Embed Size (px)
Citation preview
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
SWITCHPOINT NV/SA Quarterly Experience Day 2016
Fabien Renaud : Presales ExpertRégis Penin : Sales Engineer
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
Company Overview
StrongPartnerships
TechnologyIntegration
USA-Westchester, PA Innovative DDI Software CompanySimplicity - Security - Availability
100+Employees
IDCFastest Growing DDI Company*
*IDC DDI REPORT 2014
HQ - R&DUSA - Westchester, PAEMEA - France, Paris
24x7
Follow-The-Sun Support ServicesAwarded
Technologies
600+ Customers110+ Countries5 Continents
DDI (DNS-DHCP-IPAM)A foundation for reliable, secure and agile Network Infrastructure
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
EfficientIP: Sample of Our Customers
Page 3
TelecommunicationVodafoneColtT MobileSFREasynet KPNTelecom of ThailandQatar TelecomMaskatelVirgin MobileONO
EnergyRepsolEDF GDFSuezAir Liquide
EducationLeeds UniversityHamburg UniversityParis UniversityUtrecht UniversityPais Vasco University
FinancialAllianzZurich Financial ServicesSwiss ReAxa WealthStandard LifeBank of FranceBRED
Electronics-DefensePhilipsNXPNokia Siemens NetworkCassidianEADS Astrium
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
DNS-DHCP-IPAM
Applications & Services
Network
Page 4
Why are Network Services so Critical?
The bridge between users and their applications
Customers Citizens StudentsEmployees
Web Apps.Internet emailVideo
IPV
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
NO DNS = NO BUSINESS
Applications & Services
Web Apps.Internet emailVideo
IPV
Page 5
Why are Network Services so Critical?
If the bridge is down…
Customers Citizens StudentsEmployees
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
Solution Portfolio
Page 6
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
Global visibilityEnd-to-end consistencyManagement automationRole-based delegation
Unified Management Framework “SMART DDI”
Rec
onci
le
Manage
Deploy
Design
DeviceManageme
nt
DDI & VLANManageme
nt
Network Discovery
NetworkConfigurati
on
Solution Portfolio ‘SOLIDserver’ (1)
Page 7
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
IP addressing & VLAN Plan ManagementNetwork Services Engines : DNS-DHCP-NTP-TFTP
DNS Guardian: 100% DNS cache availability under attack *DNS Hybrid Technology: 3 differents DNS Engines on one ApplianceDNS Blast: Absorb up to 17 Million queries per second *
Multi-Vendor DNS&DHCP Services Management *Microsoft – ISC – SOLIDServer™
Device Deployment Management: Device Manager *Network Discovery & Configuration Management: NetChange*
Page 8
Solution Portfolio ‘SOLIDserver’ (2)
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
Automate Deployment and ManagementMulti-vendor DNS-DHCP: Microsoft, ISC, SOLIDserver
Enforce Best PracticesReduce Complexity & TCO
Page 9
A centralized IPAM to manage SmartArchitecture™(Secured, Reliable, Automated)
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016Page 10
Printer
Belgium10.1.0.0 /16
Gand10.1.0.0 /24
de10.2.0.0 /16
fr10.3.0.0 /16
uk10.4.0.0 /16
Bruxelles10.1.1.0 /24
Charleroi10.1.2.0 /23
10.1.4.110.1.4.25
Block
Subnet
Pool
IP address
IP Space: Your Company
Liege10.1.4.0 /24
ToIP
10.1.4.2610.1.4.100
10.1.4.10110.1.4.150
10.1.4.200(server200)
10.1.4.15110.1.4.253
10.1.4.254(Gateway)
Global Consistency and Uniqueness Control within an IP SpaceNo duplicate IP address or subnet overlap
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
IPAM Corner stone of the Global DDI Solution
Page 11
Server
View
Zone
RR
IPAMDNS DHCP
Space
Block
Subnet
Pool
IP address
Server
Group
Staticwith IP
Range
Scope
Lease
Leasegranted
Add subnet
Add IP addres
s
Add CNAME, A,…
records
Add subnet
Add pool
Add IP address
(with MAC)
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016Page 12
Enforcement of Company defined best practices & Conformity Management
Templates of objects: Dedicated forms with specific list of fields (i.e. for printer, server, router)
How to make sure naming convention is respected ?
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
Much more than DDI 360°DNS Security Solution To Protect Your Business
Confidential-Property of EfficientIP - All rights reserved-Copyright © 201614Page 14
DNS Attacks Classification
Direct DoS, Amplification, Reflection attacks
3 Main Types of DNS Attacks
Random QName, Phantom and Sloth attacks...
DNS Tunnelling, poisoning, 0-day
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
Attack Objectives
Page 15
Multiple DNS Targets For Many Objectives
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
Why Are DNS Attacks So Impacting?
Page 16
Traditional Security Solutions Are Not Adapted to Mitigating DNS Attacks
Firewall & Next Generation FirewallAnti-DDoS AppliancesIPSSecure Web Gateway...
A Specialized Layer of Defense Is Required To Protect Users & DNS Services From Hidden Threats
in DNS Traffic
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
EfficientIP DNS Security Vision
Page 17
Protect All DNS Services From All Attack Types
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016Page 18
EfficientIP Security Solution
Strengthen SecurityFoundationBlock 0-Day Vulnerabilities
Enforce Best Practices
Ensure DNS Continuitywith Adaptive Security
Advanced Attack Detection
Graduated Countermeasures
Secure Public DNS AvailabilityResiliency & Robustness
Absorb Extreme DoS Attacks on Cache Servers
Cache Security & Performance
Protect Users & Block DNS-Based Malware ActivityPrevent, Detect & Mitigate
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015
SOLIDserver DNS
Page 19
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
Hardened ApplianceEnforce DNS Security Best Practices
SmartArchitecture Templates: Stealth DNS, Master-Slave, Multi-master
Block Zero-Day Vulnerabilities: Hybrid DNS EnginesThree DNS Engines transparently Managed as a single entity
Mitigate Amplification & Reflection ThreatResponse Rate Limiting (RRL)
Ensure Data Integrity & AuthenticityDNSSEC Automation: “One Click” Deployment
Page 20
SOLIDserver DNS
IT Night WINNERBest Security Product 2014Most Innovative Security Solution
SOLIDserver Security FoundationPUBLIC & PRIVATE
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015
DNS Cloud
Page 21
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
Amazon Route53 Integration
Advanced Protection For DDoS & 0-Day52 DNS Spots – Hybrid DNS engine
High-Availability & PerformanceAnycast resiliency – Ultra Low Latency
Simple & FlexibleDeployment –Management – Reversibility
Cost-Effective
Page 22
DNS Services In the CloudPUBLIC
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015
DNS Firewall
Page 23
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
DNS Firewall
Page 24
PROTECT AGAINST MALWARE AND PHISHING WITH RESPONSE POLICY ZONEPRIVATE DNS SERVICES
Prevent Initial InfectionBlock malicious sites
Detect and Block Malware Activity
Users & Applications, CnC Communications
Mitigate Data ExfiltrationLocate Infected Devices to Remediate
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015
DNS Guardian
Page 25
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015
DNS Guardian
Page 26
Inside DNS Transaction Analysis For Accurate Attack Detection
Global & Per IP Statistics (cache & recursive)
Volumetric, Stealth & Exploit Attacks Detection
Tunnelling, RQName attacks, phantom attacks, anomalies
Graduated Protection With Smart Countermeasures
Block source IPs of the attacksQuarantine suspected source IPs of attacksPatented Rescue Mode: Ensure service continuity even if the attack source is unidentifiable.
ADAPTIVE DNS SECURITYPRIVATE DNS SERVICES
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015
Comprehensive DNS Security Solution
Page 27
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015
DNS Blast: Cache Security & Performance
Page 28
Absorbs DoS Attacks on DNS Cache & Eliminates Risks of Blocking Legitimate Clients
World’s Fastest DNS Caching Server with 17 million qpsHigh Performance of ACL, RPZ & DNSSEC
Ensures Unparalleled High-Availability with Anycast ResilienceDecreases Costs & Network Complexity
No need to pile up DNS servers and expensive load-balancersImproved User Experience with Ultra Low Latency
Unequalled Cache Hit Rate (CHR) with Multicast Cache SharingPersistent Cache (Restart & Restore)
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015
DNS Security Performance & Intelligence
Page 29
Complete Coverage of DNS ServicesPublic & Private
Comprehensive Attack Type Detection
Volumetric, Stealth & Exploit Attacks
Smart & Adaptive Threat ProtectionBlock, Quarantine & Rescue Modes
Simple to Deploy & MaintainCost Effective
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
Thank you for your attention!
Page 30
