we are network security

1. Clavister – Virtual Security
May 2010
[Nicola Sotira, VP Sales Italia]

2. Company Overview
• A leading European provider of network
security solutions for Service Providers,
Enterprise and Government customers
• Our solutions protects against:
– Hackers
– Intrusions
– Information theft
– Eavesdropping
– Viruses
– Spam
– Malicious content
... and more

3. Proven track record and industry experience
• Long-term experience from securing some of the world’s most demanding
networks
• Protecting 100.000+ networks and 20.000+ customers
• Customers include:
• Complete and mature product portfolio designed for performance and scalability

4. Established market position
• Recognized as one of the top 12 suppliers
in the world by analyst Gartner Group
• Several technology awards and product
recognitions in magazines
• Technology partnerships with leading
industry partners including Cavium
Networks, RadiSys, Kaspersky and VMware

5. Global Presence
• About 70 employees
• Headquarters in Örnsköldsvik, Sweden
• Sales offices in Europe and Asia
– Stockholm, Sweden
– Hamburg, Germany
– Paris, France
– Torino, Italy
– Singapore
– China (5 locations)
• 100+ Solution and Channel Partners worldwide

6. Clavister SSP – The Portfolio

7. CorePlus – The Core in our Products
Secure & Robust
• Our proprietary and purposely built network security operating system
• No inheritance of vulnerabilities from an underlying Operating System
• Minimal footprint and attack surface
Compact, Optimized & Scaleable
• Optimal resource utilization
• High performance with high reliability
• xPansion Lines Licensing offering scalability
Fine granular Control
• Seamless integration of all subsystems, in-depth
administrative control

8. Technology – Complete Feature set
• Clavister’s next-generation network security software, designed to meet
NETWORK SECURITY L7 SECURITY PROXIES TRAFFIC MANAGEMENT
the challenging requirements of modern•• IP networks. •• Traffic Shaping (Pipes)
• DoS Prevention
• Consistency Checking
• Deep Inspection
• Anti-virus
HTTP
FTP
• TFTP
• PPTP Policy-based
• Stateful Inspection Firewalling • IDP / IDS • SIP • Rate Limiting
• Multiple, chained, Rule-sets • Web Content Filtering • SMTP • Server Load Balancing
• Address Translation • Anti-Spam • POP3
Clavister CorePlus
TUNNELING AUTHENTICATION DHCP CLUSTERING
• IPsec (IKEv1 / IKEv2) • RADIUS • Client • Fully state-synced HA
• PPP • LDAP • Server • Virtualization & vmHA
• L2TP (Client/Server) • Local Databases • Relayer
• PPTP (Client/Server) • PAP / CHAP • IP Pools
• GRE • Form (HTTP / HTTPS)
• GTP • EAP-SIM / AKA / MD5 / TLS
INTERFACES ROUTING MANAGEMENT
• Gigabit Ethernet • Static • Load Balancing • InControl • SMTP Logging
• Fast Ethernet • Policy-based • Fail-over • Web User Interface • SNMP Poll / Traps
• VLAN • Transparent (L2) • OSPF • CLI (SSH / Console) • Real-time Counters
• Proxy ARP • IGMP • Secure Copy (SCP) • Alarms
• Virtual • PIM-SM • Syslog • PCAP Recording
• Multicast • FWLog
Copyright © 2009 Clavister AB. All rights 8
2010-05-17

9. Clavister Security Gateways
Hardware Software Virtual
Clavister xPansion Lines™

10. Virtual Security – For Enterprises

11. Evolution of Virtualization

12. Virtualization going forward
Just like…..
IT
as a
Service Inexpensive, usage based, pay-as-you-go
Ubiquitously available
Reliable
Choice of providers

13. The virtual network – not just for the server guys
Traditional Network Virtual Network
• Multitude of network segments • Less network segments which divides the servers
• Communication between zones are monitored and • Communication between virtual machines are not
secured monitored or secured !
DANGER

14. Communication Path Diagram
Inter-communication traffic is
limited by VLANs but not Web Front-End
secured which is a critical Zone
security issue and one which
nees to be addressed
Virtual Switch
Middleware /
Business Logic
Zone
Back-End
Database Zone
Copyright © 2008 Clavister AB. All rights reserved. 15

15. Mixing physical security and virtual networks

16. Drawbacks With “Mixed Solutions”
• Looks good at first glance but not as attractive in the longer run!
• You will still have to rely on external, non virtual, appliances
• Forces you to create isolated islands instead of a dynamic and
scalable pool of resources
• Virtual yes, cloud no!
• Does not allow you to protect the private cloud which might be a
mix of on site and off site resources
• Does not benefit from Redundancy and Disaster Recovery tools
• Creating team or project oriented silos which is very common in e.g.
consulting and media companies very difficult

17. The fully virtualized solution

18. The Clavister Virtual Security Gateway Solution
 No underlying Operating System – Only Clavister
CorePlus
 Runs in the virtual infrastructure and benefits from
the virtualization itself:
 Easy to deploy, highly
redundant, scalable, simplified
maintenance, etc.
 Templates & workflows – Ideal for large
installations e.g. Managed Services, Utilities such
as smart grid, wind/solar power etc.

19. Clavister Virtual Security Gateway Solution
Virtual Machines (VMs) are not allowed to talk with each All security inspections which would have been performed
other without first going through the Virtual Securigy by a physical security gateway in a physical structure are
Gateway done ”in-line” in the virtual environment.

20. Communication Path Diagram
All virtual machines and inter-communication is
secured using best-in-class virtual security gatways
Web Front-End Zone and which enables mission critical applications to be
virtualized without comprimises to the security
policies
ETH1
Clavister Virtual Security Gateway
Middleware /
Business Logic Zone
Virtual Switch
ETH2
Back-End Database
Zone
ETH2

21. Troubleshooting, Monitoring, Alarms & Auditing
• Troubleshoot communication using:
• Real-time monitoring with filters
• PCAP & Memlog recording
• Log analysis
• Monitor behavior of traffic using:
• SNMP
• Real-Time monitoring
• Real-Time KPI dashboards
• Create custom and policy based alarms events (thresholds etc)
• Full auditing capabilities using
• Built-in log viewing applications
• External SIEM systems

22. Typical Enterprise Environment
Disaster Recovery or Lab/Test Network
Virtualized production infrastructure
Traditional physical server network

23. Fully virtualized DMZ Network Diagram

24. Clavister VSG Models & Dimensioning
VSG21 VSG110 VSG510 VSG1100
Plaintext Performance (Mbit/s)* 50 200 500 1000
VPN Tunnels 25 200 500 1000
VLAN 4 64 128 512
Concurrent Connections 4000 16000 64000 256000
Recommended Application Test & Lab Networks Small installations with a Medium and Large Large installations with
with no or very low limited amount of installations with medium medium to high
performance protected VMs with low to to high performance performance applications
demands medium performance applications such as such as
demands web/mail/citrix/databases web/mail/citrix/databases
and similar and similar

25. Features
• Protect Virtual Servers
Segregate virtual machines from each other and avoid hackers from jumping from one machine to
another without having to use physical appliance and creating isolated islands.
• Secure Cloud Infrastructures
Enforce network security within the private cloud, both for the part of the cloud which is running in
your datacenter and the part that you might have outsourced to a hosting provider.
• Secure Inter-Communication
Utilize the VPN encryption to secure communication between virtual machines
• Achieve Auditing and Regulatory Compliance
Since the virtual security gateway can be run inside the virtual infrastructure security auditing can be
achieved and thereby regulatory compliance requirements can be met.
• No Security Policy Compromises for Virtual Environments
Utilize your standard set of policies not only for physical machines but just as easily also for virtual
ones.

26. Benefits
• Scalability
User can now extend security by simply deploying new security gateways as they go.
• Lower CAPEX
Virtualization opens up for new business models where CAPEX is minimized.
• Simplified Maintenance
Security components inherit all manageability features from a virtual environment, such as fail-
over, provisioning, and so forth.
• Minimized downtime
Less hardware in combination with highly efficient disaster recovery and redundancy tools such as VMmotion
reduces downtime and improves the overall in service performance of the security solution
• Simplified Test/Lab testing
Since the virtual security gateway is a part of the virtual infrastructure it becomes easier to create lab/test
environments which decreases the complexity of security tests which in it’s turn improves the overall security

27. Why Clavister VSG is better than physical UTMs
• No need to create isolated islands
Creating security zones inside the virtual infrastructure using physical gateways forces you
to have all traffic routed out of the infrastructure and then back in. Thereby leaving you with
isolated islands which turns into additional administration and limits the possibilities to
leverage cloud like resource pools and many of the fundamental virtualization benefits
• Improves the consolidation ratio
By using the Clavister Virtual Security Gateway to create security zones within a
homogeneous physical pool of resources and avoid creating the isolated islands which are
necessary when using physical UTM gateways, the consolidation ratio can be improved
since you do not have to have the extra performance overhead distributed on each
island.This becomes especially important when using the Vmware Dynamic Resource
Scheduler which can move VMs between physical hosts and and allocate more CPU and
RAM memory in run-time using the hot-add functionality.

28. Why Clavister VSG is better than physical UTMs
• Leverages virtualization benefits also for security gateways
Virtualization offers many benefits such as 100% guaranteed availability, disaster
recovery, ease of deployment, simplified administration. All these benefits the Clavister
VSG can leverage as it runs as a part of the virtual infrastructure. These benefits the
physical gateways can never leverage, it actually limits the possibilities for all the other IT
infrastructure from benefitting from it as well
• Improved SLAs and better control
With the security gateway running inside the virtual infrastructure you can improve your
SLAs and make the SLA reporting and prediction much more efficient since you do not
have to rely on external equipment not under the control of the virtual infrastructure.
Physical appliances used for protecting the “isolated” islands are often used also for the
other physical infrastructure, thereby creating a structure where modifications in the
physical infrastructure might disturb also your virtual datacenter.

29. Why Clavister VSG is better than other VSGs
No Prooven
Complete Scaleable Unified
Operating &
Security Licensing Management
System Trusted
Clavister VSG Advantages
Next

30. Advantages – No OS
No underlying Operating System
Clavister Virtual Security Gateways does not have an underlying
Footprint
Operating System which is the case for most other virtual security
32 MB
Clavister VSG
gateways. The Clavister VSG only use Clavister CorePlus which is Clavister CorePlus
our “bare-metal” security gateway application with built in operating
system functionality.
Virtual Machine
The Size does matter!
Hypervisor
There are many benefits of not having an underlying operating
system. Patch management is one of them. In many cases the
underlying OS has a very large footprint (checkpoint has a footprint
of more than 10 GB) which are made up of features and functions
500MB - 12 GB
which does not have anything to do with the security function, non
Other Vendors VSG
Application
Footprint
the less, the OS needs recurring updates even if the patches does
not have anything to do with the security itself. Equally often these
patches requires restarts and reboots. In the end the result of Operating System
having a bulky OS to run the security gateway is less predictable
quality, additional administration, un-necessary maintenance, etc.. Virtual Machine
Back Hypervisor

31. Advantages – No OS – Footprint Comparison
Checkpoint VPN1-VE
Min 12GB Storage
CheckPoint VPN1-VE
Min 512 MB RAM
CorePlus
2MB actual footprint
CorePlus Min 32MB Storage*
Min 32MB RAM
*The minimum storage size of a
virtual machine in vmware
ESXi is 32MB even if the application
is smaller

32. Advantages – Proven and Trusted
• Large Install base
Clavister CorePlus, is today being used in more than 100.000 installations world-wide, ranging from
small office/home office to large enterprises, military, government and telecom networks.
• Mature Technology
CorePlus has been on the market since 1997 and has a high level of maturity and does not suffer from
child deceases which might be the case for newer products and technologies
• Long term history and track record
CorePlus is a mature product with a history that dates back to 1997, CorePlus also has an impressive
track record of being used in some of the worlds most demanding networks, including the telecom
operator networks and customers like France Telecom/Orange, Roger
Wireless, Terremark, SAAB, French Navy/Military, etc.
• Large Virtual Networks Experience
CorePlus has been used as virtual security gateways in some of the worlds largest virtual
infrastructures with more than 1000 sites/virtual machines and >100.000 users which probably makes
it the worlds largest deployment of virtual security gateways..
Back

33. Advantages – Complete Security
• Not only a firewall or an IDS
Clavister CorePlus is a complete Unified Threat Management solution with comprehensive
protection against modern attacks and security threats. Most other virtual security gateways are
early to market solutions which only cover a limited set of protection features, such as only being a
firewall, only being an IDS solution etc.
•
• Complete yet saleable and dynamic
Even though Clavister Virtual Security Gateways has a very comprehensive set of feature’s, you as
an administrator can orchestrate the solution to only run the features as you like. Thereby making
the solution more adaptable to your real network with minimum overhead
• Complete feature set – High Performance
Thanks to the unique design of the Clavister Virtual Security Gateways and the CorePlus firmware
which has a minimum overhead and is optimized for the security functions only, performance
figures of multiple gigabit can be achieved even in the virtual infrastructure.
Back

34. Advantages – Scaleable licensing
• Licensing per Gateway – Not per Virtual Machine
The Clavister Virtual Security Gateway’s are licensed based on a per gateway basis, not per virtual
machine being protected. This means that you do not need the hassle with upgrading licenses for
the security gateway every time you wish to add new virtual machines to your infrastructure. It also
enables a much more cost effective setup in larger environments and provides a much more
predicable Total Cost of Ownership. This is especially important in the scenarios where you expect
an increased demand on new server and functions as IT becomes more available
• Feature & Capacity Differentiated License Models
The Clavister Virtual Security Gateway’s are offered in four different license model, each with
different amount of performance, capacity and features. This enables you to choose the model that
fit your needs best. Customized license models can also be offered for specific needs. E.g. power
utilities, managed security services, etc.
Back

35. Advantages – Unified Management
• Software, Hardware Virtual
The Clavister Virtual Security Gateway’s are managed using the exact same management software
as the hardware and software based versions are, i.e. using Clavister InControl. This means that
you can managed and administrate your entire network security architecture using the one and
same system independently on the platform. This not only lower your administration costs but it
also helps make your overall security stronger compared to other virtual machines which requires
you to learn a completely new management interface for the virtual infrastructure alone.
• Integrate with your business process and other IT systems
The Clavister InControl management suite offers a full blown Application Programmatic Interface
which enables you to integrate the management and administration of the Virtual Security gateway
from your other core IT systems. Through this integration capability you are able to have your
network operating central system manage the virtual security gateway, your IT support staff take
care of simple tasks from the support systems and similar. The advantage of this is that you are
able to lower administrative costs and become more reactive on your users and business demands
Back

36. Virtual Security for Service Providers

37. xSPs / Telecom Operators- Market Situation
Competitive Market
• Highly competitive and saturated market
• Recruiting new customers is expensive
• Operational efficiency is a must to remain competitive
Financials
• Low and decreasing profit margins for traditional offerings
• Increasing Average Revenue Per User (ARPU) is absolute key to
growth & success
• Financial crisis drives the need to offer cost-savings services to
customers
First mover advantage
• Time between visionary to market leadership is shorter than ever

38. Clavister vSeries – Value Proposition for xSP´s
• Opportunity to take first mover advantage
• A value-adding and unique security offering
• Create your own attractive security services portfolio:
(Firewall, VPN, Content Filtering, IDP, Anti-Virus…)
• Leverage existing virtual infrastrucutres
• Extreme Scalability, Deployment, SLA, etc..
• Increase your Average Revenue Per User (ARPU)
• Low capital investment – Expands as you grow

39. Clavister vSeries – What it is
Security Platform
• Best-of-breed Security Gateway’s
• Clavister Security Services Platform (SSP) our offering for Service
Providers
Virtual for optimal scalability and financial benefits
• Runs inside a virtual infrastructure (e.g VMware / Xen/ Microsoft)
• Runs in your datacenter (each customer gets a dedicated security
gateways)
• Extremely resource efficient - More gateways on less hardware
Designed for Operators
• MSSP friendly Management & Operations
• Extremely scalable - Provision 1 gateway just as easy as 100.000

40. Business Case 1 – Internet Service Providers

41. Security Services for Internet Subscribers
• Value Add Services for Internet Subscribers
• Added on top of internet connection bill
• Increase ARPU - Offer the services to all existing customers
• First mover advantage – Infrastructure as a Service (IaaS) already today
• Plug-in Solution for the Broadband Network Datacenter
• No need for End User Equipment
• Efficient Management and Maintenance
• Optimized Provisioning Capabilities
• Customer Focused Service Packages
• Small & Medium Business
• Remote Office
• Retail Stores…

42. Security Service Network Diagram
Firewall
VPN
ADSL
Customer #1 Content Filtering
IDP
HW VM
Layer Layer Anti-Virus
B-RAS
Core Switch Virtual Reporting
Provisioning Infrastructure
ADSL
Customer #2
Datacenter
Core Network

43. Customer Experience - Deployment
1. 2. 3.
Choose Service Automatic deployment Use the service
( < 1hour )
€

44. Summary – Virtual Security Services
• New business opportunities
• Offer cost-efficient security services
• Financial Upsides
• Increase Average Revenue Per User (ARPU)
• Improve profit margin
• First mover advantage
• Gain or secure market leadership
• Interesting product portfolio
• Provisioning & Operations
• Extremely efficient deployment (minutes instead of days & weeks)
• Based on tested & proven industry standard technologies
(Clavister, VMware, IBM/HP/Dell)
• Extremely scalable

45. Business Case 2 – Hosting Providers

46. Business Case – Service Providers (Hosting)
• Value Adding
Offer a value-adding managed security services to hosting customers.
• Tailor made service portfolio
Use the pick-n-choose service packaging's
• Operational Efficiency
Automatic deployment without any human intervention
• Accelerates hosting business
Makes customers more comfortable hosting sensitive applications
(Cloud and utility computing is specific)
• Increase ARPU
• Low investment - High profit margins

47. SMB - Hosting Security Services Hosted - Virtual Machines
(dedicated or part of a cloud)
- Microsoft Exchange
- Web Server
- FTP Server
Firewall
Customer #1
VPN
Content Filtering
Customer #2
IDP
Anti-Virus
Reporting
Datacenter
Core Network Customer #3
Virtual Security Gateway
Managed or self-managed

48. Customer Experience - Deployment
1. 2. 3.
Choose Service Automatic deployment Use the service
( < 1hour )
€

49. Business Benefits
Price-efficiency
– Use VMware and Clavister to provide dedicated firewall, VPN, IDP and reporting
capabilities in a price efficient manner to customers of all sizes
Scalability
– Start with a virtual gateway and grow to a dedicated platform when the need for
performance and functionality increases
Deployment
– Virtual appliances are turn-key solutions and can be deployed within minutes
Convergence and standardization on robust hardware
– Utilize standardized hardware also for security services
Provide Improved SLAs
– Utilize tested VMware redundancy and clustering in order to provide improved
SLAs for security services
Copyright © 2008 Clavister AB. All rights reserved.

50. Terremark - Reference Customer
About Terremark
Terremark Worldwide (NASDAQ:TMRK) acclaimed Infinistructure utility
computing architecture has redefined industry standards for scalable and
flexible computing infrastructure and its digitalOps service delivery platform
combines end-to-end systems management workflow with a comprehensive
customer portal.
TERREMARK AT A GLANCE
• NASDAQ: TMRK
• Leader in managed IT infrastructure services (Gartner - Leaders Quadrant)
• Datacenters in the United States, South America and Europe
• SAS 70 Type II Certified
• Microsoft Gold Certified Partner
• United States General Services Administration (GSA) Schedule#
GS35F0073U

51. Thank You
Contact Information:
Nicola Sotira
Email: nicola.sotira@clavister.it
Phone: +39 011 5069369
Mobile: +39 335 7888968