Clavister provides network security solutions including virtual security gateways. Their solutions protect against hackers, intrusions, information theft, and other threats. Clavister has over 20 years of experience securing networks and has protected over 100,000 networks. Their complete product portfolio is designed for performance and scalability. Clavister's virtual security gateways provide network security within private cloud infrastructures and enable auditing and compliance for virtual environments without compromising security policies.
Breakout - Airheads Macau 2013 - Microsoft Lync, Unified Communications, Cloud Application Control, and Aruba Networks
Included Topics:
Why should I be interested in Lync/UCC?
What challenges will I face?
How do I solve these challenges?
RF Optimization
QoS
Troubleshooting
Breakout - Airheads Macau 2013 - Microsoft Lync, Unified Communications, Cloud Application Control, and Aruba Networks
Included Topics:
Why should I be interested in Lync/UCC?
What challenges will I face?
How do I solve these challenges?
RF Optimization
QoS
Troubleshooting
IBM Aspera - Moving the world’s data at maximum speedMohamed Morsi
Is there anywhere in your business where delays in moving data is impacting a key business or IT process?
IBM® Aspera® solutions enable organizations to move, share and synchronize large files and data sets, digital assets and media quickly and securely. These highly scalable solutions are built to handle the largest data requirements at maximum speed, regardless of data size, type, distance or network conditions.
Growing consumer demand for smart phones, coupled with the continuing performance growth of such devices, means mobile users are increasingly using applications that make bandwidth and connection demands of the carrier network. There is already a lot of data traffic on mobile networks and at peak periods that might mean congestion and slower access to data.
Network Operators, in order to deal with such demand, deploy network-based PCRF and PCEF/TDF solutions that respond to the network traffic at that particular time and offer a level of control according to various access policies.
Instant chat, videoconferencing, voice calling, file transfer, desktop sharing, and web conferencing are all part of the latest set of unified communication and collaboration (UCC) tools, which can significantly reduce communication and collaboration costs. And your WLAN should understand all these different traffic flows, report on call quality, support high-definition data transfer for video, and more. Hear about best practices for app-level configuration and learn how to get your Aruba WLAN ready for Microsoft Skype for Business, and several other enterprise and commercial grade UCC apps.
Lync Server 2013: Network Quality considerations in LAN, WAN and Wi-FiStåle Hansen
•VoIP Metrics
•Demo of how the Lync client notifies users of poor network
•Codecs and Bandwith
•Lync Bandwith planning
•Short demo of the Lync bandwith calculator
•QoS in networks
•Optimizing for voice in Wi-Fi with different vendors
Watch the recording with demo:
This is a depiction on Legacy Telecom technologies and landscape. It describes the outdated approach in Telecom network and their new updates technology versions for IP based Telecom networks .
This presentation is a brief summary of HostedSwitch® class 4 VoIP switch features and functionalities:
1) Softswitch engine
2) Routing
3) VoIP Billing
4) Reporting & Alerting
5) HostedSwitch® Advantages
HPE Distributed Cloud Networking (DCN) enables service providers and large organizations to manage a distributed, multi data center environment in a simple, open and agile way using software-defined networking and network virtualization. At this session, we'll explore HPE Distributed Cloud Networking (DCN), Layer 2 to Layer 4. You will learn how this network virtualization platform optimizes the network by removing inefficiencies.
IBM Aspera - Moving the world’s data at maximum speedMohamed Morsi
Is there anywhere in your business where delays in moving data is impacting a key business or IT process?
IBM® Aspera® solutions enable organizations to move, share and synchronize large files and data sets, digital assets and media quickly and securely. These highly scalable solutions are built to handle the largest data requirements at maximum speed, regardless of data size, type, distance or network conditions.
Growing consumer demand for smart phones, coupled with the continuing performance growth of such devices, means mobile users are increasingly using applications that make bandwidth and connection demands of the carrier network. There is already a lot of data traffic on mobile networks and at peak periods that might mean congestion and slower access to data.
Network Operators, in order to deal with such demand, deploy network-based PCRF and PCEF/TDF solutions that respond to the network traffic at that particular time and offer a level of control according to various access policies.
Instant chat, videoconferencing, voice calling, file transfer, desktop sharing, and web conferencing are all part of the latest set of unified communication and collaboration (UCC) tools, which can significantly reduce communication and collaboration costs. And your WLAN should understand all these different traffic flows, report on call quality, support high-definition data transfer for video, and more. Hear about best practices for app-level configuration and learn how to get your Aruba WLAN ready for Microsoft Skype for Business, and several other enterprise and commercial grade UCC apps.
Lync Server 2013: Network Quality considerations in LAN, WAN and Wi-FiStåle Hansen
•VoIP Metrics
•Demo of how the Lync client notifies users of poor network
•Codecs and Bandwith
•Lync Bandwith planning
•Short demo of the Lync bandwith calculator
•QoS in networks
•Optimizing for voice in Wi-Fi with different vendors
Watch the recording with demo:
This is a depiction on Legacy Telecom technologies and landscape. It describes the outdated approach in Telecom network and their new updates technology versions for IP based Telecom networks .
This presentation is a brief summary of HostedSwitch® class 4 VoIP switch features and functionalities:
1) Softswitch engine
2) Routing
3) VoIP Billing
4) Reporting & Alerting
5) HostedSwitch® Advantages
HPE Distributed Cloud Networking (DCN) enables service providers and large organizations to manage a distributed, multi data center environment in a simple, open and agile way using software-defined networking and network virtualization. At this session, we'll explore HPE Distributed Cloud Networking (DCN), Layer 2 to Layer 4. You will learn how this network virtualization platform optimizes the network by removing inefficiencies.
This presentation will help you better understand:
- The Oracle Embedded Value Proposition
- The Oracle Service Bus (OSB) Value Proposition
- The Challenge Of The Extended Enterprise
- Introducing the OSB Appliance (OSBA)
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
2. Company Overview
• A leading European provider of network
security solutions for Service Providers,
Enterprise and Government customers
• Our solutions protects against:
– Hackers
– Intrusions
– Information theft
– Eavesdropping
– Viruses
– Spam
– Malicious content
... and more
3. Proven track record and industry experience
• Long-term experience from securing some of the world’s most demanding
networks
• Protecting 100.000+ networks and 20.000+ customers
• Customers include:
• Complete and mature product portfolio designed for performance and scalability
4. Established market position
• Recognized as one of the top 12 suppliers
in the world by analyst Gartner Group
• Several technology awards and product
recognitions in magazines
• Technology partnerships with leading
industry partners including Cavium
Networks, RadiSys, Kaspersky and VMware
5. Global Presence
• About 70 employees
• Headquarters in Örnsköldsvik, Sweden
• Sales offices in Europe and Asia
– Stockholm, Sweden
– Hamburg, Germany
– Paris, France
– Torino, Italy
– Singapore
– China (5 locations)
• 100+ Solution and Channel Partners worldwide
7. CorePlus – The Core in our Products
Secure & Robust
• Our proprietary and purposely built network security operating system
• No inheritance of vulnerabilities from an underlying Operating System
• Minimal footprint and attack surface
Compact, Optimized & Scaleable
• Optimal resource utilization
• High performance with high reliability
• xPansion Lines Licensing offering scalability
Fine granular Control
• Seamless integration of all subsystems, in-depth
administrative control
12. Virtualization going forward
Just like…..
IT
as a
Service Inexpensive, usage based, pay-as-you-go
Ubiquitously available
Reliable
Choice of providers
13. The virtual network – not just for the server guys
Traditional Network Virtual Network
• Multitude of network segments • Less network segments which divides the servers
• Communication between zones are monitored and • Communication between virtual machines are not
secured monitored or secured !
DANGER
16. Drawbacks With “Mixed Solutions”
• Looks good at first glance but not as attractive in the longer run!
• You will still have to rely on external, non virtual, appliances
• Forces you to create isolated islands instead of a dynamic and
scalable pool of resources
• Virtual yes, cloud no!
• Does not allow you to protect the private cloud which might be a
mix of on site and off site resources
• Does not benefit from Redundancy and Disaster Recovery tools
• Creating team or project oriented silos which is very common in e.g.
consulting and media companies very difficult
18. The Clavister Virtual Security Gateway Solution
No underlying Operating System – Only Clavister
CorePlus
Runs in the virtual infrastructure and benefits from
the virtualization itself:
Easy to deploy, highly
redundant, scalable, simplified
maintenance, etc.
Templates & workflows – Ideal for large
installations e.g. Managed Services, Utilities such
as smart grid, wind/solar power etc.
19. Clavister Virtual Security Gateway Solution
Virtual Machines (VMs) are not allowed to talk with each All security inspections which would have been performed
other without first going through the Virtual Securigy by a physical security gateway in a physical structure are
Gateway done ”in-line” in the virtual environment.
20. Communication Path Diagram
All virtual machines and inter-communication is
secured using best-in-class virtual security gatways
Web Front-End Zone and which enables mission critical applications to be
virtualized without comprimises to the security
policies
ETH1
Clavister Virtual Security Gateway
Middleware /
Business Logic Zone
Virtual Switch
ETH2
Back-End Database
Zone
ETH2
21. Troubleshooting, Monitoring, Alarms & Auditing
• Troubleshoot communication using:
• Real-time monitoring with filters
• PCAP & Memlog recording
• Log analysis
• Monitor behavior of traffic using:
• SNMP
• Real-Time monitoring
• Real-Time KPI dashboards
• Create custom and policy based alarms events (thresholds etc)
• Full auditing capabilities using
• Built-in log viewing applications
• External SIEM systems
22. Typical Enterprise Environment
Disaster Recovery or Lab/Test Network
Virtualized production infrastructure
Traditional physical server network
24. Clavister VSG Models & Dimensioning
VSG21 VSG110 VSG510 VSG1100
Plaintext Performance (Mbit/s)* 50 200 500 1000
VPN Tunnels 25 200 500 1000
VLAN 4 64 128 512
Concurrent Connections 4000 16000 64000 256000
Recommended Application Test & Lab Networks Small installations with a Medium and Large Large installations with
with no or very low limited amount of installations with medium medium to high
performance protected VMs with low to to high performance performance applications
demands medium performance applications such as such as
demands web/mail/citrix/databases web/mail/citrix/databases
and similar and similar
25. Features
• Protect Virtual Servers
Segregate virtual machines from each other and avoid hackers from jumping from one machine to
another without having to use physical appliance and creating isolated islands.
• Secure Cloud Infrastructures
Enforce network security within the private cloud, both for the part of the cloud which is running in
your datacenter and the part that you might have outsourced to a hosting provider.
• Secure Inter-Communication
Utilize the VPN encryption to secure communication between virtual machines
• Achieve Auditing and Regulatory Compliance
Since the virtual security gateway can be run inside the virtual infrastructure security auditing can be
achieved and thereby regulatory compliance requirements can be met.
• No Security Policy Compromises for Virtual Environments
Utilize your standard set of policies not only for physical machines but just as easily also for virtual
ones.
26. Benefits
• Scalability
User can now extend security by simply deploying new security gateways as they go.
• Lower CAPEX
Virtualization opens up for new business models where CAPEX is minimized.
• Simplified Maintenance
Security components inherit all manageability features from a virtual environment, such as fail-
over, provisioning, and so forth.
• Minimized downtime
Less hardware in combination with highly efficient disaster recovery and redundancy tools such as VMmotion
reduces downtime and improves the overall in service performance of the security solution
• Simplified Test/Lab testing
Since the virtual security gateway is a part of the virtual infrastructure it becomes easier to create lab/test
environments which decreases the complexity of security tests which in it’s turn improves the overall security
27. Why Clavister VSG is better than physical UTMs
• No need to create isolated islands
Creating security zones inside the virtual infrastructure using physical gateways forces you
to have all traffic routed out of the infrastructure and then back in. Thereby leaving you with
isolated islands which turns into additional administration and limits the possibilities to
leverage cloud like resource pools and many of the fundamental virtualization benefits
• Improves the consolidation ratio
By using the Clavister Virtual Security Gateway to create security zones within a
homogeneous physical pool of resources and avoid creating the isolated islands which are
necessary when using physical UTM gateways, the consolidation ratio can be improved
since you do not have to have the extra performance overhead distributed on each
island.This becomes especially important when using the Vmware Dynamic Resource
Scheduler which can move VMs between physical hosts and and allocate more CPU and
RAM memory in run-time using the hot-add functionality.
28. Why Clavister VSG is better than physical UTMs
• Leverages virtualization benefits also for security gateways
Virtualization offers many benefits such as 100% guaranteed availability, disaster
recovery, ease of deployment, simplified administration. All these benefits the Clavister
VSG can leverage as it runs as a part of the virtual infrastructure. These benefits the
physical gateways can never leverage, it actually limits the possibilities for all the other IT
infrastructure from benefitting from it as well
• Improved SLAs and better control
With the security gateway running inside the virtual infrastructure you can improve your
SLAs and make the SLA reporting and prediction much more efficient since you do not
have to rely on external equipment not under the control of the virtual infrastructure.
Physical appliances used for protecting the “isolated” islands are often used also for the
other physical infrastructure, thereby creating a structure where modifications in the
physical infrastructure might disturb also your virtual datacenter.
29. Why Clavister VSG is better than other VSGs
No Prooven
Complete Scaleable Unified
Operating &
Security Licensing Management
System Trusted
Clavister VSG Advantages
Next
30. Advantages – No OS
No underlying Operating System
Clavister Virtual Security Gateways does not have an underlying
Footprint
Operating System which is the case for most other virtual security
32 MB
Clavister VSG
gateways. The Clavister VSG only use Clavister CorePlus which is Clavister CorePlus
our “bare-metal” security gateway application with built in operating
system functionality.
Virtual Machine
The Size does matter!
Hypervisor
There are many benefits of not having an underlying operating
system. Patch management is one of them. In many cases the
underlying OS has a very large footprint (checkpoint has a footprint
of more than 10 GB) which are made up of features and functions
500MB - 12 GB
which does not have anything to do with the security function, non
Other Vendors VSG
Application
Footprint
the less, the OS needs recurring updates even if the patches does
not have anything to do with the security itself. Equally often these
patches requires restarts and reboots. In the end the result of Operating System
having a bulky OS to run the security gateway is less predictable
quality, additional administration, un-necessary maintenance, etc.. Virtual Machine
Back Hypervisor
31. Advantages – No OS – Footprint Comparison
Checkpoint VPN1-VE
Min 12GB Storage
CheckPoint VPN1-VE
Min 512 MB RAM
CorePlus
2MB actual footprint
CorePlus Min 32MB Storage*
Min 32MB RAM
*The minimum storage size of a
virtual machine in vmware
ESXi is 32MB even if the application
is smaller
32. Advantages – Proven and Trusted
• Large Install base
Clavister CorePlus, is today being used in more than 100.000 installations world-wide, ranging from
small office/home office to large enterprises, military, government and telecom networks.
• Mature Technology
CorePlus has been on the market since 1997 and has a high level of maturity and does not suffer from
child deceases which might be the case for newer products and technologies
• Long term history and track record
CorePlus is a mature product with a history that dates back to 1997, CorePlus also has an impressive
track record of being used in some of the worlds most demanding networks, including the telecom
operator networks and customers like France Telecom/Orange, Roger
Wireless, Terremark, SAAB, French Navy/Military, etc.
• Large Virtual Networks Experience
CorePlus has been used as virtual security gateways in some of the worlds largest virtual
infrastructures with more than 1000 sites/virtual machines and >100.000 users which probably makes
it the worlds largest deployment of virtual security gateways..
Back
33. Advantages – Complete Security
• Not only a firewall or an IDS
Clavister CorePlus is a complete Unified Threat Management solution with comprehensive
protection against modern attacks and security threats. Most other virtual security gateways are
early to market solutions which only cover a limited set of protection features, such as only being a
firewall, only being an IDS solution etc.
•
• Complete yet saleable and dynamic
Even though Clavister Virtual Security Gateways has a very comprehensive set of feature’s, you as
an administrator can orchestrate the solution to only run the features as you like. Thereby making
the solution more adaptable to your real network with minimum overhead
• Complete feature set – High Performance
Thanks to the unique design of the Clavister Virtual Security Gateways and the CorePlus firmware
which has a minimum overhead and is optimized for the security functions only, performance
figures of multiple gigabit can be achieved even in the virtual infrastructure.
Back
34. Advantages – Scaleable licensing
• Licensing per Gateway – Not per Virtual Machine
The Clavister Virtual Security Gateway’s are licensed based on a per gateway basis, not per virtual
machine being protected. This means that you do not need the hassle with upgrading licenses for
the security gateway every time you wish to add new virtual machines to your infrastructure. It also
enables a much more cost effective setup in larger environments and provides a much more
predicable Total Cost of Ownership. This is especially important in the scenarios where you expect
an increased demand on new server and functions as IT becomes more available
• Feature & Capacity Differentiated License Models
The Clavister Virtual Security Gateway’s are offered in four different license model, each with
different amount of performance, capacity and features. This enables you to choose the model that
fit your needs best. Customized license models can also be offered for specific needs. E.g. power
utilities, managed security services, etc.
Back
35. Advantages – Unified Management
• Software, Hardware Virtual
The Clavister Virtual Security Gateway’s are managed using the exact same management software
as the hardware and software based versions are, i.e. using Clavister InControl. This means that
you can managed and administrate your entire network security architecture using the one and
same system independently on the platform. This not only lower your administration costs but it
also helps make your overall security stronger compared to other virtual machines which requires
you to learn a completely new management interface for the virtual infrastructure alone.
• Integrate with your business process and other IT systems
The Clavister InControl management suite offers a full blown Application Programmatic Interface
which enables you to integrate the management and administration of the Virtual Security gateway
from your other core IT systems. Through this integration capability you are able to have your
network operating central system manage the virtual security gateway, your IT support staff take
care of simple tasks from the support systems and similar. The advantage of this is that you are
able to lower administrative costs and become more reactive on your users and business demands
Back
37. xSPs / Telecom Operators- Market Situation
Competitive Market
• Highly competitive and saturated market
• Recruiting new customers is expensive
• Operational efficiency is a must to remain competitive
Financials
• Low and decreasing profit margins for traditional offerings
• Increasing Average Revenue Per User (ARPU) is absolute key to
growth & success
• Financial crisis drives the need to offer cost-savings services to
customers
First mover advantage
• Time between visionary to market leadership is shorter than ever
38. Clavister vSeries – Value Proposition for xSP´s
• Opportunity to take first mover advantage
• A value-adding and unique security offering
• Create your own attractive security services portfolio:
(Firewall, VPN, Content Filtering, IDP, Anti-Virus…)
• Leverage existing virtual infrastrucutres
• Extreme Scalability, Deployment, SLA, etc..
• Increase your Average Revenue Per User (ARPU)
• Low capital investment – Expands as you grow
39. Clavister vSeries – What it is
Security Platform
• Best-of-breed Security Gateway’s
• Clavister Security Services Platform (SSP) our offering for Service
Providers
Virtual for optimal scalability and financial benefits
• Runs inside a virtual infrastructure (e.g VMware / Xen/ Microsoft)
• Runs in your datacenter (each customer gets a dedicated security
gateways)
• Extremely resource efficient - More gateways on less hardware
Designed for Operators
• MSSP friendly Management & Operations
• Extremely scalable - Provision 1 gateway just as easy as 100.000
41. Security Services for Internet Subscribers
• Value Add Services for Internet Subscribers
• Added on top of internet connection bill
• Increase ARPU - Offer the services to all existing customers
• First mover advantage – Infrastructure as a Service (IaaS) already today
• Plug-in Solution for the Broadband Network Datacenter
• No need for End User Equipment
• Efficient Management and Maintenance
• Optimized Provisioning Capabilities
• Customer Focused Service Packages
• Small & Medium Business
• Remote Office
• Retail Stores…
46. Business Case – Service Providers (Hosting)
• Value Adding
Offer a value-adding managed security services to hosting customers.
• Tailor made service portfolio
Use the pick-n-choose service packaging's
• Operational Efficiency
Automatic deployment without any human intervention
• Accelerates hosting business
Makes customers more comfortable hosting sensitive applications
(Cloud and utility computing is specific)
• Increase ARPU
• Low investment - High profit margins
47. SMB - Hosting Security Services Hosted - Virtual Machines
(dedicated or part of a cloud)
- Microsoft Exchange
- Web Server
- FTP Server
Firewall
Customer #1
VPN
Content Filtering
Customer #2
IDP
Anti-Virus
Reporting
Datacenter
Core Network Customer #3
Virtual Security Gateway
Managed or self-managed
48. Customer Experience - Deployment
1. 2. 3.
Choose Service Automatic deployment Use the service
( < 1hour )
€
50. Terremark - Reference Customer
About Terremark
Terremark Worldwide (NASDAQ:TMRK) acclaimed Infinistructure utility
computing architecture has redefined industry standards for scalable and
flexible computing infrastructure and its digitalOps service delivery platform
combines end-to-end systems management workflow with a comprehensive
customer portal.
TERREMARK AT A GLANCE
• NASDAQ: TMRK
• Leader in managed IT infrastructure services (Gartner - Leaders Quadrant)
• Datacenters in the United States, South America and Europe
• SAS 70 Type II Certified
• Microsoft Gold Certified Partner
• United States General Services Administration (GSA) Schedule#
GS35F0073U
Over the last 10 years virtualization has developed and matured significantly.What in the early days was the ability to partition one server into several virtual machines has now grown into a virtual infrastructure which not only involves one hardware being virtualized but a complete datacenter.As we look forward cloud computing infrastructure becomes more and more commoditized, especially since the hypervisors are complemented with a full scaled cloud management framework as a part of the standard offering.The reason why the evolution is imporant from a security aspect is due to the fact that as the size of the virtual network grows, the need for security products tailored for these new environments increased dramatically.Protecting a virtual infrastructure with a simple physical gateway on the outside of the infrastructure just won’t provide the level of control and insight into the virtual network traffic.
As the trend for virtualization moves forward, driven by the generic business needs and IT itself becomming more mature and an integrated part of any organization in the same way as power or telephony, new technologies has emerged and is now being used by companies who want to escape the reality of costly maintenance and cludgy solutions that doesn’t support the business process the way it should.This is where the cloud comes in. The cloud is designed to offer IT as a Service, much similar to power or telephony and transforms IT from being something introvert and resource demanding to a very scaleable model where you pay for what you get and as expands with you at your own pace.
Traditional network security relies on physical segmentation of networks and servers. Physical firewalls / security gateways then form effective filters between communicating parties.To achieve secure zones using old fashioned physical gateways the virtual traffic needs to exit the virtual infrastructure and you end up having to create multiple isolated islands, with all the extra administration and inability to use cloud like capabilities.In a virtual environment, however, a large amount of servers may be deployed within the boundaries of a single hardware. As a result, communication between servers does not necessarily need to leave the physical hardware.
If the isolated zones are not created still having one large infrastructure, companies are putting their infrastructure at large risk since threats can easily spread from one zone to another without any security gateways scanning the traffic and applying policies.
The mixed solution has many disadvantages and does not allow organizations to have one large pool of resources that scales seamlessly, instead, each zone becomes its own isolated island with all the additional administration this means. Furthermore, in cloud scenarios where the private cloud can either be housed on site or off site, the physical gateway will not be able to protect your virtual resources efficiently.Clearly, the biggest disadvantage of this solution is that the environment still relies on external physical components, which is a total contradiction to the virtualization idea.Furthermore it will become difficult to create identical lab environments and test the setup where security is considered an important aspect.
Mixing virtual infrastructures with traditional physical security appliances limits your capabilities to leverage the virtualization benefits in a very large extent. This is also why the virtual security gateway is superior to the physical security gateway for the virtual infrastructures.
The most straight-forward way of solving the problem is to deploy also the security gateways as virtual nodes in the virtual environment.
The most straight-forward way of solving the problem is to deploy also the security gateways as virtual nodes in the virtual environment.
The size of other vendors virtual machines are often very large. 500MB is very common and in some cases such as with Checkpoint it’s up to 12 GB.This means that the security application actually are depending on a very bulky standard operating system with millions of lines of code which are not optimized for security specifically and often has nothing to do with the actuall application itself. This bulky OS will need recurring patches which might cause interuptions in your network security infrastructure. With Clavister, every single line of code is optimized for the security gateway itself and patches only needs to be applied for the security function itself, thereby keeping maintenance and disurbances at an absolute minimum,Other aspects of a large and bulky underlying operating system is the potential risk of inheriting vulnerabilities from the OS to the security function since these are heavily dependant on each other. One such example is the sockstress attack framework which utalizes several weaknesses and vulnerabilities in common operating systems. When information about the sockstress attack framework was released, checkpoint and almost every other security vendor who had been using a standard operating system such as Linux, Unix, Windows, BSD, etc had to scamble very fast to try and provide a patch for the vulnerabilities since their solution was vulnerable for this attack. In the end, the result was that their customers had to go through an extensive patch management procedure in order to avoid having critical security Denial of Service breaches occuring in their network.Since Clavister has no underlying operating system, the vulnerabilities did not apply to Clavister and there was no need for a patch since it was not affected by the attack.Sockstress is just one example, the fact that large operating systems needs patch management and has vulnerabilities that can pose a potential threat to the security application itself is a much more fundamental issue which should not be overlooked.