Cyberoam Unified Threat Management
VCWSecurity
7,480 views
53 slides
Mar 19, 2013
Slide 1 of 53
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
About This Presentation
No description available for this slideshow.
Slide Content
Our Products www.cyberoam.com © Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. Cyberoam USP Presenter: <Name> <Position>, Cyberoam
Technology Powerhouse 450+ Employees Backed by World’s Largest PE Investor ($156bn) – the Carlyle Group Sales, Distribution Channel and Customers across 125+ Countries Amongst the top 3 global players for UTM features Patent-pending Identity-based Management Cyberoam Introduction
Network Security Centralized security Management Network Monitoring & Analysis Securing Home users One stop shop: Cyberoam’s Holistic Security Solutions
Support for 3G/4G/ WiMax Cyberoam UTM – Comprehensive Network Security Layer 8 security
Cyberoam UTMs offer… Gigabit Firewall Throughputs Powerful Hardware Superior Quality Value for Money Cyberoam OS
Powerful Hardware Multicore Gigahertz processors for Nano second security processing Gigabit Ports to integrate with Gigabit network Faster, Next-Gen Memory and High Capacity Storage for superior performance Industrial grade components to withstand extreme environments Cyberoam Architecture Intelligent Firmware Tight integration with Hardware Network & Crypto Acceleration
Cyberoam's Layer 8 Technology treats “User Identity” as the 8 th Layer in the protocol stack Cyberoam UTM offers security across Layer 2-Layer 8 using Identity-based policies Cyberoam Innovation: Layer 8 Security
AAA over single UTM appliance Cyberoam Audits Identity–based Logs + Reports Compliance Reports Cyberoam Authorizes Internet surfing quota Schedule control Security Policies Web Filtering Application Visibility & Control QoS / Bandwidth Management IM Controls Cyberoam Authenticates User Name IP Address MAC Id Session Id Users Customers Employees Management Partners Identity-based AAA Control user network activities Who can connect to the network Who can access what What have they accessed Ability to track the user activities; identify attackers /victims Take quick network security decisions
192.168.3.110 Ancy 192.168.3.105 Richard Internet Corporate LAN DHCP Administrator Applies security policies based on actual identity of users. User-specific rules for multiple users to share a common IP address 192.168.3.110 Steve 192.168.3.105 192.168.3.110 192.168.3.110 Identity-based Security
Prioritize applications with Layer 7 and Layer 8 controls Infected Applications Blocked Internet Application Traffic Cyberoam Appliance Visibility Control worms Spyware Manage Bandwidth Undesirable Business Critical Socio business Non Critical Logs & Reports Controls over applications based on User Identity, Time, Application and Bandwidth
Risk Level Very Low (1) Low (2) Medium (3) High (4) Very High (5) Characteristics Excessive Bandwidth Prone to misuse Transfer files Tunnel other apps Widely used Loss of Productivity Can bypass firewall policy Technology Browser Based Client Server Network Protocol P2P Granular classification of applications Category File Transfer Gaming General Internet Instant Messenger Infrastructure Network Services P2P Proxy and Tunnel Remote Access Streaming Media VoIP Mobile Applications Social Networking Web Mail And more…
Proactive Protection model: Eliminates the need for manual intervention by administrators to update policies for new applications added to the list Granular classification of applications Select P2P Applications Block all future P2P applications without adding applications manually Set Action
Control who can chat with whom Archive Communication Control communication medium (chat, video, voice, file transfer ) Data Protection Productivity Instant Messaging Controls Control loss of productivity Control access over chat, voice, video, file transfer Control who can chat with whom Prevent data leakage Block specific keywords Block regular expressions ( RegEx ) e.g. social security no., credit card no., ABN routing numbers Forensic Analysis IM audit logs Filter logs based on Users, IPs, Messages based on keywords
Real time visibility into user and network activities Traffic Discovery Real-time visibility into bandwidth utilization by user, protocol, application On-appliance Logging & Reporting Security Management Forensic Analysis Data Protection Compliance Management 1200+ Reports
Layer-8 User-based Reports
Layer-8 User-based Reports
Dual Dashboard – Traffic & Security Dashboard Traffic Dashboard
Dual Dashboard – Traffic & Security Dashboard Security Dashboard
Application Reports
Compliance Reports
Interactive World Traffic Map Interactive World Traffic Map for Source and Destination traffic
Traffic Discovery
Traffic Discovery
Stateful Inspection Firewall Unified Security Application Firewall Identity-based Firewall Layer 8 Geo-based Traffic Control Control incoming/outgoing traffic from/to a specific country FastPath Technology To improve processing speed and reduce CPU overhead Security Policies Connectivity Policies Productivity Policies Firewall Rule Unified Security Rules for all security features from firewall page Easy navigation and increased administrative productivity
Configure rules for all features from Firewall page Identity Security Productivity Connectivity + + +
Intrusion Prevention System Layer 8 and IPS Tuner driven Identity-based IPS policies per user, group and IP address Allows multiple IPS policies Identity-based alerts & reports 4500+ signatures – broadest security cover Anti-Spam (Inbound/Outbound) Three level scanning: IP Reputation filtering Real-time Blackhole List (RBL) Recurrent Pattern Detection (RPD TM ) technology ~98% spam detection Self-service Quarantine and Spam Digest Scans SMTP, POP3, IMAP traffic Virus outbreak detection for zero-hour protection DoS & DDoS Protection Packet Rate Limit Protection against flood attacks SYN Flood TCP Flood UDP Flood ICMP Flood IPS Signature to prevent attacks Protocol Anomaly Gateway Anti-Virus, Anti- spyware 4 million+ signatures Bi-directional scanning: Web & Email Self-service Virus Quarantine Scans HTTP, FTP, SMTP, POP3, HTTPS, IMAP and IM traffic Instant visibility into Attacker/Victim Continuously updated via Cyberoam Security Center Threat Protection Features Cyberoam Security Center
Firewalls/IPS cannot protect a web application from unknown threats On-appliance Web Application Firewall (WAF) Traditional Firewall Web & Application Server Database Server Organization's IT network Unauthorized access blocked Cost Effective No need to buy dedicated hardware WAF Easy to deploy Does not require any changes in setup Cyberoam UTM offering WAF protection WAF protection on Cyberoam UTM Protects web-apps and web servers from hackers Positive protection model and No Signature Tables Intuitive website flow detector Automatically adapts to website changes Protects against OWASP top 10 web-app vulnerabilities SSL Offloading Monitoring & Reporting
Support for IPSec, L2TP, PPTP, SSL VPN Threat Free Tunneling (TFT) Technology Supported VPN Clients MacOS iOS Android Devices IPSec VPN L2TP VPN PPTP VPN iOS L2TP VPN Android Virtual Private Network (VPN) SSL VPN Client less License free Scans VPN traffic for Malware, Spam, Inappropriate content, Intrusion attempts Advanced features for business continuity MPLS failover to VPN VPN failover Embrace BYOD with mobile VPN clients
Blocked Websites HTTP /HTTPS Website HTTP / HTTPS Web & Content Filtering Allowed Websites HTTP/ HTTPS Web 2.0 Web 2.0 Google cache pages Google cache pages Embedded URLs Embedded URLs Malware hosting sites Malware hosting sites Industry’s most comprehensive URL database 44million+ URLs in 82+ categories Regular Web category updates Cyberoam Security Center Controls access to HTTP/HTTPS websites Blocks Google Cache pages Blocks Embedded URLs Detects & Blocks Third Party Proxy and Tunneling sites Filters Web 2.0 content Web 2.0 Blocks Malware hosting sites Proxy & Tunneling sites Proxy & Tunneling sites Internet
Manage productivity by controlling access to unwanted sites On-appliance web category database Faster access Surfing pattern privacy Control Data Leakage Blocks file uploads to web pages Helps meet regulatory compliance requirements Prevent productivity loss with identity-based approach Customize blocked messages to educate users on corporate policies “YouTube for Schools” for Educational Institutes Allows access to selected educational content Blocks all inappropriate, peripheral content such as ads, comments & links Web & Content Filtering
Best of Breed Bandwidth Management / QoS Bandwidth policies tied with User User User/Users group User/Users group Firewall Rule Firewall Rule Web Category Web Category Application Application
Create a bandwidth policy on a combination of User or User Group /Department Application or Application Category Web category Allows great flexibility and real L2-L8 visibility and control Bandwidth sharing with priority Schedule-based bandwidth allocation Best of Breed Bandwidth Management / QoS Burstable bandwidth Share the unutilized bandwidth Committed bandwidth Allocate dedicated bandwidth CEO Manager ERP System 5 mbps 2 mbps 8 mbps Manager 2mbps Employee 2 2mbps Employee 1 2mbps Employee 2 3 mbps Employee 1 3 mbps Marketing Group 6mbps When user is not connected
High Availability Active-Active & Active-Passive Reduces single-point-of-failure Maximizes network uptime Ensures continuous network security Multiple Link Management with Automated Load Balancing Multiple WAN and WWAN (3G/4G, WiMax ) link management with multiple failover conditions Active-Active and Active-Passive Auto Link Failover Gateway failover over VPN Business Continuity Features ISP2 (5 mbps) Sales Dept. Dev. Dept. Finance Dept. ISP1 (10 mbps) MPLS ISP3 (3G) (3 mbps) Failover Link Organization's IT network
Layer 8 Policy-based Routing Routes traffic based on Source IP addresses, Protocols & Users Assures QoS for key users and applications Business Continuity Features
High performance, integrated security over WLAN Secures wireless networks to the extent of wired networks Faster performance, broader coverage with 3x3 MIMO Technology Dual band support: 2.4 GHz or 5 GHz Multiple Virtual Access Points Layer 8 over WLAN Identity-based policies in dynamic IP environment MAC-based filtering Supports IP-address pool Enhances security Wireless (WLAN) Security Internet Marketing Engineering Sales File server ADS ERP
Prevent the risk of IT administrator from misusing privilege of tracking user activities 2 people: Authorizer and Administrator Authorizer consent required for the Administrator to view user-specific activities Safeguard user privacy – 4-Eye Authentication
Needed for hotspots, airports, hotels, corporate offices Default group can be created for guest users Sending Internet access credentials using SMS for guest users SMS (Text-based) Authentication Airports Hotels SMS for Guest users
Organizations cannot afford to compromise on any of these. The right SCP balance is essential! Cyberoam features assure Security, Connectivity, Productivity
Web Support Chat Support Email Support Phone Support Customer Support System Appliance Registration and Upgrade Subscribe security features Create support tickets Request RMA Support available across all time zones Global Support Excellence - ITIL compliance (ISO 20000) Knowledge base
Web Support Chat Support Email Support Partner Support System Ordering & Inventory management Sales & Marketing tools & resources Presales Support Track Appliance/Subscription Knowledge base Region specific dedicated Technical Account Managers (TAM)
Cyberoam UTM Product Range Hardware UTM appliances Virtual UTM appliances CRiV-1C, CRiV-2C, CRiV-4C, CRiV-8C, CRiV-12C Large Enterprises CR2500iNG CR1500ia, CR1500ia-10F, CR1000ia, CR1000ia-10F, CR750ia, CR750ia-1F/10F, CR500ia, CR500ia-1F/10F/RP, Small and Medium Enterprises CR300i, CR200i, CR100iNG, CR50iNG Small and Remote Offices CR35wiNG, CR35iNG, CR25wiNG, CR25iNG, CR15wiNG, CR15iNG
Dubai Head Office New York Branch Office Mumbai Branch Office Boston Branch Office Cyberoam UTM Cyberoam UTM Cyberoam UTM Cyberoam UTM Cyberoam Central Console (CCC ) CCC is for centralized, integrated management and monitoring of Cyberoam UTM devices Offers complete control over distributed networks from head office (H.O.) or Security Operations Center (S.O.C.) of MSSPs Available as Hardware CCC Appliances, Virtual CCC Appliances Cyberoam Central Console (CCC)
Servers Firewalls IDP / IPS Switches Routers UTM Applications Desktop systems Logs & Events Identity Logging Reporting Compliance Management Forensic Analysis Log Management Security Management Cyberoam iView – Logging and Reporting Ability to log and report activities from various devices/vendors Available as Open Source software Appliance Cyberoam iView’s Logging & Reporting Facilitates Security, Compliance, Forensics
CCC & iView product range CCC appliances iView – Logging & Reporting CR-iVU200 CR-iVU100 CR-iVU25 Hardware CCC appliances CCC1000, CCC500, CCC200, CCC100, CCC50, CCC15 Virtual CCC appliances For VMware Server: CCC VMS 200, CCC VMS 100, CCC VMS 50, CCC VMS 15 For VMware Workstation: CCC VMW 200, CCC VMW 100, CCC VMW 50, CCC VMW 15
Developing competencies with Cyberoam UTM appliances CYBEROAM CERTIFIED NETWORK & SECURITY EXPERT (CCNSE) CYBEROAM CERTIFIED TRAINER (CCT) CYBEROAM CERTIFIED NETWORK & SECURITY Professional (CCNSP) Training & Certification
2012 Magic Quadrant for Unified Threat Management 2010 Magic Quadrant for Unified Threat Management 2009 Magic Quadrant for SMB Multifunction Firewalls Recognized as ‘Visionary’ in the Gartner UTM MQ
“One innovative solution to growth and extensibility requirements has been adding an abstraction layer – a sort of Layer 8 on the open systems interconnection (OSI) model - that allows connection of names. This could be users, domains and more. This allows greatly improved granularity of system administration.” Innovation: Go-to-market strategy in a global market that is quite crowded in its product space. Greatest strength: Product and support through most media 24/7. For Cyberoam, customer commitment means measuring, analyzing and responding to customer attitudes, needs and how customers view Cyberoam products. NASSCOM INNOVATION AWARD 2011 Proven track record of Innovation
Clientele Worldwide BFSI Manufacturing Education Pharma & Healthcare Telecom & ISP Government
Others Clientele Worldwide Hotels Retail & Services IT/BPO & Media
VPNC Certified for Basic VPN & AES Interoperability ICSA Certified High-Availability ICSA Certified Firewall IPv6 Ready Member of Internet Watch Foundation UTM Level 5: Cyberoam holds a unique & complete UTM certification Anti-Spyware Anti-Virus Firewall VPN IPS/IDP Anti-Spam URL Filtering Premium Premium Product Certifications Premium EAL4+ Pending Approval
Link: http://demo.cyberoam.com Credentials: guest /guest Cyberoam Live Demo Get a 30 day FREE Evaluation of Cyberoam Virtual appliance
Thank you Contact: [email protected]
Categories
BusinessDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 7,480
- Slides 53
- Favorites 9
- Age 4641 days
Related Slideshows
1
DTI BPI Pivot Small Business - BUSINESS START UP PLAN
MeljunCortes
30 views
1
CATHOLIC EDUCATIONAL Corporate Responsibilities
MeljunCortes
31 views
11
Karin Schaupp – Evocation; lançamento: 2000
alfeuRIO
30 views
10
Pillars of Biblical Oneness in the Book of Acts
JanParon
27 views
31
7-10. STP + Branding and Product & Services Strategies.pptx
itsyash298
29 views
44
Business Legislation PPT - UNIT 1 jimllpkggg
slogeshk98
32 views