Gateway Security Appliance Combines A/V, A/S, IDP, Firewall
Cyberoam
The Cyberoam series of security appliances provide multiple potential functions at the Internet gateway, including anti-spam, anti-virus, content filtering, firewalling, and VPN connectivity. The devices are typically deployed at the edge of the network, and support deployment as routers or as transparent bridges. Multiple sizes of the device are offered, targeting small to large organizations.
A key feature of the device as touted by the vendor is its identity awareness, facilitated by the device's support for dynamic user-to-IP mapping. User authentication is facilitated by an internal user database, Windows Domain Controller and Active Directory, or LDAP/RADIUS support; and rules can be defined for each of the primary functions based on defined users or groups. Single sign-on is supported.
- SPI firewall, with the ability to define and enforce rules based on user, source/destination zone and IP address, and service. The firewall further includes DoS prevention capabilities and supports NAT.
- IPSec VPN, including support for both tunneling and transport mode, and supporting the native Windows IPSec Client, Cyberoam Secure Client (Windows) and other IPSec VPN clients.
- Intrusion Detection/Prevention, based on the vendor's "two point" processing which includes support for the creation of multiple policies (based on the signature, source and destination), and identification and reporting of individual users.
- Anti-Virus (Kaspersky) including real-time scanning of HTTP, FTP, POP3, SMTP, and IMAP traffic. The Anti-Virus mechanism uses both signature identification and heuristic detection; the signature DB is updated automatically.
- Anti-Spam, including support for RBLs; MIME header checks; filtering based on header, size, sender, or recipient; IP-based black and whitelisting; subject line tagging; and redirection support.
- Web content filtering, with support for URL, keyword, or file type blocking. Policies can include time as a metric, and the platform additionally supports the automatic identification of and policy application to multiple types of traffic beyond HTTP; including IM (AOL, Yahoo, MSN Messenger, Google Talk), P2P, FTP, audio/video, and others.
Other features of the appliance include a spyware blocker (identification of files and blocking connection to known sites); policy-based bandwidth management; and reporting functions that detail traffic metrics and user activities.
The CR series is currently offered in 7 possible models, ranging from the desktop-model 4 (10/100) port CR 25i to the 2U CR 1500i, with 10 10/100/1000 ports and 2 SFP (Mini GBIC) ports. The newest appliance models boast dual and quad-core processors for performance ranging to 3 Gb/sec IPS and 600 Mb/sec of UTM throughput over HTTP. The CR500i boasts a dual core processor; while the CR1000i and CR1500i boast single and dual quad-core processors, respectively
Comprehensive Internet Security System
|
| |
|
Cyberoam’s integrated Security Appliances are purpose-built for comprehensive network protection and high performance needs of small, medium and large enterprises. Cyberoam’s Check Mark Level 5 certified, ICSA firewall certified identity-based Internet Security Appliances offer protection against external as well as internal threats.
|
| |
| Cyberoam offers multi-lingual support with Chinese,Hindi and English languages GUI's, enhancing user experience in some of the largest and fastest growing markets. |
| |
|
Identity-based Security - Patent Pending Technology
|
|
Cyberoam’s unique user identity-based Internet Security Appliances solve today’s need to control individual user behavior to ensure comprehensive threat management. It gives complete visibility into “Who is doing What” in the network and allows policies to be created at the user level based on work profiles. With the finest level of controls and an unprecedented degree of control, flexibility and ease of management, the Cyberoam Internet Security Appliance is a highly effective UTM solution that reduces capital and operating expenses.
|
| |
| Architecture Flexibility |
|
Cyberoam’s architectural flexibility can easily accommodate emerging applications like VoIP through own enhancements and easy third party plug-ins with no architectural changes, keeping enterprises in a state of constant threat-readiness in a rapidly evolving threat scenario. Cyberoam appliances balance performance and security by using technologies like multi core processors, regular expressions co processors and hardware based Advanced Cryptography Engine for accelerating key functions of the UTM appliance.
|
| |
| Cyberoam’s Active-Active High Availability provides efficient, continuous access to business-critical applications, information, and services. Active-Active HA increases overall network performance by sharing the load of processing network traffic between two Cyberoam appliances and providing continued security by eliminating the problem of single point failure. The cluster appears to your network to be a single device, adding increased performance without changing your network configuration. Primary appliance acts as the load balancer and load balances all the TCP communications including TCP communications from Proxies but will not load balance VPN traffic. |
|
|
SOHO
|
- Identity-based Unified Threat Management (UTM) features including Stateful Inspection Firewall, VPN, Gateway Anti-virus and Anti-malware, Gateway Anti-spam, Intrusion Prevention System, Content Filtering, Bandwidth Management and Multiple Link Management for comprehensive network protection from blended attacks.
- Zero-hour malware protection that does not wait for signature release
- Complete ease of management, eliminating the need for technical resource
|
|
|
ROBO :
Remote Office-
Branch Office
|
- Identity-based Unified Threat Management (UTM) security features including Stateful Inspection Firewall, VPN, Gateway Anti-virus and Anti-malware, Gateway Anti-spam, Intrusion Prevention System, Content Filtering, Bandwidth Management and Multiple Link Management for comprehensive network protection from blended attacks.
- Encrypted VPN tunnel for secure communication with branch office
- Identity-based security with visibility into and control over individual user activity at branches
- Zero-hour protection at branch offices with enterprise-wide security policy enforcement
|
|
|
Small and Medium Enterprises
|
- Purpose-built UTM Security Appliances providing comprehensive security and high performance
- Identity-based Unified Threat Management (UTM) security features including Stateful Inspection Firewall, VPN, Gateway Anti-virus and Anti-malware, Gateway Anti-spam, Intrusion Prevention System, Content Filtering, Bandwidth Management and Multiple Link Management for comprehensive network protection from blended attacks and limited capital, operating expense.
- Identity-based visibility and control even in dynamic IP environments like Wi-Fi and DHCP, enabling regulatory compliance
- Dynamic routing, and VLAN, supporting rapid network expansion
- High Availability for business continuity
|
- CR100i
- CR200i
- CR250i
- CR300i
- CR500i
|
|
Large Enterprises
|
- Identity-based security with visibility into and control over individual user activity, for protection against external and internal threats. Also enables regulatory compliance
- Purpose-built Security Appliances providing comprehensive security against network and application-level attacks and high performance
- Multicore architecture delivering high throughput and flexibility for high traffic requirements
- Enterprise-grade security with High Availability, dynamic routing and Virtual LAN capability
- Identity-based Unified Threat Management (UTM) features, including Stateful Inspection Firewall, VPN, Gateway Anti-virus and Anti-malware, Gateway Anti-spam, Intrusion Prevention System, Content Filtering, Bandwidth Management and Multiple Link Management for comprehensive network protection from blended attacks
- Encrypted tunnel for secure communication with remote locations
- Centralized security control onver remote offices
|
|
|
