rits-wgpresentation
TRANSCRIPT
Prepared by: Ricoh IT ServicesNSE: Serhat Cakmakoglu
Network Infrastructure Upgrade
Internet Service Component:Current Customer is restricted to using only a No Gateway Security Cisco VPN Router managed by UAP-NAPA IT. Advanced document management tools are not accessible to Mobile Devices on Public Networks via SSL VPN and Customers via HTTPS. There is no Secure WiFi. ProposedWatchGuard XTM330 & AP200 WiFi Access Point with Advanced UTM & Next Generation Firewall features. The proposed appliances will allow customer to securely connect to specific Servers on specific ports only as per configuration.The WatchGuard XTM330 appliance has a superior layer of security allowing only the specified traffic to enter the internal network using policy proxy zone routing.WHY?•To allow access to Laserfiche Web link and Planet Press Capture On The Go for the mobile devices.Network Infrastructure & Security Component:CurrentNO NEXT GENERATION FIREWALL & UNIFIED TREAT MANAGEMENT Appliance. No Application Control, URL Content Management, Malware and Intrusion (IPS) protection.
Network Infrastructure Upgrade Cont.…
ProposedState of the Art WatchGuard XTM330 Single Solution Security Appliance with Next Generation Firewall and AP200 WiFi Access Point, Site to Site and Client VPN up to 50 users simultaneously and Unified Treat Management Gateway Security with IPS (Intrusion Detection & Prevention),Gateway Antivirus, WebBlocker, SpamBlocker , Application Control, Reputation Enabled Defense to support all your current networks needs. For your future needs, WG has optional APT (Advances Persistent Threat) Detection and DLP (Data Loss Prevention) Services available as an additional option.State of the Art 1xCisco SG200-8, 8 Gigabit Port, Layer 3 compatible Fully Managed Switch with VoIP, VPN, Virtual LAN QoS and Traffic Prioritization support.
WHY?•To provide the ability to securely segment the 2-WAN networks in order to provide segregation.•Simple, Powerful, Reliable Network Security to meet today’s and tomorrow’s maximum distribution compliancy expectations.
04/15/23
About WatchGuardAccolades
Taken private in 2006: enabled strategic shift
2007-2009: 3-year effort to re-architect platform, business model
Firewall appliance pioneer HQ in Seattle, WA ~1,000,000 appliances shipped to
business customers worldwide 100% channel – 5,000 partners (1,200
with advanced certification) in 120 countries
Worldwide sales: 48% from Americas, 38% EMEA and 14% APAC
201
2
2006
Taken private in October
2007-2009
Re-Engineering of Product
2010 2011 2012
Launched re-architected product with Best-of-Breed HW Best-of-Breed SW
Launched RED / Next
Gen Firewall
Virtual solutions: XTMv and
XCSv,Hardware Refresh
2013
Launched WatchGuard Dimension™
Why Customers Choose WatchGuard
#1 UTM Performance at all
price points
Top UTM Performance
#1 IndustryLeading Modules
Best-of-Breed
Technology#1 Most
Highly Recognized
StrongManageabili
ty
WatchGuard’s Industry-Leading Platform Yields Key Benefits
Why DO We Need WatchGuard•Manage users to access internet.•Intrusion Prevention and Advanced Application Control•Filtering content and URL of the website.•Filtering by keyword•Filtering and Deep Pocket Inspection of HTTPS.•Web blocker has over 130 categories for IT manager to manage the internet access.•Reports and logs all content accessed by users via Dimension.•Secure e-mail and web access.•Can be integrated to the Domain AD controller to apply the policy to manage users.•Advanced Persistent & Zero Day Malware Threat Detection.•Data Loss Prevention and many more features….
WatchGuard is NOT ONLY a Secure Firewall but also it is a good tool for IT Managers to Manage their Network.
New Technologies & Threats Shape Security Needs
8
Businesses Have Complex Security Needs
Broad Security Needs - Varying Budgets & Facilities
9
10
…And Steal Headlines
11
….”SMBs don't know how defenseless they've become, especially to automated and industrialized attack methodologies by organized crime," Christopher Porter, Verizon RISK Team.
Retrieved from (2-28-13): http://www.pcworld.com/article/252302/why_hackers_set_their_sights_on_small_businesses.html12
You Can’t Control What You Can’t See
• Traditional port-based firewalls lack the ability to see, let alone control, many apps
• Productivity Loss
–Bandwidth-hungry apps slow networks
• Data Loss / Attack Vector
– Social networks breed a culture of trust
– Rife with technical vulnerabilities
• Traditional port-based firewalls lack the ability to see, let alone control, many apps
• Productivity Loss
–Bandwidth-hungry apps slow networks
• Data Loss / Attack Vector
– Social networks breed a culture of trust
– Rife with technical vulnerabilities
13
Security Implications of Virtualization
Physical Network
Firewall sees & protects all traffic between servers
Virtual Network
Physical security is blind to traffic between virtual machines
VM 1 VM 2 VM 3
Hypervisor
VS
Host
14
Virtualization Poses New Security Challenges
15
Visibility of Virtual Networks is Key
“…Unless you put virtualized security controls—virtual sniffers, virtual firewalls, all the same controls you'd use on a physical server, inside that network, you don't see what's going on." Neil MacDonald, security and infrastructure analyst at Gartner.
16
Converging Trends
Distributed Work• 23% of employees do some work
from home1
• High Salary employees ($100k+) are more likely to work from home2
– 70% at least once
– 20% more than 5 days per week
• 23% of employees do some work from home1
• High Salary employees ($100k+) are more likely to work from home2
– 70% at least once
– 20% more than 5 days per week
Small Businesses Handle Confidential Information
– Insurance Agents– Tax Accountants– Lawyers– HealthCare– Consultants
Use Routers supplied by ISP– Use Defaults– Not Patched– Offer just NAT– ISPs are Not Security Experts
Handle Confidential Information– Insurance Agents– Tax Accountants– Lawyers– HealthCare– Consultants
Use Routers supplied by ISP– Use Defaults– Not Patched– Offer just NAT– ISPs are Not Security Experts
Small Retail Outlets
• Self service kiosks• Staffed retail booths/kiosks• Small shops• Even the smallest outlets now
collect credit cards and personal data
• Self service kiosks• Staffed retail booths/kiosks• Small shops• Even the smallest outlets now
collect credit cards and personal data
© 2011 WatchGuard Technologies
Rethinking the Perimeter
Retail / Kiosk
XTM Defense-In-Depth In Action
WatchGuard vs. Web 2.0 Security Issues
24
An Application Proxy checks Source IP, Destination IP, Port, Protocol
If a matching rule (or service) is found:
The proxy then performs deep inspection on the content of the packet, including application layer data.
Cornerstone – The Application Proxy
Packet Reassembly – since 1996
This is the key to finding threats that OTHER FIREWALLS MISS!
25
Fireware XTM: Making the Most of Your Network
26
Secure Your Virtualized World with XTMv
• Easy to download, enable, deploy, and manage (WSM, web, CLI)
• Leverages vSphere and Hyper-V flexibility and availability
• Multiple models for organizations of all sizes
• Per-customer, -department, or -app deployment
• Delivers same best-in-class security of XTM devices to the virtual environment
• Easy to download, enable, deploy, and manage (WSM, web, CLI)
• Leverages vSphere and Hyper-V flexibility and availability
• Multiple models for organizations of all sizes
• Per-customer, -department, or -app deployment
• Delivers same best-in-class security of XTM devices to the virtual environment
27
Secure Your Wireless Networks with
WatchGuard Access Point Devices
• Extend XTM best-in-class security to the WLAN
• Harness the power of mobile devices without jeopardizing your network
• Apply security policies to wired and WLAN resources
• Leverage XTM tools for ease of administration
• Extend XTM best-in-class security to the WLAN
• Harness the power of mobile devices without jeopardizing your network
• Apply security policies to wired and WLAN resources
• Leverage XTM tools for ease of administration
28
Turn Oceans of Data into Security Intelligence
WatchGuard Dimension – Launched Oct. 2013
29
Bring Big Data Visibility to Network Security
Bring Big Data Visibility to Network Security
Real-time monitoring lets you take instant action
Many View Options:Drill-down in FireWatch TreeMap View to Hone in on Insights
Managing XTM Solutions: Satisfy Auditors
Over 90 pre-defined reports included. Drill-down for the data you need.
31
XTM Multi-Box Management Saves Time
Simultaneously manage from 2 to 100’s of boxes.
Implementing the WatchGuard solution was a breeze. The policy setting and system configuration is easy because it is all very logical and straightforward.Francis Lim, IT Manager, Eurokars Group
Align security policies across an organization – or apply modifications
between boxes
Align security policies across an organization – or apply modifications
between boxes
32
I can’t remember the last time I had to call someone with a security problem. With WatchGuard, we are always connected.Lucas Goh, Head of IT Operations for Asia, Berg Propulsion
Securely Connecting Users:
VPN• Create VPN by simple drag and drop• Dynamic Routing can be applied to branch office
VPN connections• Select from IPSec, SSL, L2TP for Mobile Users• Choose your device: laptop, smartphone, tablet• Define flexible rules to restrict data access to
authorized individuals only
33
Small Business 1- 50 Users 50 - 250
Users
Service Providers / Headquarters 1,000+ Users
Midsize Business250 – 500 Users 500 – 1,000 Users
XTM 3 Series
Industry-Leading Performance at Each
Price Point
FIREBOX T10 & XTM 2 Series
XTM 5 Series
XTM 8 Series
XTM 1050
XTM 2050
XTM 3 Series
XTM 1500 Series
XTM 800 Series
XTM 2520
34
Strong Suite of Security Products…
WatchGuard Security Solutions combine firewall, VPN, and security services to protect networks from data loss, spam, viruses, malware, and intrusions.
XTM 2520: Large enterprises and corporate data centers*
XTMvFour virtual software license versions with full UTM features
XTM 2 & 3 Series: Small offices, branch offices and wireless hotspots
XTM 5 & 800 Series: Mid-sized businesses and distributed enterprises
Software Scalability: Single version of WatchGuard Fireware® OS runs on all solutions, including virtual
XTM 1500 Series: Large distributed enterprises
Wireless Access Points AP100/200 & AP102Businesses can harness the power of mobile devices without putting network assets at risk.
… with leading performance that meets the needs of businesses of all sizesCore Business Product Line
Incr
easing th
roughput t
o meet b
usiness
es
needs
*XTM 2520: World’s fastest, greenest 1 rack unit UTM Firewall
Firebox® T10: Small office/home office and small retail environments Indoo
rOutdoor
Smart Security with Watchguard XTM & XTMv
• “Best-of-breed” multilayered security for physical and virtual environments
• Recognized security “Trend Setter,” industry “Champion” and “Value Leader”
• 90 reports included at no extra cost
• ICSA Firewall & IPSec certification
• Real-time monitoring• Intuitive set-up wizards • Multi-WAN support• RapidDeploy capability
• “Best-of-breed” multilayered security for physical and virtual environments
• Recognized security “Trend Setter,” industry “Champion” and “Value Leader”
• 90 reports included at no extra cost
• ICSA Firewall & IPSec certification
• Real-time monitoring• Intuitive set-up wizards • Multi-WAN support• RapidDeploy capability
36
What is “Next-Generation”?
(XTM = Next-Generation UTM) “XTM platforms will take security appliances beyond traditional boundaries by vastly expanding security features, networking capabilities and management flexibility.”
“Firewalls need to evolve to be more proactive in blocking new threats, such as botnets and targeted attacks. Enterprises need to update their network firewall and intrusion prevention capabilities to protect business systems as attacks get more sophisticated.”
37
Industry-Leading Value
“The product’s reporting functionswere a differentiator amongstother NGFW”
Source: Info-Tech Research Group. Vendor Landscape: Next Gen Firewall. August 2014. 38
Segment Leading Manageability & Usability
“Through 2018, more than 95% of firewall breaches will be caused by firewall misconfigurations, not firewall flaws”
-Gartner “One Brand of Firewall is a Best Practice for Most Enterprise Firewalls”, 28 Nov 2012
39
Leader in Gartner UTM Magic Quadrant for 5th Year Running
40 | Confidential
Source: Gartner, March 2012 and June, 2013
“A balance between ease of use and strong security”
“Users and channel partners report high reliability on the appliances and
strong support from WatchGuard”
“[H]ighest use rate of multiple features (beyond firewall, IPS and
URL blocking) of all vendors”
“Recent hardware and software upgrades bring significant
performance improvements”
LeadersChallengers
VisionariesNiche PlayersCompleteness of Vision
Ab
ilit
y t
o E
xe
cu
te
Source: Gartner Magic Quadrant for Unified Threat Management, July, 2013
WatchGuard UTM – Architected for Speed
43
XTM: WatchGuard’s Security Platform
Red boxes = WatchGuard IPRed boxes = WatchGuard IP
Latest, highest performance platform available
Common management console gives policy-driven control of technologies
Standardized across products
Unparalleled security foundation
Best of Breed Technologies from leading vendors
Designed for modularity; easy to add or replace technologies
The value is in the platform
WatchGuard XTM Platform
WatchGuard Proxy-based Engine
WatchGuard
Industry Standard Platforms
Ant
iViru
s
UR
L F
ilter
ing
VP
N
Rep
utat
ion
Ena
bled
D
efen
se
Ant
iSP
AM
Intr
usio
n P
reve
ntio
n
App
Con
trol
Hyper-V
Dat
a Lo
ss
Pre
vent
ion
AP
T
Blo
cker
VMware
…
Policy-based Management Console
WatchGuard Best of Breed
RapidDeploy
• Large MSSPs• Retail Chains
• Technical staff are not required at remote location
• When connected, device securely gets its configuration from the WatchGuard cloud
• Large MSSPs• Retail Chains
• Technical staff are not required at remote location
• When connected, device securely gets its configuration from the WatchGuard cloud
February 5, 2014 49
Simplify large multi-box deployments
Central Management Console
Why WatchGuard
Wins
Watch Video Comparisons http://www.watchguard.com/latest/us-vs-them.asp
50
UTM Combines Multiple Perimeter Services
Unified Threat Management in a single form
factor
ApplicationControl
URLFiltering
AntiSPAM
GatewayAntiViru
sIntrusionPreventio
nServiceFirewall
Data Loss Preventio
nAdvanced Persistent
Threats
© 2011 WatchGuard Technologies
Large Customer Base of Enterprise Businesses
Education HospitalityRetail
Diversified
Food & Beverage
OtherTech, Media & Telecom
A large number of distributed enterprise customers are recognizing WatchGuard’s scalable architecture and best-in-class manageability
TV Globo
Thank You!
76