overview stewart varney bridge it – 304-736-2800 [email protected] wednesday april 6,...
Post on 19-Dec-2015
225 views
TRANSCRIPT
OverviewStewart Varney Bridge IT – [email protected] April 6, 2011
About Cymphonix
• Founded 2004, venture-backed, privately-held
• Purpose-Built Secure Web Gateway – Original software: XLi– Custom hardware
• Industry recognition:
• Quality investment partners• Channel distribution• 32 countries
2 Cymphonix Company Confidential
Cymphonix Mission
XLi
Scan
IdentifyControl
• We help organizations cut the time, effort and cost of controlling their converged internet traffic.
• The first and most important step is visibility—you can’t address what you can’t see.
• Cymphonix – see more, do more.
Chaotic traffic and threats
Filtered, optimized dataflow
Unprioritized use and policy breaches
Secure, optimized dataflow
Internet
3
How We Do IT
• Designed to sit in-line and monitor traffic for the entire connection
• Real-time HTTPS decrypt/re-encrypt engine
• Stops port hopping and other filter bypass tricks
• Layer 3-7 Scanning– Application and web content– Incorporate layer 5-7 for
increased visibility
• Being in-line also means we can adjust and prioritize bandwidth at all levels
4 Cymphonix Company Confidential
XLi OS and XLi-E OS Feature Comparison
• XLi OS Version 9– Live Reporting Engine– Dynamic Application and Content
Control– Bandwidth Management– Multi-Dimensional Policy
Enforcement– In-Depth Web Content Analysis and
Filtering– Intelligent Filter Avoidance
Detection and Protection– Malware Detection– Flexible Deployment Configurations– iPod® touch Reporting Application
• XLi-E OS Version 9Includes everything listed in the XLi OS V9 with these additional features:– Delegated Administration– Direct database access– True Cache Technology– High Availability– Centralized Management and
Reporting*
*Note: Centralized Management and Reporting requires the Cymphonix Network Conductor
5 Cymphonix Company Confidential
Translating Vision into Action
• Beyond simple and static analysis you can drill instantly into root causes
• Real-time or historical data• By user/group/department/locations• By application/protocol/URL
6 Cymphonix Company Confidential
Application traffic
HTTP traffic
HTTP via standard ports
HTTPS
HTTP via non-standard pre-
approved ports
HTTP via unapproved non-
standard ports
Joseph Mere
Otto Franz
Robert Thomas
Karen Taylor
Warren Pease
YouTube
MSN
ESPN.com
Netflix.com
Amazon.com
Marketing10.142.12.2
Cymphonix Network Composer
7 Cymphonix Company Confidential
Visibility
Filter Avoidance Detection
In-Depth Web
Content Analysis
Malware Detection
Security Optimization
Dynamic Content Control
Dynamic Application
Control
True Cache Technology
Purpose-built hardware and XLi Operating System provide visibility to all converged internet traffic
Before Converged Internet Content…
• Web content = simple and skinny• Application traffic = mostly enterprise like SAP• WAN = Frame Relay, ISDN, Partial T1, WDS 802.11• User complaint = the dial-up is too slow
8 Cymphonix Company Confidential
Web contentFTP
Application traffic
Today’s World with Converged Internet Content
• Web content = rich media and fat and everywhere• Application traffic = heavy, mission-critical, media-rich
entertainment and enterprise• WAN = DS3, OC3, OC12 1Gb, public/private, multi-site• Users complaint = the 10Mb/s pipe is too slow
9 Cymphonix Company Confidential
Web 2.0 ContentApplication traffic
Cloud computing
VLAN - 300
VLAN - 200
VLAN - 100
Small to Medium Networks
10 Cymphonix Company Confidential
Simple Routed NetworksMultiple VLANs
Internet
firewall Cymphonix Network Composer
router
Intra-VLAN routing done here
Users can be in a different VLAN
Bridge IP address is in the stub network
Stub network /29 or larger
SNAT is done here
Routed NetworksMultiple Firewalls and VLANs
Intra-VLAN routing done here
Bridge IP address is in the stub network
Stub network /29 or larger
SNAT is done here
firewall Cymphonix Network Composer
internal router/firewall
VLAN - 300
VLAN - 200
VLAN - 100
Users can be in a different VLAN
Internet
Medium to Large Networks
11 Cymphonix Company Confidential
High Availability NetworkActive - Passive
passive firewall
router 1
Intra-VLAN routing done here
Users can be in a different VLAN
Bridge IP address is in the stub network
Stub network /29 or larger
SNAT is done here
router 2
VLAN - 300
VLAN - 200
VLAN - 100
Internet
NAP router
active firewallHSRP/VRRP
High Availability NetworkLoad Balanced Active - Active
router 1
Intra-VLAN routing done here
Users can be in a different VLANStub network
/29 or largerSNAT is done
here
router 2
VLAN - 300
VLAN - 200
VLAN - 100
Internet
NAP router
active firewall 1HSRP/VRRP
active firewall 2
Network Composer EX Series
• From 2 Mb/s to 1 Gb/s• Copper Ethernet with programmable hardware bypass• Fiber Ethernet options• 64 Bit processor architecture – system and kernel• Enhanced performance and memory management• Support for high availability networks• XLi and XLi- E OS options
12 Cymphonix Company Confidential
Network Composer Models and Options
13 Cymphonix Company Confidential
Conclusion
• Cymphonix enables unmatched visibility and control• Cut the time, effort and costs controlling your converged
Internet traffic• The first and most important step is visibility—you can’t
address what you can’t see.• Cymphonix – see more, do more.
14 Cymphonix Company Confidential