A10 Networks solution benefits - Network Eventos · ©A10 Networks, Inc. A10 Networks solution...
Transcript of A10 Networks solution benefits - Network Eventos · ©A10 Networks, Inc. A10 Networks solution...
©A10 Networks, Inc.
A10 Networks solution benefits
Seminário de TIC Bancária e Segurança da Informação – Brasília
August 2015
O Evento:
A Network Eventos, empresa especializada na produção de eventos no setor de Telecomunicações e Tecnologia da
Informação, comprometida com a inovação, atualização e troca de conhecimentos, em parceria com o BB Tecnologia
e Serviços e a Caixa Econômica Federal, realizará em Brasília, a 1ª edição do Seminário de Tecnologia Bancária e
Segurança da Informação, dia 26 de agosto de 2015.
O seminário é um evento fechado, voltado para executivos do BB Tecnologia e Serviços, CAIXA e seus convidados
VIPs (Banco do Brasil, Banco de Brasília, Banco Central do Brasil, Correios, DATAPREV e SERPRO), onde serão feitas
apresentações de soluções tecnológicas de ponta.
Informações Gerais:
Data: 26 de agosto de 2015
Local: Centro de Convenções Brasil 21 – Salão Mundo Novo 1 e 2 - SHS Quadra 06, Lote 01, Conjunto A, Setor
Hoteleiro Sul - Brasília/DF
Público Alvo: Diretores, Executivos, Gerentes, Supervisores e Engenheiros das áreas de Telecomunicações e
Tecnologia da Informação do BB Tecnologia e Serviços, CAIXA, Banco do Brasil, Banco Central do Brasil, BRB, SICOOB
e seus principais clientes.
Formato: Evento fechado, distribuído em painéis e palestras.
Número de Participantes: 200 Pessoas
2 ©A10 Networks, Inc.
A10 Corporate Overview
Solution Features
Q&A
Agenda
3 ©A10 Networks, Inc.
A10 Corporate Introduction
Headquarters in San Jose
700+ Employees Offices in 27 countries Customers in 65 countries
$55M
$92M
$120M
$142M
$180M
1,000+
2,000+
2900 3900+
Q4' 11 Q4' 12 Q4' 13 Now
CUSTOMER GROWTH
COMPANY GROWTH
4 ©A10 Networks, Inc.
A10 Product Portfolio Overview
Dedicated
Network
Managed
Hosting Cloud IaaS IT Delivery Models
Application Networking Platform
Performance
Scalability
Extensibility
Flexibility
CGN TPS
ADC
ACOS Platform
Product Lines
ADC – Application Acceleration & Security
CGN – IPv4 Extension / IPv6 Migration
TPS – Network Perimeter DDoS Security Carrier Grade
Networking
Application Delivery Controller
Threat Protection System
Solution Features
Challenges and technologies
6 ©A10 Networks, Inc.
SSL anywhere
Increased Security measures and
policies
IPv4 Preservation
Strategy – IPv6 Migration
Protocol Coexistence
Application availability
XaaS
SDN readiness
Performance
DDoS attacks for all budgets and
needs
IP Version 4
7 ©A10 Networks, Inc.
Application Availability
Highly available applications and data centers
High performance
server load balancing: Scaling capacity for peak
loads
High availability: For uninterrupted
operation
Health-checks: Complete
application fault
detection
Global server load
balancing (GSLB): Intelligence for
global operations
8 ©A10 Networks, Inc.
Application Acceleration and Optimization
TCP Optimization: Improve application
performance
RAM Caching: Faster page loads equal
more revenue
SSL Acceleration: Secure applications
Compression: Optimize any
bandwidth level
Application acceleration for a faster user experience and optimized utilization
Technology for Application Acceleration
9 ©A10 Networks, Inc.
Application availability
– To maintain uptime
– SLB, GSLB, high-availability (HA), Health-checks, more…
Application acceleration
– For equipment consolidation and faster user experience
– Caching, compression, network optimization, more…
Application security services
– For brand and asset protection while enhancing your existing security
– FWLB, WAF, SSL services, more…
Enterprise Data Center
Acceleration: SSL Offload
TCP Reuse
RAM Caching
Compression
A10 ADC
Web App DNS Other App
Security: DDoS Mitigation
WAF
DAF
AAM
Availability: GSLB
High-availability
Health-checks
Backup Data Center
10 ©A10 Networks, Inc.
Scaling security devices and encrypted communications
– SSL Intercept: Eliminate encryption blind spot and scale security appliances
– FWLB and SSL offload, more…
Defend against emerging DDoS attacks
– Network and application protection
Selectively apply dynamic security chains
– Traffic steering and advanced ADC services
DMZ Security Solutions
Firewall Load Balancing
DDoS Mitigation
WAF
DAF
AAM
Traffic Steering
aFleX Scripting
SSL Offload
A10 ADC
Data Center
Firewalls
IDS/IPS
DLP
Other
Firewall Load Balancing
SSL Intercept A10 ADC
Internal Users
11 ©A10 Networks, Inc.
Application Security
Web application
firewall (WAF): Eliminate common Web
attacks
SSL insight: Eliminate the
outbound SSL
blind spot
Application access
management (AAM): Add authentication
seamlessly
DNS application
firewall (DAF): Protect critical
infrastructure
DDoS protection: Multi-vector edge
protection
Enhance existing security infrastructure, and protect against the latest threats
12 ©A10 Networks, Inc.
Cyber Threats Hidden in SSL Traffic
Sources: Sandvine Internet Phenomena Report “Security Leaders Must Address Threats From Rising SSL Traffic,” 2013
67% 50% 80% of Internet
traffic will be
encrypted
by 2016
of attacks will use
encryption to
bypass controls
by 2017
of organizations
with firewalls, IPS,
or UTM do not
decrypt SSL traffic
13 ©A10 Networks, Inc.
Next Gen Firewall
Secure Web Gateway
Intrusion Detection & Prevention
Advanced Threat Prevention
SIEM
Network Forensics
Data Loss Prevention
Unified Threat Management
Solutions are Failing
Despite $71.1B investment in
security
SOURCE: Information Security, Worldwide, 2012-2018, 2Q14 Update, Gartner
14 ©A10 Networks, Inc.
SSL Performance Impact on Next Gen Firewalls
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Performance Impact with 2048-bit SSL Ciphers
81%: The average of performance loss across 7 NG Firewalls
Source: “SSL Performance Problems,” NSS Labs, 2013
Vendor 01 Vendor 02 Vendor 03 Vendor 04 Vendor 05 Vendor 06 Vendor 07 Vendor 08
15 ©A10 Networks, Inc.
Joining forces for an advanced SSL Insight Solution
1. A Thunder ADC intercepts and decrypts SSL traffic
2. Thunder ADC forwards decrypted traffic to non-inline security devices (QRadar packet Capture devices)
3. QRadar inspects traffic for attacks or data loss
4. Thunder ADC encrypts decrypted traffic and forwards it to the intended destination
5. (Optional) based on URL classification on the cloud (Webroot) – Thunder could bypass certain website categories for user’s privacy IBM Qradar Incident Forensics Brief:
https://www.a10networks.com/sites/default/files/resource-files/A10-SB-19116-EN.pdf
16 ©A10 Networks, Inc.
132% increase in attacks (compared to Q214)
Online Gaming – top destination
China – Top sources (non spoofed)
122% increased L7 attacks
50% more attacks above 100Gbps
DDoS attacks on the rise
Source: “State of the internet Security,” Akamai Q215
17 ©A10 Networks, Inc.
Five principal methods for effective mitigation
Mitigating DDoS Attacks
Packet anomaly check: Network level packet
sanity check
(conformance)
Authentication
challenge: Network and application
level validation of client
origination integrity
Black and white lists: Network level high speed
inspection and control
Traffic rate control: Network and
application monitoring
to rate limit traffic
Protocol and
application check: Network and
application
18 ©A10 Networks, Inc.
Thunder Threat Protection System (TPS)
Multi-vector Protection Detect & mitigate application & network
attacks
Multi-level traffic visibility
60 Hardware mitigations
High Performance Mitigate Up to 155 Gbps of attack
throughput,
200 M packets per second (pps) in 1 rack unit
64k protected objects
8 x 16M black/white list capacity
Flexibility for customization and
network integration Programmatic Policy Engine
aFleX
RegExp
BPF
SDK/RESTful API for 3rd party integration
Many deployment modes
Asymmetric
Symmetric
TAP mode
Hybrid
Next Generation DDoS Protection
Multi-vector
Application &
Network Protection
High Performance
Mitigation
Flexibility for
customization and
network integration
18
19 ©A10 Networks, Inc.
Flexible and broad deployment options
– Asymmetric deployment Reactive
Reactive Deployment with CPE
Proactive
– Symmetric (inline) deployment
– Out-of-band (TAP) deployment
Flexible network support
– Routed (L3) mode or Transparent (L2) mode
– MPLS traffic protection
– IP-in-IP tunnel, GRE tunnel
– Destination & Source NAT
Open SDK using RESTful API aXAPI to integrate with standalone 3rd-party DDoS detection solutions
Easy Network Integration
3rd Party Threat Detection Device
Core Network
Data Center
Services
Flow Export
(Netflow, sFlow)
Traffic Redirection
Tunnel (GRE or
IPinIP)
3rd Party Threat Detection Device
Core Network
Data Center
Services
aXAPI Flow Export
(Netflow, sFlow)
Traffic Redirection
Tunnel
(GRE or
IPinIP)
ISP
End Customer
Services
Real-time Detection
Flood Thresholds
Protocol Anomalies
Behavioral Anomalies
Resource Starvation
L7 Scripts
Black Lists
H
TT
P
D
N
S
T
C
P
U
D
P
Host
Telemetry Collection
sFlow Collector
Log Server
Telemetry
Third Party Threat Detection
20 ©A10 Networks, Inc.
Deep packet inspection and scripting technology
Benefits
– Adjust traffic and L7 data as needed
– Fix or optimize applications
– Complete traffic control
aFleX: Comprehensive DPI and Traffic Management
Example: Automatically displays a Web page based on the user’s language, using the language set in the user’s browser.
English
Spanish Japanese Chinese
21 ©A10 Networks, Inc.
Integrate into 3rd-Party Applications
– Reporting
– Centralized configuration management
– Provisioning
Custom Management Solutions
– Integrated into homegrown apps versus using the A10 CLI or GUI
Interactive Infrastructure
– Applications can issue triggers to change traffic management behavior based on external events
aXAPI: Customizable Management Options for Integration
Authentication request, containing Thunder admin username and password.
If authentication is successful, Thunder replies with a session ID and status 200 - ok
Configuration or monitoring request, containing the session ID
Next configuration or monitoring request, containing the session ID
Third-party application sends session close request or allows session to time out.
If session ID is Valid, and session has not timed out or been closed, Thunder performs the requested action and replies with status 200 - OK
Thunder performs requested action, if session ID is valid and session has not timed out or been closed
Third-party Application aXAPI
22 ©A10 Networks, Inc.
Achieve automation, operational agility, and reduced TCO
SDN integration
– Overlay & fabric integration
– VXLAN and NVGRE
– IBM SDN-VE, Cisco APIC, VMware NSX
Cloud orchestration integration
– Policy integration with Cloud orchestration platforms
– aGalaxy, Microsoft SCVMM, VMware vCloud Director, OpenStack
3rd-Party Integrations: SDN/Cloud Orchestration Integration
Summary
24 ©A10 Networks, Inc.
Diferenciais – A10 Networks?
Alinhado con as tendências de mercado
Cumpre com todos os requerimentos apontados pelo Gartner (IPv4/IPv6, Garantia de transações, NAT, Cache e Virtualização)
Diferentes formatos e Flexibilidade para aquisição (HW, VM ou Cloud)
Melhor solução sob aspectos de escalabilidade e performance
OPEX Previsível e licenciamento todo incluso; Cisco Like CLI
Reconhecimento por terceiros
Suporte de primeira linha, plataforma robusta e com baixo RMA
25 ©A10 Networks, Inc.
Visit www.a10networks.com
– 30 days, 5 Mbps limit
– Full features
– For VMware, Hyper-V, KVM and Xen
vThunder Free Trial – Try Today
Questions??
THANK YOU www.a10networks.com