Testing Darwinsim: The History and Evolution of Network Resiliency

Size: px
Start display at page:

Download "Testing Darwinsim: The History and Evolution of Network Resiliency"

Transcription

1 Testing Darwinsim: The History and Evolution of Network Resiliency Mike Hamilton Ixia Communications Session ID: SPO-210 Session Classification: General Interest

2 Why Should I Care? 2

3 RESILIENCY Defining Resiliency Performance How Application load, attacks, and impairments. Why Measure and improve performance under high-stress conditions. Security Latest attacks, evasions, malware, and spam. Identify and remediate vulnerabilities. Perform under DoS attack. Stability Impairments combined with application load. Ensure reliable performance and availability. 3

4 Performance Performance How Application load, attacks, and impairments. Why Measure and improve performance under high-stress conditions. 4

5 The Datasheet Game Carrier Class Firewall Metric Firewall A Firewall B Firewall C *3WHS+D+3WC **Derived from PPS Connectivity Stated as Application 5

6 The Datasheet Game Carrier Class Firewall Metric Firewall A Firewall B Firewall C Throughput (Max) 150 Gbps 560 Gbps 640 Gbps *3WHS+D+3WC **Derived from PPS Connectivity Stated as Application 6

7 The Datasheet Game Carrier Class Firewall Metric Firewall A Firewall B Firewall C Throughput (Max) Throughput (IMIX) 150 Gbps 560 Gbps 640 Gbps 37.8 Gbps 560 Gbps 135 Gbps *3WHS+D+3WC **Derived from PPS Connectivity Stated as Application 7

8 The Datasheet Game Carrier Class Firewall Metric Firewall A Firewall B Firewall C Throughput (Max) Throughput (IMIX) Throughput (64B) 150 Gbps 560 Gbps 640 Gbps 37.8 Gbps 560 Gbps 135 Gbps 7.7 Gbps** 560 Gbps 31 Gbps** *3WHS+D+3WC **Derived from PPS Connectivity Stated as Application 8

9 The Datasheet Game Carrier Class Firewall Metric Firewall A Firewall B Firewall C Throughput (Max) Throughput (IMIX) Throughput (64B) Connections per Second* 150 Gbps 560 Gbps 640 Gbps 37.8 Gbps 560 Gbps 135 Gbps 7.7 Gbps** 560 Gbps 31 Gbps** 380, M 320,000 *3WHS+D+3WC **Derived from PPS Connectivity Stated as Application 9

10 The Datasheet Game Carrier Class Firewall Metric Firewall A Firewall B Firewall C Throughput (Max) Throughput (IMIX) Throughput (64B) Connections per Second* Concurrent Connections 150 Gbps 560 Gbps 640 Gbps 37.8 Gbps 560 Gbps 135 Gbps 7.7 Gbps** 560 Gbps 31 Gbps** 380, M 320,000 20M 280M 100M *3WHS+D+3WC **Derived from PPS Connectivity Stated as Application 10

11 The Datasheet Game Carrier Class Firewall 11

12 The Datasheet Game Carrier Class Firewall Metric Firewall A Firewall B Firewall C 12

13 The Datasheet Game Carrier Class Firewall Metric Firewall A Firewall B Firewall C Throughput (64B) 7.7 Gbps 560 Gbps 31 Gbps 13

14 The Datasheet Game Carrier Class Firewall Metric Firewall A Firewall B Firewall C Throughput (64B) 7.7 Gbps 560 Gbps 31 Gbps CPS 380, M 320,000 14

15 The Datasheet Game Carrier Class Firewall Metric Firewall A Firewall B Firewall C Throughput (64B) 7.7 Gbps 560 Gbps 31 Gbps CPS 380, M 320,000 Worst-case Throughput 1.8 Gbps 15.8 Gbps 1.5 Gbps 15

16 The Datasheet Game Carrier Class Firewall Metric Firewall A Firewall B Firewall C Throughput (64B) 7.7 Gbps 560 Gbps 31 Gbps CPS 380, M 320,000 Worst-case Throughput Worst-case Goodput 1.8 Gbps 15.8 Gbps 1.5 Gbps 6 Mbps 52 Mbps 5.1 Mbps 16

17 Performance Performance How Application load, attacks, and impairments. Why Measure and improve performance under high-stress conditions. 17

18 Security Performance How Application load, attacks, and impairments. Why Measure and improve performance under high-stress conditions. Security Latest attacks, evasions, malware, and spam. Identify and remediate vulnerabilities. Perform under DoS attack. 18

19 Does Mark the Spot? 19

20 IPS Imprecise Performance Systems Firewall A Firewall B Firewall C Throughput (64B) 7.7 Gbps 560 Gbps 31 Gbps CPS 380, M 320,000 Worst-case Throughput Worst-case Goodput IPS Throughput 1.8 Gbps 15.8 Gbps 1.5 Gbps 6 Mbps 52 Mbps 5.1 Mbps 26 Gbps Gbps 40 Gbps 20

21 DDoS Are You Ready? 21

22 Why Should I Care? 22

23 $,,, 23

24 DLP Dollar Loss Prevention 24

25 RESILIENCY Stability Performance How Application load, attacks, and impairments. Why Measure and improve performance under high-stress conditions. Security Latest attacks, evasions, malware, and spam. Identify and remediate vulnerabilities. Perform under DoS attack. Stability Impairments combined with application load. Ensure reliable performance and availability. 25

26 Stability 26

27 How to Measure? 27

28 Why Should I Care? 28

29 Combinations and Permutations = = = 64 OR =

30 Combinations = = x packets On a 10 Gbps link at 15mm PPS = 2.08x seconds = 3.46x minutes = 5.78x hours = 2.41x days = 6.59x years = 4.7x lifetimes of the Universe 30

31 Why Should I Care? 31

32 Combinations and Permutations = = 160 = = 64 OR = 160 =

33 Combinations = = 1.77 x packets On a 10 Gbps link at 15mm PPS = 1.18x10 65 seconds = 1.96x10 63 minutes = 3.27x10 61 hours = 1.36x10 60 days = 3.73x10 57 years = 2.66x10 47 lifetimes of the Universe 33

34 Resiliency 34

35 Resiliency Testing: A History Lesson Internet Growth Leads to Technology Standards IETF Testing Standards RFC 1944 RFC 2544 RFC

36 RFC 2544: Right Standard, Wrong Time Original Goal Create Vendor-Agnostic Comparisons 18 years later (Today) Industry continues to apply RFC 2544 to nextgeneration and content aware devices 36

37 RFC 3511: False Sense of Security? HTTP is NOT an Application 37

38 Mobility in Action 38

39 Moving Ahead: Evolving Testing Standards IETF Benchmarking Working Group Content-aware device methodology Industry consortiums DPIbench 39

40 Resiliency = Battle-Tested Apply emerging standards today Download the most recent work Understand your network traffic Enterprise, service provider, government, etc. 40

41 Apply: Takeaways Ask your vendor*: 1. Are you keeping up with emerging testing standards? 2. What application mixes and weights do you use during testing? 3. Do you combine applications and high-stress user load during testing? 4. What have the results been when you have tested using malformed traffic? 5. How does the device perform against application-layer attacks? 6. Can I test your product with my unique network, application, and user conditions? *Vendors, ask yourself the same questions. 41

42 Apply: Final Thoughts Read between the lines Money matters Just because code hasn t been touched doesn t mean it is not the problem Never leave a test port idle Utilize industry resources 42

43 Questions? $,,, Contact information: Mike Hamilton Director of Global Systems Engineering BreakingPoint Systems 43

Firewall Testing Methodology W H I T E P A P E R

Firewall Testing Methodology W H I T E P A P E R Firewall ing W H I T E P A P E R Introduction With the deployment of application-aware firewalls, UTMs, and DPI engines, the network is becoming more intelligent at the application level With this awareness

More information

VALIDATING DDoS THREAT PROTECTION

VALIDATING DDoS THREAT PROTECTION VALIDATING DDoS THREAT PROTECTION Ensure your DDoS Solution Works in Real-World Conditions WHITE PAPER Executive Summary This white paper is for security and networking professionals who are looking to

More information

Network Security Equipment The Ever Changing Curveball

Network Security Equipment The Ever Changing Curveball Network Security Equipment The Ever Changing Curveball breakingpointsystems.com This document contains information that is the property of BreakingPoint Systems, Inc. This information may not be copied,

More information

IxLoad-Attack: Network Security Testing

IxLoad-Attack: Network Security Testing IxLoad-Attack: Network Security Testing IxLoad-Attack tests network security appliances determining that they effectively and accurately block attacks while delivering high end-user quality of experience

More information

DDoS Trend Analysis through 2010, Infrastructure Security Report & ATLAS Initiative Yaroslav Rosomakho Senior Consulting Engineer, EMEA

DDoS Trend Analysis through 2010, Infrastructure Security Report & ATLAS Initiative Yaroslav Rosomakho Senior Consulting Engineer, EMEA DDoS Trend Analysis through 2010, Infrastructure Security Report & ATLAS Initiative Yaroslav Rosomakho Senior Consulting Engineer, EMEA Introduction Yaroslav Rosomakho, Senior CE, EMEA. 10+ years of experience

More information

For IT Infrastructure, Mobile and Cloud Computing - Why and how

For IT Infrastructure, Mobile and Cloud Computing - Why and how For IT Infrastructure, Mobile and Cloud Computing - Why and how Will you fear me... First, who is this group called Anonymous? Put simply, it is an international cabal of criminal hackers dating back to

More information

The CISO s Guide to Security

The CISO s Guide to Security White Paper The CISO s Guide to Security > Job Using Actionable Security Intelligence to Assess and Defend Your Security Posture 26601 Agoura Road, Calabasas, CA 91302 Tel: 818.871.1800 Fax: 818.871.1805

More information

Data Center security trends

Data Center security trends Data Center security trends Tomislav Tucibat Major accounts Manager, Adriatic Copyright Fortinet Inc. All rights reserved. IT Security evolution How did threat market change over the recent years? Problem:

More information

Firewalls in the Data Center: Main Strategies and Metrics

Firewalls in the Data Center: Main Strategies and Metrics Firewalls in the Data Center: Main Strategies and Metrics Joel Snyder, PhD Senior Partner, Opus One What You Will Learn Measuring performance in networks has usually involved looking at one number: throughput.

More information

Business Case for a DDoS Consolidated Solution

Business Case for a DDoS Consolidated Solution Business Case for a DDoS Consolidated Solution Executive Summary Distributed denial-of-service (DDoS) attacks are becoming more serious and sophisticated. Attack motivations are increasingly financial

More information

4 Delivers over 20,000 SSL connections per second (cps), which

4 Delivers over 20,000 SSL connections per second (cps), which April 21 Commissioned by Radware, Ltd Radware AppDirector x8 and x16 Application Switches Performance Evaluation versus F5 Networks BIG-IP 16 and 36 Premise & Introduction Test Highlights 1 Next-generation

More information

Spirent Journal of Cloud Application and Security Services PASS Test Methodologies. June 2011 Edition. February 2011 Edition PASS

Spirent Journal of Cloud Application and Security Services PASS Test Methodologies. June 2011 Edition. February 2011 Edition PASS Spirent Journal of Cloud Application and Security Services PASS Test Methodologies June 2011 Edition February 2011 Edition PASS Introduction Today s Devices Under Test (DUT) represent complex, multi-protocol

More information

How valuable DDoS mitigation hardware is for Layer 7 Sophisticated attacks

How valuable DDoS mitigation hardware is for Layer 7 Sophisticated attacks How valuable DDoS mitigation hardware is for Layer 7 Sophisticated attacks Stop DDoS before they stop you! James Braunegg (Micron 21) What Is Distributed Denial of Service A Denial of Service attack (DoS)

More information

Data Centers Protection from DoS attacks. Trends and solutions. Michael Soukonnik, Radware Ltd michaels@radware.com Riga. Baltic IT&T. 21.04.

Data Centers Protection from DoS attacks. Trends and solutions. Michael Soukonnik, Radware Ltd michaels@radware.com Riga. Baltic IT&T. 21.04. Data Centers Protection from DoS attacks. Trends and solutions Michael Soukonnik, Radware Ltd michaels@radware.com Riga. Baltic IT&T. 21.04.2010 Cybercrime Trends Page 2 Types of DoS attacks and classical

More information

The CISO s Guide to Ensuring IT Resiliency in the Face of Change

The CISO s Guide to Ensuring IT Resiliency in the Face of Change WHITE PAPER Actionable Security Intelligence The CISO s Guide to Ensuring IT Resiliency in the Face of Change Using Actionable Security Intelligence to Assess and Defend Your Security Posture Introduction

More information

Reduce Your Network's Attack Surface

Reduce Your Network's Attack Surface WHITE PAPER Reduce Your Network's Attack Surface Ixia's ThreatARMOR Frees Up Security Resources and Personnel The Threat Landscape When you re dealing with network security, one of the primary measurements

More information

Otas%serumquis%es%explibu%sanimet%et%aut%omnisse Otas%serumquis%es%explibu%sanimet%et%aut%omnisse%nimpore%rendae% nonecerum% NUCLEUS BVBA MATTIAS GENIAR SENIOR SYSTEM ENGINEER dolorem.% MATTIAS@NUCLEUS.BE

More information

Cyber Range Training Services

Cyber Range Training Services Cyber Range Training Services Table of Contents Train Like You Fight... 2 The Global Cyber Range Imperative... 3 Why Traditional Approaches Have Failed... 3 A Pragmatic Strategy for Arming and Training

More information

What to Look for When Evaluating Next-Generation Firewalls

What to Look for When Evaluating Next-Generation Firewalls What to Look for When Evaluating Next-Generation Firewalls Using independent tests to compare performance, cost and functionality Table of Contents Why Use Independent Tests in Evaluations?... 3 What to

More information

Less Guessing, More Facts. How to survive or avoid a DDoS Attack. Simulate Large Scale Cyber Attacks. Andy Young Snr Systems Engineer

Less Guessing, More Facts. How to survive or avoid a DDoS Attack. Simulate Large Scale Cyber Attacks. Andy Young Snr Systems Engineer Less Guessing, More Facts There is a better way How to survive or avoid a DDoS Attack. Simulate Large Scale Cyber Attacks. Andy Young Snr Systems Engineer The Network Has Evolved Application landscape

More information

Load Balancing Security Gateways WHITE PAPER

Load Balancing Security Gateways WHITE PAPER Load Balancing Security Gateways WHITE PAPER Table of Contents Acceleration and Optimization... 4 High Performance DDoS Protection... 4 Web Application Firewall... 5 DNS Application Firewall... 5 SSL Insight...

More information

FortiGate-3950B Scores 95/100 on BreakingPoint Resiliency Score (Security, Performance, & Stability)

FortiGate-3950B Scores 95/100 on BreakingPoint Resiliency Score (Security, Performance, & Stability) FortiGate-3950B Scores 95/100 on BreakingPoint Resiliency Score (Security, Performance, & Stability) Overview Fortinet FortiGate -3950B enterprise consolidated security appliance has achieved a BreakingPoint

More information

Secure Cloud-Ready Data Centers Juniper Networks

Secure Cloud-Ready Data Centers Juniper Networks Secure Cloud-Ready Data Centers Juniper Networks JUNIPER SECURITY LEADERSHIP A $1B BUSINESS Market Leadership Data Center with High- End Firewall #1 at 42% Secure Mobility with SSL VPN #1 at 25% Security

More information

Performance and Scalability with the Juniper SRX5400

Performance and Scalability with the Juniper SRX5400 ESG Lab Review Performance and Scalability with the Juniper SRX5400 Date: March 2015 Author: Mike Leone, ESG Lab Analyst; and Jon Oltsik, ESG Senior Principal Analyst Abstract: This ESG Lab review documents

More information

Lab Testing Summary Report

Lab Testing Summary Report Lab Testing Summary Report February 14 Report 132B Product Category: Web Security Gateway Vendor Tested: Key findings and conclusions: security appliance exhibits best rate to date, 91.3%, for classifying

More information

A Six-Step Plan for Competitive Device Evaluations

A Six-Step Plan for Competitive Device Evaluations A Six-Step Plan for Competitive Device Evaluations How to Evaluate and Select the Best Content-Aware Network or Security Devices for Enterprise, Federal, and Carrier Infrastructures BreakingPoint Enterprise

More information

Symantec Enterprise Firewalls. From the Internet Thomas Jerry Scott

Symantec Enterprise Firewalls. From the Internet Thomas Jerry Scott Symantec Enterprise Firewalls From the Internet Thomas Symantec Firewalls Symantec offers a whole line of firewalls The Symantec Enterprise Firewall, which emerged from the older RAPTOR product We are

More information

Using Palo Alto Networks to Protect the Datacenter

Using Palo Alto Networks to Protect the Datacenter Using Palo Alto Networks to Protect the Datacenter July 2009 Palo Alto Networks 232 East Java Dr. Sunnyvale, CA 94089 Sales 866.207.0077 www.paloaltonetworks.com Table of Contents Introduction... 3 Granular

More information

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming

More information

Server Load Balancing (SLB) Testing IxLoad

Server Load Balancing (SLB) Testing IxLoad TEST PLAN Server Load Balancing (SLB) Testing IxLoad www.ixiacom.com 915-6653-01, 2006 Copyright 2006 by Ixia All rights reserved Ixia 26601 West Agoura Road, Calabasas, CA 91302 (877) FOR-IXIA This Test

More information

TIME TO RETHINK NETWORK SECURITY

TIME TO RETHINK NETWORK SECURITY TIME TO RETHINK NETWORK SECURITY There are three major trends currently unfolding that promise increased efficiency and effectiveness in how we do business. These are cloud computing, big data analysis

More information

Why IPS Devices and Firewalls Fail to Stop DDoS Threats

Why IPS Devices and Firewalls Fail to Stop DDoS Threats ( WH ITE PAPE R) Why IPS Devices and Firewalls Fail to Stop DDoS Threats HOW TO PROTECT YOUR DATA CENTER S AVAILABILITY Executive Summary As e-commerce continues to proliferate and deliver profitable results,

More information

Cisco Meraki MX products come in 6 models. The chart below outlines MX hardware properties for each model: MX64 MX64W MX84 MX100 MX400 MX600

Cisco Meraki MX products come in 6 models. The chart below outlines MX hardware properties for each model: MX64 MX64W MX84 MX100 MX400 MX600 MX Sizing Guide DECEMBER 2015 This technical document provides guidelines for choosing the right Cisco Meraki security appliance based on real-world deployments, industry standard benchmarks and in-depth

More information

Extreme Security Threat Protection G2 - Intrusion Prevention Integrated security, visibility, and control for next- generation network protection

Extreme Security Threat Protection G2 - Intrusion Prevention Integrated security, visibility, and control for next- generation network protection DATA SHEET Extreme Security Threat Protection G2 - Intrusion Prevention Integrated security, visibility, and control for next- generation network protection HIGHLIGHTS Delivers superior zero-day threat

More information

Insiders View: Network Security Devices

Insiders View: Network Security Devices Insiders View: Network Security Devices Dennis Cox CTO @ BreakingPoint Systems CanSecWest/Core06 Vancouver, April 2006 Who am I? Chief Technology Officer - BreakingPoint Systems Director of Engineering

More information

Arbor White Paper Why IPS Devices and Firewalls Fail to Stop DDoS Threats

Arbor White Paper Why IPS Devices and Firewalls Fail to Stop DDoS Threats Arbor White Paper Why IPS Devices and Firewalls Fail to Stop DDoS Threats How to Protect Your Data Center s Availability About Arbor Networks Arbor Networks, Inc. is a leading provider of network security

More information

(U) Financial Sector Cyber Security

(U) Financial Sector Cyber Security (U) Financial Sector Cyber Security UNCLASSIFED//FOUO (U) Cyber Event: (U) 15 August Foreign cyber actors targeted a foreign oil company in a large-scale coordinated cyber attack, incidentally attacking

More information

TEST METHODOLOGY. Network Firewall Data Center. v1.0

TEST METHODOLOGY. Network Firewall Data Center. v1.0 TEST METHODOLOGY Network Firewall Data Center v1.0 Table of Contents 1 Introduction... 4 1.1 The Need for Firewalls In The Data Center... 4 1.2 About This Test Methodology and Report... 4 1.3 Inclusion

More information

Comparative Performance and Resilience Test Results - UTM Appliances. Miercom tests comparing Sophos SG Series appliances against the competition

Comparative Performance and Resilience Test Results - UTM Appliances. Miercom tests comparing Sophos SG Series appliances against the competition Comparative Performance and Resilience Test Results - UTM Appliances Miercom tests comparing SG Series appliances against the competition Overview Firewalls not only provide your first line of defense

More information

Non-Geeks Guide to. Network Threat Prevention

Non-Geeks Guide to. Network Threat Prevention Non-Geeks Guide to Network Threat Prevention 1 2 Table of Contents The Evolution of Network Security Network Security: A Constantly-Evolving Threat Why are networks at more risk than ever before? Evaluating

More information

Is the Security Industry Ready for SSL Decryption?

Is the Security Industry Ready for SSL Decryption? Is the Security Industry Ready for SSL Decryption? SESSION ID: TECH-R01 John W. Pirc Chief Technology Officer NSS Labs Inc. @jopirc David DeSanto Director, Product Management NSS Labs Inc. @david_desanto

More information

[Restricted] ONLY for designated groups and individuals. 2014 Check Point Software Technologies Ltd.

[Restricted] ONLY for designated groups and individuals. 2014 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals Contents 1 2 3 4 Industry Trends DDoS Attack Types Solutions to DDoS Attacks Summary 2 Cybercrime Landscape DNS Hijacking Malware 3% 3% Targeted

More information

Network Security Solution. Arktos Lam

Network Security Solution. Arktos Lam Network Security Solution Arktos Lam Dell Software Group(DSG) 2 Confidential Trend Dell Software addresses key trends Cloud Big data Mobility Security Management Security 3 Software We deliver security

More information

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL AWF Series Web application firewalls provide industry-leading Web application attack protection, ensuring continuity

More information

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE Game changing Technology für Ihre Kunden Thomas Bürgis System Engineering Manager CEE Threats have evolved traditional firewalls & IPS have not Protection centered around ports & protocols Expensive to

More information

What s Next for Network Security - Visibility is king! Gøran Tømte March 2013

What s Next for Network Security - Visibility is king! Gøran Tømte March 2013 What s Next for Network Security - Visibility is king! Gøran Tømte March 2013 Technology Sprawl and Creep Aren t the Answer More stuff doesn t solve the problem Firewall helpers have limited view of traffic

More information

Appliance Comparison Chart

Appliance Comparison Chart 202 Appliances 2200 4200 4400 4600 4800 Small-Office Enterprise Grade Production Performance (Security Benchmark) Security 4 4 223 374 623 Firewall (Gbps).4.4 2.2 3.4 5.8 Firewall and IPS (Mbps) 50 50

More information

How to Build a Massively Scalable Next-Generation Firewall

How to Build a Massively Scalable Next-Generation Firewall How to Build a Massively Scalable Next-Generation Firewall Seven measures of scalability, and how to use them to evaluate NGFWs Scalable is not just big or fast. When it comes to advanced technologies

More information

The SIEM Evaluator s Guide

The SIEM Evaluator s Guide Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,

More information

IBM Security Network Intrusion Prevention System

IBM Security Network Intrusion Prevention System IBM Security Network Intrusion Prevention System Comprehensive protection from today s evolving threats Highlights Unmatched levels of performance without compromising breadth and depth of security Protect

More information

Next Generation. VoIP Application Firewall. www.novacybersecurity.com

Next Generation. VoIP Application Firewall. www.novacybersecurity.com Next Generation VoIP Application Firewall Are you aware that you are vulnerable to all threats on the Internet? With increasing voice and video transmission over IP and emerging new technologies such as

More information

Cisco Meraki MX products come in 6 models. The chart below outlines MX hardware properties for each model: MX60 MX60W MX80 MX100 MX400 MX600

Cisco Meraki MX products come in 6 models. The chart below outlines MX hardware properties for each model: MX60 MX60W MX80 MX100 MX400 MX600 MX Sizing Guide MARCH 2014 This technical document provides guidelines for choosing the right Cisco Meraki security appliance based on real-world deployments, industry standard benchmarks and in-depth

More information

Critical Controls for Cyber Security. www.infogistic.com

Critical Controls for Cyber Security. www.infogistic.com Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability

More information

Server Load Balancer Testing

Server Load Balancer Testing Server Load Balancer Testing 26601 W. Agoura Rd. Calabasas, CA 91302 (Toll Free US) 1.877.FOR.IXIA (Int'l) +1.818.871.1800 (Fax) 818.871.1805 www.ixiacom.com Test Plan Copyright 2006 by Ixia All rights

More information

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges

More information

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000 Network Security Protective and Dependable With the growth of the Internet threats, network security becomes the fundamental concerns of family network and enterprise network. To enhance your business

More information

DDoS Protection on the Security Gateway

DDoS Protection on the Security Gateway DDoS Protection on the Security Gateway Best Practices 24 August 2014 Protected 2014 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by

More information

The 2014 Next Generation Firewall Challenge

The 2014 Next Generation Firewall Challenge Network World and Robin Layland present The 2014 Next Generation Firewall Challenge Guide to Understanding and Choosing a Next Generation Firewall to Combat Today's Threats 2014 The 2014 Next Generation

More information

Unified Threat Management Throughput Performance

Unified Threat Management Throughput Performance Unified Threat Management Throughput Performance Desktop Device Comparison DR150818C October 2015 Miercom www.miercom.com Contents Executive Summary... 3 Introduction... 4 Products Tested... 6 How We Did

More information

Security Solutions for the New Threads

Security Solutions for the New Threads Security Solutions for the New Threads We see things others can t Pablo Grande Sales Director, SOLA pgrande@arbor.net What a CISO Is Looking For Show Progress on Response Time Measurably improve our incident

More information

DPtech ADX Application Delivery Platform Series

DPtech ADX Application Delivery Platform Series Data Sheet DPtech ADX Series DPtech ADX Application Delivery Platform Series Overview IT requirements for service capability can be summarized as "acceleration", "security" and "reliability". The contradiction

More information

High Performance NGFW Extended

High Performance NGFW Extended High Performance NGFW Extended Enrique Millán Country Manager Colombia emillan@fortinet.com 1 Copyright 2013 Fortinet Inc. All rights reserved. D I S C L A I M E R This document contains confidential material

More information

Host-based Intrusion Prevention System (HIPS)

Host-based Intrusion Prevention System (HIPS) Host-based Intrusion Prevention System (HIPS) White Paper Document Version ( esnhips 14.0.0.1) Creation Date: 6 th Feb, 2013 Host-based Intrusion Prevention System (HIPS) Few years back, it was relatively

More information

Firewalls: The Next Generation. Rick Coloccia Network Manager coloccia@geneseo.edu

Firewalls: The Next Generation. Rick Coloccia Network Manager coloccia@geneseo.edu Firewalls: The Next Generation Rick Coloccia Network Manager coloccia@geneseo.edu Session Overview Evolution of the Firewall Packet Filters Stateful Firewalls Application Firewalls Single Appliance No

More information

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA Configuring Personal Firewalls and Understanding IDS Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA 1 Configuring Personal Firewalls and IDS Learning Objectives Task Statements 1.4 Analyze baseline

More information

DDoS attacks on electronic payment systems. Sean Rijs and Joris Claassen Supervisor: Stefan Dusée

DDoS attacks on electronic payment systems. Sean Rijs and Joris Claassen Supervisor: Stefan Dusée DDoS attacks on electronic payment systems Sean Rijs and Joris Claassen Supervisor: Stefan Dusée Scope High volume DDoS attacks Electronic payment systems Low bandwidth requirements: 5 from account X to

More information

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

More information

Introduction to DDoS Attacks. Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter

Introduction to DDoS Attacks. Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter Introduction to DDoS Attacks Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter DDoS in the News Q1 2014 DDoS Attack Trends DDoS Attack Trends Q4 2013 Mobile devices

More information

Arbor White Paper Layered Intelligent DDoS Mitigation Systems

Arbor White Paper Layered Intelligent DDoS Mitigation Systems Arbor White Paper Layered Intelligent DDoS Mitigation Systems Why Internet Service Providers are in a Unique Position to Deliver Layered DDoS Attack Protection Services About Arbor Networks Arbor Networks,

More information

spirent Test the security, performance and scalability of your app-aware infrastructure

spirent Test the security, performance and scalability of your app-aware infrastructure spirent Avalanche NEXT Test the security, performance and scalability of your app-aware infrastructure Avalanche NEXT The App-Aware Challenge The deployment of application-aware infrastructure brings with

More information

Cisco ASA 5500 Series Business Edition

Cisco ASA 5500 Series Business Edition Cisco ASA 5500 Series Business Edition Cisco ASA 5500 Series Business Edition Provides an All-in-One Security Solution The Cisco ASA 5500 Series Business Edition is an enterprise-strength comprehensive

More information

Next Generation Firewalls and Sandboxing

Next Generation Firewalls and Sandboxing Next Generation Firewalls and Sandboxing Joe Hughes, Director www.servicetech.co.uk Summary What is a Next Generation Firewall (NGFW)? Threat evolution Features Deployment Best practices What is Sandboxing?

More information

Integrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013

Integrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013 Integrated Approach to Network Security Lee Klarich Senior Vice President, Product Management March 2013 Real data from actual networks 2 2012, Palo Alto Networks. Confidential and Proprietary. 2008: HTTP,

More information

Blocking DNS Messages is Dangerous

Blocking DNS Messages is Dangerous Blocking DNS Messages is Dangerous Florian Maury, Mathieu Feuillet October 5-6, 2013 F Maury, M Feuillet Blocking DNS Messages is Dangerous October 5-6, 2013 1/25 ANSSI Created in 2009, the ANSSI is the

More information

Accelerating the Deployment of the Evolved Cyber Range

Accelerating the Deployment of the Evolved Cyber Range White Paper Accelerating the Deployment of the Evolved Cyber Range Ixia BreakingPoint Uses Patented Innovation to Deliver a Pragmatic Solution for Arming and Training Cyber Warriors 26601 Agoura Road,

More information

SourceFireNext-Generation IPS

SourceFireNext-Generation IPS D Ů V Ě Ř U J T E S I L N Ý M SourceFireNext-Generation IPS Petr Salač CCNP Security, CCNP, CICSP, CCSI #33835 petr.salac@alefnula.com Our Customers Biggest Security Challenges Maintaining security posture

More information

Glasnost or Tyranny? You Can Have Secure and Open Networks!

Glasnost or Tyranny? You Can Have Secure and Open Networks! AT&T is a proud sponsor of StaySafe Online Glasnost or Tyranny? You Can Have Secure and Open Networks! Steven Hurst CISSP Director - AT&T Security Services and Technology AT&T Chief Security Office 2009

More information

Internet Services. Amcom. Support & Troubleshooting Guide

Internet Services. Amcom. Support & Troubleshooting Guide Amcom Internet Services This Support and Troubleshooting Guide provides information about your internet service; including setting specifications, testing instructions and common service issues. For further

More information

Intro to Firewalls. Summary

Intro to Firewalls. Summary Topic 3: Lesson 2 Intro to Firewalls Summary Basic questions What is a firewall? What can a firewall do? What is packet filtering? What is proxying? What is stateful packet filtering? Compare network layer

More information

ISS X-Force. IBM Global Services. Angel NIKOLOV Country Manager BG, CZ, HU, RO and SK IBM Internet Security Systems

ISS X-Force. IBM Global Services. Angel NIKOLOV Country Manager BG, CZ, HU, RO and SK IBM Internet Security Systems IBM Global Services ISS X-Force Angel NIKOLOV Country Manager BG, CZ, HU, RO and SK IBM Internet Security Systems Internet Security Systems, an IBM Company Security Market Overview Companies face sophisticated

More information

Networking for Caribbean Development

Networking for Caribbean Development Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n

More information

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton

More information

White Paper A10 Thunder and AX Series Load Balancing Security Gateways

White Paper A10 Thunder and AX Series Load Balancing Security Gateways White Paper A10 Thunder and AX Series Load Balancing Security Gateways June 2013 WP_LB FW 062013 Disclaimer This document does not create any express or implied warranty about A10 Networks or about its

More information

For information on our service: Please call us on 800 188, visit our website at du.ae/en/business/product-and-services/business-managed-services or

For information on our service: Please call us on 800 188, visit our website at du.ae/en/business/product-and-services/business-managed-services or For information on our service: Please call us on 800 188, visit our website at du.ae/en/business/product-and-services/business-managed-services or email us at managedservices@du.ae Securing Data Centers:

More information

A TASTE OF HTTP BOTNETS

A TASTE OF HTTP BOTNETS Botnets come in many flavors. As one might expect, these flavors all taste different. A lot of Internet users have had their taste of IRC, P2P and HTTP based botnets as their computers were infected with

More information

Guidance Regarding Skype and Other P2P VoIP Solutions

Guidance Regarding Skype and Other P2P VoIP Solutions Guidance Regarding Skype and Other P2P VoIP Solutions Ver. 1.1 June 2012 Guidance Regarding Skype and Other P2P VoIP Solutions Scope This paper relates to the use of peer-to-peer (P2P) VoIP protocols,

More information

Next-Generation Firewalls: Critical to SMB Network Security

Next-Generation Firewalls: Critical to SMB Network Security Next-Generation Firewalls: Critical to SMB Network Security Next-Generation Firewalls provide dramatic improvements in protection versus traditional firewalls, particularly in dealing with today s more

More information

REV: 0.1.1 (July 2011) McAfee Security: Intrusion Prevention System

REV: 0.1.1 (July 2011) McAfee Security: Intrusion Prevention System McAfee Security: Intrusion Prevention System REV: 0.1.1 (July 2011) 1 Contents 1. McAfee Network Security Platform...3 2. McAfee Host Intrusion Prevention for Server...4 2.1 Network IPS...4 2.2 Workload

More information

Firewall Sandwich. Aleksander Kijewski Presales Engineer Dell Software Group. Dell Security Peak Performance

Firewall Sandwich. Aleksander Kijewski Presales Engineer Dell Software Group. Dell Security Peak Performance Firewall Sandwich Aleksander Kijewski Presales Engineer Dell Software Group 1 Many of your users web sessions are encrypted with HTTPS 2 Many of your users web sessions are encrypted with HTTPS and so

More information

How Lastline Has Better Breach Detection Capabilities. By David Strom December 2014 david@strom.com

How Lastline Has Better Breach Detection Capabilities. By David Strom December 2014 david@strom.com How Lastline Has Better Breach Detection Capabilities By David Strom December 2014 david@strom.com The Internet is a nasty place, and getting nastier. Current breach detection products using traditional

More information

Check Point submitted the SWG-12600 Secure Web Gateway for

Check Point submitted the SWG-12600 Secure Web Gateway for Key findings and conclusions: Lab Testing Summary Report September 213 Report 1382 Product Category: Web Security Gateway Vendors/Products Tested: Secure Web Gateway BlueCoat Proxy SG3-5 Appliance Websense

More information

Securing data centres: How we are positioned as your ISP provider to prevent online attacks.

Securing data centres: How we are positioned as your ISP provider to prevent online attacks. Securing data centres: How we are positioned as your ISP provider to prevent online attacks. Executive Summary In today s technologically-demanding world, an organisation that experiences any internet

More information

Router Throughput Tests

Router Throughput Tests Lab Testing Summary Report June 2013 Report 130605 Key findings and conclusions: Cisco 4451-X ISR branch office router, with advanced features enabled, demonstrated 1 GB and 2 GB capacity as advertised

More information

IBM Advanced Threat Protection Solution

IBM Advanced Threat Protection Solution IBM Advanced Threat Protection Solution Fabio Panada IBM Security Tech Sales Leader 1 Advanced Threats is one of today s key mega-trends Advanced Threats Sophisticated, targeted attacks designed to gain

More information

Arbor s Solution for ISP

Arbor s Solution for ISP Arbor s Solution for ISP Recent Attack Cases DDoS is an Exploding & Evolving Trend More Attack Motivations Geopolitical Burma taken offline by DDOS attack Protests Extortion Visa, PayPal, and MasterCard

More information

DDoS Defenders: Don't Take DNS for Granted A Seven-step Plan for Ensuring DNS Defenses in Service Provider Networks

DDoS Defenders: Don't Take DNS for Granted A Seven-step Plan for Ensuring DNS Defenses in Service Provider Networks WHITE PAPER DDoS Defenders: Don't Take DNS for Granted A Seven-step Plan for Ensuring DNS Defenses in Service Provider Networks www.ixiacom.com 915-3125-01 Rev. A, February 2014 2 Table of Contents Introduction...

More information

Cisco Integrated Services Routers Performance Overview

Cisco Integrated Services Routers Performance Overview Integrated Services Routers Performance Overview What You Will Learn The Integrated Services Routers Generation 2 (ISR G2) provide a robust platform for delivering WAN services, unified communications,

More information

Huawei Eudemon200E-N Next-Generation Firewall

Huawei Eudemon200E-N Next-Generation Firewall Huawei 200E-N Next-Generation Firewall With the popularity of mobile working using smartphones and tablets, mobile apps, Web2.0, and social networking become integral parts of works. This change in IT

More information

Application Delivery Testing at 100Gbps and Beyond

Application Delivery Testing at 100Gbps and Beyond Application Delivery Testing at 100Gbps and Beyond The Need for Speed 10 Gigabit Ethernet (GE) rapidly became the technology of choice for high speed connections to servers and network devices. Advancements

More information

Cullen Jennings fluffy@cisco.com. July 2015

Cullen Jennings fluffy@cisco.com. July 2015 Cullen Jennings fluffy@cisco.com July 2015 v9 1 A B 1. Outbound STUN request to well known STUN port (3478) Firewall creates 3-tuple pinhole for incoming and outgoing STUN message with matching username

More information