Cyberoam - Unified Threat Management Cyberoam Endpoint Data Protection Cyberoam © Copyright 2010...

Cyberoam - Unified Threat ManagementCyberoam Endpoint Data ProtectionCyberoam

© Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved.

Cyberoam - Endpoint Data Protection



Agenda of Presentation

• EPDP Components

• Licensing

• Product Walk-Thru



Cyberoam - Endpoint Data Protection



EPDP Components

o EPDP Server

HDD capacity requirement formula

– Avg. log size : 5MB/User (8 hours)– Example: Logging enabled for 400 users for 2 weeks(400u*5MB)*14days=28GB minimum

reserved free HDD space.

Recommended Hardware Pentium IV 2GHZ/512MB Memory/50GB HDD space

Database SQL Server 2000 SP4 or above / SQL Server 2005 SP1 or above MSDE SP4 / SQL Server 2005 Express

OS Win2000 SP4/XP SP2/2003 SP1/Vista & Win 7 (32-bit)



EPDP Components (cont..)

o EPDP Console

o EPDP Agent

Recommended Hardware

Pentium III 1GHZ/256MB Memory/4 GB HDD space

Database NA

OS Win2000 SP4/XP/2003/2008/Vista & Win 7 (32-bit)

Recommended Hardware

Pentium III 500 MHZ/128MB Memory/1 GB HDD space

Database NA

OS Win 2000/XP/2003/2008/Vista & Win 7 (32-bit)



1. Device Management

o Access policy for storage devices, communication devices, dialup connection, USB device, network devices etc.

2. Application Control

o Application access policy for virtually any application residing on a user’s machine.

3. Asset Management

o Inventory management.o Patch management.o Vulnerability management.o Remote software deployment.

Licensing Modules



4. Data Protection & Encryption

o Document Control.o Encryption over Removable Devices.o Email Control.o IM Control.o Printer Control.o Shadow Copy.

Note: Pricing is based on per user licensing.

Licensing Modules (cont..)



Agent Installation methods

Direct Installation Manual installation of agent using “agent install generator”.

Remote Installer Push agents on user’s machine using inbuilt remote installer utility. Admin access to the machine required.

Logon Script Implementation

Push agents from domain controller using login scripts.



Product Walk-Through



Console Login & Dashboard



Role based administration



Computer/User level policies

Computer level policies are applicable to all users logging in from the computer.

o Cyberoam EPDP scans all the user logins once a computer is visible in the console.

o All the users will then be visible in the ‘Users’ tab.

o Admin can assign different policies for each user logging in from the same machine.

o Some features are not available in user based policies.



• Logging is enabled by default for everyone.

Default Policy



Sample Events Log

Logging of basic events along with time stamps

o system startup/shutdown o login/logoffo dialupso patches appliedo software deployed.

Application logs showing application name, start/stop time along with time stamps.



Logging of shared resources accessed on the computer by other users/computers.

Logs creating, accessing, modifying, renaming, copying, moving, deleting, restoring, uploading of documents over fixed disk, floppy disk, CD-ROM, removable & network disks.

Sample Events Log (cont..)



Logs showing all documents, images printed along with the printer used (i.e. local, network, shared or virtual) & the time stamp.


Logging of removable storage plugged in/out on the computer




Hardware & Software change log.



Audit Log

Cyberoam EPDP records the policy changes made at the computer/user level, group level or at the network level.



Monitoring Logs (Instant Message)

Logs chat conversations of various messengers like Yahoo, MSN, ICQ, QQ, Skype etc.

Instant Messaging (IM) Logs

• Chat conversation logs

• File upload, download

• Search on

Content of chat conversation

UserId/Nickname



Monitoring Logs (Emails)

Logs incoming/outgoing SMTP, POP3, Exchange emails & outgoing Lotus, Webmail emails.

Email logs

• Email content, attachment

• Protocols: SMTP/POP3

•Applications – Exchange, Lotus Notes

• Webmail – Hotmail, Yahoo Mail

•Search email by

Application, sender/recipient

Subject & Attachment – File name, extension, size



Basic Policy

1. BasicThe administrator can regulate the computer operation rights of a user. It helps restrict the end user

not to easily change the system settings preventing them from performing malicious activity.



Basic Policy

2. Device control policyAllows the administrator to block storage, communication, dial in, USB & network level devices.



Basic Policy

3. Application control policyAllows the administrator to limit the use of unwanted applications.

Application grouping: Tools Classes Management Applications



Advanced Policy

1. Email PolicyEmail policy prevents data leaked via emails. It can control outgoing emails based on sender,

recipient, subject line, attachment type, size etc.



Advanced Policy

2. IM FileIM policy is used to control the communications over instant messengers. The administrator can

monitor/control files transferred via IM preventing data leakage through IM channels.



2. IM File (cont..)Monitoring files by taking a backup of the files tranfferred over IM



Advanced Policy

3. Printing PolicyPrinting policy is used to control the use of different kinds of printers such as local, shared, network

and virtual printers to prevent information leakage.

Printing policy to block access to all printersPrinting policy to allow access to network printer only.

Enable ‘Record Mode’ to log the image or doc that is being printed.

All recorded images can be viewed from Event Logs Printing



Advanced Policy

4. Removable storage policyTo prevent information leakage through removable devices, System administrator can apply

removable-storage policy and assign different rights to removable storages. Also, the files can be encrypted when writing to the removable storages, only authorized agents can decrypt the files.

Removable storage grouping: Tools Classes Management Applications



Advanced Policy

4. Removable storage policy (Encryption)The files can be encrypted when writing to the removable storages, only authorized agents can

decrypt the files.

Contents of the original file to be copied to the USBContents of the encrypted file when opened from the USB



Advanced Policy

4. Removable storage policy (Disk Encryption)To prevent data leakage through removable storage, one can encrypt the entire USB disk. Thereafter,

any files copied to the USB would be encrypted. Only authorized agents with ‘decrypt when reading’ rights would be able to view the original content.

Removable storage grouping: Tools Classes Management Removable StorageFor Disk Encryption plug the USB on the Cyberoam EPDP Server



Asset Management

1. Asset ManagementCyberoam’s Asset Management module for Windows enables organizations to simplify tracking of their hardware and software asset location, configuration, version tracking, and historical information, allowing streamlined IT infrastructure management.



Asset Management

2. Patch Management End Point Data Protection Solution frequently checks for Windows operating system patches. It automatically downloads, distributes, and installs the patches if one is found, to the machines on which the agents are installed.



Asset Management

3. Vulnerability ManagementVulnerability check function automatically scans the internal network computers and process analysis to help System administrator to check and trace the vulnerability problems. Follow the resulting suggestion to take timely response measures to enhance the security of all internal computers.



Asset Management

4. Deployment ManagementSystem administrator can install software, run an application, and deploy files to agent through Endpoint Data Protection console. Software can be installed to the agent by simply creating a deploy task.



Thank You

Contact us on [email protected]

Thank You

Cyberoam - Unified Threat Management Cyberoam Endpoint Data Protection Cyberoam © Copyright 2010...

Documents

Transcript of Cyberoam - Unified Threat Management Cyberoam Endpoint Data Protection Cyberoam © Copyright 2010...