Leechmod.biz Network World Middle East 2011-09S370 T


2/52


3/52

Follow us on

18 Network security essentialsKey strategies, concepts and tools

COVER STORYBITS

Stay Connected

ISSUE 150 | SEPTEMBER 2011

twitter.com/networkworldme facebook.com/NetworkWorldMiddleEast

06 Ericsson partners with PacificControls

07 HP simplifies virtual infrastructuredeployments

08 Global Knowledge sets up new HQin Egypt

10 Brocade caters to cloud customers

14 IPv6 adoption slow in Africa

IN ACTION

16

Speed delivery: Lebanon Onlinehas deployed a Web cachingsolution to reduce bandwidth costsand enhance end-user experience

FEATURE

22 Demystifying next-gen firewalls:The market is slowly drifting towardapplication-aware firewall withintrusion prevention and filtering

26 Why SIEM is more important thanever: IT environments are growingmore distributed, complex anddifficult to manage, making the roleof SIEM more important than ever.

OPINION

38 Competing in the mobile Internet era

TEST42 Palo Alto PA-5060 is one

fast firewall

NEW PRODUCTS

48 A guide to some of the newproducts in the market

LAYER 8

50 All the news thats fit for nothing

QUICK FINDER

Page 6-26

Ericsson, Zain KSA, HP, Huawei, Global Knowledge,

Honeywell, Brocade, Alcatel-Lucent, Astaro, Motorola

Mobility, Google, Blue Coat, CA, Sophos, McAfee,

Enterasys Networks, SonicWall, Fortinet, help AG,

Page 26-48

NetApp, CommVault, Huawei, Palo Alto, Dell,

Ericsson, Yealink, Cisco, Molex, OCZ

inside

ILLUSTRATION: DAN MATUTINAhTTp://TwISTeDfORk.Me


4/52www.networkworldme.com4 Network World Middle East September 2011

The moving target

Jeevan Thankappan

Senior Editor

[email protected]

Is perimeter security dead? For almost two decades,

the predominant security model has been focused on

hardening the perimeter, with a irewall defending

your network. Now with the torrent of smartphones

and tablets entering the corporate networks and

given the collaborative nature of the business, we are moving

to a world without network boundaries, which is forcing

IT managers to think about network security in a different

way. We instinctively trust insiders and distrust outsiders

and the security model in most organisations relects that

a fortiied perimeter with a soft inside. But, studies after

studies show that nearly half of the security breaches were the result of users abusing their

rights to the sensitive data. In this age of cloud computing, telecommuting and remoteaccess, most companies are slowly getting used to the fact that their sensitive data is moving

over networks that are often not their own, beyond the controls of corporate irewalls. It is

becoming accepted wisdom among IT managers that it is almost impossible to protect your

network boundaries because you no longer know where they are or where your security

holes are. Security experts say those companies that take a step back, review risks and

identify their crown jewels and develop a plan to deal with foreseeable problems stand

in good stead. Probably, the biggest shift in network security today is the focus on data;

its no longer suficient to protect just your hardware but you must consider the sensitive

information that resides in those. It is also imperative to educate users about safer network

behaviour. In most cases, companies spend on expensive security tools and solutions and

forget the all important part of educating the users. Often the weakest link in security is not

technology, but the people who use it. And remember this oft-repeated advice: trust no-onewhen it comes to security and treat every device like a suspect.

NOT YOUR COPY?If youd like to receive your own copy ofNWME every month. Just log on and requesta subscription: .erkrldme.m

FROM THE EDITOR

www.networkworldme.com | Issue 150 | September2011

PLUS: NEXT GEN FIREWALLS | DESKTOP VIRTUALISATION | M2M COMMUNICATIONS | SIEM

PUBLICATIONLICENSEDBYTHEINTERNATIONALMEDIAPRODUCTIONZONE,D

UBAITECHNOLOGYANDMEDIAFREEZONEAUTHORITY

Key strategies, concepts and tools

Network securityessentials

PublisherDominic De Sousa

COONadeem Hood

Managing DirectorRichard Judd

[email protected]+971 4 440 9126

Sales Director

Rajashree R [email protected]+971 4 440 9131

EDITORIAL

Dave [email protected]+971 4 440 9106

Senior EditorJeevan Thankappan


ADVERTISING

Sales ManagerSean Rutherford


CIRCULATION

Database and Circulation Manager

Rajeesh [email protected]+971 4 440 9147

PRODUCTION AND DESIGN

Production ManagerJames P Tharian


Art DirectorKamil Roxas


DesignerFroilan A. Cosgafa IV


PhotographerCris Mejorada


DIGITALwww.networkworldme.com

Digital Services ManagerTristan Troy Maagma

Web DevelopersJerus King Bation

Erik BrionesJefferson de Joya

Louie Alma


Published by

1013 Centre Road, New Castle County,

Wilmington, Delaware, USA

Branch OfficePO Box 13700

Dubai, UAE

Tel: +971 4 440 9100Fax: +971 4 447 2409

Printed by

Printwell Printing Press LLC

Regional partner of

Copyright 2011 CPIAll rights reserved

While the publishers have made every effort to ensurethe accuracy of all information in this magazine, they

will not be held responsible for any errors therein.


5/52



bits

Ericsson and Pacific Controls have signed a

Memorandum of Understanding (MoU) to

jointly develop ICT enabled smart solutions

for vertical industry sectors. With the

combined efforts and experience of both

companies, Ericsson and Pacific Controls

will enable customers to offer smarter

services and products to their end-users.

The agreement calls for Ericsson and Pacific

Controls to jointly cater to the business needs

of sectors such Energy, Utilities and certain

areas of Government. With Ericsson as the

global leading provider of telecommunication

technology and services and its consulting and

systems integration capabilities combined with

Pacific Controls expertise in the fields of energy

management, remote monitoring, controlling

and M2M (Machine-to-Machine) applications,

customers will be able to cut their costs, increase

their revenues and enhance their overall

productivity.

In addition to adding value to customers

business and introducing initiatives to provide

optimum benefits to end-users, the one year

agreement is also in line with Ericssons 50

Billion Connected Devices by 2020 vision.

Anders Lindblad, President, Ericsson

Region Middle East and North East Africa,

said: Offering customized solutions to

enhance our customers business needs

is one of Ericssons main objectives. This

collaboration will enhance our customers

productivity and reduce operational costs, and

enrich the lives of their end users.

Ericsson partners with Pacific Controls

Zain Saudi Arabia (Zain KSA), a mobileoperator in the Kingdom of Saudi Arabia,

has selected Alcatel-Lucents IP/MPLS-

based mobile backhaul solution to respond

to the sharp increase in bandwidth

requirements, and to keep pace with

subscribers demands.

Saudi Arabia is widely recognised as the

largest telecommunications market in the

Middle East region, with growth in this sector

currently estimated at about 30% per annum. A

recent report by the Riyadh-based Economics

Studies House, commissioned by the MTN

Group, showed that the penetration rate of

mobile phones in Saudi Arabia could grow from

the current 32% to 60% by 2014, with over

20 million subscribers. The report noted that

this would not only require a rapid rollout of

capacity to service almost 13 million new lines

over the coming nine years, but would also

require dramatic increases in network coverage

and service availability to meet demand in the

Kingdom.

The Alcatel-Lucent solution offers a

Dr. Saad Al Barrak, Zain KSA CEO &Managing Director

Zain KSA goesall IP

Anders Lindblad, President, Ericsson Middle East and North East

converged, scalable, multi-access

and all-IP network allowing

dynamic service creation and

delivery at the lowest cost per

bit while enabling broadband

accessibility to all Zain KSAsubscribers, delivering service

innovation, streamlining

network operations and

generating new revenues for

the operator. As part of the

Alcatel-Lucents High Leverage

Network architecture, the

solution will offer to Zain an

increased capacity at lower cost while providing

the necessary service reliability and quality

of experience that subscribers expect, while

it will strengthen the ability of Zain KSA to

offer its customers the best possible quality

of experience and also prepare its network

infrastructure to immediately launch next

generation communication and data services.

Zain KSA looks forward to working with

Alcatel-Lucent on this important

network evolution project

designed not only to improve

the customer experience with

a reliable and stable network,

but also to take our customersto the next level of mobility

and beyond, said Dr. Saad

Al Barrak, Zain KSA CEO &

Managing Director. Through

our competitive vendor

selection process, Alcatel-Lucent

demonstrated that they are

ready to deliver innovative, cost-

effective, state-of-the art technology and deliver

financial value to Zain KSA.

As part of this project, Alcatel-Lucent is

deploying its 7750 Service Router (SR) and 7705

Service Aggregation Router (SAR) along with

the Alcatel-Lucent 5620 Service Aware Manager

(SAM) and the Alcatel-Lucent 5650 Control

Plane Assurance Manager (CPAM). The Alcatel-

Lucent IP portfolio will make it possible for Zain

KSA to deliver scalable, evolvable, cost-efficient

and fully managed IP-based transport able to

adapt to the expected increase in core traffic

for years to come and to the advances brought

about by the introduction of fourth-generation

mobile technology.

8.2%growth in bladeserver shipmentsin Q2


7/52September 2011 Network World Middle Easwww.networkworldme.com

HP has unveiled HP VirtualSystem for

VMware, an optimised, turnkey solution

that gives organisations a virtualised

infrastructure that speeds implementation

and provides a foundation for cloud

computing.

As virtualisation has gained adoption,

multi-tier network architectures, virtual

Worldwide server shipments in the

second quarter of 2011 grew 8%

year on year, while revenue moved

upward 19.5% year on year, according

to Gartner. The second quarter

produced solid growth on a yearly

basis, as the recovery that started

in 2010 continues to eke out slow

improvements, said Jeffrey Hewitt,

research vice president at Gartner.

All regions showed yearly growth in

both shipments and vendor revenue,

although in both measures the market

is again below the pre-downturn

levels we saw in the corresponding

quarter of 2008.

x86 servers forged ahead and

grew 8.4% in units for the quarter

and 17.7 percent in revenue. RISC/

Itanium Unix servers declined 8.5%

in shipments but showed a revenue

increase of 4.3% compared with the

same quarter last year. The other

CPU category, which is primarilymainframes, showed a strong growth

of 48.8%, Hewitt said.

All of the top five global vendors

had revenue increases for the second

quarter of 2011. HP continued to lead

the worldwide server market based

on revenue. The company posted over

$3.9 billion in server vendor revenue,

accounting for 29.8% of the server

market based on revenue. This share

was down 2.2 percent year on year.

In server shipments, HP remained

the worldwide leader in the second

quarter of 2011 with a year-on-year

shipment increase of 11.7%. This

growth was driven by increases in

HPs ProLiant brand. HPs worldwide

server shipment share was 30.8%,

representing a 1.0 percent increase in

share from the same quarter in 2010.

Of the top five vendors in server

shipments worldwide, all but Dell

posted increases in units for the

second quarter of 2011.

sprawl, inflexible storage, unpredictable

workloads and security concerns have

increased complexity and limited broad

deployment. To help midsize to large

organisations address these challenges, HP

VirtualSystem for VMware includes virtualised

HP Networking solutions, HP Converged

Storage, HP BladeSystem servers, HP Insight

software with on-site installation services.

HP says with Virtual System, users can

accelerate virtual machine mobility by up to

40% while doubling throughput and reducing

network recovery time by more than 500

times with the new HP FlexFabric virtualised

networking solution.

Virtualisation has become mainstream

for clients, but there are obstacles to broad

deployment, said Alaa Al-Shimy, Enterprise

Servers, Storage and Networking Director,

HP Middle East. With HP VirtualSystem for

VMware, clients can simplify and scale their

virtualisation deployments to provide a clear

path to the cloud.

Server shipments,

revenue grow in Q2

HP simplifies virtual infrastructure

deployments

Huawei Enterprise has rolled out latest

switching hardware devices that its

company claims will transform the way in

which IT networks are designed to benefit

business operations in the long run.

Huaweis new switch X7 series: S1700,

S2700, S3700, S6700 and S7700 provide full-

featured networking technology to a wide

range of businesses from SMBs to larger size

companies. The latest switch series, says

Huawei, will support and simplify large and

complex projects including the deployment

of Local Area Networks (LAN) for campuses

as well as Data centres, using its innovative

switching technology.

With increased performance thanks to

a faster wire-speed network throughput

and reduced power consumption by

10%, Huaweis latest X7 Switch series are

also designed for easy installation and

maintenance. In addition, its state-of-the-

art architectural design runs on a common

operating system via Huaweis patented

technology Versatile Routing Platform

(VRP), allowing businesses to optimize the

operational cost of their IT assets.

We are moving into a world where

features including Voice over IP, video-

sharing and social media networking

applications are dominant tools that

businesses typically need to communicate

with one another, said Dr. Liu Qi, President,

Enterprise Middle East. The increasing

use of such applications has intensified the

network traffic flow of every organisation

and requires that switching technologies are

more reliable, flexible and perform better in

terms of connectivity.

huai xands sitcing ortolio

Alaa Al-Shimy, Enterprise Servers, Storage and Networking

Director, HP Middle East



Telecom Egypt turns on 40Gcable network

Global Knowledge sets up newHQ in Egypt

Honeywell has completed its acquisition

ofEMS Technologies, for approximately

$491 million. EMS is a leading provider

of connectivity solutions for mobile

networking, rugged mobile computers

and satellite communications. The

acquisition will enhance Honeywells

existing capabilities in rugged mobile

computing technologies within its

Automation and Control Solutions business

(ACS) and satellite communications

within its Aerospace business. EMSs

Global Resource Management (GRM)

division provides highly ruggedised

mobile computing products and services

for use in transportation, logistics, and

workforce management settings as well

as secure satellite-based asset tracking

and messaging technology for search

and rescue, warehousing, and field force

automation environments. Through itsAviation division, EMS provides terminals,

antennas, in-cabin network devices, rugged

data storage, and surveillance applications

predominantly for use on aircraft and in

other data gathering objectives.

Honeywellcompletes EMSacquisition

bits

Telecom Egypt and Alcatel-Lucent have

announced that the TE-NORTH Cable System,

provisioned with 40 Gigabit per second

(40G) wavelengths across the Mediterranean,

is in service. TE-NORTH is the first

Mediterranean cable network to provide

commercial service using this newest 40G

technology.

The 3600km system connects Abu Talat,

Egypt, to Marseille, France, with a branch to

Pentaskhinos, Cyprus and also includes other

branching units for further expansions in the

Mediterranean basin. The introduction of this

advanced technology, essentially doubles the

original design capacity of the system from 10

Terabits per second to over 20 Terabits per

IT and business skills training provider

GlobalKnowledge has relocated of its Cairo

office and training centre to Sheraton Heliopolis

from Korba Heliopolis. The companys new

headquarters house additional classrooms and

offers a state of the art learning environment.

Global Knowledges investment in its Egypt

operations comes at a time when recent

political events have resulted in an uncertain

economic climate, with other companies

freezing or decreasing investment in the

country. The company says relocation and

expansion reflects its long standing dedication

to Egypt and growing the Egyptian IT training

market.

Global Knowledges MD of Egypt and North

Africa Maged Thabet said, Were extremely

pleased to be relocating to our new Sheraton

headquarters, giving us additional classroom

space and state of the art facilities. It is a strong

reflection of Global Knowledges unwavering

commitment to Egypt and our valuablecustomers here. Were certain our new

facilities will further maximise the value and

return customers receive from our training.

With its new facilities, Global Knowledge

says it has enhanced the value for class

attendees by providing even more classrooms

and completely upgrading them and its

testing centre. The companys new six floor

office features 24 classrooms and labs, fully

equipped with the latest computers and

network infrastructure. Its testing center

also offers the latest infrastructure, vendor

software and testing equipment to simplify

the testing and certification process. In total,Global Knowledge offers over 1,500 courses

in Egypt from basic network troubleshooting

to advanced level certifications from leading

vendors in the IT industry.

second (Tb/s), equivalent to the transfer of over

32,000 HD movies in 60 seconds.

TE-NORTHs expanded design capacity

enables Telecom Egypt to meet the

growing demand of their customers and

the region on this important international

telecommunications route. By boosting

connectivity across the Mediterranean basin,

the 40G technology enhances Telecom Egypts

ability to serve global operators whose

international services transit Egypt and rely on

Egypt to hub the services in the Middle East,

Asia and Africa region.

Global Knowledges MD of Egypt and North Africa Maged Thabet


9/52

InfraStruxure Management Suite is an integral part

of the APC by Schneider ElectricTM InfraStruxure solution

the industrys one-of-a-kind scalable, adaptable, and

on-demand data centre architecture. InfraStruxure is

the only end-to-end data centre solution thats easy to

deploy. From concept to commissioning, you can scale

your infrastructure quickly to your business strategy and

adapt simply to ever-changing IT technologies.

InfraStruxure Management Suite integrateswith multiple systems, including:

>

PowerLogic

TM

ION-E power management> TACTM building management

> Microsoft System Centre Operations Manager

> Microsoft System Centre Virtual Machine Manager

> IBM/Tivoli

Finally, IT management software thatshows you everything you need to see

How much power andcooling should I planfor next year?

Where should I placethe next server?>

>>

>How many replacementbatteries will I needto budget for?

Does the generator haveenough fuel to power anextended outage?

Only APC InfraStruxure Management Suite connects ITand facilities for higher availability and efficiencyFinally, the power to see what facilities sees

As an IT or data centre manager, you work hard to proactively avoid and manage availability risks

while concurrently working toward greater operational and energy efficiency. Doing your job well

means saving lost money and lost time. Until now, though, youve been seeing only half the picture.

Historically, your view of your data centre architecture has been limited to the IT space. Today,

InfraStruxureTM Management Suite software, which comprises InfraStruxure Central and

InfraStruxure Operations, lets you see across your entire data centre architecture. Now, get the

big picture you need to protect availability and realise greater efficiency. So now you can monitorinterdependent devices that may be outside the data centre but can significantly affect your

availability and efficiency.

Integrated management from rack to row to room to building

The softwares open, standards-based platform gives you this end-to-end view. You can

determine by reading the meter, for example, whether the buildings total power capacity

can handle the addition of more IT equipment. Or you could look at your generator through

Modbus to see if it has enough fuel to power an extended outage. You also could monitor

chillers and breakersall through the IT management system! In short, you gain better

control and management of your data centres availability and efficiency at all times. With

this clear view, you now can better align your IT equipment to your business needs.

A healthy and green data centre

With InfraStruxure Management Suite, you can view your current and historic PUE/DCiE,

enabling you to identify exactly where energy is spent and what the associated costs

are. Using real-time data enables you to predict how changes will affect your day-to-day

operations and energy use and, by extension, your budget and future operations.

Three steps to WIN an iPad!1. Bring this ad and your business card to the APC by Schneider Electric booth at Gitex 2011, Hall 1, Stand E1-40.

2. Take the four-step tour and receive a FREE bag.

3. Enter the lucky draw to win an iPad were giving away one a day for five days!*

For more information on solutions:

Visit www.apc.com/promoand enter Key Code 95144t

Call +9714 7099690 (Arabic) /+9714 7099691 (English) Fax +9714 7099650

2011 Schneider Electric. All Rights Reserved. Schneider Electric, APC, InRow, and InfraStruxure are trademarks owned by Schneider Electric Industries SAS or its affiliated companies. All other trademarks are property of theirrespective owners. IBM and the IBM logo are trademarks or registered trademarks of International Business Machines Corporations in the United States, other countries, or both. 998-3822_GBAPC Middle East PO Box 53852 Dubai United Arab Emirates. *Conditions apply. Promotion giveaways are at the discretion of APC. Details and conditions for the lucky draw available at the APC by Schneider Electric booth.



bits

Enterprises and service providers

spentmore money on storage in the

second quarter, emboldened by growing

IT budgets, according to the research

company IDC. The boost in storage has

come along with investments in cloud

computing and data - centre virtualisation,

IDC analyst Liz Conner said. Companies

are updating their storage systems for the

era of big data, to deal with huge and

growing volumes of information, she said.

The total market for disk storage

systems grew just over 10% from last

years second quarter to reach almost

$7.5 billion in revenue, IDC said in its

Worldwide Quarterly Disk Storage

Systems Tracker. IDC defines disk storage

systems as collections of three or more

drives, either in or outside servers.

External disk storage grew 12.2% year

over year to slightly more than $5.6 billionin factory revenue, IDC said.

The revenue gains came on top of strong

results from last years second quarter,

when the industry was recovering from

the recession of 2008-2009, Conner said.

The total amount of capacity delivered also

continued to rise, with total disk storage

systems shipped in the quarter representing

5,353 petabytes of capacity, up 46.7% from

a year earlier. In the second quarter of 2010,

there were 3,645 petabytes sold, a 54.6%

increase.

Sales increased across all major product

categories, including NAS (network-

attached storage) and all types of SANs

(storage-area networks). The total market

for non-mainframe networked storage

systems, including NAS and iSCSI (Internet

SCSI) SANs, grew 15.0% from a year

earlier to $4.8 billion in revenue, IDC

reported. EMC led that market with 31.9%

of total revenue, followed by NetApp with

a 15.0% share.

HP releases federatedstorage systemAs part of its Converged Storage portfolio,

Hewlett-Packard (HP) has released new

federated storage software, Peer Motion,

which enables admins to transparently

move application workloads between

disk systems in virtualised and cloud

computing environments.

HP also unveiled a new storage array

line, the P10000 3PAR Storage System, which

is aimed at supporting public and private

clouds with twice the capacity and port count

of previous HP products.

The Peer Motion software allows

applications and data to be moved between

any HP-branded storage systems as well

as systems from its subsidiaries: 3Par and

LeftHand, according to Craig Nunes, director

of marketing for HP Storage.

Similar to VMwares vMotion software,

Peer Motion allows live migration of data on

storage systems supporting virtual machines

with no application downtime.Peer Motion is aimed at several data

centre needs, Nunes said, including the

balancing of workloads where an application

outgrows its forecasted requirements and

must be redistributed across storage systems.

The software can also be used in bringing new

storage systems on line when older ones are

retired, and for thin provisioning of storage in

virtual environments.

Legacy storage systems architected

20 years ago were never designed for the

dynamic IT-as-a-Service world, forcing

organisations to use expensive and

inefficient bolt-on virtualisation approaches,

said Walid Gomaa, Storage Business Unit

and Sales Manager, HP Middle East. Thetrue peer-based storage federation in HP

Converged Storage solutions can handle

the inherent unpredictability of always-on,

multitenant environments while reducing

expense, management overhead and risk to

service levels.

Brocade has unveiled an infrastructure

procurement model designed for cloud

computing, along with additions to its

new VDX data centre switch line. Brocade

rolled out a subscription-based acquisition

option that allows customers to acquire

network capacity on demand as required

by fluctuating business demands. Brocade

Network Subscription is optimised to address

cloud-based IT environments, Brocade says.

Brocade Network Subscription is designed

to allow customers to scale capacity up and

down according to actual network utilization

with no capital outlay. Customers pay for

their network infrastructure on a monthly

basis, and can return equipment to Brocade

when capacity demands are not as high.

Network Subscription is not a managed

Infrastructure-as-a-Service offering;

essentially, its an option for customers

who need more flexible procurement,

lease or rental alternatives to control

network capital expenses or who have

tight budget constraints.

Brocade caters to cloud customers

Storageshipments keepsurging: IDC

Walid Gomaa, Storage Business Unit and Sales Manager,

HP Middle East


11/52September 2011 Network World Middle Eastwww.networkworldme.com

Data growth remains one o the biggestchallenges or IT. Managing double-digit

growth in data with shrinking IT budgets is a

daunting task acing many CIOs. With storage

capacity exploding at a rate o almost 60%

per year, IT executives are orced to rethink

what type o storage system is best suited or

their data.

What are the keys to handling such colossal

growth in data generation in times like these?

How do we harness virtualisation and cloud

computing strategies to deliver an optimalinormation inrastructure and capacity in a

timely and secure manner?

Sign up today to join this exclusive discussion.

Share your views and concerns with your

peers and industry experts and, in the

process, gain insights into more efectively

securing the uture o your business!

http://www.networkworldme.com/ms/

netapp/roundtable.php

CIO Round TableRethinking storage strategiesNetwork World Middle East and NetApp invite you to participate in anexclusive roundtable discussion on 20th September, 2011. You will join

your C-level peers and industry experts in an open and inormal discussionon enterprise storage strategies

Date: 20th September, 2011

Venue: The Address, Dubai Marina

Time: 10 am to 12 noon

(Lunch will be served)

(Note: This is a closed-door group discussion

of 10-15 people- there is no audience. Open

to pre-selected CIO/Heads of IT/ Networking

and data centre managers only)

Take our short surveyon enterprise storage

By answering just a few

questions, you can help us

guage your storage needs.To thank you, we will send

you a free subscription to

Network World Middle East

and the results once they

are compiled.

Go to:http://www.networkworldme.com/

ms/netapp/survey.php

Brought to you by:



GOOD BAD

LTE to drive the growth ofmobile broadband

According to Frost & Sullivan, as

the demand for mobile broadbandservices continues to explode,

the service providers have shown

preference for moving towards

faster data networks. With LTE technology

offering lower operating costs for mobile

data transfer, the mobile operators

worldwide are progressively committing

themselves to LTE network deployments

as a path for moving towards Fourth

Generation (4G) services. With recent

LTE launches in Europe and the US,

the device and service ecosystem will

is expected to mature and LTE will gain

further momentum in other markets acrossthe globe, particularly in Asia Pacific and

Middle East.

IE will drop under 50% shareby mid-2012

Microsofts Internet Explorer (IE)

will lose its place as the majority

browser next summer, according

to statistics published today by Web

metrics company Net Applications.

If the pace of IEs decline over the last

12 months continues, IE will drop under

the 50% mark in June 2012. In August, IElost about seven-tenths of a percentage

point in usage share, falling to 55.3%, a

new low for the once-dominant browser. In

the last year, IE has dropped 6.9 points.

But Microsoft continued today to stress

the success of IE9, the edition launched

last March, particularly on Windows 7.

Mobile apps fail big time atsecurity

A study from digital security

company viaForensics paints a

stark picture of the vulnerabilityof smartphone user data. viaForensics

evaluated 100 popular consumer apps

running on Android and iOS, and found

that 76% store usernames, while 10%

store passwords as plain text. Those 10%

included popular sites such as LinkedIn,

Skype, and Hushmail.

And while only 10% of applications store

both username and passwords as plain text,

leaving them vulnerable to hacks, even the

76% who store only usernames that way are

vulnerable.

Bad

Ugly

UGLY

bits

Good

Astaro releases SecurityGateway version 8.2

Astaro, a Sophos company and Unified

Threat Management (UTM) provider, has

released the version 8.2 of the Astaro Security

Gateway (ASG). Chief amongst the over 60

new features or enhancements in version

8.2 are Application Control (Next Generation

Firewall), Interactive Web Reporting and a new

authentication agent. These new features and

enhancements dramatically improve network

performance while providing increased

visibility and control over the network.

As technology changes, so too must

the tools organisations use to control

their networks, said Jan Hichert, senior

vice president, network security, Sophos.

With version 8.2 we once again ensure

our customers can face current and future

network and security challenges by offering

the next generation of firewall technology -

Application Control.

The Astaro Security Gateway version 8.2

includes over 60 other enhancements or

new features. These include, support for 3G/

UMTS USB modems, Form Hardening for Web

Application Security, Web Filtering Safe SearchEnforcement, enhanced virtualisation support,

SNMP v3, weighted balancing for WAN Uplink

and server load balancing, group in-group

support for network groups, SSID to Access

Point assignment, rebootless reconfiguration of

Access points and more.

In addition to the new features available in

version 8.2 of the ASG, the newest edition of the

flagship Unified Threat Management solution

now includes a technical preview of Astaros

upcoming Log Management product that isintegrated into the Astaro Security Gateway

and available for all users to try for free.

Alcatel-Lucent has introduced a setof

services to proactively analyse performance in

fixed networks, identify potential problems and

take action to minimise their impact.

As operators move more services to their

IP-based networks, they also become more

reliant on good network performance. It can

mean the difference between retaining a loyal

subscriber or losing them to a competitor,

according to Alcatel-Lucent.

To help operators stay one step ahead,

Alcatel-Lucent offers the Proactive Services

Suite. So far, the suite has been used to monitor

wireless networks, but Alcatel-Lucent is now

expanding that to include fixed networks based

on IP, IMS (IP Multimedia Subsystem) and

optical networks, as well. The company also

will be introducing support for equipment from

other vendors by the end of this year, it said in

a statement.

Key elements include proactive care and

network analysis. Proactive care monitors fault

data in near real-time and compares it against

a set of health criteria, based on that it provides

reports and recommendations on how to

address an issue before it starts affecting

users. The network analysis uses algorithms

developed by Bell Labs to identify network

trends and outage conditions before they

impact services

Alcatel-Lucent aims to fix networkissues

Mr. Jan Hichert, senior vice president, network security, Sophos


13/52

InformationSecurity...

[email protected]

Paramount Computer Systems FZ LLC

Dubai

T: +9714 391 8600

F: +9714 391 8608

Abu Dhabi

T: +9712 672 4288

F: +9712 674 5520

Qatar

T: +974 455 1641

F: +974 455 1827

Kuwait

T: +965 2247 1409

F: +965 545 6303

Bahrain

T: +973 17727 177

F: +973 17728 444

www.paramountassure.com

paramount@ssuring Value



bits

Africas lack of legacy systems was

expectedto help it lead the world in

adopting IPv6, but as it stands only

Mauritius and Namibia have fully embraced

the latest version of the protocol.

AfriNIC will be allocating IPv4 for the

next two years, meaning people are not in

urgency mode compared to other regions.

Organisations are still in their comfort

zone, said Adiel Akplogan, CEO of AfriNIC,

the regional Internet registrar.

Most hardware shipped to the region

can support both IPv4 and IPv6, which

Akplogan says is helpful to operators

in the region. AfriNIC is working to

raise awareness of the benefits of IPv6

adoption, but is changing its message

about the two protocols to de-emphasize

concerns about the diminishing supply of

IPv4 addresses.

AfriNIC is shifting focus from insisting that

IPv4 resources are depleting to educating

organisations on the beneits of IPv6,

IPv6 adoption slow in Africaespecially in mobile data, Akplogan said.

The new version of the Internet

Protocol is expected to beneit the region

because every gadget can be allocated an

IP address. Currently, not all devices have

IP addresses, so their visibility online is

low.

AfriNIC has been working with

governments and the private sector

to encourage IPv6 adoption, but one

challenge is the lack of African content on

sites that support IPv6. Where available,

content relevant to Africa is largely

hosted abroad, on sites that are still using

IPv4.

The opportunity to grow IPv6 was

deinitely bigger in Africa because of lack

of legacy systems, but Africa is largely a

consumer of online content. If the content

is running on IPv6, then we will be forced

to adopt, if not, we continue running

on IPv4, said Michuki Mwangi, senior

regional development manager at ISOC.

Google to buy Motorola MobilityGoogle has announced that it plans

to buy Motorola Mobility for $12.5bn

(around 7.6bn), subject to regulatory

approval. Motorola Mobility

exclusively ships phones and

its Xoom tablet with Googles

Android operating system. The

deal will mean that Google now

has a hardware manufacturer to

work with closely to develop Android,

said Carolina Milanesi, research vice

president at Gartner.

The acquisition of Motorola Mobility will

enable Google to supercharge the Android

ecosystem and enhance competition in

mobile computing, according to a news

release. The deal will not affect how Android

is developed, and the operating system will

remain open, Google said.

The company will run Motorola Mobility

as a separate business, Google said.

Larry Page, CEO of Google, said, Motorola

Mobilitys total commitment to Android has

created a natural it for our two companies.

Together, we will create amazing user

experiences that supercharge the entire

Android ecosystem for the beneit of

consumers, partners and developers. I look

forward to welcoming Motorolans to our

family of Googlers.

The adoption of server virtualisation

continues to accelerate as organisations

of all sizes consolidate physical

servers in an effort to rein in costs,

improve application management and

streamline IT operations, according

to CommVaults annual virtualisation

survey. With those benefits comes a

myriad of data protection challenges as

users discover that legacy platforms are

incapable of keeping up with the scale,

scope and performance requirements

of the virtual world. In order to keeppace with the data management

needs of the virtualised data centre,

organisations are re-evaluating

protection strategies in search of a

better way to protect, manage and

recover their environments, the

survey reveals. The survey, which

polled Simpana software customers

worldwide, reveal the major factors

driving this continued adoption of

server virtualisation technologies,

as well as the top data protection

challenges associated with protecting

virtualised environments.

Overall, the adoption of server

virtualisation has increased year on year

with 34% of the 388 survey respondents

stating their server environments

were 75% - 100% virtualised. VMware

continues to own the lion s share of

the market vis--vis Microsoft and Citrix

with 85% of those polled listing VMware

as their hypervisor platform of choice.

Virtualisation is

on the rise


15/52



i i: lebanon online

The newly installed platform from

Blue Coat enables Lebanon Online

to substantially reduce operational

expenses by cutting bandwidth spend, manage

sizeable increases in network traffic and

subscriber growth, enhance Web security and

optimize and enhance the delivery of rich Web

2.0 content, large files and video. Lebanon

Online expects the return on its investment

in CacheFlow appliances to be less than six

months, based upon bandwidth savings alone.

With prohibitively high bandwidth costs

in the region and limited capacity to meet our

user demands, the CacheFlow appliance is the

best solution to reduce infrastructure costs

by reducing bandwidth consumption, said

Hussein Turkieh, company engineer and IT

Manager, Lebanon Online. We are extremely

impressed with the results from the CacheFlow

appliance. We found that we could save 50% on

our international bandwidth, which provideda rapid return on investment. In addition, our

users noticed considerable improvement in the

speed and performance of Web applications

and content.

CacheFlow appliances alleviate the bind

that service providers face: scaling to serve

explosive customer demand for rich Web

2.0 media, especially video content, while

containing costs and meeting high end-user

expectations for a fast and interactive Web

experience. Through the use of next-generation

content caching technologies, including the

Blue Coat CachePulse cloud service, CacheFlow

appliances efficiently cache and serve Web

content to provide significant, sustained

bandwidth savings. CacheFlow appliances

allow ISPs, such as Lebanon Online, to

significantly reduce bandwidth consumption,

while improving the Web experience which

results in happier, more loyal subscribers and

greater competitive differentiation.

Lebanon Online is also formulating a value-

added services strategy where it can provide

additional, potentially chargeable services toits customers, including parental controls and

a clean Internet security service to further

leverage the capabilities of Blue Coat solutions.

Speed deliveryThe Internet service provider (ISP) Lebanon Online has deployed a Web cachingsolution to reduce bandwidth costs and enhance end-user experience.

Ajman University of Science and Technology

(AUST), a private institution of higher

education in the United Arab Emirates,

has deployed Blue Coat ProxySG andPacketShaper appliances to accelerate the

delivery of important content and applications

while protecting against Web-based threats.

AUST faces constantly growing Internet

demand from 8,000 students and staff as

well as demands placed by new services,

such as a sophisticated e-learning system

and an online library, that add to the

universitys overall bandwidth requirements.

To operate within the bounds of our

network capacity, it became imperative

for us to have visibility into Web traffic

and then be able to intelligently manage

it, said Mohammed Salman, IT director,

AUST. We found that Blue Coat solutions

provided precise, yet flexible controls, ahigh level of Web security and considerable

Internet bandwidth savings while also

enhancing the Internet experience for our

students and staff.

AUST deployed PacketShaper appliances

to discover and categorize applications on

the network, measure network application

performance, guarantee quality of service

(QoS) for priority applications and mitigate

the network impact of non-business

applications and content. The university also

deployed Blue Coat ProxySG appliances at its

Internet gateway to provide comprehensive,

real-time protection against Web-based

malware and other malicious content without

compromising network performance.Ajman University of Science and

Technology (AUST) Network was founded

in 1988, as a private institution of higher

education. Today it is a multi-campus,

multi-discipline cutting-edge university that

employs the latest technology. It has more

than 600 academic and administrative

staff and an additional 350 support staff.

AUST selected the Blue Coat solution after

an exhaustive vendor evaluation. Systems

integrator GBM Dubai managed the

implementation and training.

AUST deploys app acceleration solution


17/52

Simply connectedThe new campus network

The challenge of the new businessnetwork is expectations: Expectations

of solving long-standing challenges,

expectations of greater profitability

and productivity, and expectations that

interactions across the ecosystem of your

business will be digital and accessible from

anywhere on the device of my choice.

Mobility is dramatically changing user

behaviour and expectations of digital

interactions. While business leaders and

cube dwellers alike push for the freedom to

adopt new applications and devices, IT must

control access to applications, corporate

data, and the economics of supporting new

and legacy systems.

From an IT strategy perspective, mobility

could be viewed as yet another layer of

complexity that IT must attempt to handle.

Alternatively, could the onslaught of mobile

devices, multiple user groups, and a network

designed to connect employee PCs present

an opportunity to simplify and future proof

the infrastructure?

At Juniper, we believe users can have the

freedom the business needs

to innovate and survive in the

next-generation workplace,

while technology leaders

can have the control and

economics they demand.

We believe this evolution

is possible because our

customers are already safely

managing personal devices on

their networks, simplifying the

network infrastructure, and

using wireless as their primary

network access method.

Control Users and

Applications, not Devices

and Networks

The proliferation of network connectedend user devices hungry for content-rich

applications is a trend far from hitting the top

of its curve. Attempting to manage and

control security on multiple user devices

running a range of operating systems and

security protocols is a path to increased

complexity, end user noncompliance, more

risks, and higher costs for the enterprise.

The new network requires a omprehensive

security solution managed and delivered

at the connection level, capable of remote

data wiping, access rights management, and

full enforcement of security policies on any

device, anywhere, anytime.

Device-Agnostic, End to End Security

How will you safely enable iPads today?

What about the next hot device? As devices

and services change, the business network

should be able to offer the same, easy

method of secure access. A simple single

client which works on all types of devices

will provide a fast and secure method for

enabling new devices with no extra work. In

advertorial

addition you will need to manage securityand access controls by user, regardless of how

many devices and what network they use to

connect to interact with your company.

Juniper Networks Junos Pulse allows IT to

manage security without having to control

the device, while Juniper Networks Unified

Access Control and SRX Series Services

Gateways deliver end to end security across

the enterprise.

Wireless Access Becomes Primary

On-Ramp

The Wi-Fi networks deployed in buildings

today were meant for casual wireless use, but

they are now becoming the main on-ramp

to the business network. Employees and

guests expect the same experience on

wireless as they have experienced with wired

Ethernet. As more devices and people rely

on this network, the expectations and need

for the wireless network to perform in order

to deliver a solid application experience

continue to rise.

Juniper Wireless LAN Provides NonstopPerformance

Juniper Networks WLA Series Wireless LAN

Access Points provide indoor or outdoor

802.11a/b/g/n connectivity for a variety of

situations and installation sizes. All WLA

Series products provide the bandwidth

controls and performance to service

demanding mobility applications, such as

voice and video over wireless.

EX Series Simplifies the Wired Network

Juniper Networks EX Series Ethernet

Switches with unique Virtual Chassis

technology simplify the network by creating

a single managed entity. At each layer of

the network, Juniper can streamline and

consolidate legacy architecture into a

simpler form.

The Juniper Networks vision for the new

campus network is the only comprehensive

network architecture that provides all of the

accessibility, security, and simplicity required

by the new era of mobility in one open and

scalable package.

September 2011 Network World Middle Eastwww.networkworldme.com


18/52



this impenetrable wall of security around

their organisations. This often results in

defining extremely technical rule sets to cover

almost any attack vectors. Due to internal

and external business pressures, companies

are required to become more open,

collaborative and dynamic to allow it to meet

its stakeholders requirements, says Franz

Erasmus, Practice Manager, Information

Security CA Technologies Middle East &

North Africa.

Companies relying on perimeter security

are now faced with a new set of problems;

how to define these new set of technical rules

and expectations in a daily, hourly and more

frequently at the event level? Clearly this type

of security is becoming highly impractical

if not impossible to protect a companys

resources and secrets, he adds.

James Lyne, Director of Technology

Strategy, Sophos, agrees that perimeter

security alone is not going to be sufficient

to deal with todays threat landscape.

SophosLabs now sees on average over

150,000 malware samples every day and anew infected web page every few seconds.

The velocity of content generation and the

prevalence of low volume, targeted attacks

are placing increasing pressure on content

based security technologies. More and

more context is required to make effective

decisions, such as the reputation of a file, its

URL or perhaps the behaviour of the item

when running.

He points out that users also have a

greater tendency to roam today, often

not routing their traffic back to the office

network - they of course continue to require

protection in this scenario demonstrating the

importance of persistent endpoint protection.

Equally, users will enter your network with

consumerised or untrusted devices, such

as smartphones, where you do not have

the option of an endpoint deployment.

These use cases are among the many which

demonstrate the importance of both the

network and endpoint layers.

Changing face of security

Now with the perimeter being permeated

by dozens of connections to the outside

world, and mobile devices and users

regularly crossing the perimeter, companies

are forced to make security ubiquitous

throughout the network. This is a must to

protect the company from both external and

internal threats. What is important to keep

in mind is that the level of security should

be proportionally applied to the resources

protected and threat involved, says Erasmus.

Steven Huang , Director of Solutions and

Marketing, Huawei Enterprise Business,

adds that before applying network security

controls, it is essential that organisations

have a thorough understanding of both their

network and critical assets. Security controls

should not impede business continuity

and the organisations priorities must come

first. Information and resources should be

available freely but securely to all the users.

Increasingly, companies are shifting

their security model from location-centric

to information-centric, which will likely take

a while before becoming the predominant

security model. In the meantime, most

companies end up with a hybrid model

of both location- and information-centric

elements. The perimeter is still important,

but is increasingly just one of the layers of

protection and is supplemented by strong

user authentication, application controls and

user-centric logging and auditing.

Rethinking priorities

The biggest business challenge today, in

the minds of many security experts, is the

stealthy online infiltration by attackers to

steal valuable proprietary information.

The reality, they say, is that these so-called

advanced persistent threats are so rampant

and unrelenting they are forcing IT to rethink

network security. They state bluntly that

focusing on fortifying perimeter is a losing

battle. What kind of defense model do you

need then?

Defense-in-depth, but increasingly

defense-in-width is proving to be a very

effective security model to deploy. Defense-

in-depth traditionally looked at protecting

resources by providing additional security

measure in layers. Should one measure

fail a second measure will be able to still

secure the resource, whilst slowing the

threat, says Erasmus.

Lyne from Sophos echoes a similar

Defense in depth, the use of multiple layers and different

classes of protection technology provide the most

effective strategy. This concept, which is far from new, has

never really been adopted widely due to the high cost of

adopting individual best-of-breed solutions.

Franz Erasmus, Practice Manager, Information Security CA Technologies Middle East & North Africa

IN ASSOCIATION WITH



opinion: Defense in depth, the use of multiple

layers and different classes of protection

technology provide the most effective

strategy. This concept, which is far from new,

has never really been adopted widely due to

the high cost of adopting individual best-of-

breed solutions. However, it is still the best

way to deal with the unknown, since building

a high net increases the chances of catching a

targeted attacker. Organisations should look

to security vendors to provide a wide array

of security controls spanning the endpoint

and the network. Critically however, these

controls must be sufficiently simple to be

realistically usable.

Cloud Security

Security-as-a-Service or cloud-based

security service is catching on as technology

managers find them to provide more

flexibility than they found when running

their own network and security equipment.

Whether you are an IT manager, or a security

specialist, chances are you are rethinking

assumptions about what security solutions tobuy, how to implement them, and even how

to manage them. Your existing requirement is

to sustain or, better still, enhance protection

against malware, spyware, spam, and the

myriad other intrusions and vulnerabilities

that threaten precious information and

systems. Your new requirement is for more

efficiency and more seamless protection, with

less thought and effort. The definitive solution

to this dilemma is easier and safer than you

think: Security-as-a-Service, says Essam

Ahmed, Regional Presales Manager, McAfee.

He adds that regardless of whether

you have the benefit of extensive security

expertise in-house, this proven managed

service approach can help you maintain and

even increase protection, while minimising

costs. It is a safe bet today for all sizes of

organisations.

Huang from Huawei says these cloud-

based services include protection against web

and email threats, monitoring of inbound

and outbound network traffic, and assessing

Whether you are an IT

manager, or a security

specialist, chances are you

are rethinking assumptions

about what security

solutions to buy, how to

implement them, and even

how to manage them.

Steven Huang, Head of Solutions and Marketing, EnterpriseBusiness ME, Huawei

Essam Ahmed, Regional Presales Manager, McAfee

James Lyne, Sophos

an externally facing website for potential

vulnerabilities.

He cautions that though Security-as-

a-Service is still growing, it still needs a

lot of work to be done to make the model

successful; its a market in transition.

Whither network security?

With new attack methods evolving, network

security strategy should also change rapidly

to keep pace. Now the question is, will

network security remain an importantelement of IT architecture or will the focus

switch to application and data-level security?

Asli Aktas, Regional Director of Enterasys

Networks says network security will

remain a key architectural component of a

defense in depth approach. Yes the focus is

on applications and data but it needs to be

supported by the network infrastructure,

she says.

Erasmus agrees that network security

will remain an element of IT architecture

as long as there are private and public

networks to protect. Most certainly we are

seeing renewed focus on application and

data security, but this should not be seen as

a silver bullet to securing the organisation.

In fact companies are best served with

security initiatives that are collaborative and

complimenting to the overall security posture

of the organisation, he sums it up.

feature |network security

IN ASSOCIATION WITH



The One Choice for PCI Compliance

FORTNETS END TO END PCI SOLUTIONSREDUCE RISKS, OVERALL TCO AND NETWORK

COMPLEXITY.

TALK TO THE PCI EXPERTS.

www.fortinet.com

Fortinet Middle East

Ofce 1208, Al Thuraya Tower 2

Dubai Internet City, U.A.E.

Tel: +971 4 446 1797

Fax: +971 4 426 4698


22/52www.networkworldme.com

feature |NGFW

T mart is sloing driting toard alication-aar irall

it intrusion rvntion and iltring

Demystifyingnext-gen firewalls

The traditional port-based enterprise

firewall, now looking less like a guard

and more like a pit stop for Internet

applications racing in through the often open

ports 80 and 443, is slowly losing out to a new

generation of brawny, fast, intelligent firewalls.

The so called next-generation firewall

(NGFW) describes an enterprise firewall/

VPN that has the muscle to efficiently perform

intrusion prevention sweeps of traffic, as well

as have awareness about the applications

moving through it in order to enforce policies

based on allowed identity-based application

usage. Its supposed to have the brains to

use information such as Internet reputation

analysis to help with malware filtering or

integrate with Active Directory.

But how long will it take for the NGFW

transition to truly arrive?

Part of the challenge is nailing down a

clear definition of what NGFW is. Gartner,

which has its own definition of the gear,

acknowledges some vendors have

application control, some are more advanced

in IPS, adding, The majority of the

enterprise firewall vendors are at the early

stages of this.

The terminology issue is made more

confused by the term Unified Threat

Management (UTM), a phrase coined by

IDC, which says UTM has roughly the same

meaning as NGFW. But Gartner argues UTM

should apply to security equipment used by

small-to-midsized businesses, while NGFW

is supposed to be for the enterprise, defined

as 1,000 employees and up.

But despite this clash of idioms and

the existence of only a tiny installed base

using a presumed NGFW, security vendors

22 Network World Middle East September 2011

IN ASSOCIATION WITH



do appear to recognise that demand for

consolidated multi-purpose enterprise

security appliances is likely to rise.

The market trends are moving in that

direction, says Bashar Bashaireh, Regional

Director of Fortinet Middle East, who

explains some of the factors driving the

adoption of NGFWs. One adoption driver is

the opportunity to see network activity and

bandwidth consumption more clearly. The

way how the employees are using network

have an impact on security and productivity,

so it is very important to know which

applications are used by whom. It is possible

to control applications and associated

bandwidth needs and priorities via a NGFW.

Additionally, some NGFWs can act like data-

loss prevention tools to block usage based

on keywords and other definers.

Why do you need a NGFW? Vendors say

legacy firewalls cant keep with the ever-

changing threat landscape and the focus

needs to be on application control as threats

are getting more complex.

For firewalls that rely primarily onIP addresses, ports and protocols for

classification purposes, the result is the

inability to reliably distinguish network

traffic associated with applications being

used for legitimate business activities

from that associated with applications

being used for other reasons. Traditional

network security solutions, such as stateful

firewalls, do not have the sophistication and

the power to closely scrutinize all traffic

and to sort the good from the bad in this

environment. Stateful firewalls can only

perform stateful packet inspection (SPI).

To them, all protocols sent over a port are

created equal. The result: application chaos,

explains Florian Malecki, EMEA Senior

Product Marketing Manager at SonicWALL.

In comparison to a conventional

firewall that mainly looks at IP network

ranges, the NGFW way of doing things in

application control does represent a new

technology for most customers. Another

key benefit of a next-generation firewall is

that it allows IT security to be more business

driven and aligned with the business.

Maybe some applications or functions in

specific applications are acceptable for

some departments in a company, while they

should be disallowed for others. The classical

example is Facebook. Any company which

is adopting new media for marketing will

have users that need to access Facebook,

while the normal employee should not have.

A next generation firewall allows this type

of granular control, which supports the

business, says Nicolai Solling, Director of

Technology Services, help AG Middle East.

What should enterprises expect if they

want to make the transition from a traditional

firewall to a next-generation firewall?

Bashaireh says it starts with a decidedly

different way of thinking about security

goals associated with a firewall, especially

in terms of establishing application-aware

controls over employees as they access the

Internet, the Web and social networking

sites. For a traditional firewall approach the

focus is on IP addresses and ports whereas

for next generation firewall the focus is on

users and applications.

The need to have more business-

oriented features on security gateways

like firewalls is not really new and

industry dynamics force vendors to add

the capabilities of point products to their

offering. So probably evolution from port-

based firewall to smarter products is driven

by the need for a more comprehensive

protection, a simpler configuration and

management, and an improvement of the

users productivity, he adds.

The old way of talking about traditional

port-based firewalls, with system

administrators discussing the language of

protocols, is inadequate. Companies need to

adopt a more business-focused vocabulary,

related to application use, thats common to

the CIO, CFO and CEO. Thats because the

new generation of fast, intelligent firewalls

are application-aware, enabling enterprises

to establish and enforce identity-based

application usage policies for employees.

Most vendors acknowledge migrating

from a traditional firewall to a NGFW is not

trivial, You have to migrate rules and policy,

and staff will require training, says Solling.

One adoption driver is the opportunity to see network

activity and bandwidth consumption more clearly.

The way how the employees are using network have

an impact on security and productivity, so it is very

important to know which applications are used by whom.

Bashar Bashaireh, Regional Director of Fortinet Middle East

IN ASSOCIATION WITH



Some companies opt to gradually shift toNGFWs by running both traditional and next-

generation firewalls in tandem.

Customers have started to use an

application-aware NGFW to some extent, and

they often maintain their traditional firewall

rules while incorporating application-based

controls over time. But it is generally a

temporary procedure used mainly during

the migration and maturation phase, and

the cohabitation of the two approaches will

probably not exceed the global adhesion to

the complete content security concept, no

matter how security gateways are named or

will be named, says Bashaireh.

Is NGFW superior to UTMs? Malecki

says UTM and NGFW are two different

approaches even though they are very

similar. We can qualify the UTM concept

as the predecessor of NGFW with various

security services being available from

the same platform. While NGFW will be

deployed in data centre to deliver high

performance of deep packet inspection and

application firewalling, UTM is typically

deployed at a small office or branch office

level to include security services such as

anti-spam, content filtering, etc, he says.

Bashaireh adds a different perspective:

Next-Generation Firewall is a subset of the

existing UTM market, or even the evolution

of the firewall market. For a simple high level

view of a rapidly changing industry, namely

speaking gateway security appliances,

next -generation firewalls that are IPS and

application aware are encompassed by UTM.

Next-Generation Firewalls are generally

described as firewalls that tightly integrate

Intrusion Prevention Systems (IPS), as

well as provide Application Control and

Virtual Private Networks (VPN) capabilities.

However, the majority of these next-

generation firewalls are limited in their

capacity, he adds.

While the NGFW wave is at least three

years old, Gartner acknowledges that actual

use is still very low today, even less than

1%. Looking ahead, Gartner optimistically

predicts NGFW adoption will grow to 35%

by 2014.

As vendors continue to evolve their

NGFW offerings, it should ideally become

your primary firewall.

Is there a NGFW in your future?NWME in association with Palo Alto did an editorial survey of 200 IT decision makers to gaugethe adoption levels of NGFW. Key findings:

wic statmnt bst rlcts your oinion o

Nxt-Gnration firalls?

wat do you xct i you ant to ma a

transition rom traditional irall to a Nxt-Gn

firall?

Do you tin a Nxt-Gn firall it

consolidatd scurity unctions suc as IpS or

anti-malar iltring, can b cost ctiv ovr

buying sarat quimnt or sarat scurity

unctions?

Every vendor claims they have one, and now I am

totally confused because they all sound the same

My current firewall is worthless, so I am anxious to

make that transition

The value proposition is clear - visibility and control

of all applications, users and content

What is the Next Generation Firewall?

Application awareness capability

Integrated intrusion prevention system

Opportunity to see network activity and

bandwidth consumption

All of the above

No, I am not comfortable with the idea of wholly

one-vendor, one device-approach

Yes, as it simplifies management and operations

20%

36%

41% 3%

4.5%

3%5%

87.5%

84%

16%

Florian Malecki, EMEA Senior Product Marketing Manager, SonicWALL

Nicolai Solling, Director of Technology Services, help AG Middle East

IN ASSOCIATION WITH

feature |NGFW



We fnd the best solutions globallyto help you locally

FVC delivers the technologies to free your business

Technology overload, marketing hype, business demands. Its hard to balance whats possible

against whats essential. We believe your priority should be implementing transormative

products and technologies that impact your business at once - rom telepresence tonetwork trafc management, security to WAN optimisation. And weve wide experience o

implementation and training across the region. Let us be your partner o choice or tomorrow.


26/52

Why SIEM is moreimportant than everIT environments are growing ever more distributed, complex and difficult tomanage, making the role of security information and event management (SIEM)technology more important than ever. Heres why.

Compliance: Almost every

business is bound by some sort

of regulation, such as PCI-DSS,

HIPAA and Sarbanes-Oxley (SOX).

Attaining and maintaining compliance

with these regulations is a daunting

task. SIEM technologies can address

compliance requirements both directlyand indirectly.

Virtually every regulatory mandate

requires some form of log management to

maintain an audit trail of activity. SIEMs

provide a mechanism to rapidly and easily

deploy a log collection infrastructure that

directly supports this requirement, and

allows both instant access to recent log

data, as well as archival and retrieval of

older log data. Alerting and correlation

capabilities also satisfy routine log data

review requirements, an otherwise

tedious and daunting task when done

manually.

In addition, SIEM reporting capabilities

provide audit support to verify that

certain requirements are being met. Most

SIEM vendors supply packaged reports

that directly map to specific compliance

regulations. These can be run with

minimal configuration, and will aggregate

and generate reports from across the

enterprise to meet audit requirements.

Operations support: The size and

complexity of todays enterprises

is growing exponentially, along

with the number of IT personnel to

support them. Operations are often

split among different groups such as

the Network Operations Centre (NOC),

the Security Operations Centre (SOC),

the server team, desktop team, etc.,

each with their own tools to monitor

and respond to events. This makes

information sharing and collaboration

difficult when problems occur. A SIEM

can pull data from disparate systems

into a single pane of glass, allowing for

efficient cross-team collaboration in

extremely large enterprises.

Zero-day threat detection: New

attack vectors and vulnerabilities are

discovered every day. Firewalls, IDS/IPS

and AV solutions all look for malicious

activity at various points within the

IT infrastructure, from the perimeter

to endpoints. However, many of these

solutions are not equipped to detect zero-

day attacks. A SIEM can detect activity

associated with an attack rather than

the attack itself. For instance, a well-

crafted spear-phishing attack using a

zero-day exploit has a high likelihood of

making it through spam filters, firewalls

and antivirus software, and being opened

26 Network World Middle East September 2011

feature |SIEM

www.networkworldme.com


27/52



by a target user.A SIEM can be configured to detect

activity surrounding such an attack.

For example, a PDF exploit generally

causes the Adobe Reader process to

crash. Shortly thereafter, a new process

will launch that either listens for an

incoming network connection or initiates

an outbound connection to the attacker.

Many SIEMs offer enhanced endpoint

monitoring capabilities that keep track

of processes starting and stopping and

network connections opening and closing.

By correlating process activity and

network connections from host machines

a SIEM can detect attacks, without ever

having to inspect packets or payloads.

While IDS/IPS and AV do what they do

well, a SIEM provides a safety net that can

catch malicious activities that slip through

traditional defenses.

Advanced persistent threats: APTs have

been in the news a lot, with many experts

claiming they were responsible for the

high-profile breaches at RSA, LockheedMartin and others. An APT is generally

defined as a sophisticated attack that

targets a specific piece of data or

infrastructure, using a combination of

attack vectors and methods, simple or

advanced, to elude detection. In response,

many organisations have implemented

a defense in depth strategy around

their critical assets using firewalls and

IDS/IPS at the perimeter, two-factor

authentication, internal firewalls, network

segmentation, HIDS, AV, etc.

All of these devices generate a

huge amount of data, which is difficult

to monitor. A security team cannot

realistically have eight dashboards open

and correlate events among several

components fast enough to keep up with

the packets traversing the network. SIEM

technologies bring all of these controls

together into a single engine, capable

of continuous real-time monitoring and

correlation across the breadth and depth

of the enterprise.

But what if an attack is not detected

by the SIEM? After a host is compromised,

the attacker must still locate the target

data and extract it. Some SIEM correlation

engines are able to monitor for a

threshold of unique values. For example,

a rule that looks for a certain number of

unsuccessful access attempts on port 445

(or ports 137, 138 and 139 if NetBIOS is

used) from the same host within a short

time frame would identify a scan for

shared folders. A similar rule looking for

standard database ports would indicate

a scan for databases listening on the

network.Through the integration of whitelisting

with SIEM, it becomes trivial to identify

which hosts and accounts are attempting

to access data that they shouldnt be

accessing. Meanwhile, implementing File

Integrity Monitoring with a SIEM can

correlate data being accessed with

outbound network traffic from the same

host to detect data leakage. If a FIM event

shows that the critical data was accessed

along with a thumb drive being plugged

into the same host that was accessing the

critical data, an alarm can be generated

to notify security personnel of a potential

breach.

Forensics: A forensics investigation can

be a long, drawn-out process. Not only

must a forensics analyst interpret log data

to determine what actually happened, the

analyst must preserve the data in a way

that makes it admissible in a court of law.

By storing and protecting historical logs,

Virtually every regulatory mandate requires some form

of log management to maintain an audit trail of activity.

SIEMs provide a mechanism to rapidly and easily deploy

a log collection infrastructure that directly supports this

requirement, and allows both instant access to recent log

data, as well as archival and retrieval of older log data.

and providing tools to quickly navigate

and correlate the data, SIEM technologies

allow for rapid, thorough and court-

admissible forensics investigations.

Since log data represents the digital

fingerprints of all activity that occurs

across IT infrastructures, it can be

mined to detect security, operations

and regulatory compliance problems.

Consequently, SIEM technology, with

its ability to automate log monitoring,

correlation, pattern recognition, alerting

and forensic investigations, is emerging

as a central nervous system for gathering

and generating IT intelligence.

feature |SIEM

SenSage unlockSSIeM data

SenSage, which makes securityinformation and event management(SIEM) products, is opening up itsplatform to share data it gathers withbusiness intelligence tools so theycan be used to make better decisions.SenSage is upgrading its software tosupport a variety of APIs including OpenDatabase Connectivity and Java Database

Connectivity as well as open APIs likeSNMP. It also supports some proprietaryAPIs including Check Point SoftwaresLEA. The company has also launchedan online community portal calledOpen Security Intelligence for securitypractitioners to share best practices. Thegoal is to help prevent successful exploitsfrom spreading and to block similarexploits that come along later. SenSageis represented in the Middle East throughthe security solutions provider Nanjgel.


29/52www.networkworldme.com June 2011 Network World Middle East

in association with

StorageAdvisor

MIDDLE EAST

Automating the data store with tiering technology

STACKING YOUR DATA


30/52www.networkworldme.com

Fundamentally, the reason we

even consider tiering is simple:

cost - the opportunity for savings

by placing less valuable information

on lower-cost storage. Tiering means

moving data among various types of

storage media as demand for it rises or

falls. Moving older or less frequently

accessed data to slower, less expensive

storage such as SATA drives or even

tape can reduce hardware costs, while

putting the most frequently accessed

or most important data on faster, more

expensive Fibre Channel drives or

even solid-state drives (SSD) boosts

performance.

Matching the performance needs

and lifecycle requirements of data to the

different types of available storage media

has always been a bit of a headache. The

goal is to make sure that data is on the

right media, at the right time, for the right

cost. The reality, however, is that it can be

difficult to know what type of media will

best address a particular need, and it can

be hard to adjust storage allocation and

data placement as those needs change,

says Martin Molnar, Regional Sales Director

of NetApp.

Administrators and end users often

compromise by choosing faster, more

capable storage than they really need.

As a consequence the fasterand

more expensivestorage tends to be

oversubscribed, and that increases storage

costs and potentially robs performance

from applications that need it. Flash-

memory-based, solid-state drives (SSDs)

and other forms of media have brought

this problem to the fore. Flash-based

media can complete 25 to 100 times

more random read operations per second

than even the fastest rotating media, but

that performance comes at a premium of

15 to 20 times higher cost per gigabyte.

This has created a strong need to reserve

the use of Flash-based media for hot

dataactive data in high demandas a

way to maximise the benefits from those

investments.

Molnar says this is exactly where

automated storage tiering fits in.

Automated storage tiering is intended to

identify and promote hot data to higher-

performance storage media automatically,

while leaving cold data in lower cost

media.

Automated data tiering, automates

not just the movement of data, but

also the task of monitoring how data

is being used and determining which

data should be on which type of storage.

Such automated tiering isnt yet in

the mainstream because few vendors

offer the technology and it hasnt

been proved to work in very high-end,

transaction-intensive envir

Documents

Leechmod.biz Network World Middle East 2011-09S370 T