technology awakens @ sheridan · §overview -ssl adoption ... today’s security is borderless...

TechnologyAwakens@Sheridan

WilfriedvanHaeren

CTO

EdgeworxSolutionsInc.

www.edge-worx.com EdgeworxSolutionsInc.OCCCIO2017

TheEndUserawakens….

•Mobiledevices

•UnfetteredAccess

• FreeServices

•Unlimiteddownloads

EdgeworxSolutionsInc.OCCCIO2017

EdgeworxIntroductionWedesign,build,secureandmanageBusiness-CriticalInfrastructures

• NetworkandApplicationPerformanceMonitoring• CyberThreatAnalytics• VulnerabilitySecurityScan• CloudRiskAssessment• Networkdesign&performancetroubleshooting

“wemakeslowinfrastructuresgofast”EdgeworxSolutionsInc.OCCCIO2017

OurCollegecustomers


•LackVisibility •BandwidthCongestion

•SlowApplications •ControlWHOaccessesWHAT

•PerformanceIssues •BandwidthUpgrade

End-UserNetworkIssues&PainPoints

Visibility–YouCannotManageWhatYouCannotSee

And…YouCannotStopWhatYouCannotSee

Thisiswhatwetypicallydealwithand….thiscouldbeyourinfrastructure


BusApp

;-(

Edgeworx=

Visibility

WiFi visibility:MorethanaHeatMap


Wi-Fiperformancetest

Whathappensif….werun20clients


VDIAssessments:deploymentonexistingnetwork


TogetherwithpartnersWeaddress

• Bandwidthoptimization

• EnsureEnd-UsereXperience (EUX)

• CyberattackandThreatProtection

• ApplicationDeliveryControl

• SSLoffloading

• DDoSdetection&mitigation


Your End User’s Needs is

in the Cloud

You have critical cloud

apps that your students,

staff and researchers

rely on today (and more

to come)

© 2015 Netskope. All Rights

Reserved.

18

vIT estimate:

40-50

Actual usage (on average):‣ 72 Marketing

‣ 53 Collaboration

‣ 41 HR

‣ 45 Finance

‣ 38 Productivity

‣ 37 Cloud Storage

Actual:

1200+

The Rise of Personal Apps

More traffic, more jams:

Business vs. Recreational Assessments

Exampleofday-to-dayapplicationusageonaWideAreaNetwork

Allapplicationsarekeptundercontrol

Databackupscanpushasideallapplicationservices

© Edgeworx Solutions Inc. Proprietary Information

Visibility into the applications

running on your network –

for both sanctioned and

unsanctioned

Visibility

Control the behavior of your

applications – to prioritize your

sanctioned applications and

limit unsanctioned apps

Control

Ensuring Quality of

Experience

Prioritize Critical Apps

Mission critical apps

need to be prioritized

to ensure they

perform reliably and

consistently

Control Unsanctioned Apps

Unsanctioned apps

need to be controlled or

blocked to ensure they

don’t steal resources

from mission critical

applications

All port 80/443


Building Intelligent Policies

The Optimization PolicyA unique combination of

network and contextual

variables that define SLA

priority for network traffic.

üWho is the User?üWhich Application?üWhat is the Location?üWhat Time of Day?üHow much Bandwidth?üOn What Device?üUsing Which Protocol?

Network

Insights

Bandwidth

ManagementRecommendations

Extensive

Reporting

• Control over video traffic to contain bandwidth use

• Control over social, gaming and media traffic to prioritize learning

• Control over peer to peer and torrent traffic to stay compliant

• Protection of critical applications

• Provide predictable and consistent application performance

Exinda Benefits

SSL InsightSolution Overview

May, 2017

Presented by:

Leanne Sharpe, Regional Sales DirectorRoger Valencia, Senior Sales Engineer

L O A DB A L A N C I N G

A P P L I C A T I O ND E L I V E R Y

S E C U R EA D C

C L O U DA D C

They Said It Couldn’t Be Done

S E C U R E A P P L I C A T I O NS E R V I C E S

+ + + +

FO U N D ED I N 2004

N Y SE ( ATEN )

2015 REV EN U E $200M

5000+ CUSTOM ERS

I N 72 COUNTRI ES

Outline

§ Overview - SSL Adoption

§ Challenges

§ Solution

§ What?

§ How?

§ Why?

§ Other A10 Solutions

§ Q & A

Overview – SSL Adoption

Reasons Why More Organizations Encrypt Traffic

§ Snowden revelations of NSA snooping

§ It protects our privacy

§ It protects our anonymity

§ And sometimes, it protects our lives

§ More importantly protects our Money

§ Google ranks SSL sites higher for SEO

Challenges

GOOD old days…

Today’s BAD days…

Tomorrow’s VERY BAD days…

§The Good:§ Encryption protects privacy in the WWW

§The Bad§ Network security devices are blind to SSL traffic

§The Ugly§ The bad guys (bad hombres) know that§ More likely we are already infected

SSL Insight to the rescue

The Good, the Bad and the Ugly

Solution§ What?

§ How?

§ Why?

Back to the GOOD old days…

SSL Insight

HTTPS://

HTTP://

Solutionü What

§ How?

§ Why?

How do we do it?§ Client Initiates outbound communication

§ Traffic is decrypted

§ Decrypted traffic is inspected by security solutions

§ Data is encrypted

§ Secure tunnel is established

§ Any data returned is decrypted, inspected and encrypted before reaching the client

Other

DLPUTM

IDS

Internet

SSL decryption

SSL decryption

Encrypted

Decrypted

Encrypted

Inspection/Protectio

n

Client

6

4

3

5

2

1

You Can’t Stop WhatYou Can’t See.Solving the SSL Blindspot

Thank you

47

Today’s world demands security without compromise.

FORTINET SECURITY FABRIC

48

The Attack Surface Has Increased Dramatically

Today’s Security is Borderless

Internal External

Mobile

Endpoint

Branch Office

NGFW

Campus

Data Center

DCFW

UTM

IoT

PoS

§ Network

§ Applications

§ Data

§ People

Point solutions

Complexity

49

Client Security

Network Security

Application Security

Cloud Security

Secure WLAN Access

Alliance Partners

Secure LAN Access

IoT

Cooperative Security Fabric

Local Intelligence

Global Intelligence

Scale

Awareness

Security

Actionable

Open

SECURITY FABRIC

50

Device Access Network Cloud

Distributed

Enterprise

Edge Segmentation

Branch

Data Center

North-South

Carrier

ClassPrivate Cloud IaaS/SaaS

WLAN / LAN

Rugged

Embedded System on a Chips Packet and Content Processor ASIC Hardware Dependent

Device

>1GAppliance

>5G

Appliance

>30G

Appliance

>300G

Chassis

>Terabit

Virtual Machine

SDN/NFVVirtual Machine

On Demand

Client

EndpointSDN

Provisioned

Distributed

NSF

Flow Based

ASIC

Single Pane of Glass

(Management)

Single point of

Security Updates

Single Network

Operating System

Scalable from IoT to Cloud

Single point of

Authentication

and SSO

51

Parallel Path Processing (PPP)

PacketProcessing

ContentInspection

PolicyManagement

Security for the Network

Slow is Broken

CPU Only

Policy Management

Packet Processing

Deep Inspection

More Performance

Less Latency

Less Power

Less Space

CPU

Optimised

SoC

52

Fabric Awareness Critical

Secure Access

Network Security

Application Security

USERS

Client Security Cloud Security

DATA

Topology and Data Flow

Edge Firewall

IaaS FirewallSeg FW

Seg FW

Seg FW

Sandbox

192.1.2.08

Port 442

Cloud App 1

Domain

PolicyLogs

Cooperative Security Fabric

FSA3500D

FGT 100D

FGT 1500D

FGT 3700D

FGT VM

FGT API

FGT 100DPartner

IoT

Access

Point

53

End to End Segmentation Critical

Internal External

CloudOn Demand

Data CenterSDN Orchestration

Mobile

Endpoint

Branch Office

NGFW

Campus

Data Center

DCFW

UTM

IoT

PoS

54

Support Services Single Pane of Glass Migration to Cloud Based Systems

FortiCare FortiCloud FortiGuard Cloud FortiSandbox

Cloud Based Management of

NGFW + Access Point

Cloud Based Management of

NGFW + Access Point

Cloud Based

Management of

NGFW + Access Point

Threat Intelligence Advanced Threat

Protection

Actionable Threat Intelligence

WAN Data CenterAccess

IoT Mobile

PoS Windows

FortiManager

55

Open: Multiple Levels of Fabric API’s for Partner Integration

Fortinet Security Fabric

SIEM

SDNEndpoint

CloudVirtual

Management

Ecosystem Alliance Partners

56

Cloud SDN Sandbox

Test/SSO Fortinet Partners SIEM Management

ECO SYSTEAM INTEGRATION POINTS

Thank You !


technology awakens @ sheridan · §overview -ssl adoption ... today’s security is borderless...

Documents