Securing the Intelligent Network

Size: px
Start display at page:

Download "Securing the Intelligent Network"

Transcription

1 WHITE PAPER Securing the Intelligent Network Securing the Intelligent Network New Threats Demand New Strategies The network is the door to your organization for both legitimate users and would-be attackers. For years, IT professionals have built barriers to prevent any unauthorized entry that could compromise the organization s network. Figure 1 shows a typical security implementation designed to protect and connect multiple parts of a corporate network. What constitutes network security is constantly evolving, due to traffic growth, usage trends and the ever changing threat landscape. For example, the widespread adoption of cloud computing, social networking and bring-your-own-device (BYOD) programs are introducing new challenges and threats to an already complex network. Despite this tumultuous environment, IT departments are tasked with architecting a network capable of securing against known threats, quickly deploying new services and scaling with changes in demand. WAN Optimization IDS / IPS Firewall VPN WAN Optimization IDS / IPS Firewall VPN BRANCH OFFICES WAN Content Security CORPORATE NETWORK HOME OFFICE ADC Firewall DATA CENTER Figure 1. Security in the network

2 According to published McAfee* reports, the overall number of malware signatures topped a staggering 100 million in the fall of Figure 2 visually depicts the number of new malware signatures identified by McAfee from 2010 through This report also highlights three additional trends currently transforming security. The type and sophistication level of modern malware is becoming increasingly diverse. The objectives of modern malware attacks are also changing, with goals ranging from industrial espionage, to ransom demands, to damaging infrastructure. Finally, the growth and accessibility of social networks facilitates easier exchange of this malware by would-be-attackers. 10,000,000 9,000,000 8,000,000 7,000,000 6,000,000 5,000,000 4,000,000 3,000,000 2,000,000 1,000,000 0 Q1 10 Q2 10 Q3 10 Q4 10 Q1 11 Q2 11 Q3 11 Q4 11 Q1 12 Q2 12 Q3 12 Figure 2. New malware reported by McAfee The combination of malware trends with the aforementioned IT challenges has triggered significant changes in the way network infrastructures are architected and secured. Networks have expanded in such a way that a hard network perimeter no longer exists. Unable to rely on a defense-only strategy, IT departments must architect their network security infrastructure under the assumption that an attack will penetrate the network. The resulting proactive security solution will facilitate near real-time intrusion detection. Enabling Line-Rate Inspection The first step in preventing an attack is to inspect incoming traffic before it enters the corporate network. This is accomplished by looking beyond the packet header into the contents of the packet. Once the layer 7 application data is reached, it can be matched against a defined pattern set, inspected for malicious signatures or used to extract pertinent metadata. This process is known as deep packet inspection, or DPI. In many cases, outbound traffic must also be analyzed to enable the detection of internal-based attacks as well as securing sensitive data and intellectual property. Therefore, it may be necessary to deploy DPI capabilities at both internal and external entry points to the network. Implementing DPI-enabled protection can be challenging due to the extensive computational resources it requires. If the packets within a flow are not inspected quickly, application latency may increase resulting in significant network delays. DPI can be processed through the use of software running on existing platforms, or by offloading packets onto DPI-specific hardware. Intel believes software-based DPI to be the optimal choice for several reasons. Intel executes to a proven roadmap, and the tick-tock development strategy ensures delivery of processors with consistent performance increases at a predictable cadence. Coupled with recent advances in IA packet processing performance, an optimized softwarebased approach provides a cost-effective and scalable DPI solution that has the flexibility to evolve with any change in security requirements. High Speed Content Inspection Software from Wind River* Wind River now offers a comprehensive, optimized software platform that addresses the needs of network security infrastructures, with an increased focus on DPI workloads. Wind River Intelligent Network Platform (INP) contains a Content Inspection Engine and Flow Analysis Engine, optimized specifically for Intel architecture 2

3 Platforms. Wind River* Content Inspection Engine provides a software pattern-matching solution scaling from 1Gbps to 160Gbps, depending on the number of processor cores used. Complementing this technology, Wind River* Flow Analysis Engine provides a decoding engine, protocol libraries and advanced metadata extraction to deliver realtime visibility of network traffic. Through the combination of exceptional packet processing, optimized DPI and enhanced metadata extraction, Wind River INP paired with Intel architecture platforms enables an optimized security solution that can perform content-aware flow classification and intrusion detection at line-rate speeds. 40G Packet Processing and Beyond The last five years have seen staggering growth in network traffic. Looking forward, Intel expects that increased adoption of network attached mobile devices will further accelerate this growth. Increased traffic puts tremendous stress on the underlying network infrastructure. Figure3 shows how Intel micro-architecture performance has outpaced business, mobile, internet and total traffic growth in the past four years. While today s networks may consist of multiple architectures within a single infrastructure, it is becoming increasingly apparent that mixed architecture infrastructures are prohibitively expensive to optimize and maintain due to the expertise required for the various platform, operating system and unique vendor technologies. Intel s 4:1 workload consolidation strategy enables the move from multiple hardware architectures onto a single architecture platform, like the Intel Communications Infrastructure Platform. The Intel Data Plane Development Kit (Intel DPDK) has been a key ingredient to unlocking the packet processing performance required to make workload consolidation on IA a reality. Intel DPDK provides a comprehensive set of 14.0X 13.0X 12.0X 11.0X 10.0X 9.0X 8.0X 7.0X 6.0X 5.0X 4.0X 3.0X 2.0X 1.0X 0.0X Internet Traffic / Month Business Traffic / Month Mobile Traffic / Month Total Traffic / Month Intel Architecture (L3 Fwd) Figure 3. Intel architecture performance tracked against traffic growth 3

4 software libraries and example code that optimize packet processing on Intel architecture. The Intel DPDK libraries provide direct, optimized access to data plane functionality, by-passing costly context switches, and significantly improving performance. In fact, the performance enabled by these libraries has transformed the perception of what workloads general purpose processors are capable of processing. Where they were once relegated to only application and control workloads, Intel processors now have the ability to process packets at line rate performance. Driving Security to the Hardware Level To further optimize performance and increase security, Intel platforms also include several complementary security technologies built into multiple platform components, including the processor, chipset, and network interface controllers (NICs). These technologies provide low-level building blocks upon which a secure and high performing network infrastructure can be sustained. These technologies include Intel Virtualization Technology, Intel Trusted Execution Technology and Intel QuickAssist Technology. Virtual Appliances With a focus on energy conservation and cost control, enterprises continue to virtualize an increasing number of servers as well as their data center infrastructure. This trend has a ripple effect on security appliances. An appliance that previously secured multiple physical servers must now secure one server running increasing numbers of virtual machines (VMs). Simply put, physical appliances were not designed with the ability to inspect traffic streaming through a hypervisor running multiple virtualized servers. Additionally, whereas server workloads can handle a certain amount of latency, security appliances can never be a bottle-neck in the network infrastructure. A key premise for virtualized environments is that each virtual machine behaves as though it were a physical machine, with control over its physical and logical resources. Each VM acts as though it is protected from other VMs. In reality multiple VMs reside on one physical appliance, accessing shared resources with only a layer of software protecting the content of one VM from another. Intel Virtualization Technology (Intel VT) increases the security of virtual appliances through hardware hooks that enable the separation of VMs/workloads on shared platforms. This moves the security burden off the software layer and into the hardware. Intel VT also has the ability to provide applications direct access to hardware resources, without incurring the latency penalties associated with moving through a hypervisor layer. By separating VM access in hardware, Intel VT allows the hypervisor to be bypassed without increasing the risk of rogue software manipulating any VMs. The ability to by-pass the hypervisor, in certain cases, provides increased throughput without sacrificing the value-added hypervisor features. Making Secure Clouds a Reality Analysts project that IT spending will increase slightly in This increase in investment is largely attributed to cloud computing. Over half of IT organizations plan to increase their spending on cloud computing to improve flexible and efficient use of their IT resources. 2 Intel Trusted Execution Technology (Intel TXT) is specifically designed to harden platforms against hypervisor, firmware, BIOS, and system level attacks in virtual and cloud environments. It does so by providing a mechanism that enforces integrity checks on these pieces of software at launch time. This ensures the software has not been altered from its known state. Intel TXT also provides the platform level trust information that higher level security applications require to enforce role-based security policies. Intel TXT enforces control through measurement, memory locking and sealing secrets, 4

5 resulting in an isolated launch time environment. It works cooperatively with Intel Virtualization Technology (Intel VT). VM1 VM2 To further optimize performance and increase security, Intel platforms also integrate several complementary security technologies like Intel Virtualization Technology and Intel Trusted Execution Technology. These technologies are designed to harden platforms against hypervisor, firmware, BIOS, and system level attacks in virtual and cloud environments. These technologies will continue to evolve, ensuring Intel platforms continue to provide unique value that enhances the user experience. Additional Resources Intel TXT Hypervisor Layer Intel VT Figure 4. Intel TXT with Intel VT enables secure virtualization Meeting the Security Needs of the Intelligent Network In today s networks, security threats are constantly evolving, often resulting in loss of data, time and money. While new technologies and applications can provide significant business benefits, they also increase the ways in which malicious code can enter the network. IT departments are tasked with outpacing these threats by architecting a secure network capable of quickly deploying new services that can easily scale with changes in demand. A new generation of security appliances is emerging. These devices perform cryptography, inspect packet content, extract metadata, and analyze traffic flows. These appliances are transitioning away from purpose built architectures onto general purpose processors. Today s security appliances are built on Intel architecture. Wind River INP Intel Data Plane Development Kit Intel Virtualization Technology Intel Trusted Execution Technology Intel Platform for Communications Infrastructure For more information on Enterprise security solutions please visit 5

6 1 McAfee Threats Report: Third Quarter ComputerWeekly.com: IT Budget Benchmark. Performance tests and ratings are measured using specific computer systems and/or components and reflect the approximate performance of Intel products as measured by those tests. Any difference in system hardware or software design or configuration may affect actual performance. Buyers should consult other sources of information to evaluate the performance of systems or components they are considering purchasing. For more information on performance tests and on the performance of Intel products, visit Intel Performance Benchmark Limitations: benchmark_limitations.htm. Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order. * Other names and brands may be claimed as the property of others. Copyright 2013, Intel Corporation. All rights reserved. Printed in USA MS/VC/0213 Order No US 6

Intel Network Builders: Lanner and Intel Building the Best Network Security Platforms

Intel Network Builders: Lanner and Intel Building the Best Network Security Platforms Solution Brief Intel Xeon Processors Lanner Intel Network Builders: Lanner and Intel Building the Best Network Security Platforms Internet usage continues to rapidly expand and evolve, and with it network

More information

McAfee Next Generation Firewall Optimize your defense, resilience, and efficiency.

McAfee Next Generation Firewall Optimize your defense, resilience, and efficiency. Optimize your defense, resilience, and efficiency. Table of Contents Need Stronger Network Defense? Network Concerns Security Concerns Cost of Ownership Manageability Application and User Awareness High

More information

Virtualized Security: The Next Generation of Consolidation

Virtualized Security: The Next Generation of Consolidation Virtualization. Consolidation. Simplification. Choice. WHITE PAPER Virtualized Security: The Next Generation of Consolidation Virtualized Security: The Next Generation of Consolidation As we approach the

More information

新 一 代 軟 體 定 義 的 網 路 架 構 Software Defined Networking (SDN) and Network Function Virtualization (NFV)

新 一 代 軟 體 定 義 的 網 路 架 構 Software Defined Networking (SDN) and Network Function Virtualization (NFV) 新 一 代 軟 體 定 義 的 網 路 架 構 Software Defined Networking (SDN) and Network Function Virtualization (NFV) 李 國 輝 客 戶 方 案 事 業 群 亞 太 區 解 決 方 案 架 構 師 美 商 英 特 爾 亞 太 科 技 有 限 公 司 Email: kuo-hui.li@intel.com 1 Legal

More information

What are your firm s plans to adopt x86 server virtualization? Not interested

What are your firm s plans to adopt x86 server virtualization? Not interested The benefits of server virtualization are widely accepted and the majority of organizations have deployed virtualization technologies. Organizations are virtualizing mission-critical workloads but must

More information

The Role of Virtual Routers In Carrier Networks

The Role of Virtual Routers In Carrier Networks The Role of Virtual Routers In Carrier Networks Sterling d Perrin Senior Analyst, Heavy Reading Agenda Definitions of SDN and NFV Benefits of SDN and NFV Challenges and Inhibitors Some Use Cases Some Industry

More information

Next-Generation Firewalls: Critical to SMB Network Security

Next-Generation Firewalls: Critical to SMB Network Security Next-Generation Firewalls: Critical to SMB Network Security Next-Generation Firewalls provide dramatic improvements in protection versus traditional firewalls, particularly in dealing with today s more

More information

PRODUCTS & TECHNOLOGY

PRODUCTS & TECHNOLOGY PRODUCTS & TECHNOLOGY DATA CENTER CLASS WAN OPTIMIZATION Today s major IT initiatives all have one thing in common: they require a well performing Wide Area Network (WAN). However, many enterprise WANs

More information

Securing Virtual Applications and Servers

Securing Virtual Applications and Servers White Paper Securing Virtual Applications and Servers Overview Security concerns are the most often cited obstacle to application virtualization and adoption of cloud-computing models. Merely replicating

More information

Saisei and Intel Maximizing WAN Bandwidth

Saisei and Intel Maximizing WAN Bandwidth Intel Network Builders Saisei Solution Brief Intel Xeon Processors Saisei and Intel Maximizing WAN Bandwidth Introduction Despite the increased capacity available on WAN links1, service providers and enterprises

More information

Database Security in Virtualization and Cloud Computing Environments

Database Security in Virtualization and Cloud Computing Environments White Paper Database Security in Virtualization and Cloud Computing Environments Three key technology challenges in protecting sensitive data Table of Contents Securing Information in Virtualization and

More information

Control your corner of the cloud.

Control your corner of the cloud. Chapter 1 of 5 Control your corner of the cloud. From the halls of government to the high-rise towers of the corporate world, forward-looking organizations are recognizing the potential of cloud computing

More information

Different NFV/SDN Solutions for Telecoms and Enterprise Cloud

Different NFV/SDN Solutions for Telecoms and Enterprise Cloud Solution Brief Artesyn Embedded Technologies* Telecom Solutions Intel Xeon Processors Different NFV/SDN Solutions for Telecoms and Enterprise Cloud Networking solutions from Artesyn Embedded Technologies*

More information

Meeting the Challenges of Virtualization Security

Meeting the Challenges of Virtualization Security Meeting the Challenges of Virtualization Security Coordinate Security. Server Defense for Virtual Machines A Trend Micro White Paper August 2009 I. INTRODUCTION Virtualization enables your organization

More information

Overcoming Security Challenges to Virtualize Internet-facing Applications

Overcoming Security Challenges to Virtualize Internet-facing Applications Intel IT IT Best Practices Cloud Security and Secure ization November 2011 Overcoming Security Challenges to ize Internet-facing Applications Executive Overview To enable virtualization of Internet-facing

More information

Upsurge in Encrypted Traffic Drives Demand for Cost-Efficient SSL Application Delivery

Upsurge in Encrypted Traffic Drives Demand for Cost-Efficient SSL Application Delivery WHITE PAPER Cost-Efficient SSL Application Delivery Upsurge in Encrypted Traffic Drives Demand for Cost-Efficient SSL Application Delivery Always On SSL Since 1994, enterprises looking to protect the security

More information

Developing High-Performance, Flexible SDN & NFV Solutions with Intel Open Network Platform Server Reference Architecture

Developing High-Performance, Flexible SDN & NFV Solutions with Intel Open Network Platform Server Reference Architecture White Paper Developing Solutions with Intel ONP Server Reference Architecture Developing High-Performance, Flexible SDN & NFV Solutions with Intel Open Network Platform Server Reference Architecture Developing

More information

Testing Challenges for Modern Networks Built Using SDN and OpenFlow

Testing Challenges for Modern Networks Built Using SDN and OpenFlow Using SDN and OpenFlow July 2013 Rev. A 07/13 SPIRENT 1325 Borregas Avenue Sunnyvale, CA 94089 USA Email: Web: sales@spirent.com www.spirent.com AMERICAS 1-800-SPIRENT +1-818-676-2683 sales@spirent.com

More information

SDN and NFV in the WAN

SDN and NFV in the WAN WHITE PAPER Hybrid Networking SDN and NFV in the WAN HOW THESE POWERFUL TECHNOLOGIES ARE DRIVING ENTERPRISE INNOVATION rev. 110615 Table of Contents Introduction 3 Software Defined Networking 3 Network

More information

Deploying Firewalls Throughout Your Organization

Deploying Firewalls Throughout Your Organization Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense

More information

REV: 0.1.1 (July 2011) McAfee Security: Intrusion Prevention System

REV: 0.1.1 (July 2011) McAfee Security: Intrusion Prevention System McAfee Security: Intrusion Prevention System REV: 0.1.1 (July 2011) 1 Contents 1. McAfee Network Security Platform...3 2. McAfee Host Intrusion Prevention for Server...4 2.1 Network IPS...4 2.2 Workload

More information

Getting More Performance and Efficiency in the Application Delivery Network

Getting More Performance and Efficiency in the Application Delivery Network SOLUTION BRIEF Intel Xeon Processor E5-2600 v2 Product Family Intel Solid-State Drives (Intel SSD) F5* Networks Delivery Controllers (ADCs) Networking and Communications Getting More Performance and Efficiency

More information

On-Premises DDoS Mitigation for the Enterprise

On-Premises DDoS Mitigation for the Enterprise On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has

More information

Leveraging SDN and NFV in the WAN

Leveraging SDN and NFV in the WAN Leveraging SDN and NFV in the WAN Introduction Software Defined Networking (SDN) and Network Functions Virtualization (NFV) are two of the key components of the overall movement towards software defined

More information

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture

More information

SOFTWARE DEFINED NETWORKING

SOFTWARE DEFINED NETWORKING SOFTWARE DEFINED NETWORKING Bringing Networks to the Cloud Brendan Hayes DIRECTOR, SDN MARKETING AGENDA Market trends and Juniper s SDN strategy Network virtualization evolution Juniper s SDN technology

More information

Intelligent. Data Sheet

Intelligent. Data Sheet Cisco IPS Software Product Overview Cisco IPS Software is the industry s leading network-based intrusion prevention software. It provides intelligent, precise, and flexible protection for your business

More information

Vyatta Network OS for Network Virtualization

Vyatta Network OS for Network Virtualization Complete Security and Compliance for Virtual Environments Vyatta takes the concept of virtualization beyond just applications and operating systems and allows enterprise IT to also virtualize network components

More information

Trend Micro Cloud Protection

Trend Micro Cloud Protection A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to

More information

A Superior Hardware Platform for Server Virtualization

A Superior Hardware Platform for Server Virtualization A Superior Hardware Platform for Server Virtualization Improving Data Center Flexibility, Performance and TCO with Technology Brief Server Virtualization Server virtualization is helping IT organizations

More information

White Paper. Innovate Telecom Services with NFV and SDN

White Paper. Innovate Telecom Services with NFV and SDN White Paper Innovate Telecom Services with NFV and SDN 2 NEXCOM White Paper As telecommunications companies seek to expand beyond telecommunications services to data services, they find their purposebuilt

More information

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..

More information

Best Practices for Managing Virtualized Environments

Best Practices for Managing Virtualized Environments WHITE PAPER Introduction... 2 Reduce Tool and Process Sprawl... 2 Control Virtual Server Sprawl... 3 Effectively Manage Network Stress... 4 Reliably Deliver Application Services... 5 Comprehensively Manage

More information

BlackRidge Technology Transport Access Control: Overview

BlackRidge Technology Transport Access Control: Overview 2011 BlackRidge Technology Transport Access Control: Overview 1 Introduction Enterprises and government agencies are under repeated cyber attack. Attacks range in scope from distributed denial of service

More information

The first agentless Security, Virtual Firewall, Anti- Malware and Compliance Solution built for Windows Server 2012 Hyper-V

The first agentless Security, Virtual Firewall, Anti- Malware and Compliance Solution built for Windows Server 2012 Hyper-V The first agentless Security, Virtual Firewall, Anti- Malware and Compliance Solution built for Windows Server 2012 Hyper-V #1 Hyper-V Security The first agentless Security, Virtual Firewall, Anti-Malware

More information

2012 North American Enterprise Firewalls Market Penetration Leadership Award

2012 North American Enterprise Firewalls Market Penetration Leadership Award 2012 2012 North American Enterprise Firewalls Market Penetration Leadership Award 2012 Frost & Sullivan 1 We Accelerate Growth Market Penetration Leadership Award Enterprise Firewalls North America, 2012

More information

White. Paper. The Rise of Network Functions Virtualization. Implications for I/O Strategies in Service Provider Environments.

White. Paper. The Rise of Network Functions Virtualization. Implications for I/O Strategies in Service Provider Environments. White Paper The Rise of Network Functions Virtualization Implications for I/O Strategies in Service Provider Environments By Bob Laliberte, Senior Analyst August 2014 This ESG White Paper was commissioned

More information

Endpoint Security: Become Aware of Virtual Desktop Infrastructures!

Endpoint Security: Become Aware of Virtual Desktop Infrastructures! Endpoint Security: Become Aware of Virtual Desktop Infrastructures! An Ogren Group Special Report May 2011 Executive Summary Virtual desktops infrastructures, VDI, present IT with the unique opportunity

More information

5 Best Practices to Protect Your Virtual Environment

5 Best Practices to Protect Your Virtual Environment CONTENTS OF THIS WHITE PAPER Security Virtualization s Big Hurdle..1 Why Old-STyle Protections Fall short..2 Best Practices...3 Create A VM Service Good List... 3 Monitor and Protect the Hypervisor...

More information

Intel Cyber-Security Briefing: Trends, Solutions, and Opportunities

Intel Cyber-Security Briefing: Trends, Solutions, and Opportunities Intel Cyber-Security Briefing: Trends, Solutions, and Opportunities John Skinner, Director, Secure Enterprise and Cloud, Intel Americas, Inc. May 2012 Agenda Intel + McAfee: What it means Computing trends

More information

Advantages of Managed Security Services

Advantages of Managed Security Services Advantages of Managed Security Services Cloud services via MPLS networks for high security at low cost Get Started Now: 877.611.6342 to learn more. www.megapath.com Executive Summary Protecting Your Network

More information

Strategies for Protecting Virtual Servers and Desktops

Strategies for Protecting Virtual Servers and Desktops Strategies for Protecting Virtual Servers and Desktops by Jonathan Tait, Product Marketing Manager Virtualization Today Over the past few years, virtualization technology has transformed the data center.

More information

Intel Ethernet Switch Load Balancing System Design Using Advanced Features in Intel Ethernet Switch Family

Intel Ethernet Switch Load Balancing System Design Using Advanced Features in Intel Ethernet Switch Family Intel Ethernet Switch Load Balancing System Design Using Advanced Features in Intel Ethernet Switch Family White Paper June, 2008 Legal INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL

More information

Database Security, Virtualization and Cloud Computing

Database Security, Virtualization and Cloud Computing Whitepaper Database Security, Virtualization and Cloud Computing The three key technology challenges in protecting sensitive data in modern IT architectures Including: Limitations of existing database

More information

Cloud and Data Center Security

Cloud and Data Center Security solution brief Trend Micro Cloud and Data Center Security Secure virtual, cloud, physical, and hybrid environments easily and effectively introduction As you take advantage of the operational and economic

More information

VNF & Performance: A practical approach

VNF & Performance: A practical approach VNF & Performance: A practical approach Luc Provoost Engineering Manager, Network Product Group Intel Corporation SDN and NFV are Forces of Change One Application Per System Many Applications Per Virtual

More information

Virtualization, SDN and NFV

Virtualization, SDN and NFV Virtualization, SDN and NFV HOW DO THEY FIT TOGETHER? Traditional networks lack the flexibility to keep pace with dynamic computing and storage needs of today s data centers. In order to implement changes,

More information

Accelerated Deep Packet Inspection

Accelerated Deep Packet Inspection Accelerated Deep Packet Inspection for Network Security Applications Delivering High-Performance DPI on Intel Xeon Processor with Wind River Content Inspection Engine INNOVATORS START HERE. EXECUTIVE Summary

More information

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE Game changing Technology für Ihre Kunden Thomas Bürgis System Engineering Manager CEE Threats have evolved traditional firewalls & IPS have not Protection centered around ports & protocols Expensive to

More information

Requirements When Considering a Next- Generation Firewall

Requirements When Considering a Next- Generation Firewall White Paper Requirements When Considering a Next- Generation Firewall What You Will Learn The checklist provided in this document details six must-have capabilities to look for when evaluating a nextgeneration

More information

Network Access Control in Virtual Environments. Technical Note

Network Access Control in Virtual Environments. Technical Note Contents Security Considerations in.... 3 Addressing Virtualization Security Challenges using NAC and Endpoint Compliance... 3 Visibility and Profiling of VMs.... 4 Identification of Rogue or Unapproved

More information

The Evolution of the Enterprise And Enterprise Security

The Evolution of the Enterprise And Enterprise Security The Evolution of the Enterprise And Enterprise Security Introduction Today's enterprise is evolving rapidly, with new technologies such as consumer-grade mobile devices, internet-based applications and

More information

The Virtual Ascent of Software Network Intelligence

The Virtual Ascent of Software Network Intelligence White Paper The Virtual Ascent of Software Network Intelligence Prepared by Jim Hodges Senior Analyst, Heavy Reading www.heavyreading.com on behalf of www.windriver.com July 2013 Introduction Although

More information

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

More information

Alteon Switched Firewall

Alteon Switched Firewall Alteon Switched SECURED BY Firewall Buyer s Guide A quick-reference aid to selecting the Alteon firewall that best meets a customer s needs When it comes to ensuring the safety of your network, one size

More information

Intel DPDK Boosts Server Appliance Performance White Paper

Intel DPDK Boosts Server Appliance Performance White Paper Intel DPDK Boosts Server Appliance Performance Intel DPDK Boosts Server Appliance Performance Introduction As network speeds increase to 40G and above, both in the enterprise and data center, the bottlenecks

More information

Unlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre

Unlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre Unlock the full potential of data centre virtualisation with micro-segmentation Making software-defined security (SDS) work for your data centre Contents 1 Making software-defined security (SDS) work for

More information

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking

More information

Top 10 Reasons Enterprises are Moving Security to the Cloud

Top 10 Reasons Enterprises are Moving Security to the Cloud ZSCALER EBOOK Top 10 Reasons Enterprises are Moving Security to the Cloud A better approach to security Albert Einstein defined insanity as doing the same thing over and over again and expecting different

More information

Cisco Application Networking for IBM WebSphere

Cisco Application Networking for IBM WebSphere Cisco Application Networking for IBM WebSphere Faster Downloads and Site Navigation, Less Bandwidth and Server Processing, and Greater Availability for Global Deployments What You Will Learn To address

More information

Intel Cloud Builder Guide to Cloud Design and Deployment on Intel Platforms

Intel Cloud Builder Guide to Cloud Design and Deployment on Intel Platforms Intel Cloud Builder Guide to Cloud Design and Deployment on Intel Platforms Ubuntu* Enterprise Cloud Executive Summary Intel Cloud Builder Guide Intel Xeon Processor Ubuntu* Enteprise Cloud Canonical*

More information

Secure Cloud-Ready Data Centers Juniper Networks

Secure Cloud-Ready Data Centers Juniper Networks Secure Cloud-Ready Data Centers Juniper Networks JUNIPER SECURITY LEADERSHIP A $1B BUSINESS Market Leadership Data Center with High- End Firewall #1 at 42% Secure Mobility with SSL VPN #1 at 25% Security

More information

Trend Micro. Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION

Trend Micro. Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION SOLUTION BRIEF Trend Micro CLOUD AND DATA CENTER SECURITY Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION As you take advantage of the operational and economic

More information

Secure Virtualization in the Federal Government

Secure Virtualization in the Federal Government White Paper Secure Virtualization in the Federal Government Achieve efficiency while managing risk Table of Contents Ready, Fire, Aim? 3 McAfee Solutions for Virtualization 4 Securing virtual servers in

More information

Achieve Deeper Network Security and Application Control

Achieve Deeper Network Security and Application Control Achieve Deeper Network Security and Application Control Dell Next-Generation Firewalls Abstract Next-generation firewalls (NGFWs) have emerged to revolutionize network security as we once knew it. Yet

More information

Achieve Deeper Network Security

Achieve Deeper Network Security Achieve Deeper Network Security Dell Next-Generation Firewalls Abstract Next-generation firewalls (NGFWs) have taken the world by storm, revolutionizing network security as we once knew it. Yet in order

More information

Windows Embedded Security and Surveillance Solutions

Windows Embedded Security and Surveillance Solutions Windows Embedded Security and Surveillance Solutions Windows Embedded 2010 Page 1 Copyright The information contained in this document represents the current view of Microsoft Corporation on the issues

More information

Using Palo Alto Networks to Protect the Datacenter

Using Palo Alto Networks to Protect the Datacenter Using Palo Alto Networks to Protect the Datacenter July 2009 Palo Alto Networks 232 East Java Dr. Sunnyvale, CA 94089 Sales 866.207.0077 www.paloaltonetworks.com Table of Contents Introduction... 3 Granular

More information

Use Case Brief CLOUD MANAGEMENT SOFTWARE AUTOMATION

Use Case Brief CLOUD MANAGEMENT SOFTWARE AUTOMATION Use Case Brief CLOUD MANAGEMENT SOFTWARE AUTOMATION Cloud Management Software can coordinate and automate server, network, and storage operations within the modern datacenter. This brief describes how

More information

Securing Virtual Environments

Securing Virtual Environments Securing Virtual Environments Richard Stiennon Chief Research Analyst IT-Harvest 2011 IT-Harvest 1 INTRODUCTION Virtualization is sweeping through computer architectures. The benefits of running multiple

More information

10 easy steps to secure your retail network

10 easy steps to secure your retail network 10 easy steps to secure your retail network Simple step-by-step IT solutions for small business in retail to leverage advanced protection technology in ways that are affordable, fast and easy October 2015

More information

Network Function Virtualization Using Data Plane Developer s Kit

Network Function Virtualization Using Data Plane Developer s Kit Network Function Virtualization Using Enabling 25GbE to 100GbE Virtual Network Functions with QLogic FastLinQ Intelligent Ethernet Adapters DPDK addresses key scalability issues of NFV workloads QLogic

More information

Solution Recipe: Improve PC Security and Reliability with Intel Virtualization Technology

Solution Recipe: Improve PC Security and Reliability with Intel Virtualization Technology Solution Recipe: Improve PC Security and Reliability with Intel Virtualization Technology 30406_VT_Brochure.indd 1 6/20/06 4:01:14 PM Preface Intel has developed a series of unique Solution Recipes designed

More information

A Look at the New Converged Data Center

A Look at the New Converged Data Center Organizations around the world are choosing to move from traditional physical data centers to virtual infrastructure, affecting every layer in the data center stack. This change will not only yield a scalable

More information

Technology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection

Technology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection Technology Blueprint Secure Your Virtual Desktop Infrastructure Optimize your virtual desktop infrastructure for performance and protection LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL

More information

Delivering 160Gbps DPI Performance on the Intel Xeon Processor E5-2600 Series using HyperScan

Delivering 160Gbps DPI Performance on the Intel Xeon Processor E5-2600 Series using HyperScan SOLUTION WHITE PAPER Intel processors Pattern Matching Library Software Delivering 160Gbps DPI Performance on the Intel Xeon Processor E5-2600 Series using HyperScan HyperScan s runtime is engineered for

More information

Intel Service Assurance Administrator. Product Overview

Intel Service Assurance Administrator. Product Overview Intel Service Assurance Administrator Product Overview Running Enterprise Workloads in the Cloud Enterprise IT wants to Start a private cloud initiative to service internal enterprise customers Find an

More information

Symantec Enterprise Firewalls. From the Internet Thomas Jerry Scott

Symantec Enterprise Firewalls. From the Internet Thomas Jerry Scott Symantec Enterprise Firewalls From the Internet Thomas Symantec Firewalls Symantec offers a whole line of firewalls The Symantec Enterprise Firewall, which emerged from the older RAPTOR product We are

More information

IBM Security Intrusion Prevention Solutions

IBM Security Intrusion Prevention Solutions IBM Security Intrusion Prevention Solutions Sarah Cucuz sarah.cucuz@spyders.ca IBM Software Solution Brief IBM Security intrusion prevention solutions In-depth protection for networks, servers, endpoints

More information

The Cisco ASA 5500 as a Superior Firewall Solution

The Cisco ASA 5500 as a Superior Firewall Solution The Cisco ASA 5500 as a Superior Firewall Solution The Cisco ASA 5500 Series Adaptive Security Appliance provides leading-edge firewall capabilities and expands to support other security services. Firewalls

More information

Cisco Application Networking for BEA WebLogic

Cisco Application Networking for BEA WebLogic Cisco Application Networking for BEA WebLogic Faster Downloads and Site Navigation, Less Bandwidth and Server Processing, and Greater Availability for Global Deployments What You Will Learn To address

More information

Going Beyond Deep Packet Inspection (DPI) Software on Intel Architecture

Going Beyond Deep Packet Inspection (DPI) Software on Intel Architecture White Paper Intel Platform for Communications Infrastructure Qosmos* ixengine Network Intelligence SDK Network Security Going Beyond Deep Packet Inspection (DPI) Software on Intel Architecture Advanced

More information

Lecture 02b Cloud Computing II

Lecture 02b Cloud Computing II Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,

More information

Going Beyond Deep Packet Inspection (DPI) Software on Intel Architecture

Going Beyond Deep Packet Inspection (DPI) Software on Intel Architecture White Paper Intel Next Generation Communications Platform - Codename Crystal Forest Qosmos* ixengine Network Intelligence SDK Network Security Going Beyond Deep Packet Inspection (DPI) Software on Intel

More information

Use Case Brief NETWORK SECURITY

Use Case Brief NETWORK SECURITY Use Case Brief NETWORK SECURITY As Datacenter architectures have incorporated virtualization, new application topologies, and new programming constructs such as Docker Containers, new security gaps have

More information

VMware Integrated Partner Solutions for Networking and Security

VMware Integrated Partner Solutions for Networking and Security VMware Integrated Partner Solutions for Networking and Security VMware Integrated Partner Solutions for Security and Compliance VMware vcloud Networking and Security is the leading networking and security

More information

REMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION

REMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION REMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION The modern data centre has ever-increasing demands for throughput and performance, and the security infrastructure required to protect and segment the network

More information

Content Security: Protect Your Network with Five Must-Haves

Content Security: Protect Your Network with Five Must-Haves White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as

More information

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers SOLUTION BRIEF Enterprise Data Center Interconnectivity Increase Simplicity and Improve Reliability with VPLS on the Routers Challenge As enterprises improve business continuity by enabling resource allocation

More information

Going Virtual: Intel and Red Hat Demonstrate SDN Service-Chaining Solutions

Going Virtual: Intel and Red Hat Demonstrate SDN Service-Chaining Solutions White Paper Intel Open Network Platform Software Defined Networking Division Going Virtual: Intel and Red Hat Demonstrate SDN Service-Chaining Solutions As software-defined networking (SDN) and network

More information

Chapter 1 The Principles of Auditing 1

Chapter 1 The Principles of Auditing 1 Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls

More information

Bio-inspired cyber security for your enterprise

Bio-inspired cyber security for your enterprise Bio-inspired cyber security for your enterprise Delivering global protection Perception is a network security service that protects your organisation from threats that existing security solutions can t

More information

Does your Citrix or Terminal Server environment have an Achilles heel?

Does your Citrix or Terminal Server environment have an Achilles heel? CRYPTZONE WHITE PAPER Does your Citrix or Terminal Server environment have an Achilles heel? Moving away from IP-centric to role-based access controls to secure Citrix and Terminal Server user access cryptzone.com

More information

Application-Centric WLAN. Rob Mellencamp

Application-Centric WLAN. Rob Mellencamp Application-Centric WLAN Rob Mellencamp Agenda NX Integrated Services Platform Integrated Services Architecture Application Installation Example Application Monitoring Enterprise Mobility Architecture

More information

Enabling Secure BYOD How Fortinet Provides a Secure Environment for BYOD

Enabling Secure BYOD How Fortinet Provides a Secure Environment for BYOD Enabling Secure BYOD How Fortinet Provides a Secure Environment for BYOD FORTINET Enabling Secure BYOD PAGE 2 Executive Summary Bring Your Own Device (BYOD) is another battle in the war between security

More information

NEC s Carrier-Grade Cloud Platform

NEC s Carrier-Grade Cloud Platform NEC s Carrier-Grade Cloud Platform Deploying Virtualized Network Functions in Cloud INDEX 1. Paving the way to Telecom Network Function Virtualization P.3 2. Open Carrier-grade Hypervisor P.3 Latency and

More information

SDN CENTRALIZED NETWORK COMMAND AND CONTROL

SDN CENTRALIZED NETWORK COMMAND AND CONTROL SDN CENTRALIZED NETWORK COMMAND AND CONTROL Software Defined Networking (SDN) is a hot topic in the data center and cloud community. The geniuses over at IDC predict a $2 billion market by 2016

More information