VIEWS: 22 PAGES: 4 CATEGORY: Enteprise POSTED ON: 4/5/2012
Gartner is introduced to deal with the current and next generation network security threats that firewall must once again to upgrade to a" next generation firewall". An example, first generation firewall has been basically cannot detect the zombie network as transmission method of threat (see" case study: computer early detection function is zombie network client threat ."). Due to the current used is based on service-oriented architecture and Web2.0popularization, more communication amount just by a few ports ( such as: HTTP and HTTPS ) and the use of a limited number of protocol, which means based on port / protocol security policy relevance and efficiency are becoming more and more low. Deep packet inspection intrusion prevention system ( IPS ) according to the known attacks on the operating system and leakage deployed patch software inspections, but not effective recognition and prevent the application of abuse, not to mention the application specific characteristic protection.
Intrusion Prevention Systems See What You’re Missing & Save Like most enterprises, you will probably increase spending on network security this year. You are responsible for that spend, but unfortunately, you may not get what you’re paying for. For the last decade, every network security vendor has told you that if you buy more appliances, you’ll be more secure. Every year, that hasn’t been true. And every year, you’ve been paying more. Intrusion prevention is a great example of this. Intrusion prevention systems (IPS) are necessary, but have become more and more expensive while being less and less effective in today’s environments. Lacking any and all ability to see and control applications, which today, are the major threat vector, and typically the target for exploits. They are also completely unable to protect organizations against threats in SSL-encrypted traffic. Changing the network security game in your company. Recently, Gartner has gone on record recommending that enterprises move away from stand-alone IPS to next-generation firewalls at their earliest refresh opportunity. Now, you might ask yourself, “isn’t this just more stuff to put into my network?” The short answer is no. One of the benefits of next-generation firewalls is the simplification of your network security infrastructure. More on that in a minute. The key benefit to next- generation firewall is the ability to control traffic not just by ports, protocols, and IP addresses, but also by applications, users, and content. This completely changes the network security game, enabling functions like intrusion prevention to be performed much more effectively – firstly, by controlling applications, and then by enabling intrusion prevention scanning on allowed application traffic – even if the content is SSL-encrypted or compressed. Page 1 Compare your stand-alone IPS costs to next-generation firewall costs and you’ll see regardless of whether its data centre, gateway, regional or branch office requirement you can significantly decrease the cost of intrusion prevention, by as much as 86% per network segment protected. You size IPS appliances in two ways: throughput and ports (number of segments protected). In simpler networks, throughput is the only concern, and sizing is easy. In more complex networks, you must consider the number of network segments as well – often forcing you to buy a more powerful box than you actually need in order to get the number of ports required for the deployment. In both comparisons, not only do Palo Alto Networks next-generation firewalls offer superior functionality (see and control applications, protect against threats in SSL- encrypted traffic), but significantly lower costs. Here are some specific examples comparing Palo Alto Networks next-generation firewalls with stand-alone IPS products from 3Com/TippingPoint (HP) and IBM/ISS: Regional or branch office deployment: save 24-60% Typical regional or branch office deployments might require between 400 and 600 Mbps of IPS throughput, and depending on the complexity of the network, adequate ports to protect anywhere from 3-10 segments. For a regional or branch office deployment, we often recommend a Palo Alto Networks PA-2050, which protects 10 segments with 500Mbps of threat prevention throughput. Page 2 Internet gateway deployment: save 43-53% Common enterprise Internet gateway deployments might need 2 Gbps of throughput, and enough ports to protect 6 or more network segments. We often recommend the Palo Alto PA-4020 for these deployments, which can handle 2 Gbps of traffic across 12 network segments (24 ports). Examining comparable stand-alone IPS products, the Palo Alto save 43- 53% per Mbps of throughput, and 65-84% per protected segment. Data center deployment: save 54-64% For a data centre or internal firewall deployment, intrusion prevention needs lots of throughput (up to 5 Gbps), but the number of segments needing protection varies widely (as few as 4, as many as 12) depending on regulatory concerns and the infrastructure design. The Palo Alto Networks, Next Generation Security Appliance is designed for this environment, and can save you 54-64% per Mbps, and 67-86% per protected segment. Not included in the above comparisons is the extra protection from being able to see and control which applications run on the network, and the ability to protect against threats in SSL-encrypted and compressed content. Those cost savings are impossible to calculate, but given that many threat-bearing applications (e.g., Gmail) now SSL-encrypt by default, these features are more critical than ever. Page 3 Save even more money Many organizations have significantly simplified their security infrastructure with next- generation firewalls. You can also realise significant additional savings by consolidating other network security functions later (typically resulting in 40-60% savings of both capital expenditures and hard operations costs for network security). Next-generation firewalls provide next-generation protection How is this possible? Recognising and controlling applications, users, and content, regardless of port, protocol, SSL encryption, or compression requires substantial changes in both hardware and software – necessitating a clean slate approach, and our single-pass, parallel processing architecture does this. It also required us to build a world-class research center – one that’s been credited with discovering more Microsoft vulnerabilities in the last 6 months than any other IPS vendor’s internal team. So not only can you take advantage of game changing infrastructure, but benefit from superior research and support, you can introduce this critical, innovative technology into your company and save money in the process. Please call Varidion today on +44 1372 233 333 to discuss how we can help you see what your missing. www.varidion.com Page 4
Pages to are hidden for
"Intrusion Prevention Systems See What You're Missing _ Save"Please download to view full document