Fortifying Network Security with a Defense In Depth Strategy - IDC Romania preso

462 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
462
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
11
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Fortifying Network Security with a Defense In Depth Strategy - IDC Romania preso

  1. 1. Fortifying Network Security with a Defense In Depth Strategy Mihajlo Prerad, Regional Sales Manager Northern and Eastern Europe
  2. 2. What happens today? fixed network MOBILE physical VIRTUAL local CLOUD servers services BYOD = Bring Your Own Disaster
  3. 3. 2164 Data breach incidents 822 MILLIONDATA RECORDS STOLEN IN 2013 60% HACKING 96.8% EXTERNAL
  4. 4. = Billion $388 Time $274= Cash $114 Cost of cyber crime in 2012 * direct costs * indirect costs
  5. 5. Factors in calculation of financial loss from security breaches/intrusions 52% 35% 34% 31% 27% Legal defense services Loss of customer business Consulting and Audit services Deployment of security tools Damage to brand 26%Court settlements
  6. 6. Security is investment, not expense.
  7. 7. Information Governance Core Disciplines: Security and Privacy  Locate where sensitive data  Classify & Define data types  Set policies & metrics  Protect data access  Organize unstructured data  De-identify confidential data  Compliance  SLA & QoS  Assess vulnerabilities  Detect intrusions Understand & Define Secure & Protect Monitor & Audit
  8. 8. Who? (source and destination) Critical information What? (IP protocol and port numbers) When? (time when the flow was observed) Where? (input interface) How? (type of service)
  9. 9. ESX Stack Hypervisor Phantom Monitor™ V Switch vm 1 Vm 2 Vm 3 Web Security Protocol Analysis Database Security VoIP Network Performance IDS/IPSForensics
  10. 10. ESX Stack Hypervisor Phantom Monitor™ V Switch vm 1 Vm 2 Vm 3 Web Security IDS/IPS Protocol Analysis Database Security VoIP Network Performance ESX Stack Hypervisor Phantom Monitor™ V Switch vm 1 Vm 2 Vm 3 Director Aggregation Visibility Architecture Advanced Packet Distribution Aggregation and regeneration Intelligent Filtering Bypass switching (inline) Packet Slicing & DeDuplication Total Network Visibility Forensics
  11. 11. Traditional access methods don‘t work! 1. Degrading performance of network 2. Dropping important packets 3. Needs to be configured (time loss) 4. Mixing source/destination information 5. Limitations with sessions 6. Compliance issues SwitchSwitch 1. Potential single point of failure 2. Expensive 1-tool-1-link deployment 3. Relocating means link downtime SPAN port: Inline:
  12. 12. Switch Use Network TAP instead of SPAN Benefits • Full-duplex access with zero impact on network traffic around the clock • 100% visibility to link traffic for security and network monitoring tools • Plug-and-play — no configuration required • Permanent access: no need to break the link each time you need to remove tool • Forwards important L1 and L2 errors • Dual power supplies: keeps the network link up and running in case of power failure Firewall Analyzer Switch
  13. 13. Protect inline deployments with Bypass Switch Benefits • Protects the network from IPS link, application, and power outages • SNMP (v2c, v3) traps indicate status changes for system, link, power, and threshold • Intelligent Heartbeat packets: continuous check of IPS health! • Removes link downtime: ensures traffic flow when appliance is offline • RMON statistics and LCD display • Redundant power supplies SwitchFirewall IPS Switch
  14. 14. NetworkNetworkVisibility Branch Campus Core Data Center Network Taps Network Packet Brokers Aggregation FilteringFlow Linking Regeneration Load Balancing Deduplication Time StampingBurst Protection Header Stripping File Security Management Web Security Customer Experience Cloud
  15. 15. Cost saving: • Reducing CAPEX/OPEX by using fewer tools Benefits User satisfaction: • No network/link downtime Simplicity: • Centralized monitoring of many network segments and different types of traffic Scalability • Any tool – any time Security: • No packets dropped – 100% visibility
  16. 16. The MOST TRUSTED names in networking Service Providers trust IXIA to:  Improve and speed service delivery  Speed roll out of next gen services  Improve network and application visibility and performance Equipment Manufacturers trust IXIA to:  Develop next generation devices  Speed time to market  Improve performance and reliability Enterprises trust IXIA to:  Assess vendor equipment and applications  Improve network security posture  Improve network and application visibility and performance Chip Fabricators trust IXIA to:  Validate protocol conformance  Speed time to market trust Test Security Visibility
  17. 17. Thank You! mihajlo.prerad@np-channel.com +43 664 831 6674 www.ixiacom.com www.np-channel.com www.network-taps.eu Mihajlo Prerad Regional Sales Manager

×