Watch guard solution
-
Upload
laonap166 -
Category
Technology
-
view
202 -
download
1
Transcript of Watch guard solution
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
WatchGuard Solutions
Daniel Phuan
Senior Principal Consultant, SEA
1
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
Next Generation Firewall
Based on Gartner definition:
Next-generation firewalls (NGFWs) are
deep-packet inspection firewalls that move
beyond port/protocol inspection and blocking
to add application-level inspection, intrusion
prevention, and bringing intelligence from
outside the firewall.
2
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
UTM
First used by IDC:
Unified Threat Management (UTM) is a
category of security appliances which
integrates a range of security features into a
single appliance. UTM appliances combine
firewall, gateway anti-virus, and intrusion
detection and prevention capabilities into a
single platform
3
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
WatchGuard Technologies
UTM vs. NGFW
4
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
5
FEATURES
Myth: NGFW has more security features than UTM
UTM is always NGFW
UTM
SpamBlocker
WebBlocker
Packet Filtering
Gateway AVReputation
Enabled Defense
NGFW
Application
ControlIntrusion
Prevention
Service
(IPS)
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
6
SECURITY EFFICACY
Myth: NGFW blocks more threats than UTM
Threat NGFW UTM
Spam Attack X
Inappropriate Content X
Virus Attack X
Reputation Blocking X
Application Traffic
Intrusion Attack
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
7
MARKET SEGMENT
Myth: UTM is SMB only, NGFW is Enterprise
SMB Enterprise
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
8
WHAT IS REALLY IMPORTANT?
Deployable – Can I get the right technology implemented in time?
Usability – Can my team actually use the tools?
Visibility (Reportability) – Can I see what's going on?
Performance – Can I use this without negative impacts on the
business?
Efficacy – Will the technology protect the network?
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
Defense in Depth Vs. the Cyber KillChain
9
Objectives/Exfiltration
Lateral Movement / Pivoting
Command and Control (C&C)
Infection/Installation
Compromise/Exploit
Delivery
Reconnaissance
Firewall
Intrusion Prevention System
AntiVirus
AntiSpam
Reputation Services
APT Protection
The more layers of security you
have, the higher chance an
additional protection might catch
an advanced threat that other
layers might miss.
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
WatchGuard Breaks the KillChain
10
Objectives/Exfiltration
Lateral Movement / Pivoting
Command and Control (C&C)
Infection/Installation
Compromise/Exploit
Delivery
ReconnaissancePacket
Filtering
Proxies
IPS APT
Blocker
Gateway
AntiVirus
APT
Blocker
Gateway
AntiVirus
IPSWeb
Blocker
Packet
Filtering
IPS APT
Blocker
Gateway
AntiVirusDLPApplication
ControlReputation
Enabled
Defense
Application
Control
Packet
FilteringWeb
BlockerIPS APT
Blocker
Gateway
AntiVirus
Reputatio
n Enabled
Defense
Packet
FilteringDLP
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
Core UTM - Use Cases
11
Keep the bad guys out
Secure Internet Communication
(VPN)
Monitor and enforce acceptable
usage policy
Easy, securewireless with firewall
Enterprise Deployment
Compliance
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
The Rise of Ransomware
12
Ransomware is a form of computer
malware that restricts access to your
computer and/or its information, while
demanding you pay a ransom to regain
access.
Ransomware’s rise started 2013
Cryptolocker
CTB-Locker
CryptoWall
Source: McAfee 2015
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
Ransomware plagues small business
Cryptowall 4.0 is delivered by fake e-mail
13
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
Which of the following help to stop Ransomware?
14
A. APT Blocker
B. Webblocker
C. spamBlocker
D. Gateway AntiVirus
E. Application Control
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
Stop Ransomware?
• Malware categories keep users from dangerous sites
Webblocker & RED
• Sometimes prevents exploits that push ransomware
Intrusion Prevention Service (IPS)
• Sometimes detects and blocks ransomware (often misses new variants)
Gateway Antivirus (GAV)
• C&C categories may block or detect infected systems
WebBlocker (C&C)
• Best way to catch new, ever-evolving ransomware
APT Blocker
15
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
An Application Proxy checks Source IP, Destination IP, Port, Protocol
If a matching rule (or service) is found:
The proxy then performs deep inspection on the content of the
packet, including application layer data.
The Application Proxy
16
Packet Reassembly – since 1996
This is the key to finding threats that OTHER FIREWALLS MISS!
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
Things you can do with a proxy
17
Enforce SafeSearch in all major search engines
Enforce YouTube for Schools
Prohibit the use of older, insecure protocols SSLv2, SSLv3
Prevent the download of .exe files
Restrict e-mail message sizes, URL path lengths
Prevent BotNets from using DNS to communicate
Security inspection of VoIP Traffic
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
IPS
18
2000+ Signatures
Buffer Overflow
SQL Injection
CrossSite Scripting
Dos / DDos
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
How good is our IPS?
19
Enterprise Class
Security for Small
and Medium
Business
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
Webblocker
20
Screenshot from Dimension Demo
130 Categories
20 for Security
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
Application Control
21
Block insecure
applications and
categories
Examples:
• Tor
• Bittorrent
• eMule
• Crypto adminx
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
APT Blocker
22
#MD5
HASH
Inspect File 1
GAV Scan 2
Check MD5 locally 3
Check MD5 in cloud 4
Full System
Emulation in sandbox5
Alert if malware is
identified. 6
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
APT Blocker
23
Industry leader in
NSS Labs Breach
Detection report
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
What % of people check their social media profiles
from their work computers?
24
A. 36%
B. 52%
C. 77%
D. 93%
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
25
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
Application Control
26
1800 Applications
18 Categories
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
Traffic Management
27
Quality of Service
Traffic Shaping
Quotas
– Users or Groups
– Mb per day
– Minutes per day
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
Webblocker
28
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
Virtual Private Network (VPN)
29
WatchGuard is the go to solution for always on, always
available VPN connections.”
- Kelly Keeton, Sr. Network Engineer, NCA
Branch Office (BOVPN)
(Site to Site)
IPSec VPN Connections
Connecting Offices
Mobile VPN
SSL; IPSec, L2TP, PPTP
Windows, Mac, Android, iOS
Remote Users
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
How Can WatchGuard Block Malvertising?
• Malware categories keep users from malvertising sites
Webblocker & RED
• Can prevents exploits pushing drive-by downloads
Intrustion Prevention Service (IPS)
• Sometimes detects and blocks malware from malvertising sites
Gateway Antivirus (GAV)
• Can catch the latest malvertising payloads
APT Blocker
• Finds threats in encrypted web traffic
HTTPS Deep Inspection
30
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
How Does WatchGuard Help with IoT?
• Network security tools are device agnostic
UTM Defense
• Our APs bring UTM defenses to the wireless network.
Secure APs
31
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
How Does WatchGuard Mitigate Data Breachs?
• Different security layers prevent different threats
UTM Defense
• DLP helps recognize and block attackers exfiltrating data
DLP
• Visibility tools help you recognize unusual activity in your network
Dimension
32
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
DLP
Over 200 predefined rules for sensitive and personally
identifiable information
– Government ID numbers (e.g. SSN);
– Bank account numbers
– Health care records
– Confidential document markers;
Predefined sensors for PCI and HIPAA compliance
Personal Identifiable Data (PII) detection for 20
countries
33
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
DLP
34
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
DLP in Dimension
35
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
The Value of UTM
36
URL
Filtering
Application
Control
Data Loss
Prevention
(DLP)
Advanced
Malware
Protection
Gateway
AntiVirus
Packet
Filtering SPAM
Protection
Intrusion
Prevention
Services (IPS)
Firewall
Unified Threat Management (UTM) solutions combine a variety of must-have
network security solutions into one easy to deploy and manage solution.
Fewer appliances. Configure Once. Manage Centrally.
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
The Value of UTM
37
Unified Threat Management (UTM) solutions combine a variety of must-have
network security solutions into one easy to deploy and manage solution.
URL
Filtering
Application
Control
Data Loss
Prevention
(DLP)
Advanced
Malware
Protection
Gateway
AntiVirus
Packet
Filtering SPAM
Protection
Intrusion
Prevention
Services (IPS)
Firewall
Centralized Management. Complete Network Visibility.
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
Dimension Threat Visibility
38
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
39
What is Visibility?
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
40
490million475
million
320million
185million
95million70
million
390,000NEW
MALICIOUS
PROGRAMS
EVERY DAY
The total
number of
malicious
programs found
in the wild will
surpass the
half-billion
milestone this
year, according
to AV-TEST.2011 2012 2013 2014 2015 2016
https://www.av-test.org/en/statistics/malware/
Global Threat Landscape:
Incidents Rising
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
41
Global Threat Landscape:
Detection Slowing
2013
Avg. 80 days to detection.
The Year of the Mega Breach, 2014
Avg. 6 months to detection.
Cost of Data Breach Study, 2015
Avg. 8.5 months to detection.
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
Why the Delay in Detection?
42
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
How do you identify key incidents in
millions of lines of logs?
• Variety of logs to filter through
• Neiman Marcus - ~60k security alerts
IT and security staff cannot get their
job done
• Little understanding of normal network
traffic (baseline)
• Inability to make proper
policy decisions
• Can’t find big or small trends
• Resourcing constraints
We’re Drowning in Oceans of Logs
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
Collect logs Review logs regularly
Confident in finding security trends
Security Events Lost in Logs
97%
14%
44%
https://www.sans.org/reading-room/whitepapers/analyst/ninth-log-management-survey-report-35497
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
It Doesn’t Have to Be This Way!
45
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
Business leaders are using new tools to analyze data and run their companies…
You need the same for security!
Find Patterns, Make Better Decisions
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
Find Patterns,
Make Better Decisions
WatchGuard offers an array of tools,
providing:
Deep Visibility: Don’t think. Know!
Rich Reporting: C-Level CliffsNotes.
Granular Control: Surgical policy precision.
Ease of Use: Brilliantly simple management.
47
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
48
Dimension provides full-scope threat visibilityIdentify and distill key network security threats and anomalies in real-time in
order to track, manage, and report on the security of your network.
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
Not just visibility, but also control
49
Translate visibility into immediate action, right from the dashboard, with
integrated, granular security configuration features.
HUB AND SPOKE VPNCreating and managing secure
connections to your branch offices has
never been easier.
ADD TO BLOCK LISTBlock clients or domains instantly without
leaving the dashboard.
RESTORE TO PREVIOUS
CONFIGURATIONSEasily jump back to previous versions
of the firewall configuration.
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
“We saw a denial of service attack hit the firewall before we could even get through to our
ISP to find out what they were going to do about it.” Stephen Coombes,Technical Director,
Lytchett Minster
It is easier to find faults, to do reports on what users demand …That is a massive
improvement for us." -Matt Pollard, Senior Analyst, Abertay University
“We now have the visibility to pinpoint very quickly where there is excessive traffic, by AP,
Wi-Fi user, wired user, by protocol or port.” Fahyaz Khan, IT Manager, Kensington Close
Hotel
“I look at the dashboards every day. It is up on my screen and it gives me real-time visibility
to the bandwidth usage at each one of our 43 sites." -Jeff Crossley, Systems Engineer,
Anthem College
50
Customer Success
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
51
WatchGuard provides enterprise-grade visibility solutions enabling businesses to fully leverage
the effectiveness and value provided by our enterprise-grade devices.
Firebox T-series Firebox M-series Wireless APs
Dimension
WatchGuard Solutions
Fireware Web UI WSM
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
The WatchGuard Difference
52
Best-in-class
security
services
without the cost
or complexity.
Enterprise-
GradeSimplicity
Top UTM
Performance
Threat
VisibilityFuture-Proof
Easy and
straight-forward
to configure,
deploy, and
centrally
manage.
Fastest UTM
performance at
all price points.
Full network
visibility with the
power to take
action
immediately.
The quickest
access to new
and improved
security
services.
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
Firebox® M200 & M300:
Small and Mid-sized
businesses
WatchGuard’s Suite of UTM & NGFW Solutions
Firebox® M5600: Large
enterprises and corporate
data centers
Virtual Firewall
Four virtual software license versions
with full UTM features
Software Scalability:
Single version of WatchGuard Fireware® OS
runs on all solutions, including virtualFirebox® M4600:
Distributed enterprises
The strongest UTM performance at all prices points – delivering a
solution for organizations of all sizes.
Firebox® T10:
Small office/home office and
small retail environments
Firebox® M440:
Multi port option
Firebox® M400 & M500:
Mid-sized businesses and
distributed enterprises
Instant Visibility:
WatchGuard’s award-winning threat visibility platform,
Dimension, comes standard on every appliance.
Scalable Wi-Fi:
WatchGuard tabletop appliances offer build-in Wi-Fi
capabilities, however, every WatchGuard appliance
has a built-in wireless gateway controller – making Wi-Fi
expansion and centralized management a breeze.
Centralized Management:
Every appliance comes with built-in features
to expedite deployment and simplify ongoing
network and appliance management. .
Firebox® T30 & T50:
Small offices, branch offices
and wireless hotspots
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved
THANK YOU