Securing the Data Center



Similar documents
Fortinet FortiGate App for Splunk

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)

The Fortinet Advanced Threat Protection Framework

The Enterprise Cloud Rush

Fortinet s Data Center Solution

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)

Improving Profitability for MSSPs Targeting SMBs

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Network Firewall (INFW)

How To Get A Fortinet Security System For Free

SDN Security for VMware Data Center Environments

5 ½ Things That Make a Firewall Next Gen WHITE PAPER

FortiCore A-Series. SDN Security Appliances. Highlights. Securing Software Defined Networking (SDN) Architectures. Key Features & Benefits

FortiVoice Enterprise

INDEPENDENT VALIDATION OF FORTINET SOLUTIONS. NSS Labs Real-World Group Tests

Use FortiWeb to Publish Applications

The Fortinet SDN Security Framework

MSSP Advanced Threat Protection Service

Keeping the Store Open: Fighting the Cyber Criminal in the Retail World

Fortinet Secure Wireless LAN

FortiVoice Enterprise

Overview. Where other. Fortinet protects against the fullspectrum. content- and. without sacrificing performance.

High performance security for low-latency networks

WHITE PAPER. Data Center Fabrics. Why the Right Choice is so Important to Your Business

Transforming Your WiFi Network Into A Secure Wireless LAN A FORTINET WHITE PAPER. Fortinet White Paper

Secure Access Architecture

FortiSwitch. Data Center Switches. Highlights. High-performance and resilient managed data center switch. Key Features & Benefits.

SOLUTION GUIDE. Hybrid WAN Solutions with FortiWAN. The cost-effective way to deliver the WAN bandwidth and redundancy your organization demands

Fortinet Partner Program

FortiGate/FortiWiFi 60D Series

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall

FortiGate/FortiWiFi -60C Series Integrated Threat Management for Small Networks

FortiGuard Security Services

FortiGate 100D Series

VMware vcloud Networking and Security Overview

Virtualized Security: The Next Generation of Consolidation

Data Center Network Evolution: Increase the Value of IT in Your Organization

FortiGate/FortiWiFi 90D Series

FortiGate 200D Series

Securing Next Generation Education A FORTINET WHITE PAPER

Purchase and Import a Signed SSL Certificate

Networks that know data center virtualization

FortiAuthenticator TM User Identity Management and Single Sign-On

The Evolution of the Enterprise And Enterprise Security

Protecting the Cloud. Fortinet Technologies and Services that Address Your Cloud Security Challenges WHITE PAPER

SOLUTIONS GUIDE. Secure Wireless LAN Solutions Guide. Complete Wi-Fi Security for Any Network Topology

FortiGate/FortiWiFi -90D Series Enterprise-Grade Protection for Smaller Networks

Load Balancing Microsoft Exchange 2013 with FortiADC

WHITE PAPER. Empowering the MSSP. Part 2: End To End Security Services Ecosystem

Disaster Recovery with Global Server. Load Balancing

Load Balancing Microsoft Exchange 2013 with FortiADC

Place graphic in this box

Unlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

Fabrics that Fit Matching the Network to Today s Data Center Traffic Conditions

WHITE PAPER. Empowering the MSSP. Part 1: Real World Customer Needs

FortiWeb Web Application Firewall. Ensuring Compliance for PCI DSS requirement 6.6 SOLUTION GUIDE

SOLUTION GUIDE. Secure Access Architecture. Enterprise Network Access with Complete Security

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Getting on the Road to SDN. Attacking DMZ Security Issues with Advanced Networking Solutions

Same great products, different brand name

Reasons to Choose the Juniper ON Enterprise Network

VMware vcloud Networking and Security

Fortinet s Partner Programme

FortiAnalyzer VM (VMware) Install Guide

Database Security in Virtualization and Cloud Computing Environments

Copyright 2012 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, and FortiGuard, are registered trademarks of Fortinet, Inc.

Pervasive Security Enabled by Next Generation Monitoring Fabric

Next Steps Toward 10 Gigabit Ethernet Top-of-Rack Networking

WHITE PAPER. Securing ICS Infrastructure for NERC Compliance and beyond

SoLuTIoN guide. CLoud CoMPuTINg ANd ThE CLoud-rEAdy data CENTEr NETWork

IBM PureFlex System. The infrastructure system with integrated expertise

FortiSwitch B and C-Series

FortiGate -3700D High Performance Data Center Firewall

White Paper. Five Steps to Firewall Planning and Design

Software defined networking. Your path to an agile hybrid cloud network

Virtualization Essentials

TIME TO RETHINK SDN AND NFV

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware

Network Function Virtualization Primer. Understanding NFV, Its Benefits, and Its Applications

WHITE PAPER. Empowering the MSSP. Part 3: Monetizing Fortinet s Ecosystem in a Multi-Tenant Cloud Service

REMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION

FortiAP Wireless Access Points

Data Center security trends

FortiDDoS DDoS Attack Mitigation Appliances

How Service Providers Can Seize the SBC as a Service Opportunity

Five Steps For Securing The Data Center: Why Traditional Security May Not Work

Company Overview. Enterprise Cloud Solutions

CLOUD & Managed Security Services

Transcription:

WHITE PAPER Securing the Data Center Advanced Threats Require Advanced Security Bigger Breaches, Higher Stakes In the wake of recent headline-grabbing data breaches, FBI Director James Comey s oft-quoted statement rings especially true: There are two kinds of big companies in the United States. There are those who ve been hacked and those who don t know they ve been hacked. Home Depot, Target, JP Morgan Chase The list goes on, with more breaches reported in 2014 than ever before. 2015 has already seen a major media company suffer serious damages and an insurance giant was the target of the largest breach in US history. Attackers ranged from nation states to unknown cybercriminals; the attacks were varied and sophisticated. Regardless of the attacker, vector, or techniques employed, though, they shared one common thread: ultimately, vast amounts of data were stolen and exfiltrated from one or more data centers. As data center architectures evolve to improve efficiency and take advantage of the latest advances in software-defined networks, virtualization, and hybrid cloud infrastructure, security solutions need to not only keep up but stay ahead of the threat curve. They must also have the performance and throughput characteristics to support the latest data center requirements and anticipated needs in the years to come. CONCERNED BUT NOT PREPARED 90% of CIOs and other top IT professionals across industries said security breaches were their top concern. However, only 21% of the 145 IT decision-makers surveyed said they are truly confident in their system s ability to mitigate the risk of security incidents. 1 TechTarget New Architectures, New Vectors Traditionally, data centers relied on extensive internal routing, physically separated servers, and completely self-contained operation. Architectures were heavily tiered and operational access was necessarily limited to IT. 1. http://searchcio.techtarget.com/feature/cios-beef-up-security-tools-in-wake-of-2014-data-breaches www.fortinet.com 1

WHITE PAPER: SECURING THE DATA CENTER Fast-forward to today, though, and the purpose, operation, architecture and functions of the modern data center have fundamentally changed: nndata center networks are now much flatter to accommodate the shift from client-server applications (socalled north-south traffic) to high volumes of server-toserver, or east-west communication. nnservers, storage, and even networking functions are highly virtualized, making the concept of physically separate servers (and potentially separate security measures) irrelevant. nnbyod, remote access, employee- and customer-facing applications, and DevOps, and SDN have all increased and diversified demands on the data center. nnall of this amounts to a simpler architecture for hackers to compromise once they ve breached the perimeter and a larger attack surface through which they can infiltrate data center resources. New Architectures, More Speed In today s highly virtualized data centers, more workloads running on fewer physical machines are driving requirements for much higher core network speeds. Interconnected cloud architectures also demand greater performance at the network s edge. Add in the move to IPv6 and application- and service-oriented architectures, and data center operators are seeking security hardware that support nnhigh-density 10GbE ports nn40gbe/100gbe nncore high-speed ports network speeds in excess of 100Gbps Building a Secure, Scalable Data Center The rapid evolution of the data center, as well as changing business needs, have resulted in dramatically different security requirements from legacy data center applications. At the same time, data center operators are pushing the envelope on performance. Security, however, cannot take a back seat to performance considerations. 2

Performance and Security Are Not Mutually Exclusive Exceptional performance is critical to the scalability and varied functions of the modern data center. Achieving the necessary throughput (both on the data center LAN and via WAN connections) requires perimeter protection and internal security measures that are fast enough to deeply scan traffic and remediate threats at wire speeds. Where legacy data centers relied on their architecture, perimeter defenses, and a far less complex threat landscape for protection, new data centers must employ extremely highperformance firewalls and move protection closer to their cores to balance security with agility, speed, and scalability. These new devices can be configured with multiple 100GbE ports to physically segment the core network without introducing additional core switching mechanisms. Others employ replaceable modules that let operators choose dense 10GbE ports or scale to 40/100GbE. In all cases, custom ASICs (application-specific integrated circuits), purpose-built for security processing, allow these units to achieve sustained throughput of up to hundreds of gigabits per second while minimizing latency. COTS processors simply can t deliver equivalent throughput while also implementing a variety of next generation firewall functions and operating flexibly in either core or edge deployments. FIGURE 2: The enterprise data center is part of a much larger it ecosystem that must be able to securely access its applications and resources. Best Practices For Data Center Security As noted in the results of a 2013 High-End Firewall Survey below, while the reasons for upgrading data center firewalls are many, the most common reasons relate to performance in high-speed network environments and convergence of security functions. Hardware alone, though, won t deliver the necessary combination of performance and security. As organizations consider new greenfield data centers or look to upgrade existing facilities, several best practices have surfaced that address emerging security threats. Taken together, these best practices, next generation hardware, and robust management ecosystems can avoid bottlenecks while deeply scanning network traffic and ensuring the safety of data and applications. 3

The Security-First Mindset Security cannot be an add-on or an afterthought when architecting data centers. Because of the threats to which data centers are exposed and the high value of the data and applications they house, security must be baked in. This means leveraging high-performance, high-port density next generation firewalls, as well as conducting ongoing vulnerability assessments. Balance Security and Performance The current (and future) threat landscape doesn t mean that data centers should disregard performance considerations in favor of security. Instead, operators need to identify best of breed appliances and the appropriate network architecture to maximize both. Next generation firewalls that can integrate with softwaredefined networks and be as agile as the data centers they are designed to protect can deliver equal measures of performance and security. These appliances should also leverage hardware and software custom-designed for security applications and optimized for performance. Virtualization Awareness While there are many firewalls on the market today, not all are designed to be aware of virtual environments and the nearly instantaneous changes that can occur in highly virtualized networks. Reliance on legacy approaches to routing or a lack of built-in support for software-defined networks and orchestration will leave critical vulnerabilities open in the agile data center. Continuous, Holistic Monitoring Vendors often talk about a single pane of glass approach to management and monitoring. For security applications, though, the ability to continuously monitor all aspects of data center security, from the edge to the core, applications and traffic, and all potential attack vectors is essential. Converge Devices The next generation firewall promised the ability to combine many different security functions in a single device, reducing complexity and simplifying management and deployment. However, as more security features were turned on, performance often suffered, making them less suitable for data center applications. Now, though, appliances with purpose-built ASICs and custom software can deliver converged security with outstanding performance. Build For Multitenancy Modern, highly virtualized data centers must often support multitenancy with the ability to differentiate security policies by user, application, etc. Firewalls that natively support virtual domains (VDOMs) and logical network segmentation give operators highly granular control over the data center network while still retaining flat, performance-optimized architectures. Securing the Edge Isn t Enough Finally, continuing to rely on edge protection for data center networks is no longer sufficient to mitigate advanced threats. Instead, moving protection closer to the core and deploying additional internal firewalls, all under central management and control, ensures nfaster detection and protection nstronger protection from internal threats nhigher performance from a more robust security solution. Conclusion The demands on the modern data center all too often leave operators in a position of favoring performance and agility over security. Throughput at the edge and within the data center core network is of paramount importance with these facilities relying heavily on cloud integrations and virtualization. For many, legacy approaches to security haven t kept up with either performance requirements or, more dangerously, a sophisticated threat landscape that has enterprises under nearly constant attack. The solution is to build security into the data center network that can accommodate powerful threat detection technologies while maximizing throughput and flexibility. Firewalls and converged security protection deployed closer to the core with high degrees of application and virtualization awareness are key to robust data center security. While threat coverage must be a top consideration for the data center itself, operators should also look to the performance of their firewall solutions and expect third-party validation of performance claims. The right security appliances deployed in the right architecture can deliver stellar performance without compromising security. 4

About Fortinet Fortinet is a global leader and innovator in Network Security. Our mission is to deliver the most innovative, highest performing network security platform to secure and simplify your IT infrastructure. We are a provider of network security appliances and security subscription services for carriers, data centers, enterprises, distributed offices and MSSPs. Because of constant innovation in our custom ASICs, hardware systems, network software, management capabilities and security research, we have a large, rapidly growing and highly satisfied customer base, including the majority of the Fortune Global 100, and we continue to set the pace in the Network Security market. Our market position and solution effectiveness has been widely validated by industry analysts, independent testing labs, business organizations, and the media worldwide. Our broad product line of complementary solutions goes beyond Network Security to help secure the extended enterprise. Fortinet FortiGate data center firewalls deliver NSS-Recommended levels of security effectiveness and ten times the performance of equivalently priced solutions in the industry. FortiGate is the best value on the market with exceptional security and throughput at prices within reach of all organizations. For more information about Fortinet and our FortiGate line of data center products, visit www.fortinet.com. GLOBAL HEADQUARTERS Fortinet Inc. 899 Kifer Road Sunnyvale, CA 94086 United States Tel: +1.408.235.7700 www.fortinet.com/sales EMEA SALES OFFICE 120 rue Albert Caquot 06560, Sophia Antipolis, France Tel: +33.4.8987.0510 APAC SALES OFFICE 300 Beach Road 20-01 The Concourse Singapore 199555 Tel: +65.6513.3730 LATIN AMERICA SALES OFFICE Paseo de la Reforma 412 piso 16 Col. Juarez C.P. 06600 México D.F. Tel: 011-52-(55) 5524-8428 Copyright 2015 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information