Networks Established: 2003 Headquarter: Campell, CA Employees: Customers: Market:

Similar presentations

Ads by Google