Security Management Portal

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour 35 minutes
Difficulty
Intermediate
CEU/CPE
2
Video Transcription
00:00
>> [MUSIC] This module covers SMP,
00:00
the security management portal.
00:00
SMP Cloud-Based Management is
00:00
a single platform to manage multiple customers.
00:00
Can be monitored by the network operation center,
00:00
easy, powerful, and intuitive.
00:00
There's a web interface to work with.
00:00
Also, we can reduce
00:00
operational and maintenance cost which
00:00
Zero Touch Deployment and schedule recording.
00:00
It's a very robust architecture,
00:00
it's capable of managing up to
00:00
30,000 gateways in a single setup.
00:00
With SMP, management becomes simple,
00:00
cloud-based interface that allows access
00:00
from anywhere, provides unified management,
00:00
monitoring and analysis,
00:00
simplified group-based
00:00
security provisioning using plans,
00:00
so multiple customers can be
00:00
assigned to a particular plan.
00:00
Different features on the device
00:00
can be enabled pair plan,
00:00
providing a single platform to
00:00
>> manage multiple customers.
00:00
>> Extensive logging, reporting and
00:00
monitoring capabilities are built into the product.
00:00
Really designed well for
00:00
help desk and support center environments
00:00
to manage large,
00:00
huge numbers of gateways.
00:00
This is very granular, role-based administration,
00:00
so your administrator has
00:00
enough different permission levels based on your needs.
00:00
We support multi-domain administration and there
00:00
is easy deployment with Zero Touch provisioning.
00:00
There is a separate knowledge-based solution for
00:00
SMP, it's sk110216.
00:00
The SMP domain, also
00:00
called Service domain or Portal Name,
00:00
that would be the top line.
00:00
Here, the SMP plans
00:00
will be similar to the earlier version,
00:00
LSM profile, which was
00:00
>> a wired scale management profile.
00:00
>> SMP uses plans to manage
00:00
those gateways and share
00:00
the same features or security settings.
00:00
If you were to deploy a device that
00:00
maybe have VPN enabled the but other device didn't,
00:00
you can have those on separate plans.
00:00
Each gateway gets assigned to a plan.
00:00
The gateway uses the plan settings by default.
00:00
However, each service blade
00:00
setting can be unlocked from the plan and
00:00
manage on the gateway locally or
00:00
via the security management portal.
00:00
There is an activation key that's similar to SIC,
00:00
that allows the gateway to connect to the SMP.
00:00
There are three different ways to do that.
00:00
SMP address and DNS.
00:00
The gateway name and service domain,
00:00
that's the quickest and easiest method to do.
00:00
Also, there is a registration option which first
00:00
auto-generated and then can set by the owner.
00:00
The SMP user-interface.
00:00
We have an overview that shows
00:00
you the gateways that are connected,
00:00
the number of plans that we have,
00:00
the users that are logged into
00:00
the Management Portal and more.
00:00
We also can generate reports on that.
00:00
The screenshot on the right here is
00:00
an example of one of those reports.
00:00
We also have a map and this will allow you
00:00
to see where your SMP appliances are deployed in.
00:00
If you have multiple SMP appliances in the area,
00:00
those will show up with the
00:00
>> number associated with them.
00:00
>> All configured Gateways within the domain
00:00
into current status will show up here as well.
00:00
Plans, each plan
00:00
can be configured with different blades.
00:00
Moving gateways involved to
00:00
another plan is very easy to achieve.
00:00
You can see we have some examples
00:00
>> of the different plans
00:00
>> here and what they include and
00:00
which blades are enabled on each plan.
00:00
The gateway status, each setting
00:00
blade or service can be managed on plan level,
00:00
gateway level or locally,
00:00
and so this shows you
00:00
the security software blades that are enabled.
00:00
We can also generate command CLI.
00:00
Command scripts can be added to
00:00
a plan or at the gateway level.
00:00
It's also very easy to add new users.
00:00
We can just go ahead to users, new,
00:00
add the user, provide the user ID, name, e-mail,
00:00
select a role password,
00:00
and to select whether you want to
00:00
enable or disable two-step authentication,
00:00
we'll get to that later on.
00:00
New users with different permissions based on
00:00
their defined role can easily
00:00
be added allowing them to have different role,
00:00
so with inside of a service domain,
00:00
you can have multiple users and permission levels.
00:00
We can have externally managed gateway in
00:00
VPN communities option for full mesh community.
00:00
We support permanent tunnels
00:00
and different encryption methods.
00:00
Membership from the VPN can be managed on
00:00
the community plan or a gateway level.
00:00
We also support nested communities or VPN hierarchy,
00:00
full mesh and star
00:00
communities are supported with this as well.
00:00
We have the ability to block
00:00
undesired applications from the predefined list
00:00
in the application control URL filtering that
00:00
can be deployed over the entire environment.
00:00
SSL exceptions, we can manage the exceptions and bypass
00:00
rules on a global level for
00:00
all of the gateways that you manage.
00:00
We can manage exceptions and bypass rules
00:00
define which SSL log will be generated,
00:00
select other inspection bypass applications
00:00
and add custom bypass rules via CLI.
00:00
We can do firmware upgrades
00:00
or remote schedule femur operates.
00:00
We can define per gateway the target release,
00:00
the number of stages,
00:00
percentage of duration between each stage.
00:00
This ensures the firmware upgrades run smoothly.
00:00
You can see some examples here that the 700 and 1,400
00:00
appliances have our 7720 host accumulator.
00:00
The fifteen hundred and 1,500R appliances
00:00
have the RAD 20 version.
00:00
E-mail notifications.
00:00
If we activate e-mail notification service via SMP,
00:00
we can supply the following services,
00:00
periodic reports, firmware upgrades,
00:00
dynamic DNS, and send Cloud notifications.
00:00
We can select which notifications are going to be sent,
00:00
like security incidents,
00:00
networking events, operational events.
00:00
We can select the recipients
00:00
that will be receiving notifications,
00:00
put their e-mail address in the box here,
00:00
which semicolon separating them.
00:00
Receiving e-mail notifications would look like this.
00:00
The device reconnects to your network,
00:00
last seen seven days ago.
00:00
Security operations center cyber views.
00:00
We can see the attack trends, mail protections,
00:00
a map view of the attacks,
00:00
where they're coming from,
00:00
the events timeline, very interesting.
00:00
This allows us to track
00:00
security incidents, infected hosts,
00:00
trends and more in cyber view now embedded in the SMP.
00:00
With the cyber views we can
00:00
>> go to the infected hosts tab.
00:00
>> It's going to show us the number
00:00
of hosts that are infected,
00:00
the command and control connections,
00:00
gateways that reported infected hosts.
00:00
If you click on any of the widgets,
00:00
it will give you the detailed information
00:00
on that specific entry.
00:00
The detected attacks view,
00:00
we can see the number of users
00:00
receiving malicious e-mails, hosts,
00:00
downloaded malicious files,
00:00
host access malicious websites,
00:00
all of those are summarized right here.
00:00
[MUSIC]
00:00
>> [MUSIC] Two step authentication.
00:00
We can use multi-factor authentication
00:00
or two factor authentication.
00:00
We can have that activated on the service domain level.
00:00
Once we have the QR code,
00:00
we can scan with
00:00
Google Authenticator or mobile app to register and
00:00
the user will receive the two step authentication email
00:00
for the SMP.
00:00
Upon logging into the SMP,
00:00
you will add your admin credentials followed by
00:00
the onetime code from the app.
00:00
Unified threat prevention for the 1500 series only.
00:00
We have this applicable for the antivirus, anti-bot,
00:00
IPS and threat emulation,
00:00
configurable policies, tracking options,
00:00
to log, alert, or none.
00:00
We can set up the unified
00:00
>> threat prevention policy again,
00:00
>> only on the 1500 series appliances.
00:00
The gateway logs.
00:00
We have our source,
00:00
source port, destination,
00:00
interface, security blade the traffic went through on,
00:00
which policy gateway rule,
00:00
all of that shows up on the smart view
00:00
logs when we click on one of the entries.
00:00
The detailed outputs is here on the right
00:00
for the entry that is highlighted and selected.
00:00
We can see all the information we need
00:00
about this specific connection.
00:00
SMP Cloud services allow you
00:00
to review the functionalities,
00:00
services monitoring, reporting, alerting,
00:00
cyber views all of that.
00:00
In the additional materials,
00:00
there'll be a link that you can try out
00:00
this SMP portal to take a look at it for yourself.
00:00
Pro active notifications, we can configure
00:00
notifications at the server domain level,
00:00
showed you this earlier in another slide.
00:00
The security incidents, networking events,
00:00
operational events, you can get all
00:00
of this information sent to you.
00:00
Gateway reporting. We can configure
00:00
reports based on your needs.
00:00
We also can customize the logo if you would like.
00:00
We have a classic report that
00:00
gets generated by the gateway,
00:00
extended report, it is going based on log analysis.
00:00
You can determine what's in your report,
00:00
what language is going to be
00:00
on and the desired time zone.
00:00
Then how often are we going to send the reports?
00:00
Daily, weekly, or monthly?
00:00
Security management portal has custom alerting enabled
00:00
so we can configure to which
00:00
alerts meet your requirements.
00:00
There are Cloud reporting on service domain,
00:00
gateway, or plan,
00:00
we can generate reports based on that.
00:00
The SMP Cloud services retry mechanism.
00:00
After the first failure,
00:00
gateways are going to wait for two minutes.
00:00
After the second failure,
00:00
the gateway will wait for four minutes,
00:00
then eight, and then 16 minutes on the fourth attempt.
00:00
Then it's going to try and activate
00:00
the Cloud services automatically every
00:00
16 minutes until
00:00
Cloud services are successfully activated.
00:00
The active ports for the SMP,
00:00
from the gateways to the SMP,
00:00
the incoming ports, they're all listed here.
00:00
The outgoing ports from the SMP through gateway are
00:00
listed down here also and
00:00
what their function is all about.
00:00
This is an example of
00:00
the security management portal network configuration
00:00
where we would have a customer with a particular plan,
00:00
another customer would have a different plan,
00:00
self provisioning through the API.
00:00
We also have Zero Touch API
00:00
for deployment in the gateways.
00:00
The SMP service provider will
00:00
determine what blades are going to be enabled,
00:00
how long is it going to work with their management?
00:00
That will be detailed in the service domain,
00:00
the SMP management interface,
00:00
service providers, security operations center,
00:00
and then the back-end LDAP directory.
00:00
This is a live SMP,
00:00
this is a live security management portal environment.
00:00
It's a demo environment,
00:00
but still let's go ahead and log
00:00
in and see all of the features that
00:00
we saw in screenshots now in live.
00:00
This is the overview page.
00:00
We can see how many devices are currently connected,
00:00
how many devices are currently not connected,
00:00
disabled and so on.
00:00
How many plans we have,
00:00
how many users are currently logged in.
00:00
If I go ahead to sessions,
00:00
I can see the actual users
00:00
>> that are currently logged in.
00:00
>> Currently just me.
00:00
Hey, this is me, say hi.
00:00
The application and the source IP that I'm using.
00:00
Here we have the plans.
00:00
We have the basic plan, the default plan,
00:00
gold plan, initial,
00:00
and finally the premium plan.
00:00
You can see that each plan is slightly different in
00:00
terms of the different blades that are
00:00
enabled or disabled on each of them.
00:00
We can deploy these plans for different gateways,
00:00
move the gateway in between
00:00
the plans, it's really flexible.
00:00
This is the map option.
00:00
It's going to show you where
00:00
are the gateways you deployed,
00:00
what's connected, what's disconnected,
00:00
and we can select a gateway
00:00
and get some more information.
00:00
If I'll take this one, for example,
00:00
I can see the name, status,
00:00
IP address, description,
00:00
and of course, a live address,
00:00
which is quite nice.
00:00
The Gateways tab, these are
00:00
the different gateways that we have set up.
00:00
If we click on one of the gateways,
00:00
it will give us additional information about that.
00:00
For example, I can see the location,
00:00
who the owner is, status,
00:00
log associated with this gateway,
00:00
the different services that are enabled,
00:00
VPN, CLI scripts that are
00:00
set from that gateway, and more.
00:00
You can expand it and see a lot more information.
00:00
Here, we can see the users that we have defined on
00:00
this demo environment, communities for VPN.
00:00
Right now we don't have any and the service domain.
00:00
We can take a look at the logging,
00:00
DNS information, any custom fields,
00:00
the mail for the alerts,
00:00
few more bills that we have available, certificates,
00:00
any notifications for gateways,
00:00
reports, user, summary messages,
00:00
all of those are listed right here.
00:00
Sending up custom alerts.
00:00
We can go here and set up
00:00
a new custom alert if we want to, it's very easy.
00:00
Two factor authentication, API
00:00
access, readiness for authentication.
00:00
All of that can be configured right here.
00:00
Here we have the different roles
00:00
>> from the administrators.
00:00
>> We can take a look and see superuser, for example,
00:00
that can view and modify
00:00
any object in the service domain.
00:00
Here under logs, we have the gateway logs.
00:00
It will let us see the logs
00:00
from all the different ways that we manage.
00:00
I can go ahead and open one of the entries.
00:00
I can see the origin of this log,
00:00
I can see traffic information, source,
00:00
destination, service that was being used,
00:00
the source port and a lot more information.
00:00
The system logs view allows us
00:00
to get information about the actual system.
00:00
For example, I can see all of my sessions logging in.
00:00
In this case, I only have read-only access,
00:00
but if I make changes,
00:00
I could have seen those appear here as well.
00:00
Here I have the activity logs.
00:00
If will go to cyber views,
00:00
so under infected hosts.
00:00
Currently it's a demo setup,
00:00
so everything is cleaned.
00:00
But of course, if you will have an infected device,
00:00
you will be able to see it here, the prevented attacks.
00:00
Once again, for now it's all clean and nice.
00:00
But if you will have
00:00
any attacks that were successfully prevented,
00:00
you'll be able to get
00:00
any information here, detected attacks.
00:00
Once again, you'll have all of
00:00
that information right here.
00:00
Finally, the attack trends.
00:00
You have a nice timeline here,
00:00
so we can have really great insights about
00:00
what's going on in your organization.
00:00
This concludes the SMP session.
00:00
Thank you. [MUSIC]
Up Next