Security and Network Management - Facing 2002.ppt


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Need to find niches, because market is a saturated.
  • Security and Network Management - Facing 2002.ppt

    1. 1. Security and Network Management - Facing 2002 Shai Fultheim CTO, BRM Capital [email_address] +972-53-866-479
    2. 2. Space Overview
    3. 3. Evolution of Security Products 1970’s 1980’s 1990’s 2000 + Extended Enterprise ? Basic Connectivity Mainframe Systems Security & Manageability Level Passwords Firewalls Authentication Intrusion detection Encryption VPN Virus scanners Remote Access Perimeter Security SSL PKI, certificates Filters Access Control E- Commerce Effective Number of Nodes on a Large Enterprise Network      100 10K 1M 10M 100M Level of $$ Risk
    4. 4. The EcoSystem (Today) Proactive/ Preventative Reactive General network coverage (protocols, connections, business rules) Intrusion detection Fire- Walls Authentication Virus scan Authorization PKI Sec mgmt Managed service Log analysis Checkpoint Cisco Network Associates Symantec Netegrity RSA RSA Active Card VeriSign RSA Entrust Certicom Cisco Symantec Counterpane Riptech McAfee/ Network Associates Symantec Sniffers Raytheon Silent Runner NFR Specific data coverage
    5. 5. Trends
    6. 6. Trends and Drivers <ul><li>IT Trends </li></ul><ul><ul><ul><ul><li>Driven by industry </li></ul></ul></ul></ul><ul><li>Regulatory Trends </li></ul><ul><ul><ul><ul><li>Driven by governments </li></ul></ul></ul></ul><ul><li>GeoPolitical Trends </li></ul><ul><ul><ul><ul><li>Driven by Terrorists </li></ul></ul></ul></ul>
    7. 7. IT Trends <ul><li>Target the application. Low layers are in ‘game over’ mode. </li></ul><ul><ul><li>Security </li></ul></ul><ul><ul><ul><li>Application layer introduces more ‘open’ segments. </li></ul></ul></ul><ul><ul><ul><ul><li>Not all applications are protected yet: Web Services, Portals, E-Mail/IM and Storage. New IT developments create new security problems resulting in the creation of a Security leaders. </li></ul></ul></ul></ul><ul><ul><ul><li>A combination of multiple firewalls, intrusion detection systems, and content filters frequently fail to provide adequate application-level security, particularly for Web-enabled applications. </li></ul></ul></ul><ul><ul><ul><ul><li>Gartner Group states that 75% of the cyber attacks today are at the application layer. </li></ul></ul></ul></ul><ul><ul><li>Network Management </li></ul></ul><ul><ul><ul><li>Application viability is the IT’s manager main interest. </li></ul></ul></ul><ul><ul><ul><li>Each generation of network management is of a higher level than the proceeding one. (DOS commands, Device mgmt, Network Mgmt, Business function mgmt, Multi-site mgmt) </li></ul></ul></ul>
    8. 8. IT Trends <ul><li>Outsourcing </li></ul><ul><ul><ul><li>As security issues become more complex and widespread, many companies are finding it more cost-efficient to outsource their security needs to MSS (Managed Security Services) rather than attempting to provide the services in-house. </li></ul></ul></ul><ul><ul><ul><li>Managed security services will grow from a $0.7-billion market in 2000 to a $2.55-billion market in 2005, a five year CAGR of 29%. (Goldman Sachs) </li></ul></ul></ul><ul><ul><ul><li>The emergence of managed security service providers will create special needs for service providers (SLA mgmt, Mega servers, etc.) </li></ul></ul></ul>
    9. 9. IT Trends <ul><li>Remote Sites and Remote Workers: </li></ul><ul><ul><ul><li>The VPN enabled the ‘private line’ on the top of the cloud. The physical connection exists </li></ul></ul></ul><ul><ul><ul><li>Extended VPN – Extending the functionality of VPN with add on services: </li></ul></ul></ul><ul><ul><ul><ul><li>VoIP optimization. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Application acceleration. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>File/portal caching. </li></ul></ul></ul></ul><ul><ul><ul><li>New networking requirements created by new application configurations (e.g. Enterprise portal ) </li></ul></ul></ul>
    10. 10. IT Trends <ul><li>Extended enterprise </li></ul><ul><ul><ul><li>E-Mail – Trusted, secured and binding communication out of the enterprise. </li></ul></ul></ul><ul><ul><ul><li>Secure access to enterprise resources by business partners. (Formerly EDI). Real time collaboration with your business partners. Secured transactions/alerts. </li></ul></ul></ul><ul><ul><ul><ul><li>Today, about 80% of network traffic is external </li></ul></ul></ul></ul><ul><ul><ul><ul><li>The economic benefits of information security (and drivers of future growth) are threefold: </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Prevention of loss or compromise of corporate resources. </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Cost savings from the application of Internet technologies for VPNs instead of using expensive leased lines. </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Revenue-enhancement opportunities from increased linkage throughout the value chain . </li></ul></ul></ul></ul></ul>
    11. 11. IT Trends <ul><li>New networking developments necessitate mgmt applications. </li></ul><ul><ul><ul><li>Storage networks </li></ul></ul></ul><ul><ul><ul><li>VoIP </li></ul></ul></ul><ul><ul><ul><ul><li>Cost saving within the organization </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Branch office connectivity </li></ul></ul></ul></ul><ul><ul><ul><li>Pervasive Applications </li></ul></ul></ul><ul><ul><ul><ul><li>Wireless, Blackberrry, Palm Pilot – this stuff is hard to manage!! </li></ul></ul></ul></ul>
    12. 12. Regulatory Trends <ul><li>Standardize the use of robust security for transferring highly sensitive information: </li></ul><ul><ul><ul><li>The Gramm-Leach-Bliley (GLB) Act, known as the Financial Services Modernization Act of 1999. </li></ul></ul></ul><ul><ul><ul><ul><li>Became effective on July 2001 </li></ul></ul></ul></ul><ul><ul><ul><li>The Healthcare Insurance Portability and Accountability Act of 1996 (HIPAA). </li></ul></ul></ul><ul><ul><ul><ul><li>Became effective on April 2001; Enforcement by April 2003. </li></ul></ul></ul></ul><ul><li>Digital Signature Act </li></ul><ul><ul><ul><li>Giving digital signatures the same legal status as formal “pen-and-paper” signatures. </li></ul></ul></ul><ul><ul><ul><ul><li>Became effective on October 2000; As of March 1, 2001, companies will be able to retain legal records electronically. </li></ul></ul></ul></ul>
    13. 13. GeoPolitical trends <ul><li>Anthrax </li></ul><ul><li>September 11th </li></ul><ul><ul><ul><li>Biometric security </li></ul></ul></ul><ul><ul><ul><li>DRP – Disaster Recovery Planning </li></ul></ul></ul><ul><li>Recession </li></ul>Lets look out for the impact of these GAMMA strikes
    14. 14. Opportunities
    15. 15. Interest Map – What's Not Market leaders identified. Consolidation to come.
    16. 16. Interest Map – What's Hot <ul><li>Appliances </li></ul><ul><ul><li>Increased need for integration and manageability driving growth in the appliance market </li></ul></ul><ul><ul><li>For high end customer/MSS (Expansion) </li></ul></ul><ul><ul><li>Low-End market already matured </li></ul></ul><ul><li>Application Layer </li></ul><ul><ul><li>Application/Services mgmt </li></ul></ul><ul><ul><li>Storage </li></ul></ul><ul><ul><li>Web Services </li></ul></ul><ul><ul><li>E-Mail/IM </li></ul></ul><ul><ul><li>Enhanced-VPN </li></ul></ul><ul><ul><li>Autonomic computing </li></ul></ul><ul><ul><ul><li>Self Healing Networks (!!!) </li></ul></ul></ul><ul><li>Privacy </li></ul><ul><ul><li>Obligation of the enterprise to ensure the privacy of the individuals it is responsible for (GLB/HIPPA) </li></ul></ul>
    17. 17. Support Slides
    18. 18. GLB/HIPPA <ul><li>GLB helped push financial services ahead of other verticals in taking IT security seriously. The act requires financial institutions to address six key information security areas: </li></ul><ul><ul><ul><li>Assessing IT environments and understanding security risks. </li></ul></ul></ul><ul><ul><ul><li>Establishing information security policies. </li></ul></ul></ul><ul><ul><ul><li>Maintaining regular independent assessments. </li></ul></ul></ul><ul><ul><ul><li>Providing user training and security awareness programs. </li></ul></ul></ul><ul><ul><ul><li>Scrutinizing business relationships. </li></ul></ul></ul><ul><ul><ul><li>Reviewing and updating procedures. </li></ul></ul></ul><ul><li>HIPAA requires healthcare providers, plans, and clearinghouses to adopt a security standard that will provide confidentiality, data integrity, and strong authentication for the electronic transmission of and access to sensitive healthcare information. </li></ul>
    19. 19. OSI 7 layers model