PPT

Virtual Security As Business GeneratorJune 2009

Roberto Correnti

Regional Manager, Clavister France & BeNeLux

Tanguy Derriks

Business Development Director, MMS-Secure

Clavister Overview

• Established in Sweden in 1997

• Sales offices in the Europe and Asia

• Team of 150 people • Evolved from a firewall specialist to a complete • security solution provider

• Target markets:– Service Providers: Data Centers, Internet Service Providers, MSSPs– Enterprises– Telecom Operators

• >100.000 installations world-wide, >20.000 customers

Reference Customers:

Services

Anti-Virus, Anti-Spam, Intrusion Detection & Prevention, Web Content FilteringSoftware Maintenance, Warranty, Technical Support, Training, Consulting, Licensing, SMS

Clavister SSP

Lifecycle Systems

Lifecycle Services

Hardware Software Virtual SSL

Network Elements

Traffic Management VPN Application Layer SecurityNetwork Security

Routing DHCP Authentication HA

Management Troubleshooting Monitoring Log & Alarms

Clavister

32 MB

64 MB

>100 Virtual Gateways

per server*

Designed for enterprises & datacenters

Unique Virtual Security

Known OS Based Competitors

1200 MB

500 MB

12 Virtual Gateways

per server*

Designed for enterprises* Typical server with 12 GB RAM and 1TB Storage

Virtual Security – For Enterprises

VMware Virtualization Basics

Virtualization Trends

• So far, focus has been on deployment, maintenance and provisioning of virtual servers.

• UK research firm YouGov states that 41% of IT managers using virtualization thought that security was built-into the virtualization softwares!

• Security is a neglected yet highly emerging focus area in virtual environments!

Your investment in virtualization might be at risk! Act now, tomorrow it might be to late!

Traditional Network Virtual Network

• Multitude of network segments• Communication between zones are monitored and

secured

• Less network segments which divides the servers• Communication between virtual machines are not

monitored or secured !

DANGER

Communication Path Diagram

Copyright © 2008 Clavister AB. All rights reserved. 10

Web Front-End Zone

Middleware / Business Logic

Zone

Back-End Database Zone

Inter-communication traffic is limited by VLANs but not secured which is a critical security issue and one which nees to be addressed

Mixed Solutions for Securing Virtual Environments

Drawbacks With “Mixed Solutions”

• Still relies on external security appliances

• The virtual infrastructure is a dynamic world. Keeping up with changes from the “outside” is complex and time consuming

• Does not benefit from Redundancy and Disaster Recovery tools

• Makes lab/testing expensive and complex

• Increases risk of costly service down time in case of security appliance hardware failures

The fully virtualized solution

Pre-Configured Solutions> Easy to deploy

> Easy to manage

> Templates & workflows – Increase security and control

The Clavister Virtual Security Gateway Solution

Clavister Virtual Security Gateway SolutionVirtual Machines (VMs) are not allowed to talk with each other without first going through the Virtual Securigy Gateway

All security inspections which would have been performed by a physical security gateway in a physical structure are done ”in-line” in the virtual environment.

Communication Path DiagramWeb Front-End Zone

Middleware / Business Logic Zone

Back-End Database Zone

All virtual machines and inter-communication is secured using best-in-class virtual security gatways and which enables mission critical applications to be virtualized without comprimises to the security policies

Troubleshooting, Monitoring, Alarms & Auditing

• Troubleshoot communication using:• Real-time monitoring with filters• PCAP & Memlog recording• Log analysis

• Monitor behavior of traffic using: • SNMP• Real-Time monitoring • Real-Time KPI dashboards

• Create custom and policy based alarms events (thresholds etc)

• Full auditing capabilities using • Built-in log viewing applications• External SIEM systems

Typical Enterprise Environment

Traditional physical server networkVirtualized production infrastructure

Disaster Recovery or Lab/Test Network

Fully virtualized DMZ Network Diagram

Virtual Security Gateway – Models & Dimensioning

VSG21 VSG110 VSG510 VSG1100

Plaintext Performance (Mbit/s)* 50 200 500 1000

VPN Tunnels 25 200 500 1000

VLAN 4 64 128 512

Concurrent Connections 4000 16000 64000 256000

Recommended Application Test & Lab Networks with no or very low performance demands

Small installations with a limited amount of protected VMs with low to medium performance demands

Medium and Large installations with medium to high performance applications such as web/mail/citrix/databases and similar

Large installations with medium to high performance applications such as web/mail/citrix/databases and similar

Clavister Virtual Security Gateway Features

• Protect Virtual Servers

Segregate virtual machines from each other and avoid hackers from jumping from one machine to

another with no or very little difficulties. All the features of an hardware appliance security gateway

is available also for the virtual security gateways, including the UTM services!

• Secure Inter-Communication

Utilize the VPN encryption to secure communication between virtual machines.

• Achieve Auditing and Regulatory Compliance

Since the virtual security gateway can be run inside the virtual infrastructure security auditing can be

achieved and thereby regulatory compliance requirements can be met.

• No Security Policy Compromises for Virtual Environments

Utilize your standard set of policies not only for physical machines but just as easily also for virtual

ones.

Benefits with Clavister Virtual Security Gateways

• ScalabilityUser can now extend security by simply deploying new security gateways as they go.

• Lower CAPEX Virtualization opens up for new business models where CAPEX is minimized.

• Simplified MaintenanceSecurity components inherit all manageability features from a virtual environment, such as fail-over, provisioning, and so forth.

• Minimized downtimeLess hardware in combination with highly efficient disaster recovery and redundancy tools such as VMmotion reduces downtime and improves the overall in service performance of the security solution

• Simplified Test/Lab testingSince the virtual security gateway is a part of the virtual infrastructure it becomes easier to create lab/test environments which decreases the complexity of security tests which in it’s turn improves the overall security

Virtual Security for Service Providers

xSPs / Telecom Operators- Market Situation

Competitive Market• Highly competitive and saturated market• Recruiting new customers is expensive • Operational efficiency is a must to remain competitive

Financials• Low and decreasing profit margins for traditional offerings• Increasing Average Revenue Per User (ARPU) is absolute key to

growth & success• Financial crisis drives the need to offer cost-savings services to

customers

First mover advantage • Time between visionary to market leadership is shorter than ever

Clavister vSeries – Value Proposition for xSP´s

• Opportunity to take first mover advantage

• A value-adding and unique security offering• Create your own attractive security services portfolio:

(Firewall, VPN, Content Filtering, IDP, Anti-Virus…)

• Leverage existing virtual infrastrucutres• Extreme Scalability, Deployment, SLA, etc..

• Increase your Average Revenue Per User (ARPU)

• Low capital investment – Expands as you grow

Clavister vSeries – What it is

Security Platform• Best-of-breed Security Gateway’s• Clavister Security Services Platform (SSP) our offering for Service

Providers

Virtual for optimal scalability and financial benefits• Runs inside a virtual infrastructure (e.g VMware / Xen/ Microsoft) • Runs in your datacenter (each customer gets a dedicated security

gateways)• Extremely resource efficient - More gateways on less hardware

Designed for Operators• MSSP friendly Management & Operations • Extremely scalable - Provision 1 gateway just as easy as 100.000

Business Case 1 – Internet Service Providers

Security Services for Internet Subscribers

• Value Add Services for Internet Subscribers• Added on top of internet connection bill• Increase ARPU - Offer the services to all existing customers• First mover advantage – Infrastructure as a Service (IaaS) already today

• Plug-in Solution for the Broadband Network Datacenter• No need for End User Equipment• Efficient Management and Maintenance• Optimized Provisioning Capabilities

• Customer Focused Service Packages• Small & Medium Business• Remote Office• Retail Stores…

Security Service Network Diagram

ADSLCustomer #2

Access Network

DatacenterCore Network

Virtual Provisioning Infrastructure

HW Layer

VMLayer

Firewall

VPN

Content Filtering

IDP

Anti-Virus

Reporting

ADSLCustomer #1

B-RASCore Switch

Customer Experience - Deployment

1. Choose Service

2.Automatic deployment

( < 1hour )

3.Use the service

€

Summary – Virtual Security Services

• New business opportunities• Offer cost-efficient security services

• Financial Upsides• Increase Average Revenue Per User (ARPU)

• Improve profit margin

• First mover advantage• Gain or secure market leadership • Interesting product portfolio

• Provisioning & Operations• Extremely efficient deployment (minutes instead of days & weeks)• Based on tested & proven industry standard technologies

(Clavister, VMware, IBM/HP/Dell)• Extremely scalable

Business Case 2 – Hosting Providers

Business Case – Service Providers (Hosting)

• Value AddingOffer a value-adding managed security services to hosting customers.

• Tailor made service portfolioUse the pick-n-choose service packaging's

• Operational EfficiencyAutomatic deployment without any human intervention

• Accelerates hosting business Makes customers more comfortable hosting sensitive applications (Cloud and utility computing is specific)

• Increase ARPU

• Low investment - High profit margins

SMB - Hosting Security Services Hosted - Virtual Machines(dedicated or part of a cloud)- Microsoft Exchange- Web Server- FTP Server

Virtual Security GatewayManaged or self-managed

DatacenterCore Network

Customer #1

Customer #3

Customer #2

ESXi

Firewall

VPN

Content Filtering

IDP

Anti-Virus

Reporting

Customer Experience - Deployment

1. Choose Service

2.Automatic deployment

( < 1hour )

3.Use the service

€

Copyright © 2008 Clavister AB. All rights reserved.

Price-efficiency– Use VMware and Clavister to provide dedicated firewall, VPN, IDP and

reporting capabilities in a price efficient manner to customers of all sizes

Scalability– Start with a virtual gateway and grow to a dedicated platform when the need

for performance and functionality increases

Deployment– Virtual appliances are turn-key solutions and can be deployed within minutes

Convergence and standardization on robust hardware– Utilize standardized hardware also for security services

Provide Improved SLAs– Utilize tested VMware redundancy and clustering in order to provide improved

SLAs for security services

Business Benefits

• Les différentes machines virtuelles ne sont autorisées à communiquer entre-elles sans passer par Clavister

• Toutes les inspections de sécurité qui auraient été faites par un équipement externe sont faites “en interne” nativement dans l’environnement virtuel

Virtualization Layer

Virtual Network

Hardware

Virtual Switch (VLANS)

VM VM VMVM

Virtual Security Gateway

ConclusionVirtualisation: Exemple sur site client

Administration Centrale viaInControl

x 100 VSG peuvent être installé sur un hôte « standard » VMWare ESXi/ESX (12Go RAM & 1TB HD)

1 x VSG =32 Mo Espace stockage64 Mo Mémoire Vive

Administration Centrale viaInControl

ConclusionVirtualisation: Hosting Provider (Sécurité ou/et SaaS)

Terremark - Reference Customer

About TerremarkTerremark Worldwide (NASDAQ:TMRK) acclaimed Infinistructure utility computing architecture has redefined industry standards for scalable and flexible computing infrastructure and its digitalOps service delivery platform combines end-to-end systems management workflow with a comprehensive customer portal.

TERREMARK AT A GLANCE •NASDAQ: TMRK •Leader in managed IT infrastructure services (Gartner - Leaders Quadrant)•Datacenters in the United States, South America and Europe •SAS 70 Type II Certified •Microsoft Gold Certified Partner •United States General Services Administration (GSA) Schedule# GS35F0073U

Thank You

Tanguy Derriks – MMS-SECURE (Ditributor for BeNeLux)

Email: [email protected] Phone: +32 (0)2 767 93 03

Contact Information:Roberto Correnti - CLAVISTER

Email: [email protected]: +33 (0)1 75 43 78 90Mobile: +33 (0)6 11 17 66 71