fit 10 - hargun - cyberoam
DESCRIPTION
TRANSCRIPT
HARI GUNAWANFIT 04 Juni 2010PT. Jerbee Indonesia
EKSTERNAL•VIRUS•SPAM•SPYWARE•HACKING•PHISHING,PHARMING•ROOTKITS
INTERNAL•MALICIOUS INTENT•INFORMATION LEAKAGE•IDENTITY THEFT
ANCAMAN KEAMANAN JARINGAN
Unified Threat Management (UTM)
Evolution of the traditional firewall into an all-inclusive security product that has the ability to perform multiple security functions in one single appliance: network firewalling, network intrusion prevention and gateway antivirus (AV), gateway anti-spam, VPN, content filtering, load balancing and on-appliance reporting.
1.Firewall
2. VPN
3. Intrusion Detection & Prevention
4. Gateway Level Anti-virus for Mails, Website, File Transfers
5. Gateway level Anti-spam
6. Content Identification & Filtering
7. Bandwidth Management for Applications & Services
8. Load Balancing & Failover Facilities
Unified Threat Management (UTM)
Benefits of UTM Appliances
Reduced complexity All-in-one approach simplifies product selection, integration and support
Easy to deployCustomers, VARs, VADs, MSSPs can easily install and maintain the products
Remote Management Remote sites may not have security professionals – requires plug-and-play appliance for easy installation and management
Better Man Power ManagementReduction in dependency and number of high end skilled Human resources
Managed ServicesSecurity requirements & day to day operations can be outsourced to MSSPs
Lack of user Identity recognition and control Inadequate in handling threats that target the user – Phishing,
Pharming
Unable to Identify source of Internal Threats Employee with malicious intent posed a serious internal threat Indiscriminate surfing exposes network to external threats 50 % of security problems originate from internal threats – Yankee
Group Source of potentially dangerous internal threats remain anonymous
Unable to Handle Dynamic Environments Wi-Fi DHCP
Unable to Handle Blended Threats Threats arising out of internet activity done by internal members of
organization External threats that use multiple methods to attack - Slammer
Lack of In-depth Features Sacrificed flexibility as UTM tried to fit in many features in single
appliance. Inadequate Logging, reporting, lack of granular features in individual
solutions
Challenges with Current UTM Products
Need for Identity based UTM…
Identity is missing on firewall, antivirus & Anti-spam
Products
• Cyberoam UTM• Cyberoam iView (Open source Logging & Reporting)• Cyberoam Central Console (Centralized Management)• Cyberoam EndPoint Data Protection
Layer 8 Firewall (Patent-pending Technology)
Cyberoam Unified Threat Management (UTM)
Patent Pending: Identity-Based Technology
User
Cyberoam is the only Identity-based Unified Threat Management appliance that provides integrated Internet security to enterprises and educational institutions through its unique granular user-based controls.
Database of millions of sites in 82+ categories
Blocks phishing, pharming, spyware URLs
HTTP upload control & reporting
Web and Application Filtering Features
Block & Control Applications such as P2P, Streaming,
Videos/Flash
Local Content Filter Database to reduces latency and
dependence on network connectivity.
Customized blocked message to educate users about
organizational policies and reduce support calls
Application and Identity-based bandwidth allocation
Committed and burstable bandwidth
Time-based, schedule-based bandwidth allocation
Restrict Bandwidth usage to a combination of source, destination and
service/service group
Identity-based Bandwidth Management
Authentication and External Integration
Advanced Multiple Gateway Features
Schedule based bandwidth assignment
Gateway Alerts on Dashboard
Bandwidth Utilization Graphs
Active-Active Auto Link Failover & Load
Balancing
Active-Passive Auto Link Failover
Source & Destination Routing
Support for more than 2+ ISP links
Educate Users with Custom Denied Messages and Reduce Your Support Calls
James
http://www.screensaver.com
Dear Mark,
The web site you are trying to access is listed within the category SpywareandP2P
It can result in download of spyware and adware which result in popups. They are a threat to you and the enterprise and can slow the network down.
http://www.screensaver.comhttp://www.screensaver.com
Dear Mark,
The web site you are trying to access is listed within the category SpywareandP2P
It can result in download of spyware and adware which result in popups. They are a threat to you and the enterprise and can slow the network down.
Scans WEB, FTP, Pop3, SMTP & IMAP traffic Self-service quarantine area Signature update ever 30 Mins Identity-based HTTP virus reports Disclaimer Addition to outbound emails Spyware and other malware protection including “Phishing” emails Block attachment based on Extensions (exe, .bat, .wav etc)
Gateway Anti- Virus Features
Spam filtering with (RPD) Recurrent Pattern Detection technology
Virus Outbreak Detection (VOD) for zero hour protection
Self-Service quarantine area
Content-agnostic
Change recipients of emails
Scans SMTP, POP3, IMAP traffic
Gateway Anti-Spam Features
Protects against Image-based Spam and spam in different languages
The spam catch rate of over 98%
1 in Million false positives in spam
Local cache is effective for >70% of all spam resolution cases
RPD (Recurrent Pattern Detection)
Multiple and Custom IPS policies Identity-based policies
Identity-based intrusion reporting
Ability to define multiple policies
Reveals User Identity in Internal Threats scenario
IPS Features
Intrusion Prevention System (IPS)
Cyberoam in Numbers
More than virus signatures in the anti-virus
database
URLs categorized in
categories
Spam Detection
False Positives
IPS Signatures
500,00
0
More than 50
Million
82+
* 98%* 1 in million
More than 5500+
Other Network / System Features
• High Availability (Active-Active / Active-Passive)
• Stateful Failover
• VPN Failover
• Dynamic Routing (RIP, OSPF, BGP)
• NTP Support
• Multiple Configurable Syslog Server Support
• GUI based Real Time Firewall Log
• Roll Back (Roll back to last upgraded version)
… And Much More
CONTOH APLIKASI CYBEROAM
Subscription free On-Appliance Reporting
Real-time Monitoring and Alerting
Over 1100+ Drilldown Reports
Reports in HTML, MHTML, PDF, & CSV formats & Email Alerts
Web 2.0 GUI and Reporting interface.
iView(Cyberoam Aggregated Reporting & Logging Software)
Instant Messaging Logging & Control
• Yahoo & Windows Live Messaging
• Control Who Communicates with Whom
• Control Webcam usage
• Control Voice Usage
• Individual as well as Group Control
Control who can chat with whom
Archive Communication
Control communication medium(chat, video, voice)
Data Protection
Productivity
Reduces operational complexity and deployment time
Minimizes errors and lowers administration cost Enables the MSSPs to
have different personnel for managing different customer deployments
Ease of use with view of multiple devices and network status at a
glance
Cyberoam Central Console – CCC Series
Cyberoam for End Point Data Protection
1. Need for Data Protection
2. Data Protection & Encryption
3. Device Management
4. Application Control
5. Asset Management
Medical records of 741 patients lost by a hospital
60% corporate data lies unprotected on endpoints
Lost USBs
Lost Multimedia Discs
Wrong Email Attachment
Lost iPods
Personal information of 11.1mn customers of leading oil refinery (USA) found on streets
Bank employee accidentally sent sensitive customer details to wrong email address
12,500 handheld devices forgotten at the back of taxis every 6 months in UK
9000 USB sticks found in people's pockets at the local dry cleaners in UK
Need for Data Protection
What Places Data At Risk?
ApplicationsWeb, Mail, IM, P2P, Printing, FTP
Removable DevicesUSBs, CDs/DVDs, MP3, Digital cameras
InsidersUnauthorized transfer of sensitive data; Malware-laden email for information access; Sensitive data sent to wrong person
Data At Risk• Intellectual property related to R&D
• Business plans, RFP / Tender quotes • Product launch dates and
roadmap • Customer data
MaliciousUnintentional
Cyberoam End Point Data
ProtectionProtect your Data. Protect your Assets.
Cyberoam End Point Data Protection
• Comprehensive End Point Data Protection Suite
• Modules
• Data Protection & Encryption• Device Management• Application Control• Asset Management
Prevent Data Leakage – Email Attachments
Control data shared as attachment in emails Send customized warning message to user and alert to
administrator
Data Protection & Encryption
Record Data Shared over Webmails
Record content of Webmail such as Yahoo, Gmail & Msn
Prevent Data Leakage - Attachments over Instant Messengers
Attachment:
.doc NOT ALLOWED
File name: confident NOT ALLOWED
Size: > 2 MB
Control data shared as attachment over Instant Messengers Send customized warning message to user and alert to
administrator
.exe
.jpg
Before deleting
Operation
Modify
Delete
Fixed
Floppy
CD rom
RemovableNetwork
Unknown
.jpg
.doc
Before modifying
Before copying/cut to
Before copying/cut from
Mode of Transfer
File Name/Extn.
Back up
Read
Document
Prevent Accidental / Malicious Deletion of Data
Selective Action & Back-up of Document
• Control operations over a document and its mode of transfer• Back up files before specific actions
PrinterPrinter Type Selected files/Extn.
Attachment:.xls
Attachment:.doc
Shared
Local
NetworkVirtual
Database Server
PrinterPrinter Type Selected files/Extn.
Attachment:.xls
Attachment:.doc
Shared
Local
NetworkVirtual
Database Server
Prevent Data Leakage through Printed Files
Copy of Printed File Saved in Database Server
• Control access to printers in the system• Save shadow copy of printed file
Encrypt entire device
Attachment:.xls
Attachment:.doc
Attachment:.jpg
Decrypt before reading
Encrypt selected files
Data Sharing Through Removable Devices
• Encrypt all/selected files while writing to removable device• Decrypt files while reading from a removable device only in
organization network
• - Data in your lost USB device cannot be decrypted and is safe
Encrypts Data, Blocks Data Sharing
Record Chat Sessions even for SKYPE
Chat session
logs
Back up server
Protect your Data by controlling data over device
• Allow only authorized devices
Device Management
Storage Device
Communication Interface Device
USB Device
Network Devices Others
Dial Floppy, CD, Burning device, Tape, Removable device
Serial ports, parallel ports, modems, Bluetooth
Dial-up connection
USB keyboard, mouse, modem, storage, hard disk, others
Wireless LAN adapter, PnP adapter, Virtual LAN adapter
Audio equipment, Virtual CDROM, any new device
Device Management
Protect your Data by Controlling Applications
• Prevent data loss through unauthorized/indiscriminate use of applications
• Granular, policy-based application controls
- Protect sensitive data & enhance employee productivity- Prevent legal liability, network outages
IM tools
Entertainment(MP3, MP4, MPEG)
Pirated software Screensavers
Password crackers
Application Control
QUESTION ?
TERIMA KASIH