Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
What to Upload to SlideShare
What to Upload to SlideShare
Loading in …3
×
1 of 35

SD-WAN plus cloud security

5

Share

Adopting an SD-WAN solution is the best option that network organizations have to respond to a range of requirements such as lowering cost, increasing availability and providing high quality user experiences. However, network organizations are also under pressure to deliver best-of-breed security and in virtually all instances, adopting an SD-WAN solution results in implementing Direct Internet Access (DIA) which is challenging to secure using security appliances.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

SD-WAN plus cloud security

  1. 1. ©2018 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION0 ©2018 Zscaler, Inc. All rights reserved. SD-WAN plus Cloud Security Stack für optimale Zweigstellen-Anbindung Schneller Internet-Zugang für jede Zweigstelle braucht einen Cloud Security Stack mit Firewall Nils Ullmann – Solutions Architect, Central Europe – nullmann@zscaler.com Jürgen Strapko – Regional Sales Manager – jstrapko@zscaler.com
  2. 2. Housekeeping • Type your questions into the chat box in the WebEx panel • More questions? We’ll try to get to all questions during the Q&A session. If we do not get to your question, we’ll make sure to follow up afterwards • Technical issues? Email us at webcast@zscaler.com • Your Feedback? At the end of the webcast – please let us know how we did!
  3. 3. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION2 Our Mission Empower organizations to realize the full potential of the cloud and mobility by securely connecting users to applications from any device, anywhere
  4. 4. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION3 New leaders are born when megashifts take place Data center and hardware Applications in the data center On-Premise security
  5. 5. ©2017 Zscaler, Inc. All rights reserved.4 How, when, and where we work is changing
  6. 6. ©2018 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION5 Source: Riverbed, SkyHigh Networks, Right-Scale, Cisco CLOUD TRANSFORMATION IS HAPPENING 79% of workloads now run in the cloud 80% of Employees Use Shadow Cloud Applications 98% of IT decision makers say next-gen networks are required 320% Increase in O365 Enterprise Adoption
  7. 7. ©2017 Zscaler, Inc. All rights reserved.6 ©2017 Zscaler, Inc. All rights reserved.6 A quick recap of networking history
  8. 8. ©2017 Zscaler, Inc. All rights reserved.7 1990’s private WANs MPLS Remote and Branch Office Remote and Branch OfficeRegional Hub and Campus Data Center
  9. 9. ©2017 Zscaler, Inc. All rights reserved.8 App. teams Disaster Recovery Site Private WAN Remote and Branch Office Remote and Branch OfficeRegional Hub and Campus Data Center 2000’s
  10. 10. ©2017 Zscaler, Inc. All rights reserved.9 2010’s App. teams IT Ops Disaster Recovery Site Private WAN Remote and Branch Office Remote and Branch OfficeRegional Hub and Campus Data Center
  11. 11. ©2017 Zscaler, Inc. All rights reserved.10 ©2017 Zscaler, Inc. All rights reserved.10 … and now SD-WAN
  12. 12. ©2017 Zscaler, Inc. All rights reserved.11 2010’s App. teams IT Ops Disaster Recovery Site Private WAN Remote and Branch Office Remote and Branch OfficeRegional Hub and Campus Data Center
  13. 13. ©2017 Zscaler, Inc. All rights reserved.12 Bandwidth Problems Everywhere Global Dev Ops Disaster Recovery Site MPLS Remote and Branch OfficeRegional Hub and Campus Data Center Regional Hub and Campus Internet
  14. 14. ©2017 Zscaler, Inc. All rights reserved.13 Add More Links Global Dev Ops Disaster Recovery Site MPLS Remote and Branch OfficeRegional Hub and Campus Data Center Regional Hub and Campus Internet
  15. 15. ©2017 Zscaler, Inc. All rights reserved.14 MPLS + Local Internet = Overlay Global Dev Ops Disaster Recovery Site MPLS Remote and Branch OfficeRegional Hub and Campus Data Center Regional Hub and Campus Internet
  16. 16. ©2017 Zscaler, Inc. All rights reserved.15 MPLS Remote and Branch Office Data Center Internet Let’s dig into the details
  17. 17. ©2017 Zscaler, Inc. All rights reserved.16 Remote & Branch Offices Data Centers Internet MPLS CE RouterPE RouterUnderlay - Network BGP (OSPF) OSPF (BGP) The Details
  18. 18. ©2017 Zscaler, Inc. All rights reserved.17 ©2017 Zscaler, Inc. All rights reserved.17 What about Security …
  19. 19. ©2017 Zscaler, Inc. All rights reserved.18 Global Dev Ops Disaster Recovery Site MPLS Remote and Branch OfficeRegional Hub and Campus Data Center Regional Hub and Campus Internet SD-WAN – No Change in Security and not in Internet Performance
  20. 20. ©2017 Zscaler, Inc. All rights reserved.19 UTM Firewall Restricted Network Non-Compliant users Remediation Servers Firewall Web Scanners NAC/NAP Security Policy SIEM Servers Threat Analysis Security Management Network Data Center File Servers Mainframe DatabaseExchange Servers Domain Servers Firewall DLP Storage Public Key Infrastructure Keys Certificate Authority UTM Firewall LDAP Management Console Wireless Access DLP UTM Firewall Wi-Fi Network IPS Mobile User UTM Firewall Enterprise Users DC/ DNS Exchange DHCP AV, Anti Malware Remote Access UTM Firewall Remote Access Gateway CORPORATE NETWORK DLP Router Regional Office VPN Mobile Device Management DNS Exchange VPN FtpWeb Users Internet Router Outside Firewall Web Server Email Server WAF Inside Firewall SwitchSwitch IDS / IPOS UTM Firewall DLP Analytics / SIEM Networking Security Compute Data Center
  21. 21. ©2017 Zscaler, Inc. All rights reserved.20 SD-WAN + local UTMs Global Dev Ops Disaster Recovery Site MPLS Remote and Branch OfficeRegional Hub and Campus Data Center Regional Hub and Campus Internet
  22. 22. ©2017 Zscaler, Inc. All rights reserved.21 Every Appliance Vendor’s Dream Expensive to Deploy Security CompromisesComplex to Manage New York Management Platform Logging & Reporting Identity Management Server Additional Requirements
  23. 23. ©2017 Zscaler, Inc. All rights reserved.22 ©2017 Zscaler, Inc. All rights reserved. Zscaler™, SHIFT™, Direct-to-Cloud™ and ZPA™ are trademarks or registered trademarks of Zscaler, Inc. in the United States and/or other countries. All other trademarks are the property of their respective owners. There’s a better way: Cloud Firewall ✔
  24. 24. ©2017 Zscaler, Inc. All rights reserved.23 ©2017 Zscaler, Inc. All rights reserved.23 SD-WAN + Zscaler = Perfect fit
  25. 25. ©2017 Zscaler, Inc. All rights reserved.24 Zscaler’s Security Architecture built for Performance SECURE ALL PORTS & PROTOCOLS MULTIPLE PROPRIETARY INSPECTION METHODS ADVANCED THREAT PROTECTION Behavioral Analysis Sandbox Dynamic Content Classification Page Risk Index Anti-Malware XSS Protection CVE Protection URL Filtering Proxy (SSL) Block Lists File Type Control DNS Filtering Cloud FW (NGFW) Browser Control 45 Billion Requests per Day Full Inline and SSL inspection 60+ INDUSTRY THREAT FEEDS Threat sharing partnerships, commercial deals, open source, private working groups. FULL INLINE CONTENT INSPECTION All bytes, all ports, all protocols, including SSL – no compromises. REAL-TIME THREAT CORRELATION Dynamically computes the risk of every page object using content and domain analysis. CLOUD INTELLIGENCE 125M+ threats blocked daily. Once detected, immediately blocked for all users. 120K+ unique security updates a day.
  26. 26. ©2017 Zscaler, Inc. All rights reserved.25 Extensive Cloud Security Platform: Born in the cloud for the cloud Differentiated IP with 100+ broad and deep issued and pending patents Extensible through API for layering of additional services by Zscaler and partners Built as proxy-based platform that enables full inspection Access Control Cloud Firewall URL Filtering Bandwidth Control DNS Filtering Threat Prevention Advanced Protection Cloud Sandbox Anti-Virus DNS Security Data Protection Data Loss Protection Cloud App Controls File Type Controls Access Controls User to App App Micro Segmentation Device Posture App Security Invisible Apps DDoS Prevention Private Certificates Visibility App Discovery App Monitoring User Monitoring Zscaler Internet Access Externally Managed Apps Zscaler Private Access Internally Managed Apps Zscaler Multitenant Cloud Security Platform
  27. 27. ©2017 Zscaler, Inc. All rights reserved.26 Zscaler peers with Office 365 in major DCs Denver Toronto New York Paris London Amsterdam Brussels Stockholm Moscow Mumbai Singapore SydneyCape Town Madrid Riyadh Johannesburg San Francisco Atlanta Dallas Frankfurt Sao Paulo Lagos Kuala Lumpur Tel Aviv Washington DC Chicago Los Angeles Copenhagen Melbourne Milan Hong Kong Taipei Zurich Chennai Tianjin Tokyo Doha Dubai Abu Dhabi Miami Jeddah Al Khobar Warsaw Seattle Oslo Shanghai 45B+ Requests processed/day 100M+ Threats blocked/day 120K+ Unique security updates/day 100 data centers across 6 continents Secure Ongoing third- party testing CertifiedReliable Redundancy within and failover across DCs Transparent Trust portal for service availability monitoring Egress O365 close to user Avoid network hairpins Internet Peering across 150 Vendors O365 Peering Data Center Deliver a fast connection regardless of location! 4 Peta Bytes per Month!
  28. 28. ©2017 Zscaler, Inc. All rights reserved.27 New York Zscaler enables secure local Internet breakouts without appliances Eliminate Appliances No Security CompromisesSingle Management Console New York Management Platform Logging & Reporting Identity Management Server Additional Requirements Global visibility - cloud apps and usage Identify botnet-infected machines that need to be remediated SLA backed session-by-session logs for 6 months with no rollovers Real-life analytics – Actionable info You retain full control – policy and admin Policies by user, locations, AD groups Follow-the-user policy for the same protection at any location, any device Global real-time policy engine
  29. 29. ©2017 Zscaler, Inc. All rights reserved.28 SD-WAN + Cloud Security Global Dev Ops Disaster Recovery Site MPLS Remote and Branch OfficeRegional Hub and Campus Data Center Regional Hub and Campus Internet
  30. 30. ©2017 Zscaler, Inc. All rights reserved.29 SD-WAN + Zscaler Global Dev Ops Disaster Recovery Site MPLS Remote and Branch OfficeRegional Hub and Campus Data Center Regional Hub and Campus Internet
  31. 31. ©2017 Zscaler, Inc. All rights reserved.30 Perfect Fit Global Dev Ops Disaster Recovery Site MPLS Remote and Branch OfficeRegional Hub and Campus Data Center Regional Hub and Campus Internet
  32. 32. ©2017 Zscaler, Inc. All rights reserved.31 Why Cloud Firewall? On-Premise NGFW/UTM Appliances vs. Zscaler Cloud Firewall Security Policy Only Enforced On-Premise or via VPN Short Logs, Multiple Log Sources = Difficult Correlation Supersized Appliances or Refresh Required for Traffic Growth Limited Inspection Capabilities Inspects Only First 200-500kB SSL requires additional hardware Not Designed for Frequent Updates or to Manage Policy for Models with Different Features/Capacities On-Premise Security Infrastructure Global Unified Access and Security Service To this.. Anywhere Policy Enforcement Full Log Analysis – Single Pane of Glass Scales Elastically No hardware or software Inspects ALL Traffic, Including Native SSL Inspection 120K Unique Security Updates Daily From this.. HQ/IOT All BRANCHESAll BRANCHES
  33. 33. ©2017 Zscaler, Inc. All rights reserved.32 ©2018 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION32 A three-step journey to secure IT transformation: Land & Expand Enable local Internet breakouts (SD-WAN) Enable direct access to internal apps Security + User Experience + ROI SIMPLIFY Remove multiple point products SaaS Open internet Private cloud / Data center Public cloud SECURE Up-level security Replace proxy or VPN in days Little infrastructure change Enhance Security SaaS Open internet Private cloud / Data center Public cloud TRANSFORM Cloud-enable hybrid network, app access Open internet SaaS Public cloud Private cloud / Data center Reduces sale cycles and accelerates deployments Phase out gateway appliances Outbound or inbound gateway Reduce cost and complexity
  34. 34. ©2017 Zscaler, Inc. All rights reserved.33 Thank You - Questions Mehr über Zscaler für die Zweigstellen-Transformation Branch Transformation – deutsche Webseite https://info.zscaler.com/Branch-Transformation-Campaign_Branch-transformation-germany.html Nils Ullmann Solution Architect Central Europe nullmann@zscaler.com linkedin.com/in/nullmann Branch Transformation Whitepaper https://info.zscaler.com/WP-the-definitive-guide-to-branch-transformation
  35. 35. ©2017 Zscaler, Inc. All rights reserved.34 ©2017 Zscaler, Inc. All rights reserved. Zscaler™, SHIFT™, Direct-to-Cloud™ and ZPA™ are trademarks or registered trademarks of Zscaler, Inc. in the United States and/or other countries. All other trademarks are the property of their respective owners.

Editor's Notes

  • S-1 empower organizations to realize the full potential of the cloud and mobility by securely connecting users to applications from any device, anywhere.
  • https://451research.com/blog/773-according-to-new-451-research-survey,-40-of-enterprises-are-usinghyperconverged-infrastructure
  • But the Challenge of going direct to the Internet with appliances
    Deploy a bunch of appliances to all locations. How many locations does your customer have?
    Can they realistically deploy the same appliance stack sitting in their gateway to every location? No – creates expensive appliance sprawl. Pan will say – create regional hubs and backhaul traffic – which defeats the point of cloud applications and local internet breakouts OR
    Instead, security compromises - how many boxes can they afford and the level of security provided. Compromise leaves org vulnerable.

    And it is not just us saying this. When we asked end users at RSA about their concerns about creating local internet breakouts, They were concerned that it would require additional appliances, about the lack security and control with that many appliances – and that it would be too complex to manage
    Bottom line – appliances don’t work for breakouts.

    It no longer makes sense to backhaul outbound Internet traffic to a firewall in a regional or corporate datacenter. Expensive MPLS backhauling = negative user experience. It no longer makes sense to compromise security by installing smaller boxes in the branch.


  • Security needs to move to cloud, apps must shift from network-based to policy-based access that securely connects the right users to the right apps. And you can do that with Zscaler Cloud firewall
  • This slide was shared with us by a prospect-turned-customer on the value of migrating from hub-and-spoke, appliance-centric architecture to Zscaler.
  • ×