fortifying network security with a defense in depth strategy - idc romania preso
DESCRIPTION
TRANSCRIPT
![Page 1: Fortifying Network Security with a Defense In Depth Strategy - IDC Romania preso](https://reader034.vdocuments.us/reader034/viewer/2022042613/54bcb0cb4a795918308b4578/html5/thumbnails/1.jpg)
Fortifying Network Security with
a Defense In Depth Strategy
Mihajlo Prerad,Regional Sales ManagerNorthern and Eastern Europe
![Page 2: Fortifying Network Security with a Defense In Depth Strategy - IDC Romania preso](https://reader034.vdocuments.us/reader034/viewer/2022042613/54bcb0cb4a795918308b4578/html5/thumbnails/2.jpg)
What happens today?
fixed network MOBILE
physical VIRTUAL
local CLOUD
servers
services
BYOD = Bring Your Own Disaster
![Page 3: Fortifying Network Security with a Defense In Depth Strategy - IDC Romania preso](https://reader034.vdocuments.us/reader034/viewer/2022042613/54bcb0cb4a795918308b4578/html5/thumbnails/3.jpg)
2164 Data breach
incidents
822 MILLIONDATA RECORDS STOLEN IN 2013
60% HACKING
96.8% EXTERNAL
![Page 4: Fortifying Network Security with a Defense In Depth Strategy - IDC Romania preso](https://reader034.vdocuments.us/reader034/viewer/2022042613/54bcb0cb4a795918308b4578/html5/thumbnails/4.jpg)
=
Billion $388
Time $274=
Cash $114
Cost of cyber crime in 2012
* direct costs
* indirect costs
![Page 5: Fortifying Network Security with a Defense In Depth Strategy - IDC Romania preso](https://reader034.vdocuments.us/reader034/viewer/2022042613/54bcb0cb4a795918308b4578/html5/thumbnails/5.jpg)
Factors in calculation of financial loss from security breaches/intrusions
52%
35%
34%
31%
27%
Legal defense services
Loss of customer business
Consulting and Audit services
Deployment of security tools
Damage to brand
26%Court settlements
![Page 6: Fortifying Network Security with a Defense In Depth Strategy - IDC Romania preso](https://reader034.vdocuments.us/reader034/viewer/2022042613/54bcb0cb4a795918308b4578/html5/thumbnails/6.jpg)
Security is
investment,
not expense.
![Page 7: Fortifying Network Security with a Defense In Depth Strategy - IDC Romania preso](https://reader034.vdocuments.us/reader034/viewer/2022042613/54bcb0cb4a795918308b4578/html5/thumbnails/7.jpg)
Information Governance Core Disciplines: Security and Privacy
Locate where
sensitive data
Classify &
Define data
types
Set policies
& metrics
Protect data
access
Organize
unstructured
data
De-identify
confidential
data
Compliance
SLA & QoS
Assess vulnerabilities
Detect
intrusions
Understand &
DefineSecure & Protect Monitor & Audit
![Page 8: Fortifying Network Security with a Defense In Depth Strategy - IDC Romania preso](https://reader034.vdocuments.us/reader034/viewer/2022042613/54bcb0cb4a795918308b4578/html5/thumbnails/8.jpg)
Who? (source and destination)
Critical information
What? (IP protocol and port numbers)
When? (time when the flow was observed)
Where? (input interface)
How? (type of service)
![Page 9: Fortifying Network Security with a Defense In Depth Strategy - IDC Romania preso](https://reader034.vdocuments.us/reader034/viewer/2022042613/54bcb0cb4a795918308b4578/html5/thumbnails/9.jpg)
ESX Stack
Hypervisor
PhantomMonitor™
V Switch
vm 1 Vm 2 Vm 3
Web Security Protocol
Analysis Database
Security
VoIP
Network
Performance
IDS/IPSForensics
![Page 10: Fortifying Network Security with a Defense In Depth Strategy - IDC Romania preso](https://reader034.vdocuments.us/reader034/viewer/2022042613/54bcb0cb4a795918308b4578/html5/thumbnails/10.jpg)
ESX Stack
Hypervisor
PhantomMonitor™
V Switch
vm 1 Vm 2 Vm 3
Web Security
IDS/IPS
Protocol
Analysis Database
Security
VoIP
Network
Performance
ESX Stack
Hypervisor
PhantomMonitor™
V Switch
vm 1 Vm 2 Vm 3
Director
Aggregation
Visibility Architecture
Advanced Packet Distribution
Aggregation and regeneration
Intelligent Filtering
Bypass switching (inline)
Packet Slicing & DeDuplication
Total Network Visibility
Forensics
![Page 11: Fortifying Network Security with a Defense In Depth Strategy - IDC Romania preso](https://reader034.vdocuments.us/reader034/viewer/2022042613/54bcb0cb4a795918308b4578/html5/thumbnails/11.jpg)
Traditional access methods don‘t work!
1. Degrading performance of network
2. Dropping important packets
3. Needs to be configured (time loss)
4. Mixing source/destination information
5. Limitations with sessions
6. Compliance issues
SwitchSwitch
1. Potential single point of failure
2. Expensive 1-tool-1-link deployment
3. Relocating means link downtime
SPAN port:
Inline:
![Page 12: Fortifying Network Security with a Defense In Depth Strategy - IDC Romania preso](https://reader034.vdocuments.us/reader034/viewer/2022042613/54bcb0cb4a795918308b4578/html5/thumbnails/12.jpg)
Switch
Use Network TAP instead of SPAN
Benefits
• Full-duplex access with zero impact on
network traffic around the clock
• 100% visibility to link traffic for security
and network monitoring tools
• Plug-and-play — no configuration required
• Permanent access: no need to break the
link each time you need to remove tool
• Forwards important L1 and L2 errors
• Dual power supplies: keeps the network
link up and running in case of power failure
Firewall
Analyzer
Switch
![Page 13: Fortifying Network Security with a Defense In Depth Strategy - IDC Romania preso](https://reader034.vdocuments.us/reader034/viewer/2022042613/54bcb0cb4a795918308b4578/html5/thumbnails/13.jpg)
Protect inline deployments with Bypass Switch
Benefits
• Protects the network from IPS link,
application, and power outages
• SNMP (v2c, v3) traps indicate status
changes for system, link, power, and
threshold
• Intelligent Heartbeat packets:
continuous check of IPS health!
• Removes link downtime: ensures
traffic flow when appliance is offline
• RMON statistics and LCD display
• Redundant power supplies
SwitchFirewall
IPS
Switch
![Page 14: Fortifying Network Security with a Defense In Depth Strategy - IDC Romania preso](https://reader034.vdocuments.us/reader034/viewer/2022042613/54bcb0cb4a795918308b4578/html5/thumbnails/14.jpg)
Ne
two
rkN
etw
ork
Vis
ibilit
y
Branch
Campus
CoreData Center
Network Taps
Network Packet Brokers
Aggregation FilteringFlow Linking Regeneration Load Balancing
Deduplication Time StampingBurst Protection Header Stripping
File SecurityManagement
Web SecurityCustomer
Experience
Cloud
![Page 15: Fortifying Network Security with a Defense In Depth Strategy - IDC Romania preso](https://reader034.vdocuments.us/reader034/viewer/2022042613/54bcb0cb4a795918308b4578/html5/thumbnails/15.jpg)
Cost saving:• Reducing CAPEX/OPEX by using fewer tools
Benefits
User satisfaction:
• No network/link downtime
Simplicity:• Centralized monitoring of many network
segments and different types of traffic
Scalability• Any tool – any time
Security:
• No packets dropped – 100% visibility
![Page 16: Fortifying Network Security with a Defense In Depth Strategy - IDC Romania preso](https://reader034.vdocuments.us/reader034/viewer/2022042613/54bcb0cb4a795918308b4578/html5/thumbnails/16.jpg)
The MOST TRUSTED names
in networking
Service Providers trust IXIA to: Improve and speed service delivery
Speed roll out of next gen services
Improve network and application
visibility and performance
Equipment Manufacturers trust IXIA to: Develop next generation devices
Speed time to market
Improve performance and reliability
Enterprises trust IXIA to: Assess vendor equipment and
applications
Improve network security posture
Improve network and application
visibility and performance
Chip Fabricators trust IXIA to: Validate protocol conformance
Speed time to market
trust
Test
Secu
rity V
isib
ilit
y
![Page 17: Fortifying Network Security with a Defense In Depth Strategy - IDC Romania preso](https://reader034.vdocuments.us/reader034/viewer/2022042613/54bcb0cb4a795918308b4578/html5/thumbnails/17.jpg)
Thank You!
+43 664 831 6674
www.ixiacom.com www.np-channel.com
www.network-taps.eu
Mihajlo PreradRegional Sales Manager