Barracuda - AG France IX - Juin-2011


Published on

Presentation done by Barracuda Networks, one of the sponsors of France IX's general assembly in Paris on the 30th of June, 2011.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Barracuda - AG France IX - Juin-2011

  1. 1. Barracuda Networks World War Web – juin 2011Stéphane Castagné / Sébastien Braun
  2. 2. AgendaBarracuda Networks.Un brin dhistoire.Simplifier lIT avec un arc ! Administration centralisée Redondance des liens WAN Contrôle au niveau applicatif.
  3. 3. « Fournisseur de solutions sécurité IP »- Création 2003 – HQ Californie – 800 Personnes.- 145 000 Clients monde.- Mission : Simplifier ladministration et la gestion IT- Environnements (Appliances, VM et Cloud)- Protection des accès, des applications et des données.
  4. 4. Solution globalede sécurité IPAccésApplicationsDonnées
  5. 5. Clients France
  6. 6. Un brin dhistoire …Le client :Lun des plus grands data center du secteur bancaire autrichien.Le Challenge:650 firewallsIndustrialisation du déploiement ?2 administrateurs dédiés !LincubationLe Résultat:Technologie NG FirewallUn design conçu pour la sécurité distribuée
  7. 7. Une page blanche ... UTM UTM + P2P Blocker 2005 + P2P Blocker + WAN optimizer UTM + P2P Blocker + WAN optimizer + NACSPI Firewall + IPS/IDS+ Anti-Virus+ Web Filter UTM MGMT ? + P2P Blocker + WAN optimizer SPI Firewall +NAC + IPS/IDS + Link balancer + Anti-Virus UTM 1990 + P2P Blocker + WAN optimizer SPI Firewall + NAC + IPS/IDS 2010: NG Firewall + Link balancer SPI Firewall + Application control
  8. 8. Centralized Management
  9. 9. Crayonner des tunnels VPNCréation rapide de VPNpar drag & dropTemplate pour les architecturesfully meshed ou hub & spokeSimplifie le management des VPN
  10. 10. Architecture WAN Cloud Publichétérogène • Cloud Privé Resilient Site-2-Site Connections HQ- LAN HQ-LAN Branch Offices Road warriors
  11. 11. Redondance des liens WANIntelligent Traffic Management•Application-based •Per User and/or Group•For Encrypted and Unencrypted Traffic •Per Source and Destination •Time of day, weekday, date DSL Internet: 50% Email 50% MPLS VoIP before Business 70% VoIP before Business 100% Internet 10% Email 20% Routing Routing 3G VoIP before Business 80% VPN Tunnel Internet 5% VPN Tunnel Branch Office Headquarters Email 15%
  12. 12. Contrôle au niveau applicatif Layer 7 Application Control + NG plain HTTP Firewall bittorrent + Plus de 800 applications détectées: Peer-to-Peer (P2P), Instant Messaging (IM), Standard Protocols, Voice over IP (VoIP), Streaming Protocols, Tunnel Protocols, Gaming Protocols, Business Protocols, Mobile Internet Protocols
  13. 13. Illustration du contrôle au niveau applicatifQue fait réellement cet utilisateur interdireNous pouvons maintenant ajuster le politique de sécurité… limiter
  14. 14. Trois points clefs Larchitecture Firewall NG simplifie lIT en intégrant dansson administration centralisée lensemble desfonctionnalités dun Firewall Next Generation :Une redondance des liens WAN grâce à lADSL et/ou la3G [Traffic Intelligence] le contrôle au niveau applicatif. … Noubliez pas larc dans vos architectures !
  15. 15. Firmware 5.2Web Filter•–Barracuda Web Filter Engine–Included with EU -> Best value in NG Firewall marketIPS•– Included with EU -> Best value in NG Firewall marketGeoMaps in CC•–no extra cost–unique in NG Firewall marketDC Agent (5.2.1)•– Enables clientless user <-> IP recognition
  16. 16. Geo Maps in Control Center (any CC and any MC)
  17. 17. Website: all specs and sizing information
  18. 18. Datasheet: -> On Website
  19. 19. Barracuda NG Firewall Introduction“Next generation” firewall: Industry-leading centralized●Layer 7 application profiling management:●Identity aware networking ●Scalable and fault tolerant central management●Dynamic Application Control Monitoring ●Template-based management●Network access control ●Distributed Firewall●Intrusion Detection and Prevention ●Multi-tenancy●Integrated Content Filter (Malware Protection, ●Compliance and Revision Control SystemWeb filter, Secure Web Proxy) ●Effective troubleshooting●Integrated Web Cache Proxy●Infrastructure and Application Proxies:DHCP, FTP, SSH, DNS, SMTP, POP3●Enterprise-class Firewall and next generationVPN with customizable encryption●Integrated SSL VPN●Traffic Shaping and Quality of Service (QoS)●Multiple uplink support
  20. 20. Q&A
  21. 21. Merci !!!
  22. 22. Where does the Barracuda NG Firewall come from?Result of acquisition of phion AG−Public European NG Firewall company−Company HQ in Innsbruck, Austria−10+ years experience in space−1,000+ Enterprise customers−15,000+ deployed appliances(4,589 shipped in 2009)−100,000+ licensed VPN users
  23. 23. The Paradigm of Next Generation Firewalls “Traditional“ Network Firewall Next Generation Firewall
  24. 24. Why do we need “another firewall“ ? “Traditional“ Network Firewall Next Generation Firewall + Integrated Content Security
  25. 25. Distributed Secure Web Access + Integrated Content Security for distributed environments Caching / HTTPS Malware FTP NTP Proxy POP3 HTTP Proxy Web filter Forwarding SMTP Proxy Proxy Protection Gateway Service Gateway DNS
  26. 26. Network Access Control + Network access control for distributed environments Connection Endpoint Policy Guest 802.1x Identity Context Clientless Easy of Use aware protection Enforcement Networking support Aware Aware
  27. 27. Why do we need “another firewall“ ? “Traditional“ Network Firewall Next Generation Firewall + Integrated Content + Network access control + Intelligent Traffic Management
  28. 28. Intelligent Traffic Management + Intelligent Traffic Management for distributed Environments Easy High Secure Visualization Intelligence Multiple Prioritizatio Link- Graphical Application VPN through Traffic Connection n & Load Compression Tunnel Aware Technology NG Earth Manager Handling QoS Balancing Interface
  29. 29. Why do we need another firewall ? “Traditional“ Network Firewall Next Generation Firewall + Integrated Content Security + Network access control
  30. 30. Why do we need “another firewall“ ? “Traditional“ Network Firewall Next Generation Firewall + Integrated Content + Network access control + Intelligent Traffic Management + Scalability and Manageability
  31. 31. Industry leading centralized management + Scalability and Manageability Template Superior Role based Multi Central Central log and device Revision PKI 100% Powerful Multi User Tenancy Statistic and event based Control Service Lifecycle Visualization Aware support Collection processing design System
  32. 32. Why do we need “another firewall“ ? “Traditional“ Network Firewall Next Generation Firewall + Integrated Content + Network access control + Intelligent Traffic Management + Scalability and Manageability = The Next Generation Firewall designed for Distributed Environments
  33. 33. Barracuda NG Firewall key value propositionsReduce the number of deployed point solutions–One product family with one management framework covering multiple topics–Reduce maintenance cost and simplify management lifecycle
  34. 34. Barracuda NG Firewall key value propositionsSaving time and money for troubleshooting–Determine issue with 2-3 mouse clicks–Unique 5-tier information architecture (live, history, events, accounting, audit trail)–Real-time firewall monitoring without performance degradation
  35. 35. Barracuda NG Firewall key value propositions•Reduce line costs without adverse side effects–By aggregating bandwidth from MPLS and cheaper alternatives–3G broadband as a cheap backup line–Detect and reduce bandwidth hogging through covert Layer 7 traffic (P2P, IM,etc.)
  36. 36. Barracuda NG Firewall key value propositions•Not every administrator has to be an expert–Have multiple administrators work on the firewall simultaneously with clear cutcustom roles (comprising up to 90 attributes)–A flexible administration concept supports joint administration in an outsourcedenvironment without the danger of compromising SLAs
  37. 37. Sample Reference CustomersEADS (HQ, IST, LFK, Defense Sys)Aerospace and DefenseRAS, VPN-Site-2-Site, FirewallsRHIMarket leader fireproof materials130 VPN/FW GatewaysKonica Minolta EuropeVPN/FW GatewaysSchenker GermanyLogistics and Transportation200 VPN/Firewall GatewaysGerman PostbankBank branch office security2900 VPN/FW Gateways
  38. 38. The Barracuda NG Firewall Concept + Adaptive WAN Routing, Click to edit the  + Bandwidth Control + Remote Access Concept outline text format + Scalability + Application Profiling Second Outline Level + User Awareness Third OutlineNetwork WAN Level Ports Performance Protocols Fourth Outline Level Enhancement Packets Application Control ID AwareFifth Outline savings Network cost Level Sixth Outline Level cost savings network firewall NG firewall Seventh Outline Level Eighth Outline Level Barracuda NG firewall
  39. 39. Barracuda NG Firewall Product Line-Up F900 10Gbps F800 F600 F400 1 Gbps F300 F20xFirewall Perform F10x F10 POS small remote remote Small/medium Large Large HQ and SOHO office office HQ HQ Datacenters
  40. 40. Comprehensive Feature Integration
  41. 41. Cost Effective Central ManagementCentral management ofALL functions FW, VPN. SSL VPN, web security, antispam, application control ….everything Underlying OS PatchesMulti-adminMulti-tenant
  42. 42. Management Views – Barracuda NG Earth Are you also tired of endless „flat“ status listings?
  43. 43. Barracuda NG Control Center AppliancesC400 Standard Edition C610 Enterprise Edition (1 Group, UL Boxes) (UL Groups, UL Boxen)Barracuda NG Control Center Vx AppliancesVC400 Standard EditionVC610 Enterprise EditionVC820 Global Edition
  44. 44. ding edge biotech company ensures security and availability ofof a trans-Atlantic WAN with the Barracuda NG Firewallading edge biotech company ensures security and availability a transcontinental WAN with the Barracuda NG Firewa Reference Customer: Micromet, Inc. Micromet , Inc. Facts and Figures: public company, NASDAQ (MITI)  phion customer since 2006  Gateways, clients and CC standard edition deployed on two continents “Leading edge biotech company ensures security and availability of a trans-Atlantic WAN with the Barracuda NG Firewall.”
  45. 45. Reference customer: Micromet, Inc. 50 road warriors“…the Barracuda NGFirewall appliances are thedependable backbone ofour network. Admins nolonger have to get up atnight and worry aboutbroken IPSec tunnels. “ One centrally managed solution: • Firewall + local Web AccessMr. Werner Jacobs, Dir IT • Site-2-site & Client VPN,Administration