watchguard: bring your own device or bring your own danger

41
10/28/22 1 Bring Your Own Device or Bring Your Own Danger How BYOD is Overwhelming the Corporate Network

Upload: roeing-corporation

Post on 08-Jun-2015

1.223 views

Category:

Technology


8 download

DESCRIPTION

The BYOD Trend. Find out how to embrace employee devices while protecting your network from threats. Review top strategies for embracing BYOD while managing risks, compliance, and end-user needs. Roeing Corporation & WatchGuard presentation, September 2013.

TRANSCRIPT

Page 1: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

1

Bring Your Own Device or Bring Your Own Danger

How BYOD is Overwhelming the Corporate Network

Page 2: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

2

Bring Your Own……Device, App, Phone, PC, X (whatever)

Page 3: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

3

C Level PerkWith a “Just Make It Work” Deployment Strategy….

Page 4: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

4

BYOD Adoption Driven by EmployeesConsumerism Driving IT Strategies

Page 5: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

5

By 2017 the Number of Connected Devices

Mobile-connected tablets will generate more traffic in 2017 than the entire global mobile network in 2012.

The average smartphone will generate 2.7 GB of traffic per month in 2017, an 8-fold increase over the 2012

Page 6: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

6

Management of BYODTwo Areas of Focus

Device Management - MDMApplications Management - MAM A Secure Eco System

Page 7: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

7

Management of DevicePolicy… What's Acceptable, Training - Certified Users

Passwords .. 70% of Phones don’t have them

Encryption.. 22% of us lose phones

Remote Wipe …Exchange – use Active Synch

VPNs.. For Accessing Corporate Networks , DATA in Motion and Preventing Snooping on Open Networks

AV / Malware Protection… specific for mobile devices.. AVG, Kaspersky, Lookout

Apps from Trusted Sources.. Well know stores and know your Apps

Know Your App– Have users review App settings before accepting

Device Management - MDMApplications Management - MAM

Page 8: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

8

Management of Security Eco System

Security Across all Devices…. Wired and Wireless

VPN.. Secure Data in Motion

App Control .. Control Apps That Users Access

Content Control.. Manage Websites / Avoid Hijacked sites

AV.. Scan Downloads

IPS.. Block Known Attacks

Report log activities.. See What's Going On

Page 9: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

9

The Convergence of Wired and Wireless Networks

Requires the Controlling of Apps and Content – Blocking of Viruses and Malware

Page 10: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

10

BYOD AdoptionWill Overwhelm Current WIFI Network Infrastructure

“By 2015, 80% of newly installed wire- less networks will be obsolete because of a lack

of proper planning.”

Paul DeBeasi, Gartner®, October 2011

Page 11: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

11

Ratio of Users to Networked Devices Is ChangingWireless Mobility = More Devices, Many More

1 user = Laptop, Tablet, Smart Phone

+Wireless Printers, Scanner, Projectors, Cameras.

Etc.

500 user business could increase devices by a minimum of 3x = 1500 devices

Without Proper Planning,Enterprises Deploying iPadsWill Need 300% More Wi-Fi

Tim Zimmerman (Gartner), October 2011

Page 12: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

12

BYOD Applications Are Always ONControlling Applications key to controlling Corporate Wifi

“For end-users selecting WiFi over cellular for the majority of their data consumption is an important consideration for staying within the limits of their cellular data plans”

Cisco Visusl Networking Index, Global Mobile Data Traffic Forcast Update, 2012 - 2017

Page 13: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

14

Application Management Social Networking - Becomes a Business Tool

• Used to Build Brand Awareness• Offer Better Customer Support• Directed Campaigns• Employee Recruitment Tool

Page 14: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

15

Application ManagementData Leakage Prevention - Compliancy – HIPA / PCI

46% of companies that permit BYOD reported experiencing a data or security breach as a result of an employee-owned device accessing the corporate network Mobile Consumerization Trends&PerceptionsIT Executive and CEOSurvey

Page 15: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

16

Application ManagementNetwork Performance and Intellectual Property

 

 

RE: Unauthorized Distribution of a Copyrighted HBO Television Program We are writing this letter on behalf of Home Box Office, Inc. ("HBO").We have received information leading us to believe that an individual has utilized the below-referenced IP address at the noted date and time to offer downloads of copyrighted television program(s) through a "peer-to-peer" service.The distribution of unauthorized copies of copyrighted television programs constitutes copyright infringement under the Copyright Act, Title 17 United States Code Section 106(3).  Since you own the below-referenced IP address, we request that you immediately do the following:1) Disable access to the individual who has engaged in the conduct described above; and/or2) Take other appropriate action against the account holder under your Abuse Policy/Terms of Service Agreement.

Page 16: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

17

UTM For Wired and Wireless NetworksSecurity Applied at One Place Across all Devices

Page 17: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

18

WatchGuard Access PointAt The Convergence of Wired and Wireless Networks

Page 18: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

19

Smart Wireless SecuritySecurity Applied at One Place Across all Devices

AP 100 / 200Radios 1 /2Available Bands 2.4 GHz or 5 GHz SSID 8 / 16Max Throughput 300 / 600 MbpsAntenna/Streams 2x2:2 MIMO Encryption/AuthenticationWEP, WPA-PSK, WPA2-PSK, WPA-PSK Mixed, TKIP, AESWPA2-Enterprise 802.1x,

Integrated AP Controller

Included with 11.7.2 supported on 25 - 2500

Access Point managed with same tools as XTM

Centralized configuration and monitoring

PowerAC Adapter802.3af compliant PoE or Switch

Page 19: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

20

• Unified WLAN and UTM Management • Integrated wired and WLAN security

policies

UTM For Wired and Wireless NetworksSecurity Applied at One Place Across all Devices

Page 20: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

21

WatchGuard UTM FirewallOne Appliance, One Platform, Many Solutions

Extending UTM to all Devices – Wired and Wireless…

Page 21: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

22

Defining Your Relationship to the InternetContext Driven Security Solutions

Page 22: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

23

Users + Applications =

Context

Human Resources Executives Guest

Page 23: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

24

Users + Applications =

Context

Human Resources Executives Guest

Page 24: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

25

Users + Applications =

Context

Page 25: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

26

Users and GroupsActive Directory

Policy based on Microsoft Active Directoryusers and groups.

Different Application Control for Students, Teachers, Administrative Staff etc.

Different Web Browsing Rules for Students, Teachers, Administrative Staff etc.

Page 26: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

27

Applications Understanding DATA FLOW

Page 27: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

28

Page 28: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

29

An Application Proxy

Checks: Source IP, Destination IP, Port, Protocol

If a matching rule (or service) is found:

It opens the packet, reads the data, and if no malicious content is found it forwards the data.

“PROXY FIREWALL TECHNOLOGIES HAVE PROVEN TIME AND AGAIN TO BE MORE SECURE THAN "STATEFUL" FIREWALLS AND WILL PROVE TO BE MORE SECURE THAN "DEEP INSPECTION" FIREWALLS.”

WHAT IS "DEEP INSPECTION"? – MARCUS RANUM

Controlling ApplicationsProxies – Enforcing Protocols / Controlling Data

Page 29: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

31

Game ApplicationsPlug-in Post Video Picture Edit Profile

1,800 Applications

Controlling ApplicationsEvolving Beyond Ports and Protocols – Spotlighting “Normal” Traffic

Page 30: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

32

Controlling Web ContentNot Just Big Brother - Better Security

Database Maintained by WebSense Meeting CIPA requirements 125 Categories *

Proxy Sites, WebMail, P2P,IM,Hacking, Phishing, RDP sites,

SpeedBump or Override Logging and Reporting Safe Search

Page 31: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

33

Signature database updated hourlyLarge DB - 2.5 Million Signatures

Buffered Scanning = Better Catch Rate

Dynamic heuristic analysis uses code emulation to identify polymorphic viruses and malware

Inspection, of compressed files to 5 levels

Controlling Web ContentVirus and Malware distributed via Hijacked Web Sites

Page 32: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

34

Reputation Enabled Defense = RED

Controlling Web ContentHijacked Web Sites - Virus and Malware

Page 33: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

35

Signature Set Covers :– SQL injections, Cross-Site Scripting – (XSS), – buffer overflows, – denial of service, – remote file inclusions.

Auto-Updating

Inspection Applied Across all Traffic FlowsScans all ports and protocols to block network,

application, and protocol-based attacks.

Block = Dynamically add source IP to blocked sites list

Controlling Web ContentIPS - Network Intrusions are Identified and Blocked

Page 34: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

36

Detects IPS / IP and Port Scanning Remembers attackers Shuns known scanners and attackers (low processing

cost)

DETECT

SHUN

Intelligent Layered Security Engine

Behavioral Analysis and ShunningIdentifying Bad Behavior No Matter Where The Bad Guys Are

Page 35: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

37

Securing Data in MotionVPNs to Secure Data and Prevent Snooping

Page 36: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

38

WatchGuard products don’t just defend, they illuminate!

Real-time monitoring tools show user, network, and security events, as they happen—and allow you to take immediate corrective action

Intelligence At Your Finger TipsMonitoring, Alerting , Reporting

Page 37: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

39

Best-in-Class Technology

AntiVirus

URLFiltering

AntiSpam IPS

APPControl

In-house

In-house

In-house

In-house

In-house

In-house In-house

In-house

In-house

In-house

In-house

In-house

In-house

In-house

In-house In-house

In-house

XTM

39 | Confidential

Page 38: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

40

Go with The Smart Firewall!

Page 39: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

41

Who Relies On WatchGuard?

EntertainmentGovernment TransportationFinance & Insurance Health Care Food & Beverage Retail & Services

Air Transport AutomotiveTelecom & ISP Education Manufacturing

Technology

Page 40: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

42

Security Solution Experts – Since 1996

CRN – “Product of the Year”: XCS 370 SC Magazine – “Recommended”: XCS 770 Network Computing – “Product of the Year”: SSL 100

SC Magazine – “Best Buy”: XTM 505

Computing Security – “UTM Solution of the Year” XTM 8 Series

Page 41: WatchGuard: Bring Your Own Device or Bring Your Own Danger

9/10/2013

43

Thank You