Protecting key applications in the Datacenter
|
|
- Kathlyn Griffith
- 5 years ago
- Views:
Transcription
1 Protecting key applications in the Datacenter
2 SECURITY OUTLOOK Threats get more Sophisticated Flame, Shamoon, Gauss... Dirt Jumper (DDoS) toolkits blend attacks Mobile Malware is exploding APT s Corporate Cloud Applications Grow Security Boundary blurring into the cloud Data residing in multiple locations Public and Private Need to Secure all data at rest and in transit Identity management and trust between SP s and cloud providers is key Industry Megatrends CoIT/BYOD Virtualisation/Cloud Big Data Mobility Social Media Compliance Views on the toolsets New security approaches emerge Defence by Deception Secure The Hypervisor Virtualise the appliance Enhance existing security solutions Source : Canalys, March Copyright 2012 Juniper Networks, Inc.
3 SECURITY TRENDS:- IMPACT ON DATACENTER APPLICATIONS Blended/Compound attacks L3/4 DoS L7 DoS L7 App exploits DC FABRIC Web services ~73% of all attacks are web based WAF/Signatures alone are insufficent New approaches required Hypervisor Hypervisor Hypervisor Compromised VMs Staging points for reconnaissance in APTs Physical security cannot detect cross-hypervisor traffic 3 Copyright 2012 Juniper Networks, Inc.
4 DATACENTER SECURITY OVERVIEW Branch SRX High-End SRX JunosV Firefly Mykonos vgw Remote Branch Connectivity and Security Site-level Security and Zoning to separate customer traffic, ALGs, IPS for threat protection, etc. VM-level Security at an aggregated level - multi-tenant segmentation Web threat mitigation without false positives Inter-VM Security and inbound threat protection for all VMs combined Remote Office Branch SRX series Datacenter A Virtual Infrastructure VM-A VM-A VM-A Rack servers Firefly Datacenter B Virtual Infrastructure VM-B vgw vgw vgw VM-B VM-B High-end SRX MOBILE WORKER Junos Pulse Firefly Physical Data Center vgw vgw vgw Note Illustrated here are just a few use cases 4 Copyright 2012 Juniper Networks, Inc.
5 MITIGATING BLENDED ATTACKS WITH DC SRX Screens L3/4 attack mitigation SYN flood UDP flood Protocol anomalies IPS L7 exploit prevention Signature based Zero day availability Scalable IPS processing AppDoS L7 DoS mitigation Context based DoS monitoring/protection Differentiate attack from genuine traffic AppFW/Apptrack App filtering/monitoring Protect applications whichever port they are deployed on Monitor app usage for IPS/AppDoS profiles 5 Copyright 2012 Juniper Networks, Inc.
6 A CLOSER LOOK AT VSRX Security & Routing functionality delivered as a virtual machine Junos delivered as a virtual appliance on a choice of Hypervisors Runs on standard x86 hardware Full, proven Junos security and routing protocol suite Leverages proven SRX & VJX technology Performance optimized SMP kernel & multi-threaded flowd over multiple vcpus Supports Hypervisor VM functionality Example: vmotion, snapshots, HA/FT, Cloning, Management etc. Perimeter Firewall VPN NAT Network Admission Control Junos Routing Protocols and SDK Junos Rich & Extensible Security Stack Content Anti-Virus IPS Full IDP Feature Set Web Filtering Anti-Spam Application Application Awareness Identity Awareness CLI, JWeb, SNMP, JSpace- SD, Hypervisor Mgmt, HA/FT 6 Copyright 2012 Juniper Networks, Inc.
7 EDGE DC SECURITY:- VIRTUAL INSTANCE SCALE Using x86 virtualization for unlimited, dynamic, private firewall scaling Option 1 (SRX & LSYS) Option 2 (Hypervisors & VJ-SR) Customer E Customer D Customer C Customer B Customer A Customer A Admin Firewall Routing NAT VPN ALG s Etc. VJ-SR Customer A Separate a single physical SRX into unique virtual instances on the device (Difficult beyond hundreds) HYPERVISORS Leverage x86 Hypervisors (KVM, VMware) to build unlimited pools of VJ-SRs! 7 Copyright 2012 Juniper Networks, Inc.
8 VIRTUALISATION WITH LOGICAL SYSTEMS LSYS 1 LSYS 2 LSYS 3 LSYS 4 LSYS 0 (VPLS DOMAIN) SRX ROOT LSYS Key Takeaways Maximum of 32 LSYS Uses an internal switch (VPLS domain) for communication between LSYS Important to minimise inter-lsys flows Inter-LSYS flows processed three times by ingress LSYS, VPLS domain, and egress LSYS Performance implications License-based no LSYS supported with standard SKUs Primary use cases Multi-tenant cloud/dc environments Departmental/Business Unit resource preservation (eg University deployment) Firewall physical consolidation 8 Copyright 2012 Juniper Networks, Inc.
9 LSYS RESOURCE PROFILES JUNOS LSYS PROFILE PARAMETERS Firewall Policy Rules Zones Sessions IDP (Enable/Disable) NAT rules Addresses Applications (Services) CPU Utilization Log Rate Resource profiles defined and applied by global administrator Resource profiles broadly cover two parameter categories:- Configuration options, eg firewall policies, zones, NAT rules Compute resources, eg CPU cycles, concurrent sessions, log rates 9 Copyright 2012 Juniper Networks, Inc.
10 VIRTUALISATION WITH VRS/ZONES Zone Untrust A Zone Untrust B Zone Untrust C SRX VR A VR B VR C Key Takeaways Much greater scaling than LSYS 2,000 zones/vrs on SRX5800 No license required Generally simpler configuration Requires inter-vr routing not generally possible with static routes Primary use cases Firewall consolidation Service separation Zone Trust A Zone Trust B Zone Trust C 10 Copyright 2012 Juniper Networks, Inc.
11 LOGICAL SYSTEMS v VRs/ZONEs LSYS ZONES /VRS Pros Resource separation Management isolation, including Space/Security Design Cons License required Extra configuration complexity Performance hits for sending traffic between LSYS Pros Simple configuration High scale No license Cons No resource protection usually a requirement in multi-tenant environments No true management isolation 11 Copyright 2012 Juniper Networks, Inc.
12 VSRX:- SAMPLE HIGH LEVEL DESIGN Cloud Service Provider segmenting tenants with VJ-SR and allowing inter-vm protection with vgw Cloud Service Provider Customer A Virtual Network Primary Site (Virtual and Non-Virtual) Customer A Customer B Hypervisors Branch Non-Virtual Network EX Series EX Series MX Series Internet Cloud- Connect CPE Customer B Primary Site (Non-Virtual) SRX 12 Copyright 2012 Juniper Networks, Inc.
13 VSRX USE CASE VIRTUALIZED DATACENTER ENVIRONMENTS Customer Goal Cloud Service Provider, Large enterprises who are virtualizing their datacenters Maximize efficiency and resource utilization; extend gains of virtualization to network infrastructure. Requirements Routing and/or security functionality without a standalone appliance. Under 2Gbps of traffic. Solution Deploy combined virtual security and routing appliance to maximize efficiency. Virtualized Environment Virtualized Environment VM1 VM2 VM3 VM4 Physical Firewall WAN VM1 VM2 VM3 VM4 WAN Datacenter: BEFORE Datacenter: AFTER 13 Copyright 2012 Juniper Networks, Inc.
14 VSRX PLANNING Routing NAT Firewall DHCP Family inet Family inet6 (packet mode) Static routing BGP OSPF RIP PIM MPLS/VPLS ALGs DNS FTP H323 MGCP MS-RPC PPTP RSH RTSP Hypervisors VMWare, KVM Initial Release Source NAT Destination NAT Static NAT Persistent NAT SCCP SIP SQL SUN-RPC TALK TFTP IKE-ESP Firewall policy Screens SYN cookie VPN Policy-based Route-based Dynamic VPN Manual key Auto key IKE phase 1 IKE phase 2 Anti-replay DHCP client DHCP server DHCP relay XAUTH DPD VPN monitor Tunnel mode AH & ESP des/3des/aes Sha-1/md5 Management Device Manager, Limited Virtual Systems Manager ROADMAP Features UTM, IDP, Clustering, AppSecure HyperV, Xen Hypervisors Junos SDK Juniper Portfolio Integration (vgw, QFabric, HW SRX, MX, etc.) Scale & Performance optimization Management Policy management APIs Enhancements to Virtual Systems Manager : Junos Space App 14 Copyright 2012 Juniper Networks, Inc.
15 VSRX MANAGEABILITY vsrx Device Management Virtual Systems Manager Junos Space Security Design CLI + Junos Scripts JWeb SNMP STRM (Logging and Reporting), Syslog, Traceroute Security Insight Junos LMS Policy Manager APIs App for Junos Space Platform Long term single provisioning point and systems manager for vgw and vsrx deployments Support for popular Cloud Management tools vcenter, RHEV-M, SCVMM, ServerCenter vcloud Director, CloudStack, OpenStack Features (Life Cycle Management): Provisioning Bootstrapping Troubleshooting/Debug Log management Reporting etc. 15 Copyright 2012 Juniper Networks, Inc.
16 5 ATTACK PHASES:- APT BEHAVIOUR Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Silent Reconnaissance Attack Vector Establishment Attack Implementation Attack Automation Maintenance Attackers profile physical and virtual devices and applications Weaknesses in attack surface identified for attack Attacks launched to take control of device, application or VM. Can be used to begin further Reconnaissance Repeat attack to increase effectiveness, increase Profit or extract more data Evade patching and remediation measures to stop the attack 16 Copyright 2012 Juniper Networks, Inc.
17 THE MYKONOS ADVANTAGE DECEPTION-BASED SECURITY Detect Track Profile Respond Tar Traps detect threats without false positives. Track IPs, browsers, software and scripts. Understand attacker s capabilities and intents. Adaptive responses, including block, warn and deceive. 17 Copyright 2012 Juniper Networks, Inc.
18 DETECT THREATS BY DECEPTION Tar Traps Query String Parameters Network Perimeter Hidden Input Fields Client Firewall App Server Database Server Configuration 18 Copyright 2012 Juniper Networks, Inc.
19 TRACK ATTACKERS BEYOND THE IP Track IP Address Track Browser Attacks Persistent Token Capacity to persist in all browsers including various privacy control features. Track Software and Script Attacks Fingerprinting HTTP communications. 19 Copyright 2012 Juniper Networks, Inc.
20 SMART PROFILE OF ATTACKER Every attacker assigned a name Incident history Attacker threat level 20 Copyright 2012 Juniper Networks, Inc.
21 RESPOND AND DECEIVE Mykonos Responses Warn attacker Human Hacker Botnet Targeted Scan IP Scan Block user Force CAPTCHA Slow connection Simulate broken application Scripts &Tools Exploits Force log-out All responses are available for any type of threat. Highlighted responses are most appropriate for each type of threat. 21 Copyright 2012 Juniper Networks, Inc.
22 APPROACHES TO SECURING VIRTUAL NETWORKS VLANs & Physical Segmentation Traditional Security Agents Purpose Built Virtual Security VM1 VM2 VM3 VM1 VM2 VM3 VM1 VM2 VM3 VS HYPERVISOR ESX/ESXi Host VS HYPERVISOR ESX/ESXi Host Virtual Security Layer VS ESX/ESXi Host HYPERVISOR Regular Thick Agent for FW & AV 22 Copyright 2012 Juniper Networks, Inc.
23 THE VGW PURPOSE-BUILT APPROACH - VMWARE Service Provider & Enterprise Grade Three Tiered Model VMware Certified (signed binaries!) Protects each VM and the hypervisor Fault-tolerant architecture (i.e., HA) Virtual Center 1 Security Design for vgw VM 2 VM1 VM2 VM3 Virtualization-aware Secure VMotion scales to 1,000+ hosts Auto Secure detects/protects new VMs Granular, Tiered Defense Stateful firewall, integrated IDS, and AV Flexible Policy Enforcement zone, VM group, VM, individual vnic Partner Server (IDS, SIM, Syslog, Netflow) Packet Data 3 THE vgw ENGINE VMWARE API s Any vswitch (Standard, DVS, 3 rd Party) HYPERVISOR VMware Kernel ESX or ESXi Host 23 Copyright 2012 Juniper Networks, Inc.
24 SECURITY TRENDS:- IMPACT ON DATACENTER APPLICATIONS 24 Copyright 2012 Juniper Networks, Inc.
25 OPEN HYPERVISOR FRAMEWORK FOR KVM Environment Specific Tools and APIs Enhanced vgw Cloud SDK VM Management System (RHEV-M, UVMM, qemu, etc.) Optional VM Provisioning System (Service Providers, Large Enterprises) Communication via Libvirt or Juniper Protocol vgw KVM Manager vgw Protected KVM Host 1 vgw Protected KVM Host 2 vgw Protected KVM Host N vgw Cloud SDK Enhancements 1. new_vm_info_api & new_hypervisor_api 2. vgw Policy API s (improvements to existing API s) 3. vgw Management API s (updates, versions, etc.) 4. vgw Install API s (deploy SVMs, kernel modules, etc.) 25 Copyright 2012 Juniper Networks, Inc.
26 VGW AND MICROSOFT HYPER-V Hyper-V Integration Three Tiered Model SCVMM Integration Filter Extension in Extensible Switch System Center VMM 1 Security Design for vgw VM 2 Coming Soon! VM1 VM2 VM3 Supports Live Migration Granular, Tiered Defense for VMs Partner Server (IDS, SIM, Syslog, Netflow) Packet Data 3 THE vgw ENGINE Capture Extension WFP Extension Filter Extension Forwarding Extension Hyper-V Extensible Switch Physical Server Hyper-V Host 26 Copyright 2012 Juniper Networks, Inc.
27 VGW INTEGRATION WITH VCLOUD DIRECTOR vcloud Director 1.5 and vgw Series products can be used together! 1. vcloud relies on traditional vsphere technologies (vcenter & ESX/ESXi hosts). vgw can be inserted into this environment (VMsafe and VI API s are still working and available) 2. vcloud introduces new abstraction constructs which are inserted into vcenter. vcloud API s and vgw API s can be used to discover the constructs and auto-populate SmartGroups for dynamic, human-readable security policies. VM created with semi-random structure. For example: 1 2 vcloud Director Juniper s vcdsync Script uses vcd API s to determine which organizational unit a VM belongs (VMs with same name could be in two different organizational units). VMware vcenter 4 3 vgw management knows that AML- SYS1 is part of Org2. This is made available as a vf.tag Smart Group parameter ESX/ESXi Host with vgw vgw Management inserts AML- SYS1 into SmartGroup and enforces policy on ESX/ESXi host automatically! vgw Management 27 Copyright 2012 Juniper Networks, Inc.
28 SUMMARY:- PROTECT KEY APPLICATIONS WITH A LAYERED SECURITY APPROACH --OR-- Hypervisor SRX/vSRX Firewall L3/L4 DoS protection Application-layer DoS protection Application profiling and monitoring Application port control/enforcement IPS IPSec termination to the DC Mykonos Protect Web apps Deception technology complements signature approach; makes APTs uneconomical Tar traps identify malicious users without false positives Profiling identifies users without recourse to IP address Future Global hacker database vgw Inter-VM security Firewall, IDS, AV Policies based on VMWare or security attributes VM application profiling Hypervisor traffic monitoring PCI compliance 28 Copyright 2012 Juniper Networks, Inc.
29
SAFEGUARDING YOUR VIRTUALIZED RESOURCES ON THE CLOUD. May 2012
SAFEGUARDING YOUR VIRTUALIZED RESOURCES ON THE CLOUD May 2012 THE ECONOMICS OF THE DATA CENTER Physical Server Installed Base (Millions) Logical Server Installed Base (Millions) Complexity and Operating
More informationSECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011
SECURING THE NEXT GENERATION DATA CENTER Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011 JUNIPER SECURITY LEADERSHIP Market Leadership Data Center with High-End
More informationVMWARE SOLUTIONS AND THE DATACENTER. Fredric Linder
VMWARE SOLUTIONS AND THE DATACENTER Fredric Linder MORE THAN VSPHERE vsphere vcenter Core vcenter Operations Suite vcenter Operations Management Vmware Cloud vcloud Director Chargeback VMware IT Business
More informationExam Questions JN0-633
Exam Questions JN0-633 Security, Professional (JNCIP-SEC) https://www.2passeasy.com/dumps/jn0-633/ 1.What are two network scanning methods? (Choose two.) A. SYN flood B. ping of death C. ping sweep D.
More informationThe Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec
The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec James Edwards Product Marketing Manager Dan Watson Senior Systems Engineer Disclaimer This session may contain product
More informationTHE EXPONENTIAL DATA CENTER
THE EXPONENTIAL DATA CENTER THE TYRANNY OF TREES Typical tree configuration Location matters in a tree architecture Bubbles Optimal performance VM One Hop 2 Copyright 2010 Juniper Networks, Inc. www.juniper.net
More informationFirefly Perimeter ( vsrx ) Technical information 12.1 X47 D10.2. Tuncay Seyran
Firefly Perimeter ( vsrx ) Technical information 12.1 X47 D10.2 Tuncay Seyran Security in a virtualized environment: same security risks + more TRADITIONAL SECURITY RISKS IMPACTING VIRTUAL ENVIRONMENTS
More informationMETAFABRIC ARCHITECTURE A SIMPLE, OPEN, AND SMART NETWORK FOR THE DATA CENTER
METAFABRIC ARCHITECTURE A SIMPLE, OPEN, AND SMART NETWORK FOR THE DATA CENTER APPLICATIONS ARE DRIVING IT TRANSFORMATION Virtualization Clouds SDN 2 Copyright 2013 Juniper Networks, Inc. TWO PROBLEMS WITH
More informationSRX als NGFW. Michel Tepper Consultant
SRX als NGFW Michel Tepper Consultant Firewall Security Challenges Organizations are looking for ways to protect their assets amidst today s ever-increasing threat landscape. The latest generation of web-based
More informationMAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER
MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1 Mobility Cloud Threat Customer centric
More informationSD-WAN / Hybrid WAN : Leveraging SDN-NFV for Networks Agility
SD-WAN / Hybrid WAN : Leveraging SDN-NFV for Networks Agility Laurent Perrin, Director International Product Management, Orange Business Services Sylvain Quartier, SVP Enterprise Products Strategy & Alliances
More informationSecurity Gateway Virtual Edition
Security Gateway Virtual Edition R71 Release Notes 9 February 2012 Classification: [Restricted] 2012 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are
More informationVMworld disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no
LHC3296BUS OVH: Shields Up! Building a True Security Barrier in the Cloud Chris Romano, Principal Systems Engineer #VMworld #LHC3296BUS VMworld disclaimer This presentation may contain product features
More informationvshield Quick Start Guide
vshield Manager 4.1.0 Update 1 vshield Zones 4.1.0 Update 1 vshield Edge 1.0.0 Update 1 vshield App 1.0.0 Update 1 vshield Endpoint 1.0.0 Update 1 This document supports the version of each product listed
More informationSECURING THE MULTICLOUD
SECURING THE MULTICLOUD Bahul Harikumar and Ali Bidabadi Juniper Networks This statement of direction sets forth Juniper Networks current intention and is subject to change at any time without notice.
More informationDeploying Cloud Network Services Prime Network Services Controller (formerly VNMC)
Deploying Cloud Network Services Prime Network Services Controller (formerly VNMC) Dedi Shindler - Sr. Manager Product Management Cloud System Management Technology Group Cisco Agenda Trends Influencing
More informationvshield Administration Guide
vshield Manager 5.1 vshield App 5.1 vshield Edge 5.1 vshield Endpoint 5.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by
More informationKunal Jha, Juniper Networks
Kunal Jha, Juniper Networks 1 1 Security Cloud Virtualization BYOD / Mobility SDN 2 2 Simplified Networking RakeshSingh@Juniper.net Senior Systems Engineer Juniper Networks Proprietary and Confidential
More informationJunos Security. Rob Cameron, Brad Woodberg, Patricio Giecco, O'REILLY. Tim Eberhard, andjames Quinn INFORMATIQNSBIBLIOTHEK UNIVERSITATSBIBLIOTHEK
Junos Security Rob Cameron, Brad Woodberg, Patricio Giecco, Tim Eberhard, andjames Quinn TECHNISCHE INFORMATIQNSBIBLIOTHEK UNIVERSITATSBIBLIOTHEK HANNOVER O'REILLY Beijing Cambridge Farnham Kiiln Sebastopol
More informationDynamic Datacenter Security Solidex, November 2009
Dynamic Datacenter Security Solidex, November 2009 Deep Security: Securing the New Server Cloud Virtualized Physical Servers in the open Servers virtual and in motion Servers under attack 2 11/9/09 2 Dynamic
More informationJunos Security. Chapter 4: Security Policies Juniper Networks, Inc. All rights reserved. Worldwide Education Services
Junos Security Chapter 4: Security Policies 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net Worldwide Education Services Chapter Objectives After successfully completing this chapter,
More informationThe vsphere 6.0 Advantages Over Hyper- V
The Advantages Over Hyper- V The most trusted and complete virtualization platform SDDC Competitive Marketing 2015 Q2 VMware.com/go/PartnerCompete 2015 VMware Inc. All rights reserved. v3b The Most Trusted
More informationWHAT S NEW FROM JUNIPER?
WHAT S NEW FROM JUNIPER? IT security seminar Stallion 071112, Tallinn Jukka Piirainen Channel Manager PURE PLAY IN HIGH-PERFORMANCE NETWORKING First 10 Years Of Juniper: 1996-2006 Routing Security M Series
More informationSecuring VMware NSX MAY 2014
Securing VMware NSX MAY 2014 Securing VMware NSX Table of Contents Executive Summary... 2 NSX Traffic [Control, Management, and Data]... 3 NSX Manager:... 5 NSX Controllers:... 8 NSX Edge Gateway:... 9
More informationBuild a Software-Defined Network to Defend your Business
Build a Software-Defined Network to Defend your Business Filip Vanierschot Systems Engineer fvanierschot@juniper.net Kappa Data 2020 Software Defined Secure Networks Juniper s Innovation in Secure Networks
More informationJunos Security. Chapter 3: Zones Juniper Networks, Inc. All rights reserved. Worldwide Education Services
Junos Security Chapter 3: Zones 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net Worldwide Education Services Chapter Objectives After successfully completing this chapter, you will be
More informationStopping Advanced Persistent Threats In Cloud and DataCenters
Stopping Advanced Persistent Threats In Cloud and DataCenters Frederik Van Roosendael PSE Belgium Luxembourg 10/9/2015 Copyright 2013 Trend Micro Inc. Agenda How Threats evolved Transforming Your Data
More informationWhat s next for your data center? Power Your Evolution with Physical and Virtual ADCs. Jeppe Koefoed Wim Zandee Field sales, Nordics
What s next for your data center? Power Your Evolution with Physical and Virtual ADCs. Jeppe Koefoed Wim Zandee Field sales, Nordics Vision: Everything as a service Speed Scalability Speed to Market
More informationWhite Paper. Juniper Networks Cloud Security
Juniper Networks Cloud Security 1 Table of Contents Executive Summary... 3 Introduction Cloud Computing Overview... 3 Private Cloud...4 Public Cloud...4 Hybrid Cloud...4 Evolution in Data Center Technologies
More informationVM-SERIES FOR VMWARE VM VM
SERIES FOR WARE Virtualization technology from ware is fueling a significant change in today s modern data centers, resulting in architectures that are commonly a mix of private, public or hybrid cloud
More informationSecurity Gateway Virtual Edition
Security Gateway Virtual Edition R75.20 Administration Guide 4 March 2012 Classification: [Restricted] 2012 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation
More informationEvolution of Data Center Security Automated Security for Today s Dynamic Data Centers
Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers Speaker: Mun Hossain Director of Product Management - Security Business Group Cisco Twitter: @CiscoDCSecurity 2 Any
More informationENTERPRISE SECURITY MANAGEMENT. Frederick Verduyckt 20 September 2012
ENTERPRISE SECURITY MANAGEMENT Frederick Verduyckt 20 September 2012 SETTING THE AGENDA FOR THE NEXT DECADE JUNIPER NETWORKS IS TRANSFORMING THE EXPERIENCE AND ECONOMICS OF NETWORKING 2 Copyright 2012
More information21CTL Disaster Recovery, Workload Mobility and Infrastructure as a Service Proposal. By Adeyemi Ademola E. Cloud Engineer
21CTL Disaster Recovery, Workload Mobility and Infrastructure as a Service Proposal By Adeyemi Ademola E. Cloud Engineer 1 Contents Introduction... 5 1.2 Document Purpose and Scope...5 Service Definition...
More informationPolicy Enforcer. Product Description. Data Sheet. Product Overview
Policy Enforcer Product Overview Juniper s Software-Defined Secure Network (SDSN) platform leverages the entire network, not just perimeter firewalls, as a threat detection and security enforcement domain.
More informationNetwork Virtualization Business Case
SESSION ID: GPS2-R01 Network Virtualization Business Case Arup Deb virtual networking & security VMware NSBU adeb@vmware.com I. Data center security today Don t hate the player, hate the game - Ice T,
More informationvcenter Operations Management Pack for NSX-vSphere
vcenter Operations Management Pack for NSX-vSphere vcenter Operations Manager 5.8 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationDEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise
DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS Security Without Compromise CONTENTS INTRODUCTION 1 SECTION 1: STRETCHING BEYOND STATIC SECURITY 2 SECTION 2: NEW DEFENSES FOR CLOUD ENVIRONMENTS 5 SECTION
More informationJunos Security (JSEC)
Junos Security (JSEC) Course No: EDU-JUN-JSEC Length: 5 days Schedule and Registration Course Overview This five-day course covers the configuration, operation, and implementation of SRX Series Services
More informationPotpuna virtualizacija od servera do desktopa. Saša Hederić Senior Systems Engineer VMware Inc.
Potpuna virtualizacija od servera do desktopa Saša Hederić Senior Systems Engineer VMware Inc. VMware ESX: Even More Reliable than a Mainframe! 2 The Problem Where the IT Budget Goes 5% Infrastructure
More informationvrealize Operations Management Pack for NSX for vsphere 2.0
vrealize Operations Management Pack for NSX for vsphere 2.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition.
More informationCYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) Securing Virtual Environments
CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) 2010 October 25 29, 2010 Kuala Lumpur Convention Centre Securing Virtual Environments Raimund Genes CTO Trend Micro The Changing Datacenter
More informationNew Features in VMware vsphere (ESX 4)
New Features in VMware vsphere (ESX 4) VMware vsphere Fault Tolerance FT VMware Fault Tolerance or FT is a new HA solution from VMware for VMs. It is only available in vsphere 4 and above and provides
More informationQUICKSTART GUIDE FOR BRANCH SRX SERIES SERVICES GATEWAYS
APPLICATION NOTE QUICKSTART GUIDE FOR BRANCH SRX SERIES SERVICES GATEWAYS Configuring Basic Security and Connectivity on Branch SRX Series Services Gateways Copyright 2009, Juniper Networks, Inc. Table
More informationSystrome Next Gen Firewalls
N E T K S Systrome Next Gen Firewalls Systrome s Next Generation Firewalls provides comprehensive security protection from layer 2 to layer 7 for the mobile Internet era. The new next generation security
More informationSecuring the Data Center against
Securing the Data Center against vulnerabilities & Data Protection Agenda Virtual Virtualization Technology How Virtualization affects the Datacenter Security Keys to a Secure Virtualized Deployment and
More informationRequest for Proposal (RFP) for Supply and Implementation of Firewall for Internet Access (RFP Ref )
Appendix 1 1st Tier Firewall The Solution shall be rack-mountable into standard 19-inch (482.6-mm) EIA rack. The firewall shall minimally support the following technologies and features: (a) Stateful inspection;
More informationSecurity in Cloud Environments
Security in Cloud Environments Security Product Manager Joern Mewes (joern.mewes@nokia.com) 16-11-2016 1 Cloud transformation happens in phases and will take 5+ years Steps into the cloud Now 2016+ 2020+
More informationVMware vsphere 4.0 The best platform for building cloud infrastructures
VMware vsphere 4.0 The best platform for building cloud infrastructures VMware Intelligence Community Team Rob Amos - Intelligence Programs Manager ramos@vmware.com (703) 209-6480 Harold Hinson - Intelligence
More informationZero Trust Security with Software-Defined Secure Networks
Zero Trust Security with Software-Defined Secure Networks Srinivas Nimmagadda and Pradeep Nair Juniper Networks This statement of direction sets forth Juniper Networks current intention and is subject
More informationVMware Join the Virtual Revolution! Brian McNeil VMware National Partner Business Manager
VMware Join the Virtual Revolution! Brian McNeil VMware National Partner Business Manager 1 VMware By the Numbers Year Founded Employees R&D Engineers with Advanced Degrees Technology Partners Channel
More informationPresenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe
Presenting the ware NSX ECO System May 2015 Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe Agenda 10:15-11:00 ware NSX, the Network Virtualization Platform 11.15-12.00 Palo Alto
More informationFeatures. HDX WAN optimization. QoS
May 2013 Citrix CloudBridge Accelerates, controls and optimizes applications to all locations: datacenter, branch offices, public and private clouds and mobile users Citrix CloudBridge provides a unified
More informationExtending Enterprise Security to Multicloud and Public Cloud
Extending Enterprise Security to Multicloud and Public Cloud Paul Kofoid Sr. Consulting Engineer: Security & Cloud This statement of direction sets forth Juniper Networks current intention and is subject
More informationJuniper Security Update. Karel Hendrych Juniper Networks
Juniper Security Update Karel Hendrych Juniper Networks khe@juniper.net Agenda High End SRX security gateways Overview, SRX1400 JunOS update AppSecure Competitive 2 Copyright 2009 Juniper Networks, Inc.
More informationSteelGate Overview. Manage perimeter security and network traffic to ensure operational efficiency, and optimal Quality of Service (QoS)
Internet Communications Made Safe SteelGate Overview SteelGate Overview SteelGate is a high-performance VPN firewall appliance that Prevent Eliminate threats & attacks at the perimeter Stop unauthorized
More informationVMware vcloud Director for Service Providers
Architecture Overview TECHNICAL WHITE PAPER Table of Contents Scope of Document....3 About VMware vcloud Director....3 Platform for Infrastructure Cloud...3 Architecture Overview....3 Constructs of vcloud
More informationComprehensive datacenter protection
Comprehensive datacenter protection There are several key drivers that are influencing the DDoS Protection market: DDoS attacks are increasing in frequency DDoS attacks are increasing in size DoS attack
More informationEthernet Fabrics- the logical step to Software Defined Networking (SDN) Frank Koelmel, Brocade
Ethernet Fabrics- the logical step to Software Defined Networking (SDN) Frank Koelmel, Brocade fkoelmel@broc 10/28/2013 2 2012 Brocade Communications Systems, Inc. Proprietary Information ETHERNET FABRICS
More informationJunos Security Bundle, JSEC & AJSEC
Junos Security Bundle, JSEC & AJSEC COURSE OVERVIEW: This bundle combines JSEC & AJSEC at a discounted rate. Please Contact SLI to purchase this bundle. This five-day course covers the configuration, operation,
More informationJuniper Sky Advanced Threat Prevention
Juniper Sky Advanced Threat Prevention The evolution of malware threat mitigation Nguyễn Tiến Đức ntduc@juniper.net 1 Most network security strategies focus on security at the perimeter only outside in.
More informationINSTALLATION RUNBOOK FOR. VNF (virtual firewall) 15.1X49-D30.3. Liberty. Application Type: vsrx Version: MOS Version: 8.0. OpenStack Version:
INSTALLATION RUNBOOK FOR Juniper vsrx Application Type: vsrx Version: VNF (virtual firewall) 15.1X49-D30.3 MOS Version: 8.0 OpenStack Version: Liberty 1 Introduction 1.1 Target Audience 2 Application Overview
More informationWatchGuard XTMv Setup Guide Fireware XTM v11.8
WatchGuard XTMv Setup Guide Fireware XTM v11.8 All XTMv Editions Copyright and Patent Information Copyright 1998 2013 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo,
More informationKaspersky Security for Virtualization Frequently Asked Questions
Kaspersky Security for Virtualization Frequently Asked Questions 1. What is Kaspersky Security for Virtualization, and how does it work with vshield technology? Kaspersky Security for Virtualization for
More informationIBM Cloud for VMware Solutions NSX Edge Services Gateway Solution Architecture
IBM Cloud for VMware Solutions NSX Edge Services Gateway Solution Architecture Date: 2017-03-29 Version: 1.0 Copyright IBM Corporation 2017 Page 1 of 16 Table of Contents 1 Introduction... 4 1.1 About
More informationWhat s New with VMware vcloud Director 8.0
Feature Overview TECHNICAL WHITE PAPER Table of Contents What s New with VMware....3 Support for vsphere 6.0 and NSX 6.1.4....4 VMware vsphere 6.0 Support...4 VMware NSX 6.1.4 Support....4 Organization
More informationDisaggregation and Virtualization within the Juniper Networks Mobile Cloud Architecture. White Paper
Disaggregation and Virtualization within the Juniper Networks Mobile Cloud Architecture White Paper June 2017 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net
More informationSecurity Everywhere Within Juniper Networks Mobile Cloud Architecture. Mobile World Congress 2017
Security Everywhere Within Juniper Networks Mobile Cloud Architecture Mobile World Congress 2017 Agenda Challenges and Trends Use Cases and Solutions Products and Services Proof Points Juniper s Mobile
More informationMcAfee Network Security Platform 9.2
McAfee Network Security Platform 9.2 (9.2.7.22-9.2.7.20 Manager-Virtual IPS Release Notes) Contents About this release New features Enhancements Resolved issues Installation instructions Known issues Product
More informationNSX Data Center Load Balancing and VPN Services
NET2761BU NSX Data Center Load Balancing and VPN Services Derek Deukyoon Kang, VMware, Inc. Vinay Reddy, VMware, Inc. #vmworld #NET2761BU Disclaimer This presentation may contain product features or functionality
More informationTHE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY
THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY DATA CENTER WEB APPS NEED MORE THAN IP-BASED DEFENSES AND NEXT-GENERATION FIREWALLS table of contents.... 2.... 4.... 5 A TechTarget White Paper Does
More informationOrdering and deleting Single-node Trial for VMware vcenter Server on IBM Cloud instances
Ordering and deleting Single-node Trial for VMware vcenter Server on IBM Cloud instances The Single-node Trial for VMware vcenter Server on IBM Cloud is a single-tenant hosted private cloud that delivers
More informationvedge Cloud Datasheet PRODUCT OVERVIEW DEPLOYMENT USE CASES EXTEND VIPTELA OVERLAY INTO PUBLIC CLOUD ENVIRONMENTS
vedge Cloud Datasheet PRODUCT OVERVIEW Viptela vedge Cloud is a software router platform that supports entire range of capabilities available on the physical vedge-100, vedge-1000 and vedge-2000 router
More informationCross-vCenter NSX Installation Guide. Update 3 Modified on 20 NOV 2017 VMware NSX for vsphere 6.2
Cross-vCenter NSX Installation Guide Update 3 Modified on 20 NOV 2017 VMware NSX for vsphere 6.2 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationWatchGuard XTMv Setup Guide
WatchGuard XTMv Setup Guide All XTMv Editions Copyright and Patent Information Copyright 1998 2011 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, LiveSecurity, and
More informationCAMPUS AND BRANCH RECAP. Ralph Wanders Consulting Systems Engineer
CAMPUS AND BRANCH RECAP Ralph Wanders Consulting Systems Engineer THE NEW CAMPUS & BRANCH ARCHITECTURE IS SIMPLY CONNECTED.. BYOD, Explosion of Apps Coordinated Security Simply Connected Performance at
More informationDisclaimer CONFIDENTIAL 2
Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitment from VMware to deliver these features in any generally
More informationWorkload Mobility and Disaster Recovery to VMware Cloud IaaS Providers
VMware vcloud Architecture Toolkit for Service Providers Workload Mobility and Disaster Recovery to VMware Cloud IaaS Providers Version 2.9 January 2018 Adrian Roberts 2018 VMware, Inc. All rights reserved.
More informationCISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1
CISCO BORDERLESS NETWORKS 2009 Cisco Systems, Inc. All rights reserved. 1 Creating New Business Models The Key Change: Putting the Interaction Where the Customer Is Customer Experience/ Innovation Productivity/
More informationProtecting Physical and Virtual Workloads
WHITE PAPER An Integrated Security Solution for the Virtual Data Center and Cloud Protecting Physical and Virtual Workloads Copyright 2011, Juniper Networks, Inc. 1 Table of Contents Executive Summary........................................................................................................
More informationDEPLOYING A VMWARE VCLOUD DIRECTOR INFRASTRUCTURE-AS-A-SERVICE (IAAS) SOLUTION WITH VMWARE CLOUD FOUNDATION : ARCHITECTURAL GUIDELINES
DEPLOYING A VMWARE VCLOUD DIRECTOR INFRASTRUCTURE-AS-A-SERVICE (IAAS) SOLUTION WITH VMWARE CLOUD FOUNDATION : ARCHITECTURAL GUIDELINES WHITE PAPER JULY 2017 Table of Contents 1. Executive Summary 4 2.
More informationNET1846. Introduction to NSX. Milin Desai, VMware, Inc Kausum Kumar, VMware, Inc
NET1846 Introduction to NSX Milin Desai, VMware, Inc Kausum Kumar, VMware, Inc Disclaimer This presentation may contain product features that are currently under development. This overview of new technology
More informationJuniper Sky Advanced Threat Prevention
Juniper Sky Advanced Threat Prevention Product Overview Juniper Sky Advanced Threat Prevention is a cloud-based service that provides complete advanced malware protection. Integrated with SRX Series Services
More informationSDN TO BE OR NOT TO BE. Uwe Richter SE Director Russia/CIS, East and South East Europe
SDN TO BE OR NOT TO BE Uwe Richter SE Director Russia/CIS, East and South East Europe uwe@juniper.net FUNDAMENTAL PROBLEMS TO SOLVE Want more innovation in networking Want it more quickly too Want more
More informationTrust in the Cloud. Mike Foley RSA Virtualization Evangelist 2009/2010/ VMware Inc. All rights reserved
Trust in the Cloud Mike Foley RSA Virtualization Evangelist 2009/2010/2011 1 2010 VMware Inc. All rights reserved Agenda How do you solve for Trust = Visibility + Control? What s needed to build a Trusted
More informationVMware vsphere: Taking Virtualization to the Next Level
About this research note: Product Evaluation notes provide an analysis of the market position of a specific product and its vendor through an in-depth exploration of their relative capabilities. VMware
More informationJUNIPER SKY ADVANCED THREAT PREVENTION
Data Sheet JUNIPER SKY ADVANCED THREAT PREVENTION Product Overview Juniper Sky Advanced Threat Prevention is a cloud-based service that provides complete advanced malware protection. Integrated with SRX
More informationVMware vsphere Beginner s Guide
The latest version of VMware s virtualization platform, vsphere 5, builds on the already solid foundation of. With the growth of cloud computing and the move from ESX to ESXi, it s imperative for IT pros
More informationISG-600 Cloud Gateway
ISG-600 Cloud Gateway Cumilon ISG Integrated Security Gateway Integrated Security Gateway Cumilon ISG-600C cloud gateway is the security product developed by Systrome for the distributed access network
More informationITRI Cloud OS: An End-to-End OpenStack Solution
ITRI Cloud OS: An End-to-End OpenStack Solution Tzi-cker Chiueh 闕志克 Cloud Computing Research Center for Mobile Applications (CCMA) 雲端運算行動應用研究中心 1 Cloud Service Models Software as a Service (SaaS) Turn-key
More informationStop Threats Faster. Vaishali Ghiya & Dwann Hall Juniper Networks
Stop Threats Faster Vaishali Ghiya & Dwann Hall Juniper Networks This statement of direction sets forth Juniper Networks current intention and is subject to change at any time without notice. No purchases
More informationCONTRAIL SECURITY. Contrail Cloud Networking & Security
CONTRAIL SECURITY Aniket Daptari Sr. Product Manager Contrail Cloud Networking & Security Scott Sneddon Senior Director Cloud and SDN This statement of direction sets forth Juniper Networks current intention
More informationVMware vsphere. Administration VMware Inc. All rights reserved
VMware vsphere Administration 2010 VMware Inc. All rights reserved Permissions Privileges Hierarchical by category Roles Defined set of one or more privileges System and sample roles provided Privileges
More information2018 Cisco and/or its affiliates. All rights reserved.
Beyond Data Center A Journey to self-driving Data Center with Analytics, Intelligent and Assurance Mohamad Imaduddin Systems Engineer Cisco Oct 2018 App is the new Business Developer is the new Customer
More information1V0-642.exam.30q.
1V0-642.exam.30q Number: 1V0-642 Passing Score: 800 Time Limit: 120 min 1V0-642 VMware Certified Associate 6 Network Visualization Fundamentals Exam Exam A QUESTION 1 Which is NOT a benefit of virtualized
More informationFIREFLY HOST. Product Description. Product Overview DATASHEET
DATASHEET FIREFLY HOST Product Overview Juniper Networks Firefly Host is a comprehensive virtualization security solution that includes integrated stateful inspection firewalling, intrusion detection,
More informationIXIA PHANTOM VTAP WITH TAPFLOW FILTERING
IXIA PHANTOM VTAP WITH TAPFLOW FILTERING DATA SHEET OVERVIEW The Ixia Phantom vtap with TapFlow filtering is a software solution providing crystal-clear visibility into virtual data center network traffic.
More informationUser Role Firewall Policy
User Role Firewall Policy An SRX Series device can act as an Infranet Enforcer in a UAC network where it acts as a Layer 3 enforcement point, controlling access by using IP-based policies pushed down from
More informationDetail the learning environment, remote access labs and course timings
Course Duration: 4 days Course Description This course has been designed as an Introduction to VMware for IT Professionals, but assumes that some labs have already been developed, with time always at a
More informationJuniper SD-WAN Alexandre Cezar Consulting Systems Engineer, Security/Cloud
Juniper SD-WAN Alexandre Cezar Consulting Systems Engineer, Security/Cloud acezar@juniper.net MARKET DYNAMICS Branch/WAN Evolution: PMO FMO Bring Agility and Enhanced Customer Experience Utilizing Cloud
More information