Интеграция решений Radware в Cisco ACI, Cisco UCS, SDN

Download Интеграция решений Radware в Cisco ACI, Cisco UCS, SDN

Post on 31-Jul-2015

119 views

Category:

Technology

5 download

Embed Size (px)

TRANSCRIPT

<p> 1. Regional Team Director michaels@radware.com Radware Cisco ACI, Cisco UCS, SDN Michael Soukonnik June 2015 2. Radware , Cisco Radware/Cisco Summary 3. GlobalTechnologyPartners 10,000 3 43.7 54.8 68.4 77.6 81.4 88.6 94.6 108.9 144.1 167.0 189.2 193.0 221.9 1% 25% 25% 13% 5% 9% 7% 15% 32% 16% 13% 2% 15% 50.00 100.00 150.00 200.00 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 USD Millions 4. Radware , SLA (ADC) (AMS) (SLA ) (removingSSL,cashing, TCP,compression,etc) vADC (SLA), WEB SLA DoS/DDoS IPS Cloud&amp;Hybrid OWASP-10(WAF) 5. 714 1222 620 NBA,NHL,MLB&amp;Nascar 610 25 5 6. 7. : 1.WW3map(oneof) 2.Easyandcheap(tostart) 3.Hardtomizgate 8. 9. 10 Source: Hackmageddon.com : , , 10 10. Slide11 IP ,IP ContentDeliveryNetwork(CDN) Proxyservers Proxybotnets NATdevices Anonymizers Encryptedcommunicazon :. 11 11. Volumetricnetworkoodaacks SSLbasedaacks SYN flood attack ApplicazonFloodaacks Webaacks:XSS,Bruteforce Port scan Low&amp;Slowaacks Network scan Intrusion Applicazonvulnerability,malware Webaacks:SQLInjeczon 12 ! 12. 13 Cloud Interne t of Things Perimeter Breakdown Policy Enforcement Weakness Slow Incident Response Limited Security Testing Endpoint Security Chaos Network Virtualizat ion 13 13. 14. 15. , ,ISP 2014 2013 16 16. (stateful devices), , ,,,SSL - 17. IPS/IDS Low&amp;SlowDoSaacks (e.g.Sockstress) Largevolumenetwork oodaacks Syn Floods Network Scan HTTPFloods SSLFloods AppMisuse BruteForce DDoS DDoS IPS WAF SSL SQL 18 18. , ? : SLA (ratelimit) ,. . ,, ,. 19. 6% 2014-19%/ 52% % 5% 10% 15% 20% 25% 30% 35% 40% Lessthanaday 1hour-1day 1day-1week overaweek Constantly 2011 2012 2013 2014 2014,19%of 20 20. . 3-7! . : ! 21. Radware Attack Mitigation System (AMS) 22. DefensePro DME DDoS Mitigation Engine (200M PPS) L7 Regex Acceleration ASIC Multi Purpose Multi Cores CPUs (Up to 300 Gbps) &amp;ReputaxonEngine HardwareArchitectureTailoredforAackMizgazon 23. Attack Degree = 10 (Attack) Abnormal rate of packets, AackCase Rate-based anomaly axis Y-axis X-axis Z-axis AttackDegreeaxis Attack area Suspicious area Normal adapted area - Slide24 Abnormal protocol distribution [%] Slide24 24. Rateparameterinput Rate-invariantinputparameter DegreeofAEack(DoA) AEackarea Suspiciousarea Normaladaptedarea LowDoA Flashcrowdscenario Slide25 25. Behavioral DoS Real Time Signature Network Challenge Response Behavioral Anti- Scan SSL Session and Network Protection Behavioral DNS Protection DNS Challenge Response Behavioral HTTP Flood Protection Behavioral Server Cracking HTTP Polymorphic Challenge Response Radware Web Advanced Fingerprinting Signaling Encrypted Challenge Response 26. Attack Mitigation System : 3-7-OSI . .. 18! , OWASP-10 WEB, 27. Radware , Cisco Radware/Cisco Summary 28. Traditional Data Center NetworkLayer BusinessApplicazons 29 ServiceLayer Command&amp;Control Command&amp;Control Command&amp;Control 29. Data Center Transformation Software Defined 30 Automazon Orchestrazon Stacks IT/DevOps NetworkLayer BusinessApplicazons ServiceLayer Command&amp;Control Command&amp;ControlSDNController 30. Data Center Transformation Software Defined Automazon Orchestrazon Stacks IT/DevOps 31 Security Apps Delivery NetworkLayer BusinessApplicazons Command&amp;Control SDNController 31. Data Center Transformation Software Defined Services BusinessApplicazons Automazon Orchestrazon Stacks IT/DevOps 32 RadwareistheonlyvendorthatprovidesA}ackMixgaxonSoluxons! Security Apps Delivery Security NetworkLayer 32. Data Center Transformation Software Defined Services NetworkLayer BusinessApplicazons 33 Radwaressynergexcapproachguaranteesthehighestservice-level Security Apps Delivery Normal Operaxon Performance Degradaxon Outage 33. Introducing Radware Radware/Cisco Solution Mapping Solutions Overview &amp; Differentiators Summary 34. Radware/Cisco Joint Solutions Mapping OpenDaylightSDNUCSNexus9000ACI 35 35. Cisco ACI - Alteon Integration DDoS ADC ACIinthedatacenterisaholiszcarchitecturewithcentralized automazonandpolicy-drivenapplicazonproles. ACIdeliverssowareexibilitywiththescalability ofhardwareperformance. 36 Typical Applicaxons: w w w 36. Cisco ACI-Alteon Integration DDoS ADC 37 Typical Applicaxons: w w w RadwareServiceEngines Availableas: ADCHypervisor 37. Cisco ACI-DefensePro Integration DoS/DDoS Protecxon ADC TypicalApplicaxons: Per-tenantaackproteczon Infrastructureproteczon Value-addsecurityservices RadwareAackMizgazonPlaorms Availableas: DDoSProtecxon Appliance ProtecxonPolicyper Applicaxon 38 Typical Applicaxons: w w w 38. Cisco UCS: About CiscoUniedCompuzngSystem(UCS)isanext- generazondatacenterplaormthat: - Unitescompute,network,storageaccess,and virtualizazonintoacohesivesystem - Enterprise-class,x86-architectureservers - DesignedtoreduceTCOandincreasebusinessagility 39 Typical Applicaxons: w w w 39. Cisco UCS: Building Blocks www. ADC ADCDNS 40 40. Cisco UCS: Alteon NFV Integration www. DNS TypicalApplicaxons: Carriercorenetworkapplicazons Onlinegiantwebapplicazons 41 41. Cisco UCS: Alteon VA Integration www. AlteonVA: LoadBalancing,WAF, DefenseMessaging 42 42. Cisco UCS: DefensePro Integration www. TypicalApplicaxons: Per-applicazonaackmonitoring Per-applicazonaackmizgazon Infrastructureproteczon Value-addsecurityservices 43 43. Cisco SDN Solutions 44 SDNControlLayer NorthboundAPI OpenFlowAPI SDNApplicazons SDNDataPlane TheCiscoOpenSDNControllerisacommercialdistribuzonofOpenDaylight Deliversbusinessagilitythroughautomazonofstandard-basednetwork infrastructure CiscosupportsSDNthrougharangeofCiscoswitchesandrouters 44. Cisco SDN Radware DDoS Protection SDNDataPlane 45 SDNControlLayer SDNApplicazons DefensePro NorthboundAPI OpenFlowAPI RadwareDefenseFlow:SDNApplicazonthatprogramsnetworksforaackproteczon RadwareDefensePro: - BestDDoSproteczonandaackmizgazonsoluzonintheindustry - Connectanywhereinthenetwork - Virtualizesecurityservicesperprotectedobject 45. Cisco SDN Radware DDoS Protection Perimeter LAN DefensePro Trac Monitoring Cleantracforwarded todesznazon Diverted suspicious trac Internet CiscoSwitch TracMonitoring TypicalApplicaxons: Pernetworktenantaackproteczon Infrastructureproteczon Value-addsecurityservices A}ackDetected: Suspicioustracdiverted Cleantracforwardedtodesznazon 46 46. Radware , Cisco Radware/Cisco Summary 47. DDoS , SLA NFV Cisco 48 48. www.radware.com.ru </p>