WatchGuard: Bring Your Own Device or Bring Your Own Danger
Download as PPTX, PDF0 likes2,484 views
This document discusses the challenges of Bring Your Own Device (BYOD) programs for corporate networks. It notes that BYOD is being driven by employees and consumerism, but can overwhelm network infrastructure and security if not properly managed. The document recommends using mobile device management (MDM) and mobile application management (MAM) to implement policies for passwords, encryption, remote wiping of lost devices, and VPN access. It also suggests controlling applications, websites, and malware/viruses to secure data across wired and wireless networks through a unified threat management (UTM) firewall that applies security policies consistently to all devices.
WatchGuard: Bring Your Own Device or Bring Your Own Danger
- 1. 9/26/2013 1 Bring Your Own Device or Bring Your Own Danger How BYOD is Overwhelming the Corporate Network
- 2. 9/26/2013 2 Bring Your Own…… Device, App, Phone, PC, X (whatever)
- 3. 9/26/2013 3 C Level Perk With a “Just Make It Work” Deployment Strategy….
- 4. 9/26/2013 4 BYOD Adoption Driven by Employees Consumerism Driving IT Strategies
- 5. 9/26/2013 5 By 2017 the Number of Connected Devices Mobile-connected tablets will generate more traffic in 2017 than the entire global mobile network in 2012. The average smartphone will generate 2.7 GB of traffic per month in 2017, an 8-fold increase over the 2012
- 6. 9/26/2013 6 Management of BYOD Two Areas of Focus Device Management - MDM Applications Management - MAM A Secure Eco System
- 7. 9/26/2013 7 Management of Device Policy… What's Acceptable, Training - Certified Users Passwords .. 70% of Phones don’t have them Encryption.. 22% of us lose phones Remote Wipe …Exchange – use Active Synch VPNs.. For Accessing Corporate Networks , DATA in Motion and Preventing Snooping on Open Networks AV / Malware Protection… specific for mobile devices.. AVG, Kaspersky, Lookout Apps from Trusted Sources.. Well know stores and know your Apps Know Your App– Have users review App settings before accepting Device Management - MDM Applications Management - MAM
- 8. 9/26/2013 8 Management of Security Eco System Security Across all Devices…. Wired and Wireless VPN.. Secure Data in Motion App Control .. Control Apps That Users Access Content Control.. Manage Websites / Avoid Hijacked sites AV.. Scan Downloads IPS.. Block Known Attacks Report log activities.. See What's Going On
- 9. 9/26/2013 9 The Convergence of Wired and Wireless Networks Requires the Controlling of Apps and Content – Blocking of Viruses and Malware
- 10. 9/26/2013 10 BYOD Adoption Will Overwhelm Current WIFI Network Infrastructure
- 11. 9/26/2013 11 Ratio of Users to Networked Devices Is Changing Wireless Mobility = More Devices, Many More 1 user = Laptop, Tablet, Smart Phone + Wireless Printers, Scanner, Projectors, Cameras. Etc. 500 user business could increase devices by a minimum of 3x = 1500 devices Without Proper Planning, Enterprises Deploying iPads Will Need 300% More Wi-Fi Tim Zimmerman (Gartner), October 2011
- 12. 9/26/2013 12 BYOD Applications Are Always ON Controlling Applications key to controlling Corporate Wifi “For end-users selecting WiFi over cellular for the majority of their data consumption is an important consideration for staying within the limits of their cellular data plans” Cisco Visusl Networking Index, Global Mobile Data Traffic Forcast Update, 2012 - 2017
- 13. 9/26/2013 14 Application Management Social Networking - Becomes a Business Tool • Used to Build Brand Awareness • Offer Better Customer Support • Directed Campaigns • Employee Recruitment Tool
- 14. 9/26/2013 15 Application Management Data Leakage Prevention - Compliancy – HIPA / PCI 46% of companies that permit BYOD reported experiencing a data or security breach as a result of an employee-owned device accessing the corporate network Mobile Consumerization Trends&Perceptions IT Executive and CEOSurvey
- 15. 9/26/2013 16 Application Management Network Performance and Intellectual Property RE: Unauthorized Distribution of a Copyrighted HBO Television Program We are writing this letter on behalf of Home Box Office, Inc. ("HBO"). We have received information leading us to believe that an individual has utilized the below-referenced IP address at the noted date and time to offer downloads of copyrighted television program(s) through a "peer-to-peer" service. The distribution of unauthorized copies of copyrighted television programs constitutes copyright infringement under the Copyright Act, Title 17 United States Code Section 106(3). Since you own the below-referenced IP address, we request that you immediately do the following: 1) Disable access to the individual who has engaged in the conduct described above; and/or 2) Take other appropriate action against the account holder under your Abuse Policy/Terms of Service Agreement.
- 16. 9/26/2013 17 UTM For Wired and Wireless Networks Security Applied at One Place Across all Devices
- 17. 9/26/2013 18 WatchGuard Access Point At The Convergence of Wired and Wireless Networks
- 18. 9/26/2013 19 Smart Wireless Security Security Applied at One Place Across all Devices AP 100 / 200 Radios 1 /2 Available Bands 2.4 GHz or 5 GHz SSID 8 / 16 Max Throughput 300 / 600 Mbps Antenna/Streams 2x2:2 MIMO Encryption/Authentication WEP, WPA-PSK, WPA2-PSK, WPA-PSK Mixed, TKIP, AES WPA2-Enterprise 802.1x, Integrated AP Controller Included with 11.7.2 supported on 25 - 2500 Access Point managed with same tools as XTM Centralized configuration and monitoring Power AC Adapter 802.3af compliant PoE or Switch
- 19. 9/26/2013 20 • Unified WLAN and UTM Management • Integrated wired and WLAN security policies UTM For Wired and Wireless Networks Security Applied at One Place Across all Devices
- 20. 9/26/2013 21 WatchGuard UTM Firewall One Appliance, One Platform, Many Solutions Extending UTM to all Devices – Wired and Wireless…
- 21. 9/26/2013 22 Defining Your Relationship to the Internet Context Driven Security Solutions
- 22. 9/26/2013 23 Users + Applications = Context Human Resources Executives Guest
- 23. 9/26/2013 24 Users + Applications = Context Human Resources Executives Guest
- 24. 9/26/2013 25 Users + Applications = Context
- 25. 9/26/2013 26 Users and Groups Active Directory Policy based on Microsoft Active Directory users and groups. Different Application Control for Students, Teachers, Administrative Staff etc.Different Web Browsing Rules for Students, Teachers, Administrative Staff etc.
- 27. 9/26/2013 28
- 28. 9/26/2013 29 An Application Proxy Checks: Source IP, Destination IP, Port, Protocol If a matching rule (or service) is found: It opens the packet, reads the data, and if no malicious content is found it forwards the data. Controlling Applications Proxies – Enforcing Protocols / Controlling Data
- 29. 9/26/2013 31 Game Applications Plug-in Post Video Picture Edit Profile 1,800 Applications Controlling Applications Evolving Beyond Ports and Protocols – Spotlighting “Normal” Traffic
- 30. 9/26/2013 32 Controlling Web Content Not Just Big Brother - Better Security Database Maintained by WebSense Meeting CIPA requirements 125 Categories * Proxy Sites, WebMail, P2P,IM,Hacking, Phishing, RDP sites, SpeedBump or Override Logging and Reporting Safe Search
- 31. 9/26/2013 33 Signature database updated hourly Large DB - 2.5 Million Signatures Buffered Scanning = Better Catch Rate Dynamic heuristic analysis uses code emulation to identify polymorphic viruses and malware Inspection, of compressed files to 5 levels Controlling Web Content Virus and Malware distributed via Hijacked Web Sites
- 32. 9/26/2013 34 Reputation Enabled Defense = RED Controlling Web Content Hijacked Web Sites - Virus and Malware
- 33. 9/26/2013 35 Signature Set Covers : – SQL injections, Cross-Site Scripting – (XSS), – buffer overflows, – denial of service, – remote file inclusions. Auto-Updating Inspection Applied Across all Traffic Flows Scans all ports and protocols to block network, application, and protocol-based attacks. Block = Dynamically add source IP to blocked sites list Controlling Web Content IPS - Network Intrusions are Identified and Blocked
- 34. 9/26/2013 36 Detects IPS / IP and Port Scanning Remembers attackers Shuns known scanners and attackers (low processing cost) DETECT SHUN Intelligent Layered Security Engine Behavioral Analysis and Shunning Identifying Bad Behavior No Matter Where The Bad Guys Are
- 35. 9/26/2013 37 Securing Data in Motion VPNs to Secure Data and Prevent Snooping
- 36. 9/26/2013 38 WatchGuard products don’t just defend, they illuminate! Real-time monitoring tools show user, network, and security events, as they happen—and allow you to take immediate corrective action Intelligence At Your Finger Tips Monitoring, Alerting , Reporting
- 37. 9/26/2013 39 Best-in-Class Technology Anti Virus URL Filtering Anti Spam IPS APP Control In-house In-house In-house In-house In-house In-house In-house In-house In-house In-house In-house In-house In-house In-house In-house In-house In-house XTM 39 | Confidential
- 38. 9/26/2013 40 Go with The Smart Firewall!
- 39. 9/26/2013 41 Who Relies On WatchGuard? EntertainmentGovernment Transportation Finance & Insurance Health Care Food & Beverage Retail & Services Air Transport AutomotiveTelecom & ISP Education Manufacturing Technology
- 40. 9/26/2013 42 Security Solution Experts – Since 1996 – – – – –
Editor's Notes
- #6: http://www.itpro.co.uk/645598/smart-devices-to-outnumber-humans-by-2017http://www.cisco.com/en/US/solutions/collateral/ns341/ns525/ns537/ns705/ns827/white_paper_c11-520862.pdf
- #8: http://usatoday30.usatoday.com/tech/news/story/2012-03-22/lost-phones/53707448/1you should install apps only from trusted sources, like the Google Android Market or the Amazon Appstore for Android Read permissions – SMS Don’t install New apps -
- #10: http://en.wikipedia.org/wiki/Wireless_LAN_Security
- #11: http://searchconsumerization.techtarget.com/news/2240118466/BYOD-strains-corporate-wireless-network-bandwidthhttp://www.muniwireless.com/2011/10/25/why-hotel-wifi-is-being-crushed-by-ipads-and-what-to-do-about-it/http://www.nytimes.com/2011/10/25/business/ipads-change-economics-and-speed-of-hotel-wi-fi-on-the-road.html?_r=2&nl=todaysheadlines&emc=tha26&
- #13: http://www.cisco.com/en/US/solutions/collateral/ns341/ns525/ns537/ns705/ns827/white_paper_c11-520862.pdfhttp://www.idgglobalsolutions.com/idg-mobile-survey-2012
- #15: http://socialmediatoday.com/SMC/200535?utm_source=Webbiquity
- #16: App control a part of DLPhttp://www.databreaches.net/?p=24437http://www.trendmicro.com/cloud-content/us/pdfs/business/white-papers/wp_decisive-analytics-consumerization-surveys.pdfNearly half of companies that permit BYOD reported experiencing a data or security breach as a result of an employee-owned device accessing the corporate network (46.5%).
- #18: http://en.wikipedia.org/wiki/Wireless_LAN_Security
- #22: WG = NGFW+ (All the features required by “NG” firewall and more). Fully configurable to provide the right security for your environment. The WG approach is included on all of our devices. Gartner defines Next generation to have: AV, IPS, Statefull Inspection, Support 1,000 + Users, Support Inline mode
- #29: http://gizmodo.com/5813875/what-happens-in-60-seconds-on-the-internetApplications that run on the internet in 60 seconds“do you really know what uses port 80?”http://www.fourhourworkweek.com/blog/2012/02/20/beyond-x-prize-the-10-best-crowdsourcing-tools-and-technologies/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+timferriss+%28The+Blog+of+Author+Tim+Ferriss%29&utm_content=Google+FeedfetcherOn average, Hollywood produces five hundred films per year and reaches a worldwide audience of 2.6 billion. If the average length of those films is two hours, then Hollywood produces one thousand hours of content per year. YouTube users, on the other hand, upload forty-eight hours’ worth of videos every minute. This means, every twenty-one minutes, YouTube provides more novel entertainment than Hollywood does in twelve months. And the YouTube audience? In 2009 it received 129 million views a day, so in twenty-one days, the site reached more people than Hollywood does in a year. Since content creators in the developing world now outnumber content creators in the developed world, it’s safe to say that the tools of cooperation have enabled the world’s real silent majority to finally find its voice.
- #33: Mobile Malware - focuses on malicious Web sites and applications that are designed to run on mobile devicesUnauthorized Mobile Marketplaces - focuses on Web sites that potentially distribute applications that are unauthorized by the mobile operating system manufacturer, the handheld device manufacturer, or the network provider. (Traffic to Web sites in this category may be a sign of a jailbroken or rooted device.)
- #34: Results of AV / Malware Scanning are Reported to the Cloud Inspection, of compressed files including - 5 levels .zip, .gzip, .tar, .jar, .rar, .chm, .lha, . pdf, XML/HTML container, OLE container cab, .arj, ace, .bz2 (Bzip), .swf.
- #39: Point of Slide: WatchGuard provides full real-time and historical visibility to business and IT users. Content: Businesses have a responsibility to know a great deal about how their employees are using the Internet and other computing resources. At minimum, this is important to ensure that the business meets its own financial or competitive goals; but in many instances, external regulations mandate it. WatchGuard offers a broad suite of tools to give the administrator, HR departments, executives, auditors, and any other parties with a need to know, detailed information about network, security, and user events and activities. This is the third phase of policy, the audit phase.
- #40: We make best in class better. Our management overlay improves each individual offering by providing an overall security management policy. The whole is greater than the sum of the parts.
- #43: Who is watchguard and this is validated our recent awards