Network Security Equipment The Ever Changing Curveball
|
|
- Jason Walker
- 8 years ago
- Views:
Transcription
1 Network Security Equipment The Ever Changing Curveball breakingpointsystems.com
2 This document contains information that is the property of BreakingPoint Systems, Inc. This information may not be copied, reproduced, or transferred in any form for purposes other than its intended use without prior written consent of BreakingPoint Systems, Inc. The information found within this document is subject to change without notice. All information provided is believed to be accurate and is presented without warranty of any kind, expressed or implied. Notwithstanding any other warranties, all files are provided as is with all faults. BreakingPoint Systems, Inc. disclaims all warranties, expressed or implied, including, without limitation, those of merchantability, fitness for a particular purpose and noninfringement. In no event shall BreakingPoint Systems, Inc. be liable for any claim, damages, or other liability arising out of the use or inability to use this document. BreakingPoint and the BreakingPoint System logo are registered trademarks or service marks of BreakingPoint Systems, Inc. The Ever Changing Curveball, white paper Copyright BreakingPoint Systems, Inc. All rights reserved.
3 Overview The prevalence of network security equipment in enterprise networks has reached an all-time high. Businesses rely on network security equipment to protect their network infrastructures from today s hostile network environment. Unfortunately, there are few enterprises that properly test their network security equipment. When it comes to selecting network security devices, an enterprise network will either take a security-first posture or a performance-first posture. Most enterprise networks will take the performance-first posture, so they will test for any negative performance effects on their network. Usually, they will test a security device by trialing the box in their networks for a few weeks. During this time, they are monitoring for any adverse effects to their network. However, when it comes to network security equipment, trialing the box is not enough. The trial results do not account for the future growth or changing dynamics of the network, or the dynamics of the network security equipment itself. Network security devices are regularly updated with new security packs, which provide them with the ability to detect and act upon the latest threats. Without properly testing these devices, enterprises cannot determine how these updates will affect their network or the device. This is the unforeseen challenge faced by today s enterprises: they lack test equipment that can provide an accurate representation of their network s performance and security coverage. With this challenge in mind, BreakingPoint Systems has created the BPS- 1000, a comprehensive test solution that meets the testing demands of enterprise networks. This paper focuses on how the BPS-1000 can address the security testing needs of enterprise networks. It will illustrate why it is necessary to test security and performance concurrently, and it will demonstrate how having the proper test equipment can help identify a security device s vulnerabilities. The BPS-1000 Test Solution At BreakingPoint Systems, we know that to effectively test network security equipment, you need to concurrently send live attacks while running high-speed application traffic through the device. We believe that this is the only methodology that will provide an accurate summarization of a device s effectiveness. Based on this knowledge and belief, we have created the BPS Today, it is the only test equipment that effectively tests security coverage and performance by interleaving the three baselines of security testing: TCP sessions, application traffic, and live security attacks. It is the BPS-1000 s ability to fully integrate these performance and security aspects of testing that will prepare you for every curveball that comes your way. Curveballs in the Security Landscape It isn t everyday that a comparison is made between baseball and network security, but an analogy between the two isn t that farfetched. In baseball, a curveball is a pitch that breaks sharply at the last second. The unexpected break at the end of the curveball offsets the hitter s timing and causes him to miss-swing. If you re familiar with baseball, you know that there are two things that can affect when the curveball reaches its breaking point: its velocity and its spin. The pitcher can completely change the curveball by altering either the spin or speed of the pitch. 1
4 To tie this analogy in with testing, let s look at how the curveball relates to network security devices. For network security equipment, two aspects create the curveball: performance and security updates. Both these aspects create unique curveballs that can vary from network to network, and device to device. A change to either of these aspects can cause a security device to miss attacks, drop packets, or block valid traffic. Performance The first aspect of the curveball, performance, refers to a device s ability to effectively provide security coverage under changing network conditions. Any variance in the network or its performance can drastically affect a device s ability to detect and block attacks. These variances can range from a change in traffic rate to an increase in application protocol usage. To illustrate this case, consider the following example: A security device effectively blocks attacks in a network with 50 users and 1 Mbps of traffic; however, when relocated to a network with 5,000 users and 1 Gbps of traffic, the device begins dropping packets and missing attacks. Suddenly, the users are experiencing slow connectivity, and even worse, they are now vulnerable to attacks. In this example, the enterprise could have uncovered this limitation with some simple testing. If they had tested the device under various loads, they would have discovered that speeds higher than 1 Mbps would expose their network to security threats and slow down their network. To further emphasize the importance of performance testing, we have created the following test case. Device Under Load Test Case This test case has been set up for two well-known Intrusion Prevention Systems 1. Using the BPS-1000, we will show how an increase in traffic can affect a security device s ability to block attacks. The BPS-1000 offers five levels of network-based attacks; each subsequent level increases the difficulty of the test. For our portion of testing, we are going to use Security Level 2, which consists of about 450 Strikes and uses no evasion techniques. The test case consists of the following two scenarios: In the first scenario, the BPS-1000 will send Level 2 attacks and 1 Mbps of background traffic to each IPS. In the second scenario, the BPS-1000 will send Level 2 attacks and 1 Gbps of background traffic to each IPS. 1 The Intrusion Prevention Systems used in our test cases will not be identified. Both device s list their throughput at 1 Gbps. 2
5 Test Results Figure 1: Missed Attacks Figure 1 shows the test results for the number of missed attacks by both devices at 1 Mbps and 1 Gbps. 444 attacks were sent to Device A and Device B. Our results indicate that at 1 Mbps of traffic, Device A missed 331 attacks and Device B missed 229 attacks. At higher speeds, Device A missed 329 attacks, and Device B missed 242 attacks. Figure 2: Blocked Attacks Figure 2 shows the test results for the number of blocked attacks by both devices at 1 Mbps and 1 Gbps. 444 attacks were sent to Device A and Device B. Our results indicate that at 1 Mbps of traffic, Device A blocked 113 attacks and Device B blocked 215 attacks. At higher speeds, Device A blocked 115 attacks, and Device B blocked 202 attacks. 3
6 As we have mentioned, the BPS-1000 offers five levels of security testing; Level 1 is the easiest security test and Level 5 is the most difficult. For this test, we used Security Level 2, which is one of the easier security tests. At this level, most commercial-grade IPS s should be able to block a majority of the attacks; however, Device A only blocked an average of 25% of the attacks, and Device B blocked an average of 47% of the attacks. Imagine the catastrophic effects Level 5 2 would have on Device A and B. Although both IPS s can perform at 1 Gbps, this test reveals that their security coverage is affected by the speed at which traffic is sent to them. At a higher load, Device A was better at blocking attacks than at a lower load. Device B, on the other hand, was better at blocking attacks at a lower load than at a higher load. Typically, we expect that a device will perform better at lower traffic loads; however, Device A clearly proves that this is not always the case. Device A provided more coverage at a higher speed. These test results did not provide the outcome we expected, but they proved our claim that security devices are unpredictable under changing network conditions. Security Updates Security updates, the second aspect of the curveball, can completely change a security device in terms of performance and security coverage. These security packs may seem innocuous, but they can impact a device s performance. Typically, a vendor will immediately release a security pack when they discover a vulnerability. Each security pack contains new or updated signatures that allow you to filter the malicious traffic. Vendors will continue to release a series of security packs until they have completely resolved the issue. A vendor will normally do this to provide an immediate fix for the problem, but the quick fix may not be the optimal solution for the problem, or for your network. This process provides a false sense of security because it can be months before the device has the capabilities to block those threats. Until then, these network devices will remain vulnerable to certain security attacks and experience a decline in performance. To show how a security pack can impact a device s performance, we have set up the following test case. Latency Test Case This test case will use the following scenario: A device receives a security pack that updates its HTTP signatures. We want to know how the update will affect the device in terms of latency. To do this, we are going to set up three test cases for Device A that will only send HTTP traffic to the device. Each test will be used to measure the percentage of change in latency that occurs between the tests. The first test will measure the device s latency with no signatures enabled. The second test will measure that device s latency with the original signatures enabled. The third test will measure the device s latency with the updated HTTP signatures enabled. The BPS-1000 will measure the minimum, average, and maximum latency values. For our test purposes, we will only look at the maximum and average latency values. 2 We will cover Level 5 security testing in another whitepaper. Keep an eye out for our next whitepaper release. 4
7 Test Results Figure 3: Maximum Latency Results Figure 4: Average Latency Results Figure 3 and Figure 4 show the test results for the device s maximum and average latency. In the first test, where no signatures were enabled, the device s average latency was 0.03 milliseconds, while the maximum latency was 0.11 milliseconds. We used these values as the baselines for the subsequent tests. In the second test, where the original shipping signatures were installed, the device s average latency was still 0.03 milliseconds, but its maximum latency increased to 0.14 milliseconds. The device s performance experienced a slight increase in maximum latency between the first two tests, but this slight increase caused the latency to increase by 1.2 times its baseline maximum latency. 5
8 The third test reveals that the device s average latency increases to 0.30 milliseconds, while the device s maximum latency increased to a whopping milliseconds. This test was performed with the latest updated signatures available from the vendor s automatic download service. This security update causes the maximum latency to drastically increase by 634 times its baseline maximum latency, with an average latency increase of 10 times the baseline latency. This huge increase in latency will most likely impact a network by slowing down any Web-based traffic and causing HTTP connections to be dropped, which will ultimately result in reduced productivity for users across the network. These test results illustrate why it is so important to test a security pack before applying it. By measuring the device s latency before the security update, we were able to determine how the security pack would affect the device s performance after it has been applied. Conclusion You have read two test cases that demonstrate the importance interleaving the crucial aspects of network security testing. The first test case showed that a security device s effectiveness can be affected by a change in traffic load. The second test case illustrated how security packs can have a drastic and unpredictable effect on a device s performance. Together, these cases validate the testing methodology that security testing can only be done by concurrently sending application traffic and attacks to the device. In the past, enterprise networks had to choose either the performance-first or the security-first posture. Today, the BPS-1000 makes it possible to choose both. The BPS-1000 is the only test equipment that truly supports concurrent performance and security testing. Enterprise networks no longer have to depend on the trial period or ad-hoc testing methods. With the flexibility of the BPS-1000, they can create tests for every curveball and every network condition imaginable. Now, enterprises can truly determine how security equipment affects their networks today and their networks in the future. Contact Information For sales information or general inquiries, please contact BreakingPoint Systems: BreakingPoint Systems Boyer Blvd., Suite 300 Austin, TX (512) info@bpointsys.com 6
Symantec Endpoint Protection 11.0 Architecture, Sizing, and Performance Recommendations
Symantec Endpoint Protection 11.0 Architecture, Sizing, and Performance Recommendations Technical Product Management Team Endpoint Security Copyright 2007 All Rights Reserved Revision 6 Introduction This
More informationFirewall Testing Methodology W H I T E P A P E R
Firewall ing W H I T E P A P E R Introduction With the deployment of application-aware firewalls, UTMs, and DPI engines, the network is becoming more intelligent at the application level With this awareness
More informationTypes of cyber-attacks. And how to prevent them
Types of cyber-attacks And how to prevent them Introduction Today s cybercriminals employ several complex techniques to avoid detection as they sneak quietly into corporate networks to steal intellectual
More informationDATA CENTER IPS COMPARATIVE ANALYSIS
DATA CENTER IPS COMPARATIVE ANALYSIS Security 2014 Thomas Skybakmoen, Jason Pappalexis Tested Products Fortinet FortiGate 5140B, Juniper SRX 5800, McAfee NS- 9300, Sourcefire 8290-2 Data Center Overview
More informationAchieve Deeper Network Security
Achieve Deeper Network Security Dell Next-Generation Firewalls Abstract Next-generation firewalls (NGFWs) have taken the world by storm, revolutionizing network security as we once knew it. Yet in order
More informationSolarWinds. Packet Analysis Sensor Deployment Guide
SolarWinds Packet Analysis Sensor Deployment Guide Copyright 1995-2015 SolarWinds Worldwide, LLC. All rights reserved worldwide. No part of this document may be reproduced by any means nor modified, decompiled,
More informationWhitepaper: Virtualized fax servers why they re better than an appliance
Whitepaper: Virtualized fax servers why they re better than an appliance Organizations can achieve numerous benefits as they move from traditional manual faxing to a network fax server solution. Here are
More informationPerformance of Cisco IPS 4500 and 4300 Series Sensors
White Paper Performance of Cisco IPS 4500 and 4300 Series Sensors White Paper September 2012 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of
More informationWeb Security Firewall Setup. Administrator Guide
Web Security Firewall Setup Administrator Guide Web Security Firewall Setup Guide Documentation version: 1.0 Legal Notice Legal Notice Copyright 2013 Symantec Corporation. All rights reserved. Symantec,
More informationThe Next-Generation Virtual Data Center
The Essentials Series: Managing Workloads in a Virtual Environment The Next-Generation Virtual Data Center sponsored by by Jaime Halscott Th e Next Generation Virtual Data Center... 1 Be nefits of Virtualization
More informationReference Architecture: Enterprise Security For The Cloud
Reference Architecture: Enterprise Security For The Cloud A Rackspace Whitepaper Reference Architecture: Enterprise Security for the Cloud Cover Table of Contents 1. Introduction 2 2. Network and application
More informationCisco TelePresence VCR Converter 1.0(1.8)
Cisco TelePresence VCR Converter 1.0(1.8) Software release notes D14725.02 February 2011 Contents Contents Document revision history... 3 Introduction... 4 New features in version 1.0(1.8)... 5 Convert
More informationFor more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at www.visa.
Global Partner Management Notice Subject: Visa Data Security Alert Malicious Software and Internet Protocol Addresses Dated: April 10, 2009 Announcement: The protection of account information is a responsibility
More informationTesting Darwinsim: The History and Evolution of Network Resiliency
Testing Darwinsim: The History and Evolution of Network Resiliency Mike Hamilton Ixia Communications Session ID: SPO-210 Session Classification: General Interest Why Should I Care? 2 RESILIENCY Defining
More informationTEST METHODOLOGY. Distributed Denial-of-Service (DDoS) Prevention. v2.0
TEST METHODOLOGY Distributed Denial-of-Service (DDoS) Prevention v2.0 Table of Contents 1 Introduction... 4 1.1 The Need for Distributed Denial-of-Service Prevention... 4 1.2 About This Test Methodology
More informationThe CISO s Guide to the Importance of Testing Security Devices
ANALYST BRIEF The CISO s Guide to the Importance of Testing Security Devices Author Bob Walder Overview Selecting security products is a complex process that carries significant risks if not executed correctly;
More informationAchieve Deeper Network Security and Application Control
Achieve Deeper Network Security and Application Control Dell Next-Generation Firewalls Abstract Next-generation firewalls (NGFWs) have emerged to revolutionize network security as we once knew it. Yet
More informationIBM Advanced Threat Protection Solution
IBM Advanced Threat Protection Solution Fabio Panada IBM Security Tech Sales Leader 1 Advanced Threats is one of today s key mega-trends Advanced Threats Sophisticated, targeted attacks designed to gain
More informationWhy Is DDoS Prevention a Challenge?
ANALYST BRIEF Why Is DDoS Prevention a Challenge? PROTECTING AGAINST DISTRIBUTED DENIAL-OF-SERVICE ATTACKS Authors Andrew Braunberg, Mike Spanbauer Overview Over the past decade, the threat landscape has
More information2013 Thomas Skybakmoen, Francisco Artes, Bob Walder, Ryan Liles
FIREWALL COMPARATIVE ANALYSIS Performance 2013 Thomas Skybakmoen, Francisco Artes, Bob Walder, Ryan Liles Tested Products Barracuda F800, Check Point 12600, Cyberoam CR2500iNG, Dell SonicWALL NSA 4500,
More informationCA Nimsoft Monitor. Probe Guide for Internet Control Message Protocol Ping. icmp v1.1 series
CA Nimsoft Monitor Probe Guide for Internet Control Message Protocol Ping icmp v1.1 series CA Nimsoft Monitor Copyright Notice This online help system (the "System") is for your informational purposes
More informationProtecting the Infrastructure: Symantec Web Gateway
Protecting the Infrastructure: Symantec Web Gateway 1 Why Symantec for Web Security? Flexibility and Choice Best in class hosted service, appliance, and virtual appliance (upcoming) deployment options
More information5 Steps to Avoid Network Alert Overload
5 Steps to Avoid Network Alert Overload By Avril Salter 1. 8 0 0. 8 1 3. 6 4 1 5 w w w. s c r i p t l o g i c. c o m / s m b I T 2011 ScriptLogic Corporation ALL RIGHTS RESERVED. ScriptLogic, the ScriptLogic
More informationNetwork Security Report:
Network Security Report: The State of Network Security in Schools Managing tight budgets. Complying with regulatory requirements. Supporting Internet-based learning technologies. There are many challenges
More informationCA Nimsoft Monitor. Probe Guide for URL Endpoint Response Monitoring. url_response v4.1 series
CA Nimsoft Monitor Probe Guide for URL Endpoint Response Monitoring url_response v4.1 series Legal Notices This online help system (the "System") is for your informational purposes only and is subject
More informationSPEAR PHISHING AN ENTRY POINT FOR APTS
SPEAR PHISHING AN ENTRY POINT FOR APTS threattracksecurity.com 2015 ThreatTrack, Inc. All rights reserved worldwide. INTRODUCTION A number of industry and vendor studies support the fact that spear phishing
More informationMalware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime sponsored by Introduction
More informationCisco Unified Communications Self Care Portal User Guide, Release 10.5(1)
Cisco Unified Communications Self Care Portal User Guide, Release 10.5(1) Unified Communications Self Care Portal 2 Unified Communications Self Care Settings 2 Phones 4 Additional Settings 12 Revised:
More informationThe Business Case for Security Information Management
The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un
More informationSurvey: Web filtering in Small and Medium-sized Enterprises (SMEs)
September 2010 GFI Software www.gfi.com More and more organizations are seeing value in web filtering and web security solutions, a survey conducted by GFI Software shows, with seven in 10 stating they
More informationDell InTrust 11.0. Preparing for Auditing and Monitoring Microsoft IIS
Preparing for Auditing and Monitoring Microsoft IIS 2014 Dell Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished
More informationSymantec Security Information Manager 4.8 Release Notes
Symantec Security Information Manager 4.8 Release Notes Symantec Security Information Manager 4.8 Release Notes The software described in this book is furnished under a license agreement and may be used
More informationWEB APPLICATION FIREWALL PRODUCT ANALYSIS
WEB APPLICATION FIREWALL PRODUCT ANALYSIS F5 Big-IP ASM 10200 v11.4.0 Authors Ryan Liles, Orlando Barrera Overview NSS Labs performed an independent test of the F5 Big-IP ASM 10200. The product was subjected
More informationUnified Threat Management Throughput Performance
Unified Threat Management Throughput Performance Desktop Device Comparison DR150818C October 2015 Miercom www.miercom.com Contents Executive Summary... 3 Introduction... 4 Products Tested... 6 How We Did
More informationCloud Security Primer MALICIOUS NETWORK COMMUNICATIONS: WHAT ARE YOU OVERLOOKING?
A Cloud Security Primer : WHAT ARE YOU OVERLOOKING? LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and should not be construed
More informationTEST METHODOLOGY. Web Application Firewall. v6.2
TEST METHODOLOGY Web Application Firewall v6.2 Table of Contents 1 Introduction... 4 1.1 The Need for Web Application Firewalls... 4 1.2 About This Test Methodology and Report... 4 1.3 Inclusion Criteria...
More informationThe Essentials Series. PCI Compliance. sponsored by. by Rebecca Herold
The Essentials Series PCI Compliance sponsored by by Rebecca Herold Using PCI DSS Compliant Log Management to Identify Attacks from Outside the Enterprise...1 Outside Attacks Impact Business...1 PCI DSS
More informationINSTANT MESSAGING SECURITY
INSTANT MESSAGING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part
More informationNEXT GENERATION FIREWALL COMPARATIVE ANALYSIS
NEXT GENERATION FIREWALL COMPARATIVE ANALYSIS Security Value Map (SVM) Author Thomas Skybakmoen Tested Products Barracuda F800b Check Point 13500 Cisco ASA 5525-X Cisco ASA 5585-X SSP60 Cisco FirePOWER
More informationQuest Collaboration Services 3.5. How it Works Guide
Quest Collaboration Services 3.5 How it Works Guide 2010 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide
More informationIBM Security QRadar Vulnerability Manager
IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk
More informationBest Practices Top 10: Keep your e-marketing safe from threats
Best Practices Top 10: Keep your e-marketing safe from threats Months of work on a marketing campaign can go down the drain in a matter of minutes thanks to an unforeseen vulnerability on your campaign
More informationSpotlight Management Pack for SCOM
Spotlight Management Pack for SCOM User Guide January 2015 The is used to display data from alarms raised by Spotlight on SQL Server Enterprise in SCOM (System Center Operations Manager). About System
More informationSSL Performance Problems
ANALYST BRIEF SSL Performance Problems SIGNIFICANT SSL PERFORMANCE LOSS LEAVES MUCH ROOM FOR IMPROVEMENT Author John W. Pirc Overview In early 2013, NSS Labs released the results of its Next Generation
More informationBest Practices for Running Symantec Endpoint Protection 12.1 on the Microsoft Azure Platform
TECHNICAL BRIEF: BEST PRACTICES GUIDE FOR RUNNING SEP ON.... AZURE.................................... Best Practices for Running Symantec Endpoint Protection 12.1 on the Microsoft Azure Platform Who should
More informationHost OS Compatibility Guide
Host OS Compatibility Guide Last Updated: December 16, 2014 For more information go to vmware.com. Host Operating System Compatibility Microsoft Windows 7 Supported s Windows 7 vsphere Client (Windows)4.1
More informationThe 2014 Next Generation Firewall Challenge
Network World and Robin Layland present The 2014 Next Generation Firewall Challenge Guide to Understanding and Choosing a Next Generation Firewall to Combat Today's Threats 2014 The 2014 Next Generation
More informationTIME TO RETHINK PERFORMANCE MONITORING
TIME TO RETHINK PERFORMANCE MONITORING New requirements for application awareness and support for unified communications are challenging performance monitoring appliance vendors to reconsider their approach.
More informationCisco TelePresence Management Suite Extension for Microsoft Exchange Version 4.0.1
Cisco TelePresence Management Suite Extension for Microsoft Exchange Version 4.0.1 Software Release Notes May 2014 Contents Introduction 1 Changes to interoperability 1 Product documentation 2 New features
More informationCisco TelePresence Management Suite Extension for Microsoft Exchange Version 4.0
Cisco TelePresence Management Suite Extension for Microsoft Exchange Version 4.0 Software Release Notes May 2014 Contents Introduction 1 Changes to interoperability 1 Product documentation 1 New features
More informationIntegration Guide. EMC Data Domain and Silver Peak VXOA 4.4.10 Integration Guide
Integration Guide EMC Data Domain and Silver Peak VXOA 4.4.10 Integration Guide August 2013 Copyright 2013 EMC Corporation. All Rights Reserved. EMC believes the information in this publication is accurate
More informationEmail AntiVirus. Administrator Guide
Email AntiVirus Administrator Guide Email AntiVirus Administrator Guide Documentation version: 1.0 Legal Notice Legal Notice Copyright 2013 Symantec Corporation. All rights reserved. Symantec, the Symantec
More informationCORPORATE AV / EPP COMPARATIVE ANALYSIS
CORPORATE AV / EPP COMPARATIVE ANALYSIS Exploit Evasion Defenses 2013 Randy Abrams, Dipti Ghimire, Joshua Smith Tested Vendors AVG, ESET, F- Secure, Kaspersky, McAfee, Microsoft, Norman, Panda, Sophos,
More informationDATA CENTER IPS COMPARATIVE ANALYSIS
DATA CENTER IPS COMPARATIVE ANALYSIS Security Value Map (SVM) 2014 Thomas Skybakmoen, Jason Pappalexis Tested Products Fortinet FortiGate 5140B, Juniper SRX 5800, McAfee NS- 9300, Sourcefire 8290-2 Overview
More informationCA Nimsoft Monitor. Probe Guide for DNS Response Monitoring. dns_response v1.6 series
CA Nimsoft Monitor Probe Guide for DNS Response Monitoring dns_response v1.6 series Legal Notices This online help system (the "System") is for your informational purposes only and is subject to change
More informationHow to Choose the Right Industrial Firewall: The Top 7 Considerations. Li Peng Product Manager
How to Choose the Right Industrial Firewall: The Top 7 Considerations Li Peng Product Manager The right industrial firewall can strengthen the safety and reliability of control systems Central to industrial
More informationGetting Ahead of Malware
IT@Intel White Paper Intel Information Technology Security December 2009 Getting Ahead of Malware Executive Overview Since implementing our security event monitor and detection processes two years ago,
More informationIntrusion Detection Systems
Intrusion Detection Systems Assessment of the operation and usefulness of informatics tools for the detection of on-going computer attacks André Matos Luís Machado Work Topics 1. Definition 2. Characteristics
More informationPRODUCT CATEGORY BROCHURE
IDP Series Intrusion Detection and Prevention Appliances PRODUCT CATEGORY BROCHURE Staying One Step Ahead With the accelerating number of applications allowed in from the Internet and the higher frequency
More informationVirtualized fax servers why they re better than an appliance
Virtualized fax servers why they re better than an appliance Contents Hardware appliance fax server 3 Physical space 3 Maintenance and future-proofing 3 Changing the way you communicate 3 Scalability 4
More informationA Layperson s Guide To DoS Attacks
A Layperson s Guide To DoS Attacks A Rackspace Whitepaper A Layperson s Guide to DoS Attacks Cover Table of Contents 1. Introduction 2 2. Background on DoS and DDoS Attacks 3 3. Types of DoS Attacks 4
More informationManaging Latency in IPS Networks
Application Note Revision B McAfee Network Security Platform Managing Latency in IPS Networks Managing Latency in IPS Networks McAfee Network Security Platform provides you with a set of pre-defined recommended
More informationSolving the Security Puzzle
Solving the Security Puzzle How Government Agencies Can Mitigate Today s Threats Abstract The federal government is in the midst of a massive IT revolution. The rapid adoption of mobile, cloud and Big
More informationOrganized, Hybridized Network Monitoring
Organized, Hybridized Network Monitoring Use a combination of technologies and organizational techniques to master complex network monitoring Abstract In the world of network monitoring, you re basically
More informationSymantec LiveUpdate Administrator. Getting Started Guide
Symantec LiveUpdate Administrator Getting Started Guide Symantec LiveUpdate Administrator Getting Started Guide The software described in this book is furnished under a license agreement and may be used
More informationBreach Found. Did It Hurt?
ANALYST BRIEF Breach Found. Did It Hurt? INCIDENT RESPONSE PART 2: A PROCESS FOR ASSESSING LOSS Authors Christopher Morales, Jason Pappalexis Overview Malware infections impact every organization. Many
More informationUnderstanding & Improving Hypervisor Security
The Essentials Series: Security Concerns & Solutions Understanding & Improving Hypervisor Security sponsored by by Greg Shields Understanding & Improving Hypervisor Security...1 What Is the Hypervisor?...1
More informationPERFORMANCE VALIDATION OF JUNIPER NETWORKS SRX5800 SERVICES GATEWAY
APPLICATION NOTE PERFORMANCE VALIDATION OF JUNIPER NETWORKS SRX5800 SERVICES GATEWAY Copyright 2010, Juniper Networks, Inc. Table of Contents Introduction........................................................................................
More informationTroubleshooting Procedures for Cisco TelePresence Video Communication Server
Troubleshooting Procedures for Cisco TelePresence Video Communication Server Reference Guide Cisco VCS X7.2 D14889.01 September 2011 Contents Contents Introduction... 3 Alarms... 3 VCS logs... 4 Event
More informationDell InTrust 11.0 Best Practices Report Pack
Complete Product Name with Trademarks Version Dell InTrust 11.0 Best Practices Report Pack November 2014 Contents About this Document Auditing Domain Controllers Auditing Exchange Servers Auditing File
More informationWeb application security Executive brief Managing a growing threat: an executive s guide to Web application security.
Web application security Executive brief Managing a growing threat: an executive s guide to Web application security. Danny Allan, strategic research analyst, IBM Software Group Contents 2 Introduction
More informationBest Practices in ICS Security for System Operators. A Wurldtech White Paper
Best Practices in ICS Security for System Operators A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security
More informationCIO Update: Enterprise Security Moves Toward Intrusion Prevention
IGG-06042003-03 J. Pescatore, R. Stiennon Article 4 June 2003 CIO Update: Enterprise Security Moves Toward Intrusion Prevention As targeted hacker attacks increase, intrusion prevention is gaining importance
More informationENTERPRISE EPP COMPARATIVE ANALYSIS
ENTERPRISE EPP COMPARATIVE ANALYSIS Socially Engineered Malware Randy Abrams, Jayendra Pathak, Ahmed Garhy Tested Products Fortinet Fortigate 100D Management station Forticlient- 5.0.7.333 McAfee VirusScan
More informationHow To Test A Ddos Prevention Solution
TEST METHODOLOGY Distributed Denial- of- Service (DDoS) Prevention v1.0 Table of Contents 1 Introduction... 5 1.1 The Need for Distributed Denial- of- Service Prevention... 5 1.2 About This Test Methodology
More informationDATA CENTER IPS COMPARATIVE ANALYSIS
DATA CENTER IPS COMPARATIVE ANALYSIS Total Cost of Ownership () 2014 Thomas Skybakmoen, Jason Pappalexis Tested s Fortinet FortiGate 5140B, Juniper SRX 5800, McAfee NS- 9300, Sourcefire 8290-2 Overview
More informationReporting and Incident Management for Firewalls
Reporting and Incident Management for Firewalls The keys to unlocking your firewall s secrets Contents White Paper November 8, 2001 The Role Of The Firewall In Network Security... 2 Firewall Activity Reporting
More information10 easy steps to secure your retail network
10 easy steps to secure your retail network Simple step-by-step IT solutions for small business in retail to leverage advanced protection technology in ways that are affordable, fast and easy October 2015
More informationAll copyright, trade mark, design rights, patent and other intellectual property rights (registered or unregistered) in the Content belongs to us.
LEO Pharma Terms of use We/ Us/ Our You/Your Website Content LEO Laboratories Limited a company registered in the United kingdom under number 662129) known as LEO Pharma (LEO Pharma) and companies affiliated
More informationStreamlining Web and Email Security
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Streamlining Web and Email Security sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor
More informationAn Oracle White Paper February 2010. Rapid Bottleneck Identification - A Better Way to do Load Testing
An Oracle White Paper February 2010 Rapid Bottleneck Identification - A Better Way to do Load Testing Introduction You re ready to launch a critical Web application. Ensuring good application performance
More informationKERIO TECHNOLOGIES KERIO WINROUTE FIREWALL 6.4 REVIEWER S GUIDE. (Updated April 14, 2008)
KERIO TECHNOLOGIES KERIO WINROUTE FIREWALL 6.4 REVIEWER S GUIDE (Updated April 14, 2008) WHO IS KERIO? Kerio Technologies provides Internet messaging and firewall software solutions for small to medium
More informationz/os V1R11 Communications Server system management and monitoring
IBM Software Group Enterprise Networking Solutions z/os V1R11 Communications Server z/os V1R11 Communications Server system management and monitoring z/os Communications Server Development, Raleigh, North
More informationRapid Bottleneck Identification A Better Way to do Load Testing. An Oracle White Paper June 2009
Rapid Bottleneck Identification A Better Way to do Load Testing An Oracle White Paper June 2009 Rapid Bottleneck Identification A Better Way to do Load Testing. RBI combines a comprehensive understanding
More informationSymantec Protection Center Enterprise 3.0. Release Notes
Symantec Protection Center Enterprise 3.0 Release Notes Symantec Protection Center Enterprise 3.0 Release Notes The software described in this book is furnished under a license agreement and may be used
More informationProduct Release Notes
Prognosis VoIP Monitor Important Notices Copyright Copyright 2013 - Integrated Research Limited (ABN 76 003 588 449). All rights reserved. The information contained in this Prognosis guide is protected
More informationQuest Collaboration Services 3.6.1. How it Works Guide
Quest Collaboration Services 3.6.1 How it Works Guide 2011 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide
More informationaxsguard Gatekeeper Internet Redundancy How To v1.2
axsguard Gatekeeper Internet Redundancy How To v1.2 axsguard Gatekeeper Internet Redundancy How To v1.2 Legal Notice VASCO Products VASCO data Security, Inc. and/or VASCO data Security International GmbH
More informationPeach Fuzzer Platform
Fuzzing is a software testing technique that introduces invalid, malformed, or random data to parts of a computer system, such as files, network packets, environment variables, or memory. How the tested
More informationFirst Line of Defense to Protect Critical Infrastructure
RFI SUBMISSION First Line of Defense to Protect Critical Infrastructure Developing a Framework to Improve Critical Infrastructure Cybersecurity Response to NIST Docket # 130208119-3119-01 Document # 2013-044B
More informationDell InTrust 11.0. Preparing for Auditing Cisco PIX Firewall
2014 Dell Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement.
More informationCisco TelePresence VCR MSE 8220
Cisco TelePresence VCR MSE 8220 Getting started 61-0008-05 Contents General information... 3 About the Cisco TelePresence VCR MSE 8220... 3 Port and LED location... 3 LED behavior... 4 Installing the VCR
More informationMail Gateway Testing. Test Plan. 26601 W. Agoura Rd. Calabasas, CA 91302 (Toll Free US) 1.877.FOR.IXIA (Int'l) +1.818.871.1800 (Fax) 818.871.
Mail Gateway Testing 26601 W. Agoura Rd. Calabasas, CA 91302 (Toll Free US) 1.877.FOR.IXIA (Int'l) +1.818.871.1800 (Fax) 818.871.1805 www.ixiacom.com Test Plan Copyright 2006 by Ixia All rights reserved
More informationProtecting against cyber threats and security breaches
Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So
More informationTEST METHODOLOGY. Network Firewall Data Center. v1.0
TEST METHODOLOGY Network Firewall Data Center v1.0 Table of Contents 1 Introduction... 4 1.1 The Need for Firewalls In The Data Center... 4 1.2 About This Test Methodology and Report... 4 1.3 Inclusion
More informationFault Tolerance in Virtualized Data Centers:
storage without boundaries Whitepaper Fault Tolerance in Virtualized Data Centers: Leveraging the Resilience of VMware FT and StorTrends itx High Availability CERTIFIED Table of Contents Introduction 3
More informationSecurity Analytics Engine 1.0. Help Desk User Guide
2015 Dell Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement.
More informationCan Consumer AV Products Protect Against Critical Microsoft Vulnerabilities?
ANALYST BRIEF Can Consumer AV Products Protect Against Critical Microsoft Vulnerabilities? Author Randy Abrams Tested Products Avast Internet Security 7 AVG Internet Security 2012 Avira Internet Security
More informationComplete Protection against Evolving DDoS Threats
Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls... 3 Intrusion
More information