BYOD Ate My Network, but My Next Generation ... - Aventri
Transcript of BYOD Ate My Network, but My Next Generation ... - Aventri
![Page 1: BYOD Ate My Network, but My Next Generation ... - Aventri](https://reader034.fdocuments.net/reader034/viewer/2022051114/6277783f32a4c454a93d0bfd/html5/thumbnails/1.jpg)
BYOD Ate My Network, but My Next Generation Firewall Saved It
Eric Crutchlow Senior Product Manager
Dell SonicWALL
![Page 2: BYOD Ate My Network, but My Next Generation ... - Aventri](https://reader034.fdocuments.net/reader034/viewer/2022051114/6277783f32a4c454a93d0bfd/html5/thumbnails/2.jpg)
2 SonicWALL Confidential
But My Next Generation Firewall Saved It! Eric Crutchlow Senior Product Manager, Network Security
BYOD Ate My Network
![Page 3: BYOD Ate My Network, but My Next Generation ... - Aventri](https://reader034.fdocuments.net/reader034/viewer/2022051114/6277783f32a4c454a93d0bfd/html5/thumbnails/3.jpg)
3 SonicWALL Confidential
BYOD: Bring Your Own Device
![Page 4: BYOD Ate My Network, but My Next Generation ... - Aventri](https://reader034.fdocuments.net/reader034/viewer/2022051114/6277783f32a4c454a93d0bfd/html5/thumbnails/4.jpg)
4 SonicWALL Confidential
BYOD Issues
• Security
• Security
• Security
• BYOD’s effect on network performance – Devices increasingly geared toward media consumption
(bandwidth hogs)
– Social media and collaboration increase traffic
– Users are holding IT accountable for the same QoS and QoE for BYOD as company supplied devices.
![Page 5: BYOD Ate My Network, but My Next Generation ... - Aventri](https://reader034.fdocuments.net/reader034/viewer/2022051114/6277783f32a4c454a93d0bfd/html5/thumbnails/5.jpg)
5 SonicWALL Confidential
A Balancing Act
![Page 6: BYOD Ate My Network, but My Next Generation ... - Aventri](https://reader034.fdocuments.net/reader034/viewer/2022051114/6277783f32a4c454a93d0bfd/html5/thumbnails/6.jpg)
6 SonicWALL Confidential
Security Challenges
As soon as devices are on
the network, damage
can be done!
![Page 7: BYOD Ate My Network, but My Next Generation ... - Aventri](https://reader034.fdocuments.net/reader034/viewer/2022051114/6277783f32a4c454a93d0bfd/html5/thumbnails/7.jpg)
7 SonicWALL Confidential
Smartphones and Tablets Issues
• iOS apps are “White-listed” before being available for download
• Apps for Android … depends
• What about “jailbroken” or “rooted” devices?
![Page 8: BYOD Ate My Network, but My Next Generation ... - Aventri](https://reader034.fdocuments.net/reader034/viewer/2022051114/6277783f32a4c454a93d0bfd/html5/thumbnails/8.jpg)
8 SonicWALL Confidential
No Wires Attached • Regardless of backbone bandwidth, wireless access point capacity
is limited
• Convenience and connection speed are expected
• iPhones automatically set to poll APs and acquire IP addresses…even when they’re not in use
![Page 9: BYOD Ate My Network, but My Next Generation ... - Aventri](https://reader034.fdocuments.net/reader034/viewer/2022051114/6277783f32a4c454a93d0bfd/html5/thumbnails/9.jpg)
9 SonicWALL Confidential
Bring Your Own Device to Work is Happening
Need to Deal With It . . .
But Securely!!!
![Page 10: BYOD Ate My Network, but My Next Generation ... - Aventri](https://reader034.fdocuments.net/reader034/viewer/2022051114/6277783f32a4c454a93d0bfd/html5/thumbnails/10.jpg)
10 SonicWALL Confidential 10
BYOD and Your Business
Homogeneous Heterogeneous
APPLICATIONS
COMMUNICATIONS
DEVICES
![Page 11: BYOD Ate My Network, but My Next Generation ... - Aventri](https://reader034.fdocuments.net/reader034/viewer/2022051114/6277783f32a4c454a93d0bfd/html5/thumbnails/11.jpg)
11 SonicWALL Confidential
Why Personal Devices Could Be Risky?
• Personal Devices Can … – Download/Store/Forward Sensitive Information
– Have Access to Corporate Networks, Systems, and Data
• Areas of Risk: – Data Loss
– Lost Mobile Device
– Loss of Control Introduction of Malware
– JailBroken / Routed Phones
– Data Leakage
– Unauthorized Data Access & Download
– Unauthorized Network Access
– Compromised Device is a Backdoor to Your Network
11
![Page 12: BYOD Ate My Network, but My Next Generation ... - Aventri](https://reader034.fdocuments.net/reader034/viewer/2022051114/6277783f32a4c454a93d0bfd/html5/thumbnails/12.jpg)
12 SonicWALL Confidential
![Page 13: BYOD Ate My Network, but My Next Generation ... - Aventri](https://reader034.fdocuments.net/reader034/viewer/2022051114/6277783f32a4c454a93d0bfd/html5/thumbnails/13.jpg)
13 SonicWALL Confidential
The Mobile Market in 2012+
B.Y.O.D. is driving the market
The need is mobile ACCESS
Common
Requirements
The assumed answer is often MDM
MDM
For most of the market, the better answer is
Smart Mobile SSL VPN
Smart Mobile
SSL VPN
Differences Differences
Network & Access Focused Device Focused
![Page 14: BYOD Ate My Network, but My Next Generation ... - Aventri](https://reader034.fdocuments.net/reader034/viewer/2022051114/6277783f32a4c454a93d0bfd/html5/thumbnails/14.jpg)
14 SonicWALL Confidential
The Real Mobile Market in 2012+
Remote Access
Protect Company Data
Manage Mobile users as “Groups”
Password Enforcement (policies)
Drivers Leverage existing infrastructure
JailBreak & Identity protection and policy
Security
Anti-virus, intrusion prevention, anti-spyware
Data Leakage Prevention
Application control
Leverage existing policy engines based on device
status
Global remote device wipe
Drivers: Deployment of independent MDM
infrastructure
Over air software distribution
IT control of settings, on device policies
Asset inventory tracking
App black list reporting
Remote wipe of specific applications
Granular IT control over personal versus
work data
Personal work space & protected workspace
Redundant infrastructure for protected
workspace (separate email server, etc.)
Common
Requirements
MDM Smart Mobile
SSL VPN
Differences Differences
B.Y.O.D.
Network & Access Focused Device Focused
![Page 15: BYOD Ate My Network, but My Next Generation ... - Aventri](https://reader034.fdocuments.net/reader034/viewer/2022051114/6277783f32a4c454a93d0bfd/html5/thumbnails/15.jpg)
15 SonicWALL Confidential
But how to provide Secure Connectivity?
![Page 16: BYOD Ate My Network, but My Next Generation ... - Aventri](https://reader034.fdocuments.net/reader034/viewer/2022051114/6277783f32a4c454a93d0bfd/html5/thumbnails/16.jpg)
16 SonicWALL Confidential
Approaches to managing the access problem
• Treat every device as untrusted
• Use SSL VPN for strong authentication and encryption
• Utilizing NGFW to identify traffic and applications
• Ensure every packet of information is scanned without slowing down the network
• Allocating bandwidth based on users and groups
• Look at all end points to ensure that they aren’t being used as hosts for outbound attacks
![Page 17: BYOD Ate My Network, but My Next Generation ... - Aventri](https://reader034.fdocuments.net/reader034/viewer/2022051114/6277783f32a4c454a93d0bfd/html5/thumbnails/17.jpg)
17 SonicWALL Confidential
Use a Reverse Web Proxy
WorkPlace Access: Access to Web-based and client/server applications from virtually any device.
Welcome to the myCompany Remote Access Portal
![Page 18: BYOD Ate My Network, but My Next Generation ... - Aventri](https://reader034.fdocuments.net/reader034/viewer/2022051114/6277783f32a4c454a93d0bfd/html5/thumbnails/18.jpg)
18 SonicWALL Confidential
Establish an SSL VPN Tunnel
iOS Devices
Android Devices
![Page 19: BYOD Ate My Network, but My Next Generation ... - Aventri](https://reader034.fdocuments.net/reader034/viewer/2022051114/6277783f32a4c454a93d0bfd/html5/thumbnails/19.jpg)
19 SonicWALL Confidential
Employ Strong Authentication
![Page 20: BYOD Ate My Network, but My Next Generation ... - Aventri](https://reader034.fdocuments.net/reader034/viewer/2022051114/6277783f32a4c454a93d0bfd/html5/thumbnails/20.jpg)
20 SonicWALL Confidential
Deploy Endpoint Control (EPC)
WorkPlace Access (Clientless Web Access)
Connect Access
(Client-Installed Access)
Traditional Client/Server Applications
File Shares
VoIP Applications
Corporate Network
For Device Identity
Mapped Directory
Windows Domain Membership
Device Watermark/ Certificate
Any Resident File
Device ID
EPC Device Interrogation
And Device Integrity
Anti-Virus
Registry Key
Windows O/S Level
Personal Firewall
Anti-Spyware
Jailbreak or Root Detection
Interrogate by Device Profile
IT Managed
Non-Managed
Windows
Macintosh
Linux
Android
iOS
![Page 21: BYOD Ate My Network, but My Next Generation ... - Aventri](https://reader034.fdocuments.net/reader034/viewer/2022051114/6277783f32a4c454a93d0bfd/html5/thumbnails/21.jpg)
21 SonicWALL Confidential
Enterprise Remote Access
Mobile Connect for iOS & Android
– True native network level security client
– 1 of only 4 companies in world
– Differentiation:
– Policy – In-depth policy control by on device status: EPC
jailbreak detection controls, certificate, UUID, and others
– Security – Gateway anti-virus, intrusion prevention and anti-
spyware on SSL connection
– Control – Application control on mobile SSL connections
Google Play
![Page 22: BYOD Ate My Network, but My Next Generation ... - Aventri](https://reader034.fdocuments.net/reader034/viewer/2022051114/6277783f32a4c454a93d0bfd/html5/thumbnails/22.jpg)
22 SonicWALL Confidential
The Challenge
Screen all applications crossing the
network, even latency-sensitive ones
![Page 23: BYOD Ate My Network, but My Next Generation ... - Aventri](https://reader034.fdocuments.net/reader034/viewer/2022051114/6277783f32a4c454a93d0bfd/html5/thumbnails/23.jpg)
23 SonicWALL Confidential
Scan All Traffic through a Next-Generation Firewall
SonicWALL Aventail Secure Remote
Access
Web Apps
Client/Server Apps
File Shares
Databases
VoIP
Citrix/RDP/VMware View
Applications Directories
Campus Network
LDAP
AD
RADIUS
LDAP
SonicWALL NSA Network
Security Appliance
Protected “Clean”
Traffic
Provides
Identification and
Access Control
Provides Deep
Packet Inspection
Scanning
![Page 24: BYOD Ate My Network, but My Next Generation ... - Aventri](https://reader034.fdocuments.net/reader034/viewer/2022051114/6277783f32a4c454a93d0bfd/html5/thumbnails/24.jpg)
24 SonicWALL Confidential
Next-Generation Firewalls Application Intelligence, Control and Visualization
Application Chaos So many on Port 80
Critical Apps Prioritized Bandwidth
Acceptable Apps Managed Bandwidth
Unacceptable Apps Blocked
Identify By Application
- Not by Port & Protocol
By User/Group
-Not by IP
By Content Inspection
-Not by Filename
Categorize By Application
By Application Category
By Destination
By Content
By User/Group
Users/Groups
Ingress
Control Prioritize Apps by Policy
Manage Apps by Policy
Block Apps by Policy
Detect and Block Malware
Detect & Prevent Intrusion Attempts
Policy
Visualize &
Manage Policy
Cloud-Based
Extra-Firewall
Intelligence
Egress
Malware Blocked
Massively Scalable
Next-Generation
Security Platform
High Performance Multi-Core
Re-Assembly Free
DPI
Visualization
![Page 25: BYOD Ate My Network, but My Next Generation ... - Aventri](https://reader034.fdocuments.net/reader034/viewer/2022051114/6277783f32a4c454a93d0bfd/html5/thumbnails/25.jpg)
25 SonicWALL Confidential
Network Traffic Visualization
Real-time Traffic Breakdown
NetFlix iOS SalesForceDotCom SmashPhone
![Page 26: BYOD Ate My Network, but My Next Generation ... - Aventri](https://reader034.fdocuments.net/reader034/viewer/2022051114/6277783f32a4c454a93d0bfd/html5/thumbnails/26.jpg)
26 SonicWALL Confidential
Identify and Control Applications
Application Library with over 4000 unique Application Uses
Granular Control
Allow Facebook, Block Farmville
Allow Chat, Block File Transfer
- Group/User Based
- Schedule Based
- Exceptions
Bandwidth Shaping
By Application
By User/Group
Scheduled
![Page 27: BYOD Ate My Network, but My Next Generation ... - Aventri](https://reader034.fdocuments.net/reader034/viewer/2022051114/6277783f32a4c454a93d0bfd/html5/thumbnails/27.jpg)
27 SonicWALL Confidential
Mobile Reporting
NetFlow/IPFIX support
- Username, host, host OS and data details
- End to End visibility
Questions answered:
- How much bandwidth are all
these additional devices collectively
using and is it impacting business
critical applications?
- What applications and web sites
are users hitting and what impact
are these distractions having on
productivity and how often?
- What are the security implications
introduced by allowing these devices
onto the net?
Implementing a good BYOD security solution should include reports that allow tracking of who is using what BYOD device and how many of each type of device are on the network
![Page 28: BYOD Ate My Network, but My Next Generation ... - Aventri](https://reader034.fdocuments.net/reader034/viewer/2022051114/6277783f32a4c454a93d0bfd/html5/thumbnails/28.jpg)
28 SonicWALL Confidential
Dell SonicWALL NGFW Portfolio
E10800 E10400 E10200 E10100
NSA E8500 NSA E6500 NSA E5500 NSA E8510
SuperMassive™ E10000 Series
Data centers, ISPs
E-Class NSA Series
Medium to large
organizations
NSA Series
Branch offices and
medium sized organizations
TZ Series
Small and remote
offices
NSA 4500 NSA 3500 NSA 2400 NSA 250M/220
TZ 215 Series TZ 205 Series TZ 105 Series
![Page 29: BYOD Ate My Network, but My Next Generation ... - Aventri](https://reader034.fdocuments.net/reader034/viewer/2022051114/6277783f32a4c454a93d0bfd/html5/thumbnails/29.jpg)
29 SonicWALL Confidential
Market Maturity of SSL-VPN and Next-Generation Firewalls
Independent lab tests validating testing products extensively
Major Magazines conducting shot outs
Renown organizations providing certifications
![Page 30: BYOD Ate My Network, but My Next Generation ... - Aventri](https://reader034.fdocuments.net/reader034/viewer/2022051114/6277783f32a4c454a93d0bfd/html5/thumbnails/30.jpg)
30 SonicWALL Confidential
BYOD doesn’t need to eat your network or break your budget
Adopt either Smart Mobile SSL VPN Strategy
or MDM
Make the move to Next-Generation Firewalls
The result is GREAT access, HIGH Security, Lower Cost, Happy Users