SlideShare une entreprise Scribd logo
1  sur  38
Télécharger pour lire hors ligne
Security Proposal
for your network
Index
•Why we need Watch Guard?
•Network diagram
•Security Solution
•Logs and report
Companies Increasingly “Like” Social Media




                        Robert Half Technology. “SOCIAL WORK? More Companies Permit Social Networking on the
                        Job”. May 26, 2011. Retrieved from: http://rht.mediaroom.com/2011SocialMediaPolicies
Users and Applications are Out
of Control!




                1. Retrieved from: http://www.allfacebook.com/facebook-games-statistics-2010-09
                2. Retrieved from http://www.freemusictodownload.eu/p2p-statistics.html
                3. Sources: X-Force, Websense, Whitehat Security, Imperva, 7Scan
Social Networks Threaten
Productivity
You Can’t Control What You Can’t See
   • Traditional port-based firewalls lack the ability to
       see, let alone control, many apps
   •   Productivity Loss
        •   Bandwidth-hungry apps slow networks
   • Data Loss / Attack Vector
       • Social networks breed a culture of trust
       • Rife with technical vulnerabilities
WatchGuard Solves Your Problem




      See the         Enable secure        Restrict
   applications in    & productive     unproductive, i
    use on your      business use of     nsecure &
      network          applications      bandwidth
                                       draining usage
How WatchGuard Solves Your Problem

   Identification, control, and reporting on
   1800+ applications and sub-functions


   Applications easy to find – organized by
   category and searchable by query



   Broad and granular control of applications



   Integration with firewall policy table
Network Visibility is Essential
• Rich reporting on App usage, users, categories, blocked
  applications, top clients, and more!
Intuitive Organization Simplifies
 Your Workflow
• Find applications by category (e.g. Social Network) OR
• Query search by application name (e.g. Facebook)
Security Your Way – Broad
Control
• Establish policy broadly across application category
Security Your Way – Granular
Control
 • Exercise control by user, category, application, &
   application sub-function
Why WatchGuard Wins with
        Application Control
                                                                                   vs. Palo Alto
   vs. Fortinet                   vs. Cisco             vs. SonicWall               Networks

• 1800 applications vs.    • WatchGuard has         • Application rules      • Part of UTM bundle
  1200 for Fortinet          Application Control;     integrated with main     (AV, spamBlocker, etc.)
• Ease of configuration      Cisco ASA does not!      policy table           • 1800 applications vs.
  (search; rules for                                • Application Control      1300 for PaloAlto
  multiple applications)                              ease of use (e.g.      • Application Control in
• Integrated application                              search)                  appliance
  reporting                                                                    line, including
                                                                               tabletops



                       Watch Application Control Video
             http://www.watchguard.com/latest/appcontrol-demo.asp
XTM Defense-In-Depth In
Action
WatchGuard vs. Web 2.0 Security Issues

                    • Snags malware, scareware, spyware and
        GAV           malicious scripts



         IPS        • Prevents drive-by-download attacks



                    • Cloud-based service protects you from
        RED           legitimate sites infected with malware

                    • Enables granular control by user, group, or
    Application
                      IP; and separate control over actions for
     Control          view, post, chat, apps, games, and video
Cornerstone – The Application
Proxy
Packet Reassembly – since 1996


  An Application Proxy checks Source IP, Destination IP, Port, Protocol
  If a matching rule (or service) is found:
  The proxy then performs deep inspection on the content of the
  packet, including application layer data.




This is the key to finding threats that OTHER FIREWALLS MISS!
Fireware XTM: Making the Most of
Your Network
        QoS and Traffic Shaping
        • High-priority traffic gets bandwidth
        • Low-priority traffic gets available bandwidth

        Multi-WAN Support
        • Up to 4 WAN connections supported
        • Traffic can use multiple WAN connections
          simultaneously or on a failover

        VPN Failover
        • Mission-critical VPN traffic keeps flowing if a remote
          site becomes unavailable
        • Traffic automatically fails-over to another gateway

        IPv6 Readiness
        • IPv6 Ready Gold Logo validates IPv6 routing
        • All XTM appliances will support IPv6
Managing XTM Solutions:
Flexibility
Choose from three user interface options: Administer your way

                                             Command Line Interface




       WatchGuard Systems
       Manager Interface
                                                 Web Interface
Managing XTM Solutions: Real-
                             Suite of tabbed tools deliver
                           information needed to monitor
                             and react to network status     Take instant remediative

Time Visibility                                              action, such as adding a
                                                             site to a blocked sites list


 Real-time monitoring lets you take instant action to
 protect your network.
XTM Multi-Box Management
Saves Time
 Simultaneously manage from 2 to 100’s of boxes.

                                                    Implementing the
                                                    WatchGuard solution
                                                    was a breeze. The policy
                                                    setting and system
                                                    configuration is easy
                   Align security policies across   because it is all very
                    an organization – or apply      logical and
                   modifications between boxes      straightforward.
                                                    Francis Lim, IT
                                                    Manager, Eurokars
                                                    Group
Securely Connecting Users:
VPN
• Create VPN by simple drag and drop
• Connect any location with Internet access
• Select from IPSec, SSL, PPTP
• Choose your device: laptop, smartphone, tablet
• Define flexible rules to restrict data access to
  authorized individuals only
• Use client or clientless options



    I can’t remember the last time I had to call
    someone with a security problem. With
    WatchGuard, we are always connected.
    Lucas Goh, Head of IT Operations for
    Asia, Berg Propulsion
What is “Next-
    Generation”?
                               “Firewalls need to evolve to be more proactive in
                               blocking new threats, such as botnets and targeted
                               attacks. Enterprises need to update their network
                               firewall and intrusion prevention capabilities to
                               protect business systems as attacks get more
                               sophisticated.”


(XTM = Next-Generation UTM) “XTM platforms will take
security appliances beyond traditional boundaries by
vastly expanding security features, networking capabilities
and management flexibility.”
Next-Generation
Security Solutions                   Next-
LiveSecurity®                      Generation
                                    Firewall
Application Control                  Bundle

Intrusion Prevention Service

Gateway AntiVirus

Reputation Enabled Defense (RED)

WebBlocker

spamBlocker
Best-In-Class Security
XTM Performance & Value =
 Market Leadership
                                                         Market Share Q3 2011

       WatchGuard



        Check Point



          SonicWall



            McAfee



            Fortinet



               Cisco


                       $0      $2,000,000   $4,000,000    $6,000,000   $8,000,000   $10,000,000   $12,000,000   $14,000,000   $16,000,000   $18,000,000   $20,000,000


                               Cisco                Fortinet                McAfee                 SonicWall             Check Point             WatchGuard
Market Share Q3 2011        $8,332,580            $10,575,907            $11,366,568              $13,537,362            $12,743,382             $17,306,073

 Source: 2011 Infonetics, 3Q11 Network Security Appliance and Software Worldwide and Regional Market Share.
Industry-Leading Value
                                                                                               “The company is
                                                                                               strong, the products
                                                                                               able, and the
                                                                                               pricing can’t be
                                                                                               beat.”




 Source: Info-Tech Research Group. Vendor Landscape: Unified Threat Management. August 2011.
Why WatchGuard Wins
                                                                                   vs. Palo Alto
   vs. Fortinet                    vs. Cisco             vs. SonicWall
                                                                                    Networks

• General purpose CPU       • Application Control   • Simpler admin. task    • Gateway AntiVirus
  beats ASIC for security   • HTTPS inspection        flows                    detects malware in all
• Real-time visibility      • Tightly integrated    • Application Control      compressed file
  tools                       security services       ease of use (e.g.        formats
• 65 bundled reports        • UTM performance         search)                • Email security and anti-
  vs. only 2                                        • 2.5 million AV           spam capabilities
                            • Simple VPN setup
• Multi-WAN                                           signatures vs 25,000   • Comprehensive
                                                    • Model upgrades by        appliance
• Traffic shaping
                                                      license key              line, including
• VPN setup wizard                                                             tabletops



                            Watch Video Comparisons
                http://www.watchguard.com/latest/us-vs-them.asp
Moving Security Forward with
Watchguard XTM
 • “Best-in-class” security for comprehensive protection
 • Recognized security “Trend Setter”, industry “Champion”,
   and “Leader”
 • 65 reports included at no extra cost
 • Real-time monitoring
 • Intuitive set-up wizards
 • Multi-WAN support
 • Market-leading value
Why we need Watch guard
•Manage users to access internet.
•Filtering content and url of the website.
•Filtering by keyword
•Filtering and inspect HTTPS.
•Web blocker has over 54 categories for IT manager to manage the
internet access.
•Report and logs all content accessed by users.
•Secure e-mail and web access.
•Can be integrated to the Domain controller to apply the policy to manage
users.

  Watchguard is not only a simple firewall but also
  it is a good tools for IT Manager to manage their
  network.
Network and user
                  management.
E-mail security
Watchguard XTM features




              Application control
Watchguard – integated solutions.


  Protects networks by integrating best-in-class security
     technologies that enable businesses to manage
    risks, empower people and improve efficiencies.
Watchguard XTM features
WatchGuard: Industry Leader
Gartner
Named “Leader” in Magic Quadrant
Multifunction Firewalls
IDC
“WatchGuard, one of the first security
appliance vendors, will remain a
leader in this market going forward.”
Frost & Sullivan
“WatchGuard is on its track of
becoming a major participant in the
enterprise-UTM market.”
“Measurements have indicated that
WatchGuard has chipped away the market
share formally held by Fortinet, Cisco, and
Juniper.”
Defense-in-Depth — XTM
           WatchGuard Extensible Threat Management


              VPN          Stateful       Content
                           Firewall       Security

                 Layered Security                    
              SSL            Deep        Reputation
             IPSEC          Packet        Enabled
                          Inspection      Defense
                                         Gateway
                                         Antivirus
                                          Intrusion
             Centralized                 Prevention
                                           Spam
             Management                  Protection
            Rich Reporting                  URL
              Real-Time                   Filtering
             Monitoring                 Application
                                         Control
WatchGuard XTM Series: Unified Threat Management



 Sized for small businesses to the enterprise
 All-in-one network security
 Firewall Integrated with Advance networking features
 SSL and IPSec VPN (MUVPN/BOVPN)
 Reputation Enabled Defense (Cloud Security Services)
 WebBlocker (including full HTTPS inspection)
 SpamBlocker
 Gateway Anti-Virus/Intrusion Prevention Services
 Application Control (More than 1800 signatures!)
 Three management interfaces–console, web UI, CLI
 Reporting and real-time monitoring–at no extra cost
 Model-upgradeable within each series
WatchGuard XTM 5 Series
 Recommended for main offices/
 headquarters with up to 1,500
 users
 Performance driven security for
 growing mid-size businesses
 Up to 2.3 Gbps firewall
 throughput
 Full HTTPS inspection and VoIP
 support.
 Model-upgradeable
Logs and reports
• Watchguard does not keep the logs and reports in the same
box.
•Watchguard recommends customer to use another computer
running Win XP to install logs and report management
software to run as Report and Logs server.
• This idea is really good for customer to manage and backup
the logs and report information.
• Log information could be stored for many years.
Gain Visibility.

               Gain Insight.

                        Gain Control.


WatchGuard Application Control


                Thank You!

Contenu connexe

Tendances

Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Securityneoma329
 
Cyberoam Unified Threat Management
Cyberoam Unified Threat ManagementCyberoam Unified Threat Management
Cyberoam Unified Threat ManagementVCW Security Ltd
 
Wifi Security for SOHOs: Cyberoam UTM CR15wi
Wifi Security for SOHOs: Cyberoam UTM CR15wiWifi Security for SOHOs: Cyberoam UTM CR15wi
Wifi Security for SOHOs: Cyberoam UTM CR15winiravmahida
 
Consider Sophos - Security Made Simple
Consider Sophos - Security Made SimpleConsider Sophos - Security Made Simple
Consider Sophos - Security Made SimpleDavid Fuchs
 
Sophos Wireless Protection Overview
Sophos Wireless Protection OverviewSophos Wireless Protection Overview
Sophos Wireless Protection OverviewSophos
 
DSS ITSEC 2012 ForeScout Technical RIGA
DSS ITSEC 2012 ForeScout Technical RIGADSS ITSEC 2012 ForeScout Technical RIGA
DSS ITSEC 2012 ForeScout Technical RIGAAndris Soroka
 
Miercom Unified Threat Management Report - WatchGuard M270
Miercom Unified Threat Management Report - WatchGuard M270Miercom Unified Threat Management Report - WatchGuard M270
Miercom Unified Threat Management Report - WatchGuard M270BAKOTECH
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep securityTrend Micro
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...Amazon Web Services
 
Sophos utm-roadshow-south africa-2012
Sophos utm-roadshow-south africa-2012Sophos utm-roadshow-south africa-2012
Sophos utm-roadshow-south africa-2012dvanwyk30
 
Get the Most From Your Firewall
Get the Most From Your FirewallGet the Most From Your Firewall
Get the Most From Your FirewallSophos
 
Cyberoam vs. Forefront Threat Management Gateway
Cyberoam vs. Forefront Threat Management GatewayCyberoam vs. Forefront Threat Management Gateway
Cyberoam vs. Forefront Threat Management GatewayLiberteks
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2JD Sherry
 
Ccnsp trainer presentation
Ccnsp trainer presentationCcnsp trainer presentation
Ccnsp trainer presentationSoap MacTavish
 
Cyberoam ssl vpn_management_guide
Cyberoam ssl vpn_management_guideCyberoam ssl vpn_management_guide
Cyberoam ssl vpn_management_guidesupport_cyberoam
 
Cloud Security - Made simple
Cloud Security - Made simpleCloud Security - Made simple
Cloud Security - Made simpleSameer Paradia
 
Symantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility StrategySymantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility StrategySymantec
 
Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec
 
Introducing Kaspersky Security for Virtualization
Introducing Kaspersky Security for VirtualizationIntroducing Kaspersky Security for Virtualization
Introducing Kaspersky Security for VirtualizationAriel Martin Beliera
 

Tendances (20)

Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
 
Cyberoam Unified Threat Management
Cyberoam Unified Threat ManagementCyberoam Unified Threat Management
Cyberoam Unified Threat Management
 
Wifi Security for SOHOs: Cyberoam UTM CR15wi
Wifi Security for SOHOs: Cyberoam UTM CR15wiWifi Security for SOHOs: Cyberoam UTM CR15wi
Wifi Security for SOHOs: Cyberoam UTM CR15wi
 
Consider Sophos - Security Made Simple
Consider Sophos - Security Made SimpleConsider Sophos - Security Made Simple
Consider Sophos - Security Made Simple
 
Sophos Wireless Protection Overview
Sophos Wireless Protection OverviewSophos Wireless Protection Overview
Sophos Wireless Protection Overview
 
DSS ITSEC 2012 ForeScout Technical RIGA
DSS ITSEC 2012 ForeScout Technical RIGADSS ITSEC 2012 ForeScout Technical RIGA
DSS ITSEC 2012 ForeScout Technical RIGA
 
Miercom Unified Threat Management Report - WatchGuard M270
Miercom Unified Threat Management Report - WatchGuard M270Miercom Unified Threat Management Report - WatchGuard M270
Miercom Unified Threat Management Report - WatchGuard M270
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep security
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
 
Sophos utm-roadshow-south africa-2012
Sophos utm-roadshow-south africa-2012Sophos utm-roadshow-south africa-2012
Sophos utm-roadshow-south africa-2012
 
Get the Most From Your Firewall
Get the Most From Your FirewallGet the Most From Your Firewall
Get the Most From Your Firewall
 
Cyberoam vs. Forefront Threat Management Gateway
Cyberoam vs. Forefront Threat Management GatewayCyberoam vs. Forefront Threat Management Gateway
Cyberoam vs. Forefront Threat Management Gateway
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2
 
Ccnsp trainer presentation
Ccnsp trainer presentationCcnsp trainer presentation
Ccnsp trainer presentation
 
Cyberoam ssl vpn_management_guide
Cyberoam ssl vpn_management_guideCyberoam ssl vpn_management_guide
Cyberoam ssl vpn_management_guide
 
Cloud Security - Made simple
Cloud Security - Made simpleCloud Security - Made simple
Cloud Security - Made simple
 
Symantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility StrategySymantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility Strategy
 
Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012
 
Introducing Kaspersky Security for Virtualization
Introducing Kaspersky Security for VirtualizationIntroducing Kaspersky Security for Virtualization
Introducing Kaspersky Security for Virtualization
 
TrendMicro
TrendMicroTrendMicro
TrendMicro
 

Similaire à Watchguard security proposal 2012

Watchguard security proposal 2012
Watchguard security proposal 2012Watchguard security proposal 2012
Watchguard security proposal 2012Jimmy Saigon
 
Watchguard short introduction
Watchguard short introductionWatchguard short introduction
Watchguard short introductionJimmy Saigon
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not LostNetwork Forensics Exposes Today's Advanced Security Thr...All Hope is Not LostNetwork Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...Savvius, Inc
 
Sophos Day Belgium - What's cooking in Sophos' Network Security Group?
Sophos Day Belgium - What's cooking in Sophos' Network Security Group?Sophos Day Belgium - What's cooking in Sophos' Network Security Group?
Sophos Day Belgium - What's cooking in Sophos' Network Security Group?Sophos Benelux
 
Securing Beyond the Cloud Generation
Securing Beyond the Cloud GenerationSecuring Beyond the Cloud Generation
Securing Beyond the Cloud GenerationForcepoint LLC
 
Fortinet ixia ottawa, june 2013
Fortinet ixia ottawa, june 2013Fortinet ixia ottawa, june 2013
Fortinet ixia ottawa, june 2013juliankanarek
 
Partner Zymbian & Fortinet webinar on Web2.0 security
Partner Zymbian & Fortinet webinar on Web2.0 securityPartner Zymbian & Fortinet webinar on Web2.0 security
Partner Zymbian & Fortinet webinar on Web2.0 securityZymbian
 
Why Its time to Upgrade a Next-Generation Firewall
Why Its time to Upgrade a Next-Generation FirewallWhy Its time to Upgrade a Next-Generation Firewall
Why Its time to Upgrade a Next-Generation FirewallAli Kapucu
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Amazon Web Services
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 
Solution Guide Secure Access Architecture
Solution Guide Secure Access ArchitectureSolution Guide Secure Access Architecture
Solution Guide Secure Access ArchitectureExclusive Networks ME
 
Emea Corporate Presentation 0709 Lin
Emea Corporate Presentation 0709 LinEmea Corporate Presentation 0709 Lin
Emea Corporate Presentation 0709 LinJoe Sarno
 
Cyberoam Firewall Presentation
Cyberoam Firewall PresentationCyberoam Firewall Presentation
Cyberoam Firewall PresentationManoj Kumar Mishra
 
Cloud Security @ TIM - Current Practises and Future Challanges
Cloud Security @ TIM - Current Practises and Future ChallangesCloud Security @ TIM - Current Practises and Future Challanges
Cloud Security @ TIM - Current Practises and Future ChallangesMichele Vecchione
 
Fortinet - Hk Product Overview Short V 1 6
Fortinet - Hk Product Overview Short V 1 6Fortinet - Hk Product Overview Short V 1 6
Fortinet - Hk Product Overview Short V 1 6Haris Khan
 
CyberoamBrochure
CyberoamBrochureCyberoamBrochure
CyberoamBrochureBaqar Kazmi
 
CyberoamBrochure
CyberoamBrochureCyberoamBrochure
CyberoamBrochureMaliha Ali
 

Similaire à Watchguard security proposal 2012 (20)

Watchguard security proposal 2012
Watchguard security proposal 2012Watchguard security proposal 2012
Watchguard security proposal 2012
 
Watchguard short introduction
Watchguard short introductionWatchguard short introduction
Watchguard short introduction
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not LostNetwork Forensics Exposes Today's Advanced Security Thr...All Hope is Not LostNetwork Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
 
Sophos Day Belgium - What's cooking in Sophos' Network Security Group?
Sophos Day Belgium - What's cooking in Sophos' Network Security Group?Sophos Day Belgium - What's cooking in Sophos' Network Security Group?
Sophos Day Belgium - What's cooking in Sophos' Network Security Group?
 
Securing Beyond the Cloud Generation
Securing Beyond the Cloud GenerationSecuring Beyond the Cloud Generation
Securing Beyond the Cloud Generation
 
Fortinet ixia ottawa, june 2013
Fortinet ixia ottawa, june 2013Fortinet ixia ottawa, june 2013
Fortinet ixia ottawa, june 2013
 
Partner Zymbian & Fortinet webinar on Web2.0 security
Partner Zymbian & Fortinet webinar on Web2.0 securityPartner Zymbian & Fortinet webinar on Web2.0 security
Partner Zymbian & Fortinet webinar on Web2.0 security
 
Why Its time to Upgrade a Next-Generation Firewall
Why Its time to Upgrade a Next-Generation FirewallWhy Its time to Upgrade a Next-Generation Firewall
Why Its time to Upgrade a Next-Generation Firewall
 
MMPL Watchguard overview
MMPL Watchguard overviewMMPL Watchguard overview
MMPL Watchguard overview
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
 
Fortinet broch
Fortinet brochFortinet broch
Fortinet broch
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewalls
 
Solution Guide Secure Access Architecture
Solution Guide Secure Access ArchitectureSolution Guide Secure Access Architecture
Solution Guide Secure Access Architecture
 
Cr vs fortinet
Cr vs fortinetCr vs fortinet
Cr vs fortinet
 
Emea Corporate Presentation 0709 Lin
Emea Corporate Presentation 0709 LinEmea Corporate Presentation 0709 Lin
Emea Corporate Presentation 0709 Lin
 
Cyberoam Firewall Presentation
Cyberoam Firewall PresentationCyberoam Firewall Presentation
Cyberoam Firewall Presentation
 
Cloud Security @ TIM - Current Practises and Future Challanges
Cloud Security @ TIM - Current Practises and Future ChallangesCloud Security @ TIM - Current Practises and Future Challanges
Cloud Security @ TIM - Current Practises and Future Challanges
 
Fortinet - Hk Product Overview Short V 1 6
Fortinet - Hk Product Overview Short V 1 6Fortinet - Hk Product Overview Short V 1 6
Fortinet - Hk Product Overview Short V 1 6
 
CyberoamBrochure
CyberoamBrochureCyberoamBrochure
CyberoamBrochure
 
CyberoamBrochure
CyberoamBrochureCyberoamBrochure
CyberoamBrochure
 

Plus de Jimmy Saigon

Invite god comes to your boat
Invite god comes to your boatInvite god comes to your boat
Invite god comes to your boatJimmy Saigon
 
F5 link controller
F5  link controllerF5  link controller
F5 link controllerJimmy Saigon
 
Christie Digital Display solution.
Christie Digital Display solution.Christie Digital Display solution.
Christie Digital Display solution.Jimmy Saigon
 
F5-BigIP Edge gateway introduction
F5-BigIP Edge gateway introduction F5-BigIP Edge gateway introduction
F5-BigIP Edge gateway introduction Jimmy Saigon
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introductionJimmy Saigon
 
Polycom introduction vietnamese
Polycom introduction   vietnamesePolycom introduction   vietnamese
Polycom introduction vietnameseJimmy Saigon
 

Plus de Jimmy Saigon (7)

God ‘s love
God ‘s loveGod ‘s love
God ‘s love
 
Invite god comes to your boat
Invite god comes to your boatInvite god comes to your boat
Invite god comes to your boat
 
F5 link controller
F5  link controllerF5  link controller
F5 link controller
 
Christie Digital Display solution.
Christie Digital Display solution.Christie Digital Display solution.
Christie Digital Display solution.
 
F5-BigIP Edge gateway introduction
F5-BigIP Edge gateway introduction F5-BigIP Edge gateway introduction
F5-BigIP Edge gateway introduction
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introduction
 
Polycom introduction vietnamese
Polycom introduction   vietnamesePolycom introduction   vietnamese
Polycom introduction vietnamese
 

Dernier

UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 

Dernier (20)

UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 

Watchguard security proposal 2012

  • 2. Index •Why we need Watch Guard? •Network diagram •Security Solution •Logs and report
  • 3. Companies Increasingly “Like” Social Media Robert Half Technology. “SOCIAL WORK? More Companies Permit Social Networking on the Job”. May 26, 2011. Retrieved from: http://rht.mediaroom.com/2011SocialMediaPolicies
  • 4. Users and Applications are Out of Control! 1. Retrieved from: http://www.allfacebook.com/facebook-games-statistics-2010-09 2. Retrieved from http://www.freemusictodownload.eu/p2p-statistics.html 3. Sources: X-Force, Websense, Whitehat Security, Imperva, 7Scan
  • 6. You Can’t Control What You Can’t See • Traditional port-based firewalls lack the ability to see, let alone control, many apps • Productivity Loss • Bandwidth-hungry apps slow networks • Data Loss / Attack Vector • Social networks breed a culture of trust • Rife with technical vulnerabilities
  • 7. WatchGuard Solves Your Problem See the Enable secure Restrict applications in & productive unproductive, i use on your business use of nsecure & network applications bandwidth draining usage
  • 8. How WatchGuard Solves Your Problem Identification, control, and reporting on 1800+ applications and sub-functions Applications easy to find – organized by category and searchable by query Broad and granular control of applications Integration with firewall policy table
  • 9. Network Visibility is Essential • Rich reporting on App usage, users, categories, blocked applications, top clients, and more!
  • 10. Intuitive Organization Simplifies Your Workflow • Find applications by category (e.g. Social Network) OR • Query search by application name (e.g. Facebook)
  • 11. Security Your Way – Broad Control • Establish policy broadly across application category
  • 12. Security Your Way – Granular Control • Exercise control by user, category, application, & application sub-function
  • 13. Why WatchGuard Wins with Application Control vs. Palo Alto vs. Fortinet vs. Cisco vs. SonicWall Networks • 1800 applications vs. • WatchGuard has • Application rules • Part of UTM bundle 1200 for Fortinet Application Control; integrated with main (AV, spamBlocker, etc.) • Ease of configuration Cisco ASA does not! policy table • 1800 applications vs. (search; rules for • Application Control 1300 for PaloAlto multiple applications) ease of use (e.g. • Application Control in • Integrated application search) appliance reporting line, including tabletops Watch Application Control Video http://www.watchguard.com/latest/appcontrol-demo.asp
  • 14. XTM Defense-In-Depth In Action WatchGuard vs. Web 2.0 Security Issues • Snags malware, scareware, spyware and GAV malicious scripts IPS • Prevents drive-by-download attacks • Cloud-based service protects you from RED legitimate sites infected with malware • Enables granular control by user, group, or Application IP; and separate control over actions for Control view, post, chat, apps, games, and video
  • 15. Cornerstone – The Application Proxy Packet Reassembly – since 1996 An Application Proxy checks Source IP, Destination IP, Port, Protocol If a matching rule (or service) is found: The proxy then performs deep inspection on the content of the packet, including application layer data. This is the key to finding threats that OTHER FIREWALLS MISS!
  • 16. Fireware XTM: Making the Most of Your Network QoS and Traffic Shaping • High-priority traffic gets bandwidth • Low-priority traffic gets available bandwidth Multi-WAN Support • Up to 4 WAN connections supported • Traffic can use multiple WAN connections simultaneously or on a failover VPN Failover • Mission-critical VPN traffic keeps flowing if a remote site becomes unavailable • Traffic automatically fails-over to another gateway IPv6 Readiness • IPv6 Ready Gold Logo validates IPv6 routing • All XTM appliances will support IPv6
  • 17. Managing XTM Solutions: Flexibility Choose from three user interface options: Administer your way Command Line Interface WatchGuard Systems Manager Interface Web Interface
  • 18. Managing XTM Solutions: Real- Suite of tabbed tools deliver information needed to monitor and react to network status Take instant remediative Time Visibility action, such as adding a site to a blocked sites list Real-time monitoring lets you take instant action to protect your network.
  • 19. XTM Multi-Box Management Saves Time Simultaneously manage from 2 to 100’s of boxes. Implementing the WatchGuard solution was a breeze. The policy setting and system configuration is easy Align security policies across because it is all very an organization – or apply logical and modifications between boxes straightforward. Francis Lim, IT Manager, Eurokars Group
  • 20. Securely Connecting Users: VPN • Create VPN by simple drag and drop • Connect any location with Internet access • Select from IPSec, SSL, PPTP • Choose your device: laptop, smartphone, tablet • Define flexible rules to restrict data access to authorized individuals only • Use client or clientless options I can’t remember the last time I had to call someone with a security problem. With WatchGuard, we are always connected. Lucas Goh, Head of IT Operations for Asia, Berg Propulsion
  • 21. What is “Next- Generation”? “Firewalls need to evolve to be more proactive in blocking new threats, such as botnets and targeted attacks. Enterprises need to update their network firewall and intrusion prevention capabilities to protect business systems as attacks get more sophisticated.” (XTM = Next-Generation UTM) “XTM platforms will take security appliances beyond traditional boundaries by vastly expanding security features, networking capabilities and management flexibility.”
  • 22. Next-Generation Security Solutions Next- LiveSecurity® Generation Firewall Application Control Bundle Intrusion Prevention Service Gateway AntiVirus Reputation Enabled Defense (RED) WebBlocker spamBlocker
  • 24. XTM Performance & Value = Market Leadership Market Share Q3 2011 WatchGuard Check Point SonicWall McAfee Fortinet Cisco $0 $2,000,000 $4,000,000 $6,000,000 $8,000,000 $10,000,000 $12,000,000 $14,000,000 $16,000,000 $18,000,000 $20,000,000 Cisco Fortinet McAfee SonicWall Check Point WatchGuard Market Share Q3 2011 $8,332,580 $10,575,907 $11,366,568 $13,537,362 $12,743,382 $17,306,073 Source: 2011 Infonetics, 3Q11 Network Security Appliance and Software Worldwide and Regional Market Share.
  • 25. Industry-Leading Value “The company is strong, the products able, and the pricing can’t be beat.” Source: Info-Tech Research Group. Vendor Landscape: Unified Threat Management. August 2011.
  • 26. Why WatchGuard Wins vs. Palo Alto vs. Fortinet vs. Cisco vs. SonicWall Networks • General purpose CPU • Application Control • Simpler admin. task • Gateway AntiVirus beats ASIC for security • HTTPS inspection flows detects malware in all • Real-time visibility • Tightly integrated • Application Control compressed file tools security services ease of use (e.g. formats • 65 bundled reports • UTM performance search) • Email security and anti- vs. only 2 • 2.5 million AV spam capabilities • Simple VPN setup • Multi-WAN signatures vs 25,000 • Comprehensive • Model upgrades by appliance • Traffic shaping license key line, including • VPN setup wizard tabletops Watch Video Comparisons http://www.watchguard.com/latest/us-vs-them.asp
  • 27. Moving Security Forward with Watchguard XTM • “Best-in-class” security for comprehensive protection • Recognized security “Trend Setter”, industry “Champion”, and “Leader” • 65 reports included at no extra cost • Real-time monitoring • Intuitive set-up wizards • Multi-WAN support • Market-leading value
  • 28. Why we need Watch guard •Manage users to access internet. •Filtering content and url of the website. •Filtering by keyword •Filtering and inspect HTTPS. •Web blocker has over 54 categories for IT manager to manage the internet access. •Report and logs all content accessed by users. •Secure e-mail and web access. •Can be integrated to the Domain controller to apply the policy to manage users. Watchguard is not only a simple firewall but also it is a good tools for IT Manager to manage their network.
  • 29. Network and user management. E-mail security
  • 30. Watchguard XTM features Application control
  • 31. Watchguard – integated solutions. Protects networks by integrating best-in-class security technologies that enable businesses to manage risks, empower people and improve efficiencies.
  • 33. WatchGuard: Industry Leader Gartner Named “Leader” in Magic Quadrant Multifunction Firewalls IDC “WatchGuard, one of the first security appliance vendors, will remain a leader in this market going forward.” Frost & Sullivan “WatchGuard is on its track of becoming a major participant in the enterprise-UTM market.” “Measurements have indicated that WatchGuard has chipped away the market share formally held by Fortinet, Cisco, and Juniper.”
  • 34. Defense-in-Depth — XTM WatchGuard Extensible Threat Management VPN Stateful Content Firewall Security  Layered Security  SSL Deep Reputation IPSEC Packet Enabled Inspection Defense Gateway Antivirus Intrusion Centralized Prevention Spam Management Protection Rich Reporting URL Real-Time Filtering Monitoring Application Control
  • 35. WatchGuard XTM Series: Unified Threat Management Sized for small businesses to the enterprise All-in-one network security Firewall Integrated with Advance networking features SSL and IPSec VPN (MUVPN/BOVPN) Reputation Enabled Defense (Cloud Security Services) WebBlocker (including full HTTPS inspection) SpamBlocker Gateway Anti-Virus/Intrusion Prevention Services Application Control (More than 1800 signatures!) Three management interfaces–console, web UI, CLI Reporting and real-time monitoring–at no extra cost Model-upgradeable within each series
  • 36. WatchGuard XTM 5 Series Recommended for main offices/ headquarters with up to 1,500 users Performance driven security for growing mid-size businesses Up to 2.3 Gbps firewall throughput Full HTTPS inspection and VoIP support. Model-upgradeable
  • 37. Logs and reports • Watchguard does not keep the logs and reports in the same box. •Watchguard recommends customer to use another computer running Win XP to install logs and report management software to run as Report and Logs server. • This idea is really good for customer to manage and backup the logs and report information. • Log information could be stored for many years.
  • 38. Gain Visibility. Gain Insight. Gain Control. WatchGuard Application Control Thank You!

Notes de l'éditeur

  1. Animation: Click on the mouse to make the 2011 chart columns appearAbout the chart/study:A Robert Half Technology survey asked 1400 CIO’s: “Which of the following most closely describes your company’s policy on visiting social networking sites, such as Facebook and Twitter, while at work?” More than half (51 percent) of the chief information officers (CIOs) surveyed said they permit employees to use social media sites like Twitter and Facebook on the job as long as it’s for business purposes--up from 19 percent in 2009. But while firms may be more open to the business applications of social media, nearly one out of three (31 percent) organizations still prohibit use of social media at the office.As opposed to just a few years ago, organizations today are embracing Social Media such as Twitter, Linkedin, Facebook, and many others:To Build Brand Awareness (Facebook)Offer Better Customer Support (Twitter, Facebook)Direct Campaigns (Twitter, Facebook)Employee Recruitment Tool and Background Checks (Linkedin, Facebook)
  2. Additional Info.:Malicious links can come from:Malicious friend requestsLike-jackingFacebook messagesMalicious appsURL “shorteners” exacerbate the issue (Twitter)Potential for apps to go rogue (the Trojan horse strategy)
  3. (Possible Alternate Title: Social Networks – Imperil Productivity…)(Note: This slide has several animated steps. 1. Click to remove the graphic of the U.S. internet time condensed into an hour and replace with the chart of U.S. monthly time spent on the most heavily used internet sectors 2. Click again to replace the chart of monthly time with the Go-Globe.com graphic of online activity each minute. 3. Click again to replace the Go-Globe.com graphic with a black hole/funnel graphic with dollar signs 4. Click once more for the dollar signs to get sucked into the funnel)Point of Slide: Time = $$$$$Many of these activities cause business productivity to suffer and suck up bandwidth.
  4. [Edit: Make point that hundreds of apps now use many different ports (80 & 443 (https))Point of slide:The rapid growth and acceptance of social media has rendered many fundamental security technologies inadequate. Apps frequently tunnel right past traditional, port-based firewalls. Traditional firewalls lack visibility in what apps do on a network. Malware can and does propagate through these 3rd party and web appsAdditional info:There are many reasons why social media applications can pose risk to any size business. Here are a few:Productivity Loss: Various research organizations have reported that the United States loses billions of dollars a year due to lowered productivity, as a result of time sinks such as social media sites. Although social media sites can be used for collaboration and rich communications, IT administrators often lack the ability to manage and control business productivity web applications vis-a-vis gaming web applications.Data loss: With most US states enacting mandatory data breach disclosure laws, businesses are increasingly concerned about data leakage, whether accidental or malicious. Unfortunately, the attributes that make social media sites a fantastic communication medium also make them a potential risk for information and privacy leakage. By having application control capabilities, administrators reduce risks associated with accidental as well as malicious data loss.Social media is growing as malware and attack vector: The whole point of social media is to interact with others. Social media sites breed a culture of trust. Typically interactions are with people considered to be "friends", which implies trust. Meanwhile, social media sites do not have any technical means to validate that the people you are interacting with really are who they say they are. For instance, on Facebook, anyone can make an app—there is little to no app validation. And these apps have access to your Social Network profile and your browser. An app essentially has the same access to you as a “friend”.Social Media is immensely popular. According to online analytics firm, Compete, Facebook is now the 2nd most popular Web destination after Google. Many other social networks, such as Twitter and YouTube, follow closely behind. Attackers are attracted to this popularity because they know it means that they can get "return on investment“ (ROI) for their attacks.Social media sites suffer from many technical vulnerabilities. HTTP has no built-in security. The complexity of Web 2.0 applications can lead to imperfect code, which introduces social network sites to many Web application vulnerabilities, such as SQL injection and cross-site scripting (XSS) attacks. Furthermore, the whole concept of allowing an untrusted user to push content onto your web site conflict with traditional security paradigms. Simply put, this means social media sites are more likely to suffer from web vulnerabilities than less complex and less interactive web sites. 
  5. Animation: Click once to progress to the 2nd tab, and once more to proceed to the third tab.1. See the applications in use on your network2. Enable secure & productive business use of applications3. Restrict unproductive, insecure & bandwidth draining applications
  6. It’s imperative to know what is going on your network in order to successfully satisfy and implement policy.Identification, control, and reporting on 1800+ applications and sub-functions.
  7. Animation: looping animated Gif demonstrating 1. Applications organized/searchable by category 2. Query search for applications
  8. Here is an example of how you can implement policy broadly across application category.For this example:No gamesNo P2PNo Bypass Proxies/TunnelsNo File TransferNote that “application specific actions take precedence over category actions.” This refers to the granular control we can apply within each broad category—for instance, as our default here we broadly allow instant messaging. However, within that category for instance, we may disallow MSN instant messaging.
  9. While the ability to exercise broad control across categories helps you easily set default actions that work for your business and that remain enforced on new applications as they are added, with WatchGuard application control, you can also drill down to control specific applications and application subfunctions as well as exercising control over a user or group, such as for the Marketing team.In this example, the application we are configuring is MSN. Within MSN, we currently show 5 different sub-functions. In this instance, we set the actions to allow “Authority” and “Communicate” while disallowing “Games,”, “Media”, and “File Transfer”.
  10. (Slide under research/in progress: Tim is working on a new format)WATCHGUARD Basics: Over 1,800 applications, using 2,500 signatures Easy-to-control granular application behavior More than pattern matching, sophisticated behavioral techniques are used to identify apps All application policies are clearly applied in the same firewall policy table as all other firewall policies Query search by applicationAt A Glance Fortinet Fewer applications than WatchGuard. Reporting is an add-on extra.CiscoNo application management features on their UTM devices (ASA’s) (is this SonicWall:Poor ease of use and user interface. Lacks a simple search function—tedious and time consuming to locate the application you seek. Many Menus and clicks to create per policy app control rules. Application policies are not clearly tied to normal firewall policies.App Control Intermixed with IPSPalo AltoNo spamBlocker, RED, etc.
  11. Animations: Click once to display GAV – IPS – RED – Application Control. Click once more to display bullet points on how these services provide defense-in-depth against a potential Web 2.0 Security IssuePoint-of-Slide: An example of how WatchGuard’s XTM defense-in-depth/integrated security approach works. For this example, defense-in-depth against a Web 2.0 security issue.No other UTM has Reputation-Enabled Defense (Not SonicWall, Not Fortinet, Not Palo Alto)
  12. Point of Slide: There is more to the story than pure security Additional Info:A WatchGuard XTM device is about more than simply security. XTM Traffic Management and Traffic Failover features help solve bandwidth contention problems, and keep data flowing. Firmware XTM delivers networking flexibility for easy implementation, consolidation and maximum uptime. Businesses invest heavily in their Internet connectivity, but often available capacity is wasted by non-productive, bandwidth-hungry activities. Businesses sometimes go “off the air” because of ISP failures. Any, or all, of these can get in the way of the business’s main reason(s) for existence. WatchGuard’s set of traffic management and failover functions helps to ensure that a business gets the absolute best performance out of its Internet connectivity. Competing products don’t have the breadth of traffic management and failover features that WatchGuard offers.WatchGuard Firmware also “Plays well with others”
  13. Animation: You may click on each of the UI’s to get a close-up view. Click on the close-up to return to the screen.Flexibility – with the different administration options, makes administration easy.Centralized management tools included (No hidden charges – rich management experience out-of-the-box or advanced multi-box management features forjust a little more)Ask your WatchGuard reseller for a demo of our management platform.
  14. Animation: You may click on each of monitoring screenshots to get a close-up view, along with pop-up text-boxes to see some actions that may be taken. You may click on the close-up view to dissolve out back to the slide.Firebox Traffic Monitor - displays firebox logs in a scrolling, interactive interface
  15. Animation: Click on the configuration screenshot for a close-up view and pop-up text highlights. Click on the expanded view to return to the screen.
  16. Animation: Click on the laptop image in the lower right corner of the slide to start a looping, animated Gif of Drag & Drop VPN – see how and fast and simple it is! Click on the .Gif to dissolve it and return to the screen.Point of Slide: Businesses need ways to securely connect individuals and locationsContent: WatchGuard offers multiple ways to connect offices and individuals that are easy to configure, cost effective, and highly secure. When it comes to connecting locations together, any IT pro who has created IPSec tunnels the old-fashioned way knows that it is a painstaking process. There are dozens of settings that need to be configured correctly—some identical on both sides, some reciprocal—and all it takes is one of them being wrong to cause major headaches and frustration. WatchGuard’s Drag and Drop VPN creation takes the frustration away—a simple drag-and-drop operation in the UI securely connects locations. This is an enormous time-saver, and also helps reduce set-up errors. If a big snowstorm hits, is a business prepared to get work done with large numbers of teleworkers? WatchGuard SSL, or the Mobile VPN options in WatchGuard XTM, allow a business to keep on ticking even when workers can’t make it in to the office.
  17. Unified Threat Management (UTM)Originally coined in 2003 by IDC analyst, Charles Kolodgy, the term unified threat management (UTM) represented a ground-breaking concept in having disparate security functions – firewall, intrusion detection/intrusion prevention (IDS/IDP) and gateway anti-virus (AV) – reside in a single, integrated network security appliance.Today, Gartner analysts have been the leading proponents of what they call next-generation firewalls:“Firewalls need to evolve to be more proactive in blocking new threats, such as botnets and targeted attacks. Enterprises need to update their network firewall and intrusion prevention capabilities to protect business systems as attacks get more sophisticated.”A NGFW (next-generation firewall), according to Gartner, must have all the capabilities of a traditional firewall and also integrated IPS and application awareness and control.The analysts at IDC, however, have positioned XTM platforms as next-generation UTM’s with expanded platforms.Extensible Threat Management (XTM) is the next generation of Unified Threat Management (UTM), integrated network security appliances.As stated by IDC industry analyst Charles Kolodgy, in SC Magazine (May 2, 2008), Kolodgy reports,"XTM platforms will take security appliances beyond traditional boundaries by vastly expanding security features, networking capabilities and management flexibility. Future XTM appliances should provide automated processes – such as logging, reputation-based protections, event correlation, network access control and vulnerability management. Adding to the networking capabilities will be management of network bandwidth, traffic shaping, throughput, latency and other features, including unified communications."Additional info:(Forrester Research Report)“IT managers, CSOs, and CIOs are likely to overcome this (budget) restraint by pointing out how a UTM product can cut cost, in terms of replacing stand-alone security products with one product.” (Forrester Research Report)A study by Aberdeen Research demonstrated that best-in-class organizations use UTM/XTM devices because they provide superior security and at a better price. They had less down-time, and needed less resources to manage them… In other words, they got a much better return on their investment!”Best-in-Class organizations are 80% more likely to use UTM devices to secure their businesses!
  18. Animation Instructions: Click to have the “Next-Generation Firewall Bundle” fade out and to display the “Security Bundle”Point of Slide: This slide showcases the different threat management services offered on WatchGuard XTMFrom initial purchase through ongoing security management, security bundles makes network security easier and more efficient. You get a complete solution at an excellent price, with no additional fees, contracts, or hardware to purchase. Next-Generation Security Bundle:Includes LiveSecurity, Application Control, and IPS. According to Gartner’s definition of a Next-Generation Firewall (NGFW), these are essential features.Security Bundle:If you already have a WatchGuard XTM appliance, turn it into a complete threat management solutions with a Security Bundle. One appliance performing all of these security functions greatly simplifies the management of these services for your business. A great deal when you buy together and save! In contrast to competitors who may try to develop a software solution in-house for each security need, WatchGuard believes no vendor can possibly offer the best solution for each disparate security function. WatchGuard’s XTM products have been engineered to fully integrate “best-of-breed” security products that are developed both in house as well as by other industry-leaders, including, AVG, Broadweb, Commtouch, and Websense. Let’s take a closer look at the different threat management services that WatchGuard offers. Extra Content:LiveSecurity: WatchGuard’s LiveSecurity service covers software updates for the appliance, bug fixes and new features, advance hardware replacement, and high-touch technical support based entirely at WatchGuard’s own offices. Additionally, and uniquely, LiveSecurity offers timely, incisive, and broad security research, security bulletins, and foundational and best-practices content. WatchGuard’s LiveSecurity team has monitored the threat landscape, daily, since 1999. WatchGuard recognizes that most businesses don’t have time to research the latest threats and the proper responses to them, which is why the LiveSecurity team conducts this research and delivers it in plain-language articles, blog posts, podcasts, and presentations. When an attack is not merely feasible, but likely, we alert our subscribers. WatchGuard’s award-winning support and maintenance package Application Control: WatchGuard XTM Application Control is powered by Broadweb, one of the leading providers of application identification and control. Fine-grained control and unparalleled visibility for over 1800+ applicationsIPS: The Intrusion Prevention Service in WatchGuard XTM is also provided by Broadweb, for stalwart protection against a multitude of attacks. Real-time protection against network threats, such as SQL injections spyware, cross-site scripting, buffer overflowsGateway AntiVirus: GAV scans traffic for the latest—as well as well-known—malware. AVG’s technology is consistently rated extremely high in anti-virus tests by third-party organizations. It uses a combination of traditional virus signatures and behavioral analysis to detect malware. Heuristics and signatures to identify and block viruses, trojans, and spyware .Reputation Enabled Defense(RED):WatchGuard itself is the provider of Reputation Enabled Defense. WatchGuard’s proprietary cloud-based reputation database ensures safe and fast web surfing, and keeps customers’ mail servers free of unwanted email—all at the connection level, meaning that bandwidth and WatchGuard appliance computing resources are saved for other, mission critical traffic. WebBlocker: WatchGuard’s partner for WebBlocker URL filtering is Websense, one of the world’s premier web content filtering providers. URL Filtering prevents inappropriate and unsafe web surfing. According to the analysts at IDC Websense boasts “ Web security market leadership, with market share close to 40 percent larger than the next largest vendor.”spamBlocker: Powered by CommTouch, spamBlocker stops over 97% of unwanted email at the gateway. CommTouch’s patented Recurrent Pattern Detection Technology reviews over 4 billion messages daily and is able to detect and prevent spam, regardless of language, content, encoding, or other evasion techniques. It is exceptionally simple to configure and includes helpful reporting and quarantine functions. spamBlocker also uses CommTouch’s Virus Outbreak Detection technology to block email-borne viruses at the gateway.
  19. Animation: You may click on AVG to display the RAP averages quadrant (Aug 2010 – Feb. 2011) that highlights AVG as a top performer. You may click on the chart/quadrant to fade back to the original slide.Again - in contrast to competitors who may try to develop a software solution in-house for each security need, WatchGuard believes no vendor can possibly offer the best solution for each disparate security function. WatchGuard’s XTM products have been engineered to fully integrate “best-in-class” security products that are developed both in house as well as by other industry-leaders, Content:Gateway AntiVirusGAV scans traffic for the latest—as well as well-known—malware. AVG’s technology is consistently rated extremely high in anti-virus tests by third-party organizations. It uses a combination of traditional virus signatures and behavioral analysis to detect malware (Click on the AVG graphic to display the RAP averages quadrant).Application ControlWatchGuard XTM Application Control is powered by Broadweb, one of the leading providers of application identification and control. Independently reviewed and certified in ICSA and NSS independent lab testing. It provides coverage for over 1800 applications, including a unique drill down capability for application sub-functions.IPSThe Intrusion Prevention Service in WatchGuard XTM is also provided by Broadweb, for stalwart protection against a multitude of attacks.WebBlockerWatchGuard’s partner for WebBlocker URL filtering is Websense, one of the world’s premier web content filtering providers. According to the analysts at IDC Websense boasts “ Web security market leadership, with market share close to 40 percent larger than the next largest vendor.”Reputation Enabled Defense`WatchGuard itself is the provider of Reputation Enabled Defense. WatchGuard’s proprietary cloud-based reputation database ensures safe and fast web surfing, and keeps customers’ mail servers free of unwanted email—all at the connection level, meaning that bandwidth and WatchGuard appliance computing resources are saved for other, mission critical traffic.spamBlockerPowered by CommTouch, spamBlocker stops over 97% of unwanted email at the gateway. CommTouch’s patented Recurrent Pattern Detection Technology reviews over 4 billion messages daily and is able to detect and prevent spam, regardless of language, content, encoding, or other evasion techniques. It is exceptionally simple to configure and includes helpful reporting and quarantine functions. spamBlocker also uses CommTouch’s Virus Outbreak Detection technology to block email-borne viruses at the gateway. LiveSecurityWatchGuard’sLiveSecurity service covers software updates for the appliance, bug fixes and new features, advance hardware replacement, and high-touch technical support based entirely at WatchGuard’s own offices. Additionally, and uniquely, LiveSecurity offers timely, incisive, and broad security research, security bulletins, and foundational and best-practices content. WatchGuard recognizes that most businesses don’t have time to research the latest threats and the proper responses to them, which is why the LiveSecurity team conducts this research and delivers it in plain-language articles, blog posts, podcasts, and presentations.
  20. Extra Content:“IT managers, CSOs, and CIOs are likely to overcome this (budget) restraint by pointing out how a UTM product can cut cost, in terms of replacing stand-alone security products with one product.” (Forrester Research Report)An Aberdeen Research study demonstrated that best-in -class organizations used UTM/XTM devices because they provided better security at a better price. They had less down-time, and needed less resources to manage them… In other words, they got a much better return on their investment!
  21. Source: Info-Tech Research Group. Vendor Landscape: Unified Threat Management. Released: August 2011WatchGuard maintained the highest Info-Tech Value Score of the vendor group. In fact, competitor vendors were indexed against WatchGuard’s performance to provide a complete, relative view of their offerings.
  22. Additional Notes:FortinetASIC technology slows content inspectionApp Control is harder to useFewer administrative toolsLimited Multi-WAN and QoS supportUnwieldy VPNMore expensiveWhile Fortinet’s ASIC technology provides solid firewalling performance, it lags significantly in content inspection performance.How many reports does Fortinet include with their products? (A: 2, and WG includes 65!)How many additional Fortinet products do you need to purchase to match what WatchGuard includes with every XTM firewall? (Two: FortiAnalyzer for reporting, FortiManager for centralized management)What is the only way to get secure logging from a remote Fortinet device? (build a VPN tunnel from the device to the FortiAnalyzer or syslog server)What is the name of Fortinet’s URL reputation service? (Trick question: they don’t have one!)Name Fortinet’s equivalent to Traffic Monitor (Trick question: they don’t have one!)CiscoNo HTTPS inspectionNo app controlBolted on security features (AV, IPS, etc.) poorly integratedSluggish UTM performanceNotoriously awkward administrative interfacesNot competitively pricedSonicWallCumbersome App Control is mixed with IPSAdmin. tasks take longerNo model upgradesOnly 25 thousand AV signatures (WatchGuard has 2.5 MILLION!)Want to secure a web server? With WatchGuard, you'll be done in less than a minute (48 seconds to be exact). Watch and wait while SonicWall forces you toopen and close numerous screens, fill in the blanks and search around for what you need. After 5 minutes, you'll still be trying to figure it out.Palo Alto NetworksAV (“Threat Protection”) misses viruses in common formatsSignificant tradeoffs with streaming AV engine (not ideal for blocking malware,)Narrow focus - no email security, spamBlocker, RED, etc.Poor valueSonicWall & Palo Alto AVSonicWall and Palo Alto both use Streaming AV engine vsWatchGuard’s buffering.The pro’s of AV are it can be fast (less latency). The downside for both SonicWall and Palo Alto is thatstream-based engines can’t re-assemble actualcontent, they have very limited compression handling capabilities, they are susceptible to evasion techniques (HTTP-chunking), and there are issues finding“boundaries” for content. On the other hand, WatchGuard’s buffered AV is WAY MORE SECURE. Reassembly of file means evasion doesn’t work.
  23. Extra Content: Organizations need a clear choice to defend their networks, and that is where WatchGuard can help. WatchGuard eXtensible Threat Management (XTM) provides a number of layers of security to keep attacks out. WatchGuard’s “Defense-in-Depth” with “Best-in-Class” Security defends against botnets, APTs, and other attacks; while keeping web browsers and organizations in control when using web 2.O applications.WatchGuard architecture consists of different security layers working cooperatively with one another to dynamically detect, block, and report on malicious traffic while passing benign traffic through as efficiently as possible. Each layer performs different security functions. Zero day protection is a consistent theme throughout the different layers—which means that WatchGuard protects businesses from new, unknown threats.One appliance performing all of these security functions greatly simplifies the management of these services for your company!