SECURING THE DATACENTER
|
|
- Anthony Brent Douglas
- 8 years ago
- Views:
Transcription
1 SECURING THE DATACENTER CAIO KLEIN SEGURINFO Copyright 2013 Juniper Networks, Inc.
2 SECURITY AT JUNIPER Customer segments Service providers, enterprise Business segments Routing, switching, security Security innovation & leadership Invest more than 20% of revenue on R&D Leader in high-end firewalls and remote access SSL VPN Pioneer in Intrusion Deception technology DDoS advanced technology First to deliver purpose-built virtual firewall SC Magazine 2013 best cloud and SSL VPN solution Tech Target s 2013 reader s choice gold awards for virtual security, IDP, and NAC 2 Copyright 2013 Juniper Networks, Inc. Access Apps Networks Mgmt Mobility Campus Data center Cloud Products
3 TRANSLATING BUSINESS DRIVERS TO SECURITY REQUIREMENTS Business drivers IT initiatives Security requirements CIO CTO CSO Employee productivity BYOD Broad device coverage Business agility New applications and cloud services Flexible deployment options Cost efficiency and optimization Technology consolidation and modernization Scalability and simplicity 3
4 TRENDS THAT AFFECT THE DATA CENTER CHANGING IT LANDSCAPE EVOLUTION OF THREATS COSTS AND RISK INCREASE Mobility Cloud & virtualization Massive traffic increase Targeted attacks Sophisticated tools Economics favor bad actors Broader attack surface Brand impact Financial impact 4
5 DDoS SECURE ADVANCED DDoS MITIGATION TECHNOLOGY FOR YOUR NETWORK AND APPLICATIONS 5 Copyright 2013 Juniper Networks, Inc.
6 TARGETED ATTACKS ON THE RISE Targeted, deliberate, and expensive Money Intellectual property Records Fact 70% of all threats are at the Web application layer* 70+% of organizations have been hacked in the past two years through insecure Web apps*** Yet 66% of breaches took months or more to discover** Business Impact Average cost incurred from a successful breach: $8.9M** Average annual cost incurred from a DDoS attack: $3.5M*** 6 Source: * Gartner ** 2012 Cost of Cyber Crime Study, Ponemon Institute, 2012 *** Ponemon Institute, 2013
7 EVOLVING DDoS ATTACK COMPLEXITY Signature-Based Scrubbers Volumetric Low-and-slow Stealth Challenge: Creating signatures for new attacks Challenge: Maintaining Known signatures of attacks Emerging Threats Challenge: manual management of IP thresholds in dynamic networks Thresholds & Netflow Analysis 7 Known Newness Unknown
8 DDoS ATTACK VECTORS Easy to detect VOLUMETRIC Attacks are getting bigger in size Frequency of attacks increasing at a moderate rate ANYTHING THAT MAKES THE RESOURCES BUSY Flash mobs organized via social media Overwhelming legitimate requests for tickets for a big event available in a very short period of time LOW AND SLOW Growing faster than volumetric 25% of attacks in 2013 (source: Gartner) More sophisticated & difficult to detect Target back-end weaknesses Small volume of requests can take out a large Web site 8
9 INTRODUCING DDoS SECURE Prevents volumetric and application-level Low and Slow DDoS attacks Comprehensive Anti-DDoS Solution Detects and mitigates multi-vector DDOS attacks, including those that target specific applications Ensures availability for legitimate users while blocking malicious traffic, even under the most extreme attack conditions Normal Traffic DDoS Attack Traffic Normal Traffic Benefits 80% effective 10 minutes after installation % effective after 6-12 hours Signature-free dynamic heuristic technology No tuning or thresholds required (install and forget) Flexible deployment options (physical and virtual) Heuristic Analysis 9
10 KEY CONCEPT: CHARM ALGORITHM CHARM: Real-time risk score for each source IP Simple example: real human traffic typically bursty and irregular; machine/bot traffic is regular Algorithms updated regularly with characteristics of new attacks 100 Initial 50 Human-like Per Packet 0 Machine-like 10
11 DDoS SECURE HOW DOES IT WORK Packet validated against pre-defined RFC filters Malformed and mis-sequenced packets dropped Individual IP addresses assigned CHARM value Value assigned based on IP behaviours Mechanistic Traffic First Time Traffic Humanistic, Trusted Traffic Low CHARM Value Medium CHARM Value High CHARM Value 11
12 DDoS SECURE HOW DOES IT WORK (CONT D) Access dependent on CHARM threshold of target resource Below threshold packets dropped Above threshold allowed uninterrupted access Minimal (if any) false positives CHARM threshold changes dynamically with resource response state Full stateful engine measures response times Dynamic and self-learning resource limitations No server Agents 12
13 DDoS SECURE PACKET FLOW SEQUENCE Dynamic Resource Control IP Behavior Table Resource CHARM Threshold 1 Validates data packet Validates against defined filters Validates packet against RFCs Validates packet sequencing TCP connection state 3 Behavior is recorded 4 Calculates CHARM Threshold Supports up to 32M profiles Profiles aged on least used basis Responsiveness of resource Packet Enters Syntax Screener OK So Far CHARM Generator With CHARM Value CHARM Screener Packet Exits Drop Packet 2 Calculates CHARM value for data packet References IP behavior table Function of time and historical behavior Better behaved = better CHARM 5 Drop Packet Allow or Drop CHARM threshold CHARM value 13
14 DDoS SECURE RESOURCE MANAGEMENT Dynamic Resource Control Example Resource 1 Resource 2 Resource 3 Resource N In The this attack example, traffic Resource to 2 s Resource response 2 reduces time starts as the to degrade attackers and switch the the CHARM attack pass to Resource threshold 3. is increased to start the process of rate limiting Once again, the bad DDoS traffic. Secure responds dynamically by At increasing this point the the pass good traffic threshold will continue for Resource to 3 pass limiting unhindered bad traffic. whilst the attackers will start to believe their attack has been successful as their request fails. 14
15 HEURISTIC MITIGATION IN ACTION Normal Internet Traffic Normal Internet Traffic DDoS Attack Traffic Resources Normal Internet Traffic DDoS Secure Heuristic Analysis Management PC DDoS Attack Traffic Normal Internet traffic flows through the DDoS Secure appliance, while the software analyzes the type, origin, flow, data rate, sequencing, style and protocol being utilized by all inbound and outbound traffic. The analysis is heuristic in nature and adjusts over time but is applied in real time with minimal (<1ms) latency. 15
16 DNS REFLECTIVE / AMPLIFICATION 16
17 DNS RESOLVER PROTECTION 1 Inline Inspection 2 Inbound Traffic Measurement JDDS 3 Measurement on App Response SRX DNS Resolvers Juniper DDoS Secure (JDDS) Sits passively inline Measures both inbound and outbound traffic flow Monitors DNS Resource Records by Domain Monitors Responses from Resolver Monitors Resolver s Recursive Activity HTTP HTTPS (SSL & TLS) DNS VoIP / SIP Native App Protection Eliminates DNS Reflection Attacks & Backscatter 17
18 THE WORLD S MOST ADVANCED HEURISTIC DDoS TECHNOLOGY 18
19 WEBAPP SECURE THE SMARTEST WAY TO PROTECT WEBSITES AND WEBAPPS FROM ATTACKS 19 Copyright 2013 Juniper Networks, Inc.
20 THE JUNOS WEBAPP SECURE ADVANTAGE DECEPTION-BASED SECURITY Detect Track Profile Respond Tar Traps detect threats without false positives. Track IPs, browsers, software and scripts. Understand attacker s capabilities and intents. Adaptive responses, including block, warn and deceive. 20
21 DETECTION BY DECEPTION Tar Traps Query String Parameters Network Perimeter Hidden Input Fields Firewall App Server Database Server Configuration 21
22 TRACK ATTACKERS BEYOND THE IP Track IP Address Track Browser Attacks Persistent Token Capacity to persist in all browsers including various privacy control features. Track Software and Script Attacks Fingerprinting HTTP communications. 22
23 JUNOS SPOTLIGHT SECURE Junos Spotlight Secure Global Attacker Intelligence Service Attacker from San Francisco Junos WebApp Secure protected site in UK Attacker fingerprint uploaded Attacker fingerprint available for all sites protected by Junos WebApp Secure Detect Anywhere, Stop Everywhere 23
24 FINGERPRINT OF AN ATTACKER Timezone Browser version Fonts Browser addons 200+ attributes used to create the fingerprint. ~ Real Time availability of fingerprints IP Address nearly zero 24
25 SMART PROFILE OF ATTACKER Attacker local name (on machine) Attacker global name (in Spotlight) Attacker threat level Incident history 25
26 RESPOND AND DECEIVE Junos WebApp Secure Responses Human Hacker Botnet Targeted Scan IP Scan Scripts &Tools Exploits Warn attacker Block user Force CAPTCHA Slow connection Simulate broken application Force log-out All responses are available for any type of threat. Highlighted responses are most appropriate for each type of threat. 26
27 VIRTUAL SECURITY & FIREFLY SUITE 27 Copyright 2013 Juniper Networks, Inc.
28 MARKET SITUATION, BY GARTNER By 2016 public cloud infrastructure will include and be managed as critical national infrastructure regulations by the U.S. of over VPN/Firewall 20% market will be deployed in a virtual element. By % of over all IT security products capabilities will be delivered in/ from the cloud. By % Cloud as a delivery model will shape buying and prioritization of security. 131B Worldwide public cloud services 28
29 CLOUD & MSSP MARKET TRENDS FROM TO Legacy Model of the Business Network Physical Networks Elements Traditional Security Perimeters Corp. Managed, Static Apps Overprovisioned Hardware Controlled & Defined User/Admin Roles Virtual Networks Elements and Overlays Blurred Boundaries, Everyone Is an Insider SaaS, User-Chosen Apps, Rogue Clouds Elastic Compute, Security and Storage Self Provisioned Security, Virtual Admins Today s Flexible, Proactive Business Network Simple Isolated Security Management Specialized, Intelligent & Coordinated Identity-based Security Management 29
30 INTRODUCING THE FIREFLY SUITE fully virtualized security solution Protecting virtual applications and workloads in public or private clouds. with Juniper Firefly host PROVIDING PROTECTION FOR THE CLOUD AND firefly perimeter & Junos space virtual director providing PROTECTION FROM THE CLOUD: OSS/BSS Customer Portal Security for virtual assets Junos Space Security and Virtual Director Monitoring and control Intelligence and automation Internet MX Universal Router SRX VM VM VM VM Firefly Perimeter Enterprise WAN MX Hybrid Cloud Hypervisor Firefly Host Virtualized Host Multi-tenant 30
31 FIREFLY PERIMETER 31 Copyright 2013 Juniper Networks, Inc.
32 FIREFLY PERIMETER Availability: JAN Official Public Launch! (VMware and Contrail) Secure Virtual version of the SRX; provides north / south firewall (5Gbps), NAT, routing, VPN connectivity features in a flexible virtual machine format VM VM VM VM Firefly Perimeter 32
33 A CLOSER LOOK AT FIREFLY PERIMETER Fully-tested Junos-based SRX code in a VM provides all Junos-related automation and connectivity options in addition to firewall Junos Routing Protocols and SDK Junos Rich & Extensible Security Stack Perimeter Security Firewall VPN NAT Network Admission Control Content Anti-Virus IPS Full IDP Feature Set Web Filtering Anti-Spam Application Application Awareness Identity Awareness CLI, JWeb, SNMP, JSpace- SD, Hypervisor Management, HA/FT 33
34 JUNOSV FIREFLY PERIMETER HA Virtualized Environment Virtualized Environment Firefly Perim Customer 1 (Active) Firefly Perim Customer 2 (Passive) VM VM Firefly Perim Customer 1 (Passive) Firefly Perim Customer 2 (Active) VM VM HYPERVISOR HYPERVISOR Firefly Perimeter will support Chassis Clustering (both Active-Active as well as Active- Passive modes). This support provides full stateful failover for any connections being processed. In addition, it will be possible for the cluster members to span hypervisors. 34
35 FIREFLY HOST 35 Copyright 2013 Juniper Networks, Inc.
36 FIREFLY HOST (FORMERLY VGW) AVAILABILITY: VMWARE NOW, CONTRAIL SCOPING FOR 2014 Security Suite integrated into Hypervisor Kernel Provides East/West Firewall (35+Gbps), AV, IDS, Compliance, Introspection, Network Monitoring The Firefly Host ENGINE FULL FW IMPLEMENTATION IN THE KERNEL STATEFUL FW PER-VM POLICY Firefly Host SECURITY VM POLICY FROM MGMT TO ENGINE LOGGING FROM ENGINE TO MGMT IDS ENGINE DEPLOYED AS HA PAIR DELIVERED AS VIRTUAL APPLIANCE VM VM1 VM2 VM3 Firefly Host Engine VMWARE DVFILTER VMWARE VSWITCH OR CISCO 1000V ESX Kernel ESX Host HYPERVISOR 36
37 Complete firewall protection for any network traffic to or from a VM SECURE Antivirus components controlled centrally (scanner config, alert viewing, infected file remediation) 37 IDS, send selectable traffic flows to internal IDS engine for deep-packet analysis against dynamic signature set
38 Network visibility, All VM traffic flows stored in database and available for analysis MONITOR AND CONTROL Pre-defined and customizable Reports Compliance module includes pre-defined rules based on virtual security best practices as well as customers rules 38
39 Introspection, agent-less ability to scan a VM s virtual disk contents to understand what s installed INTELLIGENCE AND AUTOMATION Smart Groups allow for the use of attributes to create dynamic system associations Open and ready for innovation with reach sets of API s 39
40 VIRTUAL SECURITY AND SDN 40 Copyright 2013 Juniper Networks, Inc.
41 JUNIPER VIRTUALIZED SECURITY PORTFOLIO THE FLEXIBILITY OF CHOICE VIRTUAL SECURITY & CONNECTIVITY Internet SOLUTION Complete line-up of Virtual Security Services and Connectivity Options! Pulse SA Virtual Pulse UAC Virtual Internal LAN Firefly WebApp Secure Virtual DDoS Secure Virtual Secure Analytics Virtual DMZ Web Apps Protect critical asset against internal or external attack Utilize Intrusion Deception to uniquely defend web applications and increase complexity and cost of attack for bad actors Break attack automation with fake attack paths and responses that intelligently match attacker skillset while leaving legitimate users experience unaffected Provide connectivity (SSLVPN, NAC) via virtualized form factor Filter Distributed-Denial-of-Service attacks User 41
42 SECURITY SERVICES ARE KEY ELEMENT IN SDN SOFTWARE-BASED SOLUTION, ENABLING CROSS-SELL & UPSELL OPPORTUNITIES WITH CONTRAIL INTEGRATION AND SUPPORT FOR SDN Reduced OPEX Flexible choices Elastic scaling of Security Services Firefly Perimeter DDoS Secure WebApp Secure Pulse SA Secure Analytics Other services 3rd party services Reduced CAPEX Contrail Controller + vrouter NEW FLEXIBLE AND DYNAMIC APPROACH x86 Server/x86 Blade Virtual Infrastructure (OpenStack, etc.) 42
43 VIRTUAL SECURITY WITH CONTRAIL Old School Contrail (NFV + SDN) Ordering Weeks / months Instantly HW cost High custom HW Commodity x86 Deployment Cabling click Scale Limited Elastic Retirement Depreciation Re provisioning Investment Protection Low High Resource limitation High Service Chaining 43
44 SUMMARY Intrusion prevention by Deception is the smartest tool to keep attackers away from your Web Application Smarter Heuristic is required to identify DDoS and protect your resources from unavailability Security Virtualization is mandatory on the Cloud environment The complexity of virtual environments also requires orchestration (NFV + SDN) 44 Copyright 2013 Juniper Networks, Inc.
45 Thank you 45 Copyright 2013 Juniper Networks, Inc.
THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS. Junos WebApp Secure Junos Spotlight Secure
THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS Junos WebApp Secure Junos Spotlight Secure SECURITY AT JUNIPER Customer segments Business segments Service providers, enterprise Routing,
More informationJUNOS DDoS SECURE. Advanced DDoS Mitigation Technology
JUNOS DDoS SECURE Advanced DDoS Mitigation Technology Biography Nguyen Tien Duc ntduc@juniper.net, +84 903344505 Consulting Engineer- Viet Nam CISSP # 346725 CISA # 623462 2 Copyright 2013 Juniper Networks,
More informationRETHINK SECURITY FOR UNKNOWN ATTACKS
1 Copyright 2012 Juniper Networks, Inc. www.juniper.net RETHINK SECURITY FOR UNKNOWN ATTACKS John McCreary Security Specialist, Juniper Networks AGENDA 1 2 3 Introduction 5 minutes Security Trends 5 minutes
More informationIT SECURITY SEMINAR "STALLION 141113" Security, NGFW fallacy & going Beyond IP? Juniper Networks - Jaro Pietikäinen
IT SECURITY SEMINAR "STALLION 141113" Security, NGFW fallacy & going Beyond IP? Juniper Networks - Jaro Pietikäinen JUNIPER TODAY 2012 Revenue: $4.4 Billion Global Presence: Offices In 47 Countries +9000
More informationSECURE THE DATACENTER. Dennis de Leest Sr. Systems Engineer
SECURE THE DATACENTER Dennis de Leest Sr. Systems Engineer PURE PLAY IN HIGH-PERFORMANCE NETWORKING Breadth First 10 Years of Today s Of Juniper: Portfolio 1996-2006 Core Edge Access & Data Center WAN
More informationTHE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS
THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations have been hacked in the past two
More informationEVOLVED DATA CENTER ARCHITECTURE
EVOLVED DATA CENTER ARCHITECTURE A SIMPLE, OPEN, AND SMART NETWORK FOR THE DATA CENTER DAVID NOGUER BAU HEAD OF SP SOLUTIONS MARKETING JUNIPER NETWORKS @dnoguer @JuniperNetworks 1 Copyright 2014 Juniper
More informationINTRUSION DECEPTION CZYLI BAW SIĘ W CIUCIUBABKĘ Z NAMI
INTRUSION DECEPTION CZYLI BAW SIĘ W CIUCIUBABKĘ Z NAMI Na przykładzie Junos WebApp Secure Edmund Asare INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations
More informationSOFTWARE DEFINED NETWORKING
SOFTWARE DEFINED NETWORKING Bringing Networks to the Cloud Brendan Hayes DIRECTOR, SDN MARKETING AGENDA Market trends and Juniper s SDN strategy Network virtualization evolution Juniper s SDN technology
More informationSecure Cloud-Ready Data Centers Juniper Networks
Secure Cloud-Ready Data Centers Juniper Networks JUNIPER SECURITY LEADERSHIP A $1B BUSINESS Market Leadership Data Center with High- End Firewall #1 at 42% Secure Mobility with SSL VPN #1 at 25% Security
More informationJUNIPER. One network for all demands MICHAEL FRITZ CEE PARTNER MANAGER. 1 Copyright 2010 Juniper Networks, Inc. www.juniper.net
JUNIPER One network for all demands MICHAEL FRITZ CEE PARTNER MANAGER 1 Copyright 2010 Juniper Networks, Inc. www.juniper.net 2-3-7: JUNIPER S BUSINESS STRATEGY 2 Customer Segments 3 Businesses Service
More informationThe Threat Keeps Growing, Are we Doing it Wrong: David Naudé - Commercial Manager SA
The Threat Keeps Growing, Are we Doing it Wrong: David Naudé - Commercial Manager SA A NEW SECURITY APPROACH ACTIVE DEFENSE David Naude Commercial Manager Juniper Networks 2 Copyright 2013 2013 Juniper
More informationDECODING SOFTWARE DEFINED NETWORKING (SDN) Nico Siebelink Technical Director Northern Europe
DECODING SOFTWARE DEFINED NETWORKING (SDN) Nico Siebelink Technical Director Northern Europe JUNIPER AND SDN IN THE NEWS 2 Copyright 2013 Juniper Networks, Inc. www.juniper.net WHY DO WE NEED SOFTWARE
More informationRIDE THE SDN AND CLOUD WAVE WITH CONTRAIL
RIDE THE SDN AND CLOUD WAVE WITH CONTRAIL Pascal Geenens CONSULTING ENGINEER, JUNIPER NETWORKS pgeenens@juniper.net BUSINESS AGILITY Need to create and deliver new revenue opportunities faster Services
More informationvsrx Services Gateway: Protecting the Hybrid Data Center
Services Gateway: Protecting the Hybrid Data Center Extending Juniper Networks award-winning security products to virtualized, cloud-based, and hybrid IT environments Challenge Virtualization and cloud
More informationAGENDA. 資 訊 網 路 發 展 趨 勢 Juniper Cloud Solution Cloud Security 解 決 方 案 共 同 供 應 契 約 採 購 建 議 為 何 選 擇 Juniper
EMEA SALES SUMMIT 2012 Cloud Solution AGENDA 資 訊 網 路 發 展 趨 勢 Juniper Cloud Solution Cloud Security 解 決 方 案 共 同 供 應 契 約 採 購 建 議 為 何 選 擇 Juniper 2 Copyright 2012 Juniper Networks, Inc. www.juniper.net CUSTOMERS
More informationNetwork that Know. Rasmus Andersen Lead Security Sales Specialist North & RESE
Network that Know Rasmus Andersen Lead Security Sales Specialist North & RESE Email Gateway vendor CERT AV vendor Law enforcement Web Security Vendor Network security appliance vendor IT Department App
More informationVirtualization, SDN and NFV
Virtualization, SDN and NFV HOW DO THEY FIT TOGETHER? Traditional networks lack the flexibility to keep pace with dynamic computing and storage needs of today s data centers. In order to implement changes,
More informationUnified Threat Management, Managed Security, and the Cloud Services Model
Unified Threat Management, Managed Security, and the Cloud Services Model Kurtis E. Minder CISSP Global Account Manager - Service Provider Group Fortinet, Inc. Introduction Kurtis E. Minder, Technical
More informationHOW SDN AND (NFV) WILL RADICALLY CHANGE DATA CENTRE ARCHITECTURES AND ENABLE NEXT GENERATION CLOUD SERVICES
HOW SDN AND (NFV) WILL RADICALLY CHANGE DATA CENTRE ARCHITECTURES AND ENABLE NEXT GENERATION CLOUD SERVICES Brian Levy CTO SERVICE PROVIDER SECTOR EMEA JUNIPER NETWORKS CIO DILEMA IT viewed as cost center
More informationBRINGING NETWORKS TO THE CLOUD ERA
BRINGING NETWORKS TO THE CLOUD ERA SDN enables new business models Aruna Ravichandran VICE PRESIDENT, MARKETING AND STRATEGY ARAVICHANDRAN@JUNIPER.NET SOFTWARE DEFINED NETWORKING (SDN), JUNIPER NETWORKS
More informationFortiDDos Size isn t everything
FortiDDos Size isn t everything Martijn Duijm Director Sales Engineering April - 2015 Copyright Fortinet Inc. All rights reserved. Agenda 1. DDoS In The News 2. Drawing the Demarcation Line - Does One
More informationDelivering Managed Services Using Next Generation Branch Architectures
Delivering Managed Services Using Next Generation Branch Architectures By: Lee Doyle, Principal Analyst at Doyle Research Sponsored by Versa Networks Executive Summary Network architectures for the WAN
More informationFive Steps For Securing The Data Center: Why Traditional Security May Not Work
White Paper Five Steps For Securing The Data Center: Why Traditional Security May Not Work What You Will Learn Data center administrators face a significant challenge: They need to secure the data center
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationREVOLUTIONIZING ADVANCED THREAT PROTECTION
REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1 WHY DO I STAND ON MY DESK? "...I stand upon my
More informationThe first agentless Security, Virtual Firewall, Anti- Malware and Compliance Solution built for Windows Server 2012 Hyper-V
The first agentless Security, Virtual Firewall, Anti- Malware and Compliance Solution built for Windows Server 2012 Hyper-V #1 Hyper-V Security The first agentless Security, Virtual Firewall, Anti-Malware
More informationZscaler Internet Security Frequently Asked Questions
Zscaler Internet Security Frequently Asked Questions 1 Technical FAQ PRODUCT LICENSING & PRICING How is Zscaler Internet Security Zscaler Internet Security is licensed on number of Cradlepoint devices
More informationREAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL
REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL AWF Series Web application firewalls provide industry-leading Web application attack protection, ensuring continuity
More informationHow Network Virtualization can improve your Data Center Security
How Network Virtualization can improve your Data Center Security Gilles Chekroun SDDC, NSX Team EMEA gchekroun@vmware.com 2014 VMware Inc. All rights reserved. Security IT spending Security spending is
More informationCloud Security. Securing what you can t touch. Presentation to Malaysia Government Cloud Computing Forum 2012-04-05 HUAWEI TECHNOLOGIES CO., LTD.
2012-04-05 Cloud Security Securing what you can t touch www.huawei.com www.huawei.com Presentation to Malaysia Government Cloud Computing Forum HUAWEI TECHNOLOGIES CO., LTD. Why worry about cloud security?
More informationSDN PARTNER INTEGRATION: SANDVINE
SDN PARTNER INTEGRATION: SANDVINE SDN PARTNERSHIPS SSD STRATEGY & MARKETING SERVICE PROVIDER CHALLENGES TIME TO SERVICE PRODUCT EVOLUTION OVER THE TOP THREAT NETWORK TO CLOUD B/OSS AGILITY Lengthy service
More informationIntro to NSX. Network Virtualization. 2014 VMware Inc. All rights reserved.
Intro to NSX Network Virtualization 2014 VMware Inc. All rights reserved. Agenda Introduction NSX Overview Details: Microsegmentation NSX Operations More Information SDDC/Network Virtualization Security
More information74% 96 Action Items. Compliance
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationAnalyzing HTTP/HTTPS Traffic Logs
Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that
More informationTechnical Note. ForeScout CounterACT: Virtual Firewall
ForeScout CounterACT: Contents Introduction... 3 What is the vfw?.... 3 Technically, How Does vfw Work?.... 4 How Does vfw Compare to a Real Firewall?.... 4 How Does vfw Compare to other Blocking Methods?...
More informationInfrastructure for more security and flexibility to deliver the Next-Generation Data Center
Infrastructure for more security and flexibility to deliver the Next-Generation Data Center Stefan Volmari Manager Systems Engineering Networking & Cloud Today's trends turn into major challenges Cloud
More informationThe State of Application Delivery in 2015
The State of Application Delivery in 2015 a report by F5 f5.com/soad 1 Introduction F5 surveyed customers from more than 300 organizations (of all sizes) across a broad spectrum of vertical markets such
More informationSecurity Solutions for the New Threads
Security Solutions for the New Threads We see things others can t Pablo Grande Sales Director, SOLA pgrande@arbor.net What a CISO Is Looking For Show Progress on Response Time Measurably improve our incident
More informationSOFTWARE-DEFINED NETWORKING (SDN)/NFV AND ACADEMIC RESEARCH IN CANADA
SOFTWARE-DEFINED NETWORKING (SDN)/NFV AND ACADEMIC RESEARCH IN CANADA CHRIS BACHALO CTO JUNIPER CANADA APR 28, 2015 INDUSTRY TRENDS WHITE BOX Reliable software still needed Feature / function Cost savings
More informationManage the unexpected
Manage the unexpected Navigate risks and thrive Today s business world is threatened by a multitude of online security risks. But many organizations simply do not have the resources or expertise to combat
More informationThe Global Attacker Security Intelligence Service Explained
White Paper How Junos Spotlight Secure Works The Global Attacker Security Intelligence Service Explained Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3 Introduction...3
More informationF5 Intelligent DNS Scale. Philippe Bogaerts Senior Field Systems Engineer mailto: p.bogaerts@f5.com Mob.: +32 473 654 689
F5 Intelligent Scale Philippe Bogaerts Senior Field Systems Engineer mailto: p.bogaerts@f5.com Mob.: +32 473 654 689 Intelligent and scalable PROTECTS web properties and brand reputation IMPROVES web application
More informationWhite paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.
TrusGuard DPX: Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls...
More informationPervasive Security Enabled by Next Generation Monitoring Fabric
Pervasive Security Enabled by Next Generation Monitoring Fabric By: Lee Doyle, Principal Analyst at Doyle Research Sponsored by Big Switch Networks Executive Summary Enterprise networks have become ever
More informationMcAfee Next Generation Firewall Optimize your defense, resilience, and efficiency.
Optimize your defense, resilience, and efficiency. Table of Contents Need Stronger Network Defense? Network Concerns Security Concerns Cost of Ownership Manageability Application and User Awareness High
More informationREMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION
REMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION The modern data centre has ever-increasing demands for throughput and performance, and the security infrastructure required to protect and segment the network
More informationSecuring the private cloud
Securing the private cloud Gary Gardiner Security Engineer 2011 Check Point Software Technologies Ltd. [Unrestricted] For everyone Top Trends of 2011 1 2 3 4 5 6 7 8 9 Virtualization & Cloud Computing
More informationSecuring data centres: How we are positioned as your ISP provider to prevent online attacks.
Securing data centres: How we are positioned as your ISP provider to prevent online attacks. Executive Summary In today s technologically-demanding world, an organisation that experiences any internet
More informationPalo Alto Networks. Security Models in the Software Defined Data Center
Palo Alto Networks Security Models in the Software Defined Data Center Christer Swartz Palo Alto Networks CCIE #2894 Network Overlay Boundaries & Security Traditionally, all Network Overlay or Tunneling
More informationSECURE CLOUD CONNECTIVITY FOR VIRTUAL PRIVATE NETWORKS
White Paper SECURE CLOUD CONNECTIVITY FOR VIRTUAL PRIVATE NETWORKS Next-Generation Virtualized Managed Services for the Enterprise with Secure-on-Network Links to the Copyright 2014, Juniper Networks,
More informationJUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM
JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM May 2015 Nguyễn Tiến Đức ASEAN Security Specialist Agenda Modern Malware: State of the Industry Dynamic Threat Intelligence on the Firewall
More informationWEBAPP SECURE The Smartest Way to Secure Websites and Web Applications Against Hackers, Fraud, and Theft
DATASHEET WEBAPP SECURE The Smartest Way to Secure Websites and Web Applications Against Hackers, Fraud, and Theft Product Overview Traditional signature-based Web application firewalls are flawed because
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More informationNext Generation Enterprise Network Security Platform
Next Generation Enterprise Network Security Platform November 2014 Lyndon Clough - Territory Sales Manager Derran Guinan Systems Engineer Agenda The Palo Alto Networks story Today s Threat Landscape The
More informationCisco Prime Network Services Controller. Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems
Cisco Prime Network Services Controller Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems Agenda Cloud Networking Challenges Prime Network Services Controller L4-7 Services Solutions
More informationSecure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services
Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services Udo Schneider Trend Micro Udo_Schneider@trendmicro.de 26.03.2013
More informationA Layperson s Guide To DoS Attacks
A Layperson s Guide To DoS Attacks A Rackspace Whitepaper A Layperson s Guide to DoS Attacks Cover Table of Contents 1. Introduction 2 2. Background on DoS and DDoS Attacks 3 3. Types of DoS Attacks 4
More informationLeveraging SDN and NFV in the WAN
Leveraging SDN and NFV in the WAN Introduction Software Defined Networking (SDN) and Network Functions Virtualization (NFV) are two of the key components of the overall movement towards software defined
More informationGateway Security at Stateful Inspection/Application Proxy
Gateway Security at Stateful Inspection/Application Proxy Michael Lai Sales Engineer - Secure Computing Corporation MBA, MSc, BEng(Hons), CISSP, CISA, BS7799 Lead Auditor (BSI) Agenda Who is Secure Computing
More informationIncrease Simplicity and Improve Reliability with VPLS on the MX Series Routers
SOLUTION BRIEF Enterprise Data Center Interconnectivity Increase Simplicity and Improve Reliability with VPLS on the Routers Challenge As enterprises improve business continuity by enabling resource allocation
More informationBest of Breed of an ITIL based IT Monitoring. The System Management strategy of NetEye
Best of Breed of an ITIL based IT Monitoring The System Management strategy of NetEye by Georg Kostner 5/11/2012 1 IT Services and IT Service Management IT Services means provisioning of added value for
More informationThe Smartest Way to Secure Websites and Web Applications Against Hackers, Fraud, and Theft
DATASHEET Junos WebApp Secure The Smartest Way to Secure Websites and Web Applications Against Hackers, Fraud, and Theft Product Overview Traditional signature-based Web application firewalls are flawed
More informationVMware vcloud Networking and Security Overview
VMware vcloud Networking and Security Overview Networks and Security for Virtualized Compute Environments WHITE PAPER Overview Organizations worldwide have gained significant efficiency and flexibility
More informationINTRODUCTION TO FIREWALL SECURITY
INTRODUCTION TO FIREWALL SECURITY SESSION 1 Agenda Introduction to Firewalls Types of Firewalls Modes and Deployments Key Features in a Firewall Emerging Trends 2 Printed in USA. What Is a Firewall DMZ
More informationHow to survive in a world of Virtualization and Cloud Computing, where you even can t trust your own environment anymore. Raimund Genes, CTO
How to survive in a world of Virtualization and Cloud Computing, where you even can t trust your own environment anymore. Raimund Genes, CTO Data everywhere but protection? Unprotected Data Needing Protection
More informationVMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic
VMware Software Defined Network Dejan Grubić VMware Systems Engineer for Adriatic The Transformation of Infrastructure Infrastructure Servers Clouds Be more responsive to business, change economics of
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationSecuring the Virtualized Data Center With Next-Generation Firewalls
Securing the Virtualized Data Center With Next-Generation Firewalls Data Center Evolution Page 2 Security Hasn t Kept Up with Rate Of Change Configuration of security policies are manual and slow Weeks
More informationSecuring the Intelligent Network
WHITE PAPER Securing the Intelligent Network Securing the Intelligent Network New Threats Demand New Strategies The network is the door to your organization for both legitimate users and would-be attackers.
More informationThe Distributed Cloud: Automating, Scaling, Securing & Orchestrating the Edge
White Paper The Distributed Cloud: Automating, Scaling, Securing & Orchestrating the Edge Prepared by Jim Hodges Senior Analyst, Heavy Reading www.heavyreading.com on behalf of www.juniper.net October
More informationOn and off premises technologies Which is best for you?
On and off premises technologies Which is best for you? We don t mind what you buy, as long as it is YELLOW! Warren Sealey and Paul-Christian Garpe On Premises or in the cloud? 1 Agenda Why Symantec? Email
More informationMove over, TMG! Replacing TMG with Sophos UTM
Move over, TMG! Replacing TMG with Sophos UTM Christoph Litzbach, Pre-Sales Engineer NSG 39 Key Features of TMG HTTP Antivirus/spyware URL Filtering HTTPS forward inspection Web Caching Role based access
More informationWhy Device Fingerprinting Provides Better Network Security than IP Blocking. How to transform the economics of hacking in your favor
Why Device Fingerprinting Provides Better Network Security than IP Blocking How to transform the economics of hacking in your favor Why Device Fingerprinting Provides Better Network Security than IP Blocking
More informationSecurityDAM On-demand, Cloud-based DDoS Mitigation
SecurityDAM On-demand, Cloud-based DDoS Mitigation Table of contents Introduction... 3 Why premise-based DDoS solutions are lacking... 3 The problem with ISP-based DDoS solutions... 4 On-demand cloud DDoS
More informationAt dincloud, Cloud Security is Job #1
At dincloud, Cloud Security is Job #1 A set of surveys by the international IT services company, the BT Group revealed a major dilemma facing the IT community concerning cloud and cloud deployments. 79
More informationGetting More Performance and Efficiency in the Application Delivery Network
SOLUTION BRIEF Intel Xeon Processor E5-2600 v2 Product Family Intel Solid-State Drives (Intel SSD) F5* Networks Delivery Controllers (ADCs) Networking and Communications Getting More Performance and Efficiency
More informationForeScout CounterACT. Device Host and Detection Methods. Technology Brief
ForeScout CounterACT Device Host and Detection Methods Technology Brief Contents Introduction... 3 The ForeScout Approach... 3 Discovery Methodologies... 4 Passive Monitoring... 4 Passive Authentication...
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationSECURING YOUR MODERN DATA CENTER WITH CHECK POINT
SECURING YOUR MODERN DATA CENTER WITH CHECK POINT Javier Hijas Security Architect Check Point Europe 1 Agenda 1 2 3 4 What Questions is a modern / Answers datacenter Datacenter protection evolution Security
More informationAPPLICATION DELIVERY
RIVERBED DELIVERY THE FIRST DELIVERY CONTROLLER (ADC) DESIGNED FOR ANY CLOUD OR Greater flexibility VIRTUALIZED ENVIRONMENT GARTNER MAGIC QUADRANT RECOGNITION We re a Visionary in the 2012 Magic Quadrant
More informationModular Network Security. Tyler Carter, McAfee Network Security
Modular Network Security Tyler Carter, McAfee Network Security Surviving Today s IT Challenges DDos BOTS PCI SOX / J-SOX Data Exfiltration Shady RAT Malware Microsoft Patches Web Attacks No Single Solution
More informationEthernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心
Ethernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心 1 SDN Introduction Decoupling of control plane from data plane
More informationCloud and VM Based Security
Cloud and Based Security Supoj Aram-ekkalarb Network Security Consultant 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 2012 Check Point Software Technologies Ltd. [PROTECTED]
More informationSecure networks are crucial for IT systems and their
ISSA The Global Voice of Information Security Network Security Architecture By Mariusz Stawowski ISSA member, Poland Chapter Secure networks are crucial for IT systems and their proper operation. Essential
More informationVMware NSX A Perspective for Service Providers part 2
VMware NSX A Perspective for Service Providers part 2 Using Software Defined Networking to harden DC security controls Trevor Gerdes Strategic Architect Security and Networks NSX for SPs Part 2 - Agenda
More informationForeScout CounterACT Edge
ForeScout is a high performance security appliance that protects your network perimeter against intrusion. Unlike traditional IPS products, ForeScout is extremely easy to install and manage. It does not
More informationComplete Protection against Evolving DDoS Threats
Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls... 3 Intrusion
More informationAdaptive Intelligent Firewall - der nächste Entwicklungssprung der NGFW. Jürgen Seitz Systems Engineering Manager
Adaptive Intelligent Firewall - der nächste Entwicklungssprung der NGFW Jürgen Seitz Systems Engineering Manager Evolution of Network Security Next-Gen Firewall Application Visibility and Control User-based
More informationThreat-Centric Security for Service Providers
Threat-Centric Security for Service Providers Enabling Open & Programmable Networks Sam Rastogi, Service Provider Security Product Marketing, Security Business Group Bill Mabon, Network Security Product
More informationCLOUD IS THE NEW COMPUTER
CLOUD IS THE NEW COMPUTER THE NEW TERMINAL-MAINFRAMES P L AT F O R M CLIENT-SERVER APP-CLOUD ENTERPRISE IT TRANSFORMATION THE CLOUD JOURNEY: 1. Eliminate infrastructure with public SaaS/PaaS 2. Flexible
More informationLooking Ahead The Path to Moving Security into the Cloud
Looking Ahead The Path to Moving Security into the Cloud Gerhard Eschelbeck Sophos Session ID: SPO2-107 Session Classification: Intermediate Agenda The Changing Threat Landscape Evolution of Application
More informationFour Considerations for Addressing the DDoS Risk for Carrier and Cloud Hosting Providers
Four Considerations for Addressing the DDoS Risk for Carrier and Cloud Hosting Providers Whitepaper SHARE THIS WHITEPAPER Table of Contents The Rising Threat of Cyber-Attack Downtime...3 Four Key Considerations
More informationHillstone Intelligent Next Generation Firewall
Hillstone Intelligent Next Generation Firewall Kris Nawani Solution Manager (Thailand) 12 th March 2015 1 About Hillstone Networks Founded 2006 by Netscreen visionaries World class team with security,
More informationSHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper
SHARE THIS WHITEPAPER Top Selection Criteria for an Anti-DDoS Solution Whitepaper Table of Contents Top Selection Criteria for an Anti-DDoS Solution...3 DDoS Attack Coverage...3 Mitigation Technology...4
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationVM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware
VM-Series for VMware The VM-Series for VMware supports VMware NSX, ESXI stand-alone and vcloud Air, allowing you to deploy next-generation firewall security and advanced threat prevention within your VMware-based
More informationAutomated Mitigation of the Largest and Smartest DDoS Attacks
Datasheet Protection Automated Mitigation of the Largest and Smartest Attacks Incapsula secures websites against the largest and smartest types of attacks - including network, protocol and application
More informationEndpoint Threat Detection without the Pain
WHITEPAPER Endpoint Threat Detection without the Pain Contents Motivated Adversaries, Too Many Alerts, Not Enough Actionable Information: Incident Response is Getting Harder... 1 A New Solution, with a
More information