Visibility, Control and Security. Philippe Rougé Technical Director

Similar documents
Allot Communications Solutions. Enterprise Solutions. Ensuring mission- and business-critical application performance, and controlling IT costs

Allot Security Solution Suite

How To Choose A Network Firewall

Cheap and efficient anti-ddos solution

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

Introducing FortiDDoS. Mar, 2013

How To Protect A Dns Authority Server From A Flood Attack

Zscaler Internet Security Frequently Asked Questions

First Line of Defense

Network Performance Management Solutions Architecture

First Line of Defense

Features. Key benefits. HDX WAN optimization. QoS

Cisco Prime Network Analysis Module Software 5.1 for WAAS VB

The Next Generation Network:

FortiDDos Size isn t everything

Cisco Cloud Web Security

Simple security is better security Or: How complexity became the biggest security threat

FlowMon. Complete solution for network monitoring and security. INVEA-TECH

Intelligent Policy Enforcement Solutions for Broadband Service Providers

Secure Cloud-Ready Data Centers Juniper Networks

Move over, TMG! Replacing TMG with Sophos UTM

Break Internet Bandwidth Limits Higher Speed. Extreme Reliability. Reduced Cost.

NX 9500 INTEGRATED SERVICES PLATFORM FOR THE PRIVATE CLOUD

Fortigate Features & Demo

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

1110 Cool Things Your Firewall Should Do. Extending beyond blocking network threats to protect, manage and control application traffic

FortiWeb for ISP. Web Application Firewall. Copyright Fortinet Inc. All rights reserved.

Application Delivery Networks: The New Imperative for IT Visibility, Acceleration and Security > White Paper

Market Application Delivery Networking. Products ADC, WAN Optimization, Secure Access

Application Visibility and Monitoring >

UNIFIED PERFORMANCE MANAGEMENT

Gaining Operational Efficiencies with the Enterasys S-Series

ITC Corporate Connect

Carrier/WAN SDN Brocade Flow Optimizer Making SDN Consumable

November Defining the Value of MPLS VPNs

Networking for Caribbean Development

Applications erode the secure network How can malware be stopped?

Network Monitoring and Traffic CSTNET, CNIC

Best Practices in Legal IT. How to share data and protect critical assets across the WAN

Cisco Network Analysis Module Software 4.0

Assuring Your Business Continuity

Lab Testing Summary Report

Solution Brief. Secure and Assured Networking for Financial Services

CISCO WIRELESS CONTROL SYSTEM (WCS)

Optimal Network Connectivity Reliable Network Access Flexible Network Management

Huawei Eudemon200E-N Next-Generation Firewall

Cisco Virtualization Experience Infrastructure: Secure the Virtual Desktop

Introducing IBM s Advanced Threat Protection Platform

Application centric Datacenter Management. Ralf Brünig, F5 Networks GmbH Field Systems Engineer March 2014

Cisco Prime Virtual Network Analysis Module

Intelligent Policy Enforcement for LTE Networks

Security and Billing for Azure Pack. Presented by 5nine Software and Cloud Cruiser

Wharf T&T Limited DDoS Mitigation Service Customer Portal User Guide

Next-Generation Firewalls: Critical to SMB Network Security

Security Solutions for the New Threads

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

February Considerations When Choosing a Secure Web Gateway

Network Protection Solution. Toni Ala-Mutka.

Cisco Wireless Control System (WCS)

Allot ClearSee. Providing Breakthrough Network Business Intelligence. Insightful Analytics and Superior Data Source For Data Network Service Providers

Security Administration R77

Protect your network: planning for (DDoS), Distributed Denial of Service attacks

Whitepaper. Controlling the Network Edge to Accommodate Increasing Demand

McAfee Web Reporter Turning volumes of data into actionable intelligence

How To Configure A Kiwi Ip Address On A Gbk (Networking) To Be A Static Ip Address (Network) On A Ip Address From A Ipad (Netware) On An Ipad Or Ipad 2 (

Web Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks

Security MWC Nokia Solutions and Networks. All rights reserved.

Software Defined Networking Hva kan du starte med i dag? Geir Åge Leirvik HP Networking

Check Point DDoS Protector

Stop DDoS Attacks in Minutes

Astaro Gateway Software Applications

Meraki: Introduction to Cloud Networking

IxLoad-Attack: Network Security Testing

NetFlow Tips and Tricks

Data Sheet. DPtech Anti-DDoS Series. Overview

Protection against DDoS and WEB attacks. Michael Soukonnik Radware Ltd

WAN Optimization in MPLS Networks- the Transparency Challenge!

Per-Flow Queuing Allot's Approach to Bandwidth Management

Secure Pipes with Network Security Technology Showcase

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

Inspection of Encrypted HTTPS Traffic

Complete Protection against Evolving DDoS Threats

IREBOX X. Firebox X Family of Security Products. Comprehensive Unified Threat Management Solutions That Scale With Your Business

Best of Breed of an ITIL based IT Monitoring. The System Management strategy of NetEye

DDoS Overview and Incident Response Guide. July 2014

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

Redefine Network Visibility in the Data Center with the Cisco NetFlow Generation Appliance

Load Balancing Security Gateways WHITE PAPER

Cisco SecureX Product Brochure

Transcription:

Visibility, Control and Security Philippe Rougé Technical Director June 23 rd 2015

Agenda 1. About Allot 2. Market Drivers, Market Needs 3. Network Visibility 4. Network Control 5. Network security 6. Components and architecture 7. Solutions for Service Providers 2

Allot in Italy, and worldwide ~500 Employees with Global Support Offices Regional Headquarters Sales & Support Offices 3

Allot Customer Base 350+ Fixed 150+ Mobile 4500+ Cloud & Enterprises Serving 1.8B Subscribers 100+ Countries 4

Cloud Computing Evolution Applications Mobility SaaS IaaS PaaS WHY : IT is NOT my business nor my Expertise Users Mobility Mobility WHY: Cyberspace is the Real space, Be connected anywhere, everywhere

The Internet s Sole Objective Applications Enterprise Applications Users On Campus WAN In the Branch INTERNET At Home Internet Applications Connecting Users with Applications On the Road 6

What Enterprises are looking for Application Performance Improved performance of business applications Application and User Visibility Business level application & user monitoring, analytics Matching Resource Usage with Business Priorities Application, network & employee resource usage policy Network & Application Security Blocking of malicious or unauthorized application traffic Availability and Fast Service Restore Application and network capacity planning & troubleshooting Simplicity Easy resource usage policy deployment and intuitive visibility 7

Visibility QoS Control and Security starts with detailed End-to-End Visibility

Do you really know how your bandwidth is used? (There is HTTP and there is...http) Netflow like reports DPI-based IP Intelligence Others http (Port 80) Traffic is mostly HTTP based (even more with cloud) large differences between YouTube and Salesforce.com! 9

Allot Visibility Key Points NetEnforcer Reports can only be as good as data is Analyze ALL traffic / flows (not just samples) Each flow is classified as an application (from a Library) Application Volume Metering (30 secs interval) Very Rich Signature Library More than 800+entries Inc. Enterprise applications (e.g. MSFT 360, Citrix, etc.) Inc Anonymizers Inc. Possibility to define customized signatures (home-made applications) Frequent Signature Library Updates Major Release Every 6 to 8 weeks, Minor every 10-15 days Fully In-Service upgrade 10

Rich Reports set NetExplorer Providing a bird s eye view of all network activity Powerful yet easy to use tool (GUI) Available Reports: By Applications being used/consumed By Time By End Users (or Group of users) By Network / Topology Endpoints (e.g. Branch Office) Combined View (if multiple NE) / Single View (one NE at a time) Drill-Down capability 11

Rich Feature Set Turning network activity into meaningful information NetExplorer Real-time and historical usage reports Real-time data for troubleshooting Historical data for trend and behavior analysis User-Friendly Customize favorites dashboard Customer Filtered Views Export data to other systems for further Analysis Scheduling Capability 12

Control 13 QoS Control Protects Users Productivity, Ensures Application Experience and matches between resource allocation and the corporate objective

Well-Known Perfect Storms (e.g. Windows Update, Antivirus Update, etc...) Without Traffic Management With Traffic Management CRM application getting very slow, cannot use it!!!! Business as usual 14

Different Users - Different Needs - Same Service (e.g. Social Network Access) Human Resources Manufacturing Floor I need Facebook to check candidate profiles No Facebook access during working shifts 15

Allot offers multiple QoS Tools Max Bit Rate Min Bit Rate Steer Expedite Drop Buffer HTTP Redirect Swiss-army knife approach 16

For Enforcing Enterprise Policies Management Production HR Application awareness Business critical Regular office usage Leisure and non-work related User awareness Management / Employee Remote / Local Guests / Visitors Network awareness LAN/ WAN/ WiFi Secured/ Non-secured 17

Allot QoS Hierarchical Policy Structure Designed to meet enterprise requirements IT Manager Objective: Guarantee QoS for each branch Guarantee Internet Access Guarantee QoS for mission-critical applications Data Center (Milan) Milan Office Web, Email, VPN Servers Torino Office VOIP CRM/ERP WAN Rome Office 18

Allot QoS Hierarchical Policy Structure NetEnforcer 3-Level Hierarchical Policy Design PHYSICAL LINK (e.g. 100 Mbps LINE from ISP X) Internal Resources (Priority 1) Milan Office (20 Mbps MIN) Rome Office (20 Mbps MIN) Torino Office (10 Mbps MIN) Web&email CRM Web (Priority 4) Email CRM Web&email VoIP Internet Access (Priority 2) P2P (Blocked) Browsing Adult (Redirect) Facebook 19

Intuitive UI Policy Rule-Base Definition And it s litterarly just doing this... 20

Requires User Awareness MS/Active Directory, DHCP or Radius Integration User Login User IP - Policy Mapping IP Address AD Server SMP Top Users graphs Per User Usage graph NetExplorer Enforce usage - based on Employee Policy NetEnforcer Internet 21

Result: WAN Performance Management Prioritize applications to suit business needs Manage traffic to avoid congestion Constant monitoring of policy effectiveness & application performance Before Putting Network Intelligence to work: Create policies to maximize WAN performance After Bandwidth per regional office, real time 22

Security 23 Security Protects Users from malicious and improper Web content and protect your network from Denial of Service attacks

The evidence on cyber threats is staggering Malware Finding malware designed to hide in normal activity requires a platform that can point out the differences between normal machine and human behaviors verses malware BYOD More devices are potential participants in malware propagation and botnet-based attacks. The enemy is everywhere DDoS attacks DDoS attack tools and services are openly sold and botnets can be rented through such common channels as YouTube Exposure footprint The cloud is becoming another computing location for a growing number of organizations

Allot Service Protector Detect and surgically mitigate anomalous traffic in seconds Anti-Abuse Anti-DDoS Identify and isolate abusive User behavior Dynamic internal blacklist Protect IP reputation / avoid DNS blacklisting Infection notification services Identify network anomalies with Network Behavior Anomaly Detection (NBAD) Supports Dynamic Content Signatures Ensures Network stability Protect against computing resources misuse Integrated Security Service 25

Allot Service Protector Key Points Embedded in Allot In-line Platforms No deployment downtime / No service interruption Quick to Deploy User configurable reports & alarms Surgical signature based DDoS attack mitigation Block bad traffic. Allow good traffic to flow. Scalable 26

Service Protector in Action (Anti-DDoS) 5 Data Center (Milan) SP Controller 3 Web, Email, VPN Servers 4 Internet 1 CRM/ERP 2 VOIP NetEnforcer (SP Sensor) 27

Service Protector in Action (Anti-Abuse) 5 SP Controller 3 Rome Office 4 2 Internet 1 NetEnforcer (SP Sensor) 28

Allot Service Protector in Action April 7, 2013 Hacktivist group, Anonymous, launches massive cyber attack on Israel Several types of attacks were launched, including fragmented packets, UDP DNS flood, TCP SYN flood, TCP RST flood, and invalid TCP flood Allot ServiceProtector detected each attack, its strength, severity, and origin Attacks were detected and mitigated within less than minutes before disabling networks and Internet sites/service Allot ServiceProtector successfully blocked 7 billion packets and 1.8 terabytes of malicious data! Largest flooding attacks recorded resulted in 19Gbps and 2 million PPS (packets per second)! 29

30 Architecture & Platforms

Typical Solution Deployment : WAN Link Data Center (Milan) Web, Email, VPN Servers HQ (Milan) Guest WiFi Turin Office CRM/ERP VOIP WAN / VPN Rome Office IT Supervision/ NOC Internet 31

Typical Solution Deployment : Internet link Data Center (Milan) Web, Email, VPN Servers HQ (Milan) Guest WiFi Turin Office CRM/ERP VOIP WAN / VPN Rome Office IT Supervision/ NOC Internet 32

Typical Solution Deployment : Data Center Data Center (Milan) Web, Email, VPN Servers HQ (Milan) Guest WiFi Turin Office CRM/ERP VOIP WAN / VPN Rome Office IT Supervision/ NOC Internet 33

Allot NetEnforcer NetEnforcer For a wide range of networks NetEnforcer AC-500 Essential visibility and QoS enforcement Scalable BW control From 10Mbps to 8 Gbps (full duplex) 1GE and 10GE ports, Fiber & Copper Enable intelligent optimization of LAN / WAN / WiFi / Data Center NetEnforcer AC-1400 NetEnforcer AC-3000 NetEnforcer AC-6000 200 Mbps 1 Gbps 4 Gbps 8 Gbps 34

Allot Service Gateways Service GW For a wide range of networks Sigma-E6 ATCA Chassis for scalability From 6 to 14 Slots Up to 500 Gbps per NE GbE, 10G, 100G Ports Up to 15 Millions Users Embedded SP and WSP Sigma-E14 SG-Tera 64 Gbps 160 Gbps 500 Gbps 35

NFV : Network Simplification Opportunity Application Hypervisor vsmp vnx vspc vwsp vaos VMware ESX 5.5 Physical Srv x86 IBM DELL HP CISCO 36

Allot solutions for Service Providers 37

Allot s Solution Domains Delivering Digital Lifestyle Services Analyze Protect Improve Monetize your OTT traffic your network & subscribers your network your network Know your network and get close to your customers Protect your network and your customers Optimize utilization and service delivery Create, bundle and charge for value-added services 38

Allot Analytics solutions domains Network Planning Buzy Hour Analysis Application Usage & trends HTTPS trends Cust. Experience QoE Analysis Cross-Domain analysis (Location, Congestion, Attacks) Marketing Subscriber Segmentation Device Usage Demographics Intent indications in data source 39

Customer Story: StarHub (Singapore) Project Background Project funded by the Government Media Agency Extract data/records in 45 CMTS sites Allot Solution Allot s Service GW generates HTTP DRs that include : The Search Query, Areas of interest, Application and device data records, Video Data records BI Tool Allot ClearSee Achievement Better understanding of customer segments / patterns Monetization enabler (Internal Campaign Management, External Ad) 40

Allot Cyber Solutions for a Safer Internet Cyber Intelligence Leading anonymity and encryption awareness Highly Granular Transaction information at Scale Web Security Content filtering to illegal web services Anti-malware protection Parental Control Network Protection Zero day DDoS Mitigation 1 st line of defense 41

Customer Story: Vodafone Rete sicura Vodafone - Safe Network Service: Opted-In Service offered to Residential and Business Consumers Parental Control (Residential) / URL Filtering Anti-Malware (Virus, Phishing, Harmful site) Fully Multi-tenant / Fully customizable Highly Successful Service: Ca. 10M Users in Production 50.000 New users per day Service Appreciation one of the highest Ranked Powered by Allot SG and Allot WSP: Opted-In / Opted-Out Traffic Dispatcher WSP as Security Filter Fully integrated in Vodafone OSS/BSS systems and VF Subscriber Portals Rich sets of Notifications and Reporting features 42

Allot Optimization solutions Video optimization Application aware B/W allocation Real-Time Transrating Adaptive Streaming and Encrypted support TCP optimization Application Transparent Supports HTTPS Web Optimization HTTP Object Compression (Textual, Images) 43

Customer Story: 3UK Traffic Saving Peak Hour: 25-30% Throughput Savings and 26-32% Tonnage Savings Tonnage Savings: 42% of Tonnage Savings on optimized traffic and overall savings of 21% QoE improvement QoE: 57% of Stall Reduction for content optimized traffic and overall 10% Stall Reduction for all traffic. Average MOS degradation is 0.1. ROI is reached: Investment ROI reached within 9 months since system was fully operation on Red and Amber Cells 44

Key Take Aways Huge Market Disruption BYOD, Guest WiFi, Cloud, create needs Allot Solutions More relevant than ever Allot Products Comprehensive product Portfolio Allot Leadership & Experience 18 years of experience makes the difference We are ready Local Go to Market Strategy Customer focused We are here to help you being successful 45

THANK U Find out how Allot can help YOUR business to become a leading Digital Lifestyle Provider Email info@allot.com www.allot.com 46

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information