SlideShare une entreprise Scribd logo

PLNOG14: Firewalls In Modern Data Centers - Piotr Wojciechowski

PROIDEA
PROIDEA

Piotr Wojciechowski - VeriFone Language: English Role of firewalls in modern data center or edge of Enterprise network. Standard ACLs or simple IPS are not sufficient protection, we have to look deeper inside the packets, face the challenges of virtualization and deployment of cloud-based services. Session will show how to use products of different vendors to create comprehensive network protection, how to fulfill requirements of modern data center and when virtualization is better than physical hardware. Register to the next PLNOG edition today: krakow.plnog.pl

Internet
1  sur  56
Télécharger pour lire hors ligne
FIREWALLS IN MODERN DATA CENTERS Piotr Wojciechowski (CCIE #25543)
ABOUT ME ¢  Senior Network Engineer MSO at VeriFone Inc. ¢  Previously Network Solutions Architect at one of top polish IT integrators ¢  CCIE #25543 (Routing & Switching) ¢  Blogger – http://ccieplayground.wordpress.com ¢  Administrator of CCIE.PL board —  The biggest Cisco community in Europe —  About 7800 users —  3 admin, 3 moderators —  Over 60 polish CCIEs as members, 20 of them actively posting —  About 100 new topics per month —  About 800 posts per month —  English section available
AGENDA ¢  Facts about firewalls market and evolution ¢  Security challenges ¢  Next Generation Firewalls ¢  NGIPS ¢  Data Center Security Future
FACTS ABOUT FIREWALLS MARKET AND EVOLUTION
FACTS ABOUT FIREWALLS MARKET ¢  Virtualized versions of enterprise network safeguards will not exceed 10% of unit sales by year- end 2016 ¢  Through 2018, more than 75% of enterprises will continue to seek network security from a different vendor than their network infrastructure vendor Source: Magic Quadrant for Enterprise Network Firewalls, Gartner, 14 April 2014
FACTS ABOUT FIREWALLS MARKET ¢  Less than 20% of enterprise Internet connections today are secured using next-generation firewalls (NGFWs) ¢  By year-end 2014, this will rise to 35% of the installed base, with 70% of new enterprise edge purchases being NGFWs ¢  Fewer than 5% of enterprises will deploy all-virtual firewalls in data centers through 2016 Source: Magic Quadrant for Enterprise Network Firewalls, Gartner, 14 April 2014
FACTS ABOUT FIREWALLS MARKET ¢  Fewer than 5% of enterprises will deploy all-virtual firewalls in data centers through 2016 ¢  Fewer than 2% of deployed enterprise firewalls will have Web antivirus actively enabled on tchem through 2016 Source: Magic Quadrant for Enterprise Network Firewalls, Gartner, 14 April 2014
APPLICATIONS HAVE CHANGED – FIREWALLS HAVE NOT • The  gateway  at  the  trust   border  is  the  right  place  to   enforce  policy  control   Ø Sees  all  traffic   Ø Defines  trust  boundary   Collaboration / Media SaaS Personal • But  applica;ons  have  changed   Ø Ports  ≠  Applica;ons   Ø IP  addresses  ≠  Users   Ø Headers  ≠  Content   Source: PaloAlto, Palo Alto Networks Product Overview
FIREWALLS HISTORY
EVOLUTION OF DATA CENTER FABRIC ARCHITECTURES
SECURITY CHALLENGES
SECURITY CHALLENGES
SECURITY CHALLENGES
SECURITY CHALLENGES
SECURITY CHALLENGES
INFRASTRUCTURE AS A SERVICE (IAAS) ¢  Set of modular building blocks of underlying resources ¢  Services may be introduced either through dedicated appliances or through virtual appliance implementations ¢  Cost-effective use of capital IT resources through co-hosting ¢  Better service quality through virtualization features ¢  Increased operation efficiency and agility through automation
SECURITY CHALLENGES IN DC ¢  There is a challenge between achieving business value and protecting these highly prized targets Source: Infonetics Research Report Experts: Data Center Security Strategies and Vendor
REQUIREMENTS FOR DC FIREWALLS ¢  Threat Prevention —  Protect against external attacks – including those routed through internal “secure” clients ¢  Data Leakage Prevention —  Protect confidential and unauthorized content from leaving the network ¢  Access Control —  Control access – by user or groups of users – to specific applications and content ¢  Performance —  Minimize latency and maximize throughput to ensure business performance is not compromised Source: PaloAlto, Palo Alto Networks Product Overview
COMPLEX PORTFOLIO
NEXT GENERATION FIREWALLS
SECURING TRAFFIC FLOW North-South From Access Layer to Aggregation and to Core East-West Usually between servers in same layer
SECURITY COMPONENTS
SECURITY COMPONENTS
NEXT GENERATION FIREWALLS
NEXT GENERATION FIREWALLS
CONTENT AWARE SECURITY PORTFOLIO
URL FILTERING ¢  Block sites based on category or reputation ¢  Based on user or user group ¢  Allow administrators block websites with potentially harmful objects ¢  Allow blocking of non-business related sites ¢  Bandwidth control for designated categories ¢  Enforcing safe search ¢  Prevent file download/upload
APPLICATION VISIBILITY ¢  Identification of application using multiple factors not only port or IP classification ¢  Allow administrators to deploy comprehensive application usage control policies for both inbound and outbound network traffic
USER VISIBILITY ¢  Seamless integration with enterprise directory services such as Active Directory, LDAP etc. ¢  Enables administrators to view and control application usage based on individual users and groups of users, as opposed to just IP addresses ¢  User information is pervasive across all features including application and threat visibility, policy creation, forensic investigation, and reporting
CONTENT VISIBILITY ¢  Scanning engine that uses a uniform threat signature format detects and blocks a wide range of threats and limits unauthorized transfer of files and sensitive data ¢  Comprehensive URL database controls non-work related web surfing ¢  IT departments can regain control over application and related threat traffic
FAILOVER
FAILOVER – REPLICATED STATES
FAILOVER – REPLICATED STATES ¢  Replicated features depends on vendor, used firmware and hardware – check release notes for full list ¢  New features added with every release
MULTI-CONTEXT ¢  More often required by for regulatory compliance ¢  Each context has separate control-plane and data-plane, interfaces and config memory ¢  Some features are not supported in multi-context mode
CLUSTERING
CLUSTERING ¢  With new approach it’s crucial to undestand the data flow within cluster in very scenario ¢  Lack of proper data and control plane can make more harm that lack of clustering
TRUSTSEC ¢  Provides the ability to create policies to map end users, or consumers, to data center assets, or servers and applications ¢  AAA services for a variety of external actors
TRUSTSEC ¢  Policy in the firewall has been expanded to include source and destination security groups that are downloaded from the ISE
NGIPS
NGIPS Source: Gartner’s Magic Quadrant for Intrusion Prevention Systems Adam Hils, Greg Young, Jeremy D’Hoinne , 29 December 2014
NGIPS ¢  Some things remains unchanged: —  Tuning is the process of ‘defining’ protections that match the environment —  Although most network provide standard services implementation creates challenges —  Failure to tune = failure to protect
NGIPS ¢  IPS are more and more context-aware ¢  Signatures are not the base for event correlation ¢  Events correlation happens on advanced monitoring systems – IPS itself cannot perform this
NGIPS ¢  Many organizations have relied solely on access control lists and enforcement as the only method of protecting the data center. ¢  A primary assumption is that the “authorized” user is really who they say they are, or that the authorized user is in control of their device that is accessing the data center
NGIPS ¢  One of the easiest ways for a cyber attacker to get a foothold into an enterprise organization’s network is by installing a rootkit onto a user’s end device. ¢  Security access control lists will allow the malware to traverse the network into the data center
NGIPS ¢  NGIPS requirements and imperatives: —  High Availability —  Zero Downtime —  Flow survivability —  Hardware and link redundancy —  Asymmetric packets flows expected and properly handled —  Elastic scaling —  Low latency —  Manageability/visibility/orchestration —  Security and regulatory compliance
NGIPS ¢  Event
NGIPS ¢  Event + network context
NGIPS ¢  Event + network context + user context
NGIPS ¢  In-Path deployment
NGIPS ¢  Off-Path deployment
DATA CENTER SECURITY FUTURE
DATA CENTER SECURITY FUTURE ¢  SDN will be a mainstream consideration for data center security purchases by 2016
DATA CENTER SECURITY FUTURE ¢  Performance Demands vs. Security Concerns
FOCUS OF FUTURE ¢  Specific cloud service requirement and technical specification ¢  Cloud service requirements in specific market area ¢  Cloud networking ¢  Security requirements ¢  Cloud SLA ¢  Operation and maintenance
QUESTIONS?
THANK YOU

Recommandé

Palo Alto Networks - Magnifier
Palo Alto Networks - MagnifierPalo Alto Networks - Magnifier
Palo Alto Networks - MagnifierJisc
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextAlgoSec
 
The Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveThe Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveAlgoSec
 
Key Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsKey Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsAlgoSec
 
Application Framework - Palo Alto Networks
Application Framework - Palo Alto NetworksApplication Framework - Palo Alto Networks
Application Framework - Palo Alto NetworksHarry Gunns
 
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and RoutersEnsuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and RoutersAlgoSec
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 

Recommandé

Palo Alto Networks - Magnifier
Palo Alto Networks - MagnifierPalo Alto Networks - Magnifier
Palo Alto Networks - MagnifierJisc
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextAlgoSec
 
The Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveThe Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveAlgoSec
 
Key Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsKey Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsAlgoSec
 
Application Framework - Palo Alto Networks
Application Framework - Palo Alto NetworksApplication Framework - Palo Alto Networks
Application Framework - Palo Alto NetworksHarry Gunns
 
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and RoutersEnsuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and RoutersAlgoSec
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Microsegmentation from strategy to execution
Microsegmentation from strategy to executionMicrosegmentation from strategy to execution
Microsegmentation from strategy to executionAlgoSec
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to PracticeAlgoSec
 
2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomwareAlgoSec
 
Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...AlgoSec
 
best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloudAlgoSec
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsMicro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsColorTokens Inc
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 
Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentationRasool Irfan
 
2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation finalAlgoSec
 
Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Maytal Levi
 
How VPNs and Firewalls Put Your Organization at Risk
How VPNs and Firewalls Put Your Organization at RiskHow VPNs and Firewalls Put Your Organization at Risk
How VPNs and Firewalls Put Your Organization at RiskCyxtera Technologies
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...Shah Sheikh
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.Imperva
 
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectionSymantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectioninfoLock Technologies
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...centralohioissa
 
SDN's managing security across the virtual network final
SDN's managing security across the virtual network finalSDN's managing security across the virtual network final
SDN's managing security across the virtual network finalAlgoSec
 
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...AlgoSec
 
SecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusSecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusImperva
 
Bitglass Webinar - A Primer on CASBs and Cloud Security
Bitglass Webinar - A Primer on CASBs and Cloud SecurityBitglass Webinar - A Primer on CASBs and Cloud Security
Bitglass Webinar - A Primer on CASBs and Cloud SecurityBitglass
 
PLNOG14: (Nie)bezpieczeństwo w sieciach bezprzewodowych - Sebastian Pasternacki
PLNOG14: (Nie)bezpieczeństwo w sieciach bezprzewodowych - Sebastian PasternackiPLNOG14: (Nie)bezpieczeństwo w sieciach bezprzewodowych - Sebastian Pasternacki
PLNOG14: (Nie)bezpieczeństwo w sieciach bezprzewodowych - Sebastian PasternackiPROIDEA
 
PLNOG14: Zarządzalne sieci WiFi - Tomasz Sadowski
PLNOG14: Zarządzalne sieci WiFi - Tomasz SadowskiPLNOG14: Zarządzalne sieci WiFi - Tomasz Sadowski
PLNOG14: Zarządzalne sieci WiFi - Tomasz SadowskiPROIDEA
 
PLNOG14: Konwergentność, Wydajność, Szybkość w Data Center - Kazimierz Jantas
PLNOG14: Konwergentność, Wydajność, Szybkość w Data Center - Kazimierz JantasPLNOG14: Konwergentność, Wydajność, Szybkość w Data Center - Kazimierz Jantas
PLNOG14: Konwergentność, Wydajność, Szybkość w Data Center - Kazimierz JantasPROIDEA
 

Contenu connexe

Tendances

Microsegmentation from strategy to execution
Microsegmentation from strategy to executionMicrosegmentation from strategy to execution
Microsegmentation from strategy to executionAlgoSec
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to PracticeAlgoSec
 
2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomwareAlgoSec
 
Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...AlgoSec
 
best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloudAlgoSec
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsMicro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsColorTokens Inc
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 
Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentationRasool Irfan
 
2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation finalAlgoSec
 
Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Maytal Levi
 
How VPNs and Firewalls Put Your Organization at Risk
How VPNs and Firewalls Put Your Organization at RiskHow VPNs and Firewalls Put Your Organization at Risk
How VPNs and Firewalls Put Your Organization at RiskCyxtera Technologies
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...Shah Sheikh
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.Imperva
 
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectionSymantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectioninfoLock Technologies
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...centralohioissa
 
SDN's managing security across the virtual network final
SDN's managing security across the virtual network finalSDN's managing security across the virtual network final
SDN's managing security across the virtual network finalAlgoSec
 
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...AlgoSec
 
SecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusSecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusImperva
 
Bitglass Webinar - A Primer on CASBs and Cloud Security
Bitglass Webinar - A Primer on CASBs and Cloud SecurityBitglass Webinar - A Primer on CASBs and Cloud Security
Bitglass Webinar - A Primer on CASBs and Cloud SecurityBitglass
 

Tendances (19)

Microsegmentation from strategy to execution
Microsegmentation from strategy to executionMicrosegmentation from strategy to execution
Microsegmentation from strategy to execution
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice
 
2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware
 
Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...
 
best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsMicro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewalls
 
Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentation
 
2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final
 
Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation
 
How VPNs and Firewalls Put Your Organization at Risk
How VPNs and Firewalls Put Your Organization at RiskHow VPNs and Firewalls Put Your Organization at Risk
How VPNs and Firewalls Put Your Organization at Risk
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.
 
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectionSymantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
 
SDN's managing security across the virtual network final
SDN's managing security across the virtual network finalSDN's managing security across the virtual network final
SDN's managing security across the virtual network final
 
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
 
SecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusSecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and Focus
 
Bitglass Webinar - A Primer on CASBs and Cloud Security
Bitglass Webinar - A Primer on CASBs and Cloud SecurityBitglass Webinar - A Primer on CASBs and Cloud Security
Bitglass Webinar - A Primer on CASBs and Cloud Security
 

En vedette

PLNOG14: (Nie)bezpieczeństwo w sieciach bezprzewodowych - Sebastian Pasternacki
PLNOG14: (Nie)bezpieczeństwo w sieciach bezprzewodowych - Sebastian PasternackiPLNOG14: (Nie)bezpieczeństwo w sieciach bezprzewodowych - Sebastian Pasternacki
PLNOG14: (Nie)bezpieczeństwo w sieciach bezprzewodowych - Sebastian PasternackiPROIDEA
 
PLNOG14: Zarządzalne sieci WiFi - Tomasz Sadowski
PLNOG14: Zarządzalne sieci WiFi - Tomasz SadowskiPLNOG14: Zarządzalne sieci WiFi - Tomasz Sadowski
PLNOG14: Zarządzalne sieci WiFi - Tomasz SadowskiPROIDEA
 
PLNOG14: Konwergentność, Wydajność, Szybkość w Data Center - Kazimierz Jantas
PLNOG14: Konwergentność, Wydajność, Szybkość w Data Center - Kazimierz JantasPLNOG14: Konwergentność, Wydajność, Szybkość w Data Center - Kazimierz Jantas
PLNOG14: Konwergentność, Wydajność, Szybkość w Data Center - Kazimierz JantasPROIDEA
 
4Developers 2015: DevOps in mBank - lesson learned - Marcin Przekop, Piotr Stapp
4Developers 2015: DevOps in mBank - lesson learned - Marcin Przekop, Piotr Stapp4Developers 2015: DevOps in mBank - lesson learned - Marcin Przekop, Piotr Stapp
4Developers 2015: DevOps in mBank - lesson learned - Marcin Przekop, Piotr StappPROIDEA
 
PLNOG14: Application Centric Infrastructure Introduction - Nick Martin
PLNOG14: Application Centric Infrastructure Introduction - Nick MartinPLNOG14: Application Centric Infrastructure Introduction - Nick Martin
PLNOG14: Application Centric Infrastructure Introduction - Nick MartinPROIDEA
 
PLNOG14: SteelCentral NPM Solution - Tomasz Winiarski
PLNOG14: SteelCentral NPM Solution - Tomasz WiniarskiPLNOG14: SteelCentral NPM Solution - Tomasz Winiarski
PLNOG14: SteelCentral NPM Solution - Tomasz WiniarskiPROIDEA
 
PLNOG14: Active Networks miały być fundamentem nowego podejścia do sieci zw...
PLNOG14: Active Networks miały być fundamentem nowego podejścia do sieci zw...PLNOG14: Active Networks miały być fundamentem nowego podejścia do sieci zw...
PLNOG14: Active Networks miały być fundamentem nowego podejścia do sieci zw...PROIDEA
 
PLNOG14: Nowości w protokole BGP, optymalizacja routingu na brzegu sieci - Łu...
PLNOG14: Nowości w protokole BGP, optymalizacja routingu na brzegu sieci - Łu...PLNOG14: Nowości w protokole BGP, optymalizacja routingu na brzegu sieci - Łu...
PLNOG14: Nowości w protokole BGP, optymalizacja routingu na brzegu sieci - Łu...PROIDEA
 
PLNOG14: Data Center Fabric, jak wybrać optymalne rozwiązanie - Jacek Wosz, M...
PLNOG14: Data Center Fabric, jak wybrać optymalne rozwiązanie - Jacek Wosz, M...PLNOG14: Data Center Fabric, jak wybrać optymalne rozwiązanie - Jacek Wosz, M...
PLNOG14: Data Center Fabric, jak wybrać optymalne rozwiązanie - Jacek Wosz, M...PROIDEA
 
PLNOG14: Smart metering, synergia światów telco i mediów - Piotr Stępniewcz E...
PLNOG14: Smart metering, synergia światów telco i mediów - Piotr Stępniewcz E...PLNOG14: Smart metering, synergia światów telco i mediów - Piotr Stępniewcz E...
PLNOG14: Smart metering, synergia światów telco i mediów - Piotr Stępniewcz E...PROIDEA
 
4Developers 2015: Recepta na retrospekcję z finezją - Wòjcech Makùrôt
4Developers 2015: Recepta na retrospekcję z finezją - Wòjcech Makùrôt4Developers 2015: Recepta na retrospekcję z finezją - Wòjcech Makùrôt
4Developers 2015: Recepta na retrospekcję z finezją - Wòjcech MakùrôtPROIDEA
 
PLNOG14: Analiza obecnych zagrożeń DDoS według najnowszego raportu bezpieczeń...
PLNOG14: Analiza obecnych zagrożeń DDoS według najnowszego raportu bezpieczeń...PLNOG14: Analiza obecnych zagrożeń DDoS według najnowszego raportu bezpieczeń...
PLNOG14: Analiza obecnych zagrożeń DDoS według najnowszego raportu bezpieczeń...PROIDEA
 
PLNOG16: Komunikacja i zdalna współpraca w nowoczesnym środowisku  pracy, Tom...
PLNOG16: Komunikacja i zdalna współpraca w nowoczesnym środowisku  pracy, Tom...PLNOG16: Komunikacja i zdalna współpraca w nowoczesnym środowisku  pracy, Tom...
PLNOG16: Komunikacja i zdalna współpraca w nowoczesnym środowisku  pracy, Tom...PROIDEA
 
PLNOG16: DYREKTYWA NIS, Mirosław Maj
PLNOG16: DYREKTYWA NIS, Mirosław MajPLNOG16: DYREKTYWA NIS, Mirosław Maj
PLNOG16: DYREKTYWA NIS, Mirosław MajPROIDEA
 
PLNOG16: Network architectures for cloud-native applications, Nicolai van der...
PLNOG16: Network architectures for cloud-native applications, Nicolai van der...PLNOG16: Network architectures for cloud-native applications, Nicolai van der...
PLNOG16: Network architectures for cloud-native applications, Nicolai van der...PROIDEA
 
PLNOG16: Administratorzy umarli ? Paweł Stefański
PLNOG16: Administratorzy umarli ? Paweł StefańskiPLNOG16: Administratorzy umarli ? Paweł Stefański
PLNOG16: Administratorzy umarli ? Paweł StefańskiPROIDEA
 
PLNOG16: Integracja Ceph w OpenStack - status i przyszłość, Paweł Stefański
PLNOG16: Integracja Ceph w OpenStack - status i przyszłość, Paweł StefańskiPLNOG16: Integracja Ceph w OpenStack - status i przyszłość, Paweł Stefański
PLNOG16: Integracja Ceph w OpenStack - status i przyszłość, Paweł StefańskiPROIDEA
 
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...PROIDEA
 
PLNOG16: IP/MPLS for Fixed and Mobile Convergence, Kevin Wang
PLNOG16: IP/MPLS for Fixed and Mobile Convergence, Kevin WangPLNOG16: IP/MPLS for Fixed and Mobile Convergence, Kevin Wang
PLNOG16: IP/MPLS for Fixed and Mobile Convergence, Kevin WangPROIDEA
 
PLNOG14: Projektowanie sieci Data Center - Tomasz Jarlaczyk
PLNOG14: Projektowanie sieci Data Center - Tomasz JarlaczykPLNOG14: Projektowanie sieci Data Center - Tomasz Jarlaczyk
PLNOG14: Projektowanie sieci Data Center - Tomasz JarlaczykPROIDEA
 

En vedette (20)

PLNOG14: (Nie)bezpieczeństwo w sieciach bezprzewodowych - Sebastian Pasternacki
PLNOG14: (Nie)bezpieczeństwo w sieciach bezprzewodowych - Sebastian PasternackiPLNOG14: (Nie)bezpieczeństwo w sieciach bezprzewodowych - Sebastian Pasternacki
PLNOG14: (Nie)bezpieczeństwo w sieciach bezprzewodowych - Sebastian Pasternacki
 
PLNOG14: Zarządzalne sieci WiFi - Tomasz Sadowski
PLNOG14: Zarządzalne sieci WiFi - Tomasz SadowskiPLNOG14: Zarządzalne sieci WiFi - Tomasz Sadowski
PLNOG14: Zarządzalne sieci WiFi - Tomasz Sadowski
 
PLNOG14: Konwergentność, Wydajność, Szybkość w Data Center - Kazimierz Jantas
PLNOG14: Konwergentność, Wydajność, Szybkość w Data Center - Kazimierz JantasPLNOG14: Konwergentność, Wydajność, Szybkość w Data Center - Kazimierz Jantas
PLNOG14: Konwergentność, Wydajność, Szybkość w Data Center - Kazimierz Jantas
 
4Developers 2015: DevOps in mBank - lesson learned - Marcin Przekop, Piotr Stapp
4Developers 2015: DevOps in mBank - lesson learned - Marcin Przekop, Piotr Stapp4Developers 2015: DevOps in mBank - lesson learned - Marcin Przekop, Piotr Stapp
4Developers 2015: DevOps in mBank - lesson learned - Marcin Przekop, Piotr Stapp
 
PLNOG14: Application Centric Infrastructure Introduction - Nick Martin
PLNOG14: Application Centric Infrastructure Introduction - Nick MartinPLNOG14: Application Centric Infrastructure Introduction - Nick Martin
PLNOG14: Application Centric Infrastructure Introduction - Nick Martin
 
PLNOG14: SteelCentral NPM Solution - Tomasz Winiarski
PLNOG14: SteelCentral NPM Solution - Tomasz WiniarskiPLNOG14: SteelCentral NPM Solution - Tomasz Winiarski
PLNOG14: SteelCentral NPM Solution - Tomasz Winiarski
 
PLNOG14: Active Networks miały być fundamentem nowego podejścia do sieci zw...
PLNOG14: Active Networks miały być fundamentem nowego podejścia do sieci zw...PLNOG14: Active Networks miały być fundamentem nowego podejścia do sieci zw...
PLNOG14: Active Networks miały być fundamentem nowego podejścia do sieci zw...
 
PLNOG14: Nowości w protokole BGP, optymalizacja routingu na brzegu sieci - Łu...
PLNOG14: Nowości w protokole BGP, optymalizacja routingu na brzegu sieci - Łu...PLNOG14: Nowości w protokole BGP, optymalizacja routingu na brzegu sieci - Łu...
PLNOG14: Nowości w protokole BGP, optymalizacja routingu na brzegu sieci - Łu...
 
PLNOG14: Data Center Fabric, jak wybrać optymalne rozwiązanie - Jacek Wosz, M...
PLNOG14: Data Center Fabric, jak wybrać optymalne rozwiązanie - Jacek Wosz, M...PLNOG14: Data Center Fabric, jak wybrać optymalne rozwiązanie - Jacek Wosz, M...
PLNOG14: Data Center Fabric, jak wybrać optymalne rozwiązanie - Jacek Wosz, M...
 
PLNOG14: Smart metering, synergia światów telco i mediów - Piotr Stępniewcz E...
PLNOG14: Smart metering, synergia światów telco i mediów - Piotr Stępniewcz E...PLNOG14: Smart metering, synergia światów telco i mediów - Piotr Stępniewcz E...
PLNOG14: Smart metering, synergia światów telco i mediów - Piotr Stępniewcz E...
 
4Developers 2015: Recepta na retrospekcję z finezją - Wòjcech Makùrôt
4Developers 2015: Recepta na retrospekcję z finezją - Wòjcech Makùrôt4Developers 2015: Recepta na retrospekcję z finezją - Wòjcech Makùrôt
4Developers 2015: Recepta na retrospekcję z finezją - Wòjcech Makùrôt
 
PLNOG14: Analiza obecnych zagrożeń DDoS według najnowszego raportu bezpieczeń...
PLNOG14: Analiza obecnych zagrożeń DDoS według najnowszego raportu bezpieczeń...PLNOG14: Analiza obecnych zagrożeń DDoS według najnowszego raportu bezpieczeń...
PLNOG14: Analiza obecnych zagrożeń DDoS według najnowszego raportu bezpieczeń...
 
PLNOG16: Komunikacja i zdalna współpraca w nowoczesnym środowisku  pracy, Tom...
PLNOG16: Komunikacja i zdalna współpraca w nowoczesnym środowisku  pracy, Tom...PLNOG16: Komunikacja i zdalna współpraca w nowoczesnym środowisku  pracy, Tom...
PLNOG16: Komunikacja i zdalna współpraca w nowoczesnym środowisku  pracy, Tom...
 
PLNOG16: DYREKTYWA NIS, Mirosław Maj
PLNOG16: DYREKTYWA NIS, Mirosław MajPLNOG16: DYREKTYWA NIS, Mirosław Maj
PLNOG16: DYREKTYWA NIS, Mirosław Maj
 
PLNOG16: Network architectures for cloud-native applications, Nicolai van der...
PLNOG16: Network architectures for cloud-native applications, Nicolai van der...PLNOG16: Network architectures for cloud-native applications, Nicolai van der...
PLNOG16: Network architectures for cloud-native applications, Nicolai van der...
 
PLNOG16: Administratorzy umarli ? Paweł Stefański
PLNOG16: Administratorzy umarli ? Paweł StefańskiPLNOG16: Administratorzy umarli ? Paweł Stefański
PLNOG16: Administratorzy umarli ? Paweł Stefański
 
PLNOG16: Integracja Ceph w OpenStack - status i przyszłość, Paweł Stefański
PLNOG16: Integracja Ceph w OpenStack - status i przyszłość, Paweł StefańskiPLNOG16: Integracja Ceph w OpenStack - status i przyszłość, Paweł Stefański
PLNOG16: Integracja Ceph w OpenStack - status i przyszłość, Paweł Stefański
 
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
 
PLNOG16: IP/MPLS for Fixed and Mobile Convergence, Kevin Wang
PLNOG16: IP/MPLS for Fixed and Mobile Convergence, Kevin WangPLNOG16: IP/MPLS for Fixed and Mobile Convergence, Kevin Wang
PLNOG16: IP/MPLS for Fixed and Mobile Convergence, Kevin Wang
 
PLNOG14: Projektowanie sieci Data Center - Tomasz Jarlaczyk
PLNOG14: Projektowanie sieci Data Center - Tomasz JarlaczykPLNOG14: Projektowanie sieci Data Center - Tomasz Jarlaczyk
PLNOG14: Projektowanie sieci Data Center - Tomasz Jarlaczyk
 

Similaire à PLNOG14: Firewalls In Modern Data Centers - Piotr Wojciechowski

Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & CompliancePalo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & ComplianceAmazon Web Services
 
Zero trust model for cloud computing.pptx
Zero trust model for cloud computing.pptxZero trust model for cloud computing.pptx
Zero trust model for cloud computing.pptxkkhhusshi
 
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformadoDesafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformadoCristian Garcia G.
 
talk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptxtalk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptxTrongMinhHoang1
 
Gigamon - Network Visibility Solutions
Gigamon - Network Visibility SolutionsGigamon - Network Visibility Solutions
Gigamon - Network Visibility SolutionsTom Kopko
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XPrime Infoserv
 
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...BGA Cyber Security
 
Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1PROIDEA
 
Sangfor's Presentation.pdf
Sangfor's Presentation.pdfSangfor's Presentation.pdf
Sangfor's Presentation.pdfssusera76ea9
 
Subscribed 2015: Architecture, Security, Scalability
Subscribed 2015: Architecture, Security, ScalabilitySubscribed 2015: Architecture, Security, Scalability
Subscribed 2015: Architecture, Security, ScalabilityZuora, Inc.
 
infraxstructure: Piotr Wojciechowski "Secure Data Center"
infraxstructure: Piotr Wojciechowski "Secure Data Center"infraxstructure: Piotr Wojciechowski "Secure Data Center"
infraxstructure: Piotr Wojciechowski "Secure Data Center"PROIDEA
 
Forcepoint SD-WAN and NGFW + IPS
Forcepoint SD-WAN and NGFW + IPSForcepoint SD-WAN and NGFW + IPS
Forcepoint SD-WAN and NGFW + IPSLarry Austin
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Amazon Web Services
 
Streamline and Secure Your Network and Users
Streamline and Secure Your Network and UsersStreamline and Secure Your Network and Users
Streamline and Secure Your Network and UsersFrederik Lawson
 
Visibility and Automation for Enhanced Security
Visibility and Automation for Enhanced SecurityVisibility and Automation for Enhanced Security
Visibility and Automation for Enhanced Securitypatmisasi
 

Similaire à PLNOG14: Firewalls In Modern Data Centers - Piotr Wojciechowski (20)

Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & CompliancePalo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & Compliance
 
Zero trust model for cloud computing.pptx
Zero trust model for cloud computing.pptxZero trust model for cloud computing.pptx
Zero trust model for cloud computing.pptx
 
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformadoDesafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
talk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptxtalk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptx
 
Gigamon - Network Visibility Solutions
Gigamon - Network Visibility SolutionsGigamon - Network Visibility Solutions
Gigamon - Network Visibility Solutions
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield X
 
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
 
Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1
 
Sangfor's Presentation.pdf
Sangfor's Presentation.pdfSangfor's Presentation.pdf
Sangfor's Presentation.pdf
 
Security and-visibility
Security and-visibilitySecurity and-visibility
Security and-visibility
 
Subscribed 2015: Architecture, Security, Scalability
Subscribed 2015: Architecture, Security, ScalabilitySubscribed 2015: Architecture, Security, Scalability
Subscribed 2015: Architecture, Security, Scalability
 
infraxstructure: Piotr Wojciechowski "Secure Data Center"
infraxstructure: Piotr Wojciechowski "Secure Data Center"infraxstructure: Piotr Wojciechowski "Secure Data Center"
infraxstructure: Piotr Wojciechowski "Secure Data Center"
 
Forcepoint SD-WAN and NGFW + IPS
Forcepoint SD-WAN and NGFW + IPSForcepoint SD-WAN and NGFW + IPS
Forcepoint SD-WAN and NGFW + IPS
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
 
Streamline and Secure Your Network and Users
Streamline and Secure Your Network and UsersStreamline and Secure Your Network and Users
Streamline and Secure Your Network and Users
 
2019 10-app gate sdp 101 09a
2019 10-app gate sdp 101 09a2019 10-app gate sdp 101 09a
2019 10-app gate sdp 101 09a
 
Visibility and Automation for Enhanced Security
Visibility and Automation for Enhanced SecurityVisibility and Automation for Enhanced Security
Visibility and Automation for Enhanced Security
 

Dernier

Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...tanu pandey
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)Delhi Call girls
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...Escorts Call Girls
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Call Girls in Nagpur High Profile
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Standkumarajju5765
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...singhpriety023
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Servicegwenoracqe6
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.soniya singh
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
 

Dernier (20)

Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 

PLNOG14: Firewalls In Modern Data Centers - Piotr Wojciechowski

  • 1. FIREWALLS IN MODERN DATA CENTERS Piotr Wojciechowski (CCIE #25543)
  • 2. ABOUT ME ¢  Senior Network Engineer MSO at VeriFone Inc. ¢  Previously Network Solutions Architect at one of top polish IT integrators ¢  CCIE #25543 (Routing & Switching) ¢  Blogger – http://ccieplayground.wordpress.com ¢  Administrator of CCIE.PL board —  The biggest Cisco community in Europe —  About 7800 users —  3 admin, 3 moderators —  Over 60 polish CCIEs as members, 20 of them actively posting —  About 100 new topics per month —  About 800 posts per month —  English section available
  • 3. AGENDA ¢  Facts about firewalls market and evolution ¢  Security challenges ¢  Next Generation Firewalls ¢  NGIPS ¢  Data Center Security Future
  • 4. FACTS ABOUT FIREWALLS MARKET AND EVOLUTION
  • 5. FACTS ABOUT FIREWALLS MARKET ¢  Virtualized versions of enterprise network safeguards will not exceed 10% of unit sales by year- end 2016 ¢  Through 2018, more than 75% of enterprises will continue to seek network security from a different vendor than their network infrastructure vendor Source: Magic Quadrant for Enterprise Network Firewalls, Gartner, 14 April 2014
  • 6. FACTS ABOUT FIREWALLS MARKET ¢  Less than 20% of enterprise Internet connections today are secured using next-generation firewalls (NGFWs) ¢  By year-end 2014, this will rise to 35% of the installed base, with 70% of new enterprise edge purchases being NGFWs ¢  Fewer than 5% of enterprises will deploy all-virtual firewalls in data centers through 2016 Source: Magic Quadrant for Enterprise Network Firewalls, Gartner, 14 April 2014
  • 7. FACTS ABOUT FIREWALLS MARKET ¢  Fewer than 5% of enterprises will deploy all-virtual firewalls in data centers through 2016 ¢  Fewer than 2% of deployed enterprise firewalls will have Web antivirus actively enabled on tchem through 2016 Source: Magic Quadrant for Enterprise Network Firewalls, Gartner, 14 April 2014
  • 8. APPLICATIONS HAVE CHANGED – FIREWALLS HAVE NOT • The  gateway  at  the  trust   border  is  the  right  place  to   enforce  policy  control   Ø Sees  all  traffic   Ø Defines  trust  boundary   Collaboration / Media SaaS Personal • But  applica;ons  have  changed   Ø Ports  ≠  Applica;ons   Ø IP  addresses  ≠  Users   Ø Headers  ≠  Content   Source: PaloAlto, Palo Alto Networks Product Overview
  • 10. EVOLUTION OF DATA CENTER FABRIC ARCHITECTURES
  • 16. INFRASTRUCTURE AS A SERVICE (IAAS) ¢  Set of modular building blocks of underlying resources ¢  Services may be introduced either through dedicated appliances or through virtual appliance implementations ¢  Cost-effective use of capital IT resources through co-hosting ¢  Better service quality through virtualization features ¢  Increased operation efficiency and agility through automation
  • 17. SECURITY CHALLENGES IN DC ¢  There is a challenge between achieving business value and protecting these highly prized targets Source: Infonetics Research Report Experts: Data Center Security Strategies and Vendor
  • 18. REQUIREMENTS FOR DC FIREWALLS ¢  Threat Prevention —  Protect against external attacks – including those routed through internal “secure” clients ¢  Data Leakage Prevention —  Protect confidential and unauthorized content from leaving the network ¢  Access Control —  Control access – by user or groups of users – to specific applications and content ¢  Performance —  Minimize latency and maximize throughput to ensure business performance is not compromised Source: PaloAlto, Palo Alto Networks Product Overview
  • 21. SECURING TRAFFIC FLOW North-South From Access Layer to Aggregation and to Core East-West Usually between servers in same layer
  • 27. URL FILTERING ¢  Block sites based on category or reputation ¢  Based on user or user group ¢  Allow administrators block websites with potentially harmful objects ¢  Allow blocking of non-business related sites ¢  Bandwidth control for designated categories ¢  Enforcing safe search ¢  Prevent file download/upload
  • 28. APPLICATION VISIBILITY ¢  Identification of application using multiple factors not only port or IP classification ¢  Allow administrators to deploy comprehensive application usage control policies for both inbound and outbound network traffic
  • 29. USER VISIBILITY ¢  Seamless integration with enterprise directory services such as Active Directory, LDAP etc. ¢  Enables administrators to view and control application usage based on individual users and groups of users, as opposed to just IP addresses ¢  User information is pervasive across all features including application and threat visibility, policy creation, forensic investigation, and reporting
  • 30. CONTENT VISIBILITY ¢  Scanning engine that uses a uniform threat signature format detects and blocks a wide range of threats and limits unauthorized transfer of files and sensitive data ¢  Comprehensive URL database controls non-work related web surfing ¢  IT departments can regain control over application and related threat traffic
  • 33. FAILOVER – REPLICATED STATES ¢  Replicated features depends on vendor, used firmware and hardware – check release notes for full list ¢  New features added with every release
  • 34. MULTI-CONTEXT ¢  More often required by for regulatory compliance ¢  Each context has separate control-plane and data-plane, interfaces and config memory ¢  Some features are not supported in multi-context mode
  • 36. CLUSTERING ¢  With new approach it’s crucial to undestand the data flow within cluster in very scenario ¢  Lack of proper data and control plane can make more harm that lack of clustering
  • 37. TRUSTSEC ¢  Provides the ability to create policies to map end users, or consumers, to data center assets, or servers and applications ¢  AAA services for a variety of external actors
  • 38. TRUSTSEC ¢  Policy in the firewall has been expanded to include source and destination security groups that are downloaded from the ISE
  • 39. NGIPS
  • 40. NGIPS Source: Gartner’s Magic Quadrant for Intrusion Prevention Systems Adam Hils, Greg Young, Jeremy D’Hoinne , 29 December 2014
  • 41. NGIPS ¢  Some things remains unchanged: —  Tuning is the process of ‘defining’ protections that match the environment —  Although most network provide standard services implementation creates challenges —  Failure to tune = failure to protect
  • 42. NGIPS ¢  IPS are more and more context-aware ¢  Signatures are not the base for event correlation ¢  Events correlation happens on advanced monitoring systems – IPS itself cannot perform this
  • 43. NGIPS ¢  Many organizations have relied solely on access control lists and enforcement as the only method of protecting the data center. ¢  A primary assumption is that the “authorized” user is really who they say they are, or that the authorized user is in control of their device that is accessing the data center
  • 44. NGIPS ¢  One of the easiest ways for a cyber attacker to get a foothold into an enterprise organization’s network is by installing a rootkit onto a user’s end device. ¢  Security access control lists will allow the malware to traverse the network into the data center
  • 45. NGIPS ¢  NGIPS requirements and imperatives: —  High Availability —  Zero Downtime —  Flow survivability —  Hardware and link redundancy —  Asymmetric packets flows expected and properly handled —  Elastic scaling —  Low latency —  Manageability/visibility/orchestration —  Security and regulatory compliance
  • 47. NGIPS ¢  Event + network context
  • 48. NGIPS ¢  Event + network context + user context
  • 52. DATA CENTER SECURITY FUTURE ¢  SDN will be a mainstream consideration for data center security purchases by 2016
  • 53. DATA CENTER SECURITY FUTURE ¢  Performance Demands vs. Security Concerns
  • 54. FOCUS OF FUTURE ¢  Specific cloud service requirement and technical specification ¢  Cloud service requirements in specific market area ¢  Cloud networking ¢  Security requirements ¢  Cloud SLA ¢  Operation and maintenance