11. The Crucial Role of Deep Packet Inspection (DPI) Visibility and control through inspection of packet data Beyond header and basic packet filtering Inspection of Layer 4-7 payload Content across packets and flows Enabling technology for critical initiatives Security: IDS/IPS, DoS Data Loss Prevention Rate Shaping (QoS) & SLAs (monetization) Lawful Intercept Copyright Enforcement
12. Validating DPI Capabilities is Challenging Static content is necessary but insufficient Protocol changes between applications Changes affect data rates Security attacks are dynamic by nature Security attacks are intentionally evasive Traditional techniques present challenges Ever changing real exploits and targets Large labs, massive hardware, and expensive software to scale to today’s performance requirements Debunking the value of PCAPs Designed for shells, not testing
13. 5 Essentials for Validating DPI-Enabled Products Realism: Blended application traffic combined with live obfuscated attacks Future-proof: The most current application protocols (P2P, Mail Services, Voice/Video, etc.) and all known security vulnerabilities High performance: Line-rate traffic generation to validate DPI High capacity: Millions of concurrent TCP sessions to emulate millions of users Unified: Integrated performance and security testing in a flexible system.
17. Application Protocols and Security Coverage 100+ stateful application protocols (as of December 15, 2009) Encrypted BitTorrent, eDonkey, Chinese P2P Applications IBM DB2, Oracle, Microsoft SQL, MySQL, Postgres FIX, VMware VMotion, Microsoft CIFS/SMB, MAPI, RADIUS Voice, Video API for accelerating proprietary application traffic API for writing and simulating custom security attacks 4,300+ live security strikes (as of December 15, 2009) 100% Microsoft Tuesday coverage in 24 hours Ability to simulate complex attacks such as Botnet and DDoS attacks 80+ evasion techniques such as stream segmentation, packet fragmentation, URL obfuscation SYN Flood attacks with up to 1 Million connections per second Data leak protection and anomaly detection testing
21. Validates the integrity of server transactions High Performance Client Simulation Load Balancer 4,200+ live security attacks Firewall Switch Router IPS Application Server SSL Accelerator
30. Test with RFC 2544Firewall Blended Application Traffic (ex: BitTorrent, FTP, HTTP, SMTP, etc.) + Live Security Strikes Blended Application Traffic (ex: BitTorrent, FTP, HTTP, SMTP, etc.) + Live Security Strikes Zone A Client & Server Simulation Zone B Client & Server Simulation Zone D Client & Server Simulation Zone C Client & Server Simulation 10 Gigabit Ethernet 10 Gigabit Ethernet 10 Gigabit Ethernet
31.
32. Performance with live security attacks under maximum load conditions
33. Detection and blocking capabilities under load and under attack
34. Maximum load capacity with blended application traffic
40. Performance with mix of new and cached data WAN Optimization Appliances Blended Application Traffic (CIFS/SMB, MS Exchange) + Live Security Strikes Blended Application Traffic (CIFS/SMB, MS Exchange) + Live Security Strikes
41. Use Case: Server Load Balancer Performance and functionality under maximum load and under attack Bandwidth constraints HTTP caching performance Ability to process malformed packets or errors Test with RFCs 793, 1945, 2616, 2818, and 3501 Server Load Balancer Application Delivery Controller Blended Application Traffic + Live Security Strikes + Application Fuzzing Blended Application Traffic + Live Security Strikes + Application Fuzzing