Download - Network Configuration and Audit Simplified
1 Copyright © 2009 Telcordia Technologies. All Rights Reserved.
IP Assurefrom
Christopher WillardAccount ManagerCell: 781.367.7149Office: 617.517.0925Email: [email protected]
2 Copyright © 2009 Telcordia Technologies. All Rights Reserved.
The IP Assure Market Space
HP NABMC CACiscoWorks NCMEMC Voyence
3 Copyright © 2009 Telcordia Technologies. All Rights Reserved.
IP Assure Product Highlight
Flexible and scalable web-based software that assesses configuration files of IP-based devices (e.g. routers, switches, firewalls) to determine if required security, availability and regulatory policies and best practices are correctly implemented.
Transforms the costly labor-intensive job of network error detection and remediation into a simple automated process.
4 Copyright © 2009 Telcordia Technologies. All Rights Reserved.
Major Vulnerabilities Proactively Discovered by IP Assure in Operational IP Networks
5 Copyright © 2009 Telcordia Technologies. All Rights Reserved.
Is Configuration Assessment Really Needed?
IP Assure’s actual assessment of thousands of multi-vendor routers, switches and firewalls from over 10 different G2000 organizations revealed errors in all devices.
Most organizations had NCCM solutions in place.
6 Copyright © 2009 Telcordia Technologies. All Rights Reserved.
Network Change Impact Analysis
Users can create customized configuration sets and rule-sets
Configurations can be edited and re-assessed against same customized rule-set
Assessment output from before and after configuration change can be compared to detect issues
Users can share configuration sets and rule-sets, and results of assessments, with other users
7 Copyright © 2009 Telcordia Technologies. All Rights Reserved.
Multi-level Topology Visualization
Automated generation and display of topology; IP subnet, VLAN, VPN, Routing computed in
real-time using graph theory algorithms on configuration and inventory data
8 Copyright © 2009 Telcordia Technologies. All Rights Reserved.
Product Ecosystem
IP Assure - IP Network
Assessment &Awareness
Network & SecurityAdministrators
NCCM(e.g. HP NA)
Get IP Device Configurations
Inventory(e.g. Granite) Identify IP Devices &
Physical Connectivity
NetworkMonitoring
Assessment Results
Real-time Input
9 Copyright © 2009 Telcordia Technologies. All Rights Reserved.
Competing Solutions
10 Copyright © 2009 Telcordia Technologies. All Rights Reserved.10
Telcordia® IP Assure Typical NCCM
Number of configuration parameters used
Up to 750 per device configuration Less than 100 per device configuration
Assessment approach Configuration assessments consider IP network in its entirety, encompassing multiple device-types, multiple vendors and IP
technologies. Bulk upload of multi-vendor configurations for entire network.
Configuration assessments are specific to a single device at a time.
Out-of-the-box Assessment Capability Best-practices for security, availability, and QoS are built-in. They cover multiple technologies such as addressing, administration, VLAN, BGP,
OSPF, IS-IS, RIP, MPLS, QoS, IPSec, IKE. Regulatory Policies.
Best-practices for security are built-in.
Customized Rules Built-in rules can receive parameter values from users. Complex customer-specific rules can be added. Security policies can be defined by
user, and checked against firewalls. Multi-vendor firewalls can be compared for semantic equivalence with each other.
Templates and regular-expressions can be defined by users.
Topology Visualization On-screen and PDF output for IP subnet, VLAN, OSPF, MPLS, IS-IS, BGP, network path.
Visio diagrams of Layer 2 (VLAN) and Layer 3 (IP subnet)
Availability Analysis Non-intrusive service reach ability analysis, single point-of-failure detection
N/A
Manage network device configurations, software, and inventory
Maintain versions of uploaded configurations and generated assessment reports
Deploy and track changes to network hardware, software and configurations
Product Comparison
11 Copyright © 2009 Telcordia Technologies. All Rights Reserved.
Cloud Computing for Medium-Large Enterprises
IP Assure - IP Network
Assessment &Awareness
Web-based IP Assure fits Cloud Computing paradigm
Single installation shared by multiple geographically distributed users and groups
Reduced operational and capital cost
Increased collaboration between diverse groups
12 Copyright © 2009 Telcordia Technologies. All Rights Reserved.
Bottom-up ROI Model Input
Configurations of IP network devices are changed periodically 4 changes per device annually
Some changes introduce errors in configurations Probability of error due to device configuration change is 5%, based on Telcordia
experience with assessment of thousands of device configurations IP Assure detects at least 80% of errors, reducing error probability to 1%
Some configuration errors are cause of security, availability and regulatory compliance incidents
1% of configuration errors are cause of incidents i.e. 0.05% of device configuration changes are cause of serious incidents
13 Copyright © 2009 Telcordia Technologies. All Rights Reserved.
Cost of Configuration Errors
Security, availability and regulatory compliance incidents cause financial impact
$59K per security incident – 2008 CSI Computer Crime and Security Survey $700K per network downtime incident – Dataquest and Infonetics $100K per regulatory non-compliance – Forrester Research
Manual effort is needed to detect and rectify each configuration error
6 person-hours
14 Copyright © 2009 Telcordia Technologies. All Rights Reserved.
Assuming Deployment of 1,000 Devices IP Assure Provides Approx $1.0M Cost Saving in Year 1
Without IP Assure With IP AssureNumber of IP network devices 1000 1000Average number of configuration changes (per device per year) 4 4Probability of error (per configuration change) 0.05 0.01
Percentage of errors impacting security 1% 1%Average cost of a security incident 58,969$ 58,969$ Annual cost due to errors on security 117,939$ 23,588$
Percentage of errors impacting availability and QoS 1% 1%Average cost of an availability/QoS incident 694,313$ 694,313$ Annual cost due to errors on availability/QoS 1,388,625$ 277,725$
Percentage of errors impacting regulatory compliance 1% 1%Average cost of a regulatory compliance violation 100,000$ 100,000$ Annual cost due to errors on regulatory compliance 200,000$ 40,000$
Effort to detect and rectify a configuration error (person-hours) 6 6Annual effort to detect and rectify configuration errors (person-hours) 1200 240Loaded hourly rate for network/security admin 80$ 80$ Annual cost to detect and rectify configuration errors 96,000$ 19,200$
Total annual cost of configuration errors to organization 1,802,564$ 360,513$ TCO of IP Assure for organization Annual cost-reduction due to IP Assure for organizationROI for organization in Yr 1 (% of IP Assure TCO) 189%
499,400$ 942,651$
15 Copyright © 2009 Telcordia Technologies. All Rights Reserved.
And Over $1.3M/Year Cost Saving in Subsequent Years
Without IP Assure With IP AssureNumber of IP network devices 1000 1000Average number of configuration changes (per device per year) 4 4Probability of error (per configuration change) 0.05 0.01
Percentage of errors impacting security 1% 1%Average cost of a security incident 58,969$ 58,969$ Annual cost due to errors on security 117,939$ 23,588$
Percentage of errors impacting availability and QoS 1% 1%Average cost of an availability/QoS incident 694,313$ 694,313$ Annual cost due to errors on availability/QoS 1,388,625$ 277,725$
Percentage of errors impacting regulatory compliance 1% 1%Average cost of a regulatory compliance violation 100,000$ 100,000$ Annual cost due to errors on regulatory compliance 200,000$ 40,000$
Effort to detect and rectify a configuration error (person-hours) 6 6Annual effort to detect and rectify configuration errors (person-hours) 1200 240Loaded hourly rate for network/security admin 80$ 80$ Annual cost to detect and rectify configuration errors 96,000$ 19,200$
Total annual cost of configuration errors to organization 1,802,564$ 360,513$ TCO of IP Assure for organization Annual cost-reduction due to IP Assure for organization
68,400$ 1,373,651$
16 Copyright © 2009 Telcordia Technologies. All Rights Reserved.
Potential Risk Cost With vs. Without IP Assure
Potential Risk Cost With vs. Without IP Assure
$-
$2
$4
$6
$8
$10
$12
$14
$16
$18
$20
100 200 500 1,000 2,000 5,000 10,000
Mil
lio
ns
US
D
Number of Devices
Potential Risk Cost w IP Assure Potential Risk Cost w/o IP Assure
17 Copyright © 2009 Telcordia Technologies. All Rights Reserved.
Cost Reduction and ROI in Yr 1 for Additional Scenarios
Annual Cost Reduction
$-
$2,000,000
$4,000,000
$6,000,000
$8,000,000
$10,000,000
$12,000,000
$14,000,000
100 200 500 1,000 2,000 5,000 10,000
Number of Devices
ROI View
0%
100%
200%
300%
400%
500%
100 200 500 1,000 2,000 5,000 10,000
Number of Devices
18 Copyright © 2009 Telcordia Technologies. All Rights Reserved.
Conquering Network Error Detection & Remediation
Unique technology Infosecurity, the industry’s leading publication on security-related products
and technology, has named Telcordia IP Assure the winner of two of its annual awards, including the 2009 Global Product Excellence in IP Network Device Configuration Assessment Customer Trust Award and the 2009 Tomorrow's Technology Today Award for Network Configuration Assessment
10 patents filed to date
Flexible deployment options Assessment consulting service by Starpoint Deployment in customer infrastructure used continuously by customer
network and security personnel Web-based software-as-a-service, hosted by Telcordia or another party
19 Copyright © 2009 Telcordia Technologies. All Rights Reserved.
Christopher WillardAccount ManagerCell: 781.367.7149
Office: 617.517.0925
Email: [email protected]