WatchGuard Technologies Stefan Schuchert Territory Sales Manager Germany West WatchGuard Technologies Inc.

Größe: px
Ab Seite anzeigen:

Download "WatchGuard Technologies Stefan Schuchert Territory Sales Manager Germany West WatchGuard Technologies Inc."


1 WatchGuard Technologies Stefan Schuchert Territory Sales Manager Germany West WatchGuard Technologies Inc. phone: +49 (2324) mobile: +49 (177) mail to:

2 About WatchGuard Founded in 1996 privately held Firewall appliance pioneer HQ in Seattle, WA, 400+ employees globally 600,000+ appliances shipped to business customers worldwide 100% channel 15,000 partners in 120 countries Pioneered FIRST security appliance FIRST to integrate proxy-based packet inspection on an appliance FIRST to incorporate UTM capabilities in a single appliance Acquired Borderware & launched XCS FIRST UTM to offer cloud-based defense (RED) Launched Application Control LEADER in Gartner MQ LEADER in Gartner MQ second year running Info-Tech UTM and SSL Champion and Visionary

3 A Trend Setter and Industry Champion The Info-Tech UTM Vendor Landscape: Champions receive high scores for most evaluation criteria and offer excellent value. They have a strong market presence and are usually the trend setters for the industry. Source: Info-Tech Research Group. Vendor Landscape: Unified Threat Management.. August 2011

4 Businesses Have Complex Security Needs Enforce Policy Simplify Security Protect Data Secure Wireless & Remote Networking Broad Security Needs - Varying Budgets & Facilities

5 Cornerstone The Application Proxy Packet Reassembly since 1996 An Application Proxy checks Source IP, Destination IP, Port, Protocol If a matching rule (or service) is found: The proxy then performs deep inspection on the content of the packet, including application layer data. This is the key to finding threats that OTHER FIREWALLS MISS!

6 Defense-in-Depth WatchGuard XTM VPN SSL IPSEC Stateful Firewall Layered Security Deep Packet Inspection Proxy Inspection Centralized Management Rich Reporting Real-Time Monitoring Content Security Reputation Enabled Defense Gateway Antivirus Intrusion Prevention Spam Protection URL Filtering Application Control

7 Sicher Smarte Verteidigung gegen aktuelle und zukünftige Bedrohungen 1.Effektiv: Reputation Enabled Defense, der präzise und umfassende Schutz vor Bedrohungen mit Performance Boost 2.Innovativ: Stoppt Bedrohungen der nächsten generation HTTPS inspection, VoIP security, and application proxies 3. Umfassend: Mehrschichtiger Schutz blockt bekannte und unklare Angriffe

8 The Policy Challenge Businesses need to define, enforce, and audit security, yet many lack clearly defined security policies. Pain points Dynamic environment (new apps, devices, etc.) Regulatory compliance; meeting business objectives for security and acceptable use Visibility and forensics; pinpointing attempted or actual violations

9 Policy Made Easy Define Enforce Audit

10 Nicht nur verteidigen.

11 Bedrohungen werden Sichtbar Beleuchten, nicht nur verteidigen 1. Intuitiv: Host Watch, wer mit was, Verbindungen grafisch dargestellt 2. Echtzeit: Traffic Monitor, live scrolling log display, zeigt Ereignisse, wenn sie passieren 3. Umfassend: Mehr als 50 verschiedene Reports für interessierte Kreise 4. Individuell: Web Services API ermöglichen den Report, den Sie brauchen erstellbar mit externen Reporting Tools

12 Defining a Next Generation Firewall (NGFW): An NGFW is an enterprise-class, high-performance gateway security appliance that provides top-of-the-line firewalling, intrusion prevention, and application control. Standard Firewall capabilities: Packet filtering, network address translation (NAT), stateful protocol inspection, Virtual Private Networking Application Awareness and Control - Exercise finegrained control over more than 1,800 applications, organized by category. Signatures cover a broad range of threats, including SQL injections, cross-site scripting (XSS), buffer overflows, denial of service, and remote file inclusions. Additional Intelligence: Directory integration to tie security policies to users and groups; cloud-based reputation services to stop traffic from dangerous sources

13 Why an NGFW? Large, complex organizations demand high-speed, always-on networks that: Secure corporate Internet traffic against hackers, malware, network attacks, intrusion attempts, data theft, and other cybercrime. Connect offices, remote and virtual employees. Provide real-time and historical visibility into network, security, and user events. Allow visibility and fine-tuned control at the application level.

14 NGFW Application Control Präzise Kontrolle über mehr als Anwendungen, nach Kategorie organisiert Mit über Signaturen und fortschrittlichen Verhaltensanalysen werden unabhängig von der Zieladresse oder dem L7-Protokoll Anwendungen identifiziert, die versuchen, in Ihr Netzwerk einzudringen, einschließlich verschlüsselt Reporting Out of the Box Real-Time Reporting und Monitoring sind inklusive. Mit über 60 verschiedenen Reports entfällt die zusätzliche Anschaffung von 3rd Party Tools für die Auswertung. Keine zusätzlichen Kosten

15 NGFW Reputation Enabled Defense Reputation Enabled Defense ermöglicht eine sichere Internetnutzung durch eine Reputationskontrolle, mit der URLs als gut, schlecht oder unbekannt eingestuft werden. Die Einstufung stützt sich auf eine leistungsstarke, cloud-basierte Reputationsdatenbank, die Daten aus verschiedenen Feeds, einschließlich branchenführender Anti-Virus-Engines, sammelt. URLs, deren Reputation eindeutig schlecht ist, werden sofort geblockt. Kontinuierliche Updates der Reputationsdatenbank gewährleisten einen ständig aktualisierten Stand mit dynamischen Web-Inhalten und sich ändernden Web-Konditionen für einen Echtzeitschutz ohne Wartezeiten durch stündliche oder tägliche Updates. Reputationswerte werden für bestimmte URLs festgelegt, und nicht nur für Seiten oder IP-Adressen. Mit Reputation Enabled Defense können die üblichen Einsparungen bei der zusätzlichen Webverarbeitung 30 bis 50 % betragen

16 Leistungsoptimiert XTM Durchsatz macht den Unterschied 1. XTM Performance: Sicherheit ohne Kompromisse 2. Reputation Enabled Defense schafft Raum für Durchsatz RED Zone Leistungssteigerung durch Reputation enabled Defense

17 NGFW Logging und Reporting Umfassende Logging und Reporting Funktionen erlauben es in Echtzeit den Status und das Verhalten des Netzwerks zu analysieren und darzustellen. Mehr als 50 Reports stehen zur Verfügung Ein offener Webservice Dienst biete die Möglichkeit das Logging und Reporting in eigene Webanwendungen des Kunden einzubinden. Keine zusätzlichen Lizenzkosten

18 Bridge Mode vs. Routed Mode Routed Mode Klassischer Firewall Modus Zonen: Trusted, External, Optional Brigde Mode Transparent im Netzwerk Layer2 Firewall Monitoring

19 XTMv Securing Virtual Infrastructure Positioning/Key Messages Leading UTM/NGFW features and services in virtual infrastructure Easy to download, enable and deploy Leverages vsphere flexibility and availability Multiple models for organizations of all sizes with in-place upgrades Accelerate trials and proofs-of-concept Targets Campuses, cloud/hosting, branch consolidation Per-customer, -department, or -app deployment

20 Next-Generation Security Formidable Performance at Each Price Point Firewall/VPN XTM 8 Series XTM 1050 XTM 2050 XCS 1170 Performance XTM 2 Series XTM 3Series XTM 5 Series XCS 570 XCS 770R XCS 970 XCS 170 XCS 370 Content Security Small Business 1-50 Users Users Midsize Business Service Providers/Headquarters Users 500-1,000 Users 1,000+ Users

21 Hardware Platfroms XTM2 Series For small offices, branch offices and wireless hotspots 195 Mbps XTM throughput 40 Mbps XTM throughput 55 Mbps VPNthroughput Concurrent connections 6 Interface Ports: 3 GbE + 3 FE

22 Hardware Platfroms XTM3 Series For small businesses, branch offices and wireless hotspots 850 Mbps Firewall throughput 70 Mbps XTM throughput 150 Mbps VPN throughput Concurrent connections 50 Branch Office VPN tunnels 55 max Mobile VPN tunnels 7 / 6 Interface Ports: 7(6) GbE

23 Hardware Platfroms XTM5 Series For small businesses, branch offices and wireless hotspots 2.3 Gbps Firewall throughput 800 Mbps XTM throughput 750 Mbps VPN throughput Concurrent connections 600 Branch Office VPN tunnels max Mobile VPN tunnels 7 Interface Ports: 6 GbE + 1 FE

24 Hardware Platfroms XTM8 Series For small businesses, branch offices and wireless hotspots 5 Gbps Firewall throughput 1.6 Gbps XTM throughput 1.7 Gbps VPN throughput Concurrent connections Branch Office VPN tunnels 10 Interface Ports: 7(6) GbE 4 Fibre Ports (optional)

25 Hardware Platfroms XTM 1050/2050 Enterprises, corporate anduniversity campuses, MSSPs 20 Gbps Firewall throughput Up to 10 Gbps XTM throughput 1.7 Gbps VPN throughput Concurrent connections Branch Office VPN tunnels 16 Interface Ports: 16 GbE 2 Fibre Ports

26 Introducing the new XCS Series: Extensible Content Security highlights Powerful anti spam Blocks 98% of spam with 99.9% accuracy inbound and outbound content scanning, threat prevention, and policy enforcement Clustering and queue replication Zero messages lost Privacy and compliance encryption Predefined compliance dictionaries

27 WatchGuard XCS Available in 7 Models WatchGuard XCS 170, 370 SMB Any company needing strong anti-spam WatchGuard XCS 570, 770, 770R, 970, 1170 MSSP & Data Center Retail (PCI Compliance) Education: Large School Systems Healthcare: HIPAA compliance Finance & Banking: GLB, SOX compliance Government: Federal, State and local

28 Data-In-Motion Accounts for 83% of Data Leakage has become the de facto filing system for nearly all corporate information, making it even more critical to protect the outbound flow of messages. 80% of all DLP issues relate to sensitive data being lost across SMTP ( ) and HTTP (Web).

29 Data Loss Prevention Is A Top Security Priority April 2009 Risks 3:5 firms experience a data loss or theft event 1 9:10 data loss or theft events go unreported 1 1:5 employees have ed confidential data from their corporate account to a personal one Dell + Ponemon Survey

30 The Cost of a Data Loss Incident $6.6 million US per breach Negative PR Brand erosion Lost consumer confidence Lost business partner confidence Regulatory fines Stock market loss Legal fees Implementation of internal processes Can your organization afford a data loss incident?

31 Incidents By Data Type CCN = Credit Card Numbers SSN = Social Security Numbers NAA = Names and/or Addresses EMA = Addresses MISC = Miscellaneous MED = Medical ACC = Financial Account Information DOB = Date of Birth FIN = Financial Information SSN 34% DOB 8% CCN 8% MISC 7% ACC 5% NAA 38% Source: DatalossDB

32 All Businesses Are Victims of Data Loss Source: DatalossDB

33 Data Loss Resulting From Internal Sources Source: DatalossDB

34 Encryption 2011 WatchGuard Technologies

35 Everyday Messages Contain Private Data Privacy Compliance Sensitive Information Confidential Data Intellectual Property Attachment Risk Mandated Third Party Security Security Prudence

36 Encryption Use Cases Business Processes Operations, finance, legal, M&A and HR Sales, purchase orders, quotes and invoices Compliance PCI, HIPAA, EU Directive, GLBA, PIPA 3 rd party communications

37 Why Encryption Isn t Used By Everyone

38 Secure Made Easy With XCS Secur Encryption Provides easy-to-use, transparent encryption to enable organizations to securely transmit and receive private and sensitive information Available as an add-on with all WatchGuard XCS appliances, and is tightly integrated within the product to enable instant-on security for confidential, regulated, and business-prudent information Effective tool to help you achieve and maintain regulatory compliance and enforce best-practice protection, without disrupting your business

39 Powered by Next-Generation Identity-Based Encryption Technology Uses simple identity - an address as sender and recipient address as the keys in a public/private key pair IBE can use any arbitrary string as a public key, enabling data to be protected without the need for certificates Protection is provided by a key server that controls the mapping of identities to decryption keys Provides greater ease of implementation and management Eliminates complexity of encryption techniques that rely on long, randomly generated keys that must be mapped to identities using digitally-signed documents, called certificates

40 Transparent, Policy-Based Encryption With XCS Secur Encryption Automates encryption Encrypt based on policies: Content Header Subject Line Trigger Sender / Recipient User, Group or Domain Keywords/RegEx Attachment Type Attachment Content Senders do not need to make policy decisions. Encryption is handled consistently. Accelerates compliance initiatives.

41 WatchGuard XCS Secur Encryption Subscription

42 The Simplified Recipient Experience

43 One-Time Recipient Registration & Verification Process If this is the first encrypted message received by the recipient, he/she is prompted to register with the Secur service to create an account and establish a password. Recipient must respond to a verification message before being able to open the encrypted message.

44 Verification of Recipient Identity Recipient s must type their password to verify their identity Once authenticated, the secure message is decrypted and displayed.

45 Simple External Recipient Experience Simple ad-hoc usage no pre-enrollment 100% push delivery method Single HTML message envelope format Sent to existing mailbox Open in browser no client software to install Messages are not stored and do not expire

46 Secure Replies & Forwards m Recipients can securely reply to or forward encrypted messages within the same webbased service that allows them to read the encrypted message. Click Reply Type the reply, and click Send Secure. An encrypted reply is sent to the sender of the original encrypted message.

47 Simplest Mobile Experience Reader app to decrypt Auto decrypt on open This is a secure, encrypted message. Secure replies and forwards Usability optimized for smart phone To view this secure message: Desktop users Open the attachment (message_zdm.html) and follow the Download link instructions. in secure message envelope BlackBerry users Install the Voltage Secur for BlackBerry application. Other mobile users Forward this message to: and check your inbox for a link to view the message. App freely available for external recipients Simpler decryption for external mobile recipients. Business will not be disrupted. Recipients will not become frustrated.

48 Cross Platform Forward-and-Decrypt Service Recipient clicks on Other Mobile Users link in notification message The message is forwarded to ZDM Proxy address at Secur cloud The recipient receives a new message with a link to the secure message Mobile recipients will always be able to decrypt messages. Business will not be disrupted.

49 Every Element is Fully Brandable Allows for unique brand reinforcement of encrypted , ZDM download pages, and notifications This is a secure, encrypted message. To view this secure message: Desktop users Open the attachment (message_zdm.html) and follow the instructions. BlackBerry users Install the Voltage Secur for BlackBerry application. Other mobile users Forward this message to: and check your inbox for a link to view the message. Subscribers can use their own corporate logo WatchGuard logo is the default if the customer does not purchase a branding subscription Ability to customize graphics, borders, fonts, colors, text and links Promotes corporate brand recognition. Reinforces trust and goodwill with recipients.

50 Finally Encryption Made Easy! WatchGuard Provides a Single, Integrated Solution Easiest User Experience No client or plug-in required No certificates No recipient admin-rights needed Easiest Deployment Seamlessly integrated within WatchGuard XCS appliances for instant-on use Proven Millions of encrypted messages sent per month Worldwide adoption

51 Fragen?

52 Thank You!