Web Gateway Security

(1)

Web Gateway Security

Frank Berzau

(2)

Agenda

• Overview and Positioning

• Demonstration

• Competition

• Case Studies

• How to Sell/Sales Tools

• Roadmap

(3)

Evolution of Simple Proxy Caching into

Integrated Web Gateway Security

1st_{generation Web}

Gateway

Main feature: Caching

Benefit:

Accelerate Internet access

3rd_{generation Web}

Gateway

Main feature: Anti Virus

integration via ICAP

Benefit:

Secure Internet access 2nd generation Web Gateway

Main feature: On-box URL Filter

Benefit:

Control Internet access

Over a decade ago, with the global

emergence of the Internet, a new

type of infrastructure device was

invented – Proxy Caches

Today, proxy caches are typically devices which do caching very well, with added check-boxes for security Webwasher is designed to address today’s challenges

Leading reputation based URL Filtering, Anti Malware and SSL Scanning built on an integrated Web Gateway security appliance

Evolving into State-of-the-Art Integrated Web Gateway

(4)

Integrated Web Gateway Security

Today’s Web gateways provide caching for acceleration and list-based URL filtering to eliminate liability and improve productivity. Security is merely a check box. Many other appliances are needed to cover

even the bare minimum security issues.

Webwasher replaces these point solutions and provides integrated best-of-breed Web gateway security Reputation-based Malware detection and URL filtering

protects against sites infected with Malware

Firewall Public Web Servers Users Intranet Web Servers

Anti-Virus InspectionSSL ScannerContent LeakageData

Proxy

Anti-Spyware

IM & P2P

Security FilterURL

Anti-Malware & Spyware Rep-based URL filtering Reporting -SSL Scanner Compliance/ data leakage Instant Messaging Webwasher

(5)

Typical Deployment Options

Users & Intranet Web Servers

• Provides integrated web gateway functionality

Web Proxy

Internet Webwasher Cisco switch WCCP

Co-existence

with

Caching

proxies

ICAP

• Works with existing proxy appliances such as Netcache or Bluecoat Webwasher Web Proxy

Out-of-Band

Webwasher WebInspector ICAP Switch Webwasher • Out-of-band deployment by connecting to a SPAN port

(6)

6

Web Gateway Security Portfolio

Content Reporter SmartFilter IronNet Anti-Malware SSL-Scanner IronIM Anti-Virus

* Off box solution integrated with SCUR’s compliance solution

High-performance, multi-lingual URL filtering, with enterprise-level reporting.

In-depth, ultra-high performance protection against Viruses, Worms, Trojans and Spyware at the gateway with industry’s

#1 signature base scanner plus record Proactive Security module.

In-depth, high performance virus filtering at the gateway with branded third party engines. Multi engine scanning. For Web

and e-mail.

Blocking, logging, scanning, Compliance verification, and reporting of IM usage for Proxied IM and Rouge IM**

Enterprise-level reporting on Web & e-mail traffic.

Unlocks encrypted traffic, enabling HTTPS content anti-virus scanning and company policy enforcement.

Privacy Compliance and Data Leakage prevention engine*

P

ro

xy

/M

gt

. F

ea

tu

re

s

** Integration completed Q3

(7)

Web Gateway Appliance - Proxy

Internet

Authentication

• Direct and transparent authentication (LDAP, NTLM)

• Built-in user database (sync’d with LDAP/AD) to provide prompt-less background authentication for users

Streaming Media

• Streaming media support for RTSP and Flash video (You Tube, Google Video and more)

Load Balancing

• Load balancing, high availability via proxy pac file support, Round Robin DNS, WCCP or 3rd party load balancer/switch

Proxy Engine

• Direct proxy mode and transparent mode, pass-by filtering mode

• Full support for HTTP/1.1

• Upstream proxy routing with built-in load balancing and fail-over

ICAP client and server support

LDAP Active Directory Webwasher appliance Cisco switch <HTML>

(8)

URL Filtering with SmartFilter

Global

coverage

•

Multi-lingual, multi-cultural team

•

Exceptional global coverage - over 60 languages

•

Fully customizable block pages, shipping in multiple languages

•

International domain name support

•

No premium category charges

Local analysis

• Realtime Classifier for local, on-the-fly categorization based on intelligent key word search

• Detects pornographic content as data comes back from the web server

Global intelligence

• Industry’s first reputation based URL Filtering,

powered by TrustedSource • Real-time import of Phishing

URL’s from IronMail (via TrustedSource)

• URL and Malware feedback system providing real-time updates to TrustedSource

Comprehensive database

•91 URL categories for flexible policies

•Over 15 million Web site entries

•Supports up to 500 custom categories and hundreds of thousands of custom URLs without any performance degradation

(9)

URL Filtering Architecture

Allow

Block

Innovative reputation

-

based URL Filtering

Actions Multiple URL Filtering methods

Computation of global reputation score Global Intelligence Local Behavior Analysis Internet Expression Filter List Blocking URLs w/ support for regular expressions Manual black list Extended List 500 custom categories for manually adding sites Local exception lists SmartFilter URL filtering database with 91 categories Returns category of a Web site Real-time Classifier Analyzes the URL (outgoing) and HTML content (incoming) Local real-time analyses Safe Search Enforce safe-search option when doing image search at search engines Prevent bad images Local Reputation Score Takes results from various filters to determine local real-time reputation Add real-time update of score Quotas Coaching Time-based Auth. override Progr. lockout Delay

(10)

Phishing URLs Malware attachments Database updates & real-time queries Malware downloads Visited URLs

Reputation based URL and Malware Filtering

IronMail

Internet Webwasher

Reputation-based URL and Malware Filtering

provides real-time updates of critical security related URL data

Data

• Webwasher local reputation scores

• SmartFilter categories

• Domain Registrations

• WHOIS data

• TrustedSource for Email

• Fortune 1000 websites • Malware URLs • Phishing URLs • Spam URLs Analyses • Correlation Mapping

• Automated learning classification

• Parked Domain Identifier

• Neighborhood Classification • Realtime Classifier • GEO Location • Host information: • DNS • WHOIS • OS • Web server • Certificate information

(11)

Webwasher

®

_Anti-Malware

More than A/V

• In depth protection against all forms of Malware, such as Viruses, Worms, Trojans, Spyware

• Signature based detection plus

• Behavior analyses for complete protection

Spyware

• Block downloads of Windows executables by unknown browsers

• Block requests sent by Spyware tools, includes granular control

• Watermarking of forms to detect unsolicited POSTs • Lockout client computer with

Spyware installed

• Customizable block or allow action

• Lists clients that have Spyware installed

Targeted attacks

• In 2004/2005 there had been 78 Outbreaks!

• In 2006 there have been zero Outbreaks

• We see a clear trend to more and more targeted attacks and “controlled” outbreaks

Signature based detection is not enough to cover today’s targeted Malware attacks

Legacy, signature based anti virus solutions cannot scale to address today’s evolving

threat environment

(12)

Webwasher

®

tops AV.TEST’s Anti-malware Test

• Leading anti-malware products were

tested to determine their

effectiveness

• Recent independent test results from

AV.TEST, a leading lab in Europe

• 300,000 Trojan horses were used as

a test sample

• Other competitors

•

TrendMicro (90.03), Microsoft (76.18), Sophos (65.55)

“The No. 1 product, WebWasher by Secure Computing detected 99.97 percent or all but 87 out of the 289,682 samples.” Oct. 2006 85 87 89 91 93 95 97 99 101 Trend Micro McAfee Fortinet F-Secure Kaspersky Symantec Webwasher

Malware Catch rate - percent

What made Secure #1?

Secure’s proactive scanning

technology for Anti-malware

that does not rely upon AV

signature

87 2,781 3,302 5,098 15,498 17,410 28,881

(13)

Targeted Malware: An Example

Reputation-based URL Filtering Needed for Web 2.0 Threats

• Wikipedia site compromised

• Hackers created a Wikipedia page that offered a Windows security update

for Blaster worm

• Link used to deliver Malware

• URL Filtering: Categorization is correct

• This is Web 2.0 Security Threat: Permitted website poses security risk

• Need ability to assign risk to otherwise good site

Wikipedia

(14)

Threats and Concerns:

• Web Wide Virus Attacks

• Web Access: Productivity,

Liability and Bandwidth

Concerns

Solutions:

• Signature Based Anti-Virus

• Category Based URL Filtering

Old Solutions to New Threats Don’t Scale

Threats and Concerns:

• Targeted Malware Attacks

• Web Access is a security Threat

Solutions:

• Proactive Anti-Malware

• Reputation-Based URL Filtering

Web 2.0 World

Web 1.0 World

(15)

SSL Scanner

Problem

• Encrypted Web traffic is 35-40% of network traffic and therefore cannot be scanned to enforce access and filtering policies

• Server certificates are tunneled to the users’ browser, where the uneducated end-user makes the decision to access the site or not

Solution

• All data flowing between hosts can be scanned for malicious traffic & information leakage

• The administrator can take control and make decisions about certificate validation at the gateway, rather than leaving it up to the end-user

Security while ensuring complete Integrity and Privacy

Data inspection and certificate management SSL Scanner features

• Tunneling of SSL traffic per category

• Client certificate support

• Coaching support to notify end-users that content inspection is happening

• Incident manager to easily manage policy violations Internet 1101101001 decrypted 1101101001

There

(16)

Compliance

Drivers

• Regulatory Compliance_{• Myriad of US and International regulations} • Myriad types of data to protect

Data

Leakage

• 7 of top 10 threats to enterprise security are data leakage (IDC 2006) • 90%+ of violations are unintentional

• 1 in 5 have been targeted by former employees (CIO Insight)

• Trade secrets, intellectual property, customer lists, confidential financial information, R&D schedules

Full compliance at the Web Gateway, covering Webmail, blogs and other

information leaks

Compliance integration

• Easy to setup from Webwasher GUI • Full protection for compliance and

outbound data leakage via Webmail, Blogs and other data • With SSL Scanner also for

encrypted traffic Internet

Webwasher

IronNet ICAP

(17)

URL Reporting: SmartReporter integration

SmartReporter

•

Web-based & easy-to-use Interface

•

Real-time reporting, scheduled reporting, automatic delivery

•

Extensive drill down, auditing functions

(18)

Webwasher

®

_{Reporting: Content Reporter}

Problem

Inability to report on Internet Usage over the Entire Enterprise. Customized

reports difficult to distribute to end user.

Benefits

• Consolidated reporting

• Scalable to hundreds of

thousands of users

• Automatic distribution

Features

• Forensic HR policy Reporting

• Security Policy Reporting

• Performance Management

(19)

Outbound Security

Inbound Security

Webwasher Web Gateway Security provides immediate protection against malware hidden

in blended content or hidden in encrypted SSL traffic. Protects organizations from outbound

threats such as loss of confidential information that can leak out on all key Web protocols.

Protect. Enforce. Comply.

Filtering

• Reputation Based Web filtering provides superior security

• Real time feedback for malware and

uncategorized sites

Security

• Stops Malware • Stops Spyware

• Scans SSL traffic for malware

Data leakage

• Unique outbound scanning of content – even on SSL • Prevents IP loss

• Regulatory Compliance • Reporting for compliance

and forensics

Webwasher

®

_{Web Gateway Security Summary}

(20)

Demo: Sascha Dubbel

(21)

Competitive Overview

(22)

Our advantages over Blue Coat

• Secure’s focus is Security, Blue Coat focusing on infrastructure

• Category based URL Filtering: no web reputation

• Blue Coat has no behavioral Malware Solution, just 3

rd

_{party A/V}

• Blue Coat requires a separate box for legacy Anti-Virus

• Webwasher provides bidirectional security

• Secure’s SSL Scanning Solution provides

• No Data unencrypted “on the wire”

• Certificate updates

• Secure Appliances have with 3 year NBD on site Warranty

(23)

Our advantages over Websense

• Http, https and ftp bidirectional filtering

• Data leakage protection

• Features that Websense lacks

• Reputation based URL filtering

• Behavioral based Malware protection: local and global

• Signature based Anti-virus protection

• SSL Inspection

• IronIM instant messaging security

• Outbound data leakage protection

• Enterprise Strong Proxy

• Flexible deployment options

• Straightforward pricing and purchasing

(24)

Case Studies: Customer Success

(25)

Key Win - Community Health of Indianapolis

Account

Specifics

•

The Opportunity: $13,000 - 11,000 user SmartFilter Renewal on Vericept

•

Competition: Simple Renewal, Blue Coat

•

Community Health: 5 Hospitals and 70 Remote locations

Why SCUR Won

• Timing (we knew about the renewal)

• Better SSL implementation

• exceptional presentation of Webwasher’s features, attributes and Benefits.

• No evaluation required, the entire deal was completed via Webex

Components of the Win

• Webwasher RUNNING AS A

PROXY

• TrustedSource powered URL Filtering

• Content Reporter providing the granularity and

comprehensiveness missing from the provious solution of

Customer Requirements

•

To “illuminate” the SSL Blind spot due to HIPAA regulations

•

More robust reporting of Internet Usage and

demonstrated compliance to corporate policies

The Kicker? This small $13k renewal turned into a $125,000 P.O. to SCUR – Nearly 10x

the original opportunity!

(26)

Key Win – SwissRE

Account

Specifics

• The Opportunity: 10,000 URL, AV, and SSL Filtering

• Coopetition: Blue Coat

• World’s largest re-insurance company

Why SCUR Won

•

Demonstrated superior Security Solutions

•

AV chaining

•

Content Protection (precursor to Anti-Malware)

•

SSL eliminated as an attack vector

•

Comprehensive Web

Gateway reporting Security, performance, and forensics

Components of the Win

•

2 AV engines in use to ensure best possible protection

•

SSL scanner

•

$400,000 deal

•

20 WW1000 appliances

•

Blue Coat ProxySG used for authentication, caching, and content delivery

Customer Requirements

•

A New Infrastructure needed for Content Delivery

•

A visible target for

malicious activity requiring a high degree of Security

•

More robust reporting of Internet Usage and

demonstrated compliance to corporate policies

The Kicker? When Swiss RE bought GE’s reinsurance business, Webwasher was the

Security Solution and we sold an additional 5,000 users totaling $200k.

(27)

How to Sell and Sales Tools

(28)

Selling Web Gateway Security

• Available as an Appliance

• WW500, WW1100 or WW1900

• Available as Server Software

• Windows, Solaris or Linux

• All functionality is licensed on subscription basis

• One, two or three year subscription

• Support and maintenance is part of subscription

• Content Reporter is licensed on Perpetual basis

(29)

• Scalability & performance to

handle high volume and large

number of users

• Clustering capabilities

• Powered by Dual-Core Intel

architecture

• RAID and power supply redundancy

available

• CGLinux - hardened OS

• Industry Leading Warranty

• 3 yr warranty (included with

purchase)

• Next Business Day on-site

hardware repair services

Purpose

Purpose-

-built appliances that are secure and scalable;

built appliances that are secure and scalable;

can be easily deployed and require minimal administration

Webwasher: Scalable Appliances

WW 1100 $6,995

WW 500 $2,995

Branch Office Corporate HQ

P er fo rm an ce 4k -10k

users 8k – 20kusers 16k – 40kusers

*prices USD

WW 1900 $13,995

(30)

Introducing the Webwasher SME250!

• All-in-one appliance

• Protection for both Web and email

•

Anti-Malware

•

URL Filter

•

SSL Scanner

•

Anti-Spam

• Appliance with 3 year Next Business Day On Site Hardware Warranty

• Same great Webwasher protections – just packaged and priced differently

• Targeted at the SME market

• Between 100 and 1000 users

• Not a branch office solution for a larger enterprise

• May not be sold to customers with more than 1,000 users

• 100 Users: $8,990

(31)

SME250 - Key Messages

• Web 2.0 threats require all organizations and their security solutions to

proactively protect all key Web and email protocols

• Most small to medium size businesses don’t have the capacity or budget

to deploy the numerous point security solutions needed for adequate

protection.

• Webwasher SME250 Appliance

• Proactive protection for SME for

web and email

traffic against both inbound and

outbound threats

• Best malware protection in the business

• URL filtering fueled by TrustedSource Global Reputation to protect against Web 2.0

threats

• Cost-effective, all-in-one appliance

• Easy to deploy and administer

• Flexible and secure deployment with high-performance proxy

• Comprehensive, easy-to-use reporting

(32)

SME250 - Competition

Feature

Webwasher SME250 _{Internet Gateway}McAfee Secure Trend Micro _IGSA Barracuda Category based filtering Reputation based Filtering Anti-Spyware AntiVirus Signature Proactive AntiMalware SSL Scanning Antispam Outbound Data Leakage Protection Web Outbound Data Leakage Protection Email 3 yr NBD onsite HW

(33)

Sales Tools on PartnersFirst

• CxO presentation

• 25 slides for first preso to high level audience

• Not technical

• SE Product Presentation

• PDF Collateral pieces

• Web Gateway Product Overview (4 pgs)

• Anti-Malware, Anti-Virus, SSL Scanner, URL Filtering (2 pgs each)

• Whitepapers

• Web Gateway Security Whitepaper

• Anti Malware Whitepaper: Stopping the targeted attack

• Proactive Security Filters

• Eliminating Your SSL Blind Spot

• Price list contains a quotation tool for all products

(34)

Blue Coat Filtering Migration Program

• Message:

•

Webwasher = Superior Security solution

•

Blue Coat = Infrastructure solution

• Purpose:

•

Promote the new Appliance as platform footprint

•

Incent the channel via margin and future up-sale dollars to migrate SmartFilter subscriptions off of Blue Coat and onto a Webwasher appliance

•

Provides channel with multiple annual opportunities for renewals

• Customer can keep Blue Coat in place for Infrastructure and connect a

Webwasher Appliance via ICAP for Security

• Customer can transfer balance of SmartFilter subscription to Webwasher platform

with opportunity to up sell additional modules

• Customer and VAR Promotion

•

Extends Netcache incentive program to infrastructure customers (see next slide for details) – 400 Blue Coat Customers

•

VAR Promotion (For deals over $10,000 (net to Secure):

• VAR receives an

additional 10 points

on the deal

(35)

Co-existence

with

Caching

proxies

ICAP Webwasher NetCache

• There are 450 customers to leverage this program

• Use all the features you use today on the NetCache

• A logical, non-disruptive means of utilizing NetCache today, but

increasing its abilities

(36)

Displacement Program: End User Promotions

• Applies to both Blue Coat and NetCache displacements

• Free hardware Appliances for end user

• Purchase $50K in software

•

2 Free WW500

• Purchase $150K or more in software

•

2 Free WW1100

• Purchase between $50K and $150K and get choice

•

2 Free WW500, or

(37)

Promotions

• Any Smartfilter customer can transfer the balance of their Smartfilter

Subscription to Webwasher at no cost

• They still have to buy the Appliance

• They may buy additional modules or extend their current filtering subscriptions

• Current Promotions:

• Three years for price of two one year subscriptions for (until 6/30/2007):

•

URL Filter and SmartFilter

•

SSL Scanner

•

Anti-Malware

• Buy Anti-Virus and Get Anti-Malware at 50% off

(38)

How to Identify a Web Gateway Deal

• If they have NetCache or Cisco Content Engines they need Webwasher

• The customer wants to filter URL access

• Renewal up for Websense, Surf Control, Bluecoat, etc.

• The customer wants web gateway antivirus solution

• Opportunity to talk about Malware and differentiate

• Prospect is a Potential Targeted Malware Victim

• Government and Military, Financial Services, Healthcare

• Customer has data leakage/compliance initiative

• Opportunity to talk about SSL traffic

• Opportunity to talk about compliance

• Opportunity to talk about outbound web mail content

• Prospects looking for spyware protection

(39)

Webwasher

®

_{Elevator Pitch}

• The Webwasher Web Gateway provides a

robust platform

for secure Web access

• Webwasher Web Gateway Security meets the

bidirectional

security needs of the

Web 2.0

Internet

• Webwasher provides

immediate protection

against

malware

hidden in blended content or

hidden

in encrypted SSL traffic

• Webwasher also

protects

organizations from

outbound threats

such as loss of confidential

information

• Webwasher security protects against Web 2.0 security threats because of

TrustedSource

powered URL filtering

and behavioral malware protection on all web protocols

(40)

Web Gateway Roadmap

THIS PRESENTATION MAY NOT BE COPIED, PRINTED, OR RETRANSMITTED EXCEPT BY SECURE COMPUTING. This presentation is authorized to be given ONLY UNDER NON-DISCLOSURE AGREEMENT.

(41)

Release schedule: June 11, 2007

SmartFilter 4.2

Introducing global intelligence through TrustedSource

Reputation based URL Filtering

(42)

• Proxy/Caching

• Available on appliance only

• Object level caching for HTTP/FTP

• If-Modified-Since rules

• Granular cache blacklist/whitelist

• Complete fetch rules

• Flush cache rules

• New DNS caching proxy

• Native NTLM on the appliance

• Expanding multi-language support for all end-user messages, adding

• Simplified Chinese, Korean, Italian, Spanish, Portuguese

* South American

• Release schedule: July 2007

(43)

• Revised hardware specs for existing models

• WW500:

2 GB RAM, rather than 1 GB

• WW1100: 2 GB RAM, rather than 1 GB

• WW1900: 4 GB RAM, rather than 2 GB

15k RPM disk drive, rather than 10k RPM

• New high-end model (name TBD)

• Dual quad-core Xeon CPUs

• 4gig RAM

• 2 x 146 GB 15k RPM SAS disk drives w/ RAID 1 for system/logs

plus 4 x 300 GB 15k RPM SAS disks w/o RAID for caching

• Optional 6-port NIC available for all models

• Optional in-the-field memory upgrade for existing models

(44)

Secure Computing Webwasher 7.0

• An Appliance only release (no software)

• A Web only release (no mail)

• Our new product and development focus going forward

(45)

Consolidated Reporting - code name “Storm”

• Combine the

key strengths of both Content Reporter

and

SmartReporter

in a single product

• Simple to use

Quick View reports currently available in SmartReporter

with simple

real-time drill-down

capabilities requiring no configuration

• Powerful batch processing

and configs as currently supported in

Content Reporter for complex offline reporting

(46)

Consolidated Reporting - code name “Storm”

• Other

new features

included in

Storm

• Additional quick view reports and views

• Additional database options

• Delegated reporting

• Localized reporting output

• Basic version, available free of charge with every Web Gateway sale,

Premium version with additional features

• Custom log sources (essentially limited Basic to SCUR/OEM products)

• Custom queries (custom reports possible in Basic, but query editor only in Premium)

• Delegated reporting

• Ability to replace the SCUR logo/branding (important for MSP’s)

(47)