Watchguard security proposal 2012

Security Proposalfor your network

Index

•Why we need Watch Guard?•Network diagram•Security Solution•Logs and report

Companies Increasingly “Like” Social Media

Robert Half Technology. “SOCIAL WORK? More Companies Permit Social Networking on the Job”. May 26, 2011. Retrieved from: http://rht.mediaroom.com/2011SocialMediaPolicies

Users and Applications are Out of Control!

1. Retrieved from: http://www.allfacebook.com/facebook-games-statistics-2010-092. Retrieved from http://www.freemusictodownload.eu/p2p-statistics.html3. Sources: X-Force, Websense, Whitehat Security, Imperva, 7Scan

Social Networks Threaten Productivity

You Can’t Control What You Can’t See• Traditional port-based firewalls lack the ability to

see, let alone control, many apps• Productivity Loss

• Bandwidth-hungry apps slow networks

• Data Loss / Attack Vector• Social networks breed a culture of trust• Rife with technical vulnerabilities

WatchGuard Solves Your Problem

See the applications in

use on your network

Enable secure & productive

business use of applications

Restrict unproductive,

insecure & bandwidth

draining usage

How WatchGuard Solves Your Problem

Identification, control, and reporting on 1800+ applications and sub-functions

Applications easy to find – organized by category and searchable by query

Broad and granular control of applications

Integration with firewall policy table

Network Visibility is Essential• Rich reporting on App usage, users, categories, blocked

applications, top clients, and more!

Intuitive Organization Simplifies Your Workflow

• Find applications by category (e.g. Social Network) OR• Query search by application name (e.g. Facebook)

Security Your Way – Broad Control• Establish policy broadly across application category

Security Your Way – Granular Control

• Exercise control by user, category, application, &application sub-function

Why WatchGuard Wins with Application Control

vs. Fortinet

• 1800 applications vs. 1200 for Fortinet

• Ease of configuration (search; rules for multiple applications)

• Integrated application reporting

vs. Cisco

• WatchGuard has Application Control; Cisco ASA does not!

vs. SonicWall

• Application rules integrated with main policy table

• Application Control ease of use (e.g. search)

vs. Palo Alto Networks

• Part of UTM bundle (AV, spamBlocker, etc.)

• 1800 applications vs. 1300 for PaloAlto

• Application Control in appliance line, including tabletops

Watch Application Control Video http://www.watchguard.com/latest/appcontrol-demo.asp

XTM Defense-In-Depth In ActionWatchGuard vs. Web 2.0 Security Issues

• Snags malware, scareware, spyware and malicious scriptsGAV

• Prevents drive-by-download attacksIPS

• Cloud-based service protects you from legitimate sites infected with malwareRED

• Enables granular control by user, group, or IP; and separate control over actions for view, post, chat, apps, games, and video

Application Control

An Application Proxy checks Source IP, Destination IP, Port, Protocol

If a matching rule (or service) is found:

The proxy then performs deep inspection on the content of the packet, including application layer data.

Cornerstone – The Application ProxyPacket Reassembly – since 1996

This is the key to finding threats that OTHER FIREWALLS MISS!

Fireware XTM: Making the Most of Your Network

QoS and Traffic Shaping• High-priority traffic gets bandwidth• Low-priority traffic gets available bandwidth

Multi-WAN Support• Up to 4 WAN connections supported• Traffic can use multiple WAN connections

simultaneously or on a failover

VPN Failover• Mission-critical VPN traffic keeps flowing if a remote

site becomes unavailable• Traffic automatically fails-over to another gateway

IPv6 Readiness• IPv6 Ready Gold Logo validates IPv6 routing• All XTM appliances will support IPv6

Command Line Interface

Choose from three user interface options: Administer your way

Managing XTM Solutions: Flexibility

WatchGuard Systems Manager Interface

Web Interface

Managing XTM Solutions: Real-Time Visibility

Real-time monitoring lets you take instant action to protect your network.

Take instant remediativeaction, such as adding a site to a blocked sites list

Suite of tabbed tools deliver information needed to monitor

and react to network status

XTM Multi-Box Management Saves Time

Simultaneously manage from 2 to 100’s of boxes.

Implementing the WatchGuard solution was a breeze. The policy setting and system configuration is easy because it is all very logical and straightforward.Francis Lim, IT Manager, EurokarsGroup

Align security policies across an organization – or apply

modifications between boxes

I can’t remember the last time I had to call someone with a security problem. With WatchGuard, we are always connected.Lucas Goh, Head of IT Operations for Asia, Berg Propulsion

Securely Connecting Users: VPN• Create VPN by simple drag and drop• Connect any location with Internet access• Select from IPSec, SSL, PPTP• Choose your device: laptop, smartphone, tablet• Define flexible rules to restrict data access to

authorized individuals only• Use client or clientless options

What is “Next-Generation”?

(XTM = Next-Generation UTM) “XTM platforms will take security appliances beyond traditional boundaries by vastly expanding security features, networking capabilities and management flexibility.”

“Firewalls need to evolve to be more proactive in blocking new threats, such as botnets and targeted attacks. Enterprises need to update their network firewall and intrusion prevention capabilities to protect business systems as attacks get more sophisticated.”

Next-Generation Security Solutions

LiveSecurity®LiveSecurity®

Application ControlApplication Control

Intrusion Prevention ServiceIntrusion Prevention Service

Gateway AntiVirusGateway AntiVirus

Reputation Enabled Defense (RED)Reputation Enabled Defense (RED)

WebBlockerWebBlocker

spamBlockerspamBlocker

Next-Generation

FirewallBundle

Security Bundle

Best-In-Class Security

Source: 2011 Infonetics, 3Q11 Network Security Appliance and Software Worldwide and Regional Market Share.

XTM Performance & Value = Market Leadership

$0 $2,000,000 $4,000,000 $6,000,000 $8,000,000 $10,000,000 $12,000,000 $14,000,000 $16,000,000 $18,000,000 $20,000,000

Cisco

Fortinet

McAfee

SonicWall

Check Point

WatchGuard

Cisco Fortinet McAfee SonicWall Check Point WatchGuardMarket Share Q3 2011 $8,332,580 $10,575,907 $11,366,568 $13,537,362 $12,743,382 $17,306,073

Market Share Q3 2011

Industry-Leading Value“The company is strong, the products able, and the pricing can’t be beat.”

Source: Info-Tech Research Group. Vendor Landscape: Unified Threat Management. August 2011.

Why WatchGuard Wins vs. Fortinet

• General purpose CPU beats ASIC for security

• Real-time visibility tools

• 65 bundled reports vs. only 2

• Multi-WAN• Traffic shaping• VPN setup wizard

vs. Cisco

• Application Control• HTTPS inspection• Tightly integrated

security services• UTM performance• Simple VPN setup

vs. SonicWall

• Simpler admin. task flows

• Application Control ease of use (e.g. search)

• 2.5 million AV signatures vs 25,000

• Model upgrades by license key

vs. Palo Alto Networks

• Gateway AntiVirus detects malware in all compressed file formats

• Email security and anti-spam capabilities

• Comprehensive appliance line, including tabletops

Watch Video Comparisons http://www.watchguard.com/latest/us-vs-them.asp

Moving Security Forward with Watchguard XTM

• “Best-in-class” security for comprehensive protection• Recognized security “Trend Setter”, industry “Champion”,

and “Leader”• 65 reports included at no extra cost• Real-time monitoring• Intuitive set-up wizards • Multi-WAN support• Market-leading value

Why we need Watch guard•Manage users to access internet.•Filtering content and url of the website.•Filtering by keyword•Filtering and inspect HTTPS.•Web blocker has over 54 categories for IT manager to manage the internet access.•Report and logs all content accessed by users.•Secure e-mail and web access.•Can be integrated to the Domain controller to apply the policy to manage users.

Watchguard is not only a simple firewall but also it is a good tools for IT Manager to manage their network.

E-mail security

Network and user management.

Watchguard XTM features

Application control

Watchguard – integated solutions.

Protects networks by integrating best-in-class security technologies that enable businesses to manage risks,

empower people and improve efficiencies.

Watchguard XTM features

WatchGuard: Industry LeaderGartnerNamed “Leader” in Magic Quadrant Multifunction FirewallsIDC“WatchGuard, one of the first security appliance vendors, will remain a leader in this market going forward.”Frost & Sullivan“WatchGuard is on its track of becoming a major participant in the enterprise-UTM market.”“Measurements have indicated that WatchGuard has chipped away the market share formally held by Fortinet, Cisco, and Juniper.”

VPN

SSLIPSEC

Stateful Firewall

Deep Packet

Inspection

Layered Security

Content Security

Reputation Enabled DefenseGateway AntivirusIntrusion

PreventionSpam

ProtectionURL

FilteringApplication

Control

Centralized Management

Rich ReportingReal-Time Monitoring

WatchGuard Extensible Threat Management

Defense-in-Depth — XTM

WatchGuard XTM Series: Unified Threat Management

Sized for small businesses to the enterpriseAll-in-one network securityFirewall Integrated with Advance networking featuresSSL and IPSec VPN (MUVPN/BOVPN)Reputation Enabled Defense (Cloud Security Services)WebBlocker (including full HTTPS inspection)SpamBlockerGateway Anti-Virus/Intrusion Prevention ServicesApplication Control (More than 1800 signatures!)Three management interfaces–console, web UI, CLIReporting and real-time monitoring–at no extra costModel-upgradeable within each series

WatchGuard XTM 5 SeriesRecommended for main offices/ headquarters with up to 1,500 usersPerformance driven security for growing mid-size businessesUp to 2.3 Gbps firewall throughputFull HTTPS inspection and VoIP support.Model-upgradeable

Logs and reports

• Watchguard does not keep the logs and reports in the same box. •Watchguard recommends customer to use another computer running Win XP to install logs and report management software to run as Report and Logs server.• This idea is really good for customer to manage and backup the logs and report information.• Log information could be stored for many years.

Gain Visibility.

Gain Insight.

Gain Control.

WatchGuard Application Control

Thank You!