Index•Why we need Watch Guard?•Network diagram•Security Solution•Logs and report
Companies Increasingly “Like” Social Media Robert Half Technology. “SOCIAL WORK? More Companies Permit Social Networking on the Job”. May 26, 2011. Retrieved from: http://rht.mediaroom.com/2011SocialMediaPolicies
Users and Applications are Outof Control! 1. Retrieved from: http://www.allfacebook.com/facebook-games-statistics-2010-09 2. Retrieved from http://www.freemusictodownload.eu/p2p-statistics.html 3. Sources: X-Force, Websense, Whitehat Security, Imperva, 7Scan
You Can’t Control What You Can’t See • Traditional port-based firewalls lack the ability to see, let alone control, many apps • Productivity Loss • Bandwidth-hungry apps slow networks • Data Loss / Attack Vector • Social networks breed a culture of trust • Rife with technical vulnerabilities
WatchGuard Solves Your Problem See the Restrict Enable secure applications in unproductive, & productive use on your insecure & business use of network bandwidth applications draining usage
How WatchGuard Solves Your Problem Identification, control, and reporting on 1800+ applications and sub-functions Applications easy to find – organized by category and searchable by query Broad and granular control of applications Integration with firewall policy table
Network Visibility is Essential• Rich reporting on App usage, users, categories, blocked applications, top clients, and more!
Intuitive Organization SimplifiesYour Workflow• Find applications by category (e.g. Social Network) OR• Query search by application name (e.g. Facebook)
Security Your Way – BroadControl• Establish policy broadly across application category
Security Your Way – GranularControl • Exercise control by user, category, application, & application sub-function
Why WatchGuard Wins with Application Control vs. Palo Alto vs. Fortinet vs. Cisco vs. SonicWall Networks• 1800 applications vs. • WatchGuard has • Application rules • Part of UTM bundle 1200 for Fortinet Application Control; integrated with main (AV, spamBlocker, etc.)• Ease of configuration Cisco ASA does not! policy table • 1800 applications vs. (search; rules for • Application Control 1300 for PaloAlto multiple applications) ease of use (e.g. • Application Control in• Integrated application search) appliance line, reporting including tabletops Watch Application Control Video http://www.watchguard.com/latest/appcontrol-demo.asp
XTM Defense-In-Depth InActionWatchGuard vs. Web 2.0 Security Issues • Snags malware, scareware, spyware and GAV malicious scripts IPS • Prevents drive-by-download attacks • Cloud-based service protects you from RED legitimate sites infected with malware • Enables granular control by user, group, or Application IP; and separate control over actions for Control view, post, chat, apps, games, and video
Cornerstone – The ApplicationProxyPacket Reassembly – since 1996 An Application Proxy checks Source IP, Destination IP, Port, Protocol If a matching rule (or service) is found: The proxy then performs deep inspection on the content of the packet, including application layer data.This is the key to finding threats that OTHER FIREWALLS MISS!
Fireware XTM: Making the Most ofYour Network QoS and Traffic Shaping • High-priority traffic gets bandwidth • Low-priority traffic gets available bandwidth Multi-WAN Support • Up to 4 WAN connections supported • Traffic can use multiple WAN connections simultaneously or on a failover VPN Failover • Mission-critical VPN traffic keeps flowing if a remote site becomes unavailable • Traffic automatically fails-over to another gateway IPv6 Readiness • IPv6 Ready Gold Logo validates IPv6 routing • All XTM appliances will support IPv6
Managing XTM Solutions:FlexibilityChoose from three user interface options: Administer your way Command Line Interface WatchGuard Systems Manager Interface Web Interface
Suite of tabbed tools deliverManaging XTM Solutions: Real- information needed to monitor and react to network status Take instant remediativeTime Visibility action, such as adding a site to a blocked sites list Real-time monitoring lets you take instant action to protect your network.
XTM Multi-Box ManagementSaves Time Simultaneously manage from 2 to 100’s of boxes. Implementing the WatchGuard solution was a breeze. The policy setting and system configuration is easy Align security policies across because it is all very an organization – or apply logical and modifications between boxes straightforward. Francis Lim, IT Manager, Eurokars Group
Securely Connecting Users:VPN• Create VPN by simple drag and drop• Connect any location with Internet access• Select from IPSec, SSL, PPTP• Choose your device: laptop, smartphone, tablet• Define flexible rules to restrict data access to authorized individuals only• Use client or clientless options I can’t remember the last time I had to call someone with a security problem. With WatchGuard, we are always connected. Lucas Goh, Head of IT Operations for Asia, Berg Propulsion
What is “Next- Generation”? “Firewalls need to evolve to be more proactive in blocking new threats, such as botnets and targeted attacks. Enterprises need to update their network firewall and intrusion prevention capabilities to protect business systems as attacks get more sophisticated.”(XTM = Next-Generation UTM) “XTM platforms will takesecurity appliances beyond traditional boundaries byvastly expanding security features, networking capabilitiesand management flexibility.”
Industry-Leading Value “The company is strong, the products able, and the pricing can’t be beat.” Source: Info-Tech Research Group. Vendor Landscape: Unified Threat Management. August 2011.
Why WatchGuard Wins vs. Palo Alto vs. Fortinet vs. Cisco vs. SonicWall Networks• General purpose CPU • Application Control • Simpler admin. task • Gateway AntiVirus beats ASIC for security • HTTPS inspection flows detects malware in all• Real-time visibility • Tightly integrated • Application Control compressed file tools security services ease of use (e.g. formats• 65 bundled reports • UTM performance search) • Email security and anti- vs. only 2 • 2.5 million AV spam capabilities • Simple VPN setup• Multi-WAN signatures vs 25,000 • Comprehensive • Model upgrades by appliance line,• Traffic shaping license key including tabletops• VPN setup wizard Watch Video Comparisons http://www.watchguard.com/latest/us-vs-them.asp
Moving Security Forward withWatchguard XTM • “Best-in-class” security for comprehensive protection • Recognized security “Trend Setter”, industry “Champion”, and “Leader” • 65 reports included at no extra cost • Real-time monitoring • Intuitive set-up wizards • Multi-WAN support • Market-leading value
Why we need Watch guard•Manage users to access internet.•Filtering content and url of the website.•Filtering by keyword•Filtering and inspect HTTPS.•Web blocker has over 54 categories for IT manager to manage theinternet access.•Report and logs all content accessed by users.•Secure e-mail and web access.•Can be integrated to the Domain controller to apply the policy to manageusers. Watchguard is not only a simple firewall but also it is a good tools for IT Manager to manage their network.
WatchGuard: Industry LeaderGartnerNamed “Leader” in Magic QuadrantMultifunction FirewallsIDC“WatchGuard, one of the first securityappliance vendors, will remain aleader in this market going forward.”Frost & Sullivan“WatchGuard is on its track ofbecoming a major participant in theenterprise-UTM market.”“Measurements have indicated thatWatchGuard has chipped away the marketshare formally held by Fortinet, Cisco, andJuniper.”
WatchGuard XTM Series: Unified Threat Management Sized for small businesses to the enterprise All-in-one network security Firewall Integrated with Advance networking features SSL and IPSec VPN (MUVPN/BOVPN) Reputation Enabled Defense (Cloud Security Services) WebBlocker (including full HTTPS inspection) SpamBlocker Gateway Anti-Virus/Intrusion Prevention Services Application Control (More than 1800 signatures!) Three management interfaces–console, web UI, CLI Reporting and real-time monitoring–at no extra cost Model-upgradeable within each series
WatchGuard XTM 5 Series Recommended for main offices/ headquarters with up to 1,500 users Performance driven security for growing mid-size businesses Up to 2.3 Gbps firewall throughput Full HTTPS inspection and VoIP support. Model-upgradeable
Logs and reports• Watchguard does not keep the logs and reports in the samebox.•Watchguard recommends customer to use another computerrunning Win XP to install logs and report managementsoftware to run as Report and Logs server.• This idea is really good for customer to manage and backupthe logs and report information.• Log information could be stored for many years.
Gain Visibility. Gain Insight. Gain Control.WatchGuard Application Control Thank You!