Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
TechnologyAwakens@Sheridan
WilfriedvanHaeren
CTO
EdgeworxSolutionsInc.
www.edge-worx.com EdgeworxSolutionsInc.OCCCIO2017
TheEndUserawakens….
•Mobiledevices
•UnfetteredAccess
• FreeServices
•Unlimiteddownloads
EdgeworxSolutionsInc.OCCCIO2017
EdgeworxIntroductionWedesign,build,secureandmanageBusiness-CriticalInfrastructures
• NetworkandApplicationPerformanceMonitoring• CyberThreatAnalytics• VulnerabilitySecurityScan• CloudRiskAssessment• Networkdesign&performancetroubleshooting
“wemakeslowinfrastructuresgofast”EdgeworxSolutionsInc.OCCCIO2017
OurCollegecustomers
EdgeworxSolutionsInc.OCCCIO2017
•LackVisibility •BandwidthCongestion
•SlowApplications •ControlWHOaccessesWHAT
•PerformanceIssues •BandwidthUpgrade
End-UserNetworkIssues&PainPoints
Visibility–YouCannotManageWhatYouCannotSee
And…YouCannotStopWhatYouCannotSee
Thisiswhatwetypicallydealwithand….thiscouldbeyourinfrastructure
EdgeworxSolutionsInc.OCCCIO2017
BusApp
;-(
Edgeworx=
Visibility
WiFi visibility:MorethanaHeatMap
EdgeworxSolutionsInc.OCCCIO2017
Wi-Fiperformancetest
Whathappensif….werun20clients
EdgeworxSolutionsInc.OCCCIO2017
Whathappensif….werun40clients
EdgeworxSolutionsInc.OCCCIO2017
Whathappensif….werun60clients
EdgeworxSolutionsInc.OCCCIO2017
Whathappensif….werun80clients
EdgeworxSolutionsInc.OCCCIO2017
VDIAssessments:deploymentonexistingnetwork
EdgeworxSolutionsInc.OCCCIO2017
TogetherwithpartnersWeaddress
• Bandwidthoptimization
• EnsureEnd-UsereXperience (EUX)
• CyberattackandThreatProtection
• ApplicationDeliveryControl
• SSLoffloading
• DDoSdetection&mitigation
EdgeworxSolutionsInc.OCCCIO2017
EdgeworxSolutionsInc.OCCCIO2017
Your End User’s Needs is
in the Cloud
You have critical cloud
apps that your students,
staff and researchers
rely on today (and more
to come)
© 2015 Netskope. All Rights
Reserved.
18
vIT estimate:
40-50
Actual usage (on average):‣ 72 Marketing
‣ 53 Collaboration
‣ 41 HR
‣ 45 Finance
‣ 38 Productivity
‣ 37 Cloud Storage
Actual:
1200+
The Rise of Personal Apps
EdgeworxSolutionsInc.OCCCIO2017
More traffic, more jams:
Business vs. Recreational Assessments
Exampleofday-to-dayapplicationusageonaWideAreaNetwork
Allapplicationsarekeptundercontrol
Databackupscanpushasideallapplicationservices
© Edgeworx Solutions Inc. Proprietary Information
Visibility into the applications
running on your network –
for both sanctioned and
unsanctioned
Visibility
Control the behavior of your
applications – to prioritize your
sanctioned applications and
limit unsanctioned apps
Control
Ensuring Quality of
Experience
Prioritize Critical Apps
Mission critical apps
need to be prioritized
to ensure they
perform reliably and
consistently
Control Unsanctioned Apps
Unsanctioned apps
need to be controlled or
blocked to ensure they
don’t steal resources
from mission critical
applications
All port 80/443
EdgeworxSolutionsInc.OCCCIO2017
Building Intelligent Policies
The Optimization PolicyA unique combination of
network and contextual
variables that define SLA
priority for network traffic.
üWho is the User?üWhich Application?üWhat is the Location?üWhat Time of Day?üHow much Bandwidth?üOn What Device?üUsing Which Protocol?
Network
Insights
Bandwidth
ManagementRecommendations
Extensive
Reporting
• Control over video traffic to contain bandwidth use
• Control over social, gaming and media traffic to prioritize learning
• Control over peer to peer and torrent traffic to stay compliant
• Protection of critical applications
• Provide predictable and consistent application performance
Exinda Benefits
EdgeworxSolutionsInc.OCCCIO2017
SSL InsightSolution Overview
May, 2017
Presented by:
Leanne Sharpe, Regional Sales DirectorRoger Valencia, Senior Sales Engineer
L O A DB A L A N C I N G
A P P L I C A T I O ND E L I V E R Y
S E C U R EA D C
C L O U DA D C
They Said It Couldn’t Be Done
S E C U R E A P P L I C A T I O NS E R V I C E S
+ + + +
FO U N D ED I N 2004
N Y SE ( ATEN )
2015 REV EN U E $200M
5000+ CUSTOM ERS
I N 72 COUNTRI ES
Outline
§ Overview - SSL Adoption
§ Challenges
§ Solution
§ What?
§ How?
§ Why?
§ Other A10 Solutions
§ Q & A
Overview – SSL Adoption
Reasons Why More Organizations Encrypt Traffic
§ Snowden revelations of NSA snooping
§ It protects our privacy
§ It protects our anonymity
§ And sometimes, it protects our lives
§ More importantly protects our Money
§ Google ranks SSL sites higher for SEO
Challenges
GOOD old days…
Today’s BAD days…
Tomorrow’s VERY BAD days…
§The Good:§ Encryption protects privacy in the WWW
§The Bad§ Network security devices are blind to SSL traffic
§The Ugly§ The bad guys (bad hombres) know that§ More likely we are already infected
SSL Insight to the rescue
The Good, the Bad and the Ugly
Solution§ What?
§ How?
§ Why?
Back to the GOOD old days…
SSL Insight
HTTPS://
HTTP://
Solutionü What
§ How?
§ Why?
How do we do it?§ Client Initiates outbound communication
§ Traffic is decrypted
§ Decrypted traffic is inspected by security solutions
§ Data is encrypted
§ Secure tunnel is established
§ Any data returned is decrypted, inspected and encrypted before reaching the client
Other
DLPUTM
IDS
Internet
SSL decryption
SSL decryption
Encrypted
Decrypted
Encrypted
Inspection/Protectio
n
Client
6
4
3
5
2
1
You Can’t Stop WhatYou Can’t See.Solving the SSL Blindspot
Thank you
EdgeworxSolutionsInc.OCCCIO2017
46© Copyright 2013 Fortinet Inc. All rights reserved.
The Fortinet Security FabricQ1 2017
Matt Brady
Channel Account Manager, Central Canada
47
Today’s world demands security without compromise.
FORTINET SECURITY FABRIC
48
The Attack Surface Has Increased Dramatically
Today’s Security is Borderless
Internal External
Mobile
Endpoint
Branch Office
NGFW
Campus
Data Center
DCFW
UTM
IoT
PoS
§ Network
§ Applications
§ Data
§ People
Point solutions
Complexity
49
Client Security
Network Security
Application Security
Cloud Security
Secure WLAN Access
Alliance Partners
Secure LAN Access
IoT
Cooperative Security Fabric
Local Intelligence
Global Intelligence
Scale
Awareness
Security
Actionable
Open
SECURITY FABRIC
50
Device Access Network Cloud
Distributed
Enterprise
Edge Segmentation
Branch
Data Center
North-South
Carrier
ClassPrivate Cloud IaaS/SaaS
WLAN / LAN
Rugged
Embedded System on a Chips Packet and Content Processor ASIC Hardware Dependent
Device
>1GAppliance
>5G
Appliance
>30G
Appliance
>300G
Chassis
>Terabit
Virtual Machine
SDN/NFVVirtual Machine
On Demand
Client
EndpointSDN
Provisioned
Distributed
NSF
Flow Based
ASIC
Single Pane of Glass
(Management)
Single point of
Security Updates
Single Network
Operating System
Scalable from IoT to Cloud
Single point of
Authentication
and SSO
51
Parallel Path Processing (PPP)
PacketProcessing
ContentInspection
PolicyManagement
Security for the Network
Slow is Broken
CPU Only
Policy Management
Packet Processing
Deep Inspection
More Performance
Less Latency
Less Power
Less Space
CPU
Optimised
SoC
52
Fabric Awareness Critical
Secure Access
Network Security
Application Security
USERS
Client Security Cloud Security
DATA
Topology and Data Flow
Edge Firewall
IaaS FirewallSeg FW
Seg FW
Seg FW
Sandbox
192.1.2.08
Port 442
Cloud App 1
Domain
PolicyLogs
Cooperative Security Fabric
FSA3500D
FGT 100D
FGT 1500D
FGT 3700D
FGT VM
FGT API
FGT 100DPartner
IoT
Access
Point
53
End to End Segmentation Critical
Internal External
CloudOn Demand
Data CenterSDN Orchestration
Mobile
Endpoint
Branch Office
NGFW
Campus
Data Center
DCFW
UTM
IoT
PoS
54
Support Services Single Pane of Glass Migration to Cloud Based Systems
FortiCare FortiCloud FortiGuard Cloud FortiSandbox
Cloud Based Management of
NGFW + Access Point
Cloud Based Management of
NGFW + Access Point
Cloud Based
Management of
NGFW + Access Point
Threat Intelligence Advanced Threat
Protection
Actionable Threat Intelligence
WAN Data CenterAccess
IoT Mobile
PoS Windows
FortiManager
55
Open: Multiple Levels of Fabric API’s for Partner Integration
Fortinet Security Fabric
SIEM
SDNEndpoint
CloudVirtual
Management
Ecosystem Alliance Partners
56
Cloud SDN Sandbox
Test/SSO Fortinet Partners SIEM Management
ECO SYSTEAM INTEGRATION POINTS
Thank You !
EdgeworxSolutionsInc.OCCCIO2017