Cyberoam Unified Threat Management UTM, UTM appliance | Frequently Asked Questions

No. Cyberoam UTM has an OEM agreement with Kaspersky Labs and it uses Kaspersky's Gateway Anti-Virus. It is one of industry's best gateway anti-virus solutions and used by many other leading security appliance manufacturers.

Kaspersky leads the market for:
1. Best virus detection rate.
2. Shortest response time to new threats.
3. Highest number of Anti-Virus signature update frequencies.
Additionally, Kaspersky supports the widest range of file formats and mail systems, having one of the largest knowledge resources in the industry too.

Cyberoam provides proactive protection against new e-mail borne virus outbreaks, hours before the signatures are released. It has introduced proactive virus detection technology which detects and blocks the new outbreaks immediately and accurately. It provides a critical first layer of defence by intelligently blocking suspicious mail during the earliest stage of a virus outbreak.

Addressing the scenario of ever increasing blended threats, Cyberoam UTM's gateway Anti-Virus provides user configurable real time or batch mode virus scan for HTTP, FTP-over-HTTP and FTP protocol which ensures end-to-end virus protection.

Cyberoam UTM appliance scans all the three mailing protocols, which include: SMTP/POP3/IMAP. It is designed to filter out the broadest range of mail-based malware from the traffic passing through it.

Cyberoam UTM's gateway Anti-Virus provides functionality to append customized legal and commercial disclaimers to the footer of mail message.

Spam detection is a trade-off between accuracy and false positives. Generally, higher spam detection accuracy is obtained at the cost of a higher false positive rate. A good anti-spam filter will have an acceptable trade-off between the two metrics. Cyberoam's spam filtering engine uses a combination of Recurrent Pattern Detection™(RPD) Technology and Rule Based Filtering technologies (RBL), making it difficult for spammers to circumvent, giving maximum control and least amount of false positives.

Recurrent Patterns Detection™ (RPD) technology is based on the identification and classification of message patterns. Using RPD™, Cyberoam delivers the highest threat detection in all types of e-mail borne threats in real-time.

The RPD™ approach is based on the understanding that all threat outbreaks share some common characteristics, including:
1. Most e-mail messages within the outbreak have been altered to make it difficult to set blocking rules based on lexical analysis.
2. Most outbreaks include millions of e-mail messages to maximize the highest possible response rate and the greatest ROI for the attacker.
3. Most outbreaks are released within a short period of time, requiring a real-time solution to detect the outbreak to limit or avoid the damage that can be incurred.
4. The originators of the attacks invest heavily in disguising their origin to make it difficult to track the message back to them.

One of the basic premises in spam detection by Cyberoam Anti-Spam module is that most e-mail messages make it difficult to set blocking rules based on text analysis. More often than not they use images rather than text. As the content of a message is not the decisive parameter, Cyberoam is equally effective against image based spam. So in a way, the attempt to hide itself reveals it to be not legimate.

Cyberoam's anti-spam solution is language-agnostic as the technology searches for outbreaks, it does not try to analyse the content of each message. RPD™ technology doesn't care how 'viagra' is spelt, or if the content is in text or an image.

Cyberoam's anti-spam solution is based on a pull architecture, where each e-mail polls the detection centre, rather than waiting for the detection centre to push signatures out to users. This ensures no window of vulnerability. Each and every incoming e-mail gets scanned against the identified spam patterns and classified as spam or not spam.

Cyberoam's mail management feature can be configured to block files as per your need. Cyberoam's gateway anti-virus solutions checks within all types of compressed files to ensure maximum protection over SMTP, IMAP and POP3 protocols. If you are aware of the nature of the outbreak, you can configure Cyberoam to block certain attachments or educate it against key words.

For most users, missing a legitimate e-mail is an order of magnitude worse than receiving spam. Using Cyberoam UTM you can now define custom spam filtering rules based on sender or recipient IP address, mime header and message size. You now have the flexibility to tweak a spam scan as per your needs.

Cyberoam can be configured to "reject" possible spam rather than bouncing it. This is will give the sender, if they are legitimate, the chance to make contact and the reasons why a mail was rejected are logged to the mail log for further examination.

You can set Cyberoam to "drop" action as a solution. In this case your MTA rejects the mail and does not respond to the upstream server. The mail simply disappears without a trace.

Yes. You can set Cyberoam to "tag" action as a solution. Every probable spam mail will be tagged and be delivered to the recipient for their e-mail application to process.

There are two advantages of Reject Action Code. Most spam comes directly from hijacked machines or spammers' own machines which register the rejection, so spammers may eventually take you off their lists. If you block a message from a legitimate sender, their own mail-server will send them a failure notification and they may confuse this with other reasons like incorrect addressing.

Cyberoam UTM's anti-spam provides you the facility to change the recipient name and redirect the mail transparently to a predefined mailbox.

Yes. Cyberoam UTM's Internet Access Management is a combination of time schedules and content filtering applied using identity and firewall rules. This should increase productivity, improve network performance and reduce potential legal liability.

Cyberoam UTM handles Phishing, brand spoofing or carding mails on two levels:
1. Cyberoam UTM's gateway anti-virus and anti-spam solution filters out all the Phishing mails from the SMTP/POP3/IMAP stream before they reach the end user.
2. However, if a person does receive a Phishing mail through web based mail, Cyberoam UTM's Web filtering solution ensures that the user does not access the Phishing website.

Cyberoam ensures that a hijacked host file does not lead the user to a malicious site in two ways. Whenever a user requests a webpage, Cyberoam cross checks the authenticity of the address with its pre-configured DNS. In a URL filtering solution, Cyberoam has a category that specifically stops users from accessing Phishing, Pharming and other malicious websites.

Yes. Cyberoam UTM's application filtering solutions is powerful enough to control file transfer over any IM application.

Cyberoam UTM gives you control over http attachments, incoming and outgoing. A combination of IAM, content filtering, anti-virus and firewall rules gives you the flexibility to customize the attachment policy for user or a group of users.

Yes, you can create customized web filtering categories based on domain names, keywords or IP addresses.

Yes. Cyberoam's Content filtering solution logs all the Google and Yahoo searches. This provides you a clear insight into the Internet access pattern. The resultant graph reveals instantly the Internet habit of your staff.

Yes, Cyberoam UTM's content filtering solution deploys twin strategies. On the appliance itself, is a URL database of millions of sites, categorized in four main categories which are divided further into 60 sub-categories. This provides URL based content filtering. To take any exception into account, Cyberoam UTM also uses keywords to control unauthorised Internet access.

Cyberoam UTM's content filtering is not just limited to domains. It reaches deep enough to categories of URLs with offensive content on seemingly inoffensive sites and delivers content filtering in its true sense.

Cyberoam UTM provides you with the ability to attach an individual IDP policy to a combination of source, destination, and identity and service schedules. This leads to customization of each IDP policy as per your needs and will reduce false positives especially in your DMZ area.

Cyberoam UTM provides IP address and User based reports. It thwarts anonymity in DHCP, wireless and computer sharing environments and in case of threat detection; it reduces administrator's reaction time.

Yes. Cyberoam UTM allows multiple application controls. Apart from the standard port blocking facility, Cyberoam UTM's layered approach provides you the greater flexibility to control P2P and port scaling IM applications over network address or user groups using a combination of application signatures and firewall rules.

Yes, you can create custom application categories consisting of multiple applications and set schedules to control them for specific users.

Cyberoam UTM, in a paradigm shift, extends the firewall's rule matching criteria to include group policy and individual user's identity and schedule in its purview. Similarly, the firewall actions are extended to include complete control over all the security solutions which include; Anti-Virus, Anti-Spyware, Content Filtering, Intrusion, Detection and Protection, VPN Access and Internet Access Management.

Cyberoam UTM's Firewall and Internet Access Management solution allows you to create self-limiting rules so you can create one-off rules which automatically get deactivated after a stipulated period or regular scheduled rule changes.

Cyberoam UTM moves beyond relying on IP addressing to include user's identity as a decision parameter. This leads to seamless authentication and security even in DHCP and Wireless environment.

The purpose of VPN Failover is to provide an automatic backup connection for VPN traffic.

VPN Failover ensures VPN traffic switch over from a dead tunnel to an active one.

Cyberoam UTM provides you the ability to load balance a number of ISP links in a single box.

Yes. Cyberoam UTM allows one-to-many dynamic DNAT. This enables load balancing between DMZ based multiple server applications.

Yes. A combination of Cyberoam UTM's bandwidth management and Internet Access Management will automate priority bandwidth allocation as per your need.

Cyberoam UTM supports strict and burstable bandwidth allocation. The Strict Bandwidth option ensures that a user or an application gets a pre-specified average minimum bandwidth. Burstable bandwidth allows users or applications to use the available bandwidth capacity, if specified.

Using Cyberoam UTM's user identity based Internet Access Module you can provide cyclic access per day, week, month or year, as per your requirement, to your students. The bandwidth management policy enables you to specify the amount of data transferred. For example, you can grant a user 3 hours of Internet access or 100 MB per day.

Cyberoam UTM combines Firewall, Gateway Anti-Virus, Anti-Spam, Web Content Filtering, IDP and Bandwidth Management solutions. The administrator can centrally edit all the security policies in management console. This helps in coordination of security policies.

Yes. The "copy to" feature of Cyberoam UTM can be configured to deliver a copy of each outgoing mail for a specific user transparently. This can be an important tool in the fight against data leakage.

No. Without no extra cost or effort, Cyberoam UTM's transparent mail logging feature and "copy to" feature makes sure that all the mail communication is logged. This feature helps you to meet guidelines laid down by Sarbanes Oxley and HIPAA.

No. You will still need protecting from the bad habits of your staff with a good software anti-virus program.

Cyberoam uses multiple approaches to enhance its performance:
1.Cyberoam uses best software design to achieve maximum performance through hardware.
2.Performance intensive and repetitive operations like encryption and pattern matching are isolated. These operations are accelerated using hardware and software mechanisms. For example, CR 25i uses Processor based hardware encryption engine for AES encryption to get high VPN throughput. The CR50i onwards appliances use a mix of software and hardware acceleration methods for parallel interrupt processing, regular expressions matching and simultaneous processing for performance intensive operations using technologies like multi-core processors, FPGA co processors and inherent advances in Intel processor technology like IOAT etc.

Yes Cyberoam supports Active-Passive and Active-Active high availability.