seminar: it security design der neuen art...(radcom) gre-vlan-erspan – custom tunnel •netflow...
TRANSCRIPT
1 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
Seminar:
IT Security Design der neuen Art
2 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
2005 July 2012
2002 June 2012
1996 Oct. 2013
Ixia:
> Founded in 1997
> Active testing of
> IP networks,
> Wifi
> 3G/LTE
Anue Systems:
> Network Visibility:
> Packet Brokers (NTO)
> Network Testing:
> Impairment Generator
BreakingPoint:
> Security testing
> Attack analytics
NetOptics:
> Network Visibility:
> Packet Brokers (xStream)
> Inline Security (BypassTap)
> Network Taps
OUR HISTORY AND COMPETENCE
Keysight Technolgies:
> April 2017
Ixia part of Keysight Technologies
(ixia solutions group)
3 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
Visibility Portfolio
(offline)
4 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
How do they make sure that the millions of Dollars that has been spent are paying off in terms of: Availability:
- meet SLAs
Security: - Potential threats, data loss prevention, vulnerabilities
Compliance: - Sarbanes-Oxley, HIPPA, PCI-DDS
Performance: - End user experience, troubleshooting, root cause analysis
Trends: - Capacity planning and scalability
QUESTION
5 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
HERE IS THE SOLUTION
S S S
Deploy Ixia TAPs within
your network
architecture providing
you full visibility
Internet
Step 1: Deploy Ixia TAPs
6 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
TAP VERSUS SPAN
TAP SPAN
Full Duplex Taps
(no packet loss due to aggregation)
Simplest optical TAPs are safe as houses
and grow with the Network from GE to 100GE
Copper TAPs are fail safe even when the power is lost
Available for all media types:
Copper: 10M, 100M & 1G
Optical: Single Mode 1G till 100G
Multi Mode 1G till 100G
Cisco Bidi
Limited number of SPANs leads to compromise
(Multiple tools cannot be used at the same time)
Have to be configured and maintained
(Danger working on Production Network)
Load depended behavior
(tend to lose packets already at lower processor load)
7 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
VIRTUAL NETWORKS
Problem: East-West traffic never leaves the physical server and so it does lead again into:
Security, Monitoring and Compliance Risks
No Visibility
No Audit Trail
No Utilization Insight
Hypervisor
Virtual Switch
VM 1
WEB
East-West
(green arrows)
Traffic NOT Seen
by Network
Monitoring Tools
VM 2
APP
VM 3
DB
8 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
VIRTUAL TAP
Cloudlens vTap is capable of capturing and then sending
inter-VM traffic of interest to the tools that are already
monitoring your physical network. Plus it can perform
basic filtering.
Monitoring
vSwitch
ESXi
KVM
GRE-VLAN-ERSPAN – Custom Tunnel
vTAP
Service
HYPER-V
vSwitch
9 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
HERE IS THE SOLUTION
S S S
Internet
Ixia Cloudlens vTaps
providing access to
east-west traffic
within the same
hypervisor
Step 2: Deploy Ixia Cloudlens vTAP
10 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
PROBLEM WITH THE GRANULARITY
Granularity can become very costly due to:
> Every TAP requires two tool ports
(A>B & B>A)
> Link speed dictates tool speed and
performance (very costly for 40G/100G)
> Different tools are competing against the
same TAP or SPAN port
> If not as much tool ports as TAP or SPAN
are available engineers need to change
ports. (Problems with access control/rights
& distance)
> Tools are flooded with unnecessary data
Finally a project is dead already before it started
11 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
HERE IS THE SOLUTION
S S S
Internet
Ixia Vision Packet Broker:
> aggregate SPAN,& TAP & tools
> filter & forward only relevant data
> Providing Advanced and ATIP features
> optimizing tool performance
Step 3: Deploy Ixia Packet Broker
12 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
CENTRALIZED SOLUTION
13 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
DISTRIBUTED SOLUTION WITH CLUSTERING
14 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
USE CASE – VISIBILITY PER TOP OF RACK
S S
Tools Farm
VisionEdge
Series
Ixia VisionEdge Series
• Ports from 1G till 100G
• Filtering till L4
• Single or multiple tools to be connected
• Tap top of rack switches with a few taps
Internet
15 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
USE CASE – HIGH DENSITY LEAF-SPINE
S S S
Tools Farm
Fabric Controller
VisionEdge
Ixia VisionEdge Series
• Ports from 1G till 100G
• Filtering till L4
• Clustering support to move network traffic to central tools
• Medium scale data center
• Multiple racks and leaf-spine topology
• Redundant paths to tap
Internet
16 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
VISIBILITY INTELLIGENCE STACKS
SecureStack
• Passive SSL
Decryption
• Active SSL (Q2 2017)
NetStack(~NPB Basics)
• 3 Stages of Filtering
• Dynamic Filter
Compiler
• Double your Ports
• VLAN Tagging
• Aggregation &
Replication
• Load Balancing
PacketStack (~AFM)
• Deduplication
• Header Stripping &
Protocol Trimming
• Timestamping
• Data Masking
• GRE Tunneling
• Burst Protection
AppStack (~ATIP)
• Application & RegEx
filtering
• Geolocation &
Tagging
• Real-time Dashboard
• NetFlow & IxFlowReg
• Data Masking +
• PCAP
17 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
PACKETSTACK (AFM)
All unique frames going to 10.0.0.0/8
Only the first 128 bytes of TCP Port 25 frames
Hardware AFM
NPB Adv. Packet Processing
Advanced Packet Processing (AFM) Features
• Deduplication
• Header stripping
• Packet Trimming
• Data Masking
• Tunnel Termination
• Timestamping
• Burst Protection
18 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
PACKETSTACK (AFM)
1. Assign AFM bandwidth
> Network- ToolPort
> Dynamic Filter
2. Configure & combine
> Multiple functions at the same
19 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
APPSTACK (ATIP)
• ATI Processor (ATIP) - Context-rich Application Visibility
• Application forwarding based on application, geography, and RegEx matching
• Real-time dashboard
• Rich NetFlow / IPFIX generation
> Device OS
> Browser
> Geolocation
• Data Masking
> Dynamic (RegEx)
All traffic from Georgia
All voice traffic from HTC Ones Someone from S. Africa watching House of Cards on Netflix on an iPhone on Vodacom’s network
NPB – App Brokering
Meta Data
App Filtering
20 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
SECURE STACK - SPYGLASS
Challenge: It is extremely expensive to inspect
encrypted traffic at volume and speed!
Encrypted traffic is expected to be
75% of all traffic by the end of 2017
21 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
HIGH PERFORMANCE ACTIVE SSL INSPECTION
• New high-performance Application Module for
Vision ONE and Vision 7300
• Dedicated cryptographic processor
• Integrated with Inline support on NTO
• Both inline and passive tool support
• Policy-based SSL inspection URL categorization
22 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
USE CASE – HIGH DENSITY WITH ADVANCED PACKET PROCESSING FOR TOOL OPTIMIZATION
S S S
Tools Farm Vision ONE/7300 VisionEdge
Series
VisionOne-ControlTower Benefits
• Advanced Packet Processing
> De-duplication, Trimming, Stripping
> L7 filtering, SSL decryption, Netflow gen.
• Single pane of glass UI with Ixia Fabric
Controller (IFC)
• Medium scale data center
• Multiple racks and leaf-spine topology
Ixia VisionEdge Series
• Ports from 1G till 100G
• Filtering till L4
• Aggregating lot of ports
Internet
23 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
USE CASE – ULTRA SCALE WITH ADVANCED PACKET PROCESSING FOR TOOL OPTIMIZATION
S S S
Tools Farm Vision 7300 VisionEdge
Series
VisionOne-ControlTower Benefits
• Advanced Packet Processing (Terabits/s)
> De-duplication, Trimming, Stripping
> L7 filtering, SSL decryption, Netflow gen.
• Single pane of glass UI with Ixia Fabric
Controller (IFC)
• Massive scale data center
• 100s of 10/40/100G taps required
Ixia VisionEdge Series
• Ports from 1G till 100G
• Filtering till L4
• Aggregating lot of ports
Internet
24 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
Security Portfolio
(inline)
25 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
Inline
INLINE VERSUS OUT OF BAND
Out of Band
- Tool does receive only copies from the link
- Defective tool does not take the link down
- Tools are: APM, NPM, VoIP Analyzer, DLP,
SIEM, IDS, Sandboxing
- TAP: electrical or optical 10M-100G
- Tool goes into the link
- Defective tool does take the link down
- Tools are: NGFW, IPS
26 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
BYPASS REGULAR OPERATION (BYPASS=OFF)
Bypass Tap (1)
• Heartbeat packet preserves
the link state towards IPS
• Protects against power, link,
and application failure
• Provides flexibility for
upgrades, moves, etc.
27 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
ANY ADVANTAGE BY ADDING A PACKET BROKER?
Spare Unit
• “Jumps” in if any of the
production units has an issue
• Keeps security index up
(no more 100% or nothing)
Load Balancing
• Load balance link bandwidth between one tool
load balance group
• Cost effective solution
(multiple 1G IPS are cheaper than a single
10G IPS)
28 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
AND EVEN MORE ADVANTAGES BY ADDING A PACKET BROKER
Redirect packets
• Traffic that does not need to be
inspected by the inline tools
can be redirected back into the
link
• Offload security tools from
unwanted traffic
• Better resource management
Inline SSL decryption
• Powerful 10Gbit/s bidirectional
inline SSL decryption
• Offload decryption from tools
(better performance and less delay at less
cost)
29 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
SEAMLESS INTEGRATION OF NEW SECURITY TOOLS
Phase 1
• New security tools are
receiving only copies of the
link packets
• Security teams can get
familiar with the behavior
Phase 2
• Seamless inline integration
once Security teams are
confided with the new tool
30 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
WHAT IF I HAVE MULTIPLE LINKS TO THE WORLD?
Packet Broker does:
• Maintain link affinity. Packets
from each link are assured to
be delivered back to that link.
• Load balance all packets with
session affinity through the
individual tools in the LBG
• Switch to standby units in
case of an issue with the
production units
31 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
OK, BUT WHAT IF I HAVE INLINE AND OFFLINE SECURITY TOOLS?
We are happy to help
• Internally tap whatever out of band tool (Sandboxing, Data Recorder, IDS) you want to the Packet Broker
• In this case the Packet Broker will send packet copies from the internally tapped links to the OOB tools
• Use Advanced Features (Deduplication, Packet Trimming, Header Stripping ) or
ATIP features (Application layer filtering, SSL decryption or Netflow generation) to your advantage
32 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
BUT AN IPS DECIDES WHAT A SANDBOXING UNIT NEED TO CHECK
Still not an issue
• Let the IPS manage filter settings of the Packet Broker programmatically through RESTful API
33 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
SINGLE POINT OF FAILURE? NOT WITH HA?
Here is the solution:
• Use BypassVHD switches supporting High Availability (HA) and double up the Packet Broker and Tool
infrastructure for 100% redundancy
• The advantage of a HA Bypass is that it has two links down to the Packet Broker. If one of the links fails the
Bypass will switch traffic to the other Bypass. Only if both links down do not work anymore the Bypass will fail the
links open
34 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
AND HERE IS THE FULL PICTURE
• A single ixia Packet Broker can handle inline as well as offline applications.
35 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
CloudLens
36 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
INTRODUCING CLOUDLENS Visibility across all your cloud environments - public, private, and hybrid clouds
CloudLens Private
CloudLens
vTap
CloudLens
vPB
CloudLens
vATIP
CloudLens
Branch Office Virtual DC Private Cloud
CloudLens Public
Public Cloud
37 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
Monitoring
vSwitch
ESXi
KVM
Monit
Probe
**
(Radcom)
GRE-VLAN-ERSPAN – Custom Tunnel
• Netflow
• Geo-location
• Time Stamping
• Deduplication
• Header Stripping
CloudLens
Mgr.
VIRTUAL DATACENTER VISIBILITY
Virtual Traffic Visibility
• Provides Visibility into Data
Center Network (Inline/ Out of Band)
• Inter-VM Traffic Monitoring
• Multiple Hypervisor Support
(ESXi, KVM, Hyper-V, OpenStack)
• vSwitch/Router Agnostic
(VSS, vDS, Cisco Nexus)
• GRE – VLAN – ERSPAN Protocols
• Monitoring Tool Agnostic
• Centralized Management
Inter-VM – East-West Traffic Monitoring – No Blind Spots
Traffic Analysis
Physical End Point Tools
IPS/IDS DLP
vTAP
Service
vGSC
Netflow / Full Packets
FireEye
SPLUNK
**
Scrutinizer
**
NTOP
HYPER-V
Monitoring Host
vSwitch
38 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
Secure Visibility Path
HOW CLOUDLENS WORKS
IXIA CloudLens Public Management Layer
Filtering at source Filtered Traffic securely sent from Instance to Tool
Monitoring
Tools Security
Tools Performance
Tools
39 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
ARCHITECTURE DESIGN HYBRID CLOUD
40 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
IXIA SOLUTIONS FOR THE ARCHITECTURE DESIGN
Ixia Taps are available for all media types:
Copper: 10M, 100M & 1G
Optical: Single Mode & Multi Mode 1G till 100G
Cisco Bidi Ixia FlexTap
41 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
IXIA SOLUTIONS FOR THE ARCHITECTURE DESIGN
• Inter-VM Traffic Monitoring
• Multiple Hypervisor Support (ESXi, KVM, VM, OpenStack)
• vSwitch/Router Agnostic (VSS, vDS, Cisco Nexus)
• GRE-VLAN-ERSPAN Protocols Ixia CloudLens
42 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
IXIA SOLUTIONS FOR THE ARCHITECTURE DESIGN • AWS Support
• SaaS Web-Interface where Cloud Visibility is managed
• Docker based component that sits within Source and Tool
Instances in a customers environment
• Filtered traffic securely sent from Instance to Tool
Ixia CloudLens
43 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
IXIA SOLUTIONS FOR THE ARCHITECTURE DESIGN
• Aggregation & Filtering till Application Level
• Packet Processing (Trimming, Stripping, De-Duplication
• SSL-Decryption, Netflow Generation
• Web Based User Interface Ixia Packet Broker
44 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
SO WHAT DO I NEED FROM IXIA?
Only four things:
Bypass
Packet Broker
Tap CloudLens
45 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
- 1G/10G/40G/100G (LR & ER)
> Single Mode with LC Connector
> Split Ratio 50/50, 60/40, 70/30, 80/20
& 90/10
- 1G (SX)
> Multi Mode with LC Connector
> 62,5 µm
> Split Ratio 50/50, 60/40, 70/30, 80/20
& 90/10
- 1G (SX) & 10G (SR)
> Multi Mode with LC Connector
> 50 µm
> Split Ratio 50/50, 60/40, 70/30 & 80/20
- 40G (MR4)
> Multi Mode with LC Connector
> 50 µm
> Split Ratio 70/30
IXIA FLEX TAP
- 40G (SR4)
> Multi Mode with MTP Connector
> 50µm
> Split Ratio 50/50 & 70/30
- 40G (Cisco Bidi)
> Multi Mode
> 50µm
> Split Ratio 50/50
- 100G (SR10)
> Multi Mode with MTP Connector
> 50µm
> Split Ratio 50:50 & 70:30
46 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
IXIA BYPASS SWITCH
iBypass 40-10 (4x10G)
iBypass 10G
iBypass 3
iBypass VHD
iBypass HD
47 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
WHO IS WHO OF IXIA PACKET BROKER
48 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
Break
49 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
Front Line Defence
Threat ARMOR
50 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
IS A SECURITY TEAM WITH HIGH-QUALITY TOOLS
BEHIND EVERY SECURITY BREACH
51 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
BUT ON AVERAGE, ONLY 29% OF ALERTS RECEIVED ARE INVESTIGATED*
WHY?
*Ponemon 2016 State of Malware Detection & Prevention
52 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
THE INTERNET IS FULL OF GOOD AND BAD TRAFFIC
53 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
HAMMERING YOUR COMPANY’S SECURITY INFRASTRUCTURE
54 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
THE CONSTANT BARRAGE OF NETWORK PROBES AND SCANS CREATES A LOT OF NOISE AND HIDES CRITICAL EVENTS
55 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
BUT THERE IS A SOLUTION…
56 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
NOW YOU CAN FILTER OUT KNOWN BAD IPs
57 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
…AND COMPLETELY REMOVE UNTRUSTED COUNTRIES
58 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
MAKING YOUR SECURITY TOOLS MORE EFFICIENT
59 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
INTRODUCING
60 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
ThreatARMOR FROM IXIA
ThreatARMOR is a threat intelligence gateway.
Blocks known-bad IPs and eliminates untrusted countries.
Reduces alert fatigue and false positives.
60
61 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
HOW ThreatARMOR COMPLEMENTS YOUR SECURITY DEPLOYMENT
62 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
HOW MANY BAD IP’S CAN MY SECURITY DEVICE BLOCK?
ENTRY-LEVEL NGFW HIGH-END NGFW ThreatARMOR
10,000 IP RANGES
40,000 IP RANGES
HIJACKED IP’s
TOP 5 BOTNET COUNTRIES
TOP 10 BOTNET COUNTRIES
ATI RAP SHEETS
BOGONS
4,294,967,296 EVERY IP ON THE INTERNET
INDIVIDUALLY EVALUATED
WITH NO PERFORMANCE HIT
2000
3500
0 1000 2000 3000 4000
NGFW
NGFW+TA
Web Transaction Rate
Next-gen Firewalls are optimized for DPI, threat detection, web security, and user based policies.
They can typically block 10,000 to 40,000 IP ranges. This enough to handle a handful of countries and some manual block rules, but not enough to handle the tens of millions of malicious, hijacked, and unregistered IP addresses without substantial performance degradation.
ThreatARMOR can block over 4 billion IP’s at line rate.
Offloading this large-scale IP blocking to ThreatARMOR increases firewall performance by up to 75%, freeing up resources while enabling more advanced firewall features.
63 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
ThreatARMOR BRINGS THREAT INTELLIGENCE TO YOUR NETWORK
Set, Select and Forget.
Auto-updates every 5 min.
Maximum reliability.
ThreatARMOR
Appliance
63
Clear proof for every
blocked site.
ThreatARMOR
Rap Sheets
Professional-grade Threat Intelligence
IXIA ATI
Research Center
64 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | 64
HIGH PERFORMANCE
• Purpose-built to hold every IP
address on the Internet
• Guaranteed line-rate performance
blocking full ATI Rap Sheet
database
• Scale with no performance impact
from blocking one, one thousand, or
one billion IP addresses
HIGH RESIL IENCY
• Built for maximum reliability
• Dual-redundant power supplies
• Integrated bypass NIC
• Field-replaceable SSD
• Serial console capability
HOW IS ThreatARMOR DIFFERENT?
65 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | 65
1. Connect power and Ethernet cables
2. Pick “Report Only” or “Blocking Mode”
3. Walk away, it updates automatically
• Criminal site blocking is automatic
• Geo-blocking is optional
DEPLOY ThreatARMOR IN 30 MINUTES
EASY TO CONFIGURE
66 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
Real-time overview
shows countries
attempting malicious
connections, total
throughput and
blocked connection
stats
Dashboard shows
top blocked
countries, recent
blocked IP and
reason, and top
traffic countries
Bottom allowed
countries are
good candidates
for blocking Log of recent IP
blocks with reason.
Click on any block
for full Rap Sheet
data including local
IP addresses, DNS
info, screen shots
and checksums.
67 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
ThreatARMOR cuts intrusions and capex
CHALLENGE: With 3 million attacks on web servers
daily, customer needed a cost-effective, automated
defense strategy
CASE STUDY:
HyperBox
SOLUTION: ThreatARMOR
RESULTS:
• Reduced IDS intrusion detections from 1M to 200K,
saving IT significant time due to fewer alerts
• Deferred new capex purchases by maximizing
existing IDS and firewall tools
Service Provider Sector
Better Visibility
Better Security
CASE STUDY: SECURITY INTRUSION ALERTS REDUCED BY 80%
68 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | 68
BLOCK the unwanted from
touching your network
IMPROVES YOUR SECURITY PERFORMANCE — FAST!
GET MORE out of your
security team and tools
ENFORCE Ixia’s professional-grade
Application and Threat Intelligence feed
ThreatARMOR - YOUR THREAT INTELLIGENCE GATEWAY
69 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
THANK YOU
73 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
SUMMARY
• Ixia Packet Broker
> can be used for inline (security) or offline (visibility) applications at the same time
> allows cost effective usage of any tool
• Ixia Bypass Switch
> prevents companies from being offline due to a security tool issue
• Ixia Tap
> Provides reliable measurement points anywhere in the data center
• Ixia Cloudlens
> Provides packet level access in virtual environment
• Might be installed with a dedicated monitoring or security project but once installed it is the base for
any additional tools (inline or offline) that need to be attached