Fortifying Network Security with

a Defense In Depth Strategy

Mihajlo Prerad,Regional Sales ManagerNorthern and Eastern Europe

What happens today?

fixed network MOBILE

physical VIRTUAL

local CLOUD

servers

services

BYOD = Bring Your Own Disaster

2164 Data breach

incidents

822 MILLIONDATA RECORDS STOLEN IN 2013

60% HACKING

96.8% EXTERNAL

=

Billion $388

Time $274=

Cash $114

Cost of cyber crime in 2012

* direct costs

* indirect costs

Factors in calculation of financial loss from security breaches/intrusions

52%

35%

34%

31%

27%

Legal defense services

Loss of customer business

Consulting and Audit services

Deployment of security tools

Damage to brand

26%Court settlements

Security is

investment,

not expense.

Information Governance Core Disciplines: Security and Privacy

Locate where

sensitive data

Classify &

Define data

types

Set policies

& metrics

Protect data

access

Organize

unstructured

data

De-identify

confidential

data

Compliance

SLA & QoS

Assess vulnerabilities

Detect

intrusions

Understand &

DefineSecure & Protect Monitor & Audit

Who? (source and destination)

Critical information

What? (IP protocol and port numbers)

When? (time when the flow was observed)

Where? (input interface)

How? (type of service)

ESX Stack

Hypervisor

PhantomMonitor™

V Switch

vm 1 Vm 2 Vm 3

Web Security Protocol

Analysis Database

Security

VoIP

Network

Performance

IDS/IPSForensics

ESX Stack

Hypervisor

PhantomMonitor™

V Switch

vm 1 Vm 2 Vm 3

Web Security

IDS/IPS

Protocol

Analysis Database

Security

VoIP

Network

Performance

ESX Stack

Hypervisor

PhantomMonitor™

V Switch

vm 1 Vm 2 Vm 3

Director

Aggregation

Visibility Architecture

Advanced Packet Distribution

Aggregation and regeneration

Intelligent Filtering

Bypass switching (inline)

Packet Slicing & DeDuplication

Total Network Visibility

Forensics

Traditional access methods don‘t work!

1. Degrading performance of network

2. Dropping important packets

3. Needs to be configured (time loss)

4. Mixing source/destination information

5. Limitations with sessions

6. Compliance issues

SwitchSwitch

1. Potential single point of failure

2. Expensive 1-tool-1-link deployment

3. Relocating means link downtime

SPAN port:

Inline:

Switch

Use Network TAP instead of SPAN

Benefits

• Full-duplex access with zero impact on

network traffic around the clock

• 100% visibility to link traffic for security

and network monitoring tools

• Plug-and-play — no configuration required

• Permanent access: no need to break the

link each time you need to remove tool

• Forwards important L1 and L2 errors

• Dual power supplies: keeps the network

link up and running in case of power failure

Firewall

Analyzer

Switch

Protect inline deployments with Bypass Switch

Benefits

• Protects the network from IPS link,

application, and power outages

• SNMP (v2c, v3) traps indicate status

changes for system, link, power, and

threshold

• Intelligent Heartbeat packets:

continuous check of IPS health!

• Removes link downtime: ensures

traffic flow when appliance is offline

• RMON statistics and LCD display

• Redundant power supplies

SwitchFirewall

IPS

Switch

Ne

two

rkN

etw

ork

Vis

ibilit

y

Branch

Campus

CoreData Center

Network Taps

Network Packet Brokers

Aggregation FilteringFlow Linking Regeneration Load Balancing

Deduplication Time StampingBurst Protection Header Stripping

File SecurityManagement

Web SecurityCustomer

Experience

Cloud

Cost saving:• Reducing CAPEX/OPEX by using fewer tools

Benefits

User satisfaction:

• No network/link downtime

Simplicity:• Centralized monitoring of many network

segments and different types of traffic

Scalability• Any tool – any time

Security:

• No packets dropped – 100% visibility

The MOST TRUSTED names

in networking

Service Providers trust IXIA to: Improve and speed service delivery

Speed roll out of next gen services

Improve network and application

visibility and performance

Equipment Manufacturers trust IXIA to: Develop next generation devices

Speed time to market

Improve performance and reliability

Enterprises trust IXIA to: Assess vendor equipment and

applications

Improve network security posture

Improve network and application

visibility and performance

Chip Fabricators trust IXIA to: Validate protocol conformance

Speed time to market

trust

Test

Secu

rity V

isib

ilit

y

Thank You!

mihajlo.prerad@np-channel.com

+43 664 831 6674

www.ixiacom.com www.np-channel.com

www.network-taps.eu

Mihajlo PreradRegional Sales Manager