Secure Connectivity on Every Network Layer

ADVA Optical NetworkingSeptember, 2016

Secure Connectivity on Every Network LayerConnectGuard™ Security - Intelligent. Fast. Secure!

© 2016 ADVA Optical Networking. All rights reserved. Confidential.2

Need for Network Security• Organized crime has turned to cyberspace

• Data protection obligations are evolving

• Cost of data breaches is increasing rapidly

• Cloud brings additional security challenge

• New attack surface due to network functionsvirtualization (NFV)

Proactively securing data through encryption becomes mandatory


High-Tech Attacks, High Cost• Average incident costs a company

3.8 million US dollars

• Reputation and the loss of customerloyalty does the most damage

• Healthcare, education and financialsector incur highest costs

Ponemon Group: 2015 Cost of a Data Breach Study: Global Analysis

It's just easier to say, “If it goes out of our premises, it's encrypted”


Security for All WAN Infrastructures

Cloud InterconnectCloud Access

Service delivery and assurance

Metro/core distribution and hosting

Business continuity

Cloud & OTT services

Synchronization delivery and assurance

Cloud Extension

Security at the speed of cloud is scary – and necessary


Adopters of Network Layer Encryption

Banking Government Health Sector CriticalInfrastructure

Connectivity Service Provider

Encryption is part of a toolkit for a tiered data security strategy


Encryption Options

Securing Data in Motion

PhysicalPHY

Data linkMAC

Network layerIP/MPLS

Transport layerTCP, UDP

Application, presentation,session layer

Bits

Frames

Packets

Segments

Data

1

2

3

4

765

OS

I Lay

er

IPsec

TLS, SSH

In-flight encryption

MACsec


IPsec Challenges – Technical Aspects

• Delay is measured in msec instead of µsec

Latency• Up to 50% addi-

tional bandwidth overhead

Efficiency• No wire-speed

performance up to 100Gbps

Scalability

• Slower connection establishment

Speed• Only works for

IP traffic

Compatibility• Issues scale

linearly with links and endpoints

Complexity


Tapping Fiber-Optic Cables is Reality

… GCHQ was able to boast a larger collection of data than the US, tapping into 200 fiber-optic cables to give it the ability to monitor up to 600 million communications every day …

… the GCHQ operation codenamed “Tempora” has been running for 18 months …

… information from Internet and phone use was stored for up to 30 days to be sifted andanalyzed …

UK Government Communications Headquarter– GCHQ –


Secure Data Center Interconnection

Innovation for high-performance cloud data center interconnect

Application

Technology

• Highest performance• Lowest latency• Maximum security

Benefits

Solution

FSP 3000


Use Case: Secure VPN ConnectivityConnectGuardTM Ethernet

• Encryptors against vulnerabilities

• Secure end-to-end encryption based on hardware and software appliances

• Connect multiple enterprise security domains without modifying existing infrastructure

• Cost-efficient high-performance HW encryption

• Leverage virtual network functions (VNFs) for open firewall and encryption solutions

• Consistent security solution across all OSI layers to balance performance and flexibility

Business Drivers Benefits

Service provider

BranchesDC


• Highest flexibility• Minimum overhead• Maximum security

Secure Access in Virtual Networks

Innovation for flexible cloud access in fixed and mobile applications

Application

Technology

Benefits

Solution

FSP 150


Use Case: Secure Access to the CloudCloud Extension

• Virtual private cloud providers looking to offer virtualized, hosted XaaS to enterprises

• LAN extension provides on-network user experience delivered via a hosted cloud environment

• Security and assurance are critical

• Enables seamless, layer-2 network connectivity between customer premise and virtual functions implemented in data center

• Pure-play software (with HW options for CPE side)

• Integration with orchestrated data center services

Business Drivers Benefits

Internet/PrivateIP/MPLS Network

Access

Customer LAN

VXLAN

Gateway

Customer Site Data CenterVXLAN

IPsec


• Virtual infrastructure• Fastest service activation• Choice of VNF vendor,

hardware and location

Secure Access to Virtual Machines

Leveraging Ensemble virtualization for customer choice

Application

Technology

Benefits

Solution

Orchestrator&

Connector

Customer Premises Data Center

VM VM

EnsembleOrchestration

CE2.0 Direct Connect / VXLAN (Internet / Private IP Net)

Advanced MACsec

Transparent LAN with SLA measurement and performance monitoring

PhysicalServer

VirtualMachines

vSecurity


Most Important Features of Encryption

Performance, latency and support for flexible deployment are key


Making Connectivity Networks Secure

High throughput, low latency and cost-effective trust model

Data Center

Main Office

Branch Office

Data Center

Main Office

Main Office

Branch Office

LAN

LAN

LAN LAN

LAN

LAN/SANCluster

LAN/SANCluster

OTN leased line

Carrier Ethernet

Carrier Ethernet VPN /overlay on IP private/public VPN

100M

100M

10G 10G

1G

10G10G

100G 100G


ConnectGuard™ Management

FSP NMserver

FSP NMclients

LAN

DCNGUI server

running NM client apps

Customer A

3rd

PartyNE

Encryption domain management by managed service subscriber

ConnectGuard Managerrunning on FSP NM


ADVA ConnectGuard™

• Intelligent! – Efficient integration with transport technology

• Fast! – Scales up to 100Gbit/s

• Secure! – Industry-compliant

Differentiation by high-performance protection of data in motion

[email protected] You

IMPORTANT NOTICEThe content of this presentation is strictly confidential. ADVA Optical Networking is the exclusive owner or licensee of the content, material, and information in this presentation. Any reproduction, publication or reprint, in whole or in part, is strictly prohibited.

The information in this presentation may not be accurate, complete or up to date, and is provided without warranties or representations of any kind, either express or implied. ADVA Optical Networking shall not be responsible for and disclaims any liability for any loss or damages, including without limitation, direct, indirect, incidental, consequential and special damages, alleged to have been caused by or in connection with using and/or relying on the information contained in this presentation.

Copyright © for the entire content of this presentation: ADVA Optical Networking.

http://www.linkedin.com/company/adva-optical-networking

http://twitter.com/ADVAOpticalNews

http://www.facebook.com/pages/ADVA-Optical-Networking/37630238931?ref=ts#!/pages/ADVA-Optical-Networking/37630238931?v=wall

http://www.youtube.com/user/ADVAOptical

http://advaopticalnews.tumblr.com/

http://www.slideshare.net/ADVAOpticalNetworking

Secure Connectivity on Every Network Layer

Technology

Transcript of Secure Connectivity on Every Network Layer