Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Platforms Past, Present and Future May 3, 2012 Aaron Robel.

Published byToby McKinney Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Platforms Past, Present and Future May 3, 2012 Aaron Robel."— Presentation transcript:

1 Security Platforms Past, Present and Future May 3, 2012 Aaron Robel

2 Agenda Past Present Future Questions

3 Anyone Remember the Checkpoint Firewall 1,2,3 days? Well Defined Policy Control Integrated Logging and reporting GUI driven Platform Checkpoint Management GUI Simple architecture Reduced change risk Physical Firewalls

4 Only Physical separation Only a Global Policy Built for the Enterprise Many DMZ’s Large segments Huge policies Policy control No logical partitioning No delegation capability Multi- Tenancy Scalability through physical addition Challenges between OS and software Platform Old Checkpoint Platform Challenges

5 Enter: The Cisco Firewall Services Module Enter: The Cisco Firewall Services Module Consolidated Hardware and Software Robust Throughput Tightly Integrated with Network Core The Platform Distinct Logical firewalls Compartmentalized Policies Granular Service separation Quick scalability for new services Multi- Context Mode

6 Firewall Service Module Challenges Limited to 1 gig flows Limited visibility in backplane HA traffic coupled with data traffic Tightly integrated with Network Core The Platform Limited to stateful firewalling Firewall proliferation Inefficient packet flows Multi- Context Mode No log monitoring or reporting Still have to implement firewalls in CLI Not ready for multi-tenancy Cisco Security Manager

7 Tenants of a New Solution Delegated Service ModelSimplify Firewall ArchitecturePerformance LeapBeyond Stateful FirewallingManagement Single Pane of GlassProvider Grade ScalabilityReduce Operational Cost

8 After 6 successful years and long service life it’s now time to replace the FWSM… The RFP process was started to find the next generation security platform. Gathered RequirementsWent out for a RFIVendor Interviews/DemosWent out for RFPEvaluation, evaluation, evaluation…

9 The ASV is…

10 What drove this decision?? PerformanceFeaturesSupportPotential

11 Performance 480 Gig of stateful firewalling 71 Gig for IPS 32 Gig for Anti-Virus/Malware Throughput 132 million concurrent connections 1.1 million new connections per second Connections Up to 3000 individual VDOM’s or virtual firewalls Capacity

12 Primary Features Stateful firewallIDS/IPSApplication policy controlFQDN policy enforcementActive directory IntegrationURL filteringVPNScalability and HAL2 and L3 capabilityUnified MGMT GUI

13 Features VDOM 1 FirewallingRouting tableIPSIPSec VPNClient SSLVPN VDOM 2 FirewallingLayer 2 bridgeIPS VDOM 3 FirewallingRouting TableURL FilteringIPS Application ID Integrated with AD

14 Support Technical Account MGR Resident Engineer Training Lab Equipment

15 Potential Data Loss PreventionAnti-Virus/Malware InspectionIntegrated Wireless ControllerWAN OptimizationWEB CachingVoIP SupportIPv6 Support

16 Platform Challenges No proven track record with the State The Unknown Migration from vendor to vendor is always tough 6 years with FWSM Data flows may introduce challenges New datacenter infrastructure Datacenter deployment

17 Some Architectural Thoughts… Next Generation Architecture Re-Think SGN Cloud Scalability Hypervisor Firewalls

18 Lets get the 2 most frequently asked questions out of the way…

19 I love to talk so, OTHER questions?

Download ppt "Security Platforms Past, Present and Future May 3, 2012 Aaron Robel."

Similar presentations

Agenda Product Overview Hardware Interfaces Software Features

Agenda Product Overview Hardware Interfaces Software Features
<<replace with Customer Logo>>

<<replace with Customer Logo>>
Operating and Configuring Cisco IOS Devices © 2004 Cisco Systems, Inc. All rights reserved. Operating Cisco IOS Software INTRO v2.0—8-1.

Operating and Configuring Cisco IOS Devices © 2004 Cisco Systems, Inc. All rights reserved. Operating Cisco IOS Software INTRO v2.0—8-1.
Project Management Methodology Procurement management.

Project Management Methodology Procurement management.
VMware Virtualization Last Update 2014.02.06 2.0.0 1Copyright 2011-2014 Kenneth M. Chipps Ph.D. www.chipps.com.

VMware Virtualization Last Update Copyright Kenneth M. Chipps Ph.D.
Transform your desktop with virtualization. 22 Agenda Evolution of VDI VDI Solution VDI Use Cases Questions & Answers.

Transform your desktop with virtualization. 22 Agenda Evolution of VDI VDI Solution VDI Use Cases Questions & Answers.
SANE: A Protection Architecture for Enterprise Networks Offense by: Amit Mondal Bert Gonzalez.

SANE: A Protection Architecture for Enterprise Networks Offense by: Amit Mondal Bert Gonzalez.
MSIT 458: Information Security & Assurance By Curtis Pethley.

MSIT 458: Information Security & Assurance By Curtis Pethley.
MIGRATION FROM SCREENOS TO JUNOS based firewall

MIGRATION FROM SCREENOS TO JUNOS based firewall
Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA.

Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA.
Virtual techdays INDIA │ 22-23 November 2010 SQL Azure Data Sync Shilpa Nirmale │ Associate Manager, Accenture.

Virtual techdays INDIA │ November 2010 SQL Azure Data Sync Shilpa Nirmale │ Associate Manager, Accenture.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 12 Slide 1 Distributed Systems Design 1.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 12 Slide 1 Distributed Systems Design 1.
Microsoft delivers a complete datacenter solution with Windows Server 2012 R2 out-of-the-box Cloud OS Development Management Identity Virtualization.

Microsoft delivers a complete datacenter solution with Windows Server 2012 R2 out-of-the-box Cloud OS Development Management Identity Virtualization.
Voice & Data Convergence Network Services January 11, 2001.

Voice & Data Convergence Network Services January 11, 2001.
Data Center Network Redesign using SDN

Data Center Network Redesign using SDN
©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.

©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.
MIGRATING INTO A CLOUD P. Sai Kiran. 2 Cloud Computing Definition “It is a techno-business disruptive model of using distributed large-scale data centers.

MIGRATING INTO A CLOUD P. Sai Kiran. 2 Cloud Computing Definition “It is a techno-business disruptive model of using distributed large-scale data centers.
© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.

© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.
UNL Network Security Zac Reimer Network Security Analyst UNL Information Services

UNL Network Security Zac Reimer Network Security Analyst UNL Information Services
Selecting the Right Virtualization Technology Infrastructure Planning and Design Series.

Selecting the Right Virtualization Technology Infrastructure Planning and Design Series.

Similar presentations

Ads by Google