WORLD WIDE TECHNOLOGY Brief Overview Justin Deckard 314.276.0045 Justin.Deckard@wwt.com NGB Account Rep Midwest Region
CORE SOLUTIONS SECURE NETWORK INFRASTRUCTURE DATA CENTER COLLABORATION SUPPLY CHAIN ASSESSMENTS & WORKSHOPS DATA CENTER Virtualization Servers and Blades Storage and Backup Facilities Infrastructure Data Center Networking COLLABORATION Unified Communications Video Conferencing IP Telephony Unified Messaging SUPPLY CHAIN Staging / Integration Logistics & Warehousing JIT Delivery Material Planning Supplier Management PROFESSIONAL SERVICES PLAN. DESIGN. IMPLEMENT. SUPPORT.
PLAN DESIGN IMPLEMENT SUPPORT WORKSHOP & ASSESSMENT OFFERING ARCHITECTURAL, INDEPENDENT, MULTI-VENDOR APPROACH 100+ WWT Data Center Resources 20+ Virtualization Architects Pssst It s FREE Desktop Virtualization Server Virtualization Server Consolidation Application Virtualization Storage Optimization Back-up, Recovery & Archive Network Optimization Facilities Efficiencies IT Service Management IT Resource Optimization Operational Readiness Feasibility Assessment Disaster Recovery / COOP P2V Acceleration WORKSHOPS A workshop is a 2-4 hour technical whiteboard session focused on a particular topic. This professional services offering was created by WWT to help clients better understand different technologies and their architectural components. They discuss the proven best practices to plan, design, pilot and ultimately scale a solution into production.
REVENUE AWARD WINNING CISCO PARTNERSHIP 2001 $1.8B $1.6B $1.4B $1.2B $1 BILLION $800M $600M $400M $200M 2010 CORPORATE Cisco s Largest US Partner ($1.7B FY10) 2008 & 2006 Partner of the Year Award US & Canada Cisco sales exceeding $1 Billion each of the past 3 years Member of the Cisco Partner Executive Exchange Cisco Learning Solutions Partner Charter Member of Cisco s International Alliance Program Over 500 Certifications with 13 Specializations 46 CCIEs and growing Over $5 Million in Cisco Demo Equipment Cisco Red Badge Subcontractor to Advanced Services COLLABORATION PRACTICE Cisco s #4 Collaboration Partner (FY10) Masters Unified Communications Partner Tandberg Platinum Partner 9 Voice CCIEs on staff First Partner to Deliver TelePresence Solution DATA CENTER PRACTICE Cisco s Largest Data Center Partner (FY10) Cisco s Largest UCS Partner (FY10) First Partner to Deliver Nexus Solution
ADVANCED TECHNOLOGY CENTER DEMONSTRATION & BRIEFING CENTER DEMONSTRATION EQUIPMENT VBLOCK 0 & VBLOCK 2 DEMO SYSTEMS Hands-on Access to over $10M in Equipment See First Hand Vblock Technologies integrated TRAINING & DEMONSTRATION Multiple UCS Systems Vblock 2 & Vblock 0 Systems FlexPod Architectures NetApp Validated Designs & SMT HP BladeSystem Matrix Nexus, FCoE & Unified Fabrics VMware vcenter Infrastructure Virtual Desktop Technologies Citrix Infrastructure Technologies Orchestration Layer Technologies Unified Provisioning & Storage IAAS ( Infrastructure as a Service ) Private & Public Cloud Technologies Disaster Recovery & Backup Cisco, EMC, NetApp, HP, Dell, VMware, Citrix, Sun/Oracle, WYSE PROOF OF CONCEPTS - REMOTE DEMONSTRATIONS - HD CAMERAS Hands on Access to over $5M in State-of-the-Art Equipment Perform Proof of Concepts See Multiple Vendor Technologies Working Together First Hand Server, Storage & Network Virtualization MDS Fabric Switch and Fabric Manager Cisco UCS Mgt. & Provisioning of Blades HP Blades & Management Nexus 5010, Nexus 2000 Switch Nexus 1000 Virtual Switch, OS, and Mgt. EMC Avamar, CLARiiON, Centerra, Storage NetApp FAS3100 Storage ACE Load-Balancing, WAAS ALSO AVAILABLE Remote Demonstrations Educational Webcasts & Seminars
Web Defense And Assessments Joseph Muniz Technical Solutions Architect Cyber Security CCNP CCVP CCSP CCDP CISSP
Agenda Today s Workforce Securing The Workforce Web Defense Breakdown: Ironport / Anyconnect / DLP The first step to being secured is undergoing an independent security audit, Jeff Moss How World Wide Technology Can Help You Questions
People Need Information Now Today s Workforce Requires Constant Access To Information
Federal Telework Trends The legislation would require every agency to develop a Telework Program that allows employees to Telework at least 20% of their hours
What Managers Are Afraid Could Happen WORK FROM HOME! WOOO HOOOOO!!!!!!!
Traditional Corporate Border (Pre Facebook, Cloud, Etc) Policy Corporate Border Applications and Data Corporate Office Branch Office Attackers Partners Customers
Web: Enabling the Borderless Experience HTTP Is the New TCP Applications and Data Corporate Office www World Wide Web Branch Office Airport Home Office Mobile User Attackers Partners Customers Coffee Shop
And Then There Are The Bad Guys Productivity Clashes With Security!
Malware Threats Continue to Rise 237% volume increase in 09 Over 70% of compromised web sites are legitimate Vulnerabilities in Adobe PDF emerged as the main target, followed by Flash 54% of malware encounters due to iframes and exploits Cross-Site Scripting and SQL Injection are top attack methods 83% of websites have at least 1 serious vulnerability
The Dark Web 80% of the web is uncategorized, highly dynamic or unreachable by web crawlers Botnets Dynamic content Password protected sites User generated content Short life sites Danger Malware Protection Data Security Danger Acceptable Use Controls The Known Web 20% covered by URL lists SaaS Access Controls
Web pages include many objects Email messages may have multiple objects Web pages usually consist of MANY objects Each object in a web page is retrieved with an independent HTTP transaction Discrete objects that each require a transaction
Securing Today s Work Force
Web Business Challenges Acceptable Use Control Malware Protection Data Loss Prevention SaaS Access Control Policy
Cisco IronPort Web Security Appliance Industry Leading Secure Web Gateway Security Malware Protection Secure Mobility Internet Control Data Security Acceptable Use Controls SaaS Access Controls Centralized Management and Reporting
Comprehensive Malware Defense Defense-in-Depth Reputation Analysis Web Clients Behavioral Analysis Signature Analysis Infected Clients Layer 4 Traffic Monitor
Reputation and Behavioral Analysis Predictive, Zero-day Protection Cisco Network and Content Security Deployments Threat Telemetry Threat Telemetry Cisco Security Intelligence Operations Outbreak Intelligence Cisco SensorBase Threat Operations Center Advanced Algorithms External Feeds Identifying Malware Lurking in the Dark Web Web Reputation Scores -10 to +10
Cisco IronPort DVS Engine Dynamic Vectoring and Streaming Signature and Heuristic Analysis Heuristics Detection Identify unusual behaviors DVS Engine Signature Inspection Identify known behaviors Parallel Scans, Stream Scanning Wide coverage with multiple signature scanning engines Identify encrypted malicious traffic by decrypting and scanning SSL traffic Seamless user experience with parallel scanning Latest coverage with automated updates
Infected Endpoint Detection Layer 4 Traffic Monitor Users Packet and Header Inspection Network Layer Analysis Internet Cisco IronPort S-Series Preventing Phone-Home Traffic Scans all traffic, all ports, all protocols Detects malware bypassing Port 80 Prevents Botnet traffic Powerful Anti-Malware Data Automatically updated rules Real-time rule generation using, Dynamic Discovery Also available on the ASA as Botnet Traffic Filter
Complete Data Security On-Box Common Sense Security Partner site Documents Log Allow Block Internet Webmail Allow, block, log based on file metadata, URL category, user and web reputation Multi-protocol: HTTP(s), FTP, HTTP tunneled Off-Box Advanced Data Security Documents RSA DLP Network Log Allow Block Internet Deep content inspection: Structured and unstructured data matching Performance optimized: Works in tandem with accelerated on-box policies
If You Have Cisco IronPort S-Series Deployed Enable DLP for web traffic Monitor webmail, wikis, blogs, FTP, http/s Enforce controls such as block, audit, etc. based on policy Through RSA DLP Network and interoperability with IronPort S- Series Apply all RSA DLP Network policies for web Described content policies for PII, PCI, HIPAA, etc. Fingerprinting policies for intellectual property Cisco IronPort S-Series RSA DLP Network ICAP Server Monitor Web Traffic & Enforce Controls 25
Full Context Awareness Identity Application Job Sites Human Resource Instant Message No File Transfer Time Facebook Lunch hour Location Streaming Media 100 kbps/user P2P All Object Priority
Web Application Controls Access Control Policy Instant Messaging Facebook: Limited Apps Video: 512 kbps max Employee in Finance Access Control Violation File Transfer over IM Facebook Chat, Email P2P Granular control over HTTP, HTTP(s), FTP applications Dynamic signature updates maintained by Cisco SIO Granular Control over Application Usage
What About Those Mobile Workers?
Traditional Mobile Web Security Limited Clients Predominantly PC-based Client Support Data Loss Prevention Threat Prevention Acceptable Use Access Control Limited Security URL-filtering client unable to address key use cases No Access Access No Access Intranet Not integrated, requires separate VPN client Corporate File Sharing
Cisco AnyConnect Secure Mobility Web Security with Next Generation Remote Access Choice Diverse Endpoint Support for Greater Flexibility AnyConnect Client Security Data Loss Prevention Threat Prevention WSA ASA Acceptable Use Access Control Rich, Granular Security Integrated into the network Access Granted Intranet Corporate File Sharing Experience Always-on Intelligent Connection for Seamless Experience and Performance
The First Step For Future Success
Why An Assessment? Do you know what s on your network down to the serial number (EOS/EOL, Support Contracts, etc)? Network ready for VoIP / Wireless / ETC? Verify compliance against industry best practice (NSA), check running IOS for vulnerabilities, etc. Are you IPV6 Capable? 802.1x enabled? Do you feel your network is future proof? Could your design use improvements? How reliable is your redundancy? Vulnerable to attack? Interested in how the bad guys could get in? Have a Audit creeping up you need to pass?
How WWT Can Help Base Assessment - Free (some restrictions apply) - Uses automated tools to gather information EOS / EOL report Hardware / Software Inventory NSA best practices check Limited design recommendations Advance Network + Penetration Assessments - Paid (Pricing based on requirements) - Uses a combination of tools and WWT services Detailed deliverable Security Vulnerabilities Penetration Testing Identify gaps in network design Assessment for specified audits Network evaluation for AT
This Can t Happen On My Network??? Top Reasons You May Think No Way 1)You can t have our network information. A:We can give you a Vmware image of the tool(s) with a 60 day demo key. You can delete it after the assessment. We only need the reports which do not contain configurations. 2)We can t give you our network passwords A: Our tools mimic a real user. We will never see your passwords. You create a account and the system will log into devices. 3)We have assessed our network in the past. A:Our program utilizes a combination of security and network based tools. We have custom scripts designed to identify specific business objectives such as 802.1x or IPV6 capabilities.
Questions