securing your digital assets gabriel tan, district manager, south asia nokia enterprise solutions
DESCRIPTION
Securing your Digital Assets Gabriel Tan, District Manager, South Asia Nokia Enterprise Solutions. About Nokia. World leader in mobile communications Frontrunner in providing mobile, broadband and IP networks Sixth most valuable brand (Interbrand) - PowerPoint PPT PresentationTRANSCRIPT
1
Securing your Digital Assets
Gabriel Tan,
District Manager, South Asia
Nokia Enterprise Solutions
2
About Nokia
• World leader in mobile communications
• Frontrunner in providing mobile, broadband and IP networks
• Sixth most valuable brand (Interbrand)
• One of the world’s most respected companies(PriceWaterhouse & Financial Times)
• As mobility and Internet converge, Nokia is committed to further enrichingthe daily lives of people
3
Nokia Organisation
Customer and Market Operations
Customer and Market Operations
Technology Platforms Technology Platforms
Strategy, Research, Venturing and Business Infrastructure
Strategy, Research, Venturing and Business Infrastructure
Mobile
Phones
Mobile
Phones
Multimedia Multimedia Networks Networks
EnterpriseSolutionsEnterpriseSolutions
4
Top of mind issues for security
Hardened for security Simple & manageable Reliable Cost Support multiple applications
…and something that adds more complexity…securing wireless
5
Customers still want security appliances …
By 2007, 80% of all network security solutions will be delivered via a dedicated appliancea dedicated appliance. - IDC
81%75% 74%
63% 60%
IDP NetworkFirewall
EmailSecurity
WebContent
ApplicationFirewall
What Security Function are you likely to deploy on a security appliance?
What is the primary driver behind appliance-based security technology?
79%
73%
58%
52%
Simplermanageability
Obtain higher levelof security
Betterprice/performance
Convergence (UTM)
… and they want more from these appliances.
6
Nokia Aligned With Market Preferences
In-Stat (2005)
• Set For Explosive Growth
Forrester (2005)
• 50% of enterprises prefer separate stand alone appliances
•14% prefer all-in-one•28% prefer integrated
Best of Breed, 52%Multivendor
Integrated, 37%
Suite/Single Vendor, 11%
Source: Gartner (July 2005)
Gartner (2005)
7
Nokia IP Security PlatformsP
rice
Check Point VPN-1 Pro or Check Point VPN-1 Pro or VPN-1 ExpressVPN-1 Express
LargeEnterprise
DataCenterService Providers
Nokia IP710
Nokia IP350/IP355
Nokia IP380/IP385
Nokia IP1260
Small to MidEnterprise
Remote Office Branch Office
Nokia IP1220
Nokia IP2250
Nokia IP260/IP265
Nokia IP40
Performance & Functionality
Nokia IP560
8
The Power of Two: The CheckPoint and Nokia• OverviewOverview
• 8+, year partnership between Nokia and Check Point• Nokia and Check Point Provide Security to 92 out of Fortuner
100.
Check PointCheck Point• No. 1 Internet Security Company: Built on Firewall Software
Success• Award winning GUI• Patented Stateful Inspection
NokiaNokia• Internet Security Appliance Pioneer• Built to secure demanding traffic • Fastest performance Platform For Check Point (IPSO)• ‘Audit’ Grade HW Build, OS and Management tools Enterprise
and Carrier• The First and Leading HA Firewall Solution for Check Point• Global Support and Service
• InnovationInnovation• Patented security technologies • Jointly-developed acceleration technologies• Several IETF Reference Points (IPv6, VRRP) etc..• 600+ security focused engineers
300,000+ Installation
s
Check Point / Check Point / Nokia Nokia
InstallationsInstallations
1998 2006
9
Nokia IP2250
Nokia Security Firewall Appliances
• IPSO - Hardened OS designed for security • Simple procurement and configuration • Single support point for the entire solution• Comprehensive quality assurance on complete hardware and software solution• Network-centric product architecture• First-Call, Final-Resolution support
Nokia IP12xx
Nokia IP3xx
Nokia IP40
Nokia IP26x
Nokia IP710
10
Nokia IP Security Appliance Platforms• Hardware• Nokia Pioneered The IP Security Appliance, knows more about Security Appliances Than Any other Vendor
• Nokia Designs and builds Entire Appliance Platform, down To Component Level, including boards etc…
• Nokia Develops and QA’s all hardware driver software, with specialized toolsets and bench configurations
• Nokia Provides Redundant hot swap power supplies
• Nokia Provides Redundant hot swap Network Interface Cards
• Nokia Provides Solid State and HDD based System Solutions
• Nokia Delivers High Port Density, High Connectivity Solutions
• Nokia IP Appliances are Built with Ease of Serviceability in mind
• All Systems Quality Assured Under Ideal and ‘Real World’ Operational Environments
• All ‘installed base’ hardware, operating system and application combinations QA’d together
• Nokia Continues To Invest in Hardware Innovations – ADPs, Solid State Support, 10GigE
11
• Operating System – IP Security Operating System
• Network Element Operating System, Optimised For Packet Forwarding
• IPSO High Performance Forwarding based on Patented IP Switching Technology
• ASIC Firewall Performance From Software Based Firewall, with no Restrictions on Flexibility
• Built On Carrier Grade, ‘Battle’ Proven, IP Networking BSD IP Stack, used by Operators and ISPs
• Nokia Hardened* Operating System IPSOTM
• Early Implementation of Digitally Signed OS
• Less Than 10 CERTs in 8+ Years of Field Deployments
• Firewall acceleration pioneer, Nokia Patented IP Firewall Flows
• The market leader and pioneer in integrated high availability firewall technology VRRP-MC to IP Clustering
• World Class, well proven, standards adherent routing
• Well proven IPv6 Implementation, deployed in ISP and Operator Networks for 5yrs+
• Multiple OS Image Management for rollback and recovery operations
• Powerful CLI, and Diagnostic Shells
• Nokia Pioneered Web Interface For Security Appliance Management – Nokia Voyager Element Manager
• Nokia Pioneered Security Appliance System Level Management – Nokia Horizon Manager
• Do No Harm patch, upgrade and management technology for Entire Systems including Security Applications
• Nokia Hardware and Software Asset Auditing tools
• Nokia Brings F.C.A.P.S Best of Breed NMS to Security Appliance - Nokia Appliance Manager
Nokia IP Security Operating System
12
What is A Secure Appliance Operating System?
• “Applications cannot be more secure than the kernel functions they call”
• OS is the right place for security
Operating system security is fundamental to the security of every computing system because operating systems are a critical point of failure for the entire system. Unfortunately, attempts to secure computer systems continue to be based on the flawed assumption that adequate security can be provided in applications with the existing security mechanisms of mainstream operating systems. The reality is that secure applications require secure operating systems, and any effort to provide system security that ignores this premise is doomed to fail. – NSA
13
Anatomy of A Secure Appliance Operating System
SystemArchitectu
re
Security Functions
Deployment
Processes
BuildingSecure
Software
IndependentValidation & Certifications
Identification and AuthenticationUser Data Protection including Access Control File integritySecurity Audit…
Programming TechniquesDevelopment ProceduresSecurity Hardening
Common CriteriaITSECFIPS 140IS 17799SAS-70
Secure DeliveryDigitally-Signed BinariesSecure Lockdown
Enforces the Security Policywith a Security Model implemented by kernel components and by kernel modularity
14
General Purpose Operating System Security Solutions
Flexible but NOT fast
CPUCPUCPUCPU
Packet Processing
Packet Processing PolicyPolicyPolicyPolicy
Software Based(Server Appliance)
15
ASIC Based Security Solution
Fast but NOT flexible
Hardware Based(ASICs)
Packet Processing
Policy
16
Nokia IP Security Appliance
Fast + Flexible Fast + Flexible
Nokia
CPUCPUCPUCPUCPUCPUCPUCPUCPUCPUCPUCPUCPUCPUCPUCPU
PolicyPolicyPolicyPolicy
CPUCPUCPUCPUCPUCPUCPUCPUCPUCPUCPUCPUNPUNPUNPUNPU
APIAPIAPIAPI
Packet Processing
Packet Processing
17
Nokia Unique Value Proposition
Fast but NOT flexible Flexible but NOT fast
Fast + Flexible Fast + Flexible
CPUCPUCPUCPU
Packet Processing
Packet Processing PolicyPolicyPolicyPolicy
Software Based(Server Appliance)
Nokia
Hardware Based(ASICs)
Packet Processing
Policy
CPUCPUCPUCPUCPUCPUCPUCPUCPUCPUCPUCPUCPUCPUCPUCPU
PolicyPolicyPolicyPolicy
CPUCPUCPUCPUCPUCPUCPUCPUCPUCPUCPUCPUNPUNPUNPUNPU
APIAPIAPIAPI
Packet Processing
Packet Processing
18
In Other People’s Words
Nokia IP3xx
“This product shows how two companies can work together to create a product better
than the sum of its parts”
-Secure Computing Magazine
“A versatile and flexible solution for the high end of the market”
-Secure Computing MagazineNokia IP2250
Nokia IP2xx
"As a dedicated hardware platform, the Nokia IP260 offers some ferocious capabilities.“
-Network Computing Magazine
19
IP Security Appliance Business
• Business Week, 28 Aug ‘02- Nokia's Security Connection "force to be reckoned with... According to tech researcher IDC, Nokia is quickly grabbing market share in the exploding market for firewall/VPN appliances“
• 25.6% of Asia Pacific Security Appliance Market Share
• Nokia with Check Point VPN-1/FireWall-1 has 62% VPN and 41% firewall market share (Infonetics Research, VPN Hardware Market)
• Frost & Sullivan 2005 Firewall market sharefor Vietnam, Nokia ranked #1
20
Nokia SSL VPNEnables new mobile connectivity applications
Enterprise
Intranet
Internet
Nokia SSL VPN
Firewall
Employees using a non-
corporate device at home, a
library or a café
Employees using a corporate
device at a hotel or using Wi-Fi
provider
Partners, suppliers & contractors
Linux & Unix users
Client-server
applications like
Outlook, & Notes
Web-enabled
applications SFA,
CRM, ERP
Mainframe, SSH, FTP,
Telnet
Executive access
Business Continuity
21
Performance
Pri
ce
MediumOffice
Large Office
Remote Office Branch Office
Nokia 500i *VPN Gateway
Nokia 100iVPN GatewayNokia 50i
VPN Gateway
Nokia 5i and Nokia 10iVPN Gateways
Nokia IP VPN Gateways
• Fully-integrated, secure IPSec VPN gateways, with multiple options, for fast, easy deployment in high-performance networks
• Advanced dynamic connectivity to mobile devices and other VPN gateways through robust broadband and routing functionality
• Extreme system availability using diskless hardware, patented clustering and patent-pending adaptive networking technologies
• Product targeted for government sales through planned industry certification including FIPS-140-2, EAL4, ICSA and VPN Consortium
* Available in 1H 2005
22
Nokia Mobile IP VPN Solution
Headquarters
Nokia 50i
Nokia VPN Mgr(with Nokia SSM)Nokia Mobile
VPN Client
Branch Office
Nokia 10i
Internet
CorporateWi-Fi
Wireless Network(GPRS, 3G)
Mobile VPN Client
Site-to-Site Connectivity
Rem
ote
Acce
ss Connectiv
ity
Native Windows
L2TP/IPSec client
23
Nokia Enterprise Solutions
Nokia Firewall/VPN
Mobile Devices& PDAs
Employees on enterprise
device
Employees on non-enterprise
device
IT Apps / Assets
IT Security Infrastructure
Authentication & EncryptionAccess Control
Intrusion DetectionAnti-Virus
ANY Mobile Device
Nokia SSL VPN
Nokia IP VPN
Nokia VPN Manager /
NHM
AccessNetwork
Internet
Applications, Files, Authentication, etc.
24
Nokia Service – First Call – Final Resolution
• Direct Access To EngineeringDirect Access To Engineering•Support resources have a direct line to hardware engineering, software engineering and QA teams – No company boundaries to span during resolution
• Three SCP Accredited TAC centers for follow the sun Three SCP Accredited TAC centers for follow the sun serviceservice
• Comprehensive support offerings available worldwideComprehensive support offerings available worldwide•8x5 VAR fulfilled or Nokia fulfilled support•8x5 onsite VAR fulfilled or Nokia fulfilled support•24x7 VAR fulfilled or Nokia fulfilled support•24x7 onsite VAR fulfilled or Nokia fulfilled support
Nokia provides integrated single source, and single contract, support for Check Point VPN-1, Nokia IP Security Platforms,
interface cards, VPN accelerator cards, HA software and routing protocols.
25
Hardware Repair and Replacement Services
Networking Equipment • Field support in more than 2000
cities• Onsite Service Options: NBD, Same
Day4 Hour Response, 2 Hour Response
Mobile Devices• Advanced Exchange • Return and Repair• Walk In Service
India
Singapore
Japan
USA West
CanadaUK
Finland
Enterprise level technical support delivered by
Global Technical Assistance Centers
• Nokia First Call-Final Resolution• Follow The Sun Support• Available 365x24x7
USA East
Taiwan
China
End User help desk support delivered by 19 Customer Care Centers globally
• Set up assistance• Access to device specialists• >1000s of repair service points
globally
Malaysia
HK
Brazil
Argentina
ColumbiaMexico
HungaryGermany
ItalySpain
Belgium
USA South East
China
Global Support Infrastructure
26
Global TAC & Field Infrastructure
Global Field Services Infrastructure for 5x8xNBD / 24x7x4h On-site HW Replacement.2000 Field Service Locations Globally
On-Site HW Replacement:
Global 365x24x7 Nokia Technical Support (First Call – Final Resolution) through Follow the Sun Model. Three regional Technical Assistance Centers (TACs) & four Product Line Support (PLS) Centers located with R&D.
(TACs) in Kanata, London, Singapore, India and Tokyo. (PLS) in Mountain View, Pittsburgh, India & Helsinki.
Technical Support:
5 Global DHL Hosted Spares Depots in Cincinnati, Brussels, Singapore, Tokyo & Shanghai.Same Day Shipping Globally & Next Day Delivery in the US, EU, Singapore, Japan & China.
Advanced HW Replacement:
27
Nokia Uniqueness in Unified Threat Management
Security Appliances with a “tuned” Operating SystemSecurity Appliances with a “tuned” Operating System(Nokia appliances with IPSO Operating System)(Nokia appliances with IPSO Operating System)
ServicesResiliency, Performance, Policy Control, flow management,
Anomaly Detection, Regulatory Compliance, extensibility
Security Appliances with a “tuned” Operating SystemSecurity Appliances with a “tuned” Operating System(Nokia appliances with IPSO Operating System)(Nokia appliances with IPSO Operating System)
ServicesResiliency, Performance, Policy Control, flow management,
Anomaly Detection, Regulatory Compliance, extensibility
ServicesBroad Attack Detection
Deep PacketInspection
Application Control
Real Time Response
ID/PID/P
ServicesAccess Control
Application Control
Protocol Validation
Enforcement
FirewallFirewall Network AVNetwork AV
ServicesVirus Mitigation
Spyware, Adware, Malware Detection and Control
Malicious Mobile Code Mitigation
Problem:• Multiple discrete services x Multiple Locations = Security Trade-Offs
Nokia UTM:• Unified secure mobility services x Multiple locations = Limited Trade-Offs
Problem:• Multiple discrete services x Multiple Locations = Security Trade-Offs
Nokia UTM:• Unified secure mobility services x Multiple locations = Limited Trade-Offs
28
Security and Mobility Unification
Email, PIMServer
NokiaManagement
Center(Admin Interface)
DNSDirectory
Firewall
VPN (IP &/or SSL)
ID/P
Directory Services
VoIP
Nokia Unified Threat Management Functions
• All-in-one secure mobility architecture
• Ease of management, integration, deployment
• Consolidated management framework
29