OverviewStewart Varney Bridge IT – 304-736-2800stewart.varney@bridgeit.comWednesday April 6, 2011

About Cymphonix

• Founded 2004, venture-backed, privately-held

• Purpose-Built Secure Web Gateway – Original software: XLi– Custom hardware

• Industry recognition:

• Quality investment partners• Channel distribution• 32 countries

2 Cymphonix Company Confidential

Cymphonix Mission

XLi

Scan

IdentifyControl

• We help organizations cut the time, effort and cost of controlling their converged internet traffic.

• The first and most important step is visibility—you can’t address what you can’t see.

• Cymphonix – see more, do more.

Chaotic traffic and threats

Filtered, optimized dataflow

Unprioritized use and policy breaches

Secure, optimized dataflow

Internet

3

How We Do IT

• Designed to sit in-line and monitor traffic for the entire connection

• Real-time HTTPS decrypt/re-encrypt engine

• Stops port hopping and other filter bypass tricks

• Layer 3-7 Scanning– Application and web content– Incorporate layer 5-7 for

increased visibility

• Being in-line also means we can adjust and prioritize bandwidth at all levels

4 Cymphonix Company Confidential

XLi OS and XLi-E OS Feature Comparison

• XLi OS Version 9– Live Reporting Engine– Dynamic Application and Content

Control– Bandwidth Management– Multi-Dimensional Policy

Enforcement– In-Depth Web Content Analysis and

Filtering– Intelligent Filter Avoidance

Detection and Protection– Malware Detection– Flexible Deployment Configurations– iPod® touch Reporting Application

• XLi-E OS Version 9Includes everything listed in the XLi OS V9 with these additional features:– Delegated Administration– Direct database access– True Cache Technology– High Availability– Centralized Management and

Reporting*

*Note: Centralized Management and Reporting requires the Cymphonix Network Conductor

5 Cymphonix Company Confidential

Translating Vision into Action

• Beyond simple and static analysis you can drill instantly into root causes

• Real-time or historical data• By user/group/department/locations• By application/protocol/URL

6 Cymphonix Company Confidential

Application traffic

HTTP traffic

HTTP via standard ports

HTTPS

HTTP via non-standard pre-

approved ports

HTTP via unapproved non-

standard ports

Joseph Mere

Otto Franz

Robert Thomas

Karen Taylor

Warren Pease

YouTube

MSN

ESPN.com

Netflix.com

Amazon.com

Marketing10.142.12.2

Cymphonix Network Composer

7 Cymphonix Company Confidential

Visibility

Filter Avoidance Detection

In-Depth Web

Content Analysis

Malware Detection

Security Optimization

Dynamic Content Control

Dynamic Application

Control

True Cache Technology

Purpose-built hardware and XLi Operating System provide visibility to all converged internet traffic

Before Converged Internet Content…

• Web content = simple and skinny• Application traffic = mostly enterprise like SAP• WAN = Frame Relay, ISDN, Partial T1, WDS 802.11• User complaint = the dial-up is too slow

8 Cymphonix Company Confidential

Web contentFTP

Application traffic

Today’s World with Converged Internet Content

• Web content = rich media and fat and everywhere• Application traffic = heavy, mission-critical, media-rich

entertainment and enterprise• WAN = DS3, OC3, OC12 1Gb, public/private, multi-site• Users complaint = the 10Mb/s pipe is too slow

9 Cymphonix Company Confidential

Web 2.0 ContentApplication traffic

Cloud computing

VLAN - 300

VLAN - 200

VLAN - 100

Small to Medium Networks

10 Cymphonix Company Confidential

Simple Routed NetworksMultiple VLANs

Internet

firewall Cymphonix Network Composer

router

Intra-VLAN routing done here

Users can be in a different VLAN

Bridge IP address is in the stub network

Stub network /29 or larger

SNAT is done here

Routed NetworksMultiple Firewalls and VLANs

Intra-VLAN routing done here

Bridge IP address is in the stub network

Stub network /29 or larger

SNAT is done here

firewall Cymphonix Network Composer

internal router/firewall

VLAN - 300

VLAN - 200

VLAN - 100

Users can be in a different VLAN

Internet

Medium to Large Networks

11 Cymphonix Company Confidential

High Availability NetworkActive - Passive

passive firewall

router 1

Intra-VLAN routing done here

Users can be in a different VLAN

Bridge IP address is in the stub network

Stub network /29 or larger

SNAT is done here

router 2

VLAN - 300

VLAN - 200

VLAN - 100

Internet

NAP router

active firewallHSRP/VRRP

High Availability NetworkLoad Balanced Active - Active

router 1

Intra-VLAN routing done here

Users can be in a different VLANStub network

/29 or largerSNAT is done

here

router 2

VLAN - 300

VLAN - 200

VLAN - 100

Internet

NAP router

active firewall 1HSRP/VRRP

active firewall 2

Network Composer EX Series

• From 2 Mb/s to 1 Gb/s• Copper Ethernet with programmable hardware bypass• Fiber Ethernet options• 64 Bit processor architecture – system and kernel• Enhanced performance and memory management• Support for high availability networks• XLi and XLi- E OS options

12 Cymphonix Company Confidential

Network Composer Models and Options

13 Cymphonix Company Confidential

Conclusion

• Cymphonix enables unmatched visibility and control• Cut the time, effort and costs controlling your converged

Internet traffic• The first and most important step is visibility—you can’t

address what you can’t see.• Cymphonix – see more, do more.

14 Cymphonix Company Confidential