This document discusses trends in network security and Juniper's solutions. It covers topics like BYOD, new platforms and cloud services driving new security requirements. Juniper provides pervasive security from devices to the cloud to data centers with solutions for mobility, cloud computing, and consolidating infrastructure. Application awareness and control features like AppTrack, AppFW, AppQoS, AppDoS and IPS adapt network security to evolving threats and business needs.
The document discusses Juniper Networks' focus on security across all domains from devices to the cloud to data centers. It emphasizes that Juniper provides pervasive security that is always protected, from the device to the cloud to the data center. The document outlines Juniper's continued innovation and disruption in security technologies and services to address new challenges around BYOD, new platforms/services, and infrastructure consolidation. Security is positioned as being required across all domains.
This document discusses Bring Your Own Device (BYOD) and the challenges it poses for networks. It introduces Richard Tando from Universal Data, Inc who will present on simply connecting in a BYOD environment. It then lists the UDI and Juniper Networks teams and their roles. The rest of the document discusses how mobility demands are increasing with more devices and applications, and the security risks this brings. It outlines Juniper's simply connected solution to address BYOD challenges through unified policy, security, performance and resiliency. Finally, it discusses the needs of BYOD like provisioning, device profiling and policy, and visibility, and the Juniper wireless BYOD solution components.
Juniper Networks IR Investor and Analyst Update - Mobile World Congress 2012Juniper Networks
Juniper Networks presented at Mobile World Congress on February 28, 2012. They discussed innovations in their networking platforms, software, and security products across different network domains including access & aggregation, edge, core, data center, WAN, campus & branch, and consumer & business devices. Juniper aims to provide consistent functionality and security across their portfolio with their common Junos operating system.
- Mobile data traffic is growing exponentially and will exceed fixed network traffic by 2015. By 2016, video will comprise 71% of mobile traffic.
- The network must scale to support this traffic explosion while enabling new business models and services through intelligence in the network.
- Cisco's strategy is to simplify the network architecture, enable applications and services delivery through cloud platforms, and optimize the network through analytics and policy to facilitate new monetization approaches.
The document discusses best practices for deploying Microsoft OCS with SIP trunking. It summarizes IntelePeer's cloud-based voice peering network and SIP trunking services. It also provides guidance on common activation issues, reference architectures, quality considerations, and keys to evaluating SIP trunking providers. IntelePeer offers a Fast Start program that provides a 30-day evaluation of their SIP trunking services for Microsoft OCS.
Cisco's Security Intelligence Operations (SIO) uses a global network of sensors and security researchers to detect threats. The SIO detects threats through analyzing data from over 1.6 million globally deployed devices and 75 terabytes of data received daily. It maintains a database called SensorBase that contains threat intelligence and telemetry data to provide context around potential threats. The SIO can then issue dynamic updates to security policies and signatures across Cisco's product line to block emerging threats in real-time.
1. The document discusses how cellular networks can track user location using cell IDs and how this location data can be accessed through APIs and used by applications. However, network location has inaccuracies related to cell size and location technology used.
2. It also covers different location technologies available on smartphones like GPS, cellular, and WiFi and how location APIs allow applications to request and receive location data. Examples of location-based applications and services are given.
3. Emerging trends in location technologies and applications are predicted, including the growing use of augmented reality, indoor location services, and virtual worlds on mobile devices.
The document discusses Cisco's networking strategy for cloud, mobility, and collaboration called Borderless Networks 2.0. It focuses on enabling unified access across wired, wireless and VPN networks. Key aspects include optimizing networks for cloud applications and virtualization, as well as extending networks to connect industrial systems and machines to enable Internet of Things capabilities. The strategy aims to simplify network deployment, operations, and visibility through centralized management with Cisco Prime.
The document discusses Juniper Networks' focus on security across all domains from devices to the cloud to data centers. It emphasizes that Juniper provides pervasive security that is always protected, from the device to the cloud to the data center. The document outlines Juniper's continued innovation and disruption in security technologies and services to address new challenges around BYOD, new platforms/services, and infrastructure consolidation. Security is positioned as being required across all domains.
This document discusses Bring Your Own Device (BYOD) and the challenges it poses for networks. It introduces Richard Tando from Universal Data, Inc who will present on simply connecting in a BYOD environment. It then lists the UDI and Juniper Networks teams and their roles. The rest of the document discusses how mobility demands are increasing with more devices and applications, and the security risks this brings. It outlines Juniper's simply connected solution to address BYOD challenges through unified policy, security, performance and resiliency. Finally, it discusses the needs of BYOD like provisioning, device profiling and policy, and visibility, and the Juniper wireless BYOD solution components.
Juniper Networks IR Investor and Analyst Update - Mobile World Congress 2012Juniper Networks
Juniper Networks presented at Mobile World Congress on February 28, 2012. They discussed innovations in their networking platforms, software, and security products across different network domains including access & aggregation, edge, core, data center, WAN, campus & branch, and consumer & business devices. Juniper aims to provide consistent functionality and security across their portfolio with their common Junos operating system.
- Mobile data traffic is growing exponentially and will exceed fixed network traffic by 2015. By 2016, video will comprise 71% of mobile traffic.
- The network must scale to support this traffic explosion while enabling new business models and services through intelligence in the network.
- Cisco's strategy is to simplify the network architecture, enable applications and services delivery through cloud platforms, and optimize the network through analytics and policy to facilitate new monetization approaches.
The document discusses best practices for deploying Microsoft OCS with SIP trunking. It summarizes IntelePeer's cloud-based voice peering network and SIP trunking services. It also provides guidance on common activation issues, reference architectures, quality considerations, and keys to evaluating SIP trunking providers. IntelePeer offers a Fast Start program that provides a 30-day evaluation of their SIP trunking services for Microsoft OCS.
Cisco's Security Intelligence Operations (SIO) uses a global network of sensors and security researchers to detect threats. The SIO detects threats through analyzing data from over 1.6 million globally deployed devices and 75 terabytes of data received daily. It maintains a database called SensorBase that contains threat intelligence and telemetry data to provide context around potential threats. The SIO can then issue dynamic updates to security policies and signatures across Cisco's product line to block emerging threats in real-time.
1. The document discusses how cellular networks can track user location using cell IDs and how this location data can be accessed through APIs and used by applications. However, network location has inaccuracies related to cell size and location technology used.
2. It also covers different location technologies available on smartphones like GPS, cellular, and WiFi and how location APIs allow applications to request and receive location data. Examples of location-based applications and services are given.
3. Emerging trends in location technologies and applications are predicted, including the growing use of augmented reality, indoor location services, and virtual worlds on mobile devices.
The document discusses Cisco's networking strategy for cloud, mobility, and collaboration called Borderless Networks 2.0. It focuses on enabling unified access across wired, wireless and VPN networks. Key aspects include optimizing networks for cloud applications and virtualization, as well as extending networks to connect industrial systems and machines to enable Internet of Things capabilities. The strategy aims to simplify network deployment, operations, and visibility through centralized management with Cisco Prime.
The document discusses Cisco's video and collaboration portfolio. It notes that video traffic now exceeds 50% of mobile traffic and that business video conferencing is expected to grow six-fold. It outlines Cisco's strategy to transform experiences through products like TelePresence and Videoscape that deliver video and collaboration across multiple devices. The goal is to build on leadership in key markets and drive innovation through Medianet and other initiatives.
Programmable networking allows applications and networks to interact in real-time. This is achieved through protocols like OpenFlow, PCE, ALTO, and BGP-TE that enable bidirectional communication. This dynamic interaction allows applications to influence network behavior and networks to optimize themselves based on application needs. It results in improved user experience through capabilities like intelligent service routing, traffic engineering, and policy enforcement.
Symantec Next Generation Network ProtectionSymantec
Symantec Next Generation Network Protection allows communication service providers to better secure networks; better manage policy enforcement and user preferences; and increase profitability by boosting customer satisfaction to prevent churn and reduce costs associated with network misuse, malware proliferation and spam.
The document discusses key drivers of return on investment for the next decade being mobile internet, cloud, and content/video. It notes the growth of mobile devices, public cloud spending, and video/audio traffic. It then outlines challenges around defending networks from security breaches, optimizing increasing mobile video traffic, and addressing new opportunities from machine-to-machine applications. The document questions whether current networks are ready to support emerging applications in terms of security, total cost of ownership, and ability to serve as a flexible platform for growth.
This presentation looks at the new Borderless Networks solutions that deliver the capabilities you need to transform your business into one that is borderless and future-ready.
Cisco @ Canadian Construction Association 2012Rick Huijbregts
The document discusses how innovation and technology are changing the construction industry. It highlights how the rise of connected devices, mobile technology, big data and cloud-based applications are enabling new forms of virtual collaboration. This allows construction projects to benefit from improved communication, energy efficiency, safety and security. The presentation concludes by arguing for early integration of information technology into building design and construction processes to maximize these benefits over the lifetime of a project.
Paylocity is an online payroll and HR solutions provider that was experiencing rapid corporate growth and a lack of scalability in their distributed network. They needed a more robust firewall solution to support their increasing network traffic and number of devices. Paylocity deployed SonicWALL NSA E8510 and E5500 firewalls with SonicPoint wireless access points to provide layered security, future-proofed scalability, and greater network uptime across their expanding infrastructure. The SonicWALL solution met their needs for 10Gb connectivity and easy management of a growing network.
The document discusses how big data and cloud computing are transforming information management. It outlines EMC's strategy and technology stack for managing big data across private and public clouds. This includes petabyte-scale storage, real-time analytics, and structured and unstructured content management. The document also covers how social media usage is surpassing email, and users want more control and mobility. EMC is partnering with companies like Cisco and Box to deliver enterprise social collaboration and content mobility through the cloud.
https://labs.ericsson.com/apis?api_category=199
Ericsson Labs' presentation at Over the Air 2011.
Examples of how to establish a trusted identity, how to do mash-ups of multiple data feeds and how to secure peer-to-peer communication.
Enrique Castro Leon Virtual Service Oriented GridsSOA Symposium
This document discusses how virtualization, service-oriented architecture (SOA), and grids can converge to enable scalable SOA through virtual service-oriented grids. It proposes deploying modular service-based applications through "servicelets" to reach enterprises of all sizes and emerging markets. This would provide strategic opportunities to transform information into a competitive advantage and tool for social and economic progress by delivering IT services more quickly with increased reach.
1) Big changes are happening in enterprise IT as new technologies become available that allow for more agile and less constrained applications.
2) Traditional enterprise applications were limited by high costs, difficulty changing, and siloed data, but new capabilities from cloud, mobile, social, and open source allow for custom apps with competitive advantages.
3) A wave of disruptive technologies like increased processing power and decreased storage costs require changing application design patterns from traditional scale-up architectures to more flexible scale-out and REST-based approaches.
XO Communications is a leading provider of data, IP, and managed network services. They have over 3,200 employees and annual revenues over $1.5 billion. The presentation provides information on XO's services, network infrastructure, and focus on customer experience.
The document discusses a new managed services offering called SmartCloud from SpiderCloud Wireless that provides indoor 3G and WiFi access as a managed service for enterprises. It allows enterprises to outsource indoor wireless access and mobility management to reduce costs and IT burdens. SmartCloud provides a seamless network experience between enterprise LANs and cellular networks for mobile employees. The system architecture uses scalable radio nodes and services nodes to provide a flexible, mobile network as a service. This allows enterprises to focus on their core business instead of managing complex indoor wireless networks.
The document introduces the Smart Guest Application, which provides guests a personalized portal to control their environment, access communications features, and view hotel services and local information. It offers benefits such as raising guest satisfaction through an enhanced experience, differentiating the hotel by simplifying access to innovations, and engaging guests through dynamic interactions and advertising of value-added services. The application aims to improve loyalty, promote the hotel brand image, and add to the dynamics of guests' stays.
XO Communications is a leading provider of data and IP services, with over 3,200 employees and annual revenues over $1.5 billion. They focus on business, large enterprise, and wholesale customers, providing services such as internet connectivity, voice, collaboration, cloud, and security solutions. XO has one of the largest IP networks in the US, with extensive coverage and robust assets to ensure superior performance, reliability, and scalability for customers.
Saiful Hidayat On Csr Guru Telkom Republika Bagimu Guru Kupersembahkan It...Saiful Hidayat
1) Digital technology is transforming practically everything through greater flexibility, speed of change, and real-time processing.
2) The upcoming era is the Conceptual Age, where knowledge workers who can think creatively with the whole mind will be most valuable.
3) Millennial students have grown up with technology and use it to learn in new ways, such as through social networking, multimedia, games and simulations. They seek fun and engaging learning experiences.
This document discusses Mii avatars and provides sources for customizing them including Myavatareditor.com, Wordle.net, Picusawebalbums.com and BeFunky.com which allow users to be funky with their Mii avatars.
Mii are customizable avatars that can be created and used to represent users on Nintendo video game consoles. The document discusses Mii and their potential use in the state of Hawaii. It lists two sources of information about Mii and includes an image link of a tropical landscape, likely related to Hawaii.
This short document provides sources for information about Mii, the King of San Francisco, including myavatareditor.com, infohostels.com showing an image of San Francisco, and Wordle.net and befunky.com as additional sources.
The document discusses Cisco's video and collaboration portfolio. It notes that video traffic now exceeds 50% of mobile traffic and that business video conferencing is expected to grow six-fold. It outlines Cisco's strategy to transform experiences through products like TelePresence and Videoscape that deliver video and collaboration across multiple devices. The goal is to build on leadership in key markets and drive innovation through Medianet and other initiatives.
Programmable networking allows applications and networks to interact in real-time. This is achieved through protocols like OpenFlow, PCE, ALTO, and BGP-TE that enable bidirectional communication. This dynamic interaction allows applications to influence network behavior and networks to optimize themselves based on application needs. It results in improved user experience through capabilities like intelligent service routing, traffic engineering, and policy enforcement.
Symantec Next Generation Network ProtectionSymantec
Symantec Next Generation Network Protection allows communication service providers to better secure networks; better manage policy enforcement and user preferences; and increase profitability by boosting customer satisfaction to prevent churn and reduce costs associated with network misuse, malware proliferation and spam.
The document discusses key drivers of return on investment for the next decade being mobile internet, cloud, and content/video. It notes the growth of mobile devices, public cloud spending, and video/audio traffic. It then outlines challenges around defending networks from security breaches, optimizing increasing mobile video traffic, and addressing new opportunities from machine-to-machine applications. The document questions whether current networks are ready to support emerging applications in terms of security, total cost of ownership, and ability to serve as a flexible platform for growth.
This presentation looks at the new Borderless Networks solutions that deliver the capabilities you need to transform your business into one that is borderless and future-ready.
Cisco @ Canadian Construction Association 2012Rick Huijbregts
The document discusses how innovation and technology are changing the construction industry. It highlights how the rise of connected devices, mobile technology, big data and cloud-based applications are enabling new forms of virtual collaboration. This allows construction projects to benefit from improved communication, energy efficiency, safety and security. The presentation concludes by arguing for early integration of information technology into building design and construction processes to maximize these benefits over the lifetime of a project.
Paylocity is an online payroll and HR solutions provider that was experiencing rapid corporate growth and a lack of scalability in their distributed network. They needed a more robust firewall solution to support their increasing network traffic and number of devices. Paylocity deployed SonicWALL NSA E8510 and E5500 firewalls with SonicPoint wireless access points to provide layered security, future-proofed scalability, and greater network uptime across their expanding infrastructure. The SonicWALL solution met their needs for 10Gb connectivity and easy management of a growing network.
The document discusses how big data and cloud computing are transforming information management. It outlines EMC's strategy and technology stack for managing big data across private and public clouds. This includes petabyte-scale storage, real-time analytics, and structured and unstructured content management. The document also covers how social media usage is surpassing email, and users want more control and mobility. EMC is partnering with companies like Cisco and Box to deliver enterprise social collaboration and content mobility through the cloud.
https://labs.ericsson.com/apis?api_category=199
Ericsson Labs' presentation at Over the Air 2011.
Examples of how to establish a trusted identity, how to do mash-ups of multiple data feeds and how to secure peer-to-peer communication.
Enrique Castro Leon Virtual Service Oriented GridsSOA Symposium
This document discusses how virtualization, service-oriented architecture (SOA), and grids can converge to enable scalable SOA through virtual service-oriented grids. It proposes deploying modular service-based applications through "servicelets" to reach enterprises of all sizes and emerging markets. This would provide strategic opportunities to transform information into a competitive advantage and tool for social and economic progress by delivering IT services more quickly with increased reach.
1) Big changes are happening in enterprise IT as new technologies become available that allow for more agile and less constrained applications.
2) Traditional enterprise applications were limited by high costs, difficulty changing, and siloed data, but new capabilities from cloud, mobile, social, and open source allow for custom apps with competitive advantages.
3) A wave of disruptive technologies like increased processing power and decreased storage costs require changing application design patterns from traditional scale-up architectures to more flexible scale-out and REST-based approaches.
XO Communications is a leading provider of data, IP, and managed network services. They have over 3,200 employees and annual revenues over $1.5 billion. The presentation provides information on XO's services, network infrastructure, and focus on customer experience.
The document discusses a new managed services offering called SmartCloud from SpiderCloud Wireless that provides indoor 3G and WiFi access as a managed service for enterprises. It allows enterprises to outsource indoor wireless access and mobility management to reduce costs and IT burdens. SmartCloud provides a seamless network experience between enterprise LANs and cellular networks for mobile employees. The system architecture uses scalable radio nodes and services nodes to provide a flexible, mobile network as a service. This allows enterprises to focus on their core business instead of managing complex indoor wireless networks.
The document introduces the Smart Guest Application, which provides guests a personalized portal to control their environment, access communications features, and view hotel services and local information. It offers benefits such as raising guest satisfaction through an enhanced experience, differentiating the hotel by simplifying access to innovations, and engaging guests through dynamic interactions and advertising of value-added services. The application aims to improve loyalty, promote the hotel brand image, and add to the dynamics of guests' stays.
XO Communications is a leading provider of data and IP services, with over 3,200 employees and annual revenues over $1.5 billion. They focus on business, large enterprise, and wholesale customers, providing services such as internet connectivity, voice, collaboration, cloud, and security solutions. XO has one of the largest IP networks in the US, with extensive coverage and robust assets to ensure superior performance, reliability, and scalability for customers.
Saiful Hidayat On Csr Guru Telkom Republika Bagimu Guru Kupersembahkan It...Saiful Hidayat
1) Digital technology is transforming practically everything through greater flexibility, speed of change, and real-time processing.
2) The upcoming era is the Conceptual Age, where knowledge workers who can think creatively with the whole mind will be most valuable.
3) Millennial students have grown up with technology and use it to learn in new ways, such as through social networking, multimedia, games and simulations. They seek fun and engaging learning experiences.
This document discusses Mii avatars and provides sources for customizing them including Myavatareditor.com, Wordle.net, Picusawebalbums.com and BeFunky.com which allow users to be funky with their Mii avatars.
Mii are customizable avatars that can be created and used to represent users on Nintendo video game consoles. The document discusses Mii and their potential use in the state of Hawaii. It lists two sources of information about Mii and includes an image link of a tropical landscape, likely related to Hawaii.
This short document provides sources for information about Mii, the King of San Francisco, including myavatareditor.com, infohostels.com showing an image of San Francisco, and Wordle.net and befunky.com as additional sources.
This document provides information about a person from Tasmania, Australia including a funky picture of their digital silhouette and sources for the image. It mentions getting scope about Mii Tasmania and includes a wordle and pictures from various websites.
Mii are customizable avatars that can be created and used to represent users on Nintendo's video game consoles and applications. Miis allow for virtual representation of users through customization of facial features, hair, skin color and other attributes. They have become iconic representations for users of Nintendo systems since their introduction over a decade ago on the Wii console.
The document discusses Miis, which are customizable avatars used to represent users in Nintendo games and devices. Miis can be customized with different facial features, hair styles, and clothing options. Users create Miis to represent themselves and also create Miis for friends and family members.
The document discusses various topics related to Mii avatars including how to create funky Mii characters and a love for Alabama. It also lists some websites used to create Mii avatars and edit photos including Myavatareditor.com, TripAdvisor photos of Alabama, Mywordle.net and Befunky.
I am Katie Cowart. This short document provides a name, Katie Cowart, and does not contain any other information about the person. In just one sentence, it introduces the name Katie Cowart but provides no other details about her.
New Zealand is a country located in the South Pacific Ocean. It is made up of two main islands called the North Island and the South Island and has a population of around 4.5 million people. The capital of New Zealand is Wellington and other major cities include Auckland and Christchurch.
Setting Up the Camera..........................................................................................................156
f Date Imprint: Printing Date and Time on Pictures................................................................157
W Auto Off: Saving Battery Power....................................................................................................158
g Sound Settings..........................................................................................................................................159
h Auto Focus Mode...................................................................................................................................160
i AF Assist........................................................................................................................................................161
j Digital Zoom...............................................................................................................................................162
k Assigned to Command Dial..............................................................................................................163
l Controls..........................................................................................................................................................164
m Flash Control.............................................................................................................................................165
n Flash Warning............................................................................................................................................166
o ISO Auto.......................................................................................................................................................167
p Multiple Exposure................................................................................................................................
Mii are customizable avatars that can be created and used to represent users on Nintendo video game consoles and services. They allow for basic customization of facial features, hair, skin color and other visual traits. Miis integrate across many Nintendo platforms to provide a consistent representation of users.
This document lists three sources for creating Mii avatars: Myavatareditor.com, Befunky.com, and Wordle.net. These websites allow users to design customized Mii characters.
This document provides information about Mii Hawaii from multiple online sources including Myavatareditor.com, Wordle.net, Befunky.com and Picasawebalbums. It briefly mentions Mii Hawaii and lists 4 websites as sources of information about the topic.
This document discusses Mii and how Arizona has interesting rocks. It provides three source links, two about Route 66 photos and Mii avatar editing, and one for the word cloud generator Wordle.
This document provides sources for information about Mii characters including Myavatareditor.com, the Wikipedia page for the Puerto Rico Capitol building, Befunky.com for image editing, and Picasawebalbums for photos.
The document provides a list of sources for information about Mii including websites about avatars, Egyptian pyramids, black holes, Mars, word clouds, photo albums, and image editing. However, it does not contain any actual information or context about Mii. The sources are not described or explained.
The document contains a series of musical notes, locations, websites and phrases. It references musical scales, Niagara Falls, the Wordle website, encourages being funky, and lists websites related to avatars and word games.
This document discusses Miis and provides sources for learning more about them. It lists Muyavatareditor.com, Befunky.com, Picasawebalbulms, and Visit florida key west as resources to find information on Miis and related topics. The document does not provide much context or detail about its content.
The document discusses two key market trends that Juniper is focused on: cloud computing and mobile internet. It notes that virtualization is not the same as cloud computing. The cloud delivers services over the network and provides benefits like elasticity, agility, and efficiency through dynamically shared resource pools. The document also discusses how the rise of mobility is redefining business practices and creating demand for more advanced data center capabilities, with data centers beginning to build cloud environments.
The presentation will discuss the meaning of cloud technologies, various cloud approaches, the three paths to private cloud, challenges associated with private cloud and big data.
Programmable WAN Networking is SFW (Open Networking Summit version)Juniper Networks
Presentation delivered by David Ward at the Open Networking Summit in October 2011. Details of OpenFlow, New Applications, and how to deliver it to your business. Network engineer & developer focused.
David Ward's keynote from JavaOne 2011 on how networks are now programmable & intuitive, allowing application developers to access real-time data, geo-loc, and more information from the network through APIs and new protocols.
Check Point75 Makes3 D Security A Reality Q22011chaucheckpoint
Check Point R75 makes 3D Security a reality by combining policies, people and enforcement through its unified security platform. It introduces identity awareness and application control capabilities to provide accurate security while simplifying management. Independent tests have shown it to outperform competitors and be the only firewall to pass the latest standards.
The document discusses the rise of bring-your-own-device (BYOD) trends in enterprises and the opportunities and challenges it presents for IT organizations and partners. It notes the proliferation of mobile devices among employees and CIO priorities around mobile apps and security. The rest of the document outlines Juniper's BYOD solutions that secure access from any device to enterprise resources from the network edge to the data center. It encourages partners to leverage these solutions to grow their security practices and better serve customers navigating BYOD.
The document discusses the future state of enterprise applications. It argues that enterprise applications are transitioning from closed, client-server architectures owned by single vendors to more open, hybrid cloud-premise models where value is created through network effects and user data. Developers will focus on seamless experiences across all devices using loose coupling and open standards. Monetization will increasingly come from free, subscription, and advertising models as software shifts to internet-based distribution and consumption. The emerging future state is one where enterprise applications are seamlessly hybrid, developed without constraints of any single device or approach, and centered around end-user needs.
Rethink the core_webcast_download_22_may2012informer13
Basil Alwan, President of Alcatel-Lucent's IP Division and Head of Network Strategy, discusses rethinking core networks to meet new demands. The core network must scale to support new technologies and traffic growth while improving efficiency. Alcatel-Lucent's 7950 XRS core router family provides 5 times more density, 66% less power consumption, and a single platform for IP routing, MPLS switching, and infrastructure services without compromise. This positions Alcatel-Lucent to address the full $10 billion+ service provider routing market.
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceAndris Soroka
IBM Security Systems provides innovative security solutions from leading technology vendors in over 10 countries. They specialize in security consulting, testing, auditing, integration, training and support. They were the first certified partner of Q1 Labs in the Baltics, and now work with IBM's security portfolio. The document discusses the need for security intelligence solutions that integrate log management, security information and event management, risk management, network activity monitoring, and other capabilities to provide comprehensive security insights.
The document discusses the evolution of cloud computing and its increasing adoption. It outlines key cloud service models including Infrastructure as a Service, Platform as a Service, and Software as a Service. The document also notes that video traffic will account for 91% of global consumer internet traffic by 2013. Cloud computing provides opportunities for flexible delivery of both business and consumer services virtually. However, operating cloud services requires careful planning and optimization across the entire lifecycle from design to ongoing operations.
Learn more about the Junos Space SDK, it's APIs, Tools, and more. See specific code samples using Junos Space APIs with Java, Perl, Python, PHP, .NET, and more. Walk thru customer examples.
The document discusses Zenprise, a mobile device management solution. It summarizes Zenprise's offerings which include mobile management software, a cloud-based offering, and complete management of all major mobile device platforms. It also describes Zenprise's differentiated approach of providing security at all layers including the device, applications, network, and data layers. Finally, it provides examples of how Zenprise works and customer case studies.
The document discusses the mobile device management solution Zenprise. It summarizes that Zenprise offers complete management of mobile devices including iPhone, iPad, Android, Windows Mobile and Blackberry. It protects data at all layers from the device to applications to network to data. Some key features highlighted include dynamic defense at the device layer, mobile app tunnels at the application layer, and mobile security intelligence at the network layer. The document also provides case studies of aerospace and telecommunications companies that use Zenprise and discusses how Zenprise provides scalable solutions both on-premise and in the cloud.
The document outlines 10 architectural imperatives for service providers to address market trends in mobility, video, and cloud computing. It summarizes that traditional networks are inadequate to handle massive growth and disruption, and that business models need to be architected from the start. The 10 imperatives are: 1) make monetization an architectural priority, 2) think in terms of subscriptions not just subscribers, 3) deliver dynamic user experiences, 4) balance centralization and distribution, 5) build on a mobile cloud foundation, 6) design mobile backhaul beyond just transport, 7) integrate Wi-Fi in capacity planning, 8) innovate through open APIs, 9) develop policy-based optimization visions, and 10) implement security without
Evento Xenesys - Virtualizzare gli applicativi core e proteggere i dati azien...Xenesys
Le presentazioni dell'evento del 15 maggio 2012, organizzato da Xenesys al The Westin Excelsior Hotel di Firenze. Gli argomenti della virtualizzazione degli applicativi core, della protezione dei dati in azienda e del cloud computing affrontati con il contributo degli esperti di EMC, VMware e 9Proof.
The document summarizes Juniper Networks' presentation at a press and analyst conference on May 17, 2010. The presentation focused on introducing Juniper's vision for "the new network for the data center", which is simplified, automated, and secured. Specific announcements included new switching platforms like the EX4500 for access layers and EX8200 line cards for end of row access, as well as the MX80 3D router for data center edges. Juniper also discussed its software strategy around automating networks through Junos Space and new applications like Virtual Control for orchestrating virtual and physical infrastructure.
The document summarizes Juniper Networks' presentation at a press and analyst conference on May 17, 2010. The presentation focused on introducing Juniper's vision for "the new network for the data center", which is simplified, automated, and secured. Specific announcements included new switches, routers, automation applications built on Juniper's Junos Space network management platform, as well as partnerships with IBM, Dell, and VMware. Real-world customer examples were presented to demonstrate the performance, efficiency, and cost benefits of Juniper's approach compared to competitors like Cisco.
The document summarizes Juniper Networks' presentation at a press and analyst conference on May 17, 2010. The presentation focused on introducing Juniper's vision for "the new network for the data center", which is simplified, automated, and secured. Specific announcements included new switching platforms like the EX4500 for access layers, the EX8200 with 40x10GbE line cards for aggregation layers, and the MX80 3D router for data center edges. Juniper also announced new automation applications in Junos Space like Virtual Control for orchestrating virtual and physical infrastructure. Partnerships with VMware, IBM, and Dell were also discussed.
Similar to Soluciones de Seguridad para Banca & Finanzas (20)
This document discusses how networks can become aware of users, devices, applications, locations and services to better support business needs. It outlines a three step approach: 1) Leverage the network's awareness, 2) Apply appropriate performance controls, and 3) Empower applications. Specific capabilities mentioned include user identity tracking, location services, device intelligence, virtual machine lifecycle support, service provisioning, and application-defined performance and controls. The network presented appears able to gain awareness from layers above it and dynamically adapt its behavior to optimize for different business and technical requirements.
Este documento presenta las soluciones de seguridad, networking y almacenamiento de Barracuda Networks. Ofrece una variedad de productos como firewalls de spam y virus, balanceadores de carga, archivadores de mensajes, filtros web y más, que pueden implementarse en 15 minutos sin necesidad de expertos en TI. Barracuda Networks se diferencia por proporcionar actualizaciones automáticas, soporte técnico las 24 horas y sin licenciamiento por usuarios u otros factores.
Este documento describe los principales ingredientes y procesos de elaboración de la cerveza, así como algunos estilos populares. La cerveza se produce mediante la fermentación de granos malteados como la cebada, utilizando agua, lúpulo y levadura. Existen dos tipos principales de fermentación y producción que dan lugar a estilos como las ales y las lagers. El documento también proporciona detalles sobre ingredientes clave como la malta y las levaduras, así como ejemplos populares de estilos como la pilsner, la we
Zscaler - webcast de Gartner - Los peligros ocultos detrás de su motor de bús...AEC Networks
Este documento resume un webcast educativo sobre los peligros ocultos detrás de los motores de búsqueda favoritos. El orador principal será Peter Firstbrook de Gartner, quien hablará sobre cómo los hackers están aprovechando recursos legítimos como sitios web populares y redes sociales para dirigir el tráfico a sitios maliciosos a través de técnicas de optimización de motores de búsqueda y explotando vulnerabilidades en sitios populares. El webcast también incluirá una sesión de preguntas y respuestas.
Este documento discute la creciente amenaza a la seguridad de los datos y la comunicación electrónica, así como las regulaciones globales y regionales para proteger la privacidad de los datos. También presenta las soluciones de encriptación de PGP para proteger datos en tránsito, almacenados y en uso a través de productos como encriptación de correo electrónico, archivos y discos duros.
Virtualización en la Red del Data Center - Extreme NetworksAEC Networks
The document discusses the evolution of computing environments from mainframes to cloud computing. It outlines key trends in data centers such as consolidation, virtualization, and location independence. It also discusses challenges introduced by virtualization for networking, such as the dissolving network edge and departmental divides. The document proposes Extreme Network's "Four Pillars" solution to automate and customize the network for virtualized environments through open APIs, program integration, and a centralized management system.
El documento resume la historia vitivinícola de Chile, desde la llegada de la vid en el siglo XVI hasta la actualidad. Detalla las principales variedades cultivadas, regiones productoras y características de los vinos chilenos. Resalta el descubrimiento de la variedad Carménère en los años 1990 y su adopción como variedad insignia del país.
WatchGuard Extensible Content Security (XCS) solutions deliver the industry's best defense-in-depth security for email, web, and data loss prevention to provide an extensive risk management boundary. With six different models to choose from, XCS appliances meet the messaging security requirements of business of all sizes, including solutions to protect the world's most demanding email and web networks.
Este documento introduce RSA enVision, una plataforma SIEM que integra la gestión de logs, detección de incidentes y cumplimiento normativo. RSA enVision mejora la visibilidad de seguridad, cumplimiento y operaciones mediante la conversión de datos de logs en información útil. Automatiza reportes de cumplimiento y mejora el proceso de manejo de incidentes de seguridad para reducir costos operativos.
The document describes RSA's Data Loss Prevention (DLP) Suite. It discusses how the RSA DLP Solution can help organizations by discovering and mitigating risks from sensitive data across endpoints, networks, applications, file systems and storage. The solution includes policies, system administration, reporting and incident workflow modules. It can enforce controls on data at rest, in motion and in use to reduce risks, costs and disruptions.
Retos y Tendencias en Redes ConvergentesAEC Networks
Presentación realizada por el Ing. Sergio Rodríguez durante el desayuno con clientes de Extreme Networks el pasado miércoles 14 de octubre en el Rest. Chateau 1525.
Essentials of Automations: Exploring Attributes & Automation ParametersSafe Software
Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they?
Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality.
You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications.
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyScyllaDB
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/how-axelera-ai-uses-digital-compute-in-memory-to-deliver-fast-and-energy-efficient-computer-vision-a-presentation-from-axelera-ai/
Bram Verhoef, Head of Machine Learning at Axelera AI, presents the “How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-efficient Computer Vision” tutorial at the May 2024 Embedded Vision Summit.
As artificial intelligence inference transitions from cloud environments to edge locations, computer vision applications achieve heightened responsiveness, reliability and privacy. This migration, however, introduces the challenge of operating within the stringent confines of resource constraints typical at the edge, including small form factors, low energy budgets and diminished memory and computational capacities. Axelera AI addresses these challenges through an innovative approach of performing digital computations within memory itself. This technique facilitates the realization of high-performance, energy-efficient and cost-effective computer vision capabilities at the thin and thick edge, extending the frontier of what is achievable with current technologies.
In this presentation, Verhoef unveils his company’s pioneering chip technology and demonstrates its capacity to deliver exceptional frames-per-second performance across a range of standard computer vision networks typical of applications in security, surveillance and the industrial sector. This shows that advanced computer vision can be accessible and efficient, even at the very edge of our technological ecosystem.
The Microsoft 365 Migration Tutorial For Beginner.pptxoperationspcvita
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...Jason Yip
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...Alex Pruden
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframePrecisely
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
Each successful exploit has three parts – the attacker, threat type, and target – we continue to see change in each. Attacker - in 2005, we saw a shift starting from attackers wanting notoriety to wanting profitability. Today, cybercrime is fully organized and we see crime syndicates out to profit from attacks. These attackers are now well funded, use sophisticated and purpose built tools and target organizations purely for profit. While this is nothing new, what we are seeing today is a move to not only attack “.gov/.com” but to attack “.me/.you”. Attackers are becoming increasingly sophisticated and are profiling not only companies but also individuals. They understand that we all have online identities but also “phyiscal profiles” or “connection points” where we connect to the internet from a variety of places……work, internet café, airport lounge, home. They have realized that often times our security defenses are down or weak at some of these connection points and penetrating individuals’ devices can work quite well outside of the work place. If you can infect a business user at an internet café and then have them walk that device into the enterprise then you can infiltrate the enterprise infrastructure and bypass many of the defenses that are in place today. Attackers understand this and have adopted their behavior. Threat – The threat landscape is also undergoing a change both in terms of the types of attacks and the sophistication and maturation of existing attacks. As expected, we continue to see new types of attacks to bypass the latest technologies that enterprises deploy.historically, the first large virus outbreak was on the Apple II in 1981. Since then there have been many well documented outbreaks that include the “iLOVEYOU” worm in 2000, SQL Slammer and Blaster worm in 2003 and countless worms, trojans and other forms of malware. Today, DOS has given way to DDOS and newer threats such as rootkits and botnets have taken hold. The most recent threat is APT which is not only a new type of threat but also a new way to profile and attack networks, systems and organizations. While we see new types of attacks we also see the morphing of existing attack types. As an example a few years ago, the majority of malware was in cleartext which could often be detected by AV or IDP solutions. Today over 80% of malware uses encryption, compression or file packing to bypass traditional AV or IDP technologies. Target - Finally, we also see significant changes with attack targets. Over the past few years there has been an explosion in devices that attackers target ranging from smartphones, to tablets to cloud services. What is particularly interesting about these new targets is the variation of the architecture of these platforms that ranges from more secure platforms such as the iphone to more open platforms such as the the Android OS. The other primary change we see is around the types of applications being attacked. Historically, most attacks have been focused on traditional corporate application servers and productivity applications such as office. Today, have seen a significant shift to web 2.0 type applications and social networking apps where attackers take advantage of a trusted relationship that is built amongst online users. They understand that there is a real tendency for online users to trust links that other users send within these applications and have used this vector as a target of malware. Transition: The challenge for enterprises today is how do they address the and new and emerging threats in a way that is both scalable and does not significantly drive up cost.
Juniper’s Always Protected Framework provides the critical components to securing your most valued assets through a combination of Restoring visibility with security context and coordination, flexible deployment options that meet the unique deployment models of your enterprise to reduce costs, and greater security with broad coverage that protects from the device to the data center.This framework goes hand in hand with our Simply Connected Enterprise Solutions to extend the overall value Juniper can bring to your enterprise.
What Are the Trends?And of course you want to attack the weak spots, not the strong spots, just for efficiency and simplicity.
Compliance vs. SecurityAlong those same lines, we start to get into a conversation of compliance vs. security. Where we had just port based firewalling, that’s a security feature. There's some compliance in there but it’s first and foremost a security an appliance. Now as we start to get into more advanced URL filtering and we get into application based filtering and things like that, we have this separate discussion. So for example, I’m not going to typically write a security policy that says if there are viruses coming into my network, block them if they’re coming to Bill, but allow them through if they’re coming to Joe. But I don’t know. Security policy tends to be: block the bad stuff and then filter the rest. Compliance is going to be: allow John to surf the Internet but don’t let Bill go to Facebook, because he’s just going to waste his day playing social media games and all that. So that’s into a security play that’s compliance, that’s productivity, that’s more employee based controls, where we used to have just security, now we have this mix of compliance and security. So it’s important that we start to have this discussion about how much security do you need — where and why — and how much compliance do you need — where and why — and then we can build a balance solution that covers both. We have seen some things in the market where people are effectively selling a compliance solution and calling it security, or selling a security solution and calling it compliance. We really need to make sure that we’re balancing those two aspects, so that once the install is in and everything is done and you’ve walked away, your client is happy and everything is nice and secure and compliant so they can feel good about their purchase and keep coming back to us for additional upgrades in the future business.
Leaky Application Firewalls One of the central points between that whole compliance vs. security, is when we start talking about pure application based firewalling as a technology — not port based, but pure application based firewalling — they leak data. They’re a compliant solution, not a pure security solution. What do I mean by this? Well, if we stand up an HTTP server running on port80, but we’re not port aware anymore, we’re smarter than that. Port awareness is for the past and now we’re all application aware, and it’s pure application based firewalling. We set up an application firewall that says permit HTTP. I send you a packet to the server, that’s a SYN packet on let’s say port23, but again we’re not port based so it doesn't matter. That application based firewall looks at that SYN packet on port 23, and says is this HTTP? Well there’s no application associated with the SYN packet, it’s just a TCP setup message. Does it block it or pass it? Well if it blocks it, there will never be application based traffic, whether it’s HTTP or something else, so we have to pass it. That’s going to hit my HTTP server; I’m not running anything on port 23, so it will send a rest. Again the application firewall looks at it, there is no application associated with the reset, so it passes the traffic. You just let me port scan your server from the Internet. Now I know there’s a server there for sure and it’s not running port23, so I can keep probing, I’m now interested in you — that’s a bad thing from a security perspective. Taking it one step further, if you have an application running on port22, lets’ say SSH, I send you a SYN on port22, application based firewall looks at it, there’s no application associated with the SYN, so it passes the traffic, it gets a SYN-ACK in reply. So now I know there's a server there and you’re running something on port22. He sends an ACK back and her starts sending application traffic. The application based firewall has to see a couple packets, 1, 2, 3, or maybe even 4, before he can conclusively identify that the traffic he’s seeing is not HTTP. When he conclusively identifies that, he can drop the session. The attacker on the Internet will see conclusive identification minus 1 packet, so if it takes two packets, then he does see one packet, this might give him a best guess. The application firewall must be certain it’s not HTTP before he can interrupt the conversion. The attacker doesn't have to be absolutely certain before he begins to fingerprint your system and understand what it is that you’re running. So again, we’re leaking a fair bit of data there because it’s a pure application firewall. This is why we still want our port based security in place.
Layered SecurityBecause once we put a port based security on top of the application based firewall or in front of, in the worst case, typically we want port and application based firewall in the same box, then we can build a policy that says for instance, permit port80 HTTP traffic. Then we’ll block anything that isn't port80, all of the junk that’s out there, all of the probes and inappropriate traffic, then anything that comes in on port80 will also run this application awareness to make sure that it’s HTTP. So we’re just filtering out that junk at the start, rather than letting it through while we determine what the application is. This is all “defense in depth”. For example, if you get a new alarm system, you’re not going to stop locking the doors on your house, you want to add layers of security, not take them away. Port based firewalling has been around for a long time, it’s not exciting, it’s not sexy anymore, but that doesn't mean it doesn’t have a very serious place in network security.
AppSecure Service ModulesAppSecure, application based security, Juniper’s implementation, is specifically built around our application identification engine. This was released with IPS IDP 4.0 about three or four years ago, and we could start writing IPS policies that were application aware way back then. The challenge with the SRX was that was part of IPS, so we’d have to run it through the firewall engine, through the IPS engine, through the AppID engine, and then spin it back around and run it back through the firewall engine, which would be a weird packet flow, high latency, a lot of overhead, all that good stuff. So we pulled the AppID engine out recently and it now runs as a service on the SRX. So really the core of AppSecure is the AppID engine. We identify the application and then we do stuff with it. AppTrack: we track what the applications are, bytes in, bytes out, duration of session; AppFW: permit deny, AppQoS: we set DSPC bits; AppDoS: intelligent application aware, context aware denial of service protection; and of course IPS still has some application aware features as well.
SSL ProxyAs a side note, we can today in the high end SRX do both reverse and forward proxying for SSL. So with reverse proxying, the scenario there typically is I have a Web server and I want to perform IPS on HTTPS traffic that's coming in. So we can load the private key onto the SRX, encrypted traffic comes in, we’ll make a copy of the traffic, decrypt it, on the SRX run IPS services, and then identify anything bad going in that’s a copy of the traffic so we are mirroring it, it’s not inline IPS but we can follow it so it’s more IDS detection system rather than active inline prevention. SSL forward proxy, we can actually setup a trust relationship with the client browsers when the clients browse out via HTTPS, the SRX will terminate the session and build a new SSL session out to the destination server so that the SRX is performing AppSecure based on clear text traffic.
Redirecting TrafficIt is important to note that for authentication, either the single sign on or the captive portal, we need to use that unauthenticated role or on any role, but preferably the unauthenticated role, to allow users to get access to the Infranet Controllers so that they can get authenticated. They need to be able to access their Active Directory server and their Infranet Controller before they're authenticated in order to get authenticated so they can match some role based rules.
AD Authentication WorkflowHow does this work? From an Active Directory authentication perspective, the single sign-on is an option that’s available. A user tries to browse through the SRX to a protected resource. The SRX will push back an SPNEGO redirect to the client’s Web browser. Modern browsers all support SPNEGO, the last few versions of Internet Explorer, Chrome, and Firefox — all the most popular versions are fully supported there. The SPNEGO redirect tells the client to contact their Active Directory server and obtain a Kerberos ticket. So the Active Directory server does its authentication stuff with the client and presents it with a Kerberos ticket which then gets sent to the Infranet Controller. The Infranet Controller will then look up the user and get the role information from the AD server and push all of that information down to the SRX so that we can match policies based on that user. If we have the option enabled, then we’ll keep that Web browser open, to run some AJAX keep alive scripts with the IC and will open a second browser window going to the initial destination — the original destination for the user — so it is effectively seamless, but we have the extra AJAX mechanism in there doing heartbeats as a keep alive mechanism.
Why a Two-Box Solution??Why do we do it this way? Why do we need a two box solution while some of our competitors just put a nice little agent on the Active Directory server — wouldn’t it be great to do that? Well, it would, but here's a scenario: I log in to Active Directory; Active Directory tracks my username and my IP address. I close my laptop, or I disconnect from the network or my desktop crashes or whatever, Active Directory doesn't care that there was a change on the network, it has its own authentication mechanisms it’s designed to protect Windows based resources so it’s doing that with Kerberos and some other authentication stuff going on in the background. It doesn't’ really care that I disconnected. So later on I bring my computer back up or I roam to a different wireless AP and get a different IP or whatever and I access an Active Directory resource. It takes note that my IP address is updated, but again it doesn't really care. Network based information, IP address specifically, isn’t something that it does more than just keep track of, it doesn't really care about changes. It’s not designed to actively check your network state — doesn’t care if there are changes. So if in between number 2 and three there I’ve logged into Active Directory, it’s tracking my user ID and IP, and I disappear for the network, I close my laptop, desktop crashes, whatever, and someone else comes in behind me and attaches to the network but doesn’t log into Active Directory —so for instance, I use a Mac, I don’t login to Active Directory — if they happen to grab the same IP because your DHCP is tight on addresses and it’s reassigning or the new person already had one reassigned previously and didn't give it up properly and it was statically coded, or because they’re malicious, Active Directory isn’t aware that the user attached to the IP is anything different than it was. All it knows is Active Directory calls that it sees; so there’s no log message, there's no network sniffing, there’s nothing that will tell Active Directory that the user is different. If we write an agent that sits on an Active Directory server, it’s very difficult to check that network state. We’re working on doing that because we want to have a clean one box solution. Maybe we’ll port some of this code onto the SRX, maybe we’ll build it into an Active Directory agent — it may be a lot of different things. We are trying to address that from a sales concern. But from a technology perspective, the cleanest solution is the one we already have. We already have this Infranet Controller that’s designed to do this SPNEGO redirect or a captive portal login so we can confirm who you are now. We can also keep that window open and run this AJAX script that does keep alives with the Infranet Controller, to check the network state so we know that you’re still you; so we can check who you are and we can check state so that we know you’re still you over time. That way, if you disconnect or your box crashes, or whatever, if the keep alives fail, the Infranet Controller is aware that you have dropped off the network from its perspective, and it flushes the security policies so we stay secure moving forward.
Slide 3: The World is on the Move Most business networks were designed to support specific IT-owned applications over wired ports using dedicated VLANs. Many haven't had a significant update in five years or more. Applications are bolted to the network, and wireless was designed as a secondary overlay network.Mobility obsoletes this model by changing the way content is consumed. Today, most network connections are wireless. Users employ a mix of personal and corporate cloud-based and user-chosen devices and applications.Mobility has forced enterprises to shift their security strategy away from a perimeter “protect your borders” approach, making them realize that borders are now global and that their vulnerabilities are actually internal. This changes the way they think about, and deploy, security. Additionally, applications are no longer slow and stable but fast and evolving; users are choosing their own applications to use. As a result, today’s enterprise is struggling to balance the risks posed by mobility, BYOD and fast-evolving cloud services against the safety and security of network resources. Segregated networks with dedicated VLANs can’t support the collaboration that users today demand.
Mega Trend – Server VirtualizationIt’s pretty clear that server virtualization is here to stay — right? It’s extremely uncommon to go into any enterprise at this point and not have virtualization in there in quite a big way in most cases. So it’s no longer just test dev off in some remote aspect of the business. This is fundamental to businesses, fundamental to service providers and what they’re trying to do, and this is an IDC slide that’s a couple years old now, but it’s pretty simple. It shows the fact that physical server roll outs are starting to flatten out and what we’re seeing is rapid deployment of virtualized servers and getting to the point where its 2x what the physical server deployment is. There’s lots of good reasons for that. It’s just virtualization and all the great things that come with virtualization that are driving this. It’s saving power, it’s dynamically allocating resources onto your server infrastructure to eke every last computing cent out of your physical servers. It’s operational management — things like being able to live migrate hosts, or live migrate VMs across hosts, and changing the way that server admins work, like there’s not these crazy demands for off hours just because you want to add some memory to a server. You can migrate the virtual machines and then take that down and in many cases people do that in the middle of the day because that technology is so robust and proven out. Clearly here to stay; the one thing to remember is we have to incorporate security into this rapid server virtualization, and customers have to understand that, as they’re virtualization more sensitive things, that they need to take security in lock step with that.
Other Virtualization PlatformsThe fact is that we have Hyper-V, KVM, Zin — these platforms starting to gain momentum for various reasons. On the KVM and Zin front, there’s a lot of backing and a lot of work being done on the KVM front, even Red Hat’s systems are obviously going to be based on that. The RHEV-M and the RHEV-H, the nonstandard Linux KVM has been taken and modified and improved upon and becoming standalone virtualization products from Red Hat. There’s the Zin and the Citrix pieces which are out there; customers are using each of those for various reasons; service providers wanting to save money from VMware licensing fees, and so on and so forth. So we’re seeing some of this starting to play out and make it tougher on VMware from a Hyper-V perspective and Microsoft perspective, there’s a lot that’s happening on Hyper-V in 2012. I was in Orlando for the TechEd conference and there’s a lot of catch up that’s happened on the features; it’s becoming very feature compatible, and in some cases for different versions — more feature rich in the Hyper-V scenario. Couple that technology catch-up with the fact that Microsoft is being very aggressive to do pricing and license strategies in a way that make it very compelling from a cost perspective to switch platforms. There’s really a lot of contention here about what platforms are going to be around. From a Juniper perspective, we really don’t care. We don’t sell a virtualization platform; we sell a security layer for this environment. So, yes, we need to be on the most important platforms, but our long term goal is to be across all of them, and let a customer who, in many cases, has multiple hypervisors in their single environment, let them feel confident that whatever security solution they select will work across these hypervisors. That’s really important for our strategy going forward for both products.
In a typical tree network the location of an application can have a significant impact on performance. [click] Ideally, an application should be no more than one hop away from its data for optimal performance, i.e. they are co-located on the same switch. We call this area of optimal performance “The Bubble” But switches have their physical limitations and often we must locate the application outside the bubble. [click] This is when networks can have a significant negative impact on application performance. [click] And the farther away we locate, the worse it gets.Although this is a great concept, it is practically never implemented in practice because the bubble size is limited. By definition, the size of the bubble is limited to a single switch. If we assume 48 ports on a top-of-rack switch with eight ports facing up to the aggregation layer, then we have 40 ports which are server facing. Given an average to 10 NICs per server, this leaves us with a bubble size of ten servers. Not big enough to be of any real use. We need to fix this problem.
Another problem with tree architecture is that, if we introduce a security appliance in the tree hierarchy, it casts a shadow over that part of the network. [click]If we move a VM within the shadow, VM can still taking advantage of the services that appliance delivers. [click] But, if you move VM moves out of the shadow, at best it’s insecure, and at worst you have lost it.So another way of viewing the job of managing the data center is to manage the intersection of bubbles and shadows.
Traditional data centers generally employ a one OS/application per server model. As we can see here, this can be highly inefficient. I’ve known situations where an application that runs one hour per week sits on its own server. This a true waste of resources.Today the vast majority of data centers are implementing programs for server virtualization and consolidation. [click] Using virtual machine technologies called hypervisors they can enable multiple OS/application pairs to run in a single server achieving better cost efficiency not only from reduced equipment costs, but also savings in power, cooling and space. There are several vendors of virtual machine technologies with VMWare being the leader in this space. [click]And new applications can easily be provisioned in just minutes, sharing existing resources and increasing cost efficiency.[click]But as application demand grows we can reach the limits of a single server. When this happens, we could manually move an application to a new server but this takes time and can violate the always responsive requirement.This is where networking and clouds enter the picture. [click]
Market Summary & ChallengesFrom a market summary, just a couple quick…examples.
Security Implication of VirtualizationLet’s get into a little bit more of the heart of the discussion around why do we care about security in a virtualized environment? What’s going on here that would necessitate these special solutions? We know virtualization is happening, we know there’s different platforms and choices our customers are going for. What does it really mean form a security perspective; what are the implications? When we first started developing the solution I would sit down with execs and leaders of IT staffs and ask them about their virtualized environment — what is the top protocol in use on their current switch? How do they know that certain virtual machines from the physical world that got virtualized from different departments aren’t intermingling there in a way that they don’t want? How do they deal with antivirus in this space? All of these sorts of questions were really hard for these guys to answer, in many, many cases. They didn’t know what was happening on their virtual network; they didn’t know what mechanisms had been put into place from a security perspective to lock things down. And the reason is that it’s not really just the servers that you’re virtualizing; it’s the network as well. So you have virtual switches, virtual interconnect in there, virtual NICs, and you’re consolidating that, but not always are you taking the security that you have from the physical world that you have in place and also virtualizing that and putting that into place. That disconnect creates essentially a blind spot from a visibility perspective into what’s happening, what are those VMs doing, and potentially a blind spot from security devices. So it used to be segmented by different buildings and different network ports and so forth, and a lot of that starts to disappear in this very dynamic environment where VMs can move around from server to server and you have virtual machine admins making decisions around what VM gets stuck into a particular port group. It’s quite different than many of the things that happen in the physical world. That’s the fundamental thing that we want to address and we want to do it in an efficient way; we want VMs to come up and understand what those VMs are doing and give them the policy to let them do what they’re supposed to do and nothing else.
Customers aren’t just trying to virtualize a few servers in a small scale like the previous slides. They are trying to adopt virtualization in high quantities in their internal networks (building private clouds) and they are even exploring hosting VMs off premise and bursting between these locations (i.e., building hybrid clouds). Service providers are dealing with requests to isolate hosted VMs and provide security guarantees in this very dynamic environment.The demands of this computing model dictates a solution that is integrated, flexible, scalable and efficient. Let’s take a look at some of the specifics of vGW.
We looked at different kinds of traffic flows earlier and this is the kind of logical network diagram where virtualization is shown that on the access tier you may have a set of VLANS going to core Virtual Chassis and on the core Virtual Chassis we are creating virtual routers — VR 1, VR 2 for different segments. Any traffic within VR1 on the set of VLANS, which is permitted on VR1, is not going to firewall but within VR2 across virtual routers it is going through firewall. This is very important in many places; in many RFPs we see the requirement for a virtualized data center, doing segmentation, and control through a point of entry where they can control through some kind of security policy, and this is one way to meet those requirements. We’ll look at those traffic flows in the next section, in which we explore based on how these traffic flows are supported within Data Center and also across the Data Center. And when you can support this across the Data Center on different traffic profiles that means you can have agility of resources across Data Center and that is one of the essential requirements of cloud readiness or an agile environment.
Now we’ll look at Intra Segment Intra-DC traffic flow. Here, as you can see from the animation, there are some resources on the 2 different access tier switches and the traffic basically goes to the core and comes back to another access tier; however, that traffic is not going through the firewall. Basically this environment doesn’t require stateful security or IDP inspection but higher performance and lower latency are much more important even though the resources are on two different access tiers. You may have the resources on the same access tier and maybe they’re talking to each other directly but if the number of resources are more and they are on other access switches for any number of reasons you can still meet certain performance criteria because that traffic doesn’t necessarily have to go through firewall services. This is one very basic simple flow. Next we’ll look at Intra segment but Inter-DC traffic flow.
In the Intra segment Inter-DC you can see that on both sides there is a VR-1 which is the green set of VLANs and basically when this access tier sends the traffic to the other Data Center that traffic basically goes to a VLAN extension towards MX; goes to VPLS network. The same VLAN traffic — Layer 2 broadcast or unicast — it can come to another Data Center access tier switch. This will support Layer 2 extensions; both sides are the same L-2 broadcast network; that means it can support Vmotion or VM mobility or data applications or any application which may require Layer 2 extension across the Data Center. This traffic will not go through firewall, even though certain types of traffic may be going to the firewall. This is one of the important use cases which kind of differentiates it from other solutions with MX and the building blocks we looked at earlier when we put it together we can have an end-to-end Layer 2 flow, which doesn’t go through firewall and meets the performance requirements and we have a technical article which you can refer to how to enable the Layer 2 services and how to get more benefits of MPLS network with that.
The 3rd type of traffic flow we are looking at is from Green VLAN to Blue VLAN in this example where even though the resources aren’t on the same access tier; the traffic goes to the core switch, goes to the firewall, is controlled through the zone security policy across these two zones, and comes out of the virtual router. So even though the resources are the same access tier, you can still control the traffic flow between those resources based on the security requirement in that. You can potentially allow it, or you can separate it out, you can even further virtualize the SRX cluster with your routers or logical systems and clear the complete segmented Data Center where this traffic doesn’t even see each other. This is one way to achieve virtualized Data Center environment. This traffic flow we looked at from within the data Center where it is across 2 segments. How does that traffic flow go through different points? If one of the segments is extended across the other data center if for any reason these two segments or the resources on these 2 segments need to talk to each other — how ever those resources are across the Data Center — how the firewalls are maintained, that we’ll look at next.
This traffic is from the green VLAN going to the blue VLAN, however the blue VLAN resources are on the other Data Center. So traffic will go through the VR1 go through the zone. And there is another zone going through so that traffic passes through virtual router on the MX which is connected to this side using a L3VPN configuration and it goes to the SRX cluster on the other Data Center One of the reasons the traffic is going through both SRXs or the security services is we can control from one side of SRX to other side of SRX, however that will require some routing policies, but at the same time you can not have a configuration so that any one side originates or picks the firewall on the origination side. The reason is if you do that then the return traffic will create asymmetric routing and the session may be dropped. One way to achieve it as it currently is configured is to go through both SRXs. We can always explore the options if any further optimization is required or necessary on the customer side depending on the amount of traffic and how many resources it is taking. You can decide if you want to create more control and optimize this traffic flow.
Competitive PositioningLet’s just look a little bit more at the competitive positioning.
This is the way we manage networks today. We send out the Mongolian Hordes of network administrators and tell them “Go build networks and keep them running! And don’t come back until you’re finished.” Which, of course they never are. So we keep adding manpower ad infinitum.Not a good way to manage anything.
The Smartest Way to Protect Websites and Web Apps from AttacksThank you for learning about Mykonos. We started Mykonos to solve a problem of Web App Security that no one had yet to solve, which is how do you get visibility into an attacker on your website right now? And Mykonos aimed to used deception and intrusion deception to detect an attacker before the actual attack. And if you think about the five stages of an attack, your first stage is reconnaissance. The attacker goes around the site looking for holes. Your second phase is the actual scripting phase where they try to write the attack. The third phase is the actual execution of an individual attack. Your fourth phase is your automation phase, as they try to bring that attack up to large volume. And finally you’ve got a maintenance phase — as you try to close the hole, the hacker tries to keep it open. Every security solution before Mykonos was focused on phases three and four — how do I stop an attack or an automated attack in process? Mykonos seeks to move that to phase one — how do I look for the bad behavior, the reconnaissance that an attacker does so that I actually have a chance to stop the attack before it happens?
Hacker ThreatsA lot of people think about hackers as being binary – that they’re either bad or good. But the reality is a lot more nuanced. And in that nuance is a lot of the secret about how to start stopping attacks and changing the economics. Now the first type of hacker that we worry about are IP scans. And these are where an attacker has gone out and is actually using a scanner that is equivalent to a robot checking every door and window in the neighborhood. It actually goes out and looks for a single vulnerability across hundreds of millions of IP addresses. Now we’ve been talking about this for about two years and, sure enough, about six months ago somebody wrote a script that actually went out and hacked 1.1 million websites in a matter of 24 hours. And that kind of shows you how powerful an IP scan can be if left uninterrupted. But perhaps equally important, if not more important, are targeted scanners – things like Grendel scan, Metasploit, O2 – scanners that allow every APT or every script kiddie to become very sophisticated. And so we see targeted scanners like Grendel that may attack 20, 30, 40 thousand vulnerabilities in the matter of an hour, and all of a sudden they make hacking not only faster but much, much easier. And so what Mykonos does actually is intercept it, slowing down the targeted scan, but also adding, injecting fake vulnerabilities, rendering the results useless. And the third type of vulnerability we worry about are botnets. And botnets are being used in two really interesting ways right now. One, they’re being used by APT threats to distribute an attack and avoid detection; and second, they’re being used to scale up an attack — automate a small attack to make it a really big one. And Mykonos here actually intercepts a botnet; uses a CAPTCHA processor inline to dynamically break the botnet and stop it on the fly. Now, if you can break the various scripts and tools — the IP scans, targeted scans, and botnets — what you do is force slow, visible, human hacking that’s a lot more expensive for the attacker and a lot easier to defend against.
Web App Security TechnologyUnlike traditional Web application firewalls that use signatures and force their customers to write signatures for each individual detection, Mykonos uses behaviors to go beyond the signature and not have to force the customer to finish the product for them. But, more importantly, unlike signatures that detect attacks in process, and have no coverage against zero day attacks, Mykonos actually uses its behavioral technology to take intrusion deception and detect the early reconnaissance behavior that happens before the attack ever starts. But Mykonos also goes a step further to go beyond the IP address. So, unlike an IP address, where there may be five or ten thousand people behind a single IP using a proxy, Mykonos identifies and targets the individual device and it can not only block them but it can do a huge range of responses. Both solutions meet the PCI section 6.6 requirements for compliance, but only Mykonos can detect an attacker before the attack ever happens and go beyond the IP address to stop an attacker without stopping…
The Mykonos Advantage Deception-Based SecurityThe way Mykonos works is in four steps. The first step is to detect attackers by injecting hundreds of little tiny bits of code into the Web application at serve time so that we detect an attacker while they’re doing the malicious behavior before the attack. And because the attacker is touching code that doesn’t exist, there aren’t false positives like traditional signature based solutions, and it also allows us to detect zero day attacks by seeing the bad behavior rather than relying on an attack signature. The moment we detect an attacker, we track it. We actually use a super cookie to track the individual browser based attacks and we use a finger printing technology to detect script based or APT attackers. And then we start to be able to build a profile, which looks like a DVR that records everything a hacker does, to start to get smart about who that hacker is and what threat level they represent. Then finally we respond. Unlike Web application firewalls where only 10% run in block mode, a hundred percent of Mykonos devices run in block mode, stopping attackers, blocking them, warning them, and deceiving them to make it much more expensive to hack a site where Mykonos is involved.
Detection by DeceptionArchitecturally, Mykonos sits as an inline proxy, directly in front of the application server. And as it hands the code down to the client, it injects tar traps or deception points into the code. Now the first example’s really simple; it’s a query string parameter — which is the URL string you’d see on any website. It’s very easy to hack a URL string — but a lot of people do, because there’s about 20% of top sites that have some sort of session hi-jacking vulnerability because of the query string. And so you’ll notice there, there’s a piece of code that says “debug=false”. Well, if the hacker changes this to “debug=true” to try to get back the bug information, or “debug=0” or a long string or anything else Mykonos will detect manipulation and now we know we have an attacker in our website. Let me give you a more sophisticated example. The “hidden” input field is something that you would use if you were looking at a form. Most SQL injection attempts are done via the forms, and that’s because that’s where the direct connection to the backend database is. And here you’ll see a bunch of HTML and you’ll see a line of code: <input type=“hidden” value=“0” name=“authorized”> Now there’s a lot of things you’re going to do. You might change the value; you might change the name. But what you’re trying to do is get this form to respond with an error message; with a SQL dump — with something that tells you how to get into the system that will then get into the data that you want. And here, this entire line of code is fake. It was inputted by Mykonos directly into the code stream so it’s indiscernible from actual code, and it allows us to detect those advanced SQL injection attacks before they ever touch the first input. And then finally, not only do we think about the width of deception — meaning all the different behaviors that an attacker might do — we also think about the depth of deception — meaning how do we detect an attacker and start to change those economics. And the third example of server configuration is a great example of that. This is an HT access file — it’s an Apache System file you’d find on any site. Now if a hacker accesses that — it shouldn’t be exposed, but it often is — and Mykonos will block the real one but return this fake one or a similar fake one. Now if the hacker reads through it they’ll notice it points to an HT password file, and if they traverse hidden directories, and get to that file, we’ll again respond — this time with a list of user names and encrypted passwords. So why do that? Why provide a list of user names and passwords, instead of blocking the attacker? We know they’re bad; why not just stop them? And the reason is we want to make it expensive for the attacker. So by returning a list of user names and encrypted passwords it could take the hacker fifteen, twenty hours to run a desktop encryption tool, like John the Ripper, and break that encryption. And if they do that, we’ll then let them try to log in to the “recoverPassword.aspx” file. So, in the hacker’s mind, they’re making progress. But what they’re actually doing is wasting time and teaching Mykonos what skill level and threat level they represent.
Track Attackers Beyond the IPSo once we detect the attacker we immediately start to track it. For browser based attackers, we inject a super cookie into the attacker’s PC. And that super cookie allows us to track them, even if they do things like clear cache and cookies or use private browsing mode. But on top of that, we also have a finger printing capability that serves as a backup mechanism for more sophisticated attackers that might try to spool up a new VM, or might try to figure out how to shake the cookie. And it also allows us to track script based attackers. And the reason we track them is so we can start to begin to profile.
Smart Profile of AttackerThe profiling technology allows us to become almost like a DVR and record everything that a hacker does. Now, every Mykonos hacker gets a name. And you’ll see this is “Jack 26”. And the reason we do that is so you’re not running around shouting IP addresses if you’re at a security operation center. And you’ll notice in the bottom, left that we can see that this attacker was extreme. We can see the last time they were active, the first time they were active, and the threat level they posed, and on the right you’ll notice that we start building an incident history — that query parameter manipulation of the URL string I mentioned earlier; the hidden parameter manipulation in the form; up to an Apache configuration file request; the password file, and finally they cracked the password. And what Mykonos did in the background is escalate the level of threat and start to record every bad action the hacker did and all the information underlying it so we can actually start to really understand what threat level they represent; what we should do about it — more importantly.
Respond and DeceiveAs I mentioned, a hundred percent of the Mykonos devices run in block mode, actually stopping real life attackers. While compliance is important, we think that preventing a company from being the next Sony is much more important. And Mykonos responds in a range of ways. We might warn the attacker. We built a response for fun a few years ago where, as a attacker attempts to hack a site, the site disappears and up pops a map of the hacker’s location, with a note that says, “It looks like you might need a criminal attorney”, with a list of lawyers in the hacker’s location. It was our way of saying we know where you are and you should really stop doing anything bad. We can block a user without affecting anyone else in that IP address, so we’re not stopping customers. We can force a CAPTCHA processor inline, so we can break any automation that may happen. We can slow a connection down, forcing hackers into go in slow motion. We can go out and actually simulate that the application’s been broken, or we can even, in the case of a financial application, force the logout and actually immediately block and lock the account so the attackers can’t get into it and do any damage.
Security AdministrationAnd so all of this becomes a real-time console. This is actually a real screen shot of the Mykonos console in action, and what you can see in the top left is the number of attacks we’ve detected — by low, medium and high — and the total number of attacks. You can see the total hackers on the site, also by low, medium, and high. So you can get a sense for the sophistication level of the people hitting your site. You can see in the top right the counter measures deployed that we’ve used to try to stop an attack. And then you can see the most frequent attacks — the top hackers — so you can see who is… are the APT threats continually hitting your site, and the top countries they come from. And then underneath that you can see the malicious incidents. You can get a sense for volume by day. And then you can see the number of sessions and hacker sessions so you can start to get a sense of what percentage of your traffic is coming from hackers. All of this data plugs into a SIEM tool via a command line interface we expose so you can plug it into any other tool you’d like. We also have ability to plug into Nagios or Unicenter or any of your data center management tools so you don’t have another screen to stare at. And finally, all of this data is real-time, it’s delivered on demand, and we can generate reporting as well, to help you for further use.
Unified Protection Across PlatformsSo from a deployment perspective, Mykonos actually lives as a software product. It’s a software appliance that can be installed on any traditional hardware for traditional data center deployments. We also have a virtual machine based version that supports VMware’s ESX for virtualized customers that have already virtualized their application infrastructure. And finally, we actually have a cloud based version we just released, for Amazon Web Services, so that customers that have decided to let their applications live in the cloud, can now bring the Mykonos security with them into the cloud. And the really exciting part is that as of Ambler, Mykonos latest release, we now have the ability to see a single attacker across multiple of these environments inside of a customer. So, going back to that Sony example, when attackers attacked Sony Japan, Sony Germany, Sony U.S. and Sony’s Amazon cloud, Mykonos would have detected it immediately on the first site and protected the second, third, and fourth before anything bad could have happened. We think that has an enormous amount of value to customers and we think it’s the first in what we think is going to be a wave of connected application and ultimately network firewalls.
Juniper’s separate data and control plane architecture offers significant advantages. Consider the difference:Competitors’ single plane designDuring attacks, no management access to address the situationDuring attacks, processing of routing updates stop and the network is downJuniper’s separate control and data plane designMaintain management access even during a DoS/DDoS attackRoute update processing continuesSeparate data (packet forwarding) and control (management) planeScales performanceEnhances resiliencyEnables redundancyTransition: Beyond the separate data and control plane architecture, consider Juniper’s consolidated security platform.
Juniper Network Management portfolio (Space/Security Design, STRM and AIM) enables operational and cost efficiencies through: Full network life cycle management (Provisioning/Visibility/Diagnostics) -closed loop, less resource-intensive, one-stop-shop Single configuration/provisioning platform across Juniper’s security/routing/switching devices Single event monitoring/threat management solution across all Juniper systems Case automation for efficient and cost effective incident management Network-wide visibility with application-level granularity Appliance form factor for one stop HW/OS/Application support Rapid deployment – no server provisioning lead times Schema-based device/Space interface for day 0 deployment (application transparency) One Stop Support for hw/OS/ApplicationTransition: Clearly Juniper Networks unified management meet customer needs. To summarize…
For Data Center SRX, NSS Labs have given their stamp of approval, recommending SRX to businesses and organizations around the world.ABI Research, in the assessment of UTM vendors, has established Juniper Networks as the overall #1 UTM vendor ranking #1 in all decision criteria: innovation and implementation.Transition: Other analysts, as well as customers, also have showered Juniper SRX with praise too.
See examples above.As you can see, analysts,research houses, and most importantly customers, believe in the strength and direction of Juniper.Transition: Clearly Juniper Networks SRX solution meetcustomer needs. To summarize…