Published by
Adding Value to Technology
Redefine the rules
Issue 01 | July 2014
Transforming business operations to revolutionize the IT space
contents from the MANAGEMENT Welcome to the first edition of Channel Advisor, a quarterly publication aimed at bringing first-hand information on trends and emerging technologies from our vendor community, to encourage and empower our partners. We hope to build this publication to be an open communication platform so that everyone is on the same page and can work together to grow profitably. At the end of October 2013, Arrow Electronics announced that the company had completed its acquisition of Computerlinks. We are looking forward to formally announcing the rebrand at GITEX this year. Arrow offers end-to-end IT infrastructure solutions including data storage, servers, enterprise software, security, unified communications and virtualization, while addressing emerging areas such as social, mobility, analytics/Big Data and cloud. Besides the rebrand, the industry can expect some other exciting news from us as well. So stay tuned with us to know more. With change being the only constant, we urge our partners to optimize these platforms to be the first movers into emerging opportunities. At Arrow, we believe in serving you as a true value-added distributor. This means extending support to our partners in every way to enable them to seize these opportunities. We wish you all a prosperous summer ahead and look forward to working with you in the coming months. - Arrow Management Team
04
10
16
26
04 EMC: Winning with storage 07 RSA: One step ahead 10 Infoblox: Securing your DNS 13 F5: On cloud nine 16 Gigamon: Boosting security 19 VCE: Innovate to grow 22 Websense: Building defenses 23 Extreme Networks: Enabling Software-Defined Networking 26 Trend Micro: Raising the bar
www.arrowecs.ae
July 2014 | Channel Advisor
3
insight | EMC
Winning with storage EMC discusses the questions enterprise buyers should ask their vendors to achieve a successful Virtual Desktop Infrastructure deployment.
4
Channel Advisor | July 2014
www.arrowecs.ae
Does it offer the best user experience? Virtual desktops (and their applications) running in aggregate will generate massive I/O traffic to the storage system. Today’s end-users, conditioned to using flash-based devices such as smartphones, tablets, and ultrabooks, expect rapid application response times. To deliver this, the storage solution must be able to consistently deliver sub-millisecond response times. XtremIO provides
effectively support small-scale VDI deployments and only with a nonpersistent, linked clone model. XtremIO delivers unmatched scalability to any number of desktops, as well as any desired combination of linked clone and full clone virtual desktops. Does it offer a compelling $/ desktop? Storage is one of the most expensive components of a VDI deployment. Inline deduplication is critical to reducing the storage footprint of the virtual desktop images. When VDI is deployed on XtremIO flash storage, inline deduplication drives down the cost per desktop dramatically. Deduplication also makes persistent desktop full clones, which are highly desired by knowledge workers and executives, economically feasible even at large scale. With XtremIO, the all-flash user experience doesn’t cost more – it’s surprisingly attractive even when compared to traditional disk-based solutions.
an unparalleled user experience where every aspect of the virtual desktop runs faster – booting, login, file searching, application launches, email and more. XtremIO does not recommend any changes to the desktop image in order to reduce I/O load. For a state of the art VDI deployment, the storage solution must deliver 100/IOPS per desktop or more. How flexible is the deployment model? Many storage solutions only
Does it offer administrative flexibility? Data Center administrators need to manage thousands of desktops. Hence it is critical that day-today tasks such as provisioning desktops, applying patches, upgrading applications and OS versions, and reverting desktops back to their native state be as fast and as simple as possible. XtremIO is fully integrated with VMware’s VAAI storage APIs and in conjunction with XtremIO’s inline deduplication, standard administrative operations are reduced from days to minutes. And administrative tasks can be performed while desktops are in service, without the need for
XtremIO is fully integrated with VMware’s VAAI storage APIs, and in conjunction with XtremIO’s inline deduplication, standard administrative operations are reduced from days to minutes. maintenance windows or downtime. Does it scale from pilot to production? When VDI pilots fail to scale to production, it is often due to storage system limitations. Many storage systems that appear to suffice during a pilot result in unacceptable desktop performance when hundreds or thousands of production desktops are rolled out. XtremIO is delivers consistent and linear performance whether it’s a single X-Brick or a scale-out cluster supporting tens of thousands of desktops, ensuring that any desired number of desktops and any desired level of desktop performance is reached and maintained. Is it a platform or a point solution? VDI servers should be dedicated to VDI workloads for the best user experience. Inserting storage optimization solutions in servers steals CPU resources away from desktops and lowers the number of desktops that can be hosted per server. Host-based solutions have recurring license costs and are inefficient since they can only cache or deduplicate data within each server, and not across all servers. XtremIO is SAN attached, requires zero touch to the hypervisor and server, and can very efficiently deduplicate desktop images provisioned across the entire
www.arrowecs.ae
VDI environment. As a storage platform, XtremIO need not be dedicated for VDI. The storage system can be leveraged across many different applications in the data center. Will it support future requirements? Applications and operating systems are becoming more I/O intensive over time. Storage systems must have adequate performance for today, and performance headroom for the future. XtremIO’s scale-out design ensures that desktop performance will always meet end-user demands since additional performance for new as well as existing desktops can be added by scaling out the storage cluster. Does it reduce other costs? XtremIO storage helps reduce server and networking costs too. By allowing idle desktops to suspend and resume on demand, server and networking resources need only be sized for the number of active desktops, rather than having idle desktops remain running. And XtremIO’s massive performance headroom and low-latency response allows administrators to assign less RAM per desktop without worrying about degraded performance from disk paging operations. This allows more desktops to be consolidated per server.
July 2014 | Channel Advisor
5
RSA | insight
analyzes large amounts of data from multiple sources. It evaluates online activity for more than 150 indicators of actual or potential fraud in real time, and assigns a unique risk score between 0 and 1,000 to each activity. Factors include user behavior, authentication and transaction activity, device and access context and more. It employs both a self-learning statistical model to maintain currency and accuracy of assessment. When combined with a policy manager that enables organizations to define their own risk management criteria, the RSA Risk Engine provides a layered approach to automating assessment of the integrity of observed access attempt and transaction behavior. This risk assessment serves as the basis for allowing transparent authentication, allowing the majority of transactions to pass unhindered, and identifying only the most risky transactions or activity for additional authentication. This capability is directly consumed in RSA anti-fraud and authentication technologies to manage online activity and dynamically protect access to reduce risk and identify new fraud trends as they develop.
One step ahead RSA’s Identity Protection and Verification Suite counters fraud by integrating intelligence directly into real-time defense.
With its long history in fraud defense, the RSA Identity Protection and Verification Suite counters the evolution of fraud with a comprehensive set of capabilities that herald a growing trend of intelligence integrated with tactics for confronting the fraud industry. Testifying to these capabilities are RSA’s accomplishments in defeating fraud. According to the RSA Anti-Fraud Command Center, RSA has shut down more than 550,000 phishing attacks and
more than 100,000 Trojan attacks in 185 countries over the past seven years. As this capability has grown in response to the growth of fraud as an industry, it has led to the development of a coordinated set of capabilities required to counteract well-organized threats to valuable assets. INTEGRATING REAL-TIME INTELLIGENCE WITH ANTIFRAUD TECHNOLOGIES RSA’s fraud intelligence capabilities do more than inform
customers of fraud activity. Today’s emerging anti-fraud technologies also integrate intelligence directly into real-time defense. The RSA Risk Engine offers a significant example of this capability. Central to a number of RSA technologies for defeating fraud, protecting identity and verifying transactions, the Risk Engine detects online activity, analyzes it for evidence of potentially fraudulent or malicious behavior, and scores this activity in real time. The RE collects and
www.arrowecs.ae
BEFORE ANY TRANSACTION: RSA IDENTITY VERIFICATION Before any entity can be trusted with valuable assets, its identity and authorization must be verified. Criminals often seek to exploit weaknesses in proving identity in order to masquerade as legitimate parties or to gain unauthorized access to assets. It is thus an important first step, before establishing any relationship between individuals or organizations and their assets, to assure high confidence in the identity of asset owners and
July 2014 | Channel Advisor
7
insight | RSA
custodians. This assurance depends on intelligence-based distinction of those who are who they claim to be from those who are not. RSA Identity Verification offers a consumer service that confirms a user’s identity in real time. It incorporates dynamic knowledge-based authentication that presents users with a series of questions that are formed based on information accessible from dozens of public and commercially available sources. This capability can deliver a high-confidence confirmation of identity within seconds, even if no prior relationship has been established with the user. The solution exemplifies techniques that directly integrate intelligence with strengthening fraud prevention in real time. It can, for example, determine that the potential for fraud may be increased based on identity fraud alert monitoring, checks of recent public records searches, source IP flagging, ‘identity velocity’ checks for high volumes of activity associated with one individual at several businesses, or ‘IP velocity’ indicators of multiple authentication requests generated from a single IP address. Risks detected from these sources are computed in an identity risk score that helps quantify the risk associated with an identity and automates response accordingly. When these factors are detected, RSA Identity Verification can dynamically increase question difficulty to limit the probability that the entity seeking to establish identity is not who it claims to be. ASSURING CONFIDENCE IN ACCESS: RSA ADAPTIVE AUTHENTICATION Once identity is established, protection depends on assuring that fraudulent attempts to access
8
Channel Advisor | July 2014
valuable assets are prevented, and that legitimate access is limited only to those authorized. As attackers have increased their ability to capture login credentials and exploit many common authentication techniques, organizations must consider the ways in which today’s fraud countermeasures can better defend against authentication exploit. RSA Adaptive Authentication responds to these concerns with a dynamic approach that measures fraud risk when and where access is attempted, and adjusts the rigor of authentication accordingly. Its risk-based authentication technology is informed by the RSA eFraudNetwork and powered by the RSA Risk Engine. Currently in use by more than 8,000 organizations in multiple industries, RSA Adaptive Authentication supports strong, multi-factor authentication using a combination of forensic data regarding the endpoint device and behavioral analysis in addition to the intelligence of the RSA eFraudNetwork. It often functions transparently to users, who may be unaware of its activity. This reduces the friction of adopting stronger authentication techniques, preserving customer convenience as well as enhancing confidence in defense against more advanced fraud tactics. For instance, in most implementations, over 95% of customer logins are not “challenged” by Adaptive Authentication. The RSA Policy Manager enables organizations to customize authentication policies to meet their specific needs. Together, a dynamic, intelligence-driven approach combined with granular control over policy definition provides organizations with a high degree of flexibility in advanced
www.arrowecs.ae
authentication technology. This flexibility is further supported by the availability of RSA Adaptive Authentication in both Software-as-a-Service (SaaS) and on-premises models, giving organizations the options they need to match needed control with attractive options for administration and support. RSA Adaptive Authentication protects websites, portals, SSL VPNs and Web Access Management (WAM) applications. In addition, RSA Adaptive Authentication for eCommerce offers a single fraud prevention solution for card issuers, with support for the 3D Secure protocol and a wide range of authentication and card security products including Verified by Visa, MasterCard SecureCode and JCB J/Secure. AFTER ACCESS IS GAINED: RSA TRANSACTION PROTECTION Strengthening authentication alone, however, may not always defend assets against fraud. Consider, for example, the class of attacks known as “man-inthe-browser” that echo earlier ‘man-in-the-middle’ tactics of intercepting communications for eavesdropping, picking up sensitive information, and other nefarious purposes – except that ‘man-in-the-browser’ attacks can do all this on a compromised personal endpoint system alone. When a criminal has direct access to an individual’s sensitive communications with financial systems, visibility into transaction anomalies is required to distinguish legitimate activity from fraud. This is in keeping with the Federal Financial Institutions Examinations Council (FFIEC) guidance to adopt a layered approach to security. When intelligence includes visibility into
transactions, it helps to eliminate what may otherwise be a blind spot in fraud prevention. RSA Transaction Protection combines risk-based analysis of transaction behavior and Trojan detection capabilities with out-ofband authentication techniques. This layered approach enables organizations to increase the level of authentication needed when fraud risk is detected. Multiple transaction types can be protected, from bill payments to address changes to password resets. When RSA Transaction Protection suspects a Trojan or other threat creating a fraudulent transaction to a “mule” account, out-of-band authentication with specific transaction verification through the phone, email or SMS channel can be deployed automatically to thwart the attempt and prevent damage. Call forwarding detection can also be activated to prevent criminals who attempt to intercept the challenge call by forwarding the genuine user’s phone number to their own. RSA FraudAction Service The RSA FraudAction Service offers a set of managed services that provide organizations with the ability to help prevent fraud threats from reaching their targets. This service provides round-the-clock detection, alerting, shutdown and reporting on fraud activity. RSA FraudAction also provides forensic capabilities, countermeasures, and comprehensive blocking of access to known infection points. Analysts at the RSA Anti-Fraud Command Center provide these services to protect organizations against phishing, pharming and Trojan attacks, and to supplement anti-fraud strategies with focused expertise in the field.
RSA® FRAUDACTION™ SERVICES
First Line of Defense against Online Threats
Why RSA FraudAction Services?
The online channel has never experienced such an innovative, globally-integrated crime network as the one it faces today. Criminals have the most advanced technologies at their disposal and operate a sophisticated underground economy. Phishing continues to grow with tens of thousands of unique phishing attacks targeting organizations of all types and sizes. Trojans are also becoming increasingly popular as sophisticated malware is becoming easily available for purchase in the underground. And mobile apps are the new threat vector. RSA’s FraudAction managed services provide strategies to reduce financial and nonfinancial losses due to online fraud and enable organizations to minimize resource investment while deploying a solution very quickly. RSA FraudAction Services include: – – – –
Anti-Phishing Service Anti-Trojan Service Anti Rogue App Service FraudAction Intelligence Service
Call Today +971 55 597 2794 / Email: esma@computerlinks.ae • Promotion is valid from today till end of 2014.
opinion | infoblox
Securing your DNS Chris Marrison, EMEA Technical Director, Infoblox, explains how enterprise Domain Name System (DNS) can be protected from DDoS.
10
Channel Advisor | July 2014
www.arrowecs.ae
According to a recent report on infrastructure security, the number of Distributed Denial of Service (DDoS) attacks on enterprise Domain Name System (DNS) servers is on the rise but, despite this, many businesses aren’t taking the steps necessary to protect this vital part of their IT infrastructure. Indeed, while an
increasing number of companies experienced customer-impacting DDoS attacks on their DNS servers last year, few businesses admitted to taking formal responsibility for DNS security somewhere within their organization. It’s clear then that DNS-based DDoS attacks are a growing threat, and one that’s being neglected by businesses when DNS security should really be seen as a priority because of the increasing risks. But how exactly do these attacks work? And what can businesses do to protect against them? Massive attack It’s surprisingly simple to generate DDoS attacks using an enterprise’s DNS infrastructure. Rather than using their own IP address, attackers send queries to name servers across the internet from a spoofed IP address of their target, and the name servers, in turn, then send back responses. If these responses were around the same size as the queries themselves, this course of action in itself wouldn’t be sufficient to wreak the desired havoc on the target. What’s required is amplification of each of these queries so that they generate a very large response which, since the adoption of DNS security extensions (DNSSEC) and their inherent cryptographic keys and digital signatures, has become increasingly more common. A query of just 44 bytes, for example, sent from a spoofed IP address to a domain that contains DNSSEC records, could return a response of over 4,000 bytes. With a 1Mbps internet connection, an attacker could send in the region of 2,840 44-byte queries per second which would result in replies to the magnitude of 93Mbps being returned to the
target server. And, by using a botnet of thousands of computers, the attacker could quickly recruit 10 fellow comrades and deliver 1Gbps of replies to begin incapacitating their target. Most name servers can be modified to recognise that they’re repeatedly being queried for the same data from the same IP address. Open recursive servers however, of which there are estimated to be around 33 million around the world, will accept the same query from the same spoofed IP address again and again, each time sending back responses such as the DNSSEC examples mentioned above. Recognition and prevention So what steps can companies take to combat such attacks? Perhaps most important is learning to recognise when an attack is taking place. Many organizations don’t know what their query load is, so aren’t even aware of when they’re under attack. By using the statistics support built into the DNS software BIND, administrators can analyse their data for query rates, socket errors and other attack indicators. Even if it’s not clear exactly what an attack looks like, monitoring DNS statistics will establish a baseline from which trends and anomalies can quickly be identified. An organization’s internetfacing infrastructure should also be scrutinised for single points of failure not only in external authoritative name servers, but also in switch and router interactions, firewalls, and connections to the Internet. Once identified, the business should then consider whether these vulnerabilities can be effectively eliminated. External authoritative name servers should be broadly geographically distributed
DNS Attacks and exploits have increased exponentially in the past 18 months. Game Over Zeus and Crypto-locker are examples of Botnet based exploits that use DNS infrastructure to hijack financial transactions and lock out customers of their data by secretly encrypting it and holding the data owners hostage. Infoblox is working with various key industries to help secure their information infrastructures. Cherif Sleiman, Regional Director, Middle East, Infoblox
wherever possible which will not only help to avoid single points of failure, but will also provide the added advantage of improving response time performance for their closest customers. And, in the face of the huge number of responses resulting from a DDoS attack, it’s worth considering overproviding existing infrastructure, a process that is both inexpensive and easy to trial prior to an incident. Cloud-based DNS providers run name servers of their own in data centres around the world. These can be configured as secondaries for an organization’s own, with data loaded from a master name server designated and managed in-house. It’s worth noting, though, that most of these providers bill for the number of queries received, which will of course increase significantly during a DNS attack. Unwitting accomplices As well as configuring their DNS
www.arrowecs.ae
infrastructures to resist DDoS attacks, organizations should also ensure they don’t become unwitting accomplices in DDoS attacks against others. Unless the company is one of the very few that runs an open recursive name server, it can limit DNS queries to those IP addresses on its internal networks, thereby making sure that only authorised users have access to its recursive name servers. And for those that run authoritative name servers, Response Rate Limiting (RRL), incorporated into BIND name servers, makes it difficult for attackers to amplify queries, stopping responses being sent to a single IP address at any rate higher than a pre-programmed threshold. By understanding how DDoS attacks exploit DNS servers, and recognising the signs, organizations can take measures to lower the threat on their own infrastructure, and avoid becoming complicit in attacks on others.
July 2014 | Channel Advisor
11
F5 | insight
On cloud nine F5 Networks explores how channel partners can successfully implement a hybrid cloud architecture.
Cloud computing can help organizations provide better services while reducing costs and streamlining IT. Infrastructure as a Service (IaaS) providers are promising faster build and deployment times, quicker ROI, and more flexible payment terms compared
to services deployed from private data centers, and many organizations are looking to capitalise on these benefits. When not deployed properly, however, IaaS can create management overhead, fail to deliver predictable user experiences, and result in a
generally disappointing service. The growth and maturity of the IaaS market have assisted many in the drive to do more with less—providing more services for customers and employees, but doing so more efficiently. Largely driven by a difficult economic climate, the need to be more
www.arrowecs.ae
competitive by running leaner data centers has never been so high. In many cases, however, IaaS providers are not meeting data privacy requirements or Service Level Agreement (SLA) availability expectations for mission-critical production applications. These failures are
July 2014 | Channel Advisor
13
insight | F5
preventing most organizations from making an all-in commitment to replace private IT infrastructure by migrating to the cloud. In addition, legacy applications can require dedicated infrastructure and ongoing support, hence the popularisation of a hybrid architecture consisting of both public IaaS providers and private data centers While IaaS providers are promising faster build and deployment times, a quicker ROI, and more flexible payment terms—and thus outcompeting services within private data centers—inherent dangers lie in the new infrastructure silos that are created as a result. Enterprises are looking for a single, seamless, self-service IT infrastructure. Integrating the management tools and connectivity between public and private environments creates a seamless experience across the two, delivering a transparent extension to the data center environment and avoiding technology silos. The F5 Cloud Migration architecture delivers strategic points of control that enable IT departments to meet expectations for delivery, access, functionality, configurability, and performance—wherever the workload is hosted. The F5 solution provides integrated and automated application delivery capabilities into the cloud, rapidly reducing the provisioning and deployment times for application networking services. It accomplishes this through: • Integration into third-party cloud management tools. • Automation of the provisioning of application networking
14
Channel Advisor | July 2014
services across public and privately hosted F5 BIG-IP products. • Orchestration that expedites deployment times. • Extensibility and unparalleled flexibility using the REST API. Technology Solution The three keys to implementing a successful hybrid cloud architecture include: • Consistent Performance The importance of performance is two-fold in a hybrid cloud
experience, F5 application delivery functionality is available in both hardware and virtual editions that support all of the leading hypervisors and cloud environments. This choice provides enterprises with the same application delivery toolset— the same operating systems, the same management interface, and the same APIs— wherever their workload is handled, whether in the cloud, in a private data center, or both. • Zero Management Complexity
The F5 Cloud Migration architecture delivers strategic points of control that enable IT departments to meet expectations for delivery, access, functionality, configurability, and performance—wherever the workload is hosted. model. First, applications must be available and responsive for those working with them. Second, the environment and architecture must deliver solid performance in terms of management tools, backup, replication, and other administrative functions. Performance optimization therefore must take into account both user access and data replication. F5 application acceleration technologies deliver on both requirements, ensuring transparency between private and public data center access. • Feature Parity Migrating to a new environment must not result in reduced capability. To combat feature loss or degradation of the user
www.arrowecs.ae
A key component of the F5 solution, F5 BIG-IQ Cloud, federates management of BIG-IP products across both traditional and cloud infrastructures, helping enterprises to deploy and manage application delivery services in a fast, consistent, and repeatable manner, regardless of the underlying infrastructure. In addition, BIG-IQ Cloud integrates with existing cloud orchestration engines such as VMware vCloud Director to streamline overall application deployment. BIG-IQ Cloud uses F5 iApps Templates and a self-service model to rapidly provision application delivery services, enabling new applications to be made available to users in minutes instead of
weeks. IT organizations can define a catalog of available application delivery services, including customised or multi-tiered offerings, from which administrators and application managers can quickly select as needed. Business Benefits The F5 Cloud Migration solution automates and orchestrates the deployment of application delivery services across both traditional and cloud infrastructures. Whether an organization is adopting a public, private, or hybrid cloud, F5 simplifies the optimization of business applications, ensuring that they’re fast, secure, and available—wherever they are. • Save time: Reduce deployment and provisioning timelines otherwise extended by management silos. • Increase efficiency: Automate the provisioning of application networking services across public and private data centers. • Simplify provisioning: Coordinate with third-party cloud orchestration solutions to unify application and network services provisioning. • Gain flexibility: Ensure extensibility using the F5 iControl and REST APIs. Migrating services to an IaaS provider and reaping the benefits of the cloud can be painless for employees and customers alike. The key to delivering on a hybrid architecture is the creation of a consistent and simpleto-consume environment that doesn’t introduce complexities or a poor user experience. F5 cloud optimization and management solutions eliminate these issues, delivering synthesis across a hybrid cloud architecture.
NEEDS STRONG APP EVERY NETWORK INFRASTRUCTURE SECURITY. NEEDS STRONG APP Scale and protect with F5. SECURITY. Scale and protect with F5.
www.f5.com
insight | gigamon
Boosting security Gigamon’s GigaVUE-VM enhances comprehensive security capabilities of an organisation’s virtual server infrastructure.
IT security teams continue to mitigate security threats with traditional security devices. But virtualization has caused the enterprise to explore new ways to extend the reach of security tools into the virtual infrastructure. With today’s distributed application architecture that led to the growth in East-West traffic inside the
16
Channel Advisor | July 2014
hypervisor, security architects are looking for more efficient ways to gain visibility to that traffic on behalf of their existing and nextgeneration security appliances, such as IDS/IPS, Web server security, integrity monitoring and malware inspection, along with several other tools. Security tools such as perimeter
www.arrowecs.ae
firewalls and IDS/IPS sensors are commonly deployed at the perimeter of the network, where they inspect network traffic between untrusted zones like the Internet and trusted zones such as the core data center or end-user networks. However, today’s security threat mitigation can no longer be accomplished with just a firewall and
IPS sensor. Comprehensive security must encompass all threat vectors including but not limited to, e-mail scanning, web application security, malware detection and granular application control. These tools rely on live packet streams on the wire. They also rely on end-to-end packet flows between network segments, servers and end-users. As the
infrastructure is virtualised and the traffic migrates inside the virtual switch, tools examining that traffic can go dark—the virtual network becomes a hidden silo of IT. With the increasing adoption of Overlay Networking, traffic going to and from the virtual server environment is encapsulated to aid in workload mobility and resiliency. By wrapping an IP packet with an encapsulation header such as VXLAN, the packet may become invisible to network security inspection tools. Many tools are able to decapsulate the packet, but that is an added burden on the tool, especially in light of growing network speeds up to 100Gb. Many security tools are challenged to keep up with the growth in network speed in light of encapsulation protocols such as VXLAN, ERSPAN, OpenFlow and even some wellproven protocols like MPLS. Many organizations face requirements to capture and store (or record) network traffic streams. There are numerous packet recorders and other security tools on the market today, including Open Source and Commercial products. They receive packet streams from network TAPs or SPAN ports. In both cases, packets are captured on the wire and transit a physical network link to reach a network port on the security tool. When a server migrates to a virtual machine, all East-West traffic associated with that server may no longer be visible by the tools on the physical network. Gaining visibility of VM traffic with GigaVUE-VM Gigamon’s GigaVUE-VM extends pervasive visibility for monitoring,
analysis and security tools into the virtual environment and private cloud. GigaVUE-VM is a native VMware virtual machine. It supports the vNetwork Distributed Switch and Standard Switch, as well as the Cisco Nexus 1000V for vSphere 5.x environments. Leveraging VMware’s native APIs, the GigaVUE-VM solution is able to instruct the vSwitch
copied and sent to security tools in the physical network. The management, deployment, and configuration of the GigaVUE-VM nodes are accomplished with the GigaVUE-FM Fabric Manager, using a lowprivilege vCenter user account, eliminating the need to hand over full administrative privileges to teams who do not control the virtual infrastructure.
The GigaVUE-VM solution for monitoring of VM traffic, along with the GigaVUEFM fabric manager, monitors the vCenter server alert function for vMotion events. When a VM is moved from one hypervisor to another, the GigaVUE-VM visibility policy moves with it to the new hypervisor, providing visibility of the VM traffic before and after a vMotion event occurs. to send copies of VM traffic to another destination port. The GigaVUE-VM node is attached to the destination port, and receives the copied packets. The packets are then filtered before being encapsulated on a tunnel and sent to a destination tool on the physical network via a physical fabric node enabled with Gigamon’s GigaSMART technology. GigaVUE-VM can also perform packet slicing operations to target specific packet information prior to encapsulating traffic onto the tunnel. With Gigamon’s patented Flow Mapping and packet slicing features, tool administrators are able to greatly reduce the amount of virtual machine traffic that is
Maintaining visibility during virtual machine migration Another issue facing VM administrators is enabling continuous visibility during VM migration for the tools being used to monitor, analyze and secure the entire data center infrastructure. Virtual Servers have become the platform of choice for application deployment because of their dynamic nature. However, their dynamic nature makes them very difficult to monitor, especially when a vMotion event occurs. In the absence of the GigaVUE-VM solution, when a VM is moved from one hypervisor to another the only way to maintain visibility is for the VM admin to go through a long list
www.arrowecs.ae
of configuration items to manually disable existing vSwitch port mirror sessions and create a new port mirror session on the destination hypervisor where the VM in motion has landed. The GigaVUE-VM solution for monitoring of VM traffic, along with the GigaVUE-FM fabric manager, monitors the vCenter server alert function for vMotion events. When a VM is moved from one hypervisor to another, the GigaVUE-VM visibility policy moves with it to the new hypervisor, thus providing continuous visibility of the VM traffic before and after a vMotion event occurs. Centrally managed and pervasive visibility into the virtualised server environment Security architecture covers a broad range of comprehensive security and forensic capabilities, using a combination of tools such as NPM, DLP, compliance monitoring, IDS/IPS, and APM, all of which require access to packet level detail off the wire. With the wire now being the virtual switch, security architects may have no scalable, seamless integrated method to see a virtual server’s ingress/ egress traffic. The GigaVUE-VM virtual fabric node by Gigamon delivers centrally managed and pervasive visibility into the virtual server environment. East-West and North-South traffic can now be captured and directed to security tools on a per-VM basis, giving security administrators full access to packet-level virtual traffic detail. For more information, please contact emea.enquiries@gigamon.com
July 2014 | Channel Advisor
17
NOWHERE ON YOUR NETWORK IS SAFE. IS EVERYWHERE SECURE? Today’s network threats can attack from anywhere – Gigamon’s Pervasive Visibility solutions deliver complete clarity into your network traffic, weaving security right through your IT infrastructure. Visit Gigamon at emea.gigamon.com We can help you shine a light into the darkest corners of your network. emea.gigamon.com
VCE | opinion
Innovate to grow Ad-Partner-8.5x11-Proof.pdf
1
9/18/13
9:23 AM
Nigel Moulton, EMEA CTO, VCE, outlines the road to innovation that its partners should undertake to deliver satisfying customer experiences.
Rowan, Editor, Wired Magazine, Converged infrastructure is UK, has condensed the answer a transformational into six new rules of digital technology and it needs a disruption. transformational approach. The Interface is wearable: A Customers understand that cloud good example here is Google can deliver agility, flexibility and cost savings, and can free them to Glass. The implications it has for authentication, for the way focus on areas of IT that add a customer might make a value. In order to take customers purchase and how we can gather on to that journey, we all need to information on a customer’s understand what they are thinking location is tremendous. And a and why, and how VCE can help lot of this will be driven by an partners to deliver against those THEinterface NUMBERS UP.worn which isADD probably expectations. TM the individualSYSTEMS. and certainly will The first thing to begin this VCEbyVBLOCK bebusiness, switched on all the time. process is to identify what is Focus on not infrastructure. Vblock Systems the Cisco Unified Computing System has shifted to a with keeping the CEOs and CTOs of are built on Power from EMC and virtualization from VMware. This is about the customers awake at night. David storagedemocracy: The results speak for themselves – more productivity with less cost. Learn more at www.vce.com/roi
YOUR LOGO HERE
relative ease with which venture capital can be funded to start up young companies. They have an opportunity to deliver a software application to transform the way in which the customer has an experience, which is increasingly being delivered by software. Physical is merging with digital: Today, low cost computing is easily available. Tablet devices that cost less than $30 are now available in the Indian sub-continent, and when this amount of power and technology is laid in the hands of a huge population, the way in which a software experience
www.arrowecs.ae
is delivered changes the way a customer thinks about their interaction with the business. Removing the friction: This is about simplifying the way in which the customer transacts with you as an organisation. If it takes ten steps to go from initial interest to purchasing, this should be reduced to six or seven. Embrace new business models: Organizations must think about how their traditional business model and how their customers’ traditional approach to market will change. This can be through the delivery of a software application on a piece of
July 2014 | Channel Advisor
19
opinion | VCE
hardware that businesses don’t necessarily own, but can use to define the experience that the customer has. Be honest: Anything that can be done to increase the level of transparency that the organization has with the customer moves it closer to a trust model with them. All of these digital approaches will be delivered using a cloud methodology, however the current IT structure is not cloudready. VCE aims to deliver these approaches by working together with their partners in three simple steps – consolidation, integration and innovation. Each step needs to be measured for effectiveness against five metrics. Revenue: Are we impacting the customers’ top line revenue? Employee productivity: Are we making their employees more productive? Agility: Are we making them more agile, can they respond quicker and faster to the changing dynamics in the marketplace? Customer satisfaction: Are they reimagining how they deliver customer satisfaction? Cost saving: Are they able to do this with the same or less IT budget than before? At the consolidation stage, the greatest impact is in the area of cost saving. Consolidate to bring cost saving What needs to be evaluated here is how closely integrated business applications are to the infrastructure that powers them. Businesses need to explore if there is a way to implement a project which will return real hard line value back to the bottom line of the company. At this stage, employee productivity should be also measured. Almost all implementations a company
20
Channel Advisor | July 2014
can offer are done with the objective of saving money. After server virtualization, which most customers have already deployed, the next logical step is converged infrastructure. This is because it can bring on additional savings and agility to the data centers. At this stage, operational software licenses might also be affected, including the way a customer might acquire maintenance. Integration to change productivity In this stage, we are now talking about projects that more closely couple the business process to the infrastructure. Also, we will now make changes to productivity and agility within the organization. One such potential project is desktoprefreshing VDI. This changes the tool set and the way in which the applications are delivered to the end user in the organization. If voice, video and messaging are brought to these desktops for the first time, employees now have a new set of tools that makes them more productive within their organization. And mobile applications transform the way in which we take a software-led approach to the way in which we deliver customer service and customer satisfaction. The most important step in this process is linking business process to the business infrastructure. How can customers’ business processes that are run every day be made more effective? What can be done to simplify the methodologies that customers use and how can a cloud-based infrastructure help drive that? We should enable our customers and remove the friction. At this stage, the effectiveness can be seen on the top-line revenue with tighter integration of
www.arrowecs.ae
Nigel Moulton, EMEA CTO, VCE
the business on the infrastructure. Through VDI, employees become more productive. When revenue is impacted positively and employees are more productive, then the business is more agile and delivers greater customer satisfaction. And also there is a positive impact on cost saving. Innovation to drive massive agility and change The final piece of the puzzle is innovation, because we now have to understand that we have built a baseline of technology – the virtualized service and converged infrastructure. We built in an integration phase where we have tightly coupled the business process. We have driven new tools and applications for the users to employ and what we now need to do is take the maximum leverage from that. We should look at the three most important things that affect the way that an innovative enterprise communicates and delivers customer service to its customers. This can be distilled down to three steps: Social integration: What are you doing to integrate the social
aspect into the business? Are you listening to what your customers are saying about you in the social media? How are you gathering data around that and processing it so that you can better deliver a customer interaction? Big Data & analytics: Are you taking real-time analytics seriously; are you thinking about Big Data? Are you thinking about how to acquire data assets in near real-time and how to analyze them and then be able to make a business decision based on the outcome? Are you starting to look at the technology, then bring those skill sets in-house? Transforming experiences: And finally, when the above two points are brought together, businesses are going to change the experience the customer has through a software application delivered on the handset or a mobile device. This way businesses can take the element of social sphere, listen to what is being said, react in near real-time and deliver an outcome through a software application on a device the customer owns. This indicates the way in which an innovative enterprise maximizes the use of cloud technologies. When the innovation stage is measured, we see that it has had an impact on all five metrics. We can clearly demonstrate how the top-line has been driven, how productivity has been increased and how the business has become more agile. Social integration has enabled to dramatically improve customer satisfaction. And this is being done with the same IT budget or less. Remember, it helps to ask the customer where they think they are in this three-step process. This way businesses are better aware about the conversation it needs to have with its customer. Ad-Partner-8.5x11-Proof.pdf
1
9/18/13
9:23 AM
insight | Websense
Building defenses The Advanced Classification Engine (ACE) solution from Websense is designed to address targeted threats that involves multiple attack stages, and can circumvent traditional defenses. ACE delivers real-time security ratings for protection, productivity and compliance. Protection must address advanced threats, modern malware and data theft. Productivity controls must be accurate and understand social media and other applications. And compliance requires strong outbound content visibility and containment controls including, but not limited to, data loss prevention (DLP) as a defense and risk reduction solution. ACE provides a number of unique capabilities to support these business requirements including: • Predictive security engines that see several moves ahead. • Behavioral sandboxing for the most advanced, targeted zero-day threats and APTs. • Inline operation to tackle threats through HTT PS and
22
Channel Advisor | July 2014
private social media vectors. • Real-time results for a constantly changing world. • More than 10,000 analytics available to support deep inspections. • Composite scoring to support decision-making and the effective integration of a broad set of defense assessment methods. More than 10,000 analytics and other methods applied by ACE encompass a broad spectrum of security assessment technologies — from proprietary real-time security, content and data classification processes to traditional security technologies that have declining effectiveness. Understanding the strengths and weaknesses of multiple security techniques enables a system of checks and balances that enable ACE to minimize false positives and
www.arrowecs.ae
improve accurate classification. ACE can be described as an integrated set of defense assessment capabilities in eight key areas: • Behavioral Sandboxing. Allows suspicious code to be executed, scrutinized, and weighed for malicious activities in a secure, isolated environment. • Real-Time Security Classification. Empowers social web controls, and inspects all web content for malicious or suspicious code such as open or obfuscated scripts, exploit code and iframe tags. • Real-Time Content Classification. Employs advanced machine learning to quickly and accurately classify pages based on content including images, multimedia, and links. • Real-Time Data Classification. Classifies structured and
unstructured data with paring and decoding support to address outbound data theft. • Anti-Malware Engines. Applies multiple anti-malware engines to identify both general and specialized malware. • URL Classification. Used independently and in conjunction with other defense assessments to apply current classification information for known pages, or to help assess new pages and links. • Reputation Analysis. Considers more than twenty characteristics for detailed assessment and more accurate reputation scoring that encompasses contextual awareness. • Anti-Spam/Spear-Phishing. Provides matchless, proactive protection against traditional and emerging threats in email. Composite Scoring Each of the eight ACE defense assessment areas is powerful on its own, and indeed many competitive products depend primarily on technologies in only one or two of these eight areas. But the full value of ACE comes from its ability to correlate the results from all eight defense assessment areas with unique, proprietary composite scoring algorithms. Each ACE defense assessment contributes a risk score and contextual information to the composite scoring algorithms, which then calculate overall risk and consider patterns that may indicate the presence of a threat. By combining information from multiple defense assessment areas, each with specialized capabilities, ACE enjoys superior accuracy. Composite scoring also enables ACE to detect complex attacks such as Advanced Persistent Threats (APTs) that can evade independent or limited sets of assessment technologies.
Extreme Networks | insight
Enabling SoftwareDefined Networking Extreme Networks discusses how the company’s SDN solution, OneFabric Connect can help in making networks more agile. Server virtualization, advanced data center management, cloud computing and smart mobile devices have become gamechangers for organizations and consumers. Together they open the potential for organizations to deliver new services quickly and costeffectively, while enabling employees and consumers to work, play and collaborate anywhere at any time, using any device. As a result, networks have become a more critical component in these organizations. Organizations need to provide new end-to-end services and applications in a seamless and cost-effective manner. As a result, many are reexamining traditional network architectures and
looking at Software-Defined Networking (SDN). Extreme Networks’ OneFabric Connect The requirements of evolving networks point to the need for a more agile network that enables the benefits of SDN. It was with this in mind, the following tenets were folded into the Extreme Networks SDN architecture: • Centralized Management and Control of both network and third party systems with OneFabric Control Center Advanced • Programmability of virtualization and application integration with OneFabric Connect
• Open via XML/SOAP-based API provided by OneFabric Connect The Extreme Networks OneFabric Connect SDN Solution consists of OneFabric Control Center Advanced and the OneFabric Connect API which seamless interfaces with Extreme Networks Data Center Manager, Extreme Networks Mobile IAM, partner and userdefined applications. The result is a seamlessly integrated solution that is also open to integration with any third-party system. The Extreme Networks OneFabric Connect API provides a simple, open, programmable and centrally managed way to implement
www.arrowecs.ae
Software-Defined Networking (SDN) for any network. With the OneFabric Connect API business applications can be directly controlled from the OneFabric Control Center Advanced managed via NetSight. With OneFabric Connect, organizations can programmatically control and automate network virtualization, traffic engineering, new service provisioning, network analytics, web-scaling and a wide variety of other network functions. With the OneFabric Connect API organizations can integrate a limitless variety of systems and applications with OneFabric Control Center Advanced and
July 2014 | Channel Advisor
23
insight | Extreme Networks
Netsight. Extreme Networks has developed a number of predefined integrations that allow programmatic control of VM, MDM, web filtering and firewall systems, but additional customerdefined integrations are always an option. Customers can also develop their own integrations simply and easily via the open, XML/SOAPbased API. The Extreme Networks Architecture Advantage Despite the overwhelming buzz around SDN, there is still a good deal of confusion as to what the real challenge is in networks today, and how it can be solved. Network intelligence is (logically) centralized in software-based SDN controllers, which maintain a global view of the network. As a result, the network appears to the applications and policy engines as a single, logical entity (versus various switches or routers). Enterprises and carriers then gain vendor-independent control over the entire network from a single logical point, which greatly simplifies the network design and operation. Perhaps the most controversial part of an SDN architecture is: “How much control can be centralized and how efficiently can the network components be designed without requiring a high performance control plane subsystem and a single point of failure?” For some, this has been a key part of the business case argumentation for new SDN architectures and protocols as it promises capital expenditure (CAPEX) reductions that are not achievable: as in today´s access switch architectures the cost of the host complex is almost negligible compared to the cost of the total system design. History has shown that control plane centralization can yield a simplified architecture, however these architectures
24
Channel Advisor | July 2014
have all failed to scale to meet real world requirements. This is specifically true for today´s IP networks where the number of network nodes and end-systems is steadily increasing as are the number of flows that would need to be managed by a centralized system. Extreme Networks has found that a hybrid approach (centralized and distributed control plane intelligence) is not only best suited to provide the automation offered by SDN, it is mandatory to effectively scale and operate such an environment. Bringing complete network intelligence to a single controller removes economy of scale, and creates
way to provide in-depth network visibility, automation and control for all devices and users at all times. This not only requires the network to service millions of flows, but also requires hardware capable of doing so without impacting user experience, as well as a distributed control plane to manage those flows. Extreme Networks is the only provider of flow-based switches with custom ASICs and distributed control plane functions that have been specifically developed to support this kind of flow volume. In fact, the company has been deploying flow-based architectures that have been performing SDN-like
Extreme Networks has found that a hybrid approach is not only best suited to provide the automation offered by SDN, it is mandatory to effectively scale and operate such an environment. either a single point of failure or an expensive redundancy system. The company believes that ultimately the power and agility comes from the integration of applications through northbound APIs to build Layer 4-7 virtual appliances - like firewalls, load balancing, traffic engineering, network analytics, BYOD network and device management, and security. It was with this in mind that Extreme Networks has developed this function through our OneFabric Connect solution. The Extreme Networks Flow Advantage A unique and important element of the Extreme Networks SDN Solution is the scalable, application aware data plane that leverages its custom, flow-based ASIC design CoreFlow. Flows are the only
www.arrowecs.ae
functions for years. This investment in flow technology has resulted in a number of Extreme Networks patents dating back to the 1990’s and a deep understanding of the architectures and scaling requirements represented by SDN. For Extreme Networks customers, the SDN foundation has already been built into their switches – they need only add software. Virtualization and SDN Virtualization is one of the most revolutionary changes to the data center in the past decade. Server and storage virtualization enable rapid changes on the services layer, but the dynamic nature of virtualization places requirements on the data center network. “Motion” technologies create rapid configuration changes on the network layer as servers/
VMs are added or moved amongst physical machines. To deliver network services in real-time within a virtualized environment, the Extreme Networks OneFabric Control Center Advanced bridges the divide between virtual machine and network provisioning applications. It is a powerful unified management solution that delivers visibility, control and automation over the whole data center fabric (including network infrastructure, servers, storage systems and applications) across both physical and virtual environments. OneFabric Control Center Advanced requires no special software or applications loaded onto hypervisors or virtual machines. The solution interfaces directly with the native hypervisor and hypervisor management systems. Server and VM visibility and control are provided with no bias to the server or operating system vendor. Enterprises have the freedom to choose the server and hypervisor vendor that best fits their requirements, not the vendor that will lock them into a one shop solution. It is unique in the industry in supporting all major virtualization platforms, including Citrix XENServer and XENDesktop, Microsoft Hyper-V and VMware vSphere, ESX, vCenter and VMware View. It can also integrate with existing workflow and lifecycle tools to provide cradle-to-grave visibility into virtualized and physical assets and to automate the physical and virtual network configurations for virtual machines. Instead of requiring new software installed on the hypervisor, the solution leverages each vendor’s APIs (as well as Extreme Networkspublished APIs) to provide automated inventory discovery and control over the hypervisor switch configuration, as well as management of the physical network configuration.
insight | trend micro
Raising the bar Trend Micro examines how its custom-built defense solution, Deep Discovery, counteracts Advanced Persistent Threats (APT).
26
Channel Advisor | July 2014
www.arrowecs.ae
Standard protection products’ signature-based, one-size-fitsall approach cannot deal with the custom nature of targeted attacks and their dedicated perpetrators. The malware, communications, and attacker activities used in targeted attacks are invisible to standard endpoint, gateway, and network security measures. Security analysts and experts recommend a new type of network monitoring that uses specialized detection and analysis techniques designed specifically to discover the telltale signs of these attacks. Trend Micro Deep Discovery is a leading product in this movement, enabling organizations to deploy a full Detect–Analyze–Adapt– Respond lifecycle to protect themselves from these attacks. The Deep Discovery solution is comprised of two components: Deep Discovery Inspector and Deep Discovery Advisor. Deep Discovery Inspector provides network threat detection, custom sandboxing, and real-time analysis and reporting. Its capabilities are the primary topic of this section. The optional Deep Discovery Advisor provides open, scalable, custom sandbox analysis that can augment the protection capabilities of an organization’s existing security products, such as email and Web gateways. It also provides visibility to network-wide security events and security update exports—all in a unified intelligence platform. Deep Discovery Advisor is the gateway to the full power of the Trend Micro Custom Defense solution, described in the next section. Deep Discovery Inspector is purpose-built for detecting APT and targeted attacks—identifying malicious content, communications,
and behavior that may indicate advanced malware or attacker activity across every stage of the attack sequence. Deep Discovery Inspector uses a three-level methodology to perform initial detection, simulation, correlation, and, ultimately, a final cross-correlation to discover targeted attacks discernible only over an extended period of time. Specialized detection and correlation engines provide the most accurate and upto-date detection aided by global threat intelligence from the Trend Micro Smart Protection Network. Dedicated threat researchers continually update the detection rules that correlate events and define the behavior and communication fingerprinting that detects targeted attacks. The result is a high detection rate with low false positives and in-depth incident reports that help speed up containment of an attack. Trend Micro Custom Defense Solution—how it works Detect: what standard defenses can’t Trend Micro Deep Discovery provides advanced threat protection that performs networkwide monitoring to detect zero-day malware, malicious communications and attacker behaviors that are invisible to standard security defenses. Deep Discovery sandbox simulation is also integrated with other Trend Micro products including Messaging Security products, giving them the power to block the spear phishing and social engineering exploits commonly used by attackers in the initial phase of a targeted attack. And, Deep Discovery supports an open Web Services interface so that
any security product can integrate with the custom sandbox detection. Analyze: using real-time global and local intelligence Upon detection, Deep Discovery analytics and attack-relevant intelligence from the Smart Protection Network and Threat Connect portal create a rich threat profile that enables an organization to gain an in-depth understanding of the risk, origin and characteristics of the attack that help prioritize and guide containment and remediation plans. The depth of these threat profiles also enables the adaptive protection capability of the Trend Micro Custom Defense solution. Adapt: security protection points to block the new threat To immediately adapt and strengthen protection against further attacks, the Trend Micro Custom Defense solution uses in-depth threat profiles to update the Smart Protection Network and to generate automated, custom security updates (IP/Domain blacklists and security signatures) to existing Trend Micro products in a customer’s environment, including endpoint, gateway, and server enforcement points. Built using an open and extensible platform, the solution can also export security updates to non-Trend Micro security products that may already be an important part of the organization’s defense in-depth strategy. Respond: with rapid containment and remediation Finally, the Trend Micro Custom Defense solution delivers 360-degree contextual visibility of the attack by combining the rich threat profile with results from employing specialized attack
Trend Micro’s Global Partner Programme Trend Micro has launched its global partner programme – Trend Micro Partner Programme recently. The new programme, which is globally aligned, is designed to further enhance the productivity and profitability of its 50,000 plus channel partners by enabling them to quickly and fully capitalise on the growing market for the company’s security solutions. The roll out of the new programme will be completed in Q1-2015. “After a comprehensive evaluation of our programmes, we’ve applied best practices from around the globe to establish a common structure for a single, more cohesive programme that can help our partners drive sales like never before,” said Partha Panda, Vice President of Global Channels and Strategic Alliances, Trend Micro. “We are confident that this new approach will allow them to identify and respond faster to business opportunities for our comprehensive security solutions. Most significantly, it will enable us to replicate successful initiatives across all regions to help partners grow their business and increase profitability.” By bundling Trend Micro solutions with products and services from key strategic alliance partners such as AWS, HP, IBM, Microsoft and VMware, channel partners can increase their value to customers, while increasing sales and profitability. The education programme has been simplified, aligns with the latest industry standards, and provides two levels of training and certification. The new education portal helps accelerate partner enablement and equips channel team members with the knowledge and skills to capitalise on sales opportunities and better serve customers. To further equip its channel partners, Trend Micro is providing a comprehensive set of sales and marketing tools through a refreshed Trend Micro Partner Portal. Additionally, the new Trend Micro Partner Programme includes: Clearly defined partner segmentation, and an enhanced compensation structure Tiered, standardised reseller levels (Bronze, Silver, Gold and Platinum), and the addition of a referral partner programme to target “born-in-the-cloud” technology service providers and other trusted advisors Deal protection compensation for Gold and Platinum levels, and the extension of deal registration to include Bronze partners that have completed one or more specialisations Dedicated channel account teams, equipped with common standards, processes and performance measurement guidelines, to help further ensure partners capitalise on the expanding business opportunities. The inaugural Trend Micro Global Partner Summit will be held between 21st to 23rd October in Las Vegas.
response tools and intelligence gathered from network-wide security event collection and analysis. Alternatively, the threat profile and other findings can be shared with a SIEM system
www.arrowecs.ae
already in place. Armed with this information organizations gain the insight needed to expedite the containment and remediation process and to contact authorities, as may be appropriate.
July 2014 | Channel Advisor
27
Protect your information against targeted attacks
Deep Discovery detects and identifies evasive threats in real time It also provides the in-depth analysis and actionable threat intelligence that drives the Custom Defense solution. Advanced threat detection and targeted integration with other security products allows you to adapt and respond to your attackers at multiple points with comprehensive cyber security. Custom signatures and custom-defined sandboxes stop your attackers from taking your valuable information.
Trend Micro
• Protection of physical and virtual assets, data, information, communication and intellectual property
DEEP DISCOVERY
• Address issue of targeted attacks given pressures to do more with less
Targeted attack detection, in-depth analysis, and rapid response
• Ensure seamless integration with existing infrastructure, applications, environments and process