Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

PPT_3_NetScreen_strategy_and_vision

advertisement 
NetScreen Technologies
Security Solutions the NetScreen Way
Peter Crowcombe – EMEA Marketing
Manager
Page: 1
Agenda
•
•
•
•
•
•
•
About NetScreen
Security Innovation
Unique Architectures
Threats and Responses
VPN leadership
Total cost of ownership
The future of security
Page: 2
About NetScreen
• Leading supplier of network security solutions for
large scale and high capacity enterprise and
carrier networks
– Integrated firewall, VPN and traffic management
• Leading market share
– #1, #2 or #3 in key VPN and firewall categories*
* Based on data from Dataquest/Gartner Group, Infonetics Research, International Data Corp.
Page: 3
NetScreen Innovation
NetScreen firsts:
• An integrated Firewall and VPN appliance with ASIC
acceleration for FW AND VPN
• Virtual system architecture
– With separate policy tables, addressing and management
• Integrated active-active, full mesh, stateful High
Availability
• Ship Gigabit Firewall & VPN appliance
• Ship 4 Gigabit Firewall appliance
Page: 4
Resulting in NetScreen Delivering
Industry-Leading Growth
$ Millions
$40
$36.4
$32.0
$75
$29.0
$30
$26.3
$60
$23.0
$20
$17.2
$85.6
$90
$19.1
$45
$12.2
$26.6
$30
$10
$15
$0
Sep
'00
Dec Mar Jun
'00 '01 '01
Sep Dec Mar
'01 '01 '02
Jun
'02
Page: 5
$0
$5.9
FY '99
FY '00
FY '01
Unique Solution & Technology Platform
Global PRO
GigaScreen ASIC
Optimized Security
Platform
ScreenOS
Superior Security, Performance and Economics
compared with software/processor based architectures
Page: 6
GigaScreen-II ASIC Technology
Management module
Control
CPU
Data Exchange
(first packet, IKE
etc)
GigaScreen-II
ASIC / Flow
Processor
• GigaScreen-II is a security processor
– Breakthrough performance
• 2 Gbps firewall; 1 Gbps VPN
– Massive scalability
• Linear scalability when connected to a switched
backplane
– Complete security processing
• Complete packet processing with little to no CPU
intervention
– Programmability
• Ability to add packet classification and content
inspection engines
Flow Traffic
Page: 7
NetScreen-5000 Chassis Architecture
• Dual Bus Architecture
Back plane
–
32 bit - Bus 0
–
64 bit - Bus 1
• 15 Gigabit switch fabric and
Multiple Module Slots (5400)
15 Gbps switch fabric
–
–
Mgmt
Module
Secure
Port
Module
Secure
Port
Module
Control Traffic between GigaScreen-II and
Management Module
Data Exchange between the Management Module
and the GigaScreen-II via Dual Access High Speed
RAM (SRAM)
Future
Tech.
Modules
Page: 8
Slots for Multiple Secure Port Modules or additional
new modules
Packet Flow Traffic between Secure Port Modules or
Future modules
Flow
Control
First Packet, IKE, etc
Comprehensive Product Line
Network core
Central Site
Medium Site
NetScreen-500
NetScreen-1000
NetScreen-5XT
NetScreen-50
NetScreen-5000 Series
NetScreen-200 Series
NetScreen-Global PRO
NetScreen-Global
PRO Express
Page: 9
Enterprise
Telecommuter
Small Office
NetScreen-25
NetScreen-5XP
NetScreen
-Remote
Security Deployment Drivers
72%
Hacking from the outside
Addition of applications
that require security
43%
38%
Addition of Internet connections
38%
Factors
Increase in mobile workers,
telecommuters, and day extenders
36%
Hacking from the inside
Demand from customers
or business partners
36%
Increase in commercially
sensitive traffic
33%
Business/regulatory
requirement
32%
32%
Addition of an extranet
Source Infonetics 2002
0%
25%
50%
75%
Percent of Respondents Rating 6 or 7
Page: 10
Security Threats Are Growing
Security Incidents Reported to CERT
• Outside attacks that
compromise perimeter
security
• New application
requirements
– Segmentation of departmental
resources
2001: 52,000+ incidents
(Code Red, Nimda)
50,000
40,000
# of incidents
– Denial of service, VPN U-turn
attacks
– Trojan horse attacks that
penetrate the enterprise
60,000
30,000
20,000
10,000
• Wireless LANs
Computer Emergency Response Team (CERT) is a federally funded
research and development center specializing in Internet security
operated by Carnegie Mellon University.
0
Page: 11
1988: 6 incidents
(Kevin Mitnick)
Security Threats
Unauthorized
Personnel
Regional Office
Branch Office
VPN
VPN
Unauthorized
Wireless User
Telecommuter
Compromised
Computer
Internet
VPN
Worms /
Compromised
Server
Firewall
Unauthorized
Wireless User
VPN
DMZ
Servers
Finance
Servers
Page: 12
Trojans /
Disgruntled /
Dishonest
Employee
Security Domains
Integrated FW/VPN
with attack blocking
and user
authentication
Branch Office
Regional Office
Telecommuter
Wireless
VPN - Client
Internet
Notebook &
PDA (VPN)
Greater Segmentation
& Policy Control
Internal / External
threats treated equally
OR
Web
Wireless
Admin
DMZ
VPN - Client
E-mail
Finance
Central Site
Page: 13
Paybacks and Benefits of VPNs
Q. On a scale of 1 to 7, where 1 is “not important” and 7 is “extremely important,” please rate the
importance of the following expected paybacks and benefits in your decision to implement VPNs:
57%
Increased security
45%
Dial-up or dedicated connection cost savings
Increased bandwidth using VPNs with DSL,
cable, or broadband wireless
44%
43%
Reduction of operation and management costs
Ability to quickly add remote access
users, sites, or extranet partners
42%
41%
Improved communications with customers
41%
Increased geographic coverage
34%
Any to any connectivity
32%
Increased network uptime
17%
Ability to carry voice over IP
Source Infonetics 2002
Page: 14
Leaders in VPN technology
Intranet VPN
Mobile VPN
MPLS
Small site,
Temp site VPN
Partner A
Partner B
Partner C
Data Centre
/SP NOC
Internet
Remote Access
Content
Home GPRS
GRX
Content Ser
AV Services
IDS Services
Application Ser
Page: 15
Overseas GPRS
Frame to IP VPN Migration Scenarios
Apples to Apples – Equal Bandwidth
Legacy Network
IP
Network
Change
Scenario A: Direct One-to-One Comparison
Small Site Bandwidth
(8 sites)
Monthly Cost/Site
Medium Site Bandwidth
(2 sites)
Monthly Cost/Site
Central Site Bandwidth
Monthly Cost/Site
Total Annual Costs
(1 site)
56-64 Kbps
56-64 Kbps
No Change
$280
$75
Save $205
384 Kbps
384 Kbps
No Change
$1,150
$190
Save $960
T-1
T-1
No Change
$3,275
$1,570
Save $1,705
$93,780
$30,600
Save $63,180
Time to pay back initial hardware investment ($6,000 to $10,000):
1.1 – 1.9 Months
The initial hardware purchase is based on average pricing for NetScreen appliances while the bandwidth rates are based
on averages derived from multiple carrier offerings. This example does not include network management, installation
expense, time to migrate multiple networks, etc.
Source: TeleChoice – Building the business case for IP VPNs
Page: 16
Firewall Features
Additional security
functionality
59%
Remote software
update
49%
Ability to repel
DoS/DDoS
48%
Features
Stateful inspection
engine
44%
42%
100M performance
34%
Fail-over capability
32%
Appliance-based
Load balancing/QoS/
traffic shaping
31%
Four or more Ethernet
ports
30%
24%
1G performance
0%
Source Infonetics 2002
15%
30%
45%
60%
Percent of Firewall Respondents Rating 6 or 7
Page: 17
IDP - The future of security
• Definitive agreement to acquire OneSecure
for $40.3 million
• Innovative intrusion detection and
prevention appliance accurately detects
attacks, stops attacks and is easy to
manage
• Immediately address IDS market with
intrusion prevention products
• The best technology, architecture and
people to accelerate NetScreen’s delivery of
next generation integrated security gateway
and management
Page: 18
Milestones
•1st device that detects and
prevents attacks by dropping
malicious packets (patent
pending)
•1st to implement MultiMethod Detection to
maximize attack detection
•1st to utilize Stateful
Signature Detection to help
reduce false alarms
•1st centralized, rule-based
management of intrusion
detection and prevention
Intrusion Prevention - OneSecure
• Innovative intrusion prevention and detection product
– Improved intrusion detection accuracy, reducing false alarms and detecting more
attacks
• Multi-Method Detection
• Stateful Signatures
HR
Servers
Users
– True attack prevention
to eliminate
impact of attack
Web
• In-line operation
Server Mail
Server
User
Firewall
Page: 19
Finance
Servers
Intrusion Detection strategies
Device Types
Integrated security
appliance
75%
Standalone intrusion
detection appliance
57%
Host-based Intrusion
detection
software on clients and
servers
44%
Intrusion detection in
a network device
43%
0%
Source Infonetics 2002
25%
50%
75%
Percent of Intrusion Detection Respondents
Page: 20
100%
NetScreen-OneSecure Integration Plan
Phase I: At Close
Phase II: 1H03
Integrate key IDP
features into
ScreenOS. New
processing blade
NS-5000
Introduce & Re-brand
OneSecure IDP. Scale
performance to gigabit
levels
Enhance IDP
Integrate
management
platforms
Introduce &
Re-brand OneSecure
IDP Management
Page: 21
Phase III
Develop silicon &
hardware for nextgeneration platforms
Enhance IDP
Enhance
Management
Intelligence
Innovation in the Security market
“Gartner believes that the primary security gateway, the firewall, should
provide for this in-line inspection and action taking. Thus, we see this
move by NetScreen as the first market move toward fulfilling our
vision of firewalls that look deeper into packet streams and make
higher-level decisions. Enterprises will need this capability to
implement strong, application-aware edge security on a variety of
security platforms..”
Gartner Group
August 27, 2002
Page: 22
NetScreen
Scalable Security Solutions
Page: 23
Related documents
Establishment of the VPN connection with the
Establishment of the VPN connection with the
Peplink SpeedFusion
Peplink SpeedFusion
remote_access_applications
remote_access_applications
CSUN CECS Information Systems JD1112 x3919 Page 2
CSUN CECS Information Systems JD1112 x3919 Page 2
Datasheet SNET SMB
Datasheet SNET SMB
EncryptionPAK Signup Form
EncryptionPAK Signup Form
Download
advertisement