FaceTime Web 2.0

1,683 views
1,531 views

Published on

Published in: Business, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,683
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
30
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Facebook. Adding 1000 apps per month; 2000 are messaging related A major investment bank customer of ours estimates over 50% have a facebook acct Bell Canada has over 2000 employees using FaceBook
  • New generation of Internet users are coming into our organization. A recent Survey
  • When speaking to key administrators during the survey the following were of concern: Brand awareness Productivity of Staff – to much social activity Security – backdoor attacks via Malware / Worms – unsecured P2P and IM channels Information Leakage biggest concern
  • Inbound Threats: Productivity Loss Broad new vectors for Malware distribution (Viruses, Worms, Spyware & Rootkits) Outbound Threats: Information Leakage Create holes for corporate & user information leakage Intellectual property loss User privacy concerns Corporate and Regulatory Non – Compliance Exposure : Invisible information channels Legal & Financial Risks
  • Gaps in other security products – talk here
  • FTOS: Purpose built for greynet applications Hardening the Linux shell Regulating the use of ports Preventing remote connections to the OS Greynet Traffic Detection: HTTP and real-time communication applications Detect applications that are port/channel agnostic, tunnel through HTTP, etc. Total visibility of all Internet traffic Policy Enforcement Engine Set, enforce polices and manage access for all channels Set and enforce policies at company, group and user levels for HTTP Centralized Management and Reporting Easy to use browser based management interface for all Internet channels Pre-defined and custom report generation capability Integration with 3rd party reporting applications
  • 09/08/09
  • Port Tunneling Enables the masquerading of IM/P2P traffic over popular protocols such as HTTP, Telnet, FTP which are typically allowed through Firewalls for business applications Application Level Firewalls can perform limited inspection for basic IM and P2P protocols, but keeping up with proprietary implementations is a challenge Random Session Behavior / Port Hopping Exhibit a non-deterministic behavior to bypass access-control policies on traditional security devices that look for applications on “well-known” ports Security administrators need complete knowledge of all the ports on which the application can “hop” over, and keep up with the increasing sophistication of these applications Onion Routing The goal of Onion Routing (OR) is to protect the privacy of the sender and recipient of a message, while also providing protection for message content as it traverses a network. Onion Routing accomplishes this according to the principle of Chaum's Mix Cascades : messages travel from source to destination via a sequence of proxies ("onion routers"), which re-route messages in an unpredictable path. To prevent an adversary from eavesdropping on message content, messages are encrypted between routers. The advantage of Onion Routing (and Mix Cascades in general) is that it is not necessary to trust each cooperating Router; if one or more routers are compromised, anonymous communication can still be achieved. This is due to the fact that each Router in an OR network accepts messages, re-encrypts them, and transmits to another Onion Router. An attacker with the ability to monitor every Onion Router in a network might be able to trace the path of a message through the network, but an attacker with more limited capabilities will have difficulty even if he or she controls one or more Onion Routers on the message's path. Encryption Ensures privacy of message contents between end-points Bypasses traditional security measures
  • Incoming traffic packets are captured and reassembled for further analysis by the Traffic Analyzer. (This part is similar to any network security device) Once reassembled, the traffic goes through the App Dissector Engine – this is our secret sauce. This engine includes two processes: The traffic goes through signature, behavioral and protocol analyses to identify the application. This is where app is identified based on ports/protocols and the behavior it exhibits on the network. Since greynets are highly evasive on the network, a combination of signature and stateful inspection of the traffic is necessary to accurately id the application. For e.g. Skype, a P2P application may use port 80 or any other port. Understanding the behavioral aspect (port hopping, packet alteration/sequencing, etc.). Once the application has been identified, the dissector then identifies the actual activity of the application – whether it is a file transfer happening over IM or just plain IM conversation. This is important as some of the IM apps like MSN use P2P protocol for file transfer – different than the native protocol used for IM conversation. Following the identification of the app activity, the appropriate policy for it is applied based on user that initiated that traffic resulting in allowing (with controls) or blocking the traffic.
  • Incoming traffic packets are captured and reassembled for further analysis by the Traffic Analyzer. (This part is similar to any network security device) Once reassembled, the traffic goes through the App Dissector Engine – this is our secret sauce. This engine includes two processes: The traffic goes through signature, behavioral and protocol analyses to identify the application. This is where app is identified based on ports/protocols and the behavior it exhibits on the network. Since greynets are highly evasive on the network, a combination of signature and stateful inspection of the traffic is necessary to accurately id the application. For e.g. Skype, a P2P application may use port 80 or any other port. Understanding the behavioral aspect (port hopping, packet alteration/sequencing, etc.). Once the application has been identified, the dissector then identifies the actual activity of the application – whether it is a file transfer happening over IM or just plain IM conversation. This is important as some of the IM apps like MSN use P2P protocol for file transfer – different than the native protocol used for IM conversation. Following the identification of the app activity, the appropriate policy for it is applied based on user that initiated that traffic resulting in allowing (with controls) or blocking the traffic.
  • Incoming traffic packets are captured and reassembled for further analysis by the Traffic Analyzer. (This part is similar to any network security device) Once reassembled, the traffic goes through the App Dissector Engine – this is our secret sauce. This engine includes two processes: The traffic goes through signature, behavioral and protocol analyses to identify the application. This is where app is identified based on ports/protocols and the behavior it exhibits on the network. Since greynets are highly evasive on the network, a combination of signature and stateful inspection of the traffic is necessary to accurately id the application. For e.g. Skype, a P2P application may use port 80 or any other port. Understanding the behavioral aspect (port hopping, packet alteration/sequencing, etc.). Once the application has been identified, the dissector then identifies the actual activity of the application Following the identification of the app activity, the appropriate policy for it is applied based on user that initiated that traffic resulting in allowing (with controls) or blocking the traffic.
  • Incoming traffic packets are captured and reassembled for further analysis by the Traffic Analyzer. (This part is similar to any network security device) Once reassembled, the traffic goes through the App Dissector Engine – this is our secret sauce. This engine includes two processes: The traffic goes through signature, behavioral and protocol analyses to identify the application. This is where app is identified based on ports/protocols and the behavior it exhibits on the network. Since greynets are highly evasive on the network, a combination of signature and stateful inspection of the traffic is necessary to accurately id the application. For e.g. Skype, a P2P application may use port 80 or any other port. Understanding the behavioral aspect (port hopping, packet alteration/sequencing, etc.). Once the application has been identified, the dissector then identifies the actual activity of the application – whether it is a file transfer happening over IM or just plain IM conversation. This is important as some of the IM apps like MSN use P2P protocol for file transfer – different than the native protocol used for IM conversation. Following the identification of the app activity, the appropriate policy for it is applied based on user that initiated that traffic resulting in allowing (with controls) or blocking the traffic.
  • BEST PRACTICES DEPLOYMENT 1: Deploy FTEE to ensure compliance and security Guarantee compliance with TrueCompliance TM Stop worms and viruses and block SPIM Stop rogue IM & P2P and block circumvention at the perimeter 2: Monitor and analyze usage patterns Who is using what networks? What features are being used? File transfer, VoIP, app sharing, etc. How much and what P2P usage is going on? 3: Formulate usage policies By user, network and capabilities 4: Implement and enforce policies IMA for logging and audit workflow RTG to control non-compliant use
  • FaceTime Web 2.0

    1. 1. Enable and Secure the New Internet
    2. 2. The Internet has Changed and getting more Complex (from text & file sharing to Unified Communications and Collaboration) Capabilities Network Behavior IM IM Aggregators Public IM VoIP Web Conferencing File Sharing Video Multimedia Text Chat Evasive Good Anonymizers Unified Communications Social Networking
    3. 3. The Social Generation: Networking or Not Working <ul><li>Survey conducted in May/June 2009 </li></ul><ul><li>Focus on Web2.0 with emphasis on social networking </li></ul><ul><li>Target: IT Professionals (Email, Social Networks) </li></ul><ul><li>1199 respondents </li></ul><ul><ul><li>43% represented </li></ul></ul><ul><ul><li>organisations with greater </li></ul></ul><ul><ul><li>than 1000 employees </li></ul></ul><ul><li>65% of respondents use Social Networking at least once or twice per week </li></ul><ul><li>Less than 15% don’t use it at all </li></ul>
    4. 4. Key Findings – your biggest concern <ul><li>Biggest concern is Information Leakage </li></ul>
    5. 5. The Internet has Changed <ul><li>Actual customer traffic history (~80 USGs) </li></ul><ul><ul><li>Representing all Internet activity from over 100K end users </li></ul></ul><ul><li>IT is underestimating application use by employees </li></ul>
    6. 6. Social Networking at Work <ul><li>39% log into Social Networks at least once a day </li></ul><ul><li>But 13% never use sites such as Twitter, Facebook and LinkedIn </li></ul><ul><li>Nearly 40% believe their employees are using Social Networking sites for between 1-5 hours/week </li></ul><ul><li>46% of respondents view Social Networking as having some business value. </li></ul><ul><li>73% view virtual worlds (such as Second Life) as having “no business value” – 58% feel same about IPTV and 45% about iTunes </li></ul>
    7. 7. Concerns and Attitudes about Social Networking <ul><li>It should only be allowed if it can be controlled (43%) </li></ul><ul><li>It is critical to business (3%) </li></ul><ul><li>It should be banned in the workplace (10%) </li></ul><ul><li>Benefits cited </li></ul><ul><li>1. Better employee communications </li></ul><ul><li>2. Faster decision times due to collaboration </li></ul><ul><li>3. Improved marketing communications </li></ul><ul><li>4. Improved customer service and support </li></ul><ul><li>5. Lead generation for sales </li></ul><ul><li>6. Increased productivity </li></ul><ul><li>7. More efficient recruiting </li></ul><ul><li>8. Effective analyst relations </li></ul>
    8. 8. These Applications are Highly Evasive IM Sessions P2P Sessions <ul><li>13 unique networks </li></ul><ul><li>25,000+ connections </li></ul><ul><li>19GB of Traffic </li></ul><ul><li>9 applications </li></ul><ul><li>Nearly 10,000 sessions </li></ul><ul><li>20 GB of Traffic </li></ul><ul><li>Proxy bypass apps </li></ul><ul><li>Goal: Enable ubiquitous access to create a positive end-user experience </li></ul><ul><ul><li>Port Hopping </li></ul></ul><ul><ul><ul><li>Yahoo runs over port 23 when the native port is blocked </li></ul></ul></ul><ul><ul><li>Port/Protocol Tunneling </li></ul></ul><ul><ul><ul><li>MSN/Yahoo/AIM over HTTP, WebEx, etc. </li></ul></ul></ul><ul><ul><li>P2P/Onion Routing </li></ul></ul><ul><ul><ul><li>MSN Peer to Peer for file sharing, Skype/TOR use Onion Routing </li></ul></ul></ul><ul><ul><li>Encryption </li></ul></ul><ul><ul><ul><li>Skype, GoogleTalk, AIM Pro encrypt their payload contents </li></ul></ul></ul><ul><ul><li>Random Session Behavior </li></ul></ul><ul><ul><ul><li>Skype </li></ul></ul></ul>
    9. 9. Which Present Significant Risks When Unmanaged Information Leakage Increasingly Complex Viruses, Malware, SPIM Inappropriate Content Commercially Motivated Intellectual Property Credit Card #, Personal Data, Social Security / NI # Employee Productivity Corporate AUP SEC 17a, FSA, HIPAA, SOX, GLBA, NASD, MiFiD Compliance and eDiscovery Bandwidth Explosion / Cost
    10. 10. Key Requirements for Securing the New Internet <ul><li>Visibility and control of all real-time applications </li></ul><ul><ul><li>Detect and control network evasive applications </li></ul></ul><ul><ul><li>Web, IM, P2P, VoIP, social networks </li></ul></ul><ul><li>Comprehensive malware protection against new threats </li></ul><ul><ul><li>Rootkits, worms, spyware, adware, botnets </li></ul></ul><ul><ul><li>Automated updates and Day Zero capabilities </li></ul></ul><ul><li>Web and URL filtering </li></ul><ul><ul><li>Monitor and control employee web use </li></ul></ul><ul><li>High efficacy with minimal latency </li></ul><ul><li>“ URL Filtering will be cannibalized by a broader Secure Web Gateway Market.” </li></ul><ul><ul><li>- Peter Firstbrook, Gartner, July 2008 </li></ul></ul>“ FaceTime is an outstanding choice for organizations looking for fine-grained Web communication application controls”
    11. 11. Unified Communications Today – Heterogeneous Silos Workspace Client IM Client Email Client VoIP Client Conf Client Identity (Active Directory) Presence Policy Reporting Presence Policy Reporting Presence Policy Reporting Presence Policy Reporting Presence Policy Reporting Ad-hoc
    12. 12. FaceTime’s Vision of Unified Communications Security Presence, Identity & Federation Policy & Management Reporting Compliance
    13. 13. <ul><li>Regulatory Compliance </li></ul><ul><ul><li>NASD, SEC, FERC regulations mandate archiving and review of all communications </li></ul></ul><ul><ul><li>PCI, HIPAA regulations mandate tight control over confidential information </li></ul></ul><ul><li>eDiscovery </li></ul><ul><ul><li>allows all ESI to be discoverable in courts </li></ul></ul><ul><li>Information Control </li></ul><ul><ul><li>Control information flows across myriad channels such as IM, P2P, Web 2.0 </li></ul></ul><ul><ul><li>Enforce communication boundaries in contact centers, on trading desks, etc. </li></ul></ul><ul><li>Security </li></ul><ul><ul><li>Block malware and SpIM especially across multiple channels and federation boundaries </li></ul></ul>“ Must-Have” Requirements for UC and Web 2.0
    14. 14. Key Requirements for Secure Web Gateway <ul><li>Application Control </li></ul><ul><ul><li>Granular, policy-based control of applications, such as IM, P2P, public voice over IP (VoIP), blogs, data-sharing portals, Web conferencing, chat, etc. </li></ul></ul><ul><ul><li>Selectively block or manage features of applications based on numerous policy parameters and the presence of pre-developed policies to simplify deployment. </li></ul></ul><ul><li>URL Filtering </li></ul><ul><ul><li>Databases of known Web sites categorized into groups to enforce acceptable usage and productivity and to reduce security risks. </li></ul></ul><ul><li>Malware Filtering </li></ul><ul><ul><li>Filtering malware from all aspects of inbound and outbound Web traffic using signature-based malware filtering and non-signature-based techniques as well as the range of inspected protocols, ports and traffic types. </li></ul></ul><ul><li>End-point management </li></ul><ul><ul><li>Identification of infected PCs and the infection by name and enable prioritized remediation </li></ul></ul><ul><li>Manageability/Scalability </li></ul><ul><ul><li>Mature management interface, consolidated monitoring and reporting capability, and role-based administration capability. </li></ul></ul>Source: Gartner Secure Web Gateway Magic Quadrant, June 2007
    15. 15. Unified Security Gateway - Secure & Enable the New Internet Unified Comms Web 2.0 URLFiltering Application Control Engine Enablement Visibility, Application Control & Enforcement Malware SocialNets Over 2000 Applications IM P2P Streaming Social Networking. Gateway Prevention Gateway Detection Enterprise class URL database <ul><li>Level 10: </li></ul><ul><li>Extremely dangerous </li></ul>Management and Reporting
    16. 16. <ul><li>Web Filtering & Anti-malware </li></ul><ul><li>Application Control (>2,000 apps) </li></ul><ul><li>Social Networking Control </li></ul><ul><li>UC Enablement: Sec, Mgmt & Compliance </li></ul><ul><li>Granular Policy Control: </li></ul><ul><ul><li>By User / Group </li></ul></ul><ul><ul><li>Time of Day </li></ul></ul><ul><ul><li>Time Quota </li></ul></ul><ul><ul><li>Bandwidth </li></ul></ul>Pass-by Deployment Ensures Zero Latency Unified Security Gateway End Users Egress Switch Internet LDAP/AD Anti-Virus Archiving
    17. 17. USG Architecture – Security and Enablement Pg. <ul><li>SSH Access </li></ul><ul><li>Dedicated Mgmt/Proxy port services </li></ul><ul><li>2/3 Port Options </li></ul><ul><li>Cent OS </li></ul><ul><li>Locked down services </li></ul><ul><li>Common Scripting Attack tested </li></ul><ul><li>High Fidelity Greynet Enforcement and Enablement </li></ul><ul><li>Signature/Behavior based analysis </li></ul><ul><li>Control Clear or Encrypted traffic </li></ul><ul><li>Day Zero, SpIM, Content Filtering </li></ul><ul><li>User/Group level policies with inheritance </li></ul><ul><li>User Authentication </li></ul><ul><li>LDAP integration with auto-synchronization </li></ul>Physical Port Security/Flexibility Hardened FT OS State-of-the-art Application Inspection IM P2P Malware Web Hierarchical User/Group Policy
    18. 18. The USG Family – Small Business to Large Enterprise USG1030 USG220 USG320 USG530 Performance 250 1,000 5,000 Max Users Corporate Headquarters Max Throughput 100Mbps 200Mbps 400Mbps 10,000 600Mbps Small Business & Remote Offices
    19. 19. FaceTime’s Mission Help businesses realize the benefits of The New Internet by delivering enterprise solutions that provide Unified Security, Management and Compliance across the broadest set of applications and modalities. <ul><li>Block worms, viruses, spIM, malware </li></ul><ul><li>Protect intellectual property </li></ul>Security <ul><li>Complete visibility over network traffic </li></ul><ul><li>Apply powerful and granular policies </li></ul>Visibility & Control <ul><li>Tamper-proof archiving and auditing </li></ul><ul><li>Detect and prevent data leakage </li></ul>Compliance
    20. 20. About FaceTime Communications <ul><li>Focus: Secure and Enable the New Internet </li></ul><ul><ul><li>Longest track record in securing Internet apps such as IM, P2P </li></ul></ul><ul><ul><li>Ranked No.1 in IM Security for 5 consecutive years by IDC </li></ul></ul><ul><ul><li>Partner with Microsoft, IBM, Skype, MSN, AOL, Google, Yahoo </li></ul></ul><ul><ul><li>Visionary in Gartner Web Security Quadrant </li></ul></ul><ul><li>Global operations </li></ul><ul><ul><li>USA, EMEA, India, Asia Pacific </li></ul></ul><ul><li>Supporting major global enterprises </li></ul><ul><ul><li>9 of the top 10 US banks </li></ul></ul><ul><ul><li>More than 5m managed users in over 1,500 organizations </li></ul></ul><ul><li>Natural progression to Web 2.0 applications </li></ul><ul><ul><li>From IM & P2P to social networking, microblogging etc. </li></ul></ul><ul><li>FaceTime Security Labs </li></ul><ul><ul><li>8 years experience in real-time applications research </li></ul></ul><ul><ul><li>Widest coverage available for Internet applications </li></ul></ul>
    21. 21. FaceTime is Mission Critical for Today’s Enterprises Over 1,500 customers and 7+ Million seats deployed Financial Services & Insurance Manufacturing & Consumer Technology & Telecommunications Energy & Healthcare
    22. 22. Thank you.
    23. 23. Real Time Communications Applications – Masters of Evasive Techniques <ul><li>Goal: Enable ubiquitous access to create a positive end-user experience </li></ul><ul><li>Methods (exhibited by most real-time applications): </li></ul><ul><ul><li>Port Hopping </li></ul></ul><ul><ul><ul><li>Exhibit a non-deterministic behavior by altering application port usage </li></ul></ul></ul><ul><ul><ul><li>Bypass access-control policies that look for applications on “well-known” ports </li></ul></ul></ul><ul><ul><ul><li>Examples: Yahoo runs over port 23 when the native port is blocked </li></ul></ul></ul><ul><ul><li>Port/Protocol Tunneling </li></ul></ul><ul><ul><ul><li>Masquerade IM/P2P traffic over common protocols such as HTTP, FTP </li></ul></ul></ul><ul><ul><ul><li>Examples: MSN/Yahoo/AIM over HTTP, WebEX, etc. </li></ul></ul></ul><ul><ul><li>P2P/Onion Routing </li></ul></ul><ul><ul><ul><li>Enables pseudonymous (or anonymous) communication </li></ul></ul></ul><ul><ul><ul><li>Messages travel from source to destination via a sequence of proxies (&quot;onion routers&quot;), which re-route encrypted messages in an unpredictable path </li></ul></ul></ul><ul><ul><ul><li>Examples: MSN Peer to Peer for file sharing, Skype/TOR use Onion Routing </li></ul></ul></ul><ul><ul><li>Encryption </li></ul></ul><ul><ul><ul><li>Prevents content visibility and control </li></ul></ul></ul><ul><ul><ul><li>Examples: Skype, GoogleTalk, AIM Pro encrypt their payload contents </li></ul></ul></ul><ul><ul><li>Random Session Behavior </li></ul></ul><ul><ul><ul><li>Alters anticipated session content information such as payload/packet size/rate </li></ul></ul></ul><ul><ul><ul><li>Examples: Skype </li></ul></ul></ul>
    24. 24. USG: Purpose-built for the New Internet Identification Inspection Enablement Application Control Engine™ Application Identification Uses well-defined port/ protocol for IM Application Activity User traffic For User: Joe in Sales Allow only native MSN & within IM allow only PDF file transfers after AV scanning However, uses P2P protocol for file transfer within IM Policy Enforcement & Logging Packet Assembly Granular Policy Control Application Activity Identifier Signature Analysis Behavioral Analysis Port/Protocol Analysis
    25. 25. USG: Management, Security & Compliance For Greynets <ul><li>Web Filtering </li></ul><ul><li>Support for 3 URL databases </li></ul><ul><li>Integration with AD & LDAP </li></ul><ul><li>Role Based Access Control </li></ul><ul><ul><li>Policies at global, group, user levels </li></ul></ul><ul><li>Pre-defined and custom reports </li></ul><ul><li>Reporting and integration with 3 rd party reporting apps </li></ul><ul><li>Malware Control </li></ul><ul><li>Day Zero worm blocking </li></ul><ul><li>Enhanced SPIM blocking and challenge/response capabilities </li></ul><ul><li>Real-time content leakage prevention </li></ul><ul><li>Targeted remediation of infected endpoints </li></ul><ul><li>AV scanning of file transfers </li></ul><ul><li>Standardization on EIM/UC </li></ul><ul><li>Archival & Compliance </li></ul><ul><li>Selective or global archival of messages and files in database </li></ul><ul><li>Full Capture of Meta Data and Rich Text </li></ul><ul><li>Full binary message capture </li></ul><ul><li>Message anti-tampering checksums </li></ul><ul><li>Easy identification and retrieval of specific IM conversations </li></ul><ul><li>Strict archiving into email/WORM storage </li></ul><ul><li>Rich reporting and workflow, including audit reports </li></ul><ul><li>Application Control </li></ul><ul><li>Support for 600+ greynet applications </li></ul><ul><li>Management of OCS & Sametime </li></ul><ul><li>Granular controls for Skype </li></ul><ul><li>Integration with AD & LDAP </li></ul><ul><li>Role Based Access Control </li></ul><ul><ul><li>Policies at global, group, user levels </li></ul></ul><ul><li>Group level ethical boundaries </li></ul><ul><li>File transfer restrictions </li></ul>Web Filtering Malware Control Application Control Archival & Compliance
    26. 26. USG: Optimized For Skype Identification Inspection Enablement Application Identification Port hopping Random session behavior Application Activity User traffic For User: John in Marketing Allow Skype only for users in marketing group Policy Enforcement & Logging Greynet Dissector Packet Assembly Granular Policy Control Application Activity Identifier Signature Analysis Behavioral Analysis Port/Protocol Analysis Identify users
    27. 27. USG: Optimized For Greynets – Public IM Application Identification Uses well-defined port/ protocol for IM Application Activity User traffic For User: Joe in Sales Allow only native MSN & within IM allow only PDF file transfers after AV scanning However, uses P2P protocol for file transfer within IM Policy Enforcement & Logging Identification Inspection Enablement Greynet Dissector Packet Assembly Granular Policy Control Application Activity Identifier Signature Analysis Behavioral Analysis Port/Protocol Analysis
    28. 28. Granular Policy and Reporting <ul><li>Enhanced Policy Framework </li></ul><ul><ul><li>Policy Objects </li></ul></ul><ul><ul><ul><li>Create a policy once, apply it many times to Groups/Employees </li></ul></ul></ul><ul><ul><li>Time of Day Policies </li></ul></ul><ul><ul><ul><li>Block all IM, P2P and Web access for the “Entertainment” and “Sports” categories except during lunch hours from Monday to Friday </li></ul></ul></ul><ul><ul><li>Time based User Quotas </li></ul></ul><ul><ul><ul><li>Allow access to Proxy IM, and Web traffic for only X hours per week </li></ul></ul></ul><ul><ul><li>Bandwidth based User Quotas </li></ul></ul><ul><ul><ul><li>Allow access to Passby IM, P2P, Greynet and Web traffic as long as traffic is within the bounds specified by IT </li></ul></ul></ul><ul><li>Enhanced reporting </li></ul><ul><ul><li>Browse time reports for URL Filtering </li></ul></ul><ul><ul><li>Sorting reports by Hits and Byte Counts </li></ul></ul><ul><ul><li>Central Aggregation of reporting data from multiple geo-diverse USGs </li></ul></ul>
    29. 29. Example Policies for Internet Apps Application / Policy Allow/ Block Groups Content Control Time of Day Quota Max Bandwidth MSN Allow ALL AV, ILP, Logging ALL ALL ALL GoogleTalk Allow LEGAL AV, ILP, Logging 8am - 6pm All ALL All other IM Block NONE N/A N/A N/A N/A Skype Allow SALES N/A ALL ALL 1% BitTorrent Allow IT N/A ALL 4 hours 2% All other P2P Block NONE N/A N/A N/A N/A IPTV Block NONE N/A N/A N/A N/A Anonymisers Block NONE N/A N/A N/A N/A Webex Allow ALL N/A 8am - 6pm 4 hours 2% All other Web Conf Block NONE N/A N/A N/A N/A
    30. 30. Unified Security Gateway Deployment Topology Unified Security Gateway LDAP WORM Archive Policies Audit DMZ Egress Switch FaceTime Security Labs <ul><li>Block Unauthorized IM/P2P </li></ul><ul><li>Gateway Malware Prevention </li></ul><ul><li>Web Filtering </li></ul><ul><li>IM Security & Compliance </li></ul><ul><li>User Policy Enforcement </li></ul><ul><li>Logging & Auditing </li></ul><ul><li>Greynet Protocols </li></ul><ul><li>Malware Signatures </li></ul><ul><li>Auto Updates of Greynets Database </li></ul>P2P LAN/WAN Perimeter Internet Public IM! Spyware/ Adware Unauthorized Public IM VoIP http://badurl.com/ Network Greynet Database Enterprise IM

    ×