You are on page 1of 37

Security Threats and How

WatchGuard Protect Your Business


From Cybercrime
Daniel Phuan
Senior Principal Consultant
Southeast Asia
Cyber Crime Comes to Main Street!
3
Small Businesses are targets

 Small companies spend


less time and money on
security than large firms
 Visa says that small
business accounts for 90%
of data breaches reported
Small Business (50 – 150 employees)

Struggling to cope with security complexity


 No dedicated IT security staff
– How do you protect against today’s
advanced malware?
– Which security services are you
running at the perimeter?
– How do you see what is happening
on the network?
– Do you know if you have been
breached?
– Have you enabled all of the security
services that you have purchased?
Digital Explosion

Bandwidth demands are increasing


 Average connection speeds increased
21% YoY in 2014
 23% yearly growth in all internet traffic
 Applications Drive Bandwidth Requirements
 Video / Audio
– Streaming Services
– UltraHD video is coming with 4k bitrate streams,
requiring between 10–20 Mbps of bandwidth

1: Akamai state of the internet report 2014


2: Cisco Global IP network forecast: http://www.cisco.com/c/en/us/solutions/collateral/service-provider/ip-ngn-ip-next-generation-network/white_paper_c11-481360.html
3: Sandvine Global Internet Phenomena: https://www.sandvine.com/downloads/general/global-internet-phenomena/2014/1h-2014-global-internet-phenomena-report.pdf
HTTPS Encryption
Closing the Blind Spot
 SSL traffic doubled in the last year
 Common applications use SSL by default
 Inspection is a processor intensive
operation

 SSL traffic needs to be decrypted for


security inspection
– Advanced Malware
– Command and Control
– Data Loss Prevention
1: Akamai state of the internet report 2014
8
9
10

Firebox M200 & M300


 8 x 1 Gb Interface ports
 Outperforms competitors
 Recommended: M200 – 60 users ; M300 – 150 users
Best of Breed Technology
 Taking advantage of latest Freescale processors

 Built for performance


– M200 – 4 core
– M300 – 8 core

 Line speed throughput between bridge interfaces


with no load on the CPU
 Encryption support in the hardware
 64 bit OS => More connections

URL Filtering IPS / Appl. AntiVirus Malware AntiSpam


Branch Office VPN Throughput
Dramatic increases compared to existing XTM
XTM 515 250 Mbps

M300: 2.0 Gbps


Performance vs. Fortinet
Firebox M200 Firebox M300 Fortinet 100D
Stateful Firewall 3240 4,000 3500

VPN 1280 2000 450

GAV 622 1205 300

IPS 1450 2520 950

UTM 515 800 N/A

Connections per second 20,000 48,000 22,000

Concurrent connections 1,700,000 3,300,000 3,000,000


14
Advanced Threats Require Defense-in-Depth
Advanced threats, by definition, leverage
multiple vectors of attack.

No single defense will protect you


completely from computer attacks…

Firewall The more layers of security you have, the


Intrusion Prevention System higher chance an additional protection might
AntiVirus catch an advanced threat that other layers
might miss.
AntiSpam
Reputation Services
APT Protection
The Cyber Kill Chain
Reconnaissance

Weaponization

Delivery

Compromise/Exploit

Infection/Installation

Command and Control (C&C)

Objectives/Exfiltration
WatchGuard Kill Chain 3.0

Reconnaissance

Delivery

Compromise/Exploit

Infection/Installation

Command and Control (C&C)

Lateral Movement / Pivoting

Objectives/Exfiltration
WatchGuard Breaks the Kill Chain
Reconnaissance

Delivery

Compromise/Exploit

Infection/Installation

Command and Control (C&C)

Lateral Movement / Pivoting

Objectives/Exfiltration

18
UMT/NGFW is Defense-in-Depth
Application
Control

URL
Filtering

Anti
SPAM

Gateway
AntiVirus
Intrusion
Prevention
Service
Firewall
Complete
Data Loss
defense in one
Prevention
place.
Advanced
Threats

19
UMT/NGFW is Defense-in-Depth
Application
Control

URL
Filtering

Anti
SPAM

Gateway
AntiVirus
Intrusion
Prevention
Service Easy
Firewall
management
Data Loss
Prevention saves money!
Advanced
Threats

20
7/9
/20 21
What’s New in WatchGuard Dimension Version 2.0

 Direct Access to Firebox — Integrated Fireware Web UI


connections from Dimension
 Health Status — Information for all Managed Appliances
 Configuration History — Detail on changes
 Visibility and Usability Enhancements — Integration
with new dashboards and reports
 New Role-Based Privileges — Set access levels based
on permission
 New Look and Feel — Improved layout and design
 Other New Features — Many more features added to
inform and delight
Direct Access to Firebox
Open Fireware Web UI for your Firebox from Dimension
List Page
Health Page
Sort Firebox appliances based on health statistics
– CPU Usage (Percentage)
– Memory Usage (Percentage)
– Uptime
– Feature Key Status
Map Page
World Map View of Firebox location
Firebox Health Statistics
License Page
Shows Feature Key Status
Updated Dashboards
Device Summary Page
 Health and Device Information
– Connected Status
– CPU Usage
– Memory Usage
– Uptime
– Feature Key Status
– Model
– OS Version
– Serial Number
– IP Address
 Control
– Open Fireware Web UI
– Reboot Firebox
– Update Feature Key
– Configuration History
FireWatch, Threat Map, and Policy Map
Visibility and Usability Enhancements
NEW!

 Visibility Integration allows you to interpret and take action


 Health Reports provide a summary of Usage, Interfaces, and Health
 Time and Bandwidth Quotas integrated into dashboards and reports
Configuration History

 All Fireware Management Tools Supported


– WSM, Policy Manager, Web UI (direct or through Dimension), CLI

 Configuration Changes Automatically Tracked by Dimension


 View Configuration History List
– Diff two revisions
– Revert to a previous revision
– Defaults — 5 revisions and 10 MB total per Firebox
Visibility Integration
 Take action on Firebox configuration based on Dimension Visibility data
 Available in Executive Dashboard and Security Dashboard
 Actionable Data
– IP Address
• Add to Blocked Sites list

– Domain Name
• Add to Blocked Sites list

– Application
• Open Application Control settings in Fireware Web UI

– WebBlocker
• Open WebBlocker settings in Fireware Web UI

 Configure IP Address or Domain Name before blocking


– Add wildcard to Domain Name
Health Reports
 Health Summary
– At-a-glance View of CPU Usage, Memory Usage, and Physical Interface Usage
– Links to individual Usage and Interface Summary pages

 Usage Summary
– Time Series Summary of CPU and Memory Usage

 Interface Summary
– Time Series for Physical Interface
– Pivot on Interface
– Filter by Bytes, Rate, or Packet
Role-Based Privileges
 New Predefined Roles
– Global Administrator NEW!
– Global Monitor
– View All Logs
– View All Reports

 New Custom Roles


– Device Administrator
– Device Monitor
– VPN Administrator
– VPN Monitor

 Use Local Groups to manage role-based policies


7/9
/20 36