Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Secure SD-WAN Service from IBM Security

1,991 views

Published on

International Data Corporation (IDC) estimates that worldwide Software-Defined WAN (SD-WAN) revenues will exceed $6 billion in 2020.

SD-WAN makes it simple for organizations to use different network technologies to connect their remote offices and/or branches to one another via Multi-protocol Label Switching (MPLS) for critical data requiring enterprise grade performance and security, and commercial broadband over the internet for all other data types. In addition, SD-WAN helps accelerate hybrid cloud adoption by facilitating vendor- and technology-agnostic data transport over any WAN or internet circuit.

While IT leaders are excited about the lower costs and increased efficiencies enabled by this technology, they are unsure if SD-WAN will increase the attack surface of their network and open up new vulnerabilities as they connect to the various cloud providers.

Join us for a webinar on July 24 to meet Ben Hendrick, Partner & Global Competency Leader Infrastructure & Endpoint Security at IBM Security and Chirstina Richmond, Program Director for IDC's Security Services as they discuss some of the steps that you can take in order to secure your SD-WAN infrastructure.

Published in: Technology
  • Be the first to comment

Secure SD-WAN Service from IBM Security

  1. 1. Secure SD-WAN service from IBM Security Ben Hendrick Partner & Global Competency Leader Infrastructure & Endpoint Security (IES) July 24, 2017
  2. 2. 2 IBM Security Flat networks Security infra sprawl Simplified, agile management Secure end-to-end fabric Zero Trust Security is the guiding principle made possible by next generation architectures and technologies now available to clients IBM CONFIDENTIAL • Security is an enabler for the SDx infrastructure changes • Enhanced security can be enabled by these SDx changes in the infrastructure IBM Security will help you in partnership with your infrastructure teams to: Private and Public Cloud, Virtualized, Boundary-less, Software Defined, and Zero Trust Perimeter-Centric, Boundaries, and Trusted FUTURE STATECURRENT STATE Design and prove • Build a business case • Create a macro design Integrate and test • Develop a micro design • Execute an implementation plan Manage and optimize • Run a healthy security infrastructure • Respond to changes
  3. 3. 3 IBM Security Security Thought Leadership White Paper Rein in “box sprawl” with an end-to-end Zero Trust approach to security Deploy strong segmentation and encryption to ensure coherent data protection, enterprise-wide
  4. 4. 4 IBM Security
  5. 5. 5 IBM Security
  6. 6. 6 IBM Security Key links on the new Secure SD-WAN Solution • http://www-03.ibm.com/security/services/managed-security-services/sd-wan/ (Main Public – IBM Portal for Secure SD-WAN) • https://youtu.be/bUlAAHcM5j4 (John Wheeler – VP) Overview of Infrastructure and Endpoint Security video • https://youtu.be/BrZWscc_Syk (Ben Hendrick – IES Partner) Overview of Zero Trust Security video • https://securityintelligence.com/secure-sd-wan-the-first-step-toward-zero-trust- security/ (Ben Hendrick – Global IES Partner Blog) • https://securityintelligence.com/events/zero-trust-security-for-the- infrastructure-and-endpoint/ (External Webinar)
  7. 7. 7 IBM Security An integrated and intelligent security immune system Criminal detection Fraud protection Workload protection Cloud access security broker Access management Entitlements and roles Privileged identity management Identity management Data access control Application security management Application scanning Data monitoring Device management Transaction protection Content security Malware protection Antivirus Endpoint patching and management Virtual patching Firewalls Network forensics and threat management Sandboxing Network visibility and segmentation Indicators of compromise IP reputation Threat sharing Vulnerability management Incident response Threat hunting and investigation User behavior analysisCognitive security Threat and anomaly detection
  8. 8. 8 IBM Security Introducing Secure SD-WAN from IBM Security Enhance the security, performance and agility of your Wide Area Network (WAN) and accelerate your journey to the cloud by partnering with IBM Security to introduce security-rich software-defined technology that can work with your current network infrastructure to: • Improve network security • Reduce network connectivity costs • Optimize network and application performance • Accelerate hybrid cloud adoption
  9. 9. 9 IBM Security Benefits of Secure SD-WAN • Low impact to existing operations; no expensive “rip and replace” required • Immediate security improvement • Flexible delivery models and platforms • Increased network visibility to security • All circuit paths are encrypted at all times • Applications run faster, as application routing always uses the fastest and lowest latency path available • Cloud access is enabled and optimized; multi-cloud services are secured and protected • Can be combined with IBM Security’s Managed Security Services (MSS) for a complete end-to-end security solution
  10. 10. 10 IBM Security Corporate Business Units Legal, Audit SecurityHub TechnologyIBM Security Hub – Reference Model Baseline SOC Service Delivery Management Service Level Management Operational Efficiency Service Reporting Escalation Cyber-Security Command Center (CSCC) Executive Security Intelligence Briefings Local Reg. Security Oversight SOC Governance Consolidated Security Analytics & Dashboards Local/Reg. Intel. Briefings SecurityHub Governance SecurityHub Operations SOC Platform Components Big DataBI ToolsSIEMPortal Use Case Library Integration Tool Response Procedure Tool Ticketing & Workflow Cyber-Security Command Center (CSCC) Executive Security Intelligence Briefings SOC Governance Consolidated Security Analytics & Dashboards Local/Reg. Intel. Briefings Local Reg. Security Oversight SOC Service Delivery Management Service Level Management Operational Efficiency Service Reporting Escalation Sec. Integration Security Intelligence Security Analytics Projects and Admin. Support Threat Monitoring Threat Triage Threat Response CSIRT Management Security Hub Input Sources Active Directory/LDAP | Network Security | Unstructured Data | Reference Data IT Ops OT Ops Business Ops Emergency Response Legend MSS IES
  11. 11. 11 IBM Security No matter where you are in your SD-WAN journey, IBM Security can help • Onsite workshop • Network assessment • Business case creation • Architectural design • Proof of concept • Quality Assurance Testing • Documentation creation and review • Create and execute implementation plan • Transition to steady state • Full monitoring and management from IBM Managed Security Services • Client-managed • Ongoing vulnerability and penetration testing services from IBM X-Force Red Plan & design Implement Manage & optimize
  12. 12. 12 IBM Security Secure SD-WAN: Edge Delivery Model • Branch office firewall • IPSec between branch offices • Secure Transport Overlay over any type of WAN • Scalable Cloud VPN for secure connectivity to any destination • Extensible Network Segmentation to Enterprise datacenter and Cloud • Integrated Application Firewall for Branch security • Virtual Services Edge Platform for adding 3rd party Secure VNFs Security features
  13. 13. 13 IBM Security Circuit Costs: MPLS vs Hybrid vs Commercial Broadband Source: Telegeography.com – Broadband vs. MPLS pricing for San Francisco Q4 2014. Median monthly price: 10-20 Mbps Broadband $110/month, 10 Mbps MPLS IP VPN + Local Access $2,100 Month ~$2100/Month ~$1100/Month ~$220/Month MPLS Only ~$2,520,000 Hybrid ~$1,200,000 Dual Internet ~ $264,000 MonthlyCostPerSite
  14. 14. 14 IBM Security Secure SD-WAN: Security as a Service Branch office Wireless centric site Legacy site Remote user CUSTOMER EDGE EDGE DEVICE Legacy MPLSIBM MWSMSS SD Wan Internet VPN MPLS Internet VPN MPLS WAN TRANSPORT CLOUD RESOURCES INTERNETSOFTLAYERWATSON IOT AZUREAWS Internet VPN MPLS/direct EDGE DEVICE EDGE DEVICE SECURITY HUB OPTIONAL – QRADAR (SEIM, FLOW, FORENSICS) IBM PEERING POINT Secure VPN EDGE DEVICE Available Security Features • Next Gen firewall • IPS • Anti-spam • URL Filtering • Malware / AV detection • Command & control traffic detection • Geo IP blocking • SSL VPN • IPSec • Dynamic routing (eBGP, iBGP, OSPF) • QoS • User FW with machine identification • SSL forward proxy
  15. 15. 15 IBM Security Case Study – Before • Client relied exclusively on expensive private MPLS circuits for communications between regional datacenters and branch offices • Updates/changes had to be propagated separately via each datacenter/branch office cluster, thus introducing significant risk of inconsistent network security controls DC #1 Internet DC #2 Internet DC #3 Internet DC #4 Internet DC #5 Internet DC #6 Internet DC #7 Internet DC #8 Internet DC #9 Internet 100% 100% 100% 100% 100% 100% 100% 100% 100% MPLS MPLS MPLS MPLS MPLS MPLS MPLS MPLS MPLS Branches Branches Branches Branches Branches Branches BranchesBranchesBranches • Getting a comprehensive view of the effectiveness of access control policies and network/application usage was nearly impossible • Network bandwidth could not be optimized at an enterprise level • Advanced security, Unified Threat Management (UTM) and analytics capabilities were not enabled throughout the enterprise
  16. 16. 16 IBM Security Case Study – After • Security is centralized and standardized across five “hubs”, improving the client’s security posture and reducing end-user time needed to access cloud applications. The hubs are integrated back into the clients’ active directory infrastructure to ensure proper user authentication. • SIEM analytics is performed against all traffic and alerts are prioritized and acted upon according to corporate policy Internet Cloud services IBM Secure SD-WAN Client datacenters MPLS Internet IP-Sec Branches 70% of network traffic 30% of network traffic Internet IP-Sec • 70% of network traffic is now routed over the internet via secure IP-SEC tunnels, reducing the need for private MPLS circuits and significantly reducing circuit costs • Network traffic is optimized by always routing across the best available connection • Data center consolidation and transformation activities can now be performed by the client without having to alter security infrastructure
  17. 17. 17 IBM Security IBM Security – Integrated Consulting and Managed Security Services Unparalleled Expertise • Access to a global network of recognized security experts • Deep industry service delivery experience across numerous types of operations • Ability to lead and execute large, transformational projects Integrated Approach • Integrated portfolio of security services and technology • Open ecosystem with 100+ technology partners and 30+ services partners • 800+ technical vendor and 150+ professional security certifications Best-in-class Managed Security Services • IBM X-Force® Exchange and Threat Research teams providing zero-day threat alerts to clients • 1400+ employees serving 130+ countries, with a 95% retention rate • 35 billion+ security events analyzed daily across 4,500+ global clients
  18. 18. 18 IBM Security A global leader in network innovation • #1 in enterprise security software and services* • 7,500+ people • 12,000+ customers • 133 countries • 3,500+ security patents • 15 acquisitions since 2005 *According to Technology Business Research, Inc. (TBR) 2016

×