netscreen confidential 1 netscreen corporate overview june 2001
Post on 19-Dec-2015
231 views
TRANSCRIPT
NetScreen Confidential1
NetScreen Corporate Overview
June 2001
NetScreen Confidential2
About NetScreen
• Founded October 1997• Leading maker of ASIC-based integrated security solutions
– Firewall, VPN and traffic management
• Fast growing revenue– $40 million in calendar 2000– $8 million in calendar 1999
• Primary markets: Internet data centers, service providers and enterprises
• Employees: > 270• Pre-IPO: $53 million VC investment
– Sequoia, Spectrum, Juniper, Ericsson, WorldCom
• Based in Sunnyvale, Calif. USA– Other offices in Boston, UK, Germany, Hong Kong, Beijing
NetScreen Confidential3
NetScreen’s Security Solutions
• Integrated security systems and appliances • Product line provides near-wire-speed
performance at 1-Gbps, 700-Mbps, 100-Mbps & 10-Mbps– Stateful inspection hardware firewall, IPSec,
authentication, PKI and NAT acceleration
• Small form factor• IPSec VPN – Triple DES at wire speed• High availability
– Protect against hacker attacks (8 to 10 times faster than software solutions)
– Redundant topologies
• ICSA-certified (firewall and VPN)
NetScreen Confidential4
The Internet Revolution …
• Proliferation of access to and usage of the Internet continues worldwide
• Broadband services are proliferating
• Security is required to protect against attacks and forge trusted relationships
Internet Users Worldwide
59
250
0
50
100
150
200
250
300
1998 2003
Users (in millions)
NetScreen Confidential5
… Is Changing the Security Paradigm
• Network performance outstrips security performance, creating a bottleneck
• The ongoing care and feeding of legacy solutions
• Lack of qualified security personnel
• The interest in outsourcing of the enterprise network and applications, in general,or just security
NetScreen Confidential6
NetScreen Meets The Customer Challenge for Security
• Developer of next generation Internet security systems and appliances, delivering:– Performance: Security performance must scale to protect new
high-speed networks
– Integration: Firewall, VPN and traffic management
– Ease of use: Must be easy to deploy in order to proliferate
– Availability: High-reliability architectures
• NetScreen security solutions–proven technology– NetScreen has three years of experience building purpose-
built, high-performance integrated security solutions
– More than 35,000 units shipped to date
NetScreen Confidential7
Security Market Growth
• Firewall and VPN markets in rapid-growth stage– Hardware predominant
platform for firewalls and VPNs
• Key drivers– Need to protect Internet
links and encrypt data
– Enterprises looking to outsource or out-task some element of security
Worldwide Market Growth (Infonetics Research)
$0
$1
$2
$3
$4
$5
$6
2000 2001 2002 2003 2004
Bill
ion
s
Firewall Dedicated VPN hardware
NetScreen Confidential8
Product Overview: NetScreen-1000
• Gigabit Performance– 1 Gbps 3DES IPSec VPN– 1 Gbps firewall and NAT
• High Capacity– Firewall: Stateful inspection - 500,000 sessions– VPN: 25,000 IPSec tunnels,
• High availability/redundancy– Hot swappable power supplies, fans, cards– Mirrored configuration maintains sessions through a failover
• Virtual Systems based – for ASPs & managed services– 100 discrete security domains– Per VS address book, policies and management
NetScreen Confidential9
Product Overview: NetScreen-500
• High performance– 250 Mbps 3DES IPSec VPN
– 700 Mbps stateful firewall
• High capacity– 10,000 IPSec tunnels
– 250,000 concurrent sessions
– 22,000 new sessions per second
• Up to 25 Virtual Systems
• Redundant– High availability features– Internal system redundancies
(swappable fans, power)– Separate traffic and
management bus
• Flexible– Multiple ports– AC/DC power
NetScreen Confidential10
Product Overview:NetScreen Security Appliances
• Suite of wire-speed appliances– NetScreen-100: 100-Mbps performance; 128,000 sessions; 1,000 tunnels– NetScreen-10: 10-Mbps performance; 4,000 sessions; 100 tunnels– NetScreen-5XP: 10-Mbps performance; 2,000 sessions; 10 tunnels
• Stateful-inspection firewall– Leading denial of service attack deterrence
• NAT (mapped IP, Virtual IP), URL blocking• Line rate IPSec VPNs
– IPSec, DES/3DES, MD5, SHA-1, IKE key management– 1,000 tunnels: site to site or remote access
• Traffic Shaping: guaranteed & max bandwidth
NetScreen Confidential11
NetScreen Management Interfaces
SNMP
CLI
Web UI
3rd Party
Syslog
Global
NetScreen Management Interfaces
• CLI – familiar command line interface [telnet, ssh]
• Web Interface – embedded Web server [http, SSL]
• NetScreen Global – proprietary interface
• SNMP – Standard MIB & private extensions
• Syslog – standard traffic reporting and alerts
• 3rd Party – WebSense, WebTrends
NetScreen Confidential12
Enterprise Security Management: Global Manager
• Central management for multiple NetScreen security appliances – Set policies and configuration options
– Define configuration once, apply to multiple devices
– Device grouping to simplify administration
• Collect and display status information for hundreds of devices– Detailed reporting: configuration, traffic,
CPU utilization, logs
• Securely manages via VPN tunnels to devices
• Windows NT/2000-based platform
Global Manager
Configuration
Monitoring & Reporting
NetScreen Security Devices
NetScreen Confidential13
NetScreen Global PRO 2.6
• Configure 1000s of devices– Set common policies and drag-
and-drop to device groups
Oracle DB
Web Server
Data Collector
Global PRO UI
Configuration
Reporting Presentation layer
Solaris collector layer
Data Storage layer
Device layer
Monitoring
NetScreen Security Devices
Global Pro Components
• Customer or Role based reporting– Web reporting interface
• Extensive interoperability– Industry leading data base
– Open schema
– Netcool Integration Module
• Highly scaleable performance reporting and monitoring system– Track and present sophisticated
reports
NetScreen Confidential14
Custom Technologies Deliver Performance & Security
• GigaScreen ASIC: Highest performance, most integrated security acceleration silicon available– Single chip HW firewall, IPSec, authentication, PKI and NAT
acceleration
– HW firewall: TCP header parsing, session lookup, policy lookup
– 1.2 Gbps DES, 400 Mb 3DES, MD-5, SHA-1
– PKI acceleration
– HW NAT
– Multi-bus architecture
– RISC processor interface
• ScreenOS – Dedicated, real-time operating system that drives all NetScreen
systems and appliances
NetScreen Confidential15
NetScreen Virtual Systems
• NetScreen-1000 and NetScreen-500 include NetScreen’s unique Virtual Systems technology– Create up to 100 individual security domains
on the NetScreen-1000 and 25 on the NetScreen-500, each with its own policies
– Integrated firewall and VPN features– Reduce capital cost, ease management and
administration, simplify network architecture
• NetScreen Virtual Systems– Physical ports mapped into VLAN groups
within the switch– VLAN traffic passed over 802.1Q tagged
trunk– VLANs mapped to Virtual Systems within
the NetScreen system
Physical ports mapped to VLANs within switch
IEEE 802.1Q VLAN Trunk
Traffic Mapped to VLANs via Virtual Systems
Standard Ethernet connections
NetScreen Confidential16
NetScreen Target Markets
Enterprise Networks• Enterprise central site and broadband
remote access
Internet data centers• Web hosts, AIPs
Service provider networks• MANs, ISPs
Managed Security Service Providers• Integrating security solutions for Internet data centers,
service providers and enterprises of all sizes
NetScreen Confidential17
Central Site Firewall & VPN Intranet
Firewall Application• WAN access multiple T1s /T3• E-business
VPN Application• Private network replaced by VPN intranet• Hundreds or thousands of remote offices /
users• Extranets• Trust limited to “Need to know”
employees
Internet
Corp HQ
DMZ
NetScreen delivers• Increased performance, scalability,
flexibility & cost effectiveness of the solution
NetScreen Confidential18
Multi-Department Security
Internet
Corp HQ
Finance Dept M & A Group Engineering Dept
DMZs
Traditional Solution
• Multiple Firewalls required to provide internal security
NetScreen-500 Solution• Virtual Systems employed to
provide departmental security• Can also be used for
additional DMZs, security domains and for extranets
• Trust limited to “Need to know” employees
NetScreen Confidential19
Multi-Department with Remote Users
Internet
Corp HQ
DMZs
Finance Dept
Finance Dept mobile worker
Finance Vsys
Finance Dept remote worker
Firewall• Traffic sent to the Finance dept is
firewall-ed by the Finance Vsys• Finance SOHO worker firewall-ed from
the InternetVPN• Remote finance workers VPN
connections terminate in the Finance Virtual System
• Essentially extending the finance intranet to include those workers
NetScreen Confidential20
• Low performance• Requires load
balanced Firewalls
• Loose ability to offer
VPN access
• Expensive access• Slow to establish
• Time consuming (staff)
• Lost revenue to telco
Traditional Data Center Approach
Internet
Customers
www Access
Front End
BackEnd
Internet Data Center
Front End
BackEnd
• Resource intensive• Device
• Management
• Skilled Staff
• Time (setup /support)
Admin or ASP Customer Access (WAN link or VPN)
Front End
BackEnd
Administration
Front End
BackEnd
Load-balancers
NetScreen Confidential21
• Dedicated VPN and / or FW solution
• High Bandwidth FW and VPN without having load balanced security devices
• Additional Backend or Database security
• High performance multi-customer solution
• Reduced Capital Cost• Rapid Deployment• Low support burden
• Differentiated services• Customer site VPN
• High speed VPN between Data Centers
NetScreen’s Complete Data Center Platform
Trust
Untrust
Internet
Internet Data Center
Front End
BackEnd
VLAN 2 VLAN 3
NetScreen 1000
(Firewall & VPN)
Front End
BackEnd
VLAN 4 VLAN 5
Mirrored Data Center
Customers
www Access
BackEnd
Front End
NetScreen 1000
Shared Hosting / Core Systems
VLAN 1
or Low end dedicated
Customer Access (VPN)
NS Remote, 5, 10, 100
NetScreen 10
Front End
BackEnd
NetScreen 100
NetScreen Confidential22
xSP – Selling with CPE in the Enterprise
NetScreen- 1000ES
Internet
Branch Office
Small Office/Telecommuter
Remote VPN Client
Finance Domain
Finance Remote Worker
Dark Fiber
Data CenterCorp HQ
DMZs
Global / Pro
SOC
• Integrated Firewall and VPN solution for the enterprise
–Gigabit firewall to address internet and intranet bandwidth
–High speed and capacity VPN to address broadband remote access VPN
–Multiple DMZ–Option for departmental policy and
VPNs (departmental Firewall replacement)
–Intra office VPN
• Comprehensive line of enterprise security products
• Single security vendor solution for management and support
NetScreen Confidential23
Optical Access
Metropolitan Area Networks
Metropolitan area network • High speed inter-city inter-
office security solution
• Enterprise remote site VPN via the Internet
• High bandwidth FW and VPN without having load balanced security devices
• Customer deployed or managed service
• In the cloud or CPE-based
Optical Backbone
InternetRemote Site
Access (VPN)
NetScreen- 1000ES
Customer A City A
NetScreen- 1000ES
Customer A City B
GE over Fiber
Optical Access
NetScreen- 1000SP
NetScreen Confidential24
Using Virtual Systems in NSP networks
Fiber Backbone
Internet
Fiber Access
Fiber Access
Vsys #1
Vsys #2
Vsys #3
Vsys #1 Vsys #2
Metropolitan area network • Ethernet over Fiber
• Discrete Customer Fibers mapped to Virtual Systems via VLAN tagged trunk
• Customer FW & VPN services per Virtual System
NetScreen Confidential25
Managed Security Service Provider Solutions
Internet
HQ / Branch Office
Small Office/TelecommuterRemote VPN Client
NetScreen- 1000ES
Finance Domain
Dark Fiber
Data Center
Corp HQ
DMZs
MAN
NetScreen- 1000ES
Trust
Untrust
Front End
BackEnd
Internet Data Center
VLAN 1 VLAN 2
Front End
BackEnd
NetScreen 1000ES
Front End
BackEnd
NetScreen 100
NetScreen-1000SP
Global / Pro
SOC
NetScreen-100
NetScreen-5
NetScreen -Remote
NetScreen Confidential26
Industry Recognition“Products from NetScreen, Cisco and CyberGuard fit the bill for the highest throughput, with NetScreen offering overall outstanding performance with consistently high numbers across all our tests.” NetworkWorld, March 12, 2001
“NetScreen's combination firewall/VPN is a powerful and cost-effective solution for companies of all sizes. NetScreen's speed, reliability, and ease-of-use make it an ideal solution for companies that have enterprise-level security needs.” InfoWorld, Sept. 29, 2000
“Topping our list was the NetScreen-100 from NetScreen Technologies Inc., which had no security issues, the fastest throughput of any device we tested, and a reasonable price tag.” – CommWeb, Sept. 12, 2000
“Don't be fooled by the size of the NetScreen-5. It's only as big as a paperback novel, but it offers bandwidth management and complete firewall and VPN gateway implementations.” – Network Computing, June 12, 2000
“At 1U in height, the NetScreen-100 packs a small-form-factor wallop. A stateful-inspection firewall ensconced in proprietary ASIC hardware, the NetScreen-100 is built for speed.” – Network Computing, April 3, 2000
Tester’s Choice Firewalls: The NetScreen-100 “offered the best combination of airtight security, screaming performance and simple management.” – Data Communications, May 1999
Tester’s Choice Traffic Shaping: “The Netscreen-100 turned in a strong showing in our rate enforcement and burst handling tests while posting respectable numbers in our prioritization tests.” – Data Communications, November 1998
NetScreen Confidential27
Award-Winning Performance
• VPN Gateway Tester’s Choice award for the NetScreen-100– CommWeb is a leading Web site
published by CMP media for Network Magazine, Tele.Com and other leading publications
– Published Sept. 12, 2000
• 12 vendors tested, including Cisco, Check Point• “Topping our list was the NetScreen-100 from
NetScreen Technologies Inc., which had no security issues, the fastest throughput of any device we tested, and a reasonable price tag.”
NetScreen Confidential28
NetScreen Customers & Partners