SonicWALL UTM Overview. Jon Piro NA Channel SE

Transcription

1 SonicWALL UTM Overview Jon Piro NA Channel SE

2 SonicWALL Strengths SonicWALL is in a leadership position across our key markets and gaining share. SonicWALL has a growing, global install base of over 1 million customers Our value is very hard to copy in the marketplace. 1. Excellent partnership with CDW to support our customers 2. Broad solution set for a wide range of customer needs 3. Unique deep packet inspection technology 4. Services model for dynamic security, productivity and support 2

3 Crabtree & Evelyn Global Leaders Choose SonicWALL 3

4 The Need for Security 2007 Security Trends

5 Today s Reality 1. Organizations and people are dependant on technology 2. Attacks are now both obscured and actionable 3. Time from vulnerability to exploit is shorter The new attackers: Cybercrime Organizations Mafia Organizations Professional Hackers Company insiders Perpetuated by: Outdated technology Continual security changes Limited control Human factors 5

6 Susceptible Users

7 Why Would Anyone Target Me? I don t run a web-site or any services I only use my computer for work/ /browsing I don t store sensitive information on my computer I have a personal firewall and AV software True very few individuals are selected as targets, but anyone unprotected can be caught in the widely cast net Only with understanding of the scope and severity of the threat can we dispel the dangerous misconception of invisibility 7

8 The Attack: Deception Leveraging Trust Sending IM and to buddy/contact lists from infected machines since the recipient knows/trusts the sender Escalating the Authenticity of the Fraud Professionally designed phishes Multi-layered attacks, such as the recent Allied Irish Bank scam Following the Masses Going where the people are, leveraging the inherent trust of the portal. In 2006: Wikipedia - MySpace - 8

9 Phishers Turn Pro Really professional phish Source: SonicWALL SMART Lab 9

10 Phishing: The Con Must Convince Undetectable Allied Irish Bank scam uses a layered attack: Uses previously installed malware to conceal the fraud When a user browses to AIB, the virus activates and superimposes itself over the real page 10

11 Why? Human Behavior Contributes The human factor cannot be ignored: 30% to 40% of employee Internet use is not work related* 37% of the US population use IM* 55% of online users have been infected with spyware* Instant messaging security threats double every 6 months* Personal IM 54% Games Streaming Media MP3s P2P File Sharing DVDs Illegal Software Hacking Tools None 4% 10% 14% 16% 21% 29% 44% 47% Bottom line: Network misuse provide the fuel for today s organized crime and workplace productivity issues 0% 10% 20% 30% 40% 50% 60% Non-work related activities 11 *Intl Data Corp * *Bigfoot Interactive *Gartner

12 MyTob Worm Discovered on: Variant returned again January 2007 is a mass-mailing worm that propagates via network shares and through Opens a back door into the affected computer Self protects by redirecting AV updates to local computer 12

13 Step 1: Arrives as an or buffer overflow Copies itself as %System%\msnmsgs.exe Adds the value: MSN = msnmsgs.exe to registry: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ RunServices HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\OLE HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa W32.Mytob@mm runs every time Windows starts User Zone Server Zone 13

14 14

15 15

16 Step 3: Logs in to an IRC channel IRC Server Connects to an IRC channel on the irc.blackcarder.net domain on TCP port 6667 Advertises host PC IP address listens for commands that allow the remote attacker to perform the following actions: Download files Execute files Delete files Update itself Get uptime information User Zone Server Zone 16

17 Step 4: Generate potential targets and attack Generates random IP addresses Exploits the RPC/DCOM vulnerability Allows the program to gain full access and execute any code on a target machine by sending a malformed packet to the DCOM service Exploits the Windows LSASS vulnerability This is a buffer overflow that allows remote code execution and enables a malicious user to gain full control of the affected system User Zone Random IPs Server Zone 17

18 Step 5: Uses its own SMTP server to send itself Searches for addresses on local computer.wab.asp.adb php.tbb.sht.dbx.htm From: Spoofed Subject: hello hi error status Mail Transaction Failed Mail Delivery System SERVER REPORT (No Subject) (random alphabets) User Zone Find Addresses Server Zone 18

19 SonicWALL s Protection Answers & Solutions

20 The Four Key Efficiency Elements for Business Organizations have evolved and are dependent on technology and access to information Networks Organizations have less resources to work with High price of security problems, downtime and productivity loss Addressing the four technology forces are critical for success Business Communication Company Data Technology, Applications & Users 20

21 Business Pain Points & Requirements Pain Solution Requirements Limited resources Securing Assets Worry-Free Use Management Reporting Security Integration Dynamic Architecture Lower complexity & management SonicWALL Unified Threat Management Require Security for Today Automated, zero user intervention Lowered Cost Limited Current Solution Productivity Control Network Intelligence Lower total cost of ownership Intelligent, adaptable solution 38% 32% 46% Instant For 58% SMEs of 52% of of small security want messengers SMEs of the and say reliable say networks officers medium a the security and business network spend peer-to-peer enterprises the strategy perimeter communications more too takes than expensive (SMEs) applications is a the too third do only much to and not of were their used day in lower have understanding time 7 maintain of total enough the defense implement ** top cost properly * 10 IT of security staff ** Internet ownership threats *** 21 *Preventsys ** Yankee Group ***Symantec

22 Complete Network Protection 22

23 Corporate Network Protection & Mobility SonicWALL Network Security solutions are designed for maximum protection, performance & efficiency and dynamic service capabilities Secure Secure Remote Remote Connectivity Connectivity with with Clean Clean VPN VPN High-Speed High-Speed Unified Unified Threat Threat Management Management Protection Protection and and Prevention Prevention Wireless Wireless and and Wired Wired Services, Services, Content Content Filtering Filtering and and Application Application Control Control Client Client & & Server Server Protection Protection and and Network Network Access Access Control Control Enforcement Enforcement Protected Traffic Security Client Enforcement Secure Virtual Private Network Remote Connectivity Corporate Networks 23

24 Better Protection & Performance Solutions Are Not Created Equal Highest Risk Threats Rootkits Hidden malware in large files Spyware communication outbound Phishing attacks Viruses transmitted to network drives Skype/Instant Messenger threats Typical Threats Downloaded or ed Viruses Easy to acquire Spyware Misuse of network resources Network Threats Simple DoS Attack IP Spoof Smurf Attack Attack Sophistication Current Firewalls Port blocking TCP/IP Rules IP Routing Link Layer Intelligent UTM Protection Scan Unlimited Sized Files & Users Block Applications such as Skype Outbound Spyware Control Content Filtering/Control & Phishing Stream-based file support Clean VPN Protection for VPN Users SonicWALL 130MbpsS Typical UTM Protection Limited scanning for Viruses/Worms/Trojans Inbound Spyware protection SNTP, HTTP, IMAP support Content Filtering Deeper Inspection & Greater Performance SonicWALL Unified Threat Management Routers Firewalls Cisco/Fortinet SonicWALL UTM 24

25 SonicWALL UTM Solutions Security Integration Complete Protection External Prevention Internal Network Security Clean VPN Connectivity Secure connectivity Access to resources Wireless mobility Network availability Intelligence & Optimization One point of network control Content & application filtering Business application prioritization Ease of deployment & management Medium/Large Business Small office Wireless Dedicated Content Security SonicWALL Unified Threat Management Platform Security Integration Productivity Network Control Intelligence Dynamically Updated Architecture Management and Reporting Client Identity/Integrity 25

26 The New TZ 190 Combine a PC card from your wireless carrier with the SonicWALL TZ 190 New to create an instant secure broadband network anywhere 26

27 Remote Access Solutions New SSL-VPN 200 SSL-VPN 2000 SSL-VPN 4000 Target Customer Small organizations with 50 or fewer employees Mid size organizations with 500 or fewer employees Mid-to-large enterprises with 500 or more employees Recommended number of concurrent users Concurrent user license Unrestricted Unrestricted Unrestricted 27

28 28

29 29

30 Q & A