Net Optics Confidential and Proprietary 1 High-Availability Security Monitoring using Bypass Switches August, 2011 Intelligent Access and Monitoring Architecture Solutions

Net Optics Confidential and Proprietary 2 Guest Speakers Lannie Rhodes – Product Manager Lannie spent 25 years as a hardware design engineer at Intel, Tandem computers, and several start-up companies before shifting to a product management role. In her three years at Net Optics, she has been instrumental in building the control product line, making key contributions in the Director, iLink Agg, and xBalancer families. Lannie is also a writer; her booklets "Asic Basics" and "Developing Printed Circuit Assemblies" can be found on Amazon.com and Lulu.com. Her non- technical writing is published under the pen name Lannie Rose. Daniel Aharon – Director of Access Solutions Daniel’s background includes 20 years of experience in Enterprise software with a focus on application and transaction performance management and system management. Daniel has held leadership roles in Product Management, Engineering, and Business Development for market leaders such as Symantec, Veritas, OpTier and BMC.

Net Optics Confidential and Proprietary 3 Agenda Trends and challenges Highly reliable security monitoring How a Bypass Switch works High Availability Bypassing Configurations Net Optics Bypass Solutions Bypass Switch Benefits

Net Optics Confidential and Proprietary 4 Network Security Trends Threats Intrusions escalating in Sophistication Severity Frequency Malware and spam proliferating Insider attack vectors growing Responses IPS Systems Firewalls DLP Systems UTM Systems

Net Optics Confidential and Proprietary 5 The Security Monitoring Access Challenge Deploy today’s sophisticated security and compliance monitoring tools in-line in the network while minimizing the risk of downtime IPS DLP WAF DAM APM NGF

Net Optics Confidential and Proprietary 6 Bypass switches provide fail-safe ports for in-line security devices The Bypass Switch Solution Provides peace of mind when deploying new technology in-line Protects against power, link, and application failure Flexibility for testing, upgrades, and moves Fully passive –when Bypass Switch loses power, the link is still up Normal Operation (Bypass Off)

Net Optics Confidential and Proprietary 7 Bypass switches provide fail-safe ports for in-line security devices The Bypass Switch Solution Provides peace of mind when deploying new technology in-line Protects against power, link, and application failure Flexibility for testing, upgrades, and moves Fully passive –when Bypass Switch loses power, the link is still up IPS Failure (Bypass On – Fail OPEN)

Net Optics Confidential and Proprietary 8 Bypass switches provide fail-safe ports for in-line security devices The Bypass Switch Solution Provides peace of mind when deploying new technology in-line Protects against power, link, and application failure Flexibility for testing, upgrades, and moves Fully passive –when Bypass Switch loses power, the link is still up Normal Operation (Bypass Off)

Net Optics Confidential and Proprietary 9 Bypass switches provide fail-safe ports for in-line security devices The Bypass Switch Solution Provides peace of mind when deploying new technology in-line Protects against power, link, and application failure Flexibility for testing, upgrades, and moves Fully passive –when Bypass Switch loses power, the link is still up IPS Failure (Bypass On – Fail CLOSED)

Net Optics Confidential and Proprietary 10 What is a Tool Failure? Bypass Switch triggers on Loss of link between Bypass Switch and tool o Tool maintenance or redeployment Power loss to the Bypass Switch Heartbeat failure o Power loss to the tool o Tool dropping packets due to oversubscription o Tool processing packets too slowly o Tool software hung o Tool hardware failure

Net Optics Confidential and Proprietary 11 The Need for High Availability Monitoring If Bypass Switch fails OPEN to traffic, can you tolerate passing traffic without monitoring while a tool is down? –Intrusions and other attacks –Data loss –Compliance issues If Bypass Switch fails CLOSED to traffic, can you tolerate link down while a tool is down? –Loss of mission-critical applications –Customers cannot be serviced –$$$$$ impact

Net Optics Confidential and Proprietary 12 Redundant Tools Protect Against Tool Failure Traffic flows through primary IPS If primary IPS fails, traffic is routed through backup IPS When primary IPS recovers, traffic returns to it If both IPSs fail, traffic passed directly through the link

Net Optics Confidential and Proprietary 13 Redundant Links Protect Against Link Failure Traffic flows through the primary link and the IPS If the primary link fails, traffic from the backup link is routed through the IPS When primary link recovers, its traffic returns to the IPS The link traffic that is not being routed through the IPS is open to traffic flow Fault mirroring across the links is required so both endpoints are aware of any fault

Net Optics Confidential and Proprietary 14 Redundant Tools and Links Together Traffic flows through primary link and primary IPS If primary IPS fails, traffic from the active link is routed through backup IPS If the primary link fails, traffic from the backup link is routed through the active IPS

Net Optics Confidential and Proprietary 15 iBypass HD – Redundant Links & Tools Net Optics iBypass HD — High Density, eight Bypass Switches in a 1U appliance Four Dual Bypass Modules (DBMs) o Configure DBM as two independent Bypass Switches o Configure DBM as a single HA Bypass Switch with Tool redundancy and/or Link redundancy o Configure as a Bypass Switch plus a Tap

Net Optics Confidential and Proprietary 16 iBypass HD Features Manual (forced) Bypass On mode – Take tool offline immediately in case of emergency Acts as a Tap when traffic is bypassing the tool – Test signature set out in IDS mode Dual Heartbeat packets check both directions of data flow Link Fault Detection (LFD) — fault mirroring across Link Bypass Detection — signals tool that bypass is engaged Fail-open and fail-closed modes Remote monitoring (RMON) traffic statistics RADIUS and TACACS+ authentication and authorization Dual hot-swappable AC or DC redundant power supplies FiberCopper

Net Optics Confidential and Proprietary 17 Tap Mode While Bypassing Bypass Switch acts as a full-duplex breakout Tap while in Bypass ON mode – Use IPS as IDS to test new signature sets – Use as Tap when you don’t need a Bypass Switch FiberCopper Half-duplex mirrored traffic

Net Optics Confidential and Proprietary 18 Bypass Switch Benefits Protects links with IPSs and other in-line security monitoring tools against –Power failure (IPS or bypass switch) –Tool failure (hardware, software hangs or slowdowns) Increases solution reliability by independently checking the IPS and supporting High Availability (HA) network architectures Provides capability to take tools offline instantly when problems occur Provides flexibility to remove IPSs without interrupting link traffic; also flexibility to use as Taps Increases traffic visibility with RMON traffic statistics and remote manageability 10GigaBit iBypass Switch

Net Optics Confidential and Proprietary 19 Bypass Switch Interface 10GigaBit iBypass Switch

Net Optics Confidential and Proprietary 20 Question & Answer Please post questions to either the Chat or Q&A window To receive future invitations to our webinars, please sign up for our newsletter at the following URL:

Net Optics Confidential and Proprietary 21 Net Optics, Inc Thank You!