Barracuda Networks provides security solutions for enterprises through its Next Generation Firewall appliances. It has over 145,000 customers worldwide and its mission is to simplify IT administration and management. The Barracuda NG Firewall provides centralized management of firewall, VPN, web security and other functions through its appliances and software. It simplifies management of distributed networks through features like application profiling, traffic management, and multi-tenant support.
1. Barracuda Networks
World War Web – juin 2011
Stéphane Castagné / Sébastien Braun
2. Agenda
Barracuda Networks.
Un brin d'histoire.
Simplifier l'IT avec un arc !
Administration centralisée
Redondance des liens WAN
Contrôle au niveau applicatif.
3. « Fournisseur de solutions sécurité IP »
- Création 2003 – HQ Californie – 800 Personnes.
- 145 000 Clients monde.
- Mission : Simplifier l'administration et la gestion IT
- Environnements (Appliances, VM et Cloud)
- Protection des accès, des applications et des données.
6. Un brin d'histoire …
Le client :
L'un des plus grands data center du secteur bancaire autrichien.
Le Challenge:
650 firewalls
Industrialisation du déploiement ?
2 administrateurs dédiés !
L'incubation
Le Résultat:
Technologie NG Firewall
Un design conçu pour la sécurité distribuée
7. Une page blanche ...
UTM
UTM
+ P2P Blocker
2005 + P2P Blocker
+ WAN optimizer
UTM
+ P2P Blocker
+ WAN optimizer
+ NAC
SPI Firewall
+ IPS/IDS
+ Anti-Virus
+ Web Filter
UTM
MGMT ?
+ P2P Blocker
+ WAN optimizer
SPI Firewall
+NAC
+ IPS/IDS
+ Link balancer
+ Anti-Virus
UTM
1990
+ P2P Blocker
+ WAN optimizer
SPI Firewall
+ NAC
+ IPS/IDS
2010: NG Firewall + Link balancer
SPI Firewall + Application control
9. Crayonner des tunnels VPN
Création rapide de VPN
par drag & drop
Template pour les architectures
fully meshed ou hub & spoke
Simplifie le management des VPN
10. Architecture WAN Cloud Public
hétérogène
• Cloud Privé
Resilient Site-2-Site
Connections
HQ-
LAN
HQ-LAN
Branch
Offices
Road warriors
11. Redondance des liens WAN
Intelligent Traffic Management
•Application-based •Per User and/or Group
•For Encrypted and Unencrypted Traffic •Per Source and Destination
•Time of day, weekday, date
DSL
Internet: 50%
Email 50%
MPLS VoIP before
Business 70%
VoIP before Business 100%
Internet 10%
Email 20%
Routing Routing
3G VoIP before
Business 80%
VPN Tunnel Internet 5% VPN Tunnel
Branch Office Headquarters
Email 15%
12. Contrôle au niveau applicatif
Layer 7
Application
Control
+
NG plain HTTP
Firewall bittorrent
+
Plus de 800 applications détectées:
Peer-to-Peer (P2P), Instant Messaging (IM), Standard
Protocols, Voice over IP (VoIP), Streaming Protocols,
Tunnel Protocols, Gaming Protocols, Business
Protocols, Mobile Internet Protocols
13. Illustration du contrôle au niveau applicatif
Que fait réellement cet utilisateur
interdire
Nous pouvons maintenant ajuster le politique de sécurité… limiter
14. Trois points clefs
L'architecture Firewall NG simplifie l'IT en intégrant dans
son administration centralisée l'ensemble des
fonctionnalités d'un Firewall Next Generation :
Une redondance des liens WAN grâce à l'ADSL et/ou la
3G [Traffic Intelligence]
le contrôle au niveau applicatif.
… N'oubliez pas l'arc dans vos architectures !
15. Firmware 5.2
Web Filter
•
–Barracuda Web Filter Engine
–Included with EU -> Best value in NG Firewall market
IPS
•
– Included with EU -> Best value in NG Firewall market
GeoMaps in CC
•
–no extra cost
–unique in NG Firewall market
DC Agent (5.2.1)
•
– Enables clientless user <-> IP recognition
16. Geo Maps in Control Center (any CC and any MC)
19. Barracuda NG Firewall Introduction
“Next generation” firewall: Industry-leading centralized
●Layer 7 application profiling management:
●Identity aware networking ●Scalable and fault tolerant central management
●Dynamic Application Control Monitoring ●Template-based management
●Network access control ●Distributed Firewall
●Intrusion Detection and Prevention ●Multi-tenancy
●Integrated Content Filter (Malware Protection, ●Compliance and Revision Control System
Web filter, Secure Web Proxy) ●Effective troubleshooting
●Integrated Web Cache Proxy
●Infrastructure and Application Proxies:
DHCP, FTP, SSH, DNS, SMTP, POP3
●Enterprise-class Firewall and next generation
VPN with customizable encryption
●Integrated SSL VPN
●Traffic Shaping and Quality of Service (QoS)
●Multiple uplink support
22. Where does the Barracuda NG Firewall come from?
Result of acquisition of phion AG
−Public European NG Firewall company
−Company HQ in Innsbruck, Austria
−10+ years experience in space
−1,000+ Enterprise customers
−15,000+ deployed appliances
(4,589 shipped in 2009)
−100,000+ licensed VPN users
23. The Paradigm of Next Generation Firewalls
“Traditional“ Network Firewall Next Generation Firewall
24. Why do we need “another firewall“ ?
“Traditional“ Network Firewall Next Generation Firewall
+ Integrated Content Security
25. Distributed Secure Web Access
+ Integrated Content Security for distributed environments
Caching /
HTTPS Malware FTP NTP Proxy POP3
HTTP Proxy Web filter Forwarding SMTP Proxy
Proxy Protection Gateway Service Gateway
DNS
26. Network Access Control
+ Network access control for distributed environments
Connection Endpoint Policy Guest 802.1x Identity Context
Clientless Easy of Use
aware protection Enforcement Networking support Aware Aware
27. Why do we need “another firewall“ ?
“Traditional“ Network Firewall Next Generation Firewall
+ Integrated Content
+ Network access control
+ Intelligent Traffic Management
28. Intelligent Traffic Management
+ Intelligent Traffic Management for distributed Environments
Easy
High Secure Visualization Intelligence Multiple Prioritizatio Link-
Graphical Application
VPN through Traffic Connection n & Load Compression
Tunnel Aware
Technology NG Earth Manager Handling QoS Balancing
Interface
29. Why do we need another firewall ?
“Traditional“ Network Firewall Next Generation Firewall
+ Integrated Content Security
+ Network access control
30. Why do we need “another firewall“ ?
“Traditional“ Network Firewall Next Generation Firewall
+ Integrated Content
+ Network access control
+ Intelligent Traffic Management
+ Scalability and Manageability
31. Industry leading centralized management
+ Scalability and Manageability
Template Superior
Role based Multi Central Central log
and device Revision PKI 100% Powerful
Multi User Tenancy Statistic and event
based Control Service Lifecycle Visualization
Aware support Collection processing
design System
32. Why do we need “another firewall“ ?
“Traditional“ Network Firewall Next Generation Firewall
+ Integrated Content
+ Network access control
+ Intelligent Traffic Management
+ Scalability and Manageability
= The Next Generation Firewall designed
for Distributed Environments
33. Barracuda NG Firewall key value propositions
Reduce the number of deployed point solutions
–One product family with one management framework covering multiple topics
–Reduce maintenance cost and simplify management lifecycle
34. Barracuda NG Firewall key value propositions
Saving time and money for troubleshooting
–Determine issue with 2-3 mouse clicks
–Unique 5-tier information architecture (live, history, events, accounting, audit trail)
–Real-time firewall monitoring without performance degradation
35. Barracuda NG Firewall key value propositions
•Reduce line costs without adverse side effects
–By aggregating bandwidth from MPLS and cheaper alternatives
–3G broadband as a cheap backup line
–Detect and reduce bandwidth hogging through covert Layer 7 traffic (P2P, IM,
etc.)
36. Barracuda NG Firewall key value propositions
•Not every administrator has to be an expert
–Have multiple administrators work on the firewall simultaneously with clear cut
custom roles (comprising up to 90 attributes)
–A flexible administration concept supports joint administration in an outsourced
environment without the danger of compromising SLAs
37. Sample Reference Customers
EADS (HQ, IST, LFK, Defense Sys)
Aerospace and Defense
RAS, VPN-Site-2-Site, Firewalls
RHI
Market leader fireproof materials
130 VPN/FW Gateways
Konica Minolta Europe
VPN/FW Gateways
Schenker Germany
Logistics and Transportation
200 VPN/Firewall Gateways
German Postbank
Bank branch office security
2900 VPN/FW Gateways
38. The Barracuda NG Firewall Concept
+ Adaptive WAN Routing,
Click to edit the
+ Bandwidth Control
+ Remote Access Concept
outline text format
+ Scalability
+ Application Profiling Second Outline Level
+ User Awareness
Third OutlineNetwork
WAN Level
Ports Performance
Protocols Fourth Outline Level
Enhancement
Packets Application Control
ID AwareFifth Outline savings
Network cost
Level
Sixth Outline Level
cost savings
network firewall NG firewall
Seventh Outline Level
Eighth Outline Level
Barracuda NG firewall
39. Barracuda NG Firewall Product Line-Up
F900
10Gbps
F800
F600
F400
1 Gbps
F300
F20x
Firewall Perform
F10x
F10
POS small remote remote Small/medium Large Large HQ and
SOHO office office HQ HQ Datacenters
41. Cost Effective Central Management
Central management of
ALL functions
FW, VPN. SSL VPN, web security, anti
spam, application control ….everything
Underlying OS
Patches
Multi-admin
Multi-tenant
42. Management Views – Barracuda NG Earth
Are you also tired of endless „flat“ status listings?
43. Barracuda NG Control Center Appliances
C400 Standard Edition C610 Enterprise Edition
(1 Group, UL Boxes) (UL Groups, UL Boxen)
Barracuda NG Control Center Vx Appliances
VC400 Standard Edition
VC610 Enterprise Edition
VC820 Global Edition
44. ding edge biotech company ensures security and availability ofof a trans-Atlantic WAN with the Barracuda NG Firewall
ading edge biotech company ensures security and availability a transcontinental WAN with the Barracuda NG Firewa
Reference Customer: Micromet, Inc.
Micromet , Inc. Facts and Figures:
public company, NASDAQ (MITI)
phion customer since 2006
Gateways, clients and CC standard edition deployed on two continents
“Leading edge biotech company ensures security and
availability of a trans-Atlantic WAN with the
Barracuda NG Firewall.”
45. Reference customer: Micromet, Inc.
50 road warriors
“…the Barracuda NG
Firewall appliances are the
dependable backbone of
our network. Admins no
longer have to get up at
night and worry about
broken IPSec tunnels. “ One centrally managed solution:
• Firewall + local Web Access
Mr. Werner Jacobs, Dir IT
• Site-2-site & Client VPN,
Administration