White paper Cyberoam UTM

Cyberoam o360 Protection

on a Shoe-String Budget

www.cyberoam.com I sales@cyberoam.com

www.cyberoam.com I sales@cyberoam.com

Introduction

Network security a few years ago was not a part of an organization's annual budget where traditional wired computers sent secure information to the server placed in an isolated network and traditional routers with a basic firewall performed the job of securing an organization's network. This was a primitive age of network security when network security was little known and considered as an avoidable expense.

But now the sensitive information flows through Internet access devices, smart phones, tablets and cloud, so the business models of organisations across the globe have been altered drastically. The winds of change have been accelerated by the social media entering the corporate networks which exponentially increases the chances of sensitive information exposure.

Witnessing this drastic change in the flow and access avenues of information, organizations are require to build a network security strategy which can deal with the changed business landscapes, dynamic employee needs, evolving threats, security standards and compliance requirements. These changed requirements set induces the organizations to add an extra field in their budget i.e. Network Security.

oThis whitepaper elevates how Cyberoam – A Next Generation UTM snugly fits into the network to implement a 360 - all-round protection against the threat landscape surrounding the organization with minimal investment.

www.cyberoam.com I sales@cyberoam.com

A Traitor Within – thNeed of the 8 Layer of Network Security

Malware Propagating over Secure Communication Channels – Need a Clean VPN

Scenario:In an ideal world, employees use the Internet enabled devices provided by their employer, strictly for the business use. The reports however reveal a different reality.

Scenario:As world metamorphoses into a Global village, organizational structure and business practices have evolved. The current organizations have multiple remote and branch offices spread across the world and for them continuous threat free connectivity with head offices is one of the critical business requirements.

Organizations use VPN to ensure availability of its network resources and to access core applications from remote locations. To achieve this connectivity, VPN is considered as the most secure way to transmit sensitive information across the Internet.

Problem: According to the survey conducted by International Data Corporation (IDC)

!? 70% of all web traffic to Internet pornography sites occurs during the work hours of 9am-5pm.

!? 48% of large companies blame their worst security breaches on employees.

!? 60% of security breaches occur within the company - behind the Firewall.

!? FBI studies in the last few years have shown that around 80% of company security policy violations are caused by their own personnel.

Problem: In the absence of proper security measures, VPN tunnels may turn into a safe passage for malwares entering into organization’s network. Creating VPN tunnels with no knowledge of security infrastructure can put the organization network at risk and attackers can leverage “insecure” VPN connections to access critical data inside the organization.

Cyberoam‘s Identity and Zone based approach helps segment the network sensitive information in a protected zone and provides a controlled access of the external world to the users inside the network by implementing an extra layer of security called: AAA ( Authentication Authorization Auditing).

Cyberoam’s Identity based UTM makes it mandatory for the user to get authenticated prior to the Internet access. Authentication request sent by the user is authorized and logged by the firewall. The firewall also scans for any attempt of injecting a malicious code in to the network programs using Intrusion Prevention and Anti-Virus scanning even on traffic between network zones. Cyberoam UTM logs and records all the network activities of the user which makes it almost impossible for an Insider to steal any sensitive data from the network. Cyberoam UTM is designed to stamp a packet not only with an IP address but also a valid authorized user account, hence making his packet accountable.

Cyberoam’s Solution:

Cyberoam VPN module integrated with the UTM functionality provides Threat Free Tunnelling (TFT), by implementing identity based controls, user authentication, VPN traffic scanning against malwares, and Email scanning for Virus and Spam.

Cyberoam’s Solution:

Cyberoam UTMWhite paper

www.cyberoam.com I sales@cyberoam.com

They Waiting for a Chance – Need Vigilant Anti Malware and Anti SpamScenario:With a virtual population explosion of Websites, applications and users every day, associated risk quotient has increased exponentially. Organizations using email as the primary medium of communication get thousands of unsolicited emails every day. Major chunk of email communication is comprises of spam and phishing emails.

Organizations using Internet for their business needs are exposed to emerging virus threats which lead to shear wastage of organization’s resources and productivity. Organizations are exposed to manifold Web and email threats and they are forced to think of a security shield against these threats in order to work smoothly.

Problem: According to Securelist*,!? In Q2 of 2012, the share of spam in mail traffic

was averaged 74.3%! The proportion of emails with malicious attachments

was averaged 3%! According to KSN data, over 1 billion threats are

detected in Q2 2012.! A total of 89.5 million URLs serving malicious code were

detected.

Cyberoam UTM offers best in breed Anti-Virus and Anti-Spam solution on a nominal subscription fee. Given below is the performance statistics of Cyberoam Anti-Spam and Anti-Virus solution:• Stops 80% of spam traffic before entering into the network• Spam Detection Rate: 98• False Positive Rate: 1 in 1 million emails• Virus Detection Rate: 99.5

Cyberoam offers user identity based Anti-Spam and Anti-Virus. The administrator can configure user based security policies. Cyberoam also gives user based on-appliance quarantine area and allows the users to release legitimate emails (if any) from quarantined area.

Cyberoam’s Solution:

Cyberoam UTMWhite paper

! A total of 14,900 files from malicious programs targeting Android were detected.

! In Q2 2012, 434143004 attacks from web resources located in different countries were neutralized. Of those, 145007 unique modifications of malicious and potentially unwanted programs were detected.

Stand alone Anti-Virus or Anti-Spam solution do not serve the purpose as they are loosely integrated with the other security solutions deployed in the same organization.*http://www.securelist.com/en/analysis/204792242/Spam_in_Q2_2012

Business @ Cost of Productivity –Need an Intelligent Web and Application FilteringScenario:Organizations are required to allow their employees to access Internet in order to stay up-to-date with latest market trends and competition. So these network cables work as life line for organizations’ business. Organizations heavily rely on websites and web based applications for connectivity and productivity.

Problem: The emergence of Web technologies and social media applications play vital role in business but at the same time they can pose potential security threats which can easily exploit network vulnerabilities of the organization if not controlled and monitored intelligently.For example

Cyberoam’s Solution:

Cyberoam’s Web and Application filter is a highly efficient module which can be customized to serve organization’s unique requirements. This Cyberoam security shield can be configured to provide granular control over web and application activities of employees. Cyberoam also gives complete visibility of real time web and application traffic using traffic discovery feature. Traffic discovery allows the administrator to monitor all incoming and outgoing Internet traffic and fine tune Internet access policies as and when required.

organizations are shifting from old conventional marketing techniques to Facebook to showcase their services and products. Almost every organization has a Facebook page these days. So when the business-needs transform, the traditional approach of blacklisting and whitelisting the complete application does not help. Rather an intelligent control is required to reap the fruits of this popular platform without putting employees’ productivity at stake.

www.cyberoam.com I sales@cyberoam.com

Critical Web Applications at Stake - Need a Web Application Firewall

Scenario:Internet presence of an organization in this virtual world is evaluated by organization’s Website, which provide a global business reach to deliver content to its customers. Organizations host public facing servers which allow visitors to access organization’s website and applications. Organizations invest a considerable amount of time and resources in developing and maintaining various web applications and websites but security of these web applications and websites never addressed efficiently.

Problem: Banks, Hospitals where Web servers are often hosted with a back-end customer or patient database are prone to sophisticated attacks like SQL Injection, Cross site scripting, URL Tampering, Remote Command Execution, Session and cookie high jacking, Buffer over flows. The after effects of these attacks are always devastating like stolen sensitive data,

Cyberoam’s Web Application Firewall (WAF) is a cost effective easy to deploy module that intercepts traffic to and from the web server to secure it against the attacks mentioned earlier including the top 10 application vulnerabilities listed by OWASP- The Open Source Web Application Security Project. WAF’s Positive protection model called “Intuitive Web Flow Detector” is capable of learning the legitimate behaviour of the web server for any request sent to it run time and creates dynamic application firewall rules in the background. WAF also provides SSL Offloading and act as a reverse SSL Proxy. With WAF deployed in organization’s network any web-server that is outside the perimeter can also be protected.

Cyberoam’s Solution:

No Idea ‘Who is doing What’ - Need a UTM with Pair of eyes

Scenario:When a security solution is deployed in the organization, an efficient and complete logging and reporting solution becomes an indispensable requirement. Administrator needs to know who is doing what in organization’s network.

Organizations are required to keep logs and reports to meet compliance standards set by different countries. At the same time they are required for forensic analysis.

Problem: Most of the security solutions force organizations to allocate a separate budget for purchasing a syslog based reporting solution and need additional resources like a server with an Operating system. Top of that, these solutions do not provide user based reports rather they give superficial IP based reports.

Cyberoam’s Solution:

Cyberoam UTM appliances are shipped with an inbuilt web based reporting engine -“Cyberoam iView”. Cyberoam iView offers complete visibility of users' network activities in a comprehensive way. It offers 1000+ user based reports in graphical as well tabular format. These reports further can be drilled down to view leaf level reports with timestamp.

Cyberoam iView offers network security and productivity reports e.g. Anti-Virus, Anti-Spam, Attacks, Internet Usage, Application Usage, Web Usage, FTP Usage and Data Transfer reports. If the administrator comes across with any anomaly or problematic Internet activities, he/she can tune-up network security policies and Internet access policies.

Cyberoam iView also offers various compliance reports to meet compliance standards around the globe. Also, Email Notification feature of Cyberoam iView allows administrator to configure email notifications to receive crucial reports via email. These reports can be saved or sent in industry standard PDF or CSV format.

Cyberoam UTMWhite paper

loss of revenue and compromised customer accounts. It can even lead to blacklisting of organization's website by many Content security providers. Organizations certainly do not wish to keep their reputation at the mercy of a hacker.

www.cyberoam.com I sales@cyberoam.com Elitecore Product

Toll Free Numbers

USA : +1-877-777-0368 | India : 1-800-301-00013

APAC/MEA : +1-877-777-0368 | Europe : +44-808-120-3958

C o p y r i g h t © 1999-2010 E l i t e c o r e Te c h n o l o g i e s L t d. A l l R i g h t s R e s e r v e d . Cyberoam & Cyberoam logo are

registered trademarks of Elitecore Technologies Ltd. ®/TM: Registered trade marks of Elitecore Technologies or of the owners

of the Respective Products/Technologies.

Although Elitecore attempted to provide accurate information, Elitecore assumes no responsibility for accuracy or completeness

of information neither is this a legally binding representation. Elitecore has the right to change, modify, transfer or otherwise

revise the publication without notice.

Cyberoam Awards & Certifications:-

Unified Threat Management(UTM)

Cyberoam Central Console (CCC)

Cyberoam iViewIntelligent Logging & Reporting

Cyberoam - Endpoint Data Protection

Data Protection& Encryption

DeviceManagement

ApplicationControl

AssetManagement

Cyberoam’s entire Security Portfolio

Conclusion

One of the strategies that most of the small and medium business follows can be sum up as famous saying from Clark Howard “Save more, Spend less and avoid being ripped off”. Security is an expensive investment in the SMB segment that is why the management always looks for ROI when it thinks of investing in Network Security.

Cyberoam UTM shipped with an inbuilt reporting engine, multi-link management, bandwidth management and robust remote access VPN in the form of SSL VPN, L2TP and PPTP offers a cost effective security infrastructure that eliminates need of additional expenditure on reporting and VPN solutions.

Besides above inbuilt features, Cyberoam offers multiple cost effective subscription options for regular UTM features like Gateway Anti-Virus, Anti-Spam, IPS, Web and Application Filter. The organization can choose and buy various combinations of subscriptions or bundled them for cost efficiency.

With these many security features in a single box, Cyberoam UTM is onetime relatively affordable investment for small and medium sized organizations with a tight shoe string Budget with complete ROI.

Cyberoam UTMWhite paper