White paper. Cyberoam UTM. Cyberoam. 360 Protection. on a Shoe-String Budget. I sales@cyberoam.com

Transcription

1 Cyberoam o 360 Protection on a Shoe-String Budget

2 Introduction Network security a few years ago was not a part of an organization's annual budget where traditional wired computers sent secure information to the server placed in an isolated network and traditional routers with a basic firewall performed the job of securing an organization's network. This was a primitive age of network security when network security was little known and considered as an avoidable expense. But now the sensitive information flows through Internet access devices, smart phones, tablets and cloud, so the business models of organisations across the globe have been altered drastically. The winds of change have been accelerated by the social media entering the corporate networks which exponentially increases the chances of sensitive information exposure. Witnessing this drastic change in the flow and access avenues of information, organizations are require to build a network security strategy which can deal with the changed business landscapes, dynamic employee needs, evolving threats, security standards and compliance requirements. These changed requirements set induces the organizations to add an extra field in their budget i.e. Network Security. o This whitepaper elevates how Cyberoam A Next Generation UTM snugly fits into the network to implement a allround protection against the threat landscape surrounding the organization with minimal investment.

3 White paper A Traitor Within Need of the 8th Layer of Network Security In an ideal world, employees use the Internet enabled devices provided by their employer, strictly for the business use. The reports however reveal a different reality. Cyberoam s Identity and Zone based approach helps segment the network sensitive information in a protected zone and provides a controlled access of the external world to the users inside the network by implementing an extra layer of security called: AAA ( Authentication Authorization Auditing). According to the survey conducted by International Data Corporation (IDC)!? 70% of all web traffic to Internet pornography sites occurs during the work hours of 9am-5pm.!? 48% of large companies blame their worst security breaches on employees. Cyberoam s Identity based UTM makes it mandatory for the user to get authenticated prior to the Internet access. Authentication request sent by the user is authorized and logged by the firewall. The firewall also scans for any attempt of injecting a malicious code in to the network programs using Intrusion Prevention and Anti-Virus scanning even on traffic between network zones.!? 60% of security breaches occur within the company - behind the Firewall.!? FBI studies in the last few years have shown that around 80% of company security policy violations are caused by their own personnel. logs and records all the network activities of the user which makes it almost impossible for an Insider to steal any sensitive data from the network. is designed to stamp a packet not only with an IP address but also a valid authorized user account, hence making his packet accountable. Malware Propagating over Secure Communication Channels Need a Clean VPN As world metamorphoses into a Global village, organizational structure and business practices have evolved. The current organizations have multiple remote and branch offices spread across the world and for them continuous threat free connectivity with head offices is one of the critical business requirements. In the absence of proper security measures, VPN tunnels may turn into a safe passage for malwares entering into organization s network. Creating VPN tunnels with no knowledge of security infrastructure can put the organization network at risk and attackers can leverage insecure VPN connections to access critical data inside the organization. Organizations use VPN to ensure availability of its network resources and to access core applications from remote locations. To achieve this connectivity, VPN is considered as the most secure way to transmit sensitive information across the Internet. I sales@cyberoam.com Cyberoam VPN module integrated with the UTM functionality provides Threat Free Tunnelling (TFT), by implementing identity based controls, user authentication, VPN traffic scanning against malwares, and scanning for Virus and Spam.

4 They Waiting for a Chance Need Vigilant Anti Malware and Anti Spam With a virtual population explosion of Websites, applications and users every day, associated risk quotient has increased exponentially. Organizations using as the primary medium of communication get thousands of unsolicited s every day. Major chunk of communication is comprises of spam and phishing s. Organizations using Internet for their business needs are exposed to emerging virus threats which lead to shear wastage of organization s resources and productivity. Organizations are exposed to manifold Web and threats and they are forced to think of a security shield against these threats in order to work smoothly. According to Securelist*,? In Q2 of 2012, the share of spam in mail traffic was averaged 74.3% The proportion of s with malicious attachments was averaged 3% According to KSN data, over 1 billion threats are detected in Q A total of 89.5 million URLs serving malicious code were detected. A total of 14,900 files from malicious programs targeting Android were detected. In Q2 2012, attacks from web resources located in different countries were neutralized. Of those, unique modifications of malicious and potentially unwanted programs were detected. Stand alone Anti-Virus or Anti-Spam solution do not serve the purpose as they are loosely integrated with the other security solutions deployed in the same organization. * offers best in breed Anti-Virus and Anti-Spam solution on a nominal subscription fee. Given below is the performance statistics of Cyberoam Anti-Spam and Anti-Virus solution: Stops 80% of spam traffic before entering into the network Spam Detection Rate: 98 False Positive Rate: 1 in 1 million s Virus Detection Rate: 99.5 Cyberoam offers user identity based Anti-Spam and Anti-Virus. The administrator can configure user based security policies. Cyberoam also gives user based on-appliance quarantine area and allows the users to release legitimate s (if any) from quarantined area. Cost of Productivity Need an Intelligent Web and Application Filtering Organizations are required to allow their employees to access Internet in order to stay up-to-date with latest market trends and competition. So these network cables work as life line for organizations business. Organizations heavily rely on websites and web based applications for connectivity and productivity. The emergence of Web technologies and social media applications play vital role in business but at the same time they can pose potential security threats which can easily exploit network vulnerabilities of the organization if not controlled and monitored intelligently.for example organizations are shifting from old conventional marketing techniques to Facebook to showcase their services and products. Almost every organization has a Facebook page these days. So when the business-needs transform, the traditional approach of blacklisting and whitelisting the complete application does not help. Rather an intelligent control is required to reap the fruits of this popular platform without putting employees productivity at stake. Cyberoam s Web and Application filter is a highly efficient module which can be customized to serve organization s unique requirements. This Cyberoam security shield can be configured to provide granular control over web and application activities of employees. Cyberoam also gives complete visibility of real time web and application traffic using traffic discovery feature. Traffic discovery allows the administrator to monitor all incoming and outgoing Internet traffic and fine tune Internet access policies as and when required.

5 Critical Web Applications at Stake - Need a Web Application Firewall Internet presence of an organization in this virtual world is evaluated by organization s Website, which provide a global business reach to deliver content to its customers. Organizations host public facing servers which allow visitors to access organization s website and applications. Organizations invest a considerable amount of time and resources in developing and maintaining various web applications and websites but security of these web applications and websites never addressed efficiently. Banks, Hospitals where Web servers are often hosted with a back-end customer or patient database are prone to sophisticated attacks like SQL Injection, Cross site scripting, URL Tampering, Remote Command Execution, Session and cookie high jacking, Buffer over flows. The after effects of these attacks are always devastating like stolen sensitive data, loss of revenue and compromised customer accounts. It can even lead to blacklisting of organization's website by many Content security providers. Organizations certainly do not wish to keep their reputation at the mercy of a hacker. Cyberoam s Web Application Firewall (WAF) is a cost effective easy to deploy module that intercepts traffic to and from the web server to secure it against the attacks mentioned earlier including the top 10 application vulnerabilities listed by OWASP- The Open Source Web Application Security Project. WAF s Positive protection model called Intuitive Web Flow Detector is capable of learning the legitimate behaviour of the web server for any request sent to it run time and creates dynamic application firewall rules in the background. WAF also provides SSL Offloading and act as a reverse SSL Proxy. With WAF deployed in organization s network any web-server that is outside the perimeter can also be protected. No Idea Who is doing What - Need a UTM with Pair of eyes When a security solution is deployed in the organization, an efficient and complete logging and reporting solution becomes an indispensable requirement. Administrator needs to know who is doing what in organization s network. Organizations are required to keep logs and reports to meet compliance standards set by different countries. At the same time they are required for forensic analysis. Most of the security solutions force organizations to allocate a separate budget for purchasing a syslog based reporting solution and need additional resources like a server with an Operating system. Top of that, these solutions do not provide user based reports rather they give superficial IP based reports. appliances are shipped with an inbuilt web based reporting engine - Cyberoam iview. Cyberoam iview offers complete visibility of users' network activities in a comprehensive way. It offers user based reports in graphical as well tabular format. These reports further can be drilled down to view leaf level reports with timestamp. Cyberoam iview offers network security and productivity reports e.g. Anti- Virus, Anti-Spam, Attacks, Internet Usage, Application Usage, Web Usage, FTP Usage and Data Transfer reports. If the administrator comes across with any anomaly or problematic Internet activities, he/she can tune-up network security policies and Internet access policies. Cyberoam iview also offers various compliance reports to meet compliance standards around the globe. Also, Notification feature of Cyberoam iview allows administrator to configure notifications to receive crucial reports via . These reports can be saved or sent in industry standard PDF or CSV format.

6 Conclusion One of the strategies that most of the small and medium business follows can be sum up as famous saying from Clark Howard Save more, Spend less and avoid being ripped off. Security is an expensive investment in the SMB segment that is why the management always looks for ROI when it thinks of investing in Network Security. shipped with an inbuilt reporting engine, multi-link management, bandwidth management and robust remote access VPN in the form of SSL VPN, L2TP and PPTP offers a cost effective security infrastructure that eliminates need of additional expenditure on reporting and VPN solutions. Besides above inbuilt features, Cyberoam offers multiple cost effective subscription options for regular UTM features like Gateway Anti-Virus, Anti-Spam, IPS, Web and Application Filter. The organization can choose and buy various combinations of subscriptions or bundled them for cost efficiency. With these many security features in a single box, is onetime relatively affordable investment for small and medium sized organizations with a tight shoe string Budget with complete ROI. Cyberoam s entire Security Portfolio Data Protection & Encryption Device Management Unified Threat Management (UTM) Cyberoam Central Console (CCC) Cyberoam iview Intelligent Logging & Reporting Application Control Asset Management Cyberoam - Endpoint Data Protection Cyberoam Awards & Certifications:- Toll Free Numbers USA : India : APAC/MEA : Europe : C o p y r i g h t E l i t e c o r e Te c h n o l o g i e s L t d. A l l R i g h t s R e s e r v e d. Cyberoam & Cyberoam logo are registered trademarks of Elitecore Technologies Ltd. /TM: Registered trade marks of Elitecore Technologies or of the owners of the Respective Products/Technologies. Although Elitecore attempted to provide accurate information, Elitecore assumes no responsibility for accuracy or completeness of information neither is this a legally binding representation. Elitecore has the right to change, modify, transfer or otherwise revise the publication without notice. Elitecore Product