SlideShare ist ein Scribd-Unternehmen logo

Next Generation Security Solution

MarketingArrowECS_CZ
MarketingArrowECS_CZ

Juniper Day 2016 Praha, 25.5.2016 Karel Hendrych, Juniper Networks

Technologie
1 von 24
Downloaden Sie, um offline zu lesen
Juniper SRX update Karel Hendrych khe@juniper.net Consulting Engineer
Platform Updates: Virtual
vSRX - Industry’s Fastest Virtual Firewall • 18G FW Large packet (1514B), 4G FW Imix • 2 vCPU (cores), Lowest TCO • Highest Perf/Core • ~80G FW (8 instances) Large packet per server • VMware5.5+SRIOV - 8 vSRX instances on a 2.4GHz Dell server • VMware5.5+SRIOV –1 vSRX instance on a 3.4GHz Dell server 100G vSRX just got announced!
vSRX VM Hypervisors (VMware, KVM) Physical X86 CPU, Memory, & Storage Adv Services + Flow Processing + Packet FWD (JEXEC) Junos Kernel QEMU/KVM Juniper Linux (Guest OS) SRIOV Junos Control Plane (JCP/vRE) MGD RPD FEATURE PARITY TO FFP (Including Firewall, AppSecure, UTM/IDP, VPN, NAT, Routing, HA Cluster, etc.) PLATFORMS • VMWare 5.1,5.5, 6.0 • Ubuntu 14.04 (KVM) CHANGES • Name change to vSRX • Junos Version change to 15.1 • DPDK • SR-IOV • VMXNET3 and VirtIO (Driver updates) • Linux Base OS • 64Bit Flowd • Dedicated management I/F • SCSI Support • SNMP enhancements • VMTools • Min 4G vRAM and 8G HD vSRX 2.0 (15.1X49) • CentOS 7.0 (KVM) • Contrail 2.2
Platform Updates: Physical
SRX Series Services Gateways for Branch All in one routing, switching and security in a single platform Security at a every layer with MAC-sec, IPSec and application security Best end-user application experience and operational efficiency
SRX3xx Portfolio Summary *Performance numbers for the IMIX packet size **NGFW = IPS + AppFW + External Logging App Firewall* Routing* IPSec VPN* NGFW** 500 Mbps 1 Gbps 2 Gbps 3 Gbps 500 Mbps 1 Gbps 1.7 Gbps 2.5 Gbps 100 Mbps 100 Mbps 200 Mbps 200 Mbps 300 Mbps 300 Mbps 350 Mbps 350 Mbps SRX300 Retail Office Up to 50 Users SRX320 Small Branch Up to 50 Users SRX340 Mid Branch Up to 100 Users Large Branch Up to 500 Users SRX550SRX345 Mid-Large Branch Up to 200 Users
SRX1500 Services Gateway Specification SRX1500 RAM / storage 16GB / 16GB On-board 1G ports 16xGE (w 4x SFP) On-board 10G ports 4x SFP+ OOB Management port 1x GE Acoustics 66 dBA SSD Storage 120G Power Supply 1+1 400W PSU Forwarding capacity 1.8 Mpps Routing / firewall 5 Gbps IPSec VPN (IMIX) 1.2 Gbps IPS 3.5 Gbps NGFW 1 Gbps Concurrent session 2,000,000 • SRX1500 is a high performance, cost effective and high available next generation firewall • Provide outstanding protection with Sky ATP • Integrate networking & security in a single platform • High port density and small form factor • Targeted for • Enterprise Campus Edge • Data Center Edge • Branch Router
SRX5400 • Ideal for medium to large enterprises and Service Provider networks • Software Security Services – AppSecure and IPS – AV and web filtering • Next-generation, high-performance line cards SRX5400 On-board Ports 100GE-CFP/CFP2 40GE-QSFPP 10GE-SFPP, XFP 1GE - SFP JUNOS Software Version Support JUNOS 15.1X49-D10 Firewall Performance (w/ Express Path) 65Gbps (480 Gbps) Firewall Performance IMIX (w/ Express Path) 32 Gbps (450 Gbps) Firewall Performance (Firewall + Routing PPS 64byte) (w/Express Path) 8 Mpps (98 Mpps) VPN Performance – AES256+SHA-1 35 Gbps AppSecure 42 Gbps Intrusion Prevention System 22 Gbps Connections Per Second (CPS) 450 K Maximum Concurrent Sessions 42 M High Availability A/A or A/P
SRX5k CPS with CP-lite, scaling up to 250M sessions! 1 4 7 10 11 X49-D10 213 420 420 420 420 CP-Lite 230 1060 1815 2240 2500 0 500 1000 1500 2000 2500 3000 KCPS TCP CPS
Software update
Next-Gen Firewall Features on SRX Application Reporting Application Firewalling Geo-IP C&C & Reputation Filtering User Firewalling Intrusion Prevention Web Filtering Anti-Virus Anti-Spam Content Filtering SSL Inspection Cloud-based Anti-malware
01101010 01110101 01101110 01101001 01110000 What is Sky Advanced Threat Prevention Customer SRX Juniper Cloud Customer Sandbox w/Deception Static Analysis ATP 1. SRX extracts potentially malicious objects and files and sends them to the cloud for analysis 2. Known malicious files are quickly identified and dropped before they can infect a host 3. Multiple techniques identify new malware, adding it to the Known Bad list and reporting it to SecOps 4. Correlation between newly identified malware and known C&C sites aids analysis 5. SRX blocks known malicious file downloads and outbound C&C traffic Sky Advanced Threat Prevention Cloud
The ATP verdict chain Staged analysis: combining rapid response and deep analysis Suspect file 1 2 3 4 Suspect files enter the analysis chain in the cloud Cache lookup: (~1 second) Files we’ve seen before are identified and a verdict immediately goes back to SRX Anti-virus scanning: (~5 second) Multiple AV engines to return a verdict, which is then cached for future reference Static analysis: (~30 second) The static analysis engine does a deeper inspection, with the verdict again cached for future reference Dynamic analysis: (~7 minutes) Dynamic analysis in a custom sandbox leverages deception and provocation techniques to identify evasive malware
• Build for Aruba ClearPass integration but can be used by 3rd party • https://srxhostname/api/userfw/v1/ SRX User Identity Restful API (12.3X48-D30) Healthy(0), Checkup(10), Transition(15), Quarantine(20), Infected(30), Unknown(100) “Aruba ClearPass”, “UAC”, “Active Directory” IPv4 & IPv6 support Standard XML DateTime format (ISO8601) logon, logoff or posture-update for logon, role-list is a must for logoff A list of roles, maximum 200 with each 64 characters
Custom AppID Signature (15.1X49-D40) • Types of custom signatures: • ICMP-based • L3/L4 based • Layer 7-based http-get-url-parsed-param-parsed http-header-content-type http-header-cookie http-header-host http-header-user-agent http-post-url-parsed-param-parsed http-post-variable-parsed http-url-parsed http-url-parsed-param-parsed ssl-server-name stream
SSL Forward Proxy and UTM • 12.3X48-D25 and 15.1X49-D40 support UTM with SSL Proxy • No configuration changes on UTM side. A ssl-proxy profile must be applied […]policy trust-to-untrust match source-address any […]policy trust-to-untrust match destination-address any […]policy trust-to-untrust match application junos-any […]policy trust-to-untrust then permit application-services ssl-proxy profile-name ssl-inspection-p […]policy trust-to-untrust then permit application-services utm-policy junos-av-policy […]policy trust-to-untrust then permit application-services application-firewall rule-set block-app […]policy trust-to-untrust then log session-close
Juniper site to site VPN Solutions update Use Case Auto VPN Auto + AD VPN Group VPN Network Topology Failover Redundancy Traffic Steering • Large Scale of Hub and Spoke • Cluster Hub/Spoke • Active-Passive • Active-Backup • Traffic Selector with Static Routes – Higher scalability • Dynamic Routing • On Demand Spoke to Spoke • Dynamic Any-to-Any • Cluster Hub • Cluster Spokes (Hierarchy) • Traffic Selector with Static Routes – Higher scalability • Dynamic Routing - OSPF • Any-to-Any • Full Mesh • Server Cluster for Key Server protection • Up to 4 server in the same cluster. • No overlay routing • Advance QoS for encrypted traffic Tunnel Technology • Tunnel Based VPN • St0 P2P with Traffic Selector • St0 P2MP with Routing • IKEv1 and IKEv2 • Dynamic Spoke to Spoke Tunnel • IKEv2 • Tunnel-less VPN • Group Protection • IKEV1 Performance / Scalability • Up to 1 Gbps / 3 Gbps and 2000 Tunnel - SRX1500 • 15K Tunnel with TS • 256 shortcut tunnels- SRX550M • 512 shortcut tunnels - SRX650 and above • 4000 group members per server • 16K per cluster
Management
Firewall Policy Threat Map Events and Logs Application Visibility Dashboard Junos Space Security Director 2.0 https://www.youtube.com/watch?v=IN0g7SUfFQ0 Graphical, Intuitive, Network Wide Visibility
…smarter and faster Big = More 1 2 3
Future
Software Defined Secure Network Vision Unify and rate threat intelligence, from multiple sources Create and centrally manage security policy through user-intent based system Enforce policy in near real time across the network; ability to adapt to network changes Detection Enforcement Policy Users & Roles Departments & Sites Devices Applications Business Needs IT View Switch Ports VLANs ACLs IPs/Subnets VRFs ACLs Firewall Zones Rules Users & Apps Threats Location
Thanks!

Empfohlen

Campus
CampusCampus
CampusMarketingArrowECS_CZ
 
WAN - trends and use cases
WAN - trends and use casesWAN - trends and use cases
WAN - trends and use casesMarketingArrowECS_CZ
 
Cellular technology with Embedded Linux - COSCUP 2016
Cellular technology with Embedded Linux - COSCUP 2016Cellular technology with Embedded Linux - COSCUP 2016
Cellular technology with Embedded Linux - COSCUP 2016SZ Lin
 
VMworld 2013: Extreme Performance Series: Network Speed Ahead
VMworld 2013: Extreme Performance Series: Network Speed Ahead VMworld 2013: Extreme Performance Series: Network Speed Ahead
VMworld 2013: Extreme Performance Series: Network Speed Ahead VMworld
 
Openstack Quantum Security Groups Session
Openstack Quantum Security Groups SessionOpenstack Quantum Security Groups Session
Openstack Quantum Security Groups SessionDavid Lapsley
 
Integrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureIntegrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureHui Cheng
 
Juniper Network Automation for KrDAG
Juniper Network Automation for KrDAGJuniper Network Automation for KrDAG
Juniper Network Automation for KrDAGKwonSun Bae
 
How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)
How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)
How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)VirtualTech Japan Inc.
 

Empfohlen

Campus
CampusCampus
CampusMarketingArrowECS_CZ
 
WAN - trends and use cases
WAN - trends and use casesWAN - trends and use cases
WAN - trends and use casesMarketingArrowECS_CZ
 
Cellular technology with Embedded Linux - COSCUP 2016
Cellular technology with Embedded Linux - COSCUP 2016Cellular technology with Embedded Linux - COSCUP 2016
Cellular technology with Embedded Linux - COSCUP 2016SZ Lin
 
VMworld 2013: Extreme Performance Series: Network Speed Ahead
VMworld 2013: Extreme Performance Series: Network Speed Ahead VMworld 2013: Extreme Performance Series: Network Speed Ahead
VMworld 2013: Extreme Performance Series: Network Speed Ahead VMworld
 
Openstack Quantum Security Groups Session
Openstack Quantum Security Groups SessionOpenstack Quantum Security Groups Session
Openstack Quantum Security Groups SessionDavid Lapsley
 
Integrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureIntegrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureHui Cheng
 
Juniper Network Automation for KrDAG
Juniper Network Automation for KrDAGJuniper Network Automation for KrDAG
Juniper Network Automation for KrDAGKwonSun Bae
 
How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)
How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)
How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)VirtualTech Japan Inc.
 
vSRX
vSRXvSRX
vSRXMarketingArrowECS_CZ
 
Openstack Networking Internals - first part
Openstack Networking Internals - first partOpenstack Networking Internals - first part
Openstack Networking Internals - first partlilliput12
 
Is OpenStack Neutron production ready for large scale deployments?
Is OpenStack Neutron production ready for large scale deployments?Is OpenStack Neutron production ready for large scale deployments?
Is OpenStack Neutron production ready for large scale deployments?Елена Ежова
 
Open stack advanced_part
Open stack advanced_partOpen stack advanced_part
Open stack advanced_partlilliput12
 
Introduction to nexux from zero to Hero
Introduction to nexux from zero to HeroIntroduction to nexux from zero to Hero
Introduction to nexux from zero to HeroDhruv Sharma
 
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDNOpenStack Korea Community
 
Intel DPDK Step by Step instructions
Intel DPDK Step by Step instructionsIntel DPDK Step by Step instructions
Intel DPDK Step by Step instructionsHisaki Ohara
 
7 hands on
7 hands on7 hands on
7 hands onvideos
 
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...VirtualTech Japan Inc.
 
OTRS
OTRSOTRS
OTRSMuhammad Qazi
 
[2015-11월 정기 세미나]K8s on openstack
[2015-11월 정기 세미나]K8s on openstack[2015-11월 정기 세미나]K8s on openstack
[2015-11월 정기 세미나]K8s on openstackOpenStack Korea Community
 
Contrail Enabler for agile cloud services
Contrail Enabler for agile cloud servicesContrail Enabler for agile cloud services
Contrail Enabler for agile cloud servicesJuniper Networks (日本)
 
9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_trainingvideos
 
Demystifying openvswitch
Demystifying openvswitchDemystifying openvswitch
Demystifying openvswitchPrasad Mukhedkar
 
5. hands on - building local development environment with Open Mano
5. hands on - building local development environment with Open Mano5. hands on - building local development environment with Open Mano
5. hands on - building local development environment with Open Manovideos
 
OpenStack networking-sfc flow 분석
OpenStack networking-sfc flow 분석OpenStack networking-sfc flow 분석
OpenStack networking-sfc flow 분석Yongyoon Shin
 
Unlock Your Cloud Potential with Mirantis OpenStack & Cumulus Linux
Unlock Your Cloud Potential with Mirantis OpenStack & Cumulus LinuxUnlock Your Cloud Potential with Mirantis OpenStack & Cumulus Linux
Unlock Your Cloud Potential with Mirantis OpenStack & Cumulus LinuxCumulus Networks
 
OVS v OVS-DPDK
OVS v OVS-DPDKOVS v OVS-DPDK
OVS v OVS-DPDKMd Safiyat Reza
 
ONOS SDN Controller - Introduction
ONOS SDN Controller - IntroductionONOS SDN Controller - Introduction
ONOS SDN Controller - IntroductionEueung Mulyana
 
6. hands on - open mano demonstration in remote pool of servers
6. hands on - open mano demonstration in remote pool of servers6. hands on - open mano demonstration in remote pool of servers
6. hands on - open mano demonstration in remote pool of serversvideos
 
Putting Firepower into the Next Generation Firewall
Putting Firepower into the Next Generation FirewallPutting Firepower into the Next Generation Firewall
Putting Firepower into the Next Generation FirewallCisco Canada
 
Cisco Connect Halifax 2018 Putting firepower into the next generation firewall
Cisco Connect Halifax 2018 Putting firepower into the next generation firewallCisco Connect Halifax 2018 Putting firepower into the next generation firewall
Cisco Connect Halifax 2018 Putting firepower into the next generation firewallCisco Canada
 

Weitere ähnliche Inhalte

Was ist angesagt?

Openstack Networking Internals - first part
Openstack Networking Internals - first partOpenstack Networking Internals - first part
Openstack Networking Internals - first partlilliput12
 
Is OpenStack Neutron production ready for large scale deployments?
Is OpenStack Neutron production ready for large scale deployments?Is OpenStack Neutron production ready for large scale deployments?
Is OpenStack Neutron production ready for large scale deployments?Елена Ежова
 
Open stack advanced_part
Open stack advanced_partOpen stack advanced_part
Open stack advanced_partlilliput12
 
Introduction to nexux from zero to Hero
Introduction to nexux from zero to HeroIntroduction to nexux from zero to Hero
Introduction to nexux from zero to HeroDhruv Sharma
 
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDNOpenStack Korea Community
 
Intel DPDK Step by Step instructions
Intel DPDK Step by Step instructionsIntel DPDK Step by Step instructions
Intel DPDK Step by Step instructionsHisaki Ohara
 
7 hands on
7 hands on7 hands on
7 hands onvideos
 
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...VirtualTech Japan Inc.
 
[2015-11월 정기 세미나]K8s on openstack
[2015-11월 정기 세미나]K8s on openstack[2015-11월 정기 세미나]K8s on openstack
[2015-11월 정기 세미나]K8s on openstackOpenStack Korea Community
 
9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_trainingvideos
 
5. hands on - building local development environment with Open Mano
5. hands on - building local development environment with Open Mano5. hands on - building local development environment with Open Mano
5. hands on - building local development environment with Open Manovideos
 
OpenStack networking-sfc flow 분석
OpenStack networking-sfc flow 분석OpenStack networking-sfc flow 분석
OpenStack networking-sfc flow 분석Yongyoon Shin
 
Unlock Your Cloud Potential with Mirantis OpenStack & Cumulus Linux
Unlock Your Cloud Potential with Mirantis OpenStack & Cumulus LinuxUnlock Your Cloud Potential with Mirantis OpenStack & Cumulus Linux
Unlock Your Cloud Potential with Mirantis OpenStack & Cumulus LinuxCumulus Networks
 
ONOS SDN Controller - Introduction
ONOS SDN Controller - IntroductionONOS SDN Controller - Introduction
ONOS SDN Controller - IntroductionEueung Mulyana
 
6. hands on - open mano demonstration in remote pool of servers
6. hands on - open mano demonstration in remote pool of servers6. hands on - open mano demonstration in remote pool of servers
6. hands on - open mano demonstration in remote pool of serversvideos
 

Was ist angesagt? (20)

vSRX
vSRXvSRX
vSRX
 
Openstack Networking Internals - first part
Openstack Networking Internals - first partOpenstack Networking Internals - first part
Openstack Networking Internals - first part
 
Is OpenStack Neutron production ready for large scale deployments?
Is OpenStack Neutron production ready for large scale deployments?Is OpenStack Neutron production ready for large scale deployments?
Is OpenStack Neutron production ready for large scale deployments?
 
Open stack advanced_part
Open stack advanced_partOpen stack advanced_part
Open stack advanced_part
 
Introduction to nexux from zero to Hero
Introduction to nexux from zero to HeroIntroduction to nexux from zero to Hero
Introduction to nexux from zero to Hero
 
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
 
Intel DPDK Step by Step instructions
Intel DPDK Step by Step instructionsIntel DPDK Step by Step instructions
Intel DPDK Step by Step instructions
 
7 hands on
7 hands on7 hands on
7 hands on
 
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
 
OTRS
OTRSOTRS
OTRS
 
[2015-11월 정기 세미나]K8s on openstack
[2015-11월 정기 세미나]K8s on openstack[2015-11월 정기 세미나]K8s on openstack
[2015-11월 정기 세미나]K8s on openstack
 
Contrail Enabler for agile cloud services
Contrail Enabler for agile cloud servicesContrail Enabler for agile cloud services
Contrail Enabler for agile cloud services
 
9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training
 
Demystifying openvswitch
Demystifying openvswitchDemystifying openvswitch
Demystifying openvswitch
 
5. hands on - building local development environment with Open Mano
5. hands on - building local development environment with Open Mano5. hands on - building local development environment with Open Mano
5. hands on - building local development environment with Open Mano
 
OpenStack networking-sfc flow 분석
OpenStack networking-sfc flow 분석OpenStack networking-sfc flow 분석
OpenStack networking-sfc flow 분석
 
Unlock Your Cloud Potential with Mirantis OpenStack & Cumulus Linux
Unlock Your Cloud Potential with Mirantis OpenStack & Cumulus LinuxUnlock Your Cloud Potential with Mirantis OpenStack & Cumulus Linux
Unlock Your Cloud Potential with Mirantis OpenStack & Cumulus Linux
 
OVS v OVS-DPDK
OVS v OVS-DPDKOVS v OVS-DPDK
OVS v OVS-DPDK
 
ONOS SDN Controller - Introduction
ONOS SDN Controller - IntroductionONOS SDN Controller - Introduction
ONOS SDN Controller - Introduction
 
6. hands on - open mano demonstration in remote pool of servers
6. hands on - open mano demonstration in remote pool of servers6. hands on - open mano demonstration in remote pool of servers
6. hands on - open mano demonstration in remote pool of servers
 

Ähnlich wie Next Generation Security Solution

Putting Firepower into the Next Generation Firewall
Putting Firepower into the Next Generation FirewallPutting Firepower into the Next Generation Firewall
Putting Firepower into the Next Generation FirewallCisco Canada
 
Cisco Connect Halifax 2018 Putting firepower into the next generation firewall
Cisco Connect Halifax 2018 Putting firepower into the next generation firewallCisco Connect Halifax 2018 Putting firepower into the next generation firewall
Cisco Connect Halifax 2018 Putting firepower into the next generation firewallCisco Canada
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallCisco Canada
 
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...Cisco Canada
 
Cisco connect winnipeg 2018 putting firepower into the next generation fire...
Cisco connect winnipeg 2018 putting firepower into the next generation fire...Cisco connect winnipeg 2018 putting firepower into the next generation fire...
Cisco connect winnipeg 2018 putting firepower into the next generation fire...Cisco Canada
 
Sharing High-Performance Interconnects Across Multiple Virtual Machines
Sharing High-Performance Interconnects Across Multiple Virtual MachinesSharing High-Performance Interconnects Across Multiple Virtual Machines
Sharing High-Performance Interconnects Across Multiple Virtual Machinesinside-BigData.com
 
OpenStack High Availability
OpenStack High AvailabilityOpenStack High Availability
OpenStack High AvailabilityJakub Pavlik
 
OpenStack HA
OpenStack HAOpenStack HA
OpenStack HAtcp cloud
 
Introduction to NBL
Introduction to NBLIntroduction to NBL
Introduction to NBLFei Ji Siao
 
Barracuda_NG_Firewall_Profile
Barracuda_NG_Firewall_ProfileBarracuda_NG_Firewall_Profile
Barracuda_NG_Firewall_ProfileAliza Ayub
 
Barracuda_NG_Firewall_Profile
Barracuda_NG_Firewall_ProfileBarracuda_NG_Firewall_Profile
Barracuda_NG_Firewall_ProfileIqra Hameed
 
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation FirewallCisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation FirewallCisco Canada
 
VMworld 2013: Real-world Deployment Scenarios for VMware NSX
VMworld 2013: Real-world Deployment Scenarios for VMware NSX VMworld 2013: Real-world Deployment Scenarios for VMware NSX
VMworld 2013: Real-world Deployment Scenarios for VMware NSX VMworld
 
security-products-comparison-chart.pdf
security-products-comparison-chart.pdfsecurity-products-comparison-chart.pdf
security-products-comparison-chart.pdfITKleos
 
4.1-cnse-study-guide.pdf
4.1-cnse-study-guide.pdf4.1-cnse-study-guide.pdf
4.1-cnse-study-guide.pdfssuser88346b
 
17.) layer 3 (advanced tcp ip routing)
17.) layer 3 (advanced tcp ip routing)17.) layer 3 (advanced tcp ip routing)
17.) layer 3 (advanced tcp ip routing)Jeff Green
 

Ähnlich wie Next Generation Security Solution (20)

Putting Firepower into the Next Generation Firewall
Putting Firepower into the Next Generation FirewallPutting Firepower into the Next Generation Firewall
Putting Firepower into the Next Generation Firewall
 
Cisco Connect Halifax 2018 Putting firepower into the next generation firewall
Cisco Connect Halifax 2018 Putting firepower into the next generation firewallCisco Connect Halifax 2018 Putting firepower into the next generation firewall
Cisco Connect Halifax 2018 Putting firepower into the next generation firewall
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation Firewall
 
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
 
Cisco connect winnipeg 2018 putting firepower into the next generation fire...
Cisco connect winnipeg 2018 putting firepower into the next generation fire...Cisco connect winnipeg 2018 putting firepower into the next generation fire...
Cisco connect winnipeg 2018 putting firepower into the next generation fire...
 
Sharing High-Performance Interconnects Across Multiple Virtual Machines
Sharing High-Performance Interconnects Across Multiple Virtual MachinesSharing High-Performance Interconnects Across Multiple Virtual Machines
Sharing High-Performance Interconnects Across Multiple Virtual Machines
 
TeraVM_overview_021115
TeraVM_overview_021115TeraVM_overview_021115
TeraVM_overview_021115
 
TeraVM_overview
TeraVM_overviewTeraVM_overview
TeraVM_overview
 
OpenStack High Availability
OpenStack High AvailabilityOpenStack High Availability
OpenStack High Availability
 
OpenStack HA
OpenStack HAOpenStack HA
OpenStack HA
 
Introduction to NBL
Introduction to NBLIntroduction to NBL
Introduction to NBL
 
Barracuda_NG_Firewall_Profile
Barracuda_NG_Firewall_ProfileBarracuda_NG_Firewall_Profile
Barracuda_NG_Firewall_Profile
 
Barracuda_NG_Firewall_Profile
Barracuda_NG_Firewall_ProfileBarracuda_NG_Firewall_Profile
Barracuda_NG_Firewall_Profile
 
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation FirewallCisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
 
Cl116
Cl116Cl116
Cl116
 
VMworld 2013: Real-world Deployment Scenarios for VMware NSX
VMworld 2013: Real-world Deployment Scenarios for VMware NSX VMworld 2013: Real-world Deployment Scenarios for VMware NSX
VMworld 2013: Real-world Deployment Scenarios for VMware NSX
 
security-products-comparison-chart.pdf
security-products-comparison-chart.pdfsecurity-products-comparison-chart.pdf
security-products-comparison-chart.pdf
 
4.1-cnse-study-guide.pdf
4.1-cnse-study-guide.pdf4.1-cnse-study-guide.pdf
4.1-cnse-study-guide.pdf
 
17.) layer 3 (advanced tcp ip routing)
17.) layer 3 (advanced tcp ip routing)17.) layer 3 (advanced tcp ip routing)
17.) layer 3 (advanced tcp ip routing)
 
Новые коммутаторы QFX10000. Технология JunOS Fusion
Новые коммутаторы QFX10000. Технология JunOS FusionНовые коммутаторы QFX10000. Технология JunOS Fusion
Новые коммутаторы QFX10000. Технология JunOS Fusion
 

Mehr von MarketingArrowECS_CZ

INFINIDAT InfiniGuard - 20220330.pdf
INFINIDAT InfiniGuard - 20220330.pdfINFINIDAT InfiniGuard - 20220330.pdf
INFINIDAT InfiniGuard - 20220330.pdfMarketingArrowECS_CZ
 
Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!MarketingArrowECS_CZ
 
Jak konsolidovat Vaše databáze s využitím Cloud služeb?
Jak konsolidovat Vaše databáze s využitím Cloud služeb?Jak konsolidovat Vaše databáze s využitím Cloud služeb?
Jak konsolidovat Vaše databáze s využitím Cloud služeb?MarketingArrowECS_CZ
 
Oracle databáze – Konsolidovaná Data Management Platforma
Oracle databáze – Konsolidovaná Data Management PlatformaOracle databáze – Konsolidovaná Data Management Platforma
Oracle databáze – Konsolidovaná Data Management PlatformaMarketingArrowECS_CZ
 
Nové vlastnosti Oracle Database Appliance
Nové vlastnosti Oracle Database ApplianceNové vlastnosti Oracle Database Appliance
Nové vlastnosti Oracle Database ApplianceMarketingArrowECS_CZ
 
Novinky ve světě Oracle DB a koncept konvergované databáze
Novinky ve světě Oracle DB a koncept konvergované databázeNovinky ve světě Oracle DB a koncept konvergované databáze
Novinky ve světě Oracle DB a koncept konvergované databázeMarketingArrowECS_CZ
 
Základy licencování Oracle software
Základy licencování Oracle softwareZáklady licencování Oracle software
Základy licencování Oracle softwareMarketingArrowECS_CZ
 
Garance 100% dostupnosti dat! Kdo z vás to má?
Garance 100% dostupnosti dat! Kdo z vás to má?Garance 100% dostupnosti dat! Kdo z vás to má?
Garance 100% dostupnosti dat! Kdo z vás to má?MarketingArrowECS_CZ
 
Využijte svou Oracle databázi naplno
Využijte svou Oracle databázi naplnoVyužijte svou Oracle databázi naplno
Využijte svou Oracle databázi naplnoMarketingArrowECS_CZ
 
Oracle Data Protection - 2. část
Oracle Data Protection - 2. částOracle Data Protection - 2. část
Oracle Data Protection - 2. částMarketingArrowECS_CZ
 
Oracle Data Protection - 1. část
Oracle Data Protection - 1. částOracle Data Protection - 1. část
Oracle Data Protection - 1. částMarketingArrowECS_CZ
 
Benefity Oracle Cloudu (4/4): Storage
Benefity Oracle Cloudu (4/4): StorageBenefity Oracle Cloudu (4/4): Storage
Benefity Oracle Cloudu (4/4): StorageMarketingArrowECS_CZ
 
Benefity Oracle Cloudu (3/4): Compute
Benefity Oracle Cloudu (3/4): ComputeBenefity Oracle Cloudu (3/4): Compute
Benefity Oracle Cloudu (3/4): ComputeMarketingArrowECS_CZ
 
Exadata z pohledu zákazníka a novinky generace X8M - 2. část
Exadata z pohledu zákazníka a novinky generace X8M - 2. částExadata z pohledu zákazníka a novinky generace X8M - 2. část
Exadata z pohledu zákazníka a novinky generace X8M - 2. částMarketingArrowECS_CZ
 
Exadata z pohledu zákazníka a novinky generace X8M - 1. část
Exadata z pohledu zákazníka a novinky generace X8M - 1. částExadata z pohledu zákazníka a novinky generace X8M - 1. část
Exadata z pohledu zákazníka a novinky generace X8M - 1. částMarketingArrowECS_CZ
 
Úvod do Oracle Cloud infrastruktury
Úvod do Oracle Cloud infrastrukturyÚvod do Oracle Cloud infrastruktury
Úvod do Oracle Cloud infrastrukturyMarketingArrowECS_CZ
 

Mehr von MarketingArrowECS_CZ (20)

INFINIDAT InfiniGuard - 20220330.pdf
INFINIDAT InfiniGuard - 20220330.pdfINFINIDAT InfiniGuard - 20220330.pdf
INFINIDAT InfiniGuard - 20220330.pdf
 
Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!
 
Jak konsolidovat Vaše databáze s využitím Cloud služeb?
Jak konsolidovat Vaše databáze s využitím Cloud služeb?Jak konsolidovat Vaše databáze s využitím Cloud služeb?
Jak konsolidovat Vaše databáze s využitím Cloud služeb?
 
Chráníte správně svoje data?
Chráníte správně svoje data?Chráníte správně svoje data?
Chráníte správně svoje data?
 
Oracle databáze – Konsolidovaná Data Management Platforma
Oracle databáze – Konsolidovaná Data Management PlatformaOracle databáze – Konsolidovaná Data Management Platforma
Oracle databáze – Konsolidovaná Data Management Platforma
 
Nové vlastnosti Oracle Database Appliance
Nové vlastnosti Oracle Database ApplianceNové vlastnosti Oracle Database Appliance
Nové vlastnosti Oracle Database Appliance
 
Infinidat InfiniGuard
Infinidat InfiniGuardInfinidat InfiniGuard
Infinidat InfiniGuard
 
Infinidat InfiniBox
Infinidat InfiniBoxInfinidat InfiniBox
Infinidat InfiniBox
 
Novinky ve světě Oracle DB a koncept konvergované databáze
Novinky ve světě Oracle DB a koncept konvergované databázeNovinky ve světě Oracle DB a koncept konvergované databáze
Novinky ve světě Oracle DB a koncept konvergované databáze
 
Základy licencování Oracle software
Základy licencování Oracle softwareZáklady licencování Oracle software
Základy licencování Oracle software
 
Garance 100% dostupnosti dat! Kdo z vás to má?
Garance 100% dostupnosti dat! Kdo z vás to má?Garance 100% dostupnosti dat! Kdo z vás to má?
Garance 100% dostupnosti dat! Kdo z vás to má?
 
Využijte svou Oracle databázi naplno
Využijte svou Oracle databázi naplnoVyužijte svou Oracle databázi naplno
Využijte svou Oracle databázi naplno
 
Oracle Data Protection - 2. část
Oracle Data Protection - 2. částOracle Data Protection - 2. část
Oracle Data Protection - 2. část
 
Oracle Data Protection - 1. část
Oracle Data Protection - 1. částOracle Data Protection - 1. část
Oracle Data Protection - 1. část
 
Benefity Oracle Cloudu (4/4): Storage
Benefity Oracle Cloudu (4/4): StorageBenefity Oracle Cloudu (4/4): Storage
Benefity Oracle Cloudu (4/4): Storage
 
Benefity Oracle Cloudu (3/4): Compute
Benefity Oracle Cloudu (3/4): ComputeBenefity Oracle Cloudu (3/4): Compute
Benefity Oracle Cloudu (3/4): Compute
 
InfiniBox z pohledu zákazníka
InfiniBox z pohledu zákazníkaInfiniBox z pohledu zákazníka
InfiniBox z pohledu zákazníka
 
Exadata z pohledu zákazníka a novinky generace X8M - 2. část
Exadata z pohledu zákazníka a novinky generace X8M - 2. částExadata z pohledu zákazníka a novinky generace X8M - 2. část
Exadata z pohledu zákazníka a novinky generace X8M - 2. část
 
Exadata z pohledu zákazníka a novinky generace X8M - 1. část
Exadata z pohledu zákazníka a novinky generace X8M - 1. částExadata z pohledu zákazníka a novinky generace X8M - 1. část
Exadata z pohledu zákazníka a novinky generace X8M - 1. část
 
Úvod do Oracle Cloud infrastruktury
Úvod do Oracle Cloud infrastrukturyÚvod do Oracle Cloud infrastruktury
Úvod do Oracle Cloud infrastruktury
 

Kürzlich hochgeladen

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 

Kürzlich hochgeladen (20)

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 

Next Generation Security Solution

  • 3. vSRX - Industry’s Fastest Virtual Firewall • 18G FW Large packet (1514B), 4G FW Imix • 2 vCPU (cores), Lowest TCO • Highest Perf/Core • ~80G FW (8 instances) Large packet per server • VMware5.5+SRIOV - 8 vSRX instances on a 2.4GHz Dell server • VMware5.5+SRIOV –1 vSRX instance on a 3.4GHz Dell server 100G vSRX just got announced!
  • 4. vSRX VM Hypervisors (VMware, KVM) Physical X86 CPU, Memory, & Storage Adv Services + Flow Processing + Packet FWD (JEXEC) Junos Kernel QEMU/KVM Juniper Linux (Guest OS) SRIOV Junos Control Plane (JCP/vRE) MGD RPD FEATURE PARITY TO FFP (Including Firewall, AppSecure, UTM/IDP, VPN, NAT, Routing, HA Cluster, etc.) PLATFORMS • VMWare 5.1,5.5, 6.0 • Ubuntu 14.04 (KVM) CHANGES • Name change to vSRX • Junos Version change to 15.1 • DPDK • SR-IOV • VMXNET3 and VirtIO (Driver updates) • Linux Base OS • 64Bit Flowd • Dedicated management I/F • SCSI Support • SNMP enhancements • VMTools • Min 4G vRAM and 8G HD vSRX 2.0 (15.1X49) • CentOS 7.0 (KVM) • Contrail 2.2
  • 6. SRX Series Services Gateways for Branch All in one routing, switching and security in a single platform Security at a every layer with MAC-sec, IPSec and application security Best end-user application experience and operational efficiency
  • 7. SRX3xx Portfolio Summary *Performance numbers for the IMIX packet size **NGFW = IPS + AppFW + External Logging App Firewall* Routing* IPSec VPN* NGFW** 500 Mbps 1 Gbps 2 Gbps 3 Gbps 500 Mbps 1 Gbps 1.7 Gbps 2.5 Gbps 100 Mbps 100 Mbps 200 Mbps 200 Mbps 300 Mbps 300 Mbps 350 Mbps 350 Mbps SRX300 Retail Office Up to 50 Users SRX320 Small Branch Up to 50 Users SRX340 Mid Branch Up to 100 Users Large Branch Up to 500 Users SRX550SRX345 Mid-Large Branch Up to 200 Users
  • 8. SRX1500 Services Gateway Specification SRX1500 RAM / storage 16GB / 16GB On-board 1G ports 16xGE (w 4x SFP) On-board 10G ports 4x SFP+ OOB Management port 1x GE Acoustics 66 dBA SSD Storage 120G Power Supply 1+1 400W PSU Forwarding capacity 1.8 Mpps Routing / firewall 5 Gbps IPSec VPN (IMIX) 1.2 Gbps IPS 3.5 Gbps NGFW 1 Gbps Concurrent session 2,000,000 • SRX1500 is a high performance, cost effective and high available next generation firewall • Provide outstanding protection with Sky ATP • Integrate networking & security in a single platform • High port density and small form factor • Targeted for • Enterprise Campus Edge • Data Center Edge • Branch Router
  • 9. SRX5400 • Ideal for medium to large enterprises and Service Provider networks • Software Security Services – AppSecure and IPS – AV and web filtering • Next-generation, high-performance line cards SRX5400 On-board Ports 100GE-CFP/CFP2 40GE-QSFPP 10GE-SFPP, XFP 1GE - SFP JUNOS Software Version Support JUNOS 15.1X49-D10 Firewall Performance (w/ Express Path) 65Gbps (480 Gbps) Firewall Performance IMIX (w/ Express Path) 32 Gbps (450 Gbps) Firewall Performance (Firewall + Routing PPS 64byte) (w/Express Path) 8 Mpps (98 Mpps) VPN Performance – AES256+SHA-1 35 Gbps AppSecure 42 Gbps Intrusion Prevention System 22 Gbps Connections Per Second (CPS) 450 K Maximum Concurrent Sessions 42 M High Availability A/A or A/P
  • 10. SRX5k CPS with CP-lite, scaling up to 250M sessions! 1 4 7 10 11 X49-D10 213 420 420 420 420 CP-Lite 230 1060 1815 2240 2500 0 500 1000 1500 2000 2500 3000 KCPS TCP CPS
  • 12. Next-Gen Firewall Features on SRX Application Reporting Application Firewalling Geo-IP C&C & Reputation Filtering User Firewalling Intrusion Prevention Web Filtering Anti-Virus Anti-Spam Content Filtering SSL Inspection Cloud-based Anti-malware
  • 13. 01101010 01110101 01101110 01101001 01110000 What is Sky Advanced Threat Prevention Customer SRX Juniper Cloud Customer Sandbox w/Deception Static Analysis ATP 1. SRX extracts potentially malicious objects and files and sends them to the cloud for analysis 2. Known malicious files are quickly identified and dropped before they can infect a host 3. Multiple techniques identify new malware, adding it to the Known Bad list and reporting it to SecOps 4. Correlation between newly identified malware and known C&C sites aids analysis 5. SRX blocks known malicious file downloads and outbound C&C traffic Sky Advanced Threat Prevention Cloud
  • 14. The ATP verdict chain Staged analysis: combining rapid response and deep analysis Suspect file 1 2 3 4 Suspect files enter the analysis chain in the cloud Cache lookup: (~1 second) Files we’ve seen before are identified and a verdict immediately goes back to SRX Anti-virus scanning: (~5 second) Multiple AV engines to return a verdict, which is then cached for future reference Static analysis: (~30 second) The static analysis engine does a deeper inspection, with the verdict again cached for future reference Dynamic analysis: (~7 minutes) Dynamic analysis in a custom sandbox leverages deception and provocation techniques to identify evasive malware
  • 15. • Build for Aruba ClearPass integration but can be used by 3rd party • https://srxhostname/api/userfw/v1/ SRX User Identity Restful API (12.3X48-D30) Healthy(0), Checkup(10), Transition(15), Quarantine(20), Infected(30), Unknown(100) “Aruba ClearPass”, “UAC”, “Active Directory” IPv4 & IPv6 support Standard XML DateTime format (ISO8601) logon, logoff or posture-update for logon, role-list is a must for logoff A list of roles, maximum 200 with each 64 characters
  • 16. Custom AppID Signature (15.1X49-D40) • Types of custom signatures: • ICMP-based • L3/L4 based • Layer 7-based http-get-url-parsed-param-parsed http-header-content-type http-header-cookie http-header-host http-header-user-agent http-post-url-parsed-param-parsed http-post-variable-parsed http-url-parsed http-url-parsed-param-parsed ssl-server-name stream
  • 17. SSL Forward Proxy and UTM • 12.3X48-D25 and 15.1X49-D40 support UTM with SSL Proxy • No configuration changes on UTM side. A ssl-proxy profile must be applied […]policy trust-to-untrust match source-address any […]policy trust-to-untrust match destination-address any […]policy trust-to-untrust match application junos-any […]policy trust-to-untrust then permit application-services ssl-proxy profile-name ssl-inspection-p […]policy trust-to-untrust then permit application-services utm-policy junos-av-policy […]policy trust-to-untrust then permit application-services application-firewall rule-set block-app […]policy trust-to-untrust then log session-close
  • 18. Juniper site to site VPN Solutions update Use Case Auto VPN Auto + AD VPN Group VPN Network Topology Failover Redundancy Traffic Steering • Large Scale of Hub and Spoke • Cluster Hub/Spoke • Active-Passive • Active-Backup • Traffic Selector with Static Routes – Higher scalability • Dynamic Routing • On Demand Spoke to Spoke • Dynamic Any-to-Any • Cluster Hub • Cluster Spokes (Hierarchy) • Traffic Selector with Static Routes – Higher scalability • Dynamic Routing - OSPF • Any-to-Any • Full Mesh • Server Cluster for Key Server protection • Up to 4 server in the same cluster. • No overlay routing • Advance QoS for encrypted traffic Tunnel Technology • Tunnel Based VPN • St0 P2P with Traffic Selector • St0 P2MP with Routing • IKEv1 and IKEv2 • Dynamic Spoke to Spoke Tunnel • IKEv2 • Tunnel-less VPN • Group Protection • IKEV1 Performance / Scalability • Up to 1 Gbps / 3 Gbps and 2000 Tunnel - SRX1500 • 15K Tunnel with TS • 256 shortcut tunnels- SRX550M • 512 shortcut tunnels - SRX650 and above • 4000 group members per server • 16K per cluster
  • 20. Firewall Policy Threat Map Events and Logs Application Visibility Dashboard Junos Space Security Director 2.0 https://www.youtube.com/watch?v=IN0g7SUfFQ0 Graphical, Intuitive, Network Wide Visibility
  • 23. Software Defined Secure Network Vision Unify and rate threat intelligence, from multiple sources Create and centrally manage security policy through user-intent based system Enforce policy in near real time across the network; ability to adapt to network changes Detection Enforcement Policy Users & Roles Departments & Sites Devices Applications Business Needs IT View Switch Ports VLANs ACLs IPs/Subnets VRFs ACLs Firewall Zones Rules Users & Apps Threats Location