Web Gateway Security
Frank Berzau
Agenda
•
Overview and Positioning
•
Demonstration
•
Competition
•
Case Studies
•
How to Sell/Sales Tools
•
Roadmap
Evolution of Simple Proxy Caching into
Integrated Web Gateway Security
1stgeneration Web
Gateway
Main feature: Caching
Benefit:
Accelerate Internet access
3rdgeneration Web
Gateway
Main feature: Anti Virus
integration via ICAP
Benefit:
Secure Internet access 2nd generation Web Gateway
Main feature: On-box URL Filter
Benefit:
Control Internet access
Over a decade ago, with the global
emergence of the Internet, a new
type of infrastructure device was
invented – Proxy Caches
Today, proxy caches are typically devices which do caching very well, with added check-boxes for security Webwasher is designed to address today’s challenges
Leading reputation based URL Filtering, Anti Malware and SSL Scanning built on an integrated Web Gateway security appliance
Evolving into State-of-the-Art Integrated Web Gateway
Integrated Web Gateway Security
Today’s Web gateways provide caching for acceleration and list-based URL filtering to eliminate liability and improve productivity. Security is merely a check box. Many other appliances are needed to cover
even the bare minimum security issues.
Webwasher replaces these point solutions and provides integrated best-of-breed Web gateway security Reputation-based Malware detection and URL filtering
protects against sites infected with Malware
Firewall Public Web Servers Users Intranet Web Servers
Anti-Virus InspectionSSL ScannerContent LeakageData
Proxy
Anti-Spyware
IM & P2P
Security FilterURL
Anti-Malware & Spyware Rep-based URL filtering Reporting -SSL Scanner Compliance/ data leakage Instant Messaging Webwasher
Typical Deployment Options
Users & Intranet Web Servers
• Provides integrated web gateway functionality
Web Proxy
Internet Webwasher Cisco switch WCCPCo-existence
with
Caching
proxies
ICAP• Works with existing proxy appliances such as Netcache or Bluecoat Webwasher Web Proxy
Out-of-Band
Webwasher WebInspector ICAP Switch Webwasher • Out-of-band deployment by connecting to a SPAN port6
Web Gateway Security Portfolio
Content Reporter SmartFilter IronNet Anti-Malware SSL-Scanner IronIM Anti-Virus
* Off box solution integrated with SCUR’s compliance solution
High-performance, multi-lingual URL filtering, with enterprise-level reporting.
In-depth, ultra-high performance protection against Viruses, Worms, Trojans and Spyware at the gateway with industry’s
#1 signature base scanner plus record Proactive Security module.
In-depth, high performance virus filtering at the gateway with branded third party engines. Multi engine scanning. For Web
and e-mail.
Blocking, logging, scanning, Compliance verification, and reporting of IM usage for Proxied IM and Rouge IM**
Enterprise-level reporting on Web & e-mail traffic.
Unlocks encrypted traffic, enabling HTTPS content anti-virus scanning and company policy enforcement.
Privacy Compliance and Data Leakage prevention engine*
P
ro
xy
/M
gt
. F
ea
tu
re
s
** Integration completed Q3Web Gateway Appliance - Proxy
Internet
Authentication
• Direct and transparent authentication (LDAP, NTLM)
• Built-in user database (sync’d with LDAP/AD) to provide prompt-less background authentication for users
Streaming Media
• Streaming media support for RTSP and Flash video (You Tube, Google Video and more)
Load Balancing
• Load balancing, high availability via proxy pac file support, Round Robin DNS, WCCP or 3rd party load balancer/switch
Proxy Engine
• Direct proxy mode and transparent mode, pass-by filtering mode
• Full support for HTTP/1.1
• Upstream proxy routing with built-in load balancing and fail-over
ICAP client and server support
LDAP Active Directory Webwasher appliance Cisco switch <HTML>
URL Filtering with SmartFilter
Global
coverage
•
Multi-lingual, multi-cultural team•
Exceptional global coverage - over 60 languages•
Fully customizable block pages, shipping in multiple languages•
International domain name support•
No premium category chargesLocal analysis
• Realtime Classifier for local, on-the-fly categorization based on intelligent key word search
• Detects pornographic content as data comes back from the web server
Global intelligence
• Industry’s first reputation based URL Filtering,
powered by TrustedSource • Real-time import of Phishing
URL’s from IronMail (via TrustedSource)
• URL and Malware feedback system providing real-time updates to TrustedSource
Comprehensive database
•91 URL categories for flexible policies
•Over 15 million Web site entries
•Supports up to 500 custom categories and hundreds of thousands of custom URLs without any performance degradation
URL Filtering Architecture
Allow
Block
Innovative reputation
Innovative reputation
-
-
based URL Filtering
based URL Filtering
Actions Multiple URL Filtering methods
Computation of global reputation score Global Intelligence Local Behavior Analysis Internet Expression Filter List Blocking URLs w/ support for regular expressions Manual black list Extended List 500 custom categories for manually adding sites Local exception lists SmartFilter URL filtering database with 91 categories Returns category of a Web site Real-time Classifier Analyzes the URL (outgoing) and HTML content (incoming) Local real-time analyses Safe Search Enforce safe-search option when doing image search at search engines Prevent bad images Local Reputation Score Takes results from various filters to determine local real-time reputation Add real-time update of score Quotas Coaching Time-based Auth. override Progr. lockout Delay
Phishing URLs Malware attachments Database updates & real-time queries Malware downloads Visited URLs
Reputation based URL and Malware Filtering
IronMail
Internet Webwasher
Reputation-based URL and Malware Filtering
provides real-time updates of critical security related URL data
Data
• Webwasher local reputation scores
• SmartFilter categories
• Domain Registrations
• WHOIS data
• TrustedSource for Email
• Fortune 1000 websites • Malware URLs • Phishing URLs • Spam URLs Analyses • Correlation Mapping
• Automated learning classification
• Parked Domain Identifier
• Neighborhood Classification • Realtime Classifier • GEO Location • Host information: • DNS • WHOIS • OS • Web server • Certificate information
Webwasher
®
Anti-Malware
More than A/V
• In depth protection against all forms of Malware, such as Viruses, Worms, Trojans, Spyware
• Signature based detection plus
• Behavior analyses for complete protection
Spyware
• Block downloads of Windows executables by unknown browsers
• Block requests sent by Spyware tools, includes granular control
• Watermarking of forms to detect unsolicited POSTs • Lockout client computer with
Spyware installed
• Customizable block or allow action
• Lists clients that have Spyware installed
Targeted attacks
• In 2004/2005 there had been 78 Outbreaks!
• In 2006 there have been zero Outbreaks
• We see a clear trend to more and more targeted attacks and “controlled” outbreaks
Signature based detection is not enough to cover today’s targeted Malware attacks
Legacy, signature based anti virus solutions cannot scale to address today’s evolving
threat environment
Webwasher
®
tops AV.TEST’s Anti-malware Test
•
Leading anti-malware products were
tested to determine their
effectiveness
•
Recent independent test results from
AV.TEST, a leading lab in Europe
•
300,000 Trojan horses were used as
a test sample
•
Other competitors
•
TrendMicro (90.03), Microsoft (76.18), Sophos (65.55)“The No. 1 product, WebWasher by Secure Computing detected 99.97 percent or all but 87 out of the 289,682 samples.” Oct. 2006 85 87 89 91 93 95 97 99 101 Trend Micro McAfee Fortinet F-Secure Kaspersky Symantec Webwasher
Malware Catch rate - percent
What made Secure #1?
Secure’s proactive scanning
technology for Anti-malware
that does not rely upon AV
signature
87 2,781 3,302 5,098 15,498 17,410 28,881Targeted Malware: An Example
Reputation-based URL Filtering Needed for Web 2.0 Threats
•
Wikipedia site compromised
•
Hackers created a Wikipedia page that offered a Windows security update
for Blaster worm
•
Link used to deliver Malware
•
URL Filtering: Categorization is correct
•
This is Web 2.0 Security Threat: Permitted website poses security risk
•
Need ability to assign risk to otherwise good site
Wikipedia
Threats and Concerns:
•
Web Wide Virus Attacks
•
Web Access: Productivity,
Liability and Bandwidth
Concerns
Solutions:
•
Signature Based Anti-Virus
•
Category Based URL Filtering
Old Solutions to New Threats Don’t Scale
Threats and Concerns:
•
Targeted Malware Attacks
•
Web Access is a security Threat
Solutions:
•
Proactive Anti-Malware
•
Reputation-Based URL Filtering
Web 2.0 World
Web 1.0 World
SSL Scanner
Problem
• Encrypted Web traffic is 35-40% of network traffic and therefore cannot be scanned to enforce access and filtering policies
• Server certificates are tunneled to the users’ browser, where the uneducated end-user makes the decision to access the site or not
Solution
• All data flowing between hosts can be scanned for malicious traffic & information leakage
• The administrator can take control and make decisions about certificate validation at the gateway, rather than leaving it up to the end-user
Security while ensuring complete Integrity and Privacy
Data inspection and certificate management SSL Scanner features
• Tunneling of SSL traffic per category
• Client certificate support
• Coaching support to notify end-users that content inspection is happening
• Incident manager to easily manage policy violations Internet 1101101001 decrypted 1101101001
There
Compliance
Drivers
• Regulatory Compliance• Myriad of US and International regulations • Myriad types of data to protectData
Leakage
• 7 of top 10 threats to enterprise security are data leakage (IDC 2006) • 90%+ of violations are unintentional
• 1 in 5 have been targeted by former employees (CIO Insight)
• Trade secrets, intellectual property, customer lists, confidential financial information, R&D schedules
Full compliance at the Web Gateway, covering Webmail, blogs and other
information leaks
Compliance integration
• Easy to setup from Webwasher GUI • Full protection for compliance and
outbound data leakage via Webmail, Blogs and other data • With SSL Scanner also for
encrypted traffic Internet
Webwasher
IronNet ICAP
URL Reporting: SmartReporter integration
SmartReporter
•
Web-based & easy-to-use Interface•
Real-time reporting, scheduled reporting, automatic delivery•
Extensive drill down, auditing functionsWebwasher
®
Reporting: Content Reporter
Problem
Inability to report on Internet Usage over the Entire Enterprise. Customized
reports difficult to distribute to end user.
Benefits
•
Consolidated reporting
•
Scalable to hundreds of
thousands of users
•
Automatic distribution
Features
•
Forensic HR policy Reporting
•
Security Policy Reporting
•
Performance Management
Outbound Security
Inbound Security
Webwasher Web Gateway Security provides immediate protection against malware hidden
in blended content or hidden in encrypted SSL traffic. Protects organizations from outbound
threats such as loss of confidential information that can leak out on all key Web protocols.
Protect. Enforce. Comply.
Protect. Enforce. Comply.
Filtering
• Reputation Based Web filtering provides superior security
• Real time feedback for malware and
uncategorized sites
Security
• Stops Malware • Stops Spyware
• Scans SSL traffic for malware
Data leakage
• Unique outbound scanning of content – even on SSL • Prevents IP loss
• Regulatory Compliance • Reporting for compliance
and forensics
Webwasher
®
Web Gateway Security Summary
Demo: Sascha Dubbel
Competitive Overview
Our advantages over Blue Coat
•
Secure’s focus is Security, Blue Coat focusing on infrastructure
•
Category based URL Filtering: no web reputation
•
Blue Coat has no behavioral Malware Solution, just 3
rdparty A/V
•
Blue Coat requires a separate box for legacy Anti-Virus
•
Webwasher provides bidirectional security
•
Secure’s SSL Scanning Solution provides
•
No Data unencrypted “on the wire”
•
Certificate updates
•
Secure Appliances have with 3 year NBD on site Warranty
Our advantages over Websense
•
Http, https and ftp bidirectional filtering
•
Data leakage protection
•
Features that Websense lacks
•
Reputation based URL filtering
•
Behavioral based Malware protection: local and global
•
Signature based Anti-virus protection
•
SSL Inspection
•
IronIM instant messaging security
•
Outbound data leakage protection
•
Enterprise Strong Proxy
•
Flexible deployment options
•
Straightforward pricing and purchasing
Case Studies: Customer Success
Key Win - Community Health of Indianapolis
Account
Specifics
•
The Opportunity: $13,000 - 11,000 user SmartFilter Renewal on Vericept•
Competition: Simple Renewal, Blue Coat•
Community Health: 5 Hospitals and 70 Remote locationsWhy SCUR Won
• Timing (we knew about the renewal)
• Better SSL implementation
• exceptional presentation of Webwasher’s features, attributes and Benefits.
• No evaluation required, the entire deal was completed via Webex
Components of the Win
• Webwasher RUNNING AS A
PROXY
• TrustedSource powered URL Filtering
• Content Reporter providing the granularity and
comprehensiveness missing from the provious solution of
Customer Requirements
•
To “illuminate” the SSL Blind spot due to HIPAA regulations•
More robust reporting of Internet Usage anddemonstrated compliance to corporate policies
The Kicker? This small $13k renewal turned into a $125,000 P.O. to SCUR – Nearly 10x
the original opportunity!
Key Win – SwissRE
Account
Specifics
•
The Opportunity: 10,000 URL, AV, and SSL Filtering
•
Coopetition: Blue Coat
•
World’s largest re-insurance company
Why SCUR Won
•
Demonstrated superior Security Solutions•
AV chaining•
Content Protection (precursor to Anti-Malware)•
SSL eliminated as an attack vector•
Comprehensive WebGateway reporting Security, performance, and forensics
Components of the Win
•
2 AV engines in use to ensure best possible protection•
SSL scanner•
$400,000 deal•
20 WW1000 appliances•
Blue Coat ProxySG used for authentication, caching, and content deliveryCustomer Requirements
•
A New Infrastructure needed for Content Delivery•
A visible target formalicious activity requiring a high degree of Security
•
More robust reporting of Internet Usage anddemonstrated compliance to corporate policies
The Kicker? When Swiss RE bought GE’s reinsurance business, Webwasher was the
Security Solution and we sold an additional 5,000 users totaling $200k.
How to Sell and Sales Tools
Selling Web Gateway Security
•
Available as an Appliance
•
WW500, WW1100 or WW1900
•
Available as Server Software
•
Windows, Solaris or Linux
•
All functionality is licensed on subscription basis
•
One, two or three year subscription
•
Support and maintenance is part of subscription
•
Content Reporter is licensed on Perpetual basis
•
Scalability & performance to
handle high volume and large
number of users
•
Clustering capabilities
•
Powered by Dual-Core Intel
architecture
•
RAID and power supply redundancy
available
•
CGLinux - hardened OS
•
Industry Leading Warranty
•
3 yr warranty (included with
purchase)
•
Next Business Day on-site
hardware repair services
Purpose
Purpose-
-built appliances that are secure and scalable;
built appliances that are secure and scalable;
can be easily deployed and require minimal administration
can be easily deployed and require minimal administration
Webwasher: Scalable Appliances
WW 1100 $6,995
WW 1100 $6,995
WW 500 $2,995
WW 500 $2,995
Branch Office Corporate HQ
P er fo rm an ce 4k -10k
users 8k – 20kusers 16k – 40kusers
*prices USD
WW 1900 $13,995
Introducing the Webwasher SME250!
•
All-in-one appliance
•
Protection for both Web and email
•
Anti-Malware•
URL Filter•
SSL Scanner•
Anti-Spam•
Appliance with 3 year Next Business Day On Site Hardware Warranty
•
Same great Webwasher protections – just packaged and priced differently
•
Targeted at the SME market
•
Between 100 and 1000 users
•
Not a branch office solution for a larger enterprise
•
May not be sold to customers with more than 1,000 users
•
100 Users: $8,990
SME250 - Key Messages
•
Web 2.0 threats require all organizations and their security solutions to
proactively protect all key Web and email protocols
•
Most small to medium size businesses don’t have the capacity or budget
to deploy the numerous point security solutions needed for adequate
protection.
•
Webwasher SME250 Appliance
•
Proactive protection for SME for
web and email
traffic against both inbound and
outbound threats
•
Best malware protection in the business
•
URL filtering fueled by TrustedSource Global Reputation to protect against Web 2.0
threats
•
Cost-effective, all-in-one appliance
•
Easy to deploy and administer
•
Flexible and secure deployment with high-performance proxy
•
Comprehensive, easy-to-use reporting
SME250 - Competition
Feature
Webwasher SME250 Internet GatewayMcAfee Secure Trend Micro IGSA Barracuda Category based filtering Reputation based Filtering Anti-Spyware AntiVirus Signature Proactive AntiMalware SSL Scanning Antispam Outbound Data Leakage Protection Web Outbound Data Leakage Protection Email 3 yr NBD onsite HWSales Tools on PartnersFirst
•
CxO presentation
•
25 slides for first preso to high level audience
•
Not technical
•
SE Product Presentation
•
PDF Collateral pieces
•
Web Gateway Product Overview (4 pgs)
•
Anti-Malware, Anti-Virus, SSL Scanner, URL Filtering (2 pgs each)
•
Whitepapers
•
Web Gateway Security Whitepaper
•
Anti Malware Whitepaper: Stopping the targeted attack
•
Proactive Security Filters
•
Eliminating Your SSL Blind Spot
•
Price list contains a quotation tool for all products
Blue Coat Filtering Migration Program
•
Message:
•
Webwasher = Superior Security solution•
Blue Coat = Infrastructure solution•
Purpose:
•
Promote the new Appliance as platform footprint•
Incent the channel via margin and future up-sale dollars to migrate SmartFilter subscriptions off of Blue Coat and onto a Webwasher appliance•
Provides channel with multiple annual opportunities for renewals•
Customer can keep Blue Coat in place for Infrastructure and connect a
Webwasher Appliance via ICAP for Security
•
Customer can transfer balance of SmartFilter subscription to Webwasher platform
with opportunity to up sell additional modules
•
Customer and VAR Promotion
•
Extends Netcache incentive program to infrastructure customers (see next slide for details) – 400 Blue Coat Customers•
VAR Promotion (For deals over $10,000 (net to Secure):•
VAR receives an
additional 10 points
on the deal
Co-existence
with
Caching
proxies
ICAP Webwasher NetCache•
There are 450 customers to leverage this program
•
Use all the features you use today on the NetCache
•
A logical, non-disruptive means of utilizing NetCache today, but
increasing its abilities
Displacement Program: End User Promotions
•
Applies to both Blue Coat and NetCache displacements
•
Free hardware Appliances for end user
•
Purchase $50K in software
•
2 Free WW500•
Purchase $150K or more in software
•
2 Free WW1100•
Purchase between $50K and $150K and get choice
•
2 Free WW500, orPromotions
•
Any Smartfilter customer can transfer the balance of their Smartfilter
Subscription to Webwasher at no cost
•
They still have to buy the Appliance
•
They may buy additional modules or extend their current filtering subscriptions
•
Current Promotions:
•
Three years for price of two one year subscriptions for (until 6/30/2007):
•
URL Filter and SmartFilter•
SSL Scanner•
Anti-Malware•
Buy Anti-Virus and Get Anti-Malware at 50% off
How to Identify a Web Gateway Deal
•
If they have NetCache or Cisco Content Engines they need Webwasher
•
The customer wants to filter URL access
•
Renewal up for Websense, Surf Control, Bluecoat, etc.
•
The customer wants web gateway antivirus solution
•
Opportunity to talk about Malware and differentiate
•
Prospect is a Potential Targeted Malware Victim
•
Government and Military, Financial Services, Healthcare
•
Customer has data leakage/compliance initiative
•
Opportunity to talk about SSL traffic
•
Opportunity to talk about compliance
•
Opportunity to talk about outbound web mail content
•
Prospects looking for spyware protection
Webwasher
®
Elevator Pitch
•
The Webwasher Web Gateway provides a
robust platform
for secure Web access
•
Webwasher Web Gateway Security meets the
bidirectional
security needs of the
Web 2.0
Internet
•
Webwasher provides
immediate protection
against
malware
hidden in blended content or
hidden
in encrypted SSL traffic
•
Webwasher also
protects
organizations from
outbound threats
such as loss of confidential
information
•
Webwasher security protects against Web 2.0 security threats because of
TrustedSource
powered URL filtering
and behavioral malware protection on all web protocols
Web Gateway Roadmap
Web Gateway Roadmap
THIS PRESENTATION MAY NOT BE COPIED, PRINTED, OR RETRANSMITTED EXCEPT BY SECURE COMPUTING. This presentation is authorized to be given ONLY UNDER NON-DISCLOSURE AGREEMENT.
THIS PRESENTATION MAY NOT BE COPIED, PRINTED, OR RETRANSMITTED EXCEPT BY SECURE COMPUTING. This presentation is authorized to be given ONLY UNDER NON-DISCLOSURE AGREEMENT.
Release schedule: June 11, 2007
SmartFilter 4.2
Introducing global intelligence through TrustedSource
Reputation based URL Filtering
•
Proxy/Caching
•
Available on appliance only
•
Object level caching for HTTP/FTP
•
If-Modified-Since rules
•
Granular cache blacklist/whitelist
•
Complete fetch rules
•
Flush cache rules
•
New DNS caching proxy
•
Native NTLM on the appliance
•
Expanding multi-language support for all end-user messages, adding
•
Simplified Chinese, Korean, Italian, Spanish*, Portuguese*
* South American