FIREEYE NX IN LINE SOLUTION Dennis Carpio Sr

  • Slides: 11
Download presentation
FIREEYE NX IN LINE SOLUTION Dennis Carpio Sr. Director Business Development Xceed Technology Partners

FIREEYE NX IN LINE SOLUTION Dennis Carpio Sr. Director Business Development Xceed Technology Partners © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | 1

XCEED TECHNOLOGY PARTNER Ixia and Fire. Eye: A Winning Combination • Strategic partner since

XCEED TECHNOLOGY PARTNER Ixia and Fire. Eye: A Winning Combination • Strategic partner since 2011 • Only OEM vendor to provide Bypass products on Fire. Eye pricelist • Ixia helps Fire. Eye get deployed In-line • Ixia products in Fire. Eye labs to showcase joint solution (vice versa) • Momentum Sponsor since inaugural event (5 years) • Executive alignment within cross-functional teams © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | 2

JOINT PARTNERSHIP VALUE Fire. Eye uses Ixia to get In-Line Challenge • Fire. Eye

JOINT PARTNERSHIP VALUE Fire. Eye uses Ixia to get In-Line Challenge • Fire. Eye provides an advanced threat prevention solution (NX appliance) that is most effective when deployed in-line (as opposed to out-of-band) • Out-of-band monitoring allows you to detect threats, but In-Line monitoring allows you to both detect and prevent • Many customers are hesitant to deploy security tools in-line because they are a single point of failure that can bring the network down Solution • Ixia’s Bypass Switches solve this because they are fail-safe active Taps that can be used for both in-line and out-of-band deployments • It is best for Fire. Eye to start a POC out-of-band with a Bypass, and when the customer is ready, use the Bypass to instantly go in-line at the "flip of a switch” • Every Fire. Eye NX appliance should be bundled with an Ixia Bypass solution to give customers the network uptime reliability they require © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | 3

Inbound traffic Outbound traffic INLINE ON DEMAND Heartbeat packet Bidirectional traffic Unidirectional traffic In-Line

Inbound traffic Outbound traffic INLINE ON DEMAND Heartbeat packet Bidirectional traffic Unidirectional traffic In-Line Mode TAP (Span) Mode • • • Passive out-of-band monitoring Bypass Switch acts like a Network Tap Full-duplex traffic on two separate ports (1 & 2) No heartbeat packet NX will be in receive (passive) mode only Active in-line monitoring Bypass Switch acts like a fail-open device Full-duplex traffic on both ports (1 & 2) Heartbeat packet transmitted NX will be in transmit and receive mode “Flip the Switch” • Gets Fire. Eye NX in-line quickly • No added network downtime • Bundle a Bypass with every NX Port 1 Port 2 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | Port 1 4 Port 2

INTEGRATED CONFIGURATION • • Easily deploy Fire. Eye NX appliances • Fire. Eye specific

INTEGRATED CONFIGURATION • • Easily deploy Fire. Eye NX appliances • Fire. Eye specific ’heartbeat’ configuration • Loads directly from a pull-down menu • Available on Bypass and Packet Broker Customer Benefits • Security without the added risk of downtime • Easy on-demand control of in-line vs out-ofband • Enforce mitigation capabilities only when needed © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | 5

SCALABLE SECURITY ARCHITECTURE Fire. Eye Value Proposition Joint Solution Overview ● Ixia AFO helps

SCALABLE SECURITY ARCHITECTURE Fire. Eye Value Proposition Joint Solution Overview ● Ixia AFO helps Fire. Eye get In Line on demand ● Ixia’s Packet Broker drops zero packets to enable the most effective security inspection ● Use Ixia platform to scale Fire. Eye NX capacity to over 40 G, and upsell FX and PX appliances Ixia OEM’s its Bypass Switch as the Fire. Eye AFO solution that enables active in-line security monitoring. Combining it with Ixia’s NPB (Network Packet Broker) solution, customers can aggregate, filter, and load balance traffic to multiple Fire. Eye NX appliances for scalability. This allows our joint customers to achieve the highest levels of security inspection. Ixia Key Features ● Session-based load balancing – keeps flows intact to the same NX appliance Fire. Eye AFO ● Heartbeat health check – ensures maximum network uptime ● HA Active/Active – provides network redundancy at the highest level Ixia NPB Fire. Eye FX © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | 6 Fire. Eye NX Appliances (Load balanced) Fire. Eye PX

Requirements CASE STUDY Financial Organization High Availability & Aggregation Support Multi 10 G Architecture

Requirements CASE STUDY Financial Organization High Availability & Aggregation Support Multi 10 G Architecture w/Asymmetric Traffic The Result: § Throughput support of over 20 G across multiple NXs § Minimized Failure scenarios using heartbeat technology NPB Fire. Eye NX § Rollout across all of their 7 major data centers Why Ixia: ü Only solution to offer multi layered redundancy ü Meet reliability requirements with improved SLA Highly Redundant Architecture Prevent Service Disruption to Existing Resources What We Tested NPM Products Used Storage The Results • Active Fail-open • 10 G AFO • Support up to 4 NXs • Aggregation/Load Balancing • Ixia x. Stream 10 • HA Active/Standby for Improved SLA • Filtering & Re-direction • Fire. Eye NX • Increased Network Availability

Requirements CASE STUDY Large Retailer in US Multi-Vendor High Availability The Result: § Throughput

Requirements CASE STUDY Large Retailer in US Multi-Vendor High Availability The Result: § Throughput support of over 10 G across multiple NXs Support Multi 10 G At Line Rate HA Required To Protect 24 x 7 Ecommerce App Threat Prevention Needed on both HTTP and SSL Traffic NPB § Achieved network availability metrics for Ecommerce site § Maximized protection without sacrificing performance Why Ixia: ü In-Line Load Balancing for multiple appliances ü Filtering to separate SSL and non-encrypted traffic SSL Decryption Fire. Eye NX What We Tested IDS SSL Decryption Products Used Fire. Eye NX IDS The Results • Active Fail-open • 10 G AFO • Support up to 2 NXs • Aggregation/Load Balancing • Ixia x. Stream 10 • HA Active/Standby for Improved SLA • Filtering & Re-direction • Fire. Eye NX • Increased Network Availability

Requirements CASE STUDY US Government Agency High Availability & Redundancy System Redundancy To Eliminate

Requirements CASE STUDY US Government Agency High Availability & Redundancy System Redundancy To Eliminate Single Point of Failure NPB Fire. Eye NX § Eliminated points of failure with highly redundant architecture Why Ixia: ü Only solution to offer Bypass with dual output paths ü Meet reliability requirements with HA architecture Eliminate Downtimes To Increase Detection Rates Asymmetric Traffic The Result: § Multi-tiered heartbeat technology provided reliability across all layers § Achieved Five 9’s reliability with Dual Bypass capbilities Highly Availability Architecture That Provides Reliable Crossover What We Tested Products Used The Results • Active Fail-open • 1 G Bypass HD • Support up to 2 NXs • Aggregation/Load Balancing • Ixia x. Stream 10 • HA Active/Standby • Fire. Eye NX • Increased Network Availability • Filtering & Re-direction

THE IXIA + FIREEYE DIFFERENCE Xceed Technology Partners Combine to Deliver Complete Solution COMPREHENSIVE

THE IXIA + FIREEYE DIFFERENCE Xceed Technology Partners Combine to Deliver Complete Solution COMPREHENSIVE SOLUTIONS INNOVATIVE TECHNOLOGY GLOBAL PARTNERS PROFESSIONAL SUPPORT Making Your Network & Next Generation Extensive Ensure Successful Applications Threat Prevention Partner Base Deployment and Secure, Fast and Reliable with Maximum Network Worldwide Operations 24/7 Performance © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | 10

Ixia Xceed Technology Partners Dennis Carpio dcarpio@ixiacom. com Fire. Eye © 2016 IXIA AND/OR

Ixia Xceed Technology Partners Dennis Carpio dcarpio@ixiacom. com Fire. Eye © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | 11 Cyber Security Coalition Ruby Sharma ruby. sharma@fireeye. com