Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

WatchGuard: Bring Your Own Device or Bring Your Own Danger


Published on

The BYOD Trend. Find out how to embrace employee devices while protecting your network from threats. Review top strategies for embracing BYOD while managing risks, compliance, and end-user needs.

Roeing Corporation & WatchGuard presentation, September 2013.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

WatchGuard: Bring Your Own Device or Bring Your Own Danger

  1. 1. 9/26/2013 1 Bring Your Own Device or Bring Your Own Danger How BYOD is Overwhelming the Corporate Network
  2. 2. 9/26/2013 2 Bring Your Own…… Device, App, Phone, PC, X (whatever)
  3. 3. 9/26/2013 3 C Level Perk With a “Just Make It Work” Deployment Strategy….
  4. 4. 9/26/2013 4 BYOD Adoption Driven by Employees Consumerism Driving IT Strategies
  5. 5. 9/26/2013 5 By 2017 the Number of Connected Devices Mobile-connected tablets will generate more traffic in 2017 than the entire global mobile network in 2012. The average smartphone will generate 2.7 GB of traffic per month in 2017, an 8-fold increase over the 2012
  6. 6. 9/26/2013 6 Management of BYOD Two Areas of Focus Device Management - MDM Applications Management - MAM A Secure Eco System
  7. 7. 9/26/2013 7 Management of Device Policy… What's Acceptable, Training - Certified Users Passwords .. 70% of Phones don’t have them Encryption.. 22% of us lose phones Remote Wipe …Exchange – use Active Synch VPNs.. For Accessing Corporate Networks , DATA in Motion and Preventing Snooping on Open Networks AV / Malware Protection… specific for mobile devices.. AVG, Kaspersky, Lookout Apps from Trusted Sources.. Well know stores and know your Apps Know Your App– Have users review App settings before accepting Device Management - MDM Applications Management - MAM
  8. 8. 9/26/2013 8 Management of Security Eco System Security Across all Devices…. Wired and Wireless VPN.. Secure Data in Motion App Control .. Control Apps That Users Access Content Control.. Manage Websites / Avoid Hijacked sites AV.. Scan Downloads IPS.. Block Known Attacks Report log activities.. See What's Going On
  9. 9. 9/26/2013 9 The Convergence of Wired and Wireless Networks Requires the Controlling of Apps and Content – Blocking of Viruses and Malware
  10. 10. 9/26/2013 10 BYOD Adoption Will Overwhelm Current WIFI Network Infrastructure
  11. 11. 9/26/2013 11 Ratio of Users to Networked Devices Is Changing Wireless Mobility = More Devices, Many More 1 user = Laptop, Tablet, Smart Phone + Wireless Printers, Scanner, Projectors, Cameras. Etc. 500 user business could increase devices by a minimum of 3x = 1500 devices Without Proper Planning, Enterprises Deploying iPads Will Need 300% More Wi-Fi Tim Zimmerman (Gartner), October 2011
  12. 12. 9/26/2013 12 BYOD Applications Are Always ON Controlling Applications key to controlling Corporate Wifi “For end-users selecting WiFi over cellular for the majority of their data consumption is an important consideration for staying within the limits of their cellular data plans” Cisco Visusl Networking Index, Global Mobile Data Traffic Forcast Update, 2012 - 2017
  13. 13. 9/26/2013 14 Application Management Social Networking - Becomes a Business Tool • Used to Build Brand Awareness • Offer Better Customer Support • Directed Campaigns • Employee Recruitment Tool
  14. 14. 9/26/2013 15 Application Management Data Leakage Prevention - Compliancy – HIPA / PCI 46% of companies that permit BYOD reported experiencing a data or security breach as a result of an employee-owned device accessing the corporate network Mobile Consumerization Trends&Perceptions IT Executive and CEOSurvey
  15. 15. 9/26/2013 16 Application Management Network Performance and Intellectual Property RE: Unauthorized Distribution of a Copyrighted HBO Television Program We are writing this letter on behalf of Home Box Office, Inc. ("HBO"). We have received information leading us to believe that an individual has utilized the below-referenced IP address at the noted date and time to offer downloads of copyrighted television program(s) through a "peer-to-peer" service. The distribution of unauthorized copies of copyrighted television programs constitutes copyright infringement under the Copyright Act, Title 17 United States Code Section 106(3). Since you own the below-referenced IP address, we request that you immediately do the following: 1) Disable access to the individual who has engaged in the conduct described above; and/or 2) Take other appropriate action against the account holder under your Abuse Policy/Terms of Service Agreement.
  16. 16. 9/26/2013 17 UTM For Wired and Wireless Networks Security Applied at One Place Across all Devices
  17. 17. 9/26/2013 18 WatchGuard Access Point At The Convergence of Wired and Wireless Networks
  18. 18. 9/26/2013 19 Smart Wireless Security Security Applied at One Place Across all Devices AP 100 / 200 Radios 1 /2 Available Bands 2.4 GHz or 5 GHz SSID 8 / 16 Max Throughput 300 / 600 Mbps Antenna/Streams 2x2:2 MIMO Encryption/Authentication WEP, WPA-PSK, WPA2-PSK, WPA-PSK Mixed, TKIP, AES WPA2-Enterprise 802.1x, Integrated AP Controller Included with 11.7.2 supported on 25 - 2500 Access Point managed with same tools as XTM Centralized configuration and monitoring Power AC Adapter 802.3af compliant PoE or Switch
  19. 19. 9/26/2013 20 • Unified WLAN and UTM Management • Integrated wired and WLAN security policies UTM For Wired and Wireless Networks Security Applied at One Place Across all Devices
  20. 20. 9/26/2013 21 WatchGuard UTM Firewall One Appliance, One Platform, Many Solutions Extending UTM to all Devices – Wired and Wireless…
  21. 21. 9/26/2013 22 Defining Your Relationship to the Internet Context Driven Security Solutions
  22. 22. 9/26/2013 23 Users + Applications = Context Human Resources Executives Guest
  23. 23. 9/26/2013 24 Users + Applications = Context Human Resources Executives Guest
  24. 24. 9/26/2013 25 Users + Applications = Context
  25. 25. 9/26/2013 26 Users and Groups Active Directory Policy based on Microsoft Active Directory users and groups. Different Application Control for Students, Teachers, Administrative Staff etc.Different Web Browsing Rules for Students, Teachers, Administrative Staff etc.
  26. 26. 9/26/2013 27 Applications Understanding DATA FLOW
  27. 27. 9/26/2013 28
  28. 28. 9/26/2013 29 An Application Proxy Checks: Source IP, Destination IP, Port, Protocol If a matching rule (or service) is found: It opens the packet, reads the data, and if no malicious content is found it forwards the data. Controlling Applications Proxies – Enforcing Protocols / Controlling Data
  29. 29. 9/26/2013 31 Game Applications Plug-in Post Video Picture Edit Profile 1,800 Applications Controlling Applications Evolving Beyond Ports and Protocols – Spotlighting “Normal” Traffic
  30. 30. 9/26/2013 32 Controlling Web Content Not Just Big Brother - Better Security  Database Maintained by WebSense  Meeting CIPA requirements  125 Categories * Proxy Sites, WebMail, P2P,IM,Hacking, Phishing, RDP sites,  SpeedBump or Override  Logging and Reporting  Safe Search
  31. 31. 9/26/2013 33 Signature database updated hourly Large DB - 2.5 Million Signatures Buffered Scanning = Better Catch Rate Dynamic heuristic analysis uses code emulation to identify polymorphic viruses and malware Inspection, of compressed files to 5 levels Controlling Web Content Virus and Malware distributed via Hijacked Web Sites
  32. 32. 9/26/2013 34 Reputation Enabled Defense = RED Controlling Web Content Hijacked Web Sites - Virus and Malware
  33. 33. 9/26/2013 35 Signature Set Covers : – SQL injections, Cross-Site Scripting – (XSS), – buffer overflows, – denial of service, – remote file inclusions. Auto-Updating Inspection Applied Across all Traffic Flows Scans all ports and protocols to block network, application, and protocol-based attacks. Block = Dynamically add source IP to blocked sites list Controlling Web Content IPS - Network Intrusions are Identified and Blocked
  34. 34. 9/26/2013 36  Detects IPS / IP and Port Scanning  Remembers attackers  Shuns known scanners and attackers (low processing cost) DETECT SHUN Intelligent Layered Security Engine Behavioral Analysis and Shunning Identifying Bad Behavior No Matter Where The Bad Guys Are
  35. 35. 9/26/2013 37 Securing Data in Motion VPNs to Secure Data and Prevent Snooping
  36. 36. 9/26/2013 38  WatchGuard products don’t just defend, they illuminate!  Real-time monitoring tools show user, network, and security events, as they happen—and allow you to take immediate corrective action Intelligence At Your Finger Tips Monitoring, Alerting , Reporting
  37. 37. 9/26/2013 39 Best-in-Class Technology Anti Virus URL Filtering Anti Spam IPS APP Control In-house In-house In-house In-house In-house In-house In-house In-house In-house In-house In-house In-house In-house In-house In-house In-house In-house XTM 39 | Confidential
  38. 38. 9/26/2013 40 Go with The Smart Firewall!
  39. 39. 9/26/2013 41 Who Relies On WatchGuard? EntertainmentGovernment Transportation Finance & Insurance Health Care Food & Beverage Retail & Services Air Transport AutomotiveTelecom & ISP Education Manufacturing Technology
  40. 40. 9/26/2013 42 Security Solution Experts – Since 1996 – – – – –
  41. 41. 9/26/2013 43 Thank You