Cyberoam s Future-ready Extensible Security Architecture (ESA) Cyberoam. White paper

Transcription

1 White paper Cyberoam Cyberoam s Future-ready Extensible Security Architecture (ESA) Protect your investment with a security architecture built to accommodate tomorrow s security requirements

2 Cyberoam s Extensible Security Architecture (ESA) allows organizations to get maximum value out of their money on the purchase of a security appliance (UTM, Next Generation Firewall). The architecture was designed in response to the fact that most enterprise networks do not have one-size fits all environments, thus, any security appliance must organically grow to accommodate different threat scenarios in the future. With Cyberoam s extensible security, organizations stand protected against unknown, future attacks. As their business grows, so will their extensible security platform. Introduction According to a 2010 survey, sixty-three percent of US organizations have experienced at least one security incident during one year. With each passing day, the challenges faced by IT administrators are becoming more difficult as cyber threats continue to evolve into more stealthy, sophisticated attacks. They may strike in the form of newly-released viruses, spyware, worms etc., blended threats from a variety of entry points or clandestine hackers targeting a company's financial data. As the result of a changing security landscape, organizations are being forced to spend a lot of time and money fighting network threats. If they fail to respond with speed and accuracy, it could result in stolen customer records, compromised confidential information, IT downtime, slowed system performance, reduced employee productivity, loss of revenue and negative impact on corporate reputation. Even as the threats facing organizations are becoming more sophisticated and less conspicuous, enterprise IT teams are being forced to upgrade their security appliances with new features and update the protection level of existing Anti-Malware, IPS and more to tackle any new threat variants, demanding a more complex security system that eventually brings down the overall performance. In addition, IT teams are under increasing pressure to reduce costs, simplify management and continuously ensure that their IT security infrastructure is updated. The challenge today is to have a security appliance that ensures security against latest and upcoming threats without causing any performance dips while empowering customers to dynamically upgrade their security architecture to address the threats of tomorrow.

3 The need for extensibility in security appliances The commonsensical hardware approach in any enterprise-class security product should be to bring in add-on security capabilities across the legacy appliance in order to neutralize newly-emerging threats. This method, however, is self-limiting because it fails to address the real problem arising due to an organization s rapidly-changing security requirements declining performance of the underlying architecture due to its hardcoded configuration. Zeus Trojan s Enterprise Impact The Zeus Trojan has been around since 2004 in different forms and in different names - spreading in a variety of ways: in spam, exploit kits, or drive-by downloads from infected websites. The recent most variant of Zeus is being extensively used to steal bank account information. Once this Trojan is discovered in a network, getting rid of it is extremely difficult. According to an RSA security study, over 90 percent of Fortune 500 companies have been potentially impacted by Zeus as of Most security appliance vendors try to outdo each other when it comes to offering multiple security and networking services in a single, integrated platform. No matter their claims of in-depth defense, a self-contained, closed hardware unit implementing newer features tends to bring a lot of instability to the entire security arrangement because the legacy hardware was never designed in the first place to integrate with these additional features. The increased computing demands of newer features and applications, when turned on, creates a significant performance drop in the appliance. The performance issues become even more critical for time-sensitive security solutions such as newer AV/IPS signatures brought in to fight zerohour malware threats, SQL injection attacks, brute force attacks and crossscripting attacks. The appliance is simply not capable of coping with new security requirements without destabilizing the entire house of cards (see attached figure). In fact, closed or fixed architecture ASIC-based appliances lose their performance value with time because they cannot be upgraded in field to counter new threats; such systems deliver slow performance from the very next day the hardware was designed. Any fresh attack deteriorates the system speed even further. Hence, the user will eventually have to make a tough choice between declining system performance and protection against new attacks. The only solution in such a scenario is to add more expensive hardware, which means costly, time-consuming installation. The need for additional hardware also negatively impacts the bottom line. To offset this loss, some appliances use add-on security modules. Designed to implement or accelerate specific features, the newly-installed features typically cannot be reused for any other purpose and often sit idle as customer requirements keep fluctuating. To address scalability concerns, some security products contain blade solutions to minimize installation costs. Although, sharing the same hardware chassis reduces the need for additional rack space, any savings realized is negated by the lack of true integration between disparate blades, which often increases their overheads by complicating overall network management. Cyberoam's security appliances have built-in extensibility for future-proof security Cyberoam s Extensible Security Architecture (ESA) over its security appliance (UTM, NGFW) has been designed from the hilt to provide futureready security to organizations through an in-built extensible platform which can organically grow with their future security needs, therefore, removing the need to replenish the hardware during its network life cycle. Thus, organizations can protect their investments made on the hardware as the appliance s performance will not deteriorate with time.

4 The Cyberoam ESA design rapidly adapts itself to mitigate the threats of tomorrow such as Web 2.0, VoIP, streaming media, social networks and more. It has the ability to prolong the life and performance of the legacy security appliance by supporting future feature enhancements, for which the development can be done very rapidly and with minimum deployment effort. Basically, Cyberoam s security appliances achieve extensibility by running on an independent, multicore-aware software architecture, which ensures parallel execution of multiple network sessions. This enables the appliance to maintain a predictable degree of performance while dealing with unknown future threats, thereby providing higher levels of security. Extensibility in Action Many of us have played with LEGO blocks as children, and many continue to do so. To understand the extensible framework in network security, one can compare its structure to a set of LEGO blocks. Unlike customized toys which happen to be rigid and inflexible by not allowing new design creations, LEGO blocks allow the player to use their imagination to bring infinite building possibilities based on interlocking compatibility between bricks. One does not have to foresee future creations in advance. All that is needed is a foundation allowing anything to be built. Clearly, any product that embraces extensibility should adapt to an unlimited number of scenarios. At no point of time, the software has to depend on the appliance hardware, making it easily reprogrammable to deliver new patches and policies online to address any fresh attacks. All that is required is a routine upgrade (see attached figure) which consists of simply downloading the latest Cyberoam version release (with latest patches and newer features), uploading the firmware image, restarting and displaying a new log-in image. Once the firmware is uploaded, the appliance would undergo a soft reboot and would be running the latest build. With each new upgrade in place, organizations can achieve highly granular policy controls and a much larger range of protective services. The efficiencies of the extensible design advance the evolution of existing services and the deployment of new services without requiring a platform replacement or performance compromise. With the Cyberoam ESA in place, IT administrators can quickly and cost effectively turn on new feature capabilities as dedicated or multiple security services (AV, IPS, Instant Messaging controls, Applications Visibility etc.) tightly integrated into the operating system. Instead of adding extra equipment to meet customers networking demands, Cyberoam accommodates growth in security requirements for the organization with its ESA architecture. For MSSPs which want to add newer services for its clients, Cyberoam delivers the flexibility to bring on these services without causing the hardware performance to be degraded.

5 Major business benefits of Cyberoam s ESA security! Security scalable as per growing business needs: Cyberoam offers a scalable platform for organizations to address their security needs of the future by offering easy integration of newer features with legacy hardware.! Optimal design: Cyberoam s ESA design ensures organizations can deal with the conflicting goals of performance, flexibility and security without compromising in any of them.! High performance: Since Cyberoam s ESA platform runs on a multicoreaware software architecture, it delivers significant performance and security advantages over ASIC processor-based security appliances. Cyberoam s purpose-build hardware and software architecture provides high speed access to look up signature tables and a high speed work area for buffering and processing. With an increased emphasis on application level and content security, the appliances have extra memory to allow effective management of dynamic attacks. They also have the flexibility to add signatures for new attacks when required without worrying about the hardware limits.! Optimizing the investment made on hardware: Cyberoam security has been designed to remove the need to purchase separate, costly and specialized hardware upgrades, therefore lowering OPEX and CAPEX while improving overall efficiencies and security. Cyberoam Product Portfolio CR NG series UTMs CR NG series NGFWs Virtual Security Appliances Cyberoam Central Console (CCC) CR iview (Logging & Reporting) Cyberoam Awards & Certifications VPNC CERTIFIED VPNC CERTIFIED Basic Interop AES Interop Portal Exchange Firefox JavaScript Basic Network Extension Advanced Network Extension BEST BUY PC PRO RECOMMENDED EDITOR S C H O I C E RECOMMENDS Toll Free Numbers USA : India : APAC/MEA : Europe : C o p y r i g h t Cyberoam Te c h n o l o g i e s Pvt. L t d. A l l R i g h t s R e s e r v e d. Cyberoam & Cyberoam logo are registered trademarks of Cyberoam Technologies Pvt. Ltd. Ltd. /TM: Registered trade marks of Cyberoam Technologies Pvt. Ltd. Technologies or of the owners of the Respective Products/Technologies. Although Cyberoam attempted to provide accurate information, Cyberoam assumes no responsibility for accuracy or completeness of information neither is this a legally binding representation. Cyberoam has the right to change, modify, transfer or otherwise revise the publication without notice.