Fortifying Network Security with a Defense In Depth Strategy - IDC Romania preso
-
Upload
network-performance-channel-gmbh -
Category
Technology
-
view
155 -
download
2
description
Transcript of Fortifying Network Security with a Defense In Depth Strategy - IDC Romania preso
Fortifying Network Security with
a Defense In Depth Strategy
Mihajlo Prerad,Regional Sales ManagerNorthern and Eastern Europe
What happens today?
fixed network MOBILE
physical VIRTUAL
local CLOUD
servers
services
BYOD = Bring Your Own Disaster
2164 Data breach
incidents
822 MILLIONDATA RECORDS STOLEN IN 2013
60% HACKING
96.8% EXTERNAL
=
Billion $388
Time $274=
Cash $114
Cost of cyber crime in 2012
* direct costs
* indirect costs
Factors in calculation of financial loss from security breaches/intrusions
52%
35%
34%
31%
27%
Legal defense services
Loss of customer business
Consulting and Audit services
Deployment of security tools
Damage to brand
26%Court settlements
Security is
investment,
not expense.
Information Governance Core Disciplines: Security and Privacy
Locate where
sensitive data
Classify &
Define data
types
Set policies
& metrics
Protect data
access
Organize
unstructured
data
De-identify
confidential
data
Compliance
SLA & QoS
Assess vulnerabilities
Detect
intrusions
Understand &
DefineSecure & Protect Monitor & Audit
Who? (source and destination)
Critical information
What? (IP protocol and port numbers)
When? (time when the flow was observed)
Where? (input interface)
How? (type of service)
ESX Stack
Hypervisor
PhantomMonitor™
V Switch
vm 1 Vm 2 Vm 3
Web Security Protocol
Analysis Database
Security
VoIP
Network
Performance
IDS/IPSForensics
ESX Stack
Hypervisor
PhantomMonitor™
V Switch
vm 1 Vm 2 Vm 3
Web Security
IDS/IPS
Protocol
Analysis Database
Security
VoIP
Network
Performance
ESX Stack
Hypervisor
PhantomMonitor™
V Switch
vm 1 Vm 2 Vm 3
Director
Aggregation
Visibility Architecture
Advanced Packet Distribution
Aggregation and regeneration
Intelligent Filtering
Bypass switching (inline)
Packet Slicing & DeDuplication
Total Network Visibility
Forensics
Traditional access methods don‘t work!
1. Degrading performance of network
2. Dropping important packets
3. Needs to be configured (time loss)
4. Mixing source/destination information
5. Limitations with sessions
6. Compliance issues
SwitchSwitch
1. Potential single point of failure
2. Expensive 1-tool-1-link deployment
3. Relocating means link downtime
SPAN port:
Inline:
Switch
Use Network TAP instead of SPAN
Benefits
• Full-duplex access with zero impact on
network traffic around the clock
• 100% visibility to link traffic for security
and network monitoring tools
• Plug-and-play — no configuration required
• Permanent access: no need to break the
link each time you need to remove tool
• Forwards important L1 and L2 errors
• Dual power supplies: keeps the network
link up and running in case of power failure
Firewall
Analyzer
Switch
Protect inline deployments with Bypass Switch
Benefits
• Protects the network from IPS link,
application, and power outages
• SNMP (v2c, v3) traps indicate status
changes for system, link, power, and
threshold
• Intelligent Heartbeat packets:
continuous check of IPS health!
• Removes link downtime: ensures
traffic flow when appliance is offline
• RMON statistics and LCD display
• Redundant power supplies
SwitchFirewall
IPS
Switch
Ne
two
rkN
etw
ork
Vis
ibilit
y
Branch
Campus
CoreData Center
Network Taps
Network Packet Brokers
Aggregation FilteringFlow Linking Regeneration Load Balancing
Deduplication Time StampingBurst Protection Header Stripping
File SecurityManagement
Web SecurityCustomer
Experience
Cloud
Cost saving:• Reducing CAPEX/OPEX by using fewer tools
Benefits
User satisfaction:
• No network/link downtime
Simplicity:• Centralized monitoring of many network
segments and different types of traffic
Scalability• Any tool – any time
Security:
• No packets dropped – 100% visibility
The MOST TRUSTED names
in networking
Service Providers trust IXIA to: Improve and speed service delivery
Speed roll out of next gen services
Improve network and application
visibility and performance
Equipment Manufacturers trust IXIA to: Develop next generation devices
Speed time to market
Improve performance and reliability
Enterprises trust IXIA to: Assess vendor equipment and
applications
Improve network security posture
Improve network and application
visibility and performance
Chip Fabricators trust IXIA to: Validate protocol conformance
Speed time to market
trust
Test
Secu
rity V
isib
ilit
y
Thank You!
+43 664 831 6674
www.ixiacom.com www.np-channel.com
www.network-taps.eu
Mihajlo PreradRegional Sales Manager