Going to the Edge with Security
|
|
- Peregrine Bennett
- 8 years ago
- Views:
Transcription
1 G 7 November 2014 Going to the Edge with Security Report Title size and position text box to center Report Title in the blue bar Stratecast Analysis by Michael P. Suby Stratecast Perspectives & Insight for Executives (SPIE) Volume 14, Number 41
2 Going to the Edge with Security Introduction 1 In building construction, effective supply chain management is critical to completing projects on time and within budget. In the sequenced orchestration of construction, delayed delivery of building supplies in one stage can have cascading implications on latter stages. Recognizing this risk, building contractors make calculated choices among delivery approaches. A tangible example is the mixing of cement, aggregates, and water to produce concrete. Should the concrete be produced on or in close proximity to the job site, or should the concrete be produced at an off-site location and transported to the job site? While many factors go into the decision on where to mix the raw materials (e.g., available space at the job site for storing raw materials and mixing, local ordinances, economies of scale, and quality control), the delivery of wet concrete is also a consideration. If, for example, the transportation of wet concrete from the off-site mixing plant to the job site is unpredictable or extensively lengthy relative to mixing the cement on-site, the construction project timeline would need to be extended, and the anticipated project cost increased to compensate. In a manner of speaking, there are trade-offs. Might this analogy on location trade-offs be applicable in the delivery of information and network security? Stratecast believes it is. While the use of security technologies by businesses is critical in managing risk, trade-offs are present. For example, in distributed denial of service (DDoS) security, redirecting inbound Web site traffic to a scrubbing center adds network latency and processing time to the end-to-end delivery of legitimate traffic; time that could reach a level noticeable to site visitors. While an acceptable trade-off to the Web site owner relative to the potential alternative of a disrupted Web site, it s a trade-off nonetheless. Additionally, there is the implicit cost of network transport used to direct inbound Web site traffic to the scrubbing center, and then returning legitimate traffic to the Web site. This network usage is not free; the cost is included in the price of the DDoS security service. This is just one example of the trade-offs with a security approach that relies on redirecting network traffic to a centralized processing center. Similar trade-offs in terms of security and network infrastructure investments and latency are present if security processing is conducted at an onpremises gateway location (e.g., at a business network perimeter or in front of a data center). Perhaps a relocation of security processing is in order. In this SPIE, we examine an alternative approach of pushing security processing outward to the edge of carrier networks. 1 In preparing this report, Stratecast conducted interviews with: Akamai Various executives at Akamai s Analyst Summit on October 16, CenturyLink Randy Tucker, Senior Marketing Manager and Product Strategist - Network, Hosting, and Cloud Solutions; and Peter Brecl, Senior Product Manager Fortinet Stephan Tallent, Director MSSP Americas Please note that the insights and opinions expressed in this assessment are those of Stratecast and have been developed through the Stratecast research and analysis process. These expressed insights and opinions do not necessarily reflect the views of the company executives interviewed. SPIE #41, November 2014 Stratecast Frost & Sullivan, 2014 Page 2
3 More than Protection The prospect of moving security processing to the edge of carrier networks is not exclusively for the benefit of optimizing the performance experience of connected users, and reducing costs, but also has a bearing on the changing nature of network traffic flows and the implications on congestion. Conceptually, a looming issue with changing network traffic flows is the rising bandwidth capacity and use of access networks (wireless and wired) relative to the capacity of core networks. Simplistically stated, is the cumulative effect of escalation in the number of connected endpoints (e.g., mobile devices, homes, business locations, and the Internet of Things IoT) and destinations (e.g., Web sites and cloud), changes in high-bandwidth traffic patterns (e.g., cloud-to-cloud, on-premises data center-tocloud), plus generational leaps in mobile (from 3G to 4G and then to 5G) and wired (from megabit TDM to gigabit and beyond with Ethernet) access networks outstripping the capacity of core networks much like arteries (access networks) funneling into a traffic circle (core network)? Definitive evidence on the overall extent of this looming issue of core network congestion is hard to ascertain a critical tipping point, per se, is more of a projection than a massive, near-term reality. Nevertheless, there are signs of the impending; and, positively, there are also examples of security-atthe-edge already in the market. Delivery of Web Pages is Slowing Down As assembled by Akamai, the average page load time has increased by over 60% in the last two years, as shown in the table below. Increases in page size and number of objects, plus an increase in mobile access, are part of the cause, but also reflective of a delivery infrastructure that is not keeping pace with the changing dimensions in what is being delivered and how. Exhibit 1: Delivery of Web Pages is Slowing Down Typical Page Size (kilobits, Kb) Kb 1,081 Kb 1,622 Kb Typical Number of Objects Mobile Penetration 9% 19% 30% Average Page Load Time (seconds) Source: httparchive.org, Akamai, Radware DDoS Scrubbing Centers Capacity Growing Reflecting increasing frequency and size of DDoS attacks, DDoS security service providers are increasing their scrubbing center capacity. 2 Akamai, for example, increased its capacity by 70%, from 1.85 Terabytes per 2 In depth analysis on the market and providers of DDoS security platforms and services is contained in Frost & Sullivan s Analysis of the Global Distributed Denial of Service (DDoS) Mitigation Market (NDD2-74), July To obtain a copy of this report or any other Stratecast or Frost & Sullivan report, please contact your account representative or inquiries@stratecast.com. SPIE #41, November 2014 Stratecast Frost & Sullivan, 2014 Page 3
4 second (Tbps) in 2013 to 3.15 Tbps in 2014; and recently opened scrubbing centers in the Asia-Pacific region. Similarly, Arbor Networks is planning an expansion of its Arbor Cloud DDoS scrubbing capacity to 1.5 Tbps by mid If demand materializes for this capacity, an increasing load on core networks follows. However, for Akamai, with the scrubbing centers it gained in the Prolexic acquisition, the incremental load on core networks due to traffic rerouting is tempered. The core network used by Akamai to reroute traffic is Internet route-optimized (i.e., avoids congestion points) via the company s real-time traffic analysis and routing algorithms. Blocking of DDoS Attacks Moving to the Edge In a nod to reducing core network usage in mitigating DDoS attacks, and a change of course from its earlier blocking approach of attack traffic, AT&T has moved blocking from within its scrubbing centers to upstream, nearer to DDoS attack traffic origination. According to AT&T, within 15 minutes (on average) after attack traffic has reached its scrubbing centers, 90% of the traffic is blocked upstream in its network, rather than being blocked in the scrubbing center. CenturyLink, with its DDoS Mitigation Service, also blocks confirmed attack traffic in a distributed fashion frequently, at carrier network peering points. Akamai follows a different but highly effective approach. With its original DDoS service, Kona Site Defender, Akamai s globally distributed edge servers purge DDoS attack traffic from incoming Web site traffic (i.e., scrubbing and blocking at the edge). Incidentally, Kona Site Defender forms the basis for IBM s managed Web defense service; and Akamai is actively pursuing resell and white-label arrangements with other managed security service providers. Unified Threat Management (UTM) Also Moving to the Network CenturyLink has taken the concept of network-based security services, and placed it on a more distributed and virtual plane. With its Network-Based Security service, businesses can subscribe to a suite of security services (firewall, VPN, intrusion detection and prevention, anti-malware, Web content filtering, and data loss prevention) hosted as customer-specific virtual instances at CenturyLink s IP/MPLS 4 points of presence (PoPs). CenturyLink uses Fortinet s technology to deliver the service. With a PoP deployment, each of the customer s locations sits directly on the doorstep to the Internet. Internet-destined traffic from branch offices and remote locations is not re-directed to a headquarters gateway for security treatment, or to a small number of regional, multi-tenant security platforms. The performance hit due to network hair-pin turns is essentially eliminated. For One Provider, Web Application Firewall has Always Been at the Edge Akamai s Kona Site Defender is also an edge-based Web Application Firewall (WAF). 5 Built on Akamai analysis to identify Web application threats (e.g., cross-site scripting and SQL injection), customer-specific mitigation policies are broadcasted to Akamai s global edge servers to block threatening traffic. Unique in its edge-based WAF approach, Akamai is set to improve the service in 2015 through the introduction of enhanced capabilities in policy activation and tuning, and also in threat monitoring. 3 Arbor Network Announces Multi-Terabit per Second Mitigation Capacity Expansion for Arbor Cloud DDoS Protection Service, Press Release (September 30, 2014). 4 Internet Protocol Multiprotocol Label Switching 5 Extensive analysis on this evolving product category is contained in Analysis of the Global Web Application Firewall Market (NE28-74), October SPIE #41, November 2014 Stratecast Frost & Sullivan, 2014 Page 4
5 More to Come The service examples in DDoS, UTM, and WAF are tangible demonstrations that traditional security can be as effective in an edge-based approach as in centralized platforms, plus produce additional benefits of improved performance (i.e., lower latency) and reduced consumption of network capacity. Stratecast believes more edge-based security developments will unfold in the future. Potential developments include: Establishing Multiple Layers of Protection With edge-based security, the potential to have layers of complementary protection is possible: at the distributed edge or edges, and at a centralized gateway. Similar to the escalating skill levels in video games, protection policies can be escalated to thwart attackers in a stepwise fashion. At the outer edge, general policies that yield high results in purging bad traffic with limited processing requirements and fast throughput are employed. As the traffic moves closer to the protected asset (e.g., a Web site), the policies become more sophisticated and require more processing resources, to trip up attackers of more modest skills. At this stage, the throughput demands are less, as the volume of traffic to process is less than at the outer edge. Before reaching the protected asset, a final set of highly sophisticated and compute-heavy policies are used to thwart expert attackers. With this multi-layer approach, the development and deployment of policies is optimized for both security efficacy and resource optimization, to produce a balanced approach. Protecting the Internet of Things (IoT) The deployment and use of traditional endpoint security software on smartphones and tablets trails PCs by a wide margin, despite attractive multi-device packaging by vendors of endpoint security software. 6 As the IoT moves forward, the risk of compromise will surely rise. Yet, the prospect that the innumerable variations of device types in IoT will be inherently secure (e.g., via embedded security), or will buck the trend of mobile devices and have after-market security software extensively deployed, is unlikely. A new approach to protect these devices from the risks of being Internet-connected, and likely connected 24x7, is needed. With effective instrumentation, management, and monitoring, edge security could be the type of low-cost and reliable means to protect literally thousands, if not millions or billions, of IoT devices at their point of Internet connectivity. Controlling Access Permissions The true identity of the end user associated with a connecting device, and the security state of that device, are essential pieces of information in determining who has access to what; and this includes public-facing resources (e.g., Web sites and Software as a Service resources). Unfortunately, interrogation of user identity and device properties and security state typically occur at or after a connection into a protected environment, or not all. Change is in the wind. On identity and access management (IAM), movement to cloud-delivered IAM capabilities is gaining momentum. The latest announcement from IBM of a new Cloud Identity Service, 7 built on the company s recent acquisition of Lighthouse Security Group, is just one of many indicators of growing market 6 Market analysis on endpoint security products is included in Frost & Sullivan s Analysis of the Endpoint Security Market (NE3F-74), September IBM Unveils Industry's First Intelligent Cloud Security Portfolio for Global Businesses, Press Release (November 5, 2014). SPIE #41, November 2014 Stratecast Frost & Sullivan, 2014 Page 5
6 demand for pervasive and upscale IAM capabilities. 8 Additionally, Network Access Control (NAC), as examined in an upcoming Frost & Sullivan market analysis study, is on a resurgence trajectory. This is also an indicator of growing market demand to assess risk as a standard routine in making decisions on access permission. Edge security, in Stratecast s view, either in stand-alone mode or in collaboration with cloud or on-premises IAM and NAC solutions, could become an effective mechanism to improve access permission control broadly, consistently, and cost effectively. 8 Analysis on Lighthouse Security Group is contained in Following the Cloud-Tailored Model in Identity & Access Management (SPIE ), October 11, SPIE #41, November 2014 Stratecast Frost & Sullivan, 2014 Page 6
7 Stratecast The Last Word The concept of moving security operations to the network edge that is, closer to the points of traffic origination has merit. For traffic payloads where speed in end-user engagements is critical, an at-the-edge approach assists in reducing network latency caused by rerouting traffic for inspection and treatment to a central or regional processing center, which may not be in the most route-optimized path between the end user and the asset he or she is connecting to. Additionally, for network carriers who also are providers of security services, an edge security approach contributes to the optimization of core network resources, as the need for network optimization expands due to advancing capabilities of access networks and endpoint devices, and network traffic patterns become denser (e.g., in the use of cloud-based services). There simply may not be enough core network infrastructure to serve all the demand for capacity at the performance level required. Although logical on paper, moving security to the edge is not as simple as porting a security operation from its current location (e.g., an on-premises gateway or a regional platform hosted in a carrier network) to a multitude of distributed edge locations. Certainly there are technology considerations to be addressed. Yet, with mature and maturing foundational technologies like virtualization, software defined networking (SDN), and network function virtualization (NFV), the technical hurdles seem solvable. What can be a more challenging hurdle is control. In the security discipline, customers of security solutions demand control, and control requires comprehensive visibility and validation of each of their individual security instances. When information and network security was younger and principally based on a box on-premises approach, logical and physical control was assured. As the options of network-based security delivered from either a multi-tenant platform or a customer-dedicated appliance hosted off-premises in a carrier network became available, assurances to subscribers that a drop in security integrity and control versus on-premises appliances would not occur had to be established. In an edge-based approach, this hurdle of assurance and retention of control must scale with the number of edge security instances. Additionally, manageability is another key consideration. With security and IT organizations having accountability for security operations at various physical and virtual locations on-premises, endpoint devices, network-based platforms, in the cloud, and at the edge the orchestration and monitoring complexity multiplies. With this multiplication, the potential of a decline in security integrity increases; too many balls to juggle. Therefore, in order for an edge-based security approach to flourish, technical and operational perspectives, from both the provider and the customer, must be considered and addressed. This has been done, as the edge-based security examples cited in this SPIE demonstrate. However, none were accomplished in short order or alone. Years of planning and preparation took place, and collaboration with technology providers was essential. Potentially, these early examples will pave the way to a faster cycle in the introduction of new forms of edge-based security solutions. Michael P. Suby VP of Research Stratecast Frost & Sullivan msuby@stratecast.com SPIE #41, November 2014 Stratecast Frost & Sullivan, 2014 Page 7
8 About Stratecast Stratecast collaborates with our clients to reach smart business decisions in the rapidly evolving and hypercompetitive Information and Communications Technology markets. Leveraging a mix of action-oriented subscription research and customized consulting engagements, Stratecast delivers knowledge and perspective that is only attainable through years of real-world experience in an industry where customers are collaborators; today s partners are tomorrow s competitors; and agility and innovation are essential elements for success. Contact your Stratecast Account Executive to engage our experience to assist you in attaining your growth objectives. About Frost & Sullivan Frost & Sullivan, the Growth Partnership Company, works in collaboration with clients to leverage visionary innovation that addresses the global challenges and related growth opportunities that will make or break today s market participants. For more than 50 years, we have been developing growth strategies for the Global 1000, emerging businesses, the public sector and the investment community. Is your organization prepared for the next profound wave of industry convergence, disruptive technologies, increasing competitive intensity, Mega Trends, breakthrough best practices, changing customer dynamics and emerging economies? For more information about Frost & Sullivan s Growth Partnership Services, visit CONTACT US SPIE #41, November 2014 Stratecast Frost & Sullivan, 2014 Page 8 For more information, visit dial , or inquiries@stratecast.com.
The Expanding Role of Service Providers in DDoS Mitigation
March 13, 2015 The Expanding Role of Service Providers in DDoS Mitigation Stratecast Analysis by Chris Rodriguez Stratecast Perspectives and Insight for Executives (SPIE) Volume 15, Number 10 The Expanding
More information2012 North American Managed Security Service Providers Growth Leadership Award
2011 South African Data Centre Green Excellence Award in Technology Innovation Cybernest 2012 2012 North American Managed Security Service Providers Growth Leadership Award 2011 Frost & Sullivan 1 We Accelerate
More informationTechnology Brief Demystifying Cloud Security
Demystifying Cloud Security xo.com Demystifying Cloud Security Contents Introduction 3 Definition of the cloud 3 Cloud security taxonomy 4 Cloud Infrastructure Security 5 Tenant- based Security 5 Security
More informationVirtualized Security: The Next Generation of Consolidation
Virtualization. Consolidation. Simplification. Choice. WHITE PAPER Virtualized Security: The Next Generation of Consolidation Virtualized Security: The Next Generation of Consolidation As we approach the
More informationSecuring data centres: How we are positioned as your ISP provider to prevent online attacks.
Securing data centres: How we are positioned as your ISP provider to prevent online attacks. Executive Summary In today s technologically-demanding world, an organisation that experiences any internet
More informationWhite Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation
White Paper Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation Table of Contents Introduction... 3 Common DDoS Mitigation Measures...
More informationADVANCED SECURITY MECHANISMS TO PROTECT ASSETS AND NETWORKS: SOFTWARE-DEFINED SECURITY
ADVANCED SECURITY MECHANISMS TO PROTECT ASSETS AND NETWORKS: SOFTWARE-DEFINED SECURITY One of the largest concerns of organisations is how to implement and introduce advanced security mechanisms to protect
More informationData Center Network Evolution: Increase the Value of IT in Your Organization
White Paper Data Center Network Evolution: Increase the Value of IT in Your Organization What You Will Learn New operating demands and technology trends are changing the role of IT and introducing new
More informationCloud, SDN and the Evolution of
Cloud, SDN and the Evolution of Enterprise Networks Neil Rickard Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in any form
More informationAdvantages of Managed Security Services
Advantages of Managed Security Services Cloud services via MPLS networks for high security at low cost Get Started Now: 877.611.6342 to learn more. www.megapath.com Executive Summary Protecting Your Network
More information2012 North American Enterprise Firewalls Market Penetration Leadership Award
2012 2012 North American Enterprise Firewalls Market Penetration Leadership Award 2012 Frost & Sullivan 1 We Accelerate Growth Market Penetration Leadership Award Enterprise Firewalls North America, 2012
More informationAKAMAI WHITE PAPER. The Challenges of Connecting Globally in the Pharmaceutical Industry
AKAMAI WHITE PAPER The Challenges of Connecting Globally in the Pharmaceutical Industry The Challenges of Connecting Globally in the Pharmaceutical Industry TABLE OF CONTENTS EXECUTIVE SUMMARY 1 GLOBAL
More informationFirewall and UTM Solutions Guide
Firewall and UTM Solutions Guide Telephone: 0845 230 2940 e-mail: info@lsasystems.com Web: www.lsasystems.com Why do I need a Firewall? You re not the Government, Microsoft or the BBC, so why would hackers
More informationTop 10 Reasons Enterprises are Moving Security to the Cloud
ZSCALER EBOOK Top 10 Reasons Enterprises are Moving Security to the Cloud A better approach to security Albert Einstein defined insanity as doing the same thing over and over again and expecting different
More informationTruffle Broadband Bonding Network Appliance
Truffle Broadband Bonding Network Appliance Reliable high throughput data connections with low-cost & diverse transport technologies PART I Truffle in standalone installation for a single office. Executive
More information[state of the internet] / SEO Attacks. Threat Advisory: Continuous Uptick in SEO Attacks
TLP: GREEN Issue Date: 1.12.16 Threat Advisory: Continuous Uptick in SEO Attacks Risk Factor High The Akamai Threat Research Team has identified a highly sophisticated Search Engine Optimization (SEO)
More informationPervasive Security Enabled by Next Generation Monitoring Fabric
Pervasive Security Enabled by Next Generation Monitoring Fabric By: Lee Doyle, Principal Analyst at Doyle Research Sponsored by Big Switch Networks Executive Summary Enterprise networks have become ever
More informationTIME TO RETHINK SDN AND NFV
TIME TO RETHINK SDN AND NFV SDN and NFV are gathering momentum as telecom carriers struggle to manage rapid growth in data traffic. Discussions have focused on the ability of SDN and NFV to make network
More informationProtecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking
ProCurve Networking by HP Protecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking Introduction... 2 Today s Network Security Landscape... 2 Accessibility...
More informationHow To Protect Your Network From Attack From A Network Security Threat
Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your
More informationCisco Cloud Web Security
Data Sheet Today s highly connected and fast-moving world is filled with complex and sophisticated web security threats. Cisco delivers the strong protection, complete control, and investment value that
More informationAvailability Digest. www.availabilitydigest.com. Prolexic a DDoS Mitigation Service Provider April 2013
the Availability Digest Prolexic a DDoS Mitigation Service Provider April 2013 Prolexic (www.prolexic.com) is a firm that focuses solely on mitigating Distributed Denial of Service (DDoS) attacks. Headquartered
More informationHow To Block A Ddos Attack On A Network With A Firewall
A Prolexic White Paper Firewalls: Limitations When Applied to DDoS Protection Introduction Firewalls are often used to restrict certain protocols during normal network situations and when Distributed Denial
More informationFour Considerations for Addressing the DDoS Risk for Carrier and Cloud Hosting Providers
Four Considerations for Addressing the DDoS Risk for Carrier and Cloud Hosting Providers Whitepaper SHARE THIS WHITEPAPER Table of Contents The Rising Threat of Cyber-Attack Downtime...3 Four Key Considerations
More informationSHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper
SHARE THIS WHITEPAPER Top Selection Criteria for an Anti-DDoS Solution Whitepaper Table of Contents Top Selection Criteria for an Anti-DDoS Solution...3 DDoS Attack Coverage...3 Mitigation Technology...4
More informationWhy an Intelligent WAN Solution is Essential for Mission Critical Networks
Why an Intelligent WAN Solution is Essential for Mission Critical Networks White Paper Series WP100135 Charles Tucker Director of Marketing June 1, 2006 Abstract: Reliable Internet connectivity is now
More informationNavigating to MPLS-Enabled Networks: The Search for Security, Flexibility and Simplicity
AT&T s 4 POINTSOF CONVERGENCE Navigating to MPLS-Enabled Networks: The Search for Security, Flexibility and Simplicity AT&T s Four Points of Convergence Business leaders are quickly recognizing that a
More informationUnified Threat Management, Managed Security, and the Cloud Services Model
Unified Threat Management, Managed Security, and the Cloud Services Model Kurtis E. Minder CISSP Global Account Manager - Service Provider Group Fortinet, Inc. Introduction Kurtis E. Minder, Technical
More informationDelivering Managed Services Using Next Generation Branch Architectures
Delivering Managed Services Using Next Generation Branch Architectures By: Lee Doyle, Principal Analyst at Doyle Research Sponsored by Versa Networks Executive Summary Network architectures for the WAN
More informationThe State of Application Delivery in 2015
The State of Application Delivery in 2015 a report by F5 f5.com/soad 1 Introduction F5 surveyed customers from more than 300 organizations (of all sizes) across a broad spectrum of vertical markets such
More informationStop DDoS Attacks in Minutes
PREVENTIA Forward Thinking Security Solutions Stop DDoS Attacks in Minutes 1 On average there are more than 7,000 DDoS attacks observed daily. You ve seen the headlines. Distributed Denial of Service (DDoS)
More informationAKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.
CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE. Threat > The number and size of cyberattacks are increasing rapidly Website availability and rapid performance are critical factors in determining the success
More informationCALNET 3 Category 7 Network Based Management Security. Table of Contents
State of California IFB STPD 12-001-B CALNET 3 Category 7 Network Based Security Table of Contents 7.2.1.4.a DDoS Detection and Mitigation Features... 1 7.2.2.3 Email Monitoring Service Features... 2 7.2.3.2
More informationDeploying Firewalls Throughout Your Organization
Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense
More informationLeveraging SDN and NFV in the WAN
Leveraging SDN and NFV in the WAN Introduction Software Defined Networking (SDN) and Network Functions Virtualization (NFV) are two of the key components of the overall movement towards software defined
More informationBusiness Case for NFV/SDN Programmable Networks
Business Case for NFV/SDN Programmable Networks Executive Summary Traditional network designs are failing to meet service providers business requirements. The designs lead to complex hardware stacks, over-provisioning
More informationCreating Business-Class VoIP: Ensuring End-to-End Service Quality and Performance in a Multi-Vendor Environment. A Stratecast Whitepaper
: Ensuring End-to-End Service Quality and Performance in a Multi-Vendor Environment A Executive Summary Creating Business-Class VoIP Traditional voice services have always been reliable, available, and
More informationDDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT
DDoS Protection How Cisco IT Protects Against Distributed Denial of Service Attacks A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge: Prevent low-bandwidth DDoS attacks coming from a broad
More informationWeb Application Defence. Architecture Paper
Web Application Defence Architecture Paper June 2014 Glossary BGP Botnet DDoS DMZ DoS HTTP HTTPS IDS IP IPS LOIC NFV NGFW SDN SQL SSL TCP TLS UTM WAF XSS Border Gateway Protocol A group of compromised
More informationINSERT COMPANY LOGO HERE
20132014 INSERT COMPANY LOGO HERE 2014 Global 2013 North Distributed American Denial-of-Service SSL Certificate Mitigation Product Market Leadership Leadership Award Award Frost & Sullivan 2014 1 We Accelerate
More informationwww.prolexic.com Stop DDoS Attacks in Minutes
www.prolexic.com Stop DDoS Attacks in Minutes Prolexic gives us the strong insurance policy against DDoS attacks that we were looking for. Mark Johnson, Chief Financial Officer, RealVision You ve seen
More informationvsrx Services Gateway: Protecting the Hybrid Data Center
Services Gateway: Protecting the Hybrid Data Center Extending Juniper Networks award-winning security products to virtualized, cloud-based, and hybrid IT environments Challenge Virtualization and cloud
More informationJUNOS DDoS SECURE. Advanced DDoS Mitigation Technology
JUNOS DDoS SECURE Advanced DDoS Mitigation Technology Biography Nguyen Tien Duc ntduc@juniper.net, +84 903344505 Consulting Engineer- Viet Nam CISSP # 346725 CISA # 623462 2 Copyright 2013 Juniper Networks,
More informationCenter SDN & NFV. Modern Data IN THE
SDN & NFV IN THE Modern Data Center A GUIDE TO UNDERSTANDING THE IMPACT AND BENEFITS OF SOFTWARE-DEFINED NETWORKING AND NETWORK FUNCTIONS VIRTUALIZATION TABLE OF CONTENTS OF SDN AND NFV ARE SDN AND NFV
More informationWhen is Cloud-managed WLAN a Good Fit?
When is Cloud-managed WLAN a Good Fit? August 2015 MOBILE RESEARCH COUNCIL www.mobileresearchcouncil.com info@mobileresearchcouncil.com, or Call (888) 408-0252 Mobile and Cloud Computing Transform the
More informationTotal Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security
Total Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security White Paper September 2003 Abstract The network security landscape has changed dramatically over the past several years. Until
More informationBusiness Case for Virtual Managed Services
Business Case for Virtual Managed Services Executive Summary Managed services allow businesses to offload day-to-day network management tasks to service providers and thus free up internal talent to focus
More informationCisco ASA and Cloud Web Security: Best-in-Class Network Security Combined with Best-in-Class Web Security
White Paper Cisco ASA and Cloud Web Security: Best-in-Class Network Security Combined with Best-in-Class Web Security Introduction Organizations that want to harness the power of the web must deal with
More informationHow Cloud Services Benefit from Cloud-Based Delivery. With a Look at Solutions from Akamai
How Cloud Services Benefit from Cloud-Based Delivery With a Look at Solutions from Akamai Perspective 2012 Neovise, LLC. All Rights Reserved. Report Published April 22, 2014 The Growing Role of the Internet
More informationAutomated Mitigation of the Largest and Smartest DDoS Attacks
Datasheet Protection Automated Mitigation of the Largest and Smartest Attacks Incapsula secures websites against the largest and smartest types of attacks - including network, protocol and application
More informationWhite Paper. ZyWALL USG Trade-In Program
White Paper ZyWALL USG Trade-In Program Table of Contents Introduction... 1 The importance of comprehensive security appliances in today s world... 1 The advantages of the new generation of zyxel usg...
More information2013 WAN Management Spectrum. October 2013
2013 WAN Management Spectrum October 2013 Market Context... 2 Executive Summary... 3 By the Numbers... 5 Research Background... 6 WAN Management... 8 Business Impact... 9 Submarkets... 10 Deployment...
More informationMaking the Internet Business-Ready
Making the Internet Business-Ready If you ve ever shopped online, downloaded music, watched a web video or connected to work remotely, you ve probably used Akamai. Our solutions help to deliver the best
More informationService Description DDoS Mitigation Service
Service Description DDoS Mitigation Service Interoute, Walbrook Building, 195 Marsh Wall, London, E14 9SG, UK Tel: +800 4683 7681 Email: info@interoute.com Contents Contents 1 Introduction...3 2 An Overview...3
More informationLippis Report 158: Next Generation Network Security for Data Center Protections
Lippis Report 158: Next Generation Network Security for Data Center Protections One significant trend that has emerged during the current business/economic cycle is that IT projects that reduce cost are
More informationalcatel-lucent converged network solution The cost-effective, application fluent approach to network convergence
alcatel-lucent converged network solution The cost-effective, application fluent approach to network convergence the corporate network is under pressure Today, corporate networks are facing unprecedented
More informationNovember 2013. Defining the Value of MPLS VPNs
November 2013 S P E C I A L R E P O R T Defining the Value of MPLS VPNs Table of Contents Introduction... 3 What Are VPNs?... 4 What Are MPLS VPNs?... 5 What Are the Benefits of MPLS VPNs?... 8 How Do
More informationWAN Optimization Integrated with Cisco Branch Office Routers Improves Application Performance and Lowers TCO
WAN Optimization Integrated with Cisco Branch Office Routers Improves Application Performance and Lowers TCO The number of branch-office work sites is increasing, so network administrators need tools to
More informationSecurityDAM On-demand, Cloud-based DDoS Mitigation
SecurityDAM On-demand, Cloud-based DDoS Mitigation Table of contents Introduction... 3 Why premise-based DDoS solutions are lacking... 3 The problem with ISP-based DDoS solutions... 4 On-demand cloud DDoS
More informationReaping the Full Benefits of a Hybrid Network
Singtel Business Product Factsheet Managed Hybrid Network Reaping the Full Benefits of a Hybrid Network Singtel Managed Hybrid Network is an innovative offering that extends the enterprise s network coverage
More informationInfrastructure for more security and flexibility to deliver the Next-Generation Data Center
Infrastructure for more security and flexibility to deliver the Next-Generation Data Center Stefan Volmari Manager Systems Engineering Networking & Cloud Today's trends turn into major challenges Cloud
More informationThe Advantages of Security as a Service versus On-Premise Security
The Advantages of Security as a Service versus On-Premise Security ABSTRACT: This document explores the growing trend of hosted/managed security as a service and why the cloud is quickly becoming the preferred
More informationIncrease Simplicity and Improve Reliability with VPLS on the MX Series Routers
SOLUTION BRIEF Enterprise Data Center Interconnectivity Increase Simplicity and Improve Reliability with VPLS on the Routers Challenge As enterprises improve business continuity by enabling resource allocation
More informationRise of the Machines: An Internet-Wide Analysis of Web Bots in 2014
SESSION ID: SPO2-W04 Rise of the Machines: An Internet-Wide Analysis of Web Bots in 2014 John Summers VP, Security Products Akamai #RSAC The Akamai Intelligent Platform The Platform 167,000+ Servers 2,300+
More information2015 Global Stratecast Operations Management of Emerging Internet of Things (IoT) Technology Innovation Award
2015 2015 Global Stratecast Operations Management of Emerging Internet of Things (IoT) Technology Innovation Award Contents Background and Company Performance... 3 Introduction... 3 Industry Challenges...
More informationPowering the Internet of Things: SDN/NFV Architectures
Powering the Internet of Things: SDN/NFV Architectures 6B Connected Devices 2013 2013 2016 2018 2020 50B Connected Devices Worldwide by 2020 Implications for Service Providers Scaling the Networks End
More informationCisco IWAN and Akamai Intelligent Platform : Maximize Your WAN Investment
Cisco IWAN and Akamai Intelligent Platform : Maximize Your WAN Investment What You Will Learn Cisco Systems and Akamai Technologies intend to deliver the world s first combined Cisco Intelligent WAN with
More information2014 Foley & Lardner LLP Attorney Advertising Prior results do not guarantee a similar outcome Models used are not clients but may be representative
2014 Foley & Lardner LLP Attorney Advertising Prior results do not guarantee a similar outcome Models used are not clients but may be representative of clients 321 N. Clark Street, Suite 2800, Chicago,
More informationGlobal Web Application Firewall Market 2015-2019
Global Web Application Firewall Market 2015-2019 Global Web Application Firewall Market 2015-2019 Sector Publishing Intelligence Limited (SPi) has been marketing business and market research reports from
More informationHow WAN Design Needs to Change
How WAN Design Needs to Change Ashton, Metzler & Associates Introduction While some organizations continue to make use of WAN services such as Frame Relay and ATM, the use of those services is quickly
More informationCisco SAFE: A Security Reference Architecture
Cisco SAFE: A Security Reference Architecture The Changing Network and Security Landscape The past several years have seen tremendous changes in the network, both in the kinds of devices being deployed
More informationEnabling the SmartGrid through Cloud Computing
Enabling the SmartGrid through Cloud Computing April 2012 Creating Value, Delivering Results 2012 eglobaltech Incorporated. Tech, Inc. All rights reserved. 1 Overall Objective To deliver electricity from
More informationSDN and NFV in the WAN
WHITE PAPER Hybrid Networking SDN and NFV in the WAN HOW THESE POWERFUL TECHNOLOGIES ARE DRIVING ENTERPRISE INNOVATION rev. 110615 Table of Contents Introduction 3 Software Defined Networking 3 Network
More informationSecuring Internet Facing. Applications. Technical White Paper. configuration drift, in which IT members open up ports or make small, supposedly
Securing Internet Facing Applications Ten years ago protecting the corporate network meant deploying traditional firewalls and intrusion detection solutions at the perimeter of the trusted network in order
More informationNetwork Security Monitoring: Looking Beyond the Network
1 Network Security Monitoring: Looking Beyond the Network Ian R. J. Burke: GCIH, GCFA, EC/SA, CEH, LPT iburke@headwallsecurity.com iburke@middlebury.edu February 8, 2011 2 Abstract Network security monitoring
More informationAsia-Pacific Distributed Denial of Services (DDoS) Protection Market 2013
Brochure More information from http://www.researchandmarkets.com/reports/3065109/ Asia-Pacific Distributed Denial of Services (DDoS) Protection Market 2013 Description: The Distributed Denial of Service
More informationTop 10: Firewall Shopping Checklist NEXT. Best viewed with Adobe Reader
Top 10: Firewall Shopping Checklist Best viewed with Adobe Reader 1 Fast and Furious Performance 1 Fast and Furious Performance As with sports cars, performance is a top buying criteria for firewalls.
More informationImpact of Cybersecurity Innovations in Key Sectors (Technical Insights)
Impact of Cybersecurity Innovations in Key Sectors (Technical Insights) Customized cybersecurity measures help overcome Industry specific challenges September 2014 Table of Contents Section Slide Number
More informationTesting Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES
Testing Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES Table of Contents Introduction... 1 SDN - An Overview... 2 SDN: Solution Layers and its Key Requirements to be validated...
More informationTRANSITIONING YOUR BUSINESS MODEL INTO MANAGED SERVICES FOR LONG-TERM PROFIT AND GROWTH
TRANSITIONING YOUR BUSINESS MODEL INTO MANAGED SERVICES FOR LONG-TERM PROFIT AND GROWTH AS DEMAND FOR EXTERNAL TECHNOLOGY SERVICES INCREASES, MANAGED SERVICES PRESENT AN ATTRACTIVE OPPORTUNITY FOR IT RESELLERS
More informationA Presentation at DGI 2014 Government Cloud Computing and Data Center Conference & Expo, Washington, DC. September 18, 2014.
A Presentation at DGI 2014 Government Cloud Computing and Data Center Conference & Expo, Washington, DC September 18, 2014 Charles Sun www.linkedin.com/in/charlessun @CharlesSun_ 1 What is SDN? Benefits
More informationExtending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper
with Cloud-Based Security Services > White Paper It s a phenomenon and a fact: employees are always on today. They connect to the network whenever they want, from wherever they happen to be, with laptops,
More informationHuawei Agile Network FAQ... 2. 1 What is an agile network? What is the relationship between an agile network and SDN?... 2
Contents Huawei Agile Network FAQ... 2 1 What is an agile network? What is the relationship between an agile network and SDN?... 2 2 What is an agile campus?... 3 3 What are the benefits of an agile network?...
More informationHow to Evaluate DDoS Mitigation Providers:
Akamai White Paper How to Evaluate DDoS Mitigation Providers: Four Critical Criteria How to Evaluate DDoS Mitigation Providers 2 TABLE OF CONTENTS INTRODUCTION 3 CRITERIA #1: THREAT INTELLIGENCE 3 CRITERIA
More informationCisco Cloud Web Security Key Functionality [NOTE: Place caption above figure.]
Cisco Cloud Web Security Cisco IT Methods Introduction Malicious scripts, or malware, are executable code added to webpages that execute when the user visits the site. Many of these seemingly harmless
More informationSavvy Cloud Providers Adopt DRaaS as Cloud-Based Disaster Recovery Soars
December 2014 Savvy Cloud Providers Adopt DRaaS as Cloud-Based Disaster Recovery Soars Frost & Sullivan Analysis by Karyn Price Cloud Computing (CC) Volume 4, Number 6 Savvy Cloud Providers Adopt DRaaS
More informationAcquia Cloud Edge Protect Powered by CloudFlare
Acquia Cloud Edge Protect Powered by CloudFlare Denial-of-service (DoS) Attacks Are on the Rise and Have Evolved into Complex and Overwhelming Security Challenges TECHNICAL GUIDE TABLE OF CONTENTS Introduction....
More informationEnabling Cloud Architecture for Globally Distributed Applications
The increasingly on demand nature of enterprise and consumer services is driving more companies to execute business processes in real-time and give users information in a more realtime, self-service manner.
More informationAn Introduction to SIP
SIP trunking, simply put, is a way for you to accomplish something that you already do, for less money, with equal or better quality, and with greater functionality. A Guide to SIP V4 An Introduction to
More informationGame changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE
Game changing Technology für Ihre Kunden Thomas Bürgis System Engineering Manager CEE Threats have evolved traditional firewalls & IPS have not Protection centered around ports & protocols Expensive to
More informationSecurity Today Demands New Approaches Built on Machine Learning and Big Data
February 2015 Security Today Demands New Approaches Built on Machine Learning and Big Data Stratecast Analysis by Jeff Cotrupe Big Data & Analytics (BDA) Volume 3, Number 1 Security Today Demands New Approaches
More informationNetwork Management, Performance Characteristics, and Commercial Terms Policy. (1) mispot's Terms of Service (TOS), viewable at mispot.net.
Network Management, Performance Characteristics, and Commercial Terms Policy Consistent with FCC regulations 1, Agri-Valley Broadband, Inc., d/b/a mispot (mispot) provides this information about our broadband
More informationOn-Premises DDoS Mitigation for the Enterprise
On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has
More informationHOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT
HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT The frequency and sophistication of Distributed Denial of Service attacks (DDoS) on the Internet are rapidly increasing. Most of the earliest
More informationE-Guide. Sponsored By:
E-Guide Network Management Fundamentals Network management is a complex topic. In today's diverse networking infrastructure, the network has to handle more instances of unified communications, video, and
More informationNational Managed Broadband Service for Government
National Managed Broadband Service for Government The Power of the Converged Broadband Architecture For today s government agencies with distributed field offices, integrating voice, video, and data connectivity
More information