Contenu connexe
Similaire à EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experience Day on 7th June 2016. (20)
Plus de SWITCHPOINT NV/SA (7)
EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experience Day on 7th June 2016.
- 1. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
SWITCHPOINT NV/SA Quarterly Experience Day 2016
Fabien Renaud : Presales Expert
Régis Penin : Sales Engineer
- 2. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
Company Overview
Strong
Partnerships
Technology
Integration
USA-Westchester, PA
Innovative DDI Software Company
Simplicity - Security - Availability
100+
Employees
IDC
Fastest Growing
DDI Company*
*IDC DDI REPORT 2014
HQ - R&D
USA - Westchester, PA
EMEA - France, Paris
24x7
Follow-The-Sun
Support ServicesAwarded
Technologies
600+ Customers
110+ Countries
5 Continents
DDI (DNS-DHCP-IPAM)
A foundation for reliable, secure and agile Network Infrastructure
- 3. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
EfficientIP: Sample of Our Customers
Page 3
Telecommunication
Vodafone
Colt
T Mobile
SFR
Easynet
KPN
Telecom of Thailand
Qatar Telecom
Maskatel
Virgin Mobile
ONO
Energy
Repsol
EDF
GDF
Suez
Air Liquide
Education
Leeds University
Hamburg University
Paris University
Utrecht University
Pais Vasco University
Financial
Allianz
Zurich Financial Services
Swiss Re
Axa Wealth
Standard Life
Bank of France
BRED
Electronics-Defense
Philips
NXP
Nokia Siemens Network
Cassidian
EADS Astrium
- 4. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
DNS-DHCP-IPAM
Applications & Services
Network
Page 4
Why are Network Services so Critical?
The bridge between users and their applications
Customers Citizens StudentsEmployees
Web Apps.Internet emailVideo
IPV
- 5. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
NO DNS = NO BUSINESS
Applications & Services
Web Apps.Internet emailVideo
IPV
Page 5
Why are Network Services so Critical?
If the bridge is down…
Customers Citizens StudentsEmployees
- 7. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
Global visibility
End-to-end consistency
Management automation
Role-based delegation
Unified Management Framework “SMART DDI”
Reconcile
Manage
Deploy
Design
Device
Management
DDI & VLAN
Management
Network
Discovery
Network
Configuration
Solution Portfolio ‘SOLIDserver’ (1)
Page 7
- 8. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
IP addressing & VLAN Plan Management
Network Services Engines : DNS-DHCP-NTP-TFTP
DNS Guardian: 100% DNS cache availability under attack *
DNS Hybrid Technology: 3 differents DNS Engines on one Appliance
DNS Blast: Absorb up to 17 Million queries per second *
Multi-Vendor DNS&DHCP Services Management *
Microsoft – ISC – SOLIDServer™
Device Deployment Management: Device Manager *
Network Discovery & Configuration Management: NetChange*
Page 8
Solution Portfolio ‘SOLIDserver’ (2)
- 9. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
Automate Deployment and Management
Multi-vendor DNS-DHCP: Microsoft, ISC, SOLIDserver
Enforce Best Practices
Reduce Complexity & TCO
Page 9
A centralized IPAM to manage SmartArchitecture™
(Secured, Reliable, Automated)
- 10. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016Page 10
Printer
Belgium
10.1.0.0 /16
Gand
10.1.0.0 /24
de
10.2.0.0 /16
fr
10.3.0.0 /16
uk
10.4.0.0 /16
Bruxelles
10.1.1.0 /24
Charleroi
10.1.2.0 /23
10.1.4.1
10.1.4.25
Block
Subnet
Pool
IP address
IP Space: Your Company
Liege
10.1.4.0 /24
ToIP
10.1.4.26
10.1.4.100
10.1.4.101
10.1.4.150
10.1.4.200
(server200)
10.1.4.151
10.1.4.253
10.1.4.254
(Gateway)
Global Consistency and Uniqueness Control within an IP Space
No duplicate IP address or subnet overlap
- 11. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
IPAM Corner stone of the Global DDI Solution
Page 11
Server
View
Zone
RR
IPAMDNS DHCP
Space
Block
Subnet
Pool
IP address
Server
Group
Static
with IP
Range
Scope
Lease
Lease
granted
Add subnet
Add IP
address
Add CNAME,
A,… records
Add subnet
Add pool
Add IP address
(with MAC)
- 12. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016Page 12
Enforcement of Company defined best practices &
Conformity Management
Templates of objects: Dedicated forms with specific list
of fields (i.e. for printer, server, router)
How to make sure naming convention is respected ?
- 14. Confidential-Property of EfficientIP - All rights reserved-Copyright © 201614Page 14
DNS Attacks Classification
Direct DoS, Amplification, Reflection
attacks
3 Main Types of DNS Attacks
EXPLOITS
VOLUMETRIC
Random QName, Phantom and Sloth
attacks...
DNS Tunnelling, poisoning, 0-day
!!
STEALTH
- 15. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
Attack Objectives
Page 15
Multiple DNS Targets
For Many Objectives
PUBLIC
PRIVATE
Business Downtime
Embezzlement of Money
Intellectual Property Theft
Customer Data Theft
Damaged Reputation
Password Stealing
Volumetric
Stealth
Exploits
- 16. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
Why Are DNS Attacks So Impacting?
Page 16
Traditional Security Solutions Are Not
Adapted to Mitigating DNS Attacks
Firewall & Next Generation Firewall
Anti-DDoS Appliances
IPS
Secure Web Gateway
...
A Specialized Layer of Defense Is Required To
Protect Users & DNS Services From Hidden Threats
in DNS Traffic
- 17. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
EfficientIP DNS Security Vision
Page 17
Protect All DNS Services
From All Attack Types
EXPLOITS
PRIVATE PUBLIC
VOLUMETRIC
!!
STEALTH
- 18. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016Page 18
EfficientIP Security Solution
Strengthen Security
Foundation
Block 0-Day Vulnerabilities
Enforce Best Practices
Ensure DNS Continuity
with Adaptive Security
Advanced Attack Detection
Graduated Countermeasures
Secure Public DNS
Availability
Resiliency & Robustness
Absorb Extreme DoS
Attacks on Cache Servers
Cache Security & Performance
Protect Users & Block DNS-
Based Malware Activity
Prevent, Detect & Mitigate
- 20. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
Hardened Appliance
Enforce DNS Security Best Practices
SmartArchitecture Templates: Stealth DNS, Master-Slave, Multi-master
Block Zero-Day Vulnerabilities: Hybrid DNS Engines
Three DNS Engines transparently Managed as a single entity
Mitigate Amplification & Reflection Threat
Response Rate Limiting (RRL)
Ensure Data Integrity & Authenticity
DNSSEC Automation: “One Click” Deployment
Page 20
SOLIDserver DNS
IT Night WINNER
Best Security Product 2014
Most Innovative Security Solution
SOLIDserver Security Foundation
PUBLIC & PRIVATE
- 22. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
Amazon Route53 Integration
Advanced Protection For DDoS & 0-Day
52 DNS Spots – Hybrid DNS engine
High-Availability & Performance
Anycast resiliency – Ultra Low Latency
Simple & Flexible
Deployment –Management – Reversibility
Cost-Effective
Page 22
DNS Services In the Cloud
PUBLIC
UNIFIED MANAGEMENT OF
IN-HOUSE & AMAZON CLOUD DNS
- 24. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
DNS Firewall
Page 24
PROTECT AGAINST MALWARE AND
PHISHING WITH RESPONSE POLICY ZONE
PRIVATE DNS SERVICES
Prevent Initial Infection
Block malicious sites
Detect and Block Malware Activity
Users & Applications, CnC Communications
Mitigate Data Exfiltration
Locate Infected Devices to Remediate
- 26. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015
DNS Guardian
Page 26
Inside DNS Transaction Analysis For Accurate Attack
Detection
Global & Per IP Statistics (cache & recursive)
Volumetric, Stealth & Exploit Attacks Detection
Tunnelling, RQName attacks, phantom attacks, anomalies
Graduated Protection With Smart Countermeasures
Block source IPs of the attacks
Quarantine suspected source IPs of attacks
Patented Rescue Mode: Ensure service continuity even if the attack
source is unidentifiable.
ADAPTIVE DNS SECURITY
PRIVATE DNS SERVICES
- 28. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015
DNS Blast: Cache Security & Performance
Page 28
Absorbs DoS Attacks on DNS Cache & Eliminates Risks of Blocking
Legitimate Clients
World’s Fastest DNS Caching Server with 17 million qps
High Performance of ACL, RPZ & DNSSEC
Ensures Unparalleled High-Availability with Anycast Resilience
Decreases Costs & Network Complexity
No need to pile up DNS servers and expensive load-balancers
Improved User Experience with Ultra Low Latency
Unequalled Cache Hit Rate (CHR) with Multicast Cache Sharing
Persistent Cache (Restart & Restore)
- 29. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015
DNS Security Performance & Intelligence
Page 29
Complete Coverage of DNS Services
Public & Private
Comprehensive Attack Type Detection
Volumetric, Stealth & Exploit Attacks
Smart & Adaptive Threat Protection
Block, Quarantine & Rescue Modes
Simple to Deploy & Maintain
Cost Effective