Upgrading Your Firewall? Its Time for an Inline Security Fabric
•
1 like•309 views
An inline security fabric can provide benefits over traditional firewall deployments by reducing network downtime, increasing security tool efficiency, and improving inspection and security monitoring. An inline security fabric uses high-availability network packet brokers and bypass switches to intelligently route traffic across security tools, load balance traffic to extend tool life, and ensure redundancy so there are no single points of failure. This eliminates disruptions from tool failures or upgrades while improving security resilience.
Report
Share
Upgrading Your Firewall? Its Time for an Inline Security Fabric
- 1. 1© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | UPGRADING YOUR FIREWALL? IT’S TIME FOR AN INLINE SECURITY FABRIC Ajay Pandey, MS(Boston), LL.B, CCIE #14792 (R&S/Sec), CISSP, CISA Enterprise Solutions Architect - APAC
- 2. 2© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | 106 / hour 66%Growth in information-based security incidents from 2014 to 20152 25%Chance that your organization will be breached over next 24 months3 $550kAverage cost of unplanned outage for enterprises, growing 15% annually2 Average number of malware hits1 1 ZK Research Study for Ixia, April 2016 ATTACKS CONTINUE TO RISE 2 Kaspersky Lab, Cost of Security Breaches, September 2015 3 Ponemon Institute, Data Breach Study, May 2015
- 3. 3© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | Switch Server Server Switch Switch Switch Single points of failure Administrative tension Tools not used efficiently Difficult to scale INLINE SECURITY IS EXPANDING
- 4. 4© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | • Increased risk of downtime • Upgrade disruption • Inefficient use of budget and limit on ROI • Difficult to scale • Incomplete security monitoring DISADVANTAGES OF CURRENT PRACTICES
- 5. 5© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | Switch Server Switch Server Switch Switch INCREASED RISK OF DOWNTIME
- 6. 6© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | Switch Server Switch Server Switch Switch Bypass Switches Bypass Switches ELIMINATE DOWNTIME FROM TOOL FAILURES Monitored Tool Links via Heartbeat Packets
- 7. 7© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | Switch Server Switch Server Switch Switch UPGRADE & MAINTENANCE DISRUPTIONS
- 8. 8© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | Switch Server Switch Server Switch Switch Bypass Switches Bypass Switches ELIMINATE UPGRADE / MAINTENANCE DISRUPTION Monitored Tool Links via Heartbeat Packets
- 9. 9© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | Switch Server Switch Server Switch Switch Bypass Switches Bypass Switches INEFFICIENT CAPACITY UTILIZATION
- 10. 10© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | Switch Server Switch Server Switch Switch MAXIMIZE CAPACITY USAGE Bypass Switch Bypass Switch Network Packet Broker (NPB) • Aggregate security tool capacity • Selectively route traffic to security tools Monitored Tool Links via Heartbeat Packets
- 11. 11© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | Switch Server Switch Server Switch Switch Bypass Switches Bypass Switches DIFFICULT TO SCALE CAPACITY
- 12. 12© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | Switch Server Switch Server Switch Switch SIMPLE CAPACITY SCALABILITY Bypass Switch Bypass Switch Network Packet Broker (NPB) • Aggregate security tool capacity • Selectively route traffic to security tools • Load balance traffic across security tools
- 13. 13© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | Switch Server Switch Server Switch Switch SINGLE POINT OF FAILURE Bypass Switch Bypass Switch Network Packet Broker (NPB)
- 14. 14© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | Inline Security Tool Farm Switch Server Switch Server Switch Switch Bypass Switch Bypass Switch High-Availability (HA) Network Packet Brokers HIGH AVAILABILITY IXIA SECURITY FABRICTM
- 15. 15© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | Inline Security Tool Farm Switch Server Switch Server Switch Switch Bypass switch Bypass switch Out-of-band sandboxing CONNECT OUT-OF-BAND SECURITY TOOLS High-Availability (HA) Network Packet Brokers
- 16. 16© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | Reduce Network Downtime • Failsafe inline security deployments • HA configuration with no single points of failure Increase Tool Efficiency • Intelligent routing of traffic based on content • Load balancing reduces congestion and extends tool life Improve Inspection and Security Monitoring • Increase monitored network segments • Improve security resilience with HA configuration SUMMARY Benefits of Deploying Ixia Security Fabric
- 17. 17© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | CYBER RANGE SCENARIO EXAMPLE
- 18. 18© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | 18 BREAKINGPOINT PERFORMANCE #S (BANDWIDTH PER CHASSIS) 960Gbps Apps Throughput Applications 24Million TCP CPS Connection Rate 720 Capacity Million HTTP CC 12M SSL Capacity Concurrent SSL Flows 2.4M SSL CPS SSL Connection Rate 240 SSL Throughput Gbps SSL Throughput Performance in two-arm mode, With clients and servers simulated on same blade
- 19. 19© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
- 20. 20© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | THANK YOU