watchguard: bring your own device or bring your own danger
DESCRIPTION
The BYOD Trend. Find out how to embrace employee devices while protecting your network from threats. Review top strategies for embracing BYOD while managing risks, compliance, and end-user needs. Roeing Corporation & WatchGuard presentation, September 2013.TRANSCRIPT
9/10/2013
1
Bring Your Own Device or Bring Your Own Danger
How BYOD is Overwhelming the Corporate Network
9/10/2013
2
Bring Your Own……Device, App, Phone, PC, X (whatever)
9/10/2013
3
C Level PerkWith a “Just Make It Work” Deployment Strategy….
9/10/2013
4
BYOD Adoption Driven by EmployeesConsumerism Driving IT Strategies
9/10/2013
5
By 2017 the Number of Connected Devices
Mobile-connected tablets will generate more traffic in 2017 than the entire global mobile network in 2012.
The average smartphone will generate 2.7 GB of traffic per month in 2017, an 8-fold increase over the 2012
9/10/2013
6
Management of BYODTwo Areas of Focus
Device Management - MDMApplications Management - MAM A Secure Eco System
9/10/2013
7
Management of DevicePolicy… What's Acceptable, Training - Certified Users
Passwords .. 70% of Phones don’t have them
Encryption.. 22% of us lose phones
Remote Wipe …Exchange – use Active Synch
VPNs.. For Accessing Corporate Networks , DATA in Motion and Preventing Snooping on Open Networks
AV / Malware Protection… specific for mobile devices.. AVG, Kaspersky, Lookout
Apps from Trusted Sources.. Well know stores and know your Apps
Know Your App– Have users review App settings before accepting
Device Management - MDMApplications Management - MAM
9/10/2013
8
Management of Security Eco System
Security Across all Devices…. Wired and Wireless
VPN.. Secure Data in Motion
App Control .. Control Apps That Users Access
Content Control.. Manage Websites / Avoid Hijacked sites
AV.. Scan Downloads
IPS.. Block Known Attacks
Report log activities.. See What's Going On
9/10/2013
9
The Convergence of Wired and Wireless Networks
Requires the Controlling of Apps and Content – Blocking of Viruses and Malware
9/10/2013
10
BYOD AdoptionWill Overwhelm Current WIFI Network Infrastructure
“By 2015, 80% of newly installed wire- less networks will be obsolete because of a lack
of proper planning.”
Paul DeBeasi, Gartner®, October 2011
9/10/2013
11
Ratio of Users to Networked Devices Is ChangingWireless Mobility = More Devices, Many More
1 user = Laptop, Tablet, Smart Phone
+Wireless Printers, Scanner, Projectors, Cameras.
Etc.
500 user business could increase devices by a minimum of 3x = 1500 devices
Without Proper Planning,Enterprises Deploying iPadsWill Need 300% More Wi-Fi
Tim Zimmerman (Gartner), October 2011
9/10/2013
12
BYOD Applications Are Always ONControlling Applications key to controlling Corporate Wifi
“For end-users selecting WiFi over cellular for the majority of their data consumption is an important consideration for staying within the limits of their cellular data plans”
Cisco Visusl Networking Index, Global Mobile Data Traffic Forcast Update, 2012 - 2017
9/10/2013
14
Application Management Social Networking - Becomes a Business Tool
• Used to Build Brand Awareness• Offer Better Customer Support• Directed Campaigns• Employee Recruitment Tool
9/10/2013
15
Application ManagementData Leakage Prevention - Compliancy – HIPA / PCI
46% of companies that permit BYOD reported experiencing a data or security breach as a result of an employee-owned device accessing the corporate network Mobile Consumerization Trends&PerceptionsIT Executive and CEOSurvey
9/10/2013
16
Application ManagementNetwork Performance and Intellectual Property
RE: Unauthorized Distribution of a Copyrighted HBO Television Program We are writing this letter on behalf of Home Box Office, Inc. ("HBO").We have received information leading us to believe that an individual has utilized the below-referenced IP address at the noted date and time to offer downloads of copyrighted television program(s) through a "peer-to-peer" service.The distribution of unauthorized copies of copyrighted television programs constitutes copyright infringement under the Copyright Act, Title 17 United States Code Section 106(3). Since you own the below-referenced IP address, we request that you immediately do the following:1) Disable access to the individual who has engaged in the conduct described above; and/or2) Take other appropriate action against the account holder under your Abuse Policy/Terms of Service Agreement.
9/10/2013
17
UTM For Wired and Wireless NetworksSecurity Applied at One Place Across all Devices
9/10/2013
18
WatchGuard Access PointAt The Convergence of Wired and Wireless Networks
9/10/2013
19
Smart Wireless SecuritySecurity Applied at One Place Across all Devices
AP 100 / 200Radios 1 /2Available Bands 2.4 GHz or 5 GHz SSID 8 / 16Max Throughput 300 / 600 MbpsAntenna/Streams 2x2:2 MIMO Encryption/AuthenticationWEP, WPA-PSK, WPA2-PSK, WPA-PSK Mixed, TKIP, AESWPA2-Enterprise 802.1x,
Integrated AP Controller
Included with 11.7.2 supported on 25 - 2500
Access Point managed with same tools as XTM
Centralized configuration and monitoring
PowerAC Adapter802.3af compliant PoE or Switch
9/10/2013
20
• Unified WLAN and UTM Management • Integrated wired and WLAN security
policies
UTM For Wired and Wireless NetworksSecurity Applied at One Place Across all Devices
9/10/2013
21
WatchGuard UTM FirewallOne Appliance, One Platform, Many Solutions
Extending UTM to all Devices – Wired and Wireless…
9/10/2013
22
Defining Your Relationship to the InternetContext Driven Security Solutions
9/10/2013
23
Users + Applications =
Context
Human Resources Executives Guest
9/10/2013
24
Users + Applications =
Context
Human Resources Executives Guest
9/10/2013
25
Users + Applications =
Context
9/10/2013
26
Users and GroupsActive Directory
Policy based on Microsoft Active Directoryusers and groups.
Different Application Control for Students, Teachers, Administrative Staff etc.
Different Web Browsing Rules for Students, Teachers, Administrative Staff etc.
9/10/2013
27
Applications Understanding DATA FLOW
9/10/2013
28
9/10/2013
29
An Application Proxy
Checks: Source IP, Destination IP, Port, Protocol
If a matching rule (or service) is found:
It opens the packet, reads the data, and if no malicious content is found it forwards the data.
“PROXY FIREWALL TECHNOLOGIES HAVE PROVEN TIME AND AGAIN TO BE MORE SECURE THAN "STATEFUL" FIREWALLS AND WILL PROVE TO BE MORE SECURE THAN "DEEP INSPECTION" FIREWALLS.”
WHAT IS "DEEP INSPECTION"? – MARCUS RANUM
Controlling ApplicationsProxies – Enforcing Protocols / Controlling Data
9/10/2013
31
Game ApplicationsPlug-in Post Video Picture Edit Profile
1,800 Applications
Controlling ApplicationsEvolving Beyond Ports and Protocols – Spotlighting “Normal” Traffic
9/10/2013
32
Controlling Web ContentNot Just Big Brother - Better Security
Database Maintained by WebSense Meeting CIPA requirements 125 Categories *
Proxy Sites, WebMail, P2P,IM,Hacking, Phishing, RDP sites,
SpeedBump or Override Logging and Reporting Safe Search
9/10/2013
33
Signature database updated hourlyLarge DB - 2.5 Million Signatures
Buffered Scanning = Better Catch Rate
Dynamic heuristic analysis uses code emulation to identify polymorphic viruses and malware
Inspection, of compressed files to 5 levels
Controlling Web ContentVirus and Malware distributed via Hijacked Web Sites
9/10/2013
34
Reputation Enabled Defense = RED
Controlling Web ContentHijacked Web Sites - Virus and Malware
9/10/2013
35
Signature Set Covers :– SQL injections, Cross-Site Scripting – (XSS), – buffer overflows, – denial of service, – remote file inclusions.
Auto-Updating
Inspection Applied Across all Traffic FlowsScans all ports and protocols to block network,
application, and protocol-based attacks.
Block = Dynamically add source IP to blocked sites list
Controlling Web ContentIPS - Network Intrusions are Identified and Blocked
9/10/2013
36
Detects IPS / IP and Port Scanning Remembers attackers Shuns known scanners and attackers (low processing
cost)
DETECT
SHUN
Intelligent Layered Security Engine
Behavioral Analysis and ShunningIdentifying Bad Behavior No Matter Where The Bad Guys Are
9/10/2013
37
Securing Data in MotionVPNs to Secure Data and Prevent Snooping
9/10/2013
38
WatchGuard products don’t just defend, they illuminate!
Real-time monitoring tools show user, network, and security events, as they happen—and allow you to take immediate corrective action
Intelligence At Your Finger TipsMonitoring, Alerting , Reporting
9/10/2013
39
Best-in-Class Technology
AntiVirus
URLFiltering
AntiSpam IPS
APPControl
In-house
In-house
In-house
In-house
In-house
In-house In-house
In-house
In-house
In-house
In-house
In-house
In-house
In-house
In-house In-house
In-house
XTM
39 | Confidential
9/10/2013
40
Go with The Smart Firewall!
9/10/2013
41
Who Relies On WatchGuard?
EntertainmentGovernment TransportationFinance & Insurance Health Care Food & Beverage Retail & Services
Air Transport AutomotiveTelecom & ISP Education Manufacturing
Technology
9/10/2013
42
Security Solution Experts – Since 1996
CRN – “Product of the Year”: XCS 370 SC Magazine – “Recommended”: XCS 770 Network Computing – “Product of the Year”: SSL 100
SC Magazine – “Best Buy”: XTM 505
Computing Security – “UTM Solution of the Year” XTM 8 Series
9/10/2013
43
Thank You