Get In Control: Introducing XTM 11.4

Transcription

1 Get In Control: Introducing XTM 11.4 Terry Leung Regional Director Southern China

2 Agenda What s wrong with today s network security Users and applications are out of control WatchGuard s solution XTM 11.4 feature overview Competitive positioning

3 Networks Lack Adequate Controls IT is facing Bandwidth use that is growing unexpectedly Advanced malware outbreaks Web applications tunneling through network controls Increased occurrence of rogue networks/endpoints Lack of effective security policies across the organization

4 How Do You Add Controls Without Constraining Business Productivity? Block Skype, Facebook, and other insecure social networking apps Authenticate users to all networks including Terminal Services & WLAN Deploy consistent security policy with centralized management templates Preempt network attacks with URL filters, web reputation services, antispam, AV, rogue wireless AP scans, and strong IPS See the network and react quickly with config history/rollback, auto- reports, efficient logging, and more Extend the Power of Your Firewall!

5 Fireware XTM 11.4 Delivers More Control New Feature Application Control New IPS Technology (scanning all ports, global IPS configuration) Rogue Wireless Access Point Detection for XTM 2 Series-W More Authentication Options Config History/Rollback Added Template Options with Centralized Management Logging and reporting enhancements Why YOU Benefit! Limits network resources consumed by insecure and/or non-business related applications Stops MORE threats with LESS administrative effort Reduce risk from wireless network threats and comply with PCI security standards. Better able to adjust network access as appropriate for specific users or groups Know your history control your future enjoy peace of mind. Drive security policy conformance and efficient management for MSSP and large installations Auto- reports and more scalable logging support more informed network administration

6 Users and Applications are Out of Control!

7 Unfettered App Use Should Worry You You lose countless hours of productivity to nonbusiness apps Many apps tunnel right past your firewall You lack visibility in what apps do on your network Most malware propagates via 3 rd party and web apps 927,000, ,822 man yrs 1575 life spans (per month)

8 Businesses have GOOD reason to be concerned about use of applications! In 2009, malicious web sites increased by 200% or more 55% of disclosed vulnerabilities affect web apps 77% of web sites with malcode are hijacked legitimate sites. 57% of data-stealing happens over the web 76% of breaches target web apps Sources: X-Force, Websense, Whitehat Security, Imperva, & 7Scan

9 What s Your Web 2.0 Policy? A quarter of companies have no policy IT decides policy 40% of the time When you have a policy, can you enforce it? Source: Forrester Research, Forrsights Security Survey, Q3 2010

10 Current Controls Too Coarse Already implemented Planning to implement in the next 12 months No plans Ability to block or allow use of a particular application for the whole company 65% 15% 17% Ability to block or allow use of a particular application based on user's identity 54% 17% 25% Ability to allow specific functions of the application 40% 14% 40% Ability to block or allow specific content within the application 38% 17% 40% Ability to control extent of use (e.g., time or bandwidth utilized) 30% 12% 52% Source: Forrester Research, Forrsights Security Survey, Q3 2010

11 Introducing Application Control Identify, control, and report on applications Allow or block aren t your only options apply policy-based scheduling or QoS. Granular control of applications behaviors. Not just signature based. Behavioral detection spots sneaky apps

12 Application Control Use Cases WG Application Control lets you: Block usage of all peer to peer applications Allow Marketing department access to Facebook Limit streaming media application usage to restricted hours Report on the top 10 applications used in the company Allow MSN Instant Messaging, but disallow file transfer over MSN Instant Messaging

13 Granular Control Application Control Feature Block specific applications at global, department, group, and individual levels Control sub-functions, e.g. allow access to MSN, but block MSN File Transfer Control access to applications or sub-functions by department Control access to applications by time of day. Control applications by category Centralized management of Application Control Automatic updates of application signatures Detailed application usage reporting Customer Benefit Keep productivity high; prevent security threats Balance of permissiveness and threat mitigation Create, enforce, and monitor fine-grained acceptable use policies. Productivity during key business hours, employee perks during off-hours. Ease of use Enforce a consistent application control policy across multiple locations. Maintain a consistent security posture in a world of dynamic applications Monitor adherence to acceptable use policies by user, group, department, etc

14 Key Applications 2,300 signatures covering 1,500 unique applications Category Instant Messaging Mail/Collaboration Web 2.0 P2P Remote Access Terminals Database File Transfer Voice Over IP Streaming Media Games Network Mgt Web bypass Example Applications QQ; MSN; Yahoo; GoogleTalk Hotmail; Gmail; Yahoo; MS Exchange Facebook; LinkedIn; Twitter Gnutella, Foxy, Thunders, Series, Winny; Bittorrent; TeamViewer; GoToMyPC MS SQL; Oracle Peercast; Megaupload Skype QuickTime; YouTube; Hulu Xbox Live; Second Life MS Update; Adobe; Norton; McAfee Ultrasurf; Avoidr; Circumventor, Tor Approved applications Unapproved or harmful applications

15 Reputation Enabled Defense for HTTP

16 Reputation Enabled Defense for HTTP Cloud-based analysis of web sites using WatchGuard s ReputationAuthority servers Improves HTTP performance Configured in the Subscription Services menu of Policy Manager and in your HTTP proxy configuration Supported only for XTM devices 16 WatchGuard Training

17 Reputation Enabled Defense for HTTP URLs are assigned a reputation score with a value between 1 and 100 by the ReputationAuthority RED configuration must specify threshold values for bad reputation and good reputation URLs with a reputation score that exceeds your bad reputation threshold are blocked before any virus scanning occurs, reducing resource load on device URLs with a reputation score that lower than your good reputation threshold bypass virus scanning, improving speed of loading web pages 17 WatchGuard Training

18 Send Feedback to ReputationAuthority Servers When you enable Reputation Enabled Defense, the default configuration enables the XTM device to send the results of your local Gateway AntiVirus scans to WatchGuard servers If you have Gateway AntiVirus, but do not have Reputation Enabled Defense, you can still send Gateway Anti-Virus scan results to WatchGuard Scan results are sent to WatchGuard as encrypted data 18 WatchGuard Training

19 That s not all folks. More New Visibility and Network Control Features

20 Enhanced Authentication Features Businesses are organized in human terms, not computer terms, but too many security devices ignore this. Fireware XTM 11.4 has a variety of new authentication features to allow administrators to construct, enforce, monitor, and report on security policies that are organized by users and groups rather than by IP subnets, hosts, host ranges, or network zones. Terminal Services Authentication SSO with Manual Authentication 802.1x Authentication Multiple AD Domain Support LDAP over SSL Support

21 Distinguishing Users on Terminal Services or Citrix Users may try to hide behind Terminal Services or Citrix. Can the right security policy be applied to them? Hi! My Name Is When used in a Terminal Services or Citrix environment, user identity is associated with traffic at the XTM appliance and policy is applied correctly Allows consistent deployment of security policy across all network segments, including where thin clients are used.

22 Reducing the Insider Risk: Secure LDAP Traffic Secures the LDAP operation between client and server with an SSL tunnel. Encrypts information (eg. domain name and password) that is passed in clear text during traditional LDAP authentication - preventing this key information from being sniffed and providing better protection against internal security breaches.

23 Supporting Users on Multiple Platforms My company supports both Windows and Mac users. Can I build user-based firewall policies for all of them? Allows users to authenticate manually (port 4100 over HTTPS) even when SSO is configured. Delivers more comprehensive support of customer environments, including access from offnetwork domains and non- Microsoft clients.

24 Multiple AD Domain Support Some companies have multiple Active Directory domains. Can one firewall enforce security policies across all of them? Multiple AD domains can be configured so as to allow customers to physically segment user information between groups (administrators/pupils in a school) or companies while deploying common policy at the firewall.

25 802.1X Authentication: Tighter Wireless Security Requires authentication prior to putting users on the WLAN network 802.1X enables port-based network access control X authenticator support for AP 1, AP2, and wireless guest (select from WPA Enterprise, WPA2 Enterprise or WPA/WPA2 Enterprise). Authenticate to RADIUS (with EAP support) or local database. Supports EAP-TLS, EAP-PEAP and EAP-TTLS.

26 New IPS: More Coverage, Easy to Use Businesses need rock-solid protection against network attacks! New IPS engine and signature provider Global configuration covers all ports and protocols Much easier to configure Greater efficacy and faster response to new threats

27

28

29

30

31

32 Configuration History and Rollback Sometimes, the admin needs to turn back the clock! Management Server stores previous versions of device configurations Indexed list of configs is timestamped and shows which configs were sent to devices (vs. configs created but not pushed to devices) Promotes peace of mind; allows easy reversion in the event of a misconfiguration or change in business needs

33 Reporting for Better Visibility, Easier Compliance Are the key people in the business getting the information they need, in a timely manner? New report scheduling New reports for App Control, IPS, DHCP lease activity notification of ready reports Enhancements to systematically remove diagnostic logs from log server

34 How Does It Stack Up to Competitors?

35 Application Control Company By the Numbers Comments WatchGuard Applications Signatures Granular control Attached to Firewall Policies Palo Alto Networks Applications Very Expensive Lacks networking features Fortinet Applications Closest to WG UI IPS service required Sonicwall 2700 Signatures Multiple signatures per application Intermixed with IPS Difficult to use Battlecards available at the partner portal, including Palo Alto Networks Will be updated for 11.4 launch

36 Today s WatchGuard for Today s Businesses Fireware XTM 11.4 advances WatchGuard s vision of extensible threat management, helping businesses combat threats, enhance productivity, and focus on business goals. Superior Security Superior Manageability and Visibility Enhanced Authentication State of the Art Policy Enforcement

37 What does it all mean? The Internet is a thorny thicket! Businesses face lots of competing pressures and forces WatchGuard products help companies define their relationship with the Internet It all comes down to policy

38 3 Phases of Policy Definition Enforcement Auditing WatchGuard has great tools and products for all three phases of policy!

39 Conclusion Threat Landscape + Design Principles = WatchGuard Products We defeat the threats and the competition WatchGuard is watching out for you! and we greatly value your partnership!

40