1) A apresentação discute a WatchGuard, uma empresa líder em soluções de segurança de rede.
2) É destacado o portfólio de produtos da WatchGuard, incluindo firewalls, soluções UTM, relatórios e gerenciamento centralizado.
3) A parceria entre a WatchGuard e a DAFTI é apresentada, com foco na oferta de consultoria, implantação, suporte e treinamento em soluções de segurança.
3. Agenda
• Sobre a WatchGuard
• Brasil
• Solução Líder
• Soluções
• Best-in-class
• Virtual
• Arquitetura Proxy
• RapidDeploy
• Relatórios e Compliance
• Principais Pontos Fortes
• Novidades
• Concorrência
• Clientes
• Parceiro
4. WatchGuard Hoje!
Accolades
> Fundada em 1996 – empresa privada
2012
> Pioneira com Firewall em appliance
> HQ em Seattle, WA, +500 funcionários WW
> 1,000,000+ appliances
> 100% via canal – 15,000 parceiros em
120 países
1996 1999 2003 2006 2010 2011-2012
First to Launch RED,
Pioneered New product NGFW,
Went public incorporate UTM Taken private
first security architecture, code XTM 2 Series, 3
In July capabilities in a in October
appliance rewrite complete Serie, 5 Series,
single appliance
XTMv and XCSv
4
9. Anti URL Anti APP
IPS
Virus Filtering Spam Control
XTM
In-house In-house In-house In-house In-house
In-house
In-house In-house In-house In-house
In-house In-house In-house
In-house
In-house In-house In-house
9
10.
11. O Valor de uma Arquitetura Proxy-based
Stateful Inspection WatchGuard full Proxy Architecture
11
12. Atualmente como Líder de Mercado em
Gerenciabilidade
Competitor Value Comparison
Total UTM Market: Global, 2010
Gartner UTM Magic Quadrant:
“A balance between ease of use and
strong security is consistently cited
as a reason why clients choose
WatchGuard.”
(N=43) Source: Frost & Sullivan Analysis
12
13. Drag And Drop VPN Configuration
One touch updates for:
> Appliance Configurations
> Firmware Updates
> Subscription Licensing Updates
Drag-and-Drop VPN connects
offices securely in three clicks!
WatchGuard System Manager
Centralized Management Tools
13
15. Fireware XTM: Aproveitando ao Máximo sua
Rede QoS and Traffic Shaping
• High-priority traffic gets bandwidth
• Low-priority traffic gets available bandwidth
Multi-WAN Support
• Up to 4 WAN connections supported
• Traffic can use multiple WAN connections simultaneously or on a
failover
VPN Failover
• Mission-critical VPN traffic keeps flowing if a remote site becomes
unavailable
• Traffic automatically fails-over to another gateway
IPv6 Readiness
• IPv6 Ready Gold Logo validates IPv6 routing
• All XTM appliances will support IPv6
17. RapidDeploy
Para deployments de grandes quantidades
de caixas sob o gerenciamento
• Large MSSP
• Retail Chain
Entrega em localidades com pouco ou
nenhum pessoal especializado
• A caixa conectada receberá suas configurações
básicas
• A caixa alertará o management server que está Disponível agora no Fireware XTM 11.6.3
pronta para ser gerenciada
17
18. Rapid Deployment: Setup
Todos os appliances
registrados
Ordem de compra
recebida para
50 appliances
Lista de 50 Serial Numbers em .csv
Friendly name e Management IP
WatchGuard
warehouse 50 appliances
WatchGuard
Partner
warehouse IT Person (Partner)
Lista de 50
serial numbers
18
20. Visibilidade e Relatórios
Compliance
Dashboard
Os appliances WatchGuard UTM
incluem mais de 65 relatórios pré-
definidos
Incluem relatórios de compliance
especificamente para targets de PCI
20
22. Protegendo Seu Mundo Virtual
VIRTUAL VIRTUAL
INFRASTRUCTURE INFRASTRUCTURE
WatchGuard XTMv WatchGuard XCSv
Network Security for Content Security for
Virtualized infrastructure Virtualized infrastructure
23. Novos Appliances XTM
• XTM 850 • XTM 860 • XTM 870 • XTM 870-F
• 8 Gbps Firewall • 11 Gbps Firewall • 14 Gbps Firewall • 14 Gbps Firewall
• 3.0 Gbps UTM • 4.0 Gbps UTM • 5.7 Gbps UTM • 5.7 Gbps UTM
• 40,000 conn/sec • 50,000 conn/sec • 60,000 conn/sec • 60,000 conn/sec
• 14 x 1 G copper • 14 x 1 G copper • 14 x 1 G copper • 6 x 1 G copper
• 8 x 1 G fiber
• XTM 1520 • XTM 1525 • XTM 2520
• 14 Gbps Firewall • 25 Gbps Firewall • 35 Gbps Firewall
• 6.7 Gbps UTM • 6.7 Gbps UTM • Up to 10 Gbps UTM
• 14 x 1 G copper • 6 x 1 G copper • 12 x 1 G copper
• 4 x 10 G fiber • 4 x 10 G fiber
24. Novos Appliances Wireless Access Points
AP100 AP200
Number of Radios 1 2
Available Bands 2.4 GHz or 5 GHz 2.4 GHz or 5 GHz
(per radio)
SSID 8 16
Max Throughput 300 Mbps 600 Mbps
Antenna/Streams 2x2 MIMO (internal antennae)
Plenum Enclosure No Yes
(fire resistance)
Encryption/Authentication WEP, WPA-PSK, WPA2-PSK, WPA-PSK Mixed, WPA2-
Enterprise 802.1x, TKIP, AES
Power A/C adapter (included)
PoE adapter (sold separately)
25. Como Trabalham
WatchGuard System
Manager (WSM) AP
Firewall AP
VPN
Wireless Controller
UTM Services Switch
• Segurança UTM extendida para o AP
tráfego WLAN
• Os Access Points são gerenciados com
as mesmas ferramentas que o XTM
AP AP
• Configuração e monitoramento
centralizados
28. – Não APENAS firewall, mas sim UTM performance
– GRANDE PERFORMANCE quando habitada as features de segurança
– Utilizar o MELHOR de cada Categoria
– Gerenciamento centralizado – SEM CUSTOS ADICIONAIS!!!
– Mais de 65 relatórios prontos – SEM CUSTOS ADICIONAIS!!!
– Monitoramento real-time – SEM CUSTOS ADICIONAIS!!!
– Aderente PCI DSS
39. Um novo jeito em TI
DAFTI é uma empresa de Tecnologia e Engenharia integrada, oferecendo soluções
de Segurança, Governança e Infraestrutura de TI.
Equipe altamente qualificada e certificada WatchGuard.
Consultoria / Auditoria / Análise de Vulnerabilidade
Implantação de Soluções (Hardware/Software)
Suporte Pré e Pós-Vendas /
Treinamento e Certificação (TI)
Central de Atendimento - suporte.dafti.net
/
contato@dafti.net / (11) 4329-9805 / 9806
[SPEAKER NOTES]:Good [morning] everyone, and thank you for joining today’s talk, which will cover some of the advantages and challenges with the relatively new BYOD—or bring your own device—trend.My name is [NAME], and I’m the [TITLE] for WatchGuard. [continue basic role description].Today I’m going to talk about BYOD. Does I think it means bring your own device, or bring your own danger? The problem is, BYOD can represent both side of that coin; As you’ll learn today, it offers an innovative new work paradigms that can provide business benefits; yet it also introduces significant new risks, which can be challenging for IT organizations to manage. But, before we go too far talking about these benefits and risk, let’s discuss the market drivers behind the BYOD phenomenon. [NEXT SLIDE][ORIGINAL NOTES]:Welcome statement, introduction of speaker and role at WatchGuard TechnologiesToday’s topic is BYODBYOD – does it stand for Bring Your Own Device or Bring Your Own Danger?The problem is that BYOD can really represent bothThere are benefits as well as risks that go along with BYODWe’re going to discuss today the problems associated with BYOD, the alternatives to BYOD and solutions to address BYODBut, before we go too far, let’s discuss the market drivers behind the BYOD phenomenon.
Point of Slide: An overview of our Best-in-Class strategy, and why it’s better than doing it all ourselves.WatchGuard’s XTM appliances are multipurpose security appliances that combine many security controls into one easy to manage package – the [CLICK] Swiss Army Knife, if you will, of security products.However, there is one potential problem when combining many security services into one easy to use appliance…. [CLICK]Do you know anyone who is the best at everything? I sure don’t. Most people can get very good at one or two things, but no one can become the best at everything.At WatchGuard, we believe this concept carries over to the security industry; no one vendor can provide the best of every single security service. That is why, unlike our competitors we have strategically chosen to partner with best in class security vendors in order to provide our customers with the industry’s best multi-layered security services. [Next Slide]
Packet filter and Stateful firewalls are like the security guard on the left. They watch packets cross the wire, on the alert for any suspicious behavior. As soon as they notice someone behaving badly, they catch them and throw them out. But of course, by then the damage is done. Granted they may keep the threat from doing any more damage, but someone inside the firewall is already infected. WatchGuard’s powerful Proxy-based architecture is more like the modern airport scanners on the right. We intercept every packet and check it carefully before allowing it into the corporate environment. This way, we know we can keep out any misbehaving code. Of course the challenge is to make sure we can do packet reassembly and inspection on every packet without slowing down the flow. Our relentless focus on proxy-based performance allows us to provide maximum security with minimum performance impact.
When it’s time to show your customers what happened yesterday or last week or last year, you’ll want to dig into our reports—and especially the new reporting front end in 11.5.1. As you may know, the other guys all make you pay extra for this vital component of your MSS business, but at WatchGuard, we see reporting as one “tense” of a continuous policy that spans past, present, and future. It’s part of the package. So is our centralized logging and our multibox management.
Point of Slide: There is more to the story than pure security Additional Info:A WatchGuard XTM device is about more than simply security. XTM Traffic Management and Traffic Failover features help solve bandwidth contention problems, and keep data flowing. Firmware XTM delivers networking flexibility for easy implementation, consolidation and maximum uptime. Businesses invest heavily in their Internet connectivity, but often available capacity is wasted by non-productive, bandwidth-hungry activities. Businesses sometimes go “off the air” because of ISP failures. Any, or all, of these can get in the way of the business’s main reason(s) for existence. WatchGuard’s set of traffic management and failover functions helps to ensure that a business gets the absolute best performance out of its Internet connectivity. Competing products don’t have the breadth of traffic management and failover features that WatchGuard offers.WatchGuard Firmware also “Plays well with others”
[SPEAKER NOTES]:But unfortunately BYOD is not all sunshine and roses, I’m afraid. Along with its innovations, BYOD is dragging a few new challenges and risks into an IT administrators life. [NEXT SLIDE]
Remember that firewall appliances need to be proactively managed. you need to keep your systems updated regularly. You cannot just leave it and forget it. You need ongoing proactive management and update of your systems. Q: What is the benefit for businesses?A: Enterprise security teams, MSSPs or organizations can simply ship the firewall appliance directly to its destination without having to pre-configure each device at a central location and travel to the customer site for deployment. Configuration data is stored in the cloud and downloaded directly to the appliance when it is plugged in by the end-user. This capability significantly lowers TCO for WatchGuard network security appliances, helping customers achieve ROI quickly.Q: How will this reduce the total cost of ownership?A: We anticipate that a WatchGuard UTM appliance that can configure itself will significantly cut TCO for distributed enterprises. This capability provides the highest level of security and manageability while saving customers time and money by using a simple hands-free, RapidDeploy configuration process. Traditionally, network security appliances were shipped to a central location, where each device was configured manually by IT staff. Deploying the configured appliance at a customer site or branch office usually required the onsite services of an expert technician. With this new capability, it is not necessary to actually touch the appliance in order to configure it, thus significantly reducing shipping, labor and travel costs.
All WatchGuard UTM appliances include over 65 predefined reports at no extra charge, including a set of Compliance reports specifically targeted for PCI. One convenient dashboard provides the visual overview of the areas that matter most for PCI compliance. This data can also get generated in one convenient report.
All WatchGuard UTM appliances include over 65 predefined reports at no extra charge, including a set of Compliance reports specifically targeted for PCI. One convenient dashboard provides the visual overview of the areas that matter most for PCI compliance. This data can also get generated in one convenient report.
WatchGuard’s solution to the new landscape of IT is to deliver our best-in-class best-value security solutions in a form that makes them perfect for virtualization: our next-generation firewall and extensible threat management, XTM, and our email and web content security, XCS, packaged as ready-to-deploy virtual appliances – XTMv and XCSv. By installing the virtual appliances directly into the infrastructure, they can not only address the new challenges, but address use cases beyond what a physical device can do.
[SPEAKER NOTES]:But unfortunately BYOD is not all sunshine and roses, I’m afraid. Along with its innovations, BYOD is dragging a few new challenges and risks into an IT administrators life. [NEXT SLIDE]
WatchGuard places emphasis on making our firewalls easy to setup - securely!Even in managed environments with 100s of remote locations connecting. Along with UTM, these features really distinguish us from cheap, off the shelf solutions. Let’s look at some of our recent innovations.
We should have some questions seeded for the webinar:Are MPLS lines considered private by PCI-DSS?In general, MPLS networks are considered “private” networks and do not require encryption. This, however, is dependent upon the specific provider and/or configuration. If the IP addresses are public and the MPLS network provides exposure to the Internet either through the LSR or other device (if the edge router has an Internet port) then it should be reviewed carefully as it is likely considered “untrusted”. The QSA should review the implementation and determine whether the IP addresses are public such that the MPLS network provides exposure to the Internet, before concluding that the MPLS network is considered private. If the QSA cannot gain that assurance, then the whole network should be in scope. Are there extra charges for WatchGuard central management? What is PA-DSS? I’ve heard that acronym too. What is an Acquirer?Even though the PCI SSC managed the PCI DSS, any fines levied for non-compliance are done so by the card associations, not by the security council. The card associations usually fine the acquirer under which the non-compliant merchant processes transactions. The acquirer then passes the fine onto the merchant, ISO or third-party. However, a merchant can be fined or terminated directly by the card association.Are there extra costs or charges for the WatchGuard reporting solution?
[SPEAKER NOTES]:Good [morning] everyone, and thank you for joining today’s talk, which will cover some of the advantages and challenges with the relatively new BYOD—or bring your own device—trend.My name is [NAME], and I’m the [TITLE] for WatchGuard. [continue basic role description].Today I’m going to talk about BYOD. Does I think it means bring your own device, or bring your own danger? The problem is, BYOD can represent both side of that coin; As you’ll learn today, it offers an innovative new work paradigms that can provide business benefits; yet it also introduces significant new risks, which can be challenging for IT organizations to manage. But, before we go too far talking about these benefits and risk, let’s discuss the market drivers behind the BYOD phenomenon. [NEXT SLIDE][ORIGINAL NOTES]:Welcome statement, introduction of speaker and role at WatchGuard TechnologiesToday’s topic is BYODBYOD – does it stand for Bring Your Own Device or Bring Your Own Danger?The problem is that BYOD can really represent bothThere are benefits as well as risks that go along with BYODWe’re going to discuss today the problems associated with BYOD, the alternatives to BYOD and solutions to address BYODBut, before we go too far, let’s discuss the market drivers behind the BYOD phenomenon.