1 / 29

Cyberoam Complete Network Security for Banks

Cyberoam Complete Network Security for Banks. Cyberoam for Security in Banks. Dimensions of Banking Security Cyberoam Solution User Identity in Security Solution Range. Dimension - 1 – External threats External Threats – Attackers are after financial gain Targeting the Internal User

kinsey
Download Presentation

Cyberoam Complete Network Security for Banks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Cyberoam Complete Network Security for Banks

  2. Cyberoam for Security in Banks Dimensions of Banking Security Cyberoam Solution User Identity in Security Solution Range

  3. Dimension - 1 – External threats • External Threats – Attackers are after financial gain • Targeting the Internal User • Blended threats over multiple protocol • Email: Over 90 % mail is spam carrying spyware, phishing, viruses, worm • HTTP - Drive-by downloads, Pharming, Spyware via P2P sites • IM: Malicious links and attachments • FTP – Malicious uploads & downloads • Q1: Point Solutions? A combination? or UTM?

  4. Dimension - 2 – Insider Threats • Insider Threats – Over 50% threats are from insiders • Most attackers are current or former employees • Majority of insiders plan their activities in advance using remote access • Methods –Using someone else’s computer, Social engineering, Unattended terminal • Malicious Intent: Selling corporate/customer data for financial gain • User Ignorance: Indiscriminate surfing = Malware, Spyware • Q.2. Would you settle for Plain Security if you had the choice of Identity-based security?

  5. Dimension – 3– Remote Office Security • Remote Office Security – Greater Granularity and Control over system resources • High Security Levels at par with Head Office • External threats • Internal threats • Limited Technical Resources at Remote Office • Centralized control and visibility required • Regulatory Compliance: BS 7799/ ISO 27001, Basel II Norms, PCI-DSS • Q. 3. Are your remote offices as secure as the Head Office? At what cost?

  6. Dimension – 4– Safe Guarding Your EndPoints 60% corporate data lies unprotected on endpoints Lost USBs Medical records of 741 patients lost by a hospital 9000 USB sticks found in people's pockets at the local dry cleaners in UK Lost Multimedia Discs Personal information of 11.1mn customers of leading oil refinery (USA) found on streets Wrong Email Attachment Bank employee accidentally sent sensitive customer details to wrong email address Lost iPods 12,500 handheld devices forgotten at the back of taxis every 6 months in UK

  7. Dimension – 4–Safe Guarding Your Network EndPoints What Places Data At Risk? Removable Devices USBs, CDs/DVDs, MP3, Digital cameras Unintentional Malicious Insiders Applications Unauthorized transfer of sensitive data; Malware-laden email for information access; Sensitive data sent to wrong person Web, Mail, IM, P2P, Printing, FTP Data At Risk • Business plans, RFP / Tender quotes • Intellectual property related to R&D • Product launch dates and roadmap • Customer data

  8. Core Banking System Components Datacenter Branches Application Developers Desktops, Branch Servers Core-Banking Application WAN, Internet OS, Database Alternative Channels Internet-Banking ATM Branch User/Admins System Administrators Network Administrators

  9. Bank X– Case Study • Challenges • Existing Firewall inadequate for 1500 users. To be replaced or not? • Limitations of IP-based security – No tracing of malicious users, No reporting on Net use • No Anti-Malware / Content Filtering / Bandwidth Management / Multiple link management • No Endpoint Security Cyberoam Solution • 2 Cyberoam CR 1500i appliances act as Proxy. Active-Active, High Availability mode. • Firewall, IPS, Anti-Virus & Anti-Spam, Content Filtering • SSL-VPN Secure Remote Clientless, Access • Threat Free Tunnelling prevents malware • CR Protects Customer data in DMZ and LAN, does Load Balancing for 2 ISP’s • On-appliance reporting and Identity-based Surfing policies • Protection in dynamic and Wi-fi environments

  10. Cyberoam Security to X Bank • Confidentiality – Only Authorized users may access • Restricted Zonal access –User Identity, VLAN • Incident Management – Identity-based logging & reporting • Device Control – Block unauthorized file copies, USBs etc. • Application Control – Authorized use of Applications Only • Summary of Benefits • Prevents unauthorized access, leakage / damage to information • Reduces the risk of human error, theft, fraud, misuse of infrastructure • Zero-hour threat detection and alerts with username • Ensures Quick and Suitable Response • Ongoing monitoring with username reports

  11. Cyberoam Unified Threat Management

  12. What is Cyberoam? • Comprehensive Security with • Performance-Effectiveness-Granularity • Firewall-VPN-IPS • Gateway Anti-virus & Antispam • Content Filtering & Bandwidth Management • High-Availability & • Multiple Link Management • On-Appliance Reporting • 2. Identity-based Security • 3. Comprehensive Branch Office Security

  13. Dimension 1 Firewall-VPN-IPS

  14. Dimension 1 • Why Cyberoam Firewall-VPN-IPS? • Enterprise-class performance • 6 Gbps Firewall Throughput, 2.5 Gbps IPS Throughput • Certifications • ICSA certified Firewall • Checkmark certified Enterprise UTM • Interoperability with 3rd party VPN - VPNC certified • Benefits • Prevents file uploads and data leakage via IM • IPS signatures to prevent abnormal activity • Works on Layer 8 – The Human layer • Allows users to carry their access rights anywhere in the network

  15. Dimension 1 Anti-virus & Anti-Spam

  16. Dimension 1 • Why Cyberoam Anti-Virus and Anti-Spam? Anti-Virus: • 99 % Anti-Virus detection rate; Zero-hour protection • Virus Outbreak Detection – Zero-hour protection • Anti-Spam: • 98 % Spam detection rate – LowFalse Positive • Scans SMTP, POP3, IMAP with Recurrent Pattern Detection (RPDTM) • Content-agnostic and language independent – Image spam and emerging spam • Certification • Checkmark certified Anti-virus and Anti-spam

  17. Dimension 1 Content Filtering

  18. Dimension 1 • Why Cyberoam Content Filtering? • Database of millions of sites – 82 + categories • HTTP upload control • Categorizes Google cached pages with dynamic URLs • Prevents Proxy surfing eg: tunnel proxy utility, open proxy, web proxy. • Certifications • Checkmark certified Content Filtering • Network Products Guide award - 2008 • Benefits • Prevents entry of malware through unrestricted surfing • Policies based on user identity • Prevents Data Leakage

  19. Bandwidth Management & Multiple Link Management

  20. Dimension 1 Why Cyberoam? Bandwidth Management • Committed and burstable bandwidth • Restricts bandwidth usage by proper allocation on requirements basis • Prevents Bandwidth Choking • Controls cost – prevents excessive bandwidth usage • User Identity in Security • Assigns bandwidth to critical users and applications – supports business agility • Application and Identity-based bandwidth allocation

  21. Dimension 1 Advanced Multiple Gateway Features • Auto gateway failover • Weighted round robin load balancing • Policy routing per application, user, source and destination • Gateway status on dashboard • No restriction on number of WAN Ports • Schedule based bandwidth assignment What does it solve? • Provides continuous connectivity • Security over multiple ISP links

  22. Why Cyberoam? Dimension - 2 Identity-based Security

  23. User Why Identity? – AAA through Cyberoam UTM Security • Authentication by Username – including Wi-Fi • Authorization - Access Rights based on pre-defined corporate policies • Username – Not IP Addresses • Need-to-Usebasis • Across distributed locations • Accounting – Centralized Logging and Reporting with Username • Shows Who is Doing What even in Dynamic Environments • DHCP - Wi-Fi - Shared Machine Scenarios

  24. Data Leakage Control & Reporting (HTTP Upload)

  25. Why Cyberoam? Dimension - 3 Branch Office Security

  26. Dimension 3 • Why Cyberoam? • Branch Office Security • Comprehensive security • Branch user visibility and controls at HQ • Proven interoperability with 3rd party VPNs – VPNC certified • WAN optimization at branches • Bandwidth efficiency • Simplified Operations – No need for technical resource • Remote web-GUI management

  27. Dimension 3 • Secure Remote Access • IPSec & SSL VPN on UTM Appliance • Anywhere Secure Access to telecommuters, road warriors, partners • Threat Free Tunneling Technology – Scans endpoint for malware • Clientless VPN • Full or limited access based on user work profile • High scalability • Easy to use and manage

More Related