upgrading your firewall? its time for an inline security fabric
TRANSCRIPT
1© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
UPGRADING YOUR FIREWALL?IT’S TIME FOR AN INLINE SECURITY FABRIC
Ajay Pandey, MS(Boston), LL.B, CCIE #14792 (R&S/Sec), CISSP, CISA Enterprise Solutions Architect - APAC
2© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
106 / hour 66%Growth in information-based security
incidents from 2014 to 20152
25%Chance that your organization will be
breached over next 24 months3
$550kAverage cost of unplanned outage for
enterprises, growing 15% annually2
Average number of malware hits1
1 ZK Research Study for Ixia, April 2016
ATTACKS CONTINUE TO RISE
2 Kaspersky Lab, Cost of Security Breaches, September 2015
3 Ponemon Institute, Data Breach Study, May 2015
3© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
SwitchServer
ServerSwitch
Switch
Switch
Single points of failure
Administrative tension
Tools not used efficiently
Difficult to scale
INLINE SECURITY IS EXPANDING
4© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
• Increased risk of downtime
• Upgrade disruption
• Inefficient use of budget and limit on ROI
• Difficult to scale
• Incomplete security monitoring
DISADVANTAGES OF CURRENT PRACTICES
5© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
SwitchServer
Switch
ServerSwitch Switch
INCREASED RISK OF DOWNTIME
6© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
SwitchServer
Switch
ServerSwitch Switch
Bypass Switches
Bypass Switches
ELIMINATE DOWNTIME FROM TOOL FAILURES
Monitored Tool Links via Heartbeat Packets
7© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
SwitchServer
Switch
ServerSwitch Switch
UPGRADE & MAINTENANCE DISRUPTIONS
8© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
SwitchServer
Switch
ServerSwitch Switch
Bypass Switches
Bypass Switches
ELIMINATE UPGRADE / MAINTENANCE DISRUPTIONMonitored Tool Links via Heartbeat Packets
9© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
SwitchServer
Switch
ServerSwitch Switch
Bypass Switches
Bypass Switches
INEFFICIENT CAPACITY UTILIZATION
10© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
SwitchServer
Switch
ServerSwitch Switch
MAXIMIZE CAPACITY USAGE
Bypass Switch
Bypass Switch
Network Packet
Broker (NPB)
• Aggregate security tool
capacity
• Selectively route traffic
to security tools
Monitored Tool Links via Heartbeat Packets
11© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
SwitchServer
Switch
ServerSwitch Switch
Bypass Switches
Bypass Switches
DIFFICULT TO SCALE CAPACITY
12© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
SwitchServer
Switch
ServerSwitch Switch
SIMPLE CAPACITY SCALABILITY
Bypass Switch
Bypass Switch
Network Packet
Broker (NPB)
• Aggregate security tool
capacity
• Selectively route traffic
to security tools
• Load balance traffic
across security tools
13© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
SwitchServer
Switch
ServerSwitch Switch
SINGLE POINT OF FAILURE
Bypass Switch
Bypass Switch
Network Packet
Broker (NPB)
14© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
Inline
Security
Tool Farm
SwitchServer
Switch
ServerSwitch Switch
Bypass Switch
Bypass Switch
High-Availability (HA)
Network Packet Brokers
HIGH AVAILABILITY IXIA SECURITY FABRICTM
15© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
Inline
Security
Tool Farm
SwitchServer
Switch
ServerSwitch Switch
Bypass switch
Bypass switch
Out-of-band
sandboxing
CONNECT OUT-OF-BAND SECURITY TOOLS
High-Availability (HA)
Network Packet Brokers
16© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
Reduce Network Downtime
• Failsafe inline security deployments
• HA configuration with no single points of failure
Increase Tool Efficiency
• Intelligent routing of traffic based on content
• Load balancing reduces congestion and extends tool life
Improve Inspection and Security Monitoring
• Increase monitored network segments
• Improve security resilience with HA configuration
SUMMARYBenefits of Deploying Ixia Security Fabric
18© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
18
BREAKINGPOINT PERFORMANCE #S (BANDWIDTH PER CHASSIS)
960Gbps
Apps Throughput
Applications
24Million
TCP CPS
Connection Rate
720Capacity
Million
HTTP CC
12M
SSL Capacity
Concurrent
SSL Flows
2.4M
SSL CPS
SSL
Connection Rate
240SSL Throughput
Gbps
SSL Throughput
Performance in two-arm mode,With clients and servers simulated on same blade