SlideShare a Scribd company logo

Evaluating Network and Security Devices

Download as PPTX, PDF
P
ponealmickelson

Capabilities presentation covering use case scenarios for evaluating DPI, network and security devices.

1 of 18
Evaluating Network and Security Devices
Escalating Network Mayhem 2
The Industry’s Answer Unified Computing/Cloud Computing Dedicated Application Servers ,[object Object]
Distributed networkApplication Servers ,[object Object]
Single serverApplication Delivery Controllers ,[object Object]
Layer 2-7 trafficRouters/Switches ,[object Object]
Layer 2-3 trafficLoad Balancers ,[object Object]
Layer 2-4 trafficUnified Multi-Purpose Systems, Virtualized Systems ,[object Object]
Single application
Network-aware Network Devices Application Servers
The Crucial Role of Deep Packet Inspection (DPI) Visibility and control through inspection of packet data Beyond header and basic packet filtering Inspection of Layer 4-7 payload Content across packets and flows Enabling technology for critical initiatives Security: IDS/IPS, DoS Data Loss Prevention Rate Shaping (QoS) & SLAs (monetization) Lawful Intercept Copyright Enforcement
Validating DPI Capabilities is Challenging Static content is necessary but insufficient Protocol changes between applications Changes affect data rates Security attacks are dynamic by nature Security attacks are intentionally evasive Traditional techniques present challenges Ever changing real exploits and targets Large labs, massive hardware, and expensive software to scale to today’s performance requirements Debunking the value of PCAPs Designed for shells, not testing
5 Essentials for Validating DPI-Enabled Products Realism: Blended application traffic combined with live obfuscated attacks Future-proof: The most current application protocols (P2P, Mail Services, Voice/Video, etc.) and all known security vulnerabilities High performance: Line-rate traffic generation to validate DPI High capacity: Millions of concurrent TCP sessions to emulate millions of users Unified: Integrated performance and security testing in a flexible system.
Real Application Traffic Matters Performance (Megabits) Traffic Mix
Comprehensive Resiliency Testing
Resiliency Testing Architecture TM TM
Application Protocols and Security Coverage 100+ stateful application protocols (as of December 15, 2009) Encrypted BitTorrent, eDonkey, Chinese P2P Applications IBM DB2, Oracle, Microsoft SQL, MySQL, Postgres FIX, VMware VMotion, Microsoft CIFS/SMB, MAPI, RADIUS Voice, Video API for accelerating proprietary application traffic API for writing and simulating custom security attacks 4,300+ live security strikes (as of December 15, 2009) 100% Microsoft Tuesday coverage in 24 hours Ability to simulate complex attacks such as Botnet and DDoS attacks 80+ evasion techniques such as stream segmentation, packet fragmentation, URL obfuscation SYN Flood attacks with up to 1 Million connections per second Data leak protection and anomaly detection testing
There’s An App for That….

Recommended

Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 SecurityExchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 SecurityHarold Wong
 
Measure Network Performance, Security and Stability
Measure Network Performance, Security and StabilityMeasure Network Performance, Security and Stability
Measure Network Performance, Security and StabilityIxia
 
BreakingPoint & Crossbeam RSA Conference 2011 Presentation: Evaluating High P...
BreakingPoint & Crossbeam RSA Conference 2011 Presentation: Evaluating High P...BreakingPoint & Crossbeam RSA Conference 2011 Presentation: Evaluating High P...
BreakingPoint & Crossbeam RSA Conference 2011 Presentation: Evaluating High P...Ixia
 
Complex End-to-End Testing
Complex End-to-End TestingComplex End-to-End Testing
Complex End-to-End TestingErika Barron
 
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...Ixia
 
How to Test High-Performance Next-Generation Firewalls
How to Test High-Performance Next-Generation FirewallsHow to Test High-Performance Next-Generation Firewalls
How to Test High-Performance Next-Generation FirewallsIxia
 
Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Deivid Toledo
 
Web Api services using IBM Datapower
Web Api services using IBM DatapowerWeb Api services using IBM Datapower
Web Api services using IBM DatapowerSigortam.net
 

Recommended

Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 SecurityExchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 SecurityHarold Wong
 
Measure Network Performance, Security and Stability
Measure Network Performance, Security and StabilityMeasure Network Performance, Security and Stability
Measure Network Performance, Security and StabilityIxia
 
BreakingPoint & Crossbeam RSA Conference 2011 Presentation: Evaluating High P...
BreakingPoint & Crossbeam RSA Conference 2011 Presentation: Evaluating High P...BreakingPoint & Crossbeam RSA Conference 2011 Presentation: Evaluating High P...
BreakingPoint & Crossbeam RSA Conference 2011 Presentation: Evaluating High P...Ixia
 
Complex End-to-End Testing
Complex End-to-End TestingComplex End-to-End Testing
Complex End-to-End TestingErika Barron
 
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...Ixia
 
How to Test High-Performance Next-Generation Firewalls
How to Test High-Performance Next-Generation FirewallsHow to Test High-Performance Next-Generation Firewalls
How to Test High-Performance Next-Generation FirewallsIxia
 
Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Deivid Toledo
 
Web Api services using IBM Datapower
Web Api services using IBM DatapowerWeb Api services using IBM Datapower
Web Api services using IBM DatapowerSigortam.net
 
Hafnium attack
Hafnium attackHafnium attack
Hafnium attackHappiest Minds Technologies
 
Benefits of web application firewalls
Benefits of web application firewallsBenefits of web application firewalls
Benefits of web application firewallsEnclaveSecurity
 
Www architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protectionWww architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protectionAustina Francis
 
Virtual Private Networks
Virtual Private NetworksVirtual Private Networks
Virtual Private Networksprimeteacher32
 
DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API SecurityJagadish Vemugunta
 
AWS Community Day - Vitaliy Shtym - Pragmatic Container Security
AWS Community Day - Vitaliy Shtym - Pragmatic Container SecurityAWS Community Day - Vitaliy Shtym - Pragmatic Container Security
AWS Community Day - Vitaliy Shtym - Pragmatic Container SecurityAWS Chicago
 
Intorduction to Datapower
Intorduction to DatapowerIntorduction to Datapower
Intorduction to DatapowerShilpin Pvt. Ltd.
 
Vfm packetshaper presentation
Vfm packetshaper presentationVfm packetshaper presentation
Vfm packetshaper presentationvfmindia
 
Cloud computing
Cloud computingCloud computing
Cloud computingGanesh Pasnurwar
 
20070605 Radware
20070605 Radware20070605 Radware
20070605 RadwareINFOTIME
 
Microsoft challenges of a multi tenant kafka service
Microsoft challenges of a multi tenant kafka serviceMicrosoft challenges of a multi tenant kafka service
Microsoft challenges of a multi tenant kafka serviceNitin Kumar
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssueIshan Girdhar
 
Extending ADDM Discovery to Firewalls, Applications and Routers
Extending ADDM Discovery to Firewalls, Applications and RoutersExtending ADDM Discovery to Firewalls, Applications and Routers
Extending ADDM Discovery to Firewalls, Applications and RoutersWes Moskal-Fitzpatrick
 
Data power v7 update - Ravi Katikala
Data power v7 update - Ravi KatikalaData power v7 update - Ravi Katikala
Data power v7 update - Ravi Katikalafloridawusergroup
 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesAmazon Web Services
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudCryptzone
 
Zimbra collaboration suite
Zimbra collaboration suiteZimbra collaboration suite
Zimbra collaboration suiteramansharma1984
 
Start Up Austin 2017: Production Preview - How to Stop Bad Things From Happening
Start Up Austin 2017: Production Preview - How to Stop Bad Things From HappeningStart Up Austin 2017: Production Preview - How to Stop Bad Things From Happening
Start Up Austin 2017: Production Preview - How to Stop Bad Things From HappeningAmazon Web Services
 
Clientserver Presentation
Clientserver PresentationClientserver Presentation
Clientserver PresentationTuhin_Das
 
Topic Maps Web Service: Case Examples and General Structure
Topic Maps Web Service: Case Examples and General StructureTopic Maps Web Service: Case Examples and General Structure
Topic Maps Web Service: Case Examples and General Structuretmra
 
A Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesA Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesRyan Faircloth
 

More Related Content

What's hot

Benefits of web application firewalls
Benefits of web application firewallsBenefits of web application firewalls
Benefits of web application firewallsEnclaveSecurity
 
Www architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protectionWww architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protectionAustina Francis
 
Virtual Private Networks
Virtual Private NetworksVirtual Private Networks
Virtual Private Networksprimeteacher32
 
DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API SecurityJagadish Vemugunta
 
AWS Community Day - Vitaliy Shtym - Pragmatic Container Security
AWS Community Day - Vitaliy Shtym - Pragmatic Container SecurityAWS Community Day - Vitaliy Shtym - Pragmatic Container Security
AWS Community Day - Vitaliy Shtym - Pragmatic Container SecurityAWS Chicago
 
Vfm packetshaper presentation
Vfm packetshaper presentationVfm packetshaper presentation
Vfm packetshaper presentationvfmindia
 
20070605 Radware
20070605 Radware20070605 Radware
20070605 RadwareINFOTIME
 
Microsoft challenges of a multi tenant kafka service
Microsoft challenges of a multi tenant kafka serviceMicrosoft challenges of a multi tenant kafka service
Microsoft challenges of a multi tenant kafka serviceNitin Kumar
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssueIshan Girdhar
 
Extending ADDM Discovery to Firewalls, Applications and Routers
Extending ADDM Discovery to Firewalls, Applications and RoutersExtending ADDM Discovery to Firewalls, Applications and Routers
Extending ADDM Discovery to Firewalls, Applications and RoutersWes Moskal-Fitzpatrick
 
Data power v7 update - Ravi Katikala
Data power v7 update - Ravi KatikalaData power v7 update - Ravi Katikala
Data power v7 update - Ravi Katikalafloridawusergroup
 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesAmazon Web Services
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudCryptzone
 
Zimbra collaboration suite
Zimbra collaboration suiteZimbra collaboration suite
Zimbra collaboration suiteramansharma1984
 
Start Up Austin 2017: Production Preview - How to Stop Bad Things From Happening
Start Up Austin 2017: Production Preview - How to Stop Bad Things From HappeningStart Up Austin 2017: Production Preview - How to Stop Bad Things From Happening
Start Up Austin 2017: Production Preview - How to Stop Bad Things From HappeningAmazon Web Services
 
Clientserver Presentation
Clientserver PresentationClientserver Presentation
Clientserver PresentationTuhin_Das
 

What's hot (20)

Hafnium attack
Hafnium attackHafnium attack
Hafnium attack
 
Benefits of web application firewalls
Benefits of web application firewallsBenefits of web application firewalls
Benefits of web application firewalls
 
Www architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protectionWww architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protection
 
Virtual Private Networks
Virtual Private NetworksVirtual Private Networks
Virtual Private Networks
 
DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API Security
 
AWS Community Day - Vitaliy Shtym - Pragmatic Container Security
AWS Community Day - Vitaliy Shtym - Pragmatic Container SecurityAWS Community Day - Vitaliy Shtym - Pragmatic Container Security
AWS Community Day - Vitaliy Shtym - Pragmatic Container Security
 
Intorduction to Datapower
Intorduction to DatapowerIntorduction to Datapower
Intorduction to Datapower
 
Vfm packetshaper presentation
Vfm packetshaper presentationVfm packetshaper presentation
Vfm packetshaper presentation
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
20070605 Radware
20070605 Radware20070605 Radware
20070605 Radware
 
Microsoft challenges of a multi tenant kafka service
Microsoft challenges of a multi tenant kafka serviceMicrosoft challenges of a multi tenant kafka service
Microsoft challenges of a multi tenant kafka service
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 Issue
 
Extending ADDM Discovery to Firewalls, Applications and Routers
Extending ADDM Discovery to Firewalls, Applications and RoutersExtending ADDM Discovery to Firewalls, Applications and Routers
Extending ADDM Discovery to Firewalls, Applications and Routers
 
Data power v7 update - Ravi Katikala
Data power v7 update - Ravi KatikalaData power v7 update - Ravi Katikala
Data power v7 update - Ravi Katikala
 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best Pratices
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the Cloud
 
Zimbra collaboration suite
Zimbra collaboration suiteZimbra collaboration suite
Zimbra collaboration suite
 
Start Up Austin 2017: Production Preview - How to Stop Bad Things From Happening
Start Up Austin 2017: Production Preview - How to Stop Bad Things From HappeningStart Up Austin 2017: Production Preview - How to Stop Bad Things From Happening
Start Up Austin 2017: Production Preview - How to Stop Bad Things From Happening
 
Clientserver Presentation
Clientserver PresentationClientserver Presentation
Clientserver Presentation
 

Viewers also liked

Topic Maps Web Service: Case Examples and General Structure
Topic Maps Web Service: Case Examples and General StructureTopic Maps Web Service: Case Examples and General Structure
Topic Maps Web Service: Case Examples and General Structuretmra
 
A Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesA Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesRyan Faircloth
 
Topic map for Topic Maps case examples
Topic map for Topic Maps case examplesTopic map for Topic Maps case examples
Topic map for Topic Maps case examplestmra
 
Open-Source Security Management and Vulnerability Impact Assessment
Open-Source Security Management and Vulnerability Impact AssessmentOpen-Source Security Management and Vulnerability Impact Assessment
Open-Source Security Management and Vulnerability Impact AssessmentPriyanka Aash
 
Multi-faceted Classification of Big Data Use Cases and Proposed Architecture ...
Multi-faceted Classification of Big Data Use Cases and Proposed Architecture ...Multi-faceted Classification of Big Data Use Cases and Proposed Architecture ...
Multi-faceted Classification of Big Data Use Cases and Proposed Architecture ...Geoffrey Fox
 
From Use case to User Story
From Use case to User StoryFrom Use case to User Story
From Use case to User StoryKunta Hutabarat
 
IBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway - Common Use CasesIBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway - Common Use CasesIBM DataPower Gateway
 
Use Case Diagram
Use Case DiagramUse Case Diagram
Use Case DiagramAshesh R
 

Viewers also liked (9)

Topic Maps Web Service: Case Examples and General Structure
Topic Maps Web Service: Case Examples and General StructureTopic Maps Web Service: Case Examples and General Structure
Topic Maps Web Service: Case Examples and General Structure
 
A Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesA Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use Cases
 
Topic map for Topic Maps case examples
Topic map for Topic Maps case examplesTopic map for Topic Maps case examples
Topic map for Topic Maps case examples
 
Open-Source Security Management and Vulnerability Impact Assessment
Open-Source Security Management and Vulnerability Impact AssessmentOpen-Source Security Management and Vulnerability Impact Assessment
Open-Source Security Management and Vulnerability Impact Assessment
 
Multi-faceted Classification of Big Data Use Cases and Proposed Architecture ...
Multi-faceted Classification of Big Data Use Cases and Proposed Architecture ...Multi-faceted Classification of Big Data Use Cases and Proposed Architecture ...
Multi-faceted Classification of Big Data Use Cases and Proposed Architecture ...
 
Use case diagrams
Use case diagramsUse case diagrams
Use case diagrams
 
From Use case to User Story
From Use case to User StoryFrom Use case to User Story
From Use case to User Story
 
IBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway - Common Use CasesIBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway - Common Use Cases
 
Use Case Diagram
Use Case DiagramUse Case Diagram
Use Case Diagram
 

Similar to Evaluating Network and Security Devices

Cyberoam Firewall Presentation
Cyberoam Firewall PresentationCyberoam Firewall Presentation
Cyberoam Firewall PresentationManoj Kumar Mishra
 
Cisco Sona
Cisco SonaCisco Sona
Cisco Sonajayconde
 
Checkpoint Portfolio.pptx
Checkpoint Portfolio.pptxCheckpoint Portfolio.pptx
Checkpoint Portfolio.pptxMarioCruz664886
 
Web Services and Devices Profile for Web Services (DPWS)
Web Services and Devices Profile for Web Services (DPWS)Web Services and Devices Profile for Web Services (DPWS)
Web Services and Devices Profile for Web Services (DPWS)Jorgen Thelin
 
Information Security
Information SecurityInformation Security
Information SecurityMohit8780
 
On technical security issues in cloud computing
On technical security issues in cloud computingOn technical security issues in cloud computing
On technical security issues in cloud computingsashi799
 
Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Rishabh Dangwal
 
April2010 Sales Presentation
April2010 Sales PresentationApril2010 Sales Presentation
April2010 Sales Presentationtoddpruner
 
Customer Highleveloverview
Customer HighleveloverviewCustomer Highleveloverview
Customer Highleveloverviewrehanf5
 
Ironport Data Loss Prevention
Ironport Data Loss PreventionIronport Data Loss Prevention
Ironport Data Loss Preventiondkaya
 
BreakingPoint Storm CTM Cost-Effective Testing Solution
BreakingPoint Storm CTM Cost-Effective Testing SolutionBreakingPoint Storm CTM Cost-Effective Testing Solution
BreakingPoint Storm CTM Cost-Effective Testing SolutionIxia
 
Common DataPower use cases, incl Caching with XC-10 appliance.
Common DataPower use cases, incl Caching with XC-10 appliance.Common DataPower use cases, incl Caching with XC-10 appliance.
Common DataPower use cases, incl Caching with XC-10 appliance.sflynn073
 
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...BGA Cyber Security
 
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?Cisco Canada
 
f5_synthesis_cisco_connect.pdf
f5_synthesis_cisco_connect.pdff5_synthesis_cisco_connect.pdf
f5_synthesis_cisco_connect.pdfGrigoryShkolnik1
 
Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...
Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...
Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...NetworkCollaborators
 

Similar to Evaluating Network and Security Devices (20)

Cyberoam Firewall Presentation
Cyberoam Firewall PresentationCyberoam Firewall Presentation
Cyberoam Firewall Presentation
 
Cisco Sona
Cisco SonaCisco Sona
Cisco Sona
 
Checkpoint Portfolio.pptx
Checkpoint Portfolio.pptxCheckpoint Portfolio.pptx
Checkpoint Portfolio.pptx
 
Web Services and Devices Profile for Web Services (DPWS)
Web Services and Devices Profile for Web Services (DPWS)Web Services and Devices Profile for Web Services (DPWS)
Web Services and Devices Profile for Web Services (DPWS)
 
Information Security
Information SecurityInformation Security
Information Security
 
On technical security issues in cloud computing
On technical security issues in cloud computingOn technical security issues in cloud computing
On technical security issues in cloud computing
 
Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...
 
Product Overview Nov 2010 V1
Product Overview Nov 2010 V1Product Overview Nov 2010 V1
Product Overview Nov 2010 V1
 
April2010 Sales Presentation
April2010 Sales PresentationApril2010 Sales Presentation
April2010 Sales Presentation
 
Customer Highleveloverview
Customer HighleveloverviewCustomer Highleveloverview
Customer Highleveloverview
 
Ironport Data Loss Prevention
Ironport Data Loss PreventionIronport Data Loss Prevention
Ironport Data Loss Prevention
 
BreakingPoint Storm CTM Cost-Effective Testing Solution
BreakingPoint Storm CTM Cost-Effective Testing SolutionBreakingPoint Storm CTM Cost-Effective Testing Solution
BreakingPoint Storm CTM Cost-Effective Testing Solution
 
TeraVM_overview_021115
TeraVM_overview_021115TeraVM_overview_021115
TeraVM_overview_021115
 
TeraVM_overview
TeraVM_overviewTeraVM_overview
TeraVM_overview
 
Common DataPower use cases, incl Caching with XC-10 appliance.
Common DataPower use cases, incl Caching with XC-10 appliance.Common DataPower use cases, incl Caching with XC-10 appliance.
Common DataPower use cases, incl Caching with XC-10 appliance.
 
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
 
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
 
f5_synthesis_cisco_connect.pdf
f5_synthesis_cisco_connect.pdff5_synthesis_cisco_connect.pdf
f5_synthesis_cisco_connect.pdf
 
Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...
Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...
Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...
 
Presentacion Palo Alto Networks
Presentacion Palo Alto NetworksPresentacion Palo Alto Networks
Presentacion Palo Alto Networks
 

Evaluating Network and Security Devices

  • 1. Evaluating Network and Security Devices
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 10. Network-aware Network Devices Application Servers
  • 11. The Crucial Role of Deep Packet Inspection (DPI) Visibility and control through inspection of packet data Beyond header and basic packet filtering Inspection of Layer 4-7 payload Content across packets and flows Enabling technology for critical initiatives Security: IDS/IPS, DoS Data Loss Prevention Rate Shaping (QoS) & SLAs (monetization) Lawful Intercept Copyright Enforcement
  • 12. Validating DPI Capabilities is Challenging Static content is necessary but insufficient Protocol changes between applications Changes affect data rates Security attacks are dynamic by nature Security attacks are intentionally evasive Traditional techniques present challenges Ever changing real exploits and targets Large labs, massive hardware, and expensive software to scale to today’s performance requirements Debunking the value of PCAPs Designed for shells, not testing
  • 13. 5 Essentials for Validating DPI-Enabled Products Realism: Blended application traffic combined with live obfuscated attacks Future-proof: The most current application protocols (P2P, Mail Services, Voice/Video, etc.) and all known security vulnerabilities High performance: Line-rate traffic generation to validate DPI High capacity: Millions of concurrent TCP sessions to emulate millions of users Unified: Integrated performance and security testing in a flexible system.
  • 14. Real Application Traffic Matters Performance (Megabits) Traffic Mix
  • 17. Application Protocols and Security Coverage 100+ stateful application protocols (as of December 15, 2009) Encrypted BitTorrent, eDonkey, Chinese P2P Applications IBM DB2, Oracle, Microsoft SQL, MySQL, Postgres FIX, VMware VMotion, Microsoft CIFS/SMB, MAPI, RADIUS Voice, Video API for accelerating proprietary application traffic API for writing and simulating custom security attacks 4,300+ live security strikes (as of December 15, 2009) 100% Microsoft Tuesday coverage in 24 hours Ability to simulate complex attacks such as Botnet and DDoS attacks 80+ evasion techniques such as stream segmentation, packet fragmentation, URL obfuscation SYN Flood attacks with up to 1 Million connections per second Data leak protection and anomaly detection testing
  • 18. There’s An App for That….
  • 19.
  • 20. Validates performance/effectiveness under extreme load conditions
  • 21. Validates the integrity of server transactions High Performance Client Simulation Load Balancer 4,200+ live security attacks Firewall Switch Router IPS Application Server SSL Accelerator
  • 22.
  • 23. Detection capabilities under load and under attack.
  • 24. Performance of the protocol decoding engines.
  • 26. Accuracy of protocol decoding engines under a variety of conditions
  • 27. Loop complicated traffic continuously to test for memory leaksIntrusion Prevention System Blended Application Traffic (ex: eDonkey, AIM, etc.) + Live Security Strikes Blended Application Traffic (ex: eDonkey, AIM, etc.) + Live Security Strikes
  • 28.
  • 29. IP, UDP, TCP fuzzing
  • 30. Test with RFC 2544Firewall Blended Application Traffic (ex: BitTorrent, FTP, HTTP, SMTP, etc.) + Live Security Strikes Blended Application Traffic (ex: BitTorrent, FTP, HTTP, SMTP, etc.) + Live Security Strikes Zone A Client & Server Simulation Zone B Client & Server Simulation Zone D Client & Server Simulation Zone C Client & Server Simulation 10 Gigabit Ethernet 10 Gigabit Ethernet 10 Gigabit Ethernet
  • 31.
  • 32. Performance with live security attacks under maximum load conditions
  • 33. Detection and blocking capabilities under load and under attack
  • 34. Maximum load capacity with blended application traffic
  • 35. Stability and reliability under extended attack
  • 36. Functionality under extended attackWeb Application Firewall HTTP/HTTPS/SQL HTTP/HTTPS/SQL Client Simulation Server Simulation Blended Application Traffic (ex: MySQL, Oracle, HTTP, etc.) + Live Security Strikes Blended Application Traffic (ex: MySQL, Oracle, HTTP, etc.) + Live Security Strikes
  • 37.
  • 38. Disk subsystem functionality with randomly generated realistic traffic
  • 39. Workload capacity with user specified compression variables  
  • 40. Performance with mix of new and cached data WAN Optimization Appliances Blended Application Traffic (CIFS/SMB, MS Exchange) + Live Security Strikes Blended Application Traffic (CIFS/SMB, MS Exchange) + Live Security Strikes
  • 41. Use Case: Server Load Balancer Performance and functionality under maximum load and under attack Bandwidth constraints HTTP caching performance Ability to process malformed packets or errors Test with RFCs 793, 1945, 2616, 2818, and 3501 Server Load Balancer Application Delivery Controller Blended Application Traffic + Live Security Strikes + Application Fuzzing Blended Application Traffic + Live Security Strikes + Application Fuzzing