Published by
Adding Value to Technology
Issue 02 | October 2014
Charting a new course Exploring the vistas of growth opportunities
contents from the MANAGEMENT GITEX Technology Week is a special event that showcases what the burgeoning ICT industry in the region has to offer. Even though it is always very busy around this time, it is also the most exciting part of the year for the IT industry. The key reason why Gitex is a big success is because it provides an ideal forum for industry people to meet, discuss trends and exchange ideas. It also represents a real opportunity for resellers to see where vendors are going with their products and explore up-and-coming vendors. For the last several years, Arrow, (formerly known as Computerlinks) has been an integral part of the show and this year will be no exception. In fact, this year you will see us making a lot more noise as we are using GITEX as a platform to formally announce Arrow to the region. This means our stand is much bigger, the media campaign is extensive and we have more sponsors than ever before. We at Arrow want to strengthen our commitment in enabling our partners to grow and leverage the opportunities that emerging technologies present. We are also happy to announce that our VP for Central, Eastern Europe and Middle East/Africa/Asia-Pacific regions for the company’s enterprise computing solutions segment, Jean-Loup Desamaison-Cognet, will be joining us to have the opportunity to meet and get to know you better. We will also be announcing the opening of our KSA office at the event. Indeed, it is an exciting time for us at Arrow. We are ready to take the region by storm and this is only possible by working collaboratively with all of our partners. Visit us and our sponsors HALL 1 – Stand A-12 and be sure to check out a series of technology seminars held at our booth and enter for a chance to win an iPhone 6! - Arrow Management Team
04
10
16
26
04 EMC: Growth avenues 07 RSA: Keeping data safe 10 Infoblox: Safeguarding servers 13 F5: Pioneering in security 16 Gigamon: Strategic partnerships 19 VCE: Taking the leap 22 Websense: Strategize to defend 23 Extreme Networks: Unlocking networks 26 Trend Micro: Enhancing value
www.arrowecs.ae
October 2014 | Channel Advisor
3
insight | EMC
Growth avenues Top reasons for entry-level storage and data protection from EMC
4
Channel Advisor | October 2014
www.arrowecs.ae
EMC is redefining storage and data protection for midsized organizations. Once, enterprise-class functionality was out of your reach. Now, with EMC VNXe3200 primary storage and Data Domain DD2200 protection storage, you can experience enterprise-class performance at an entry-level price point. It’s time to rethink what’s possible. Simple. Setup NAS or SAN on the VNXe3200 in just minutes with new configuration wizards. Unisphere provides a simple user interface to perform all block- and file-oriented operations, from creating LUNs and LUN groups to file systems and even VMware datastores. The VNX family has the best virtualization integration with over 96 integration points into both VMware and Hyper-V. The VNXe3200 allows you to easily deploy private clouds with deep VMware and Microsoft integration. For three years in a row, independent research firm Wikibon has named EMC VNX/ VNXe the #1 storage for VMware integration. VNXe3200 users are a single click away from getting help with EMC Connect Proactive Support, advanced capabilities within Unisphere that enable you
to receive electronic software updates, order drives, and live chat directly with EMC support professionals. When it comes to data protection, the combination of Data Domain protection storage with the EMC Data Protection Suite gives you a data protection solution optimized for mid-sized organizations. The EMC Data Protection Suite is available in capacity increments, now starting at 1TB and greater. The DD2200, like the entire Data Domain family of protection storage, directly integrates with enterprise applications and backup applications through DD Boost to simplify your backup infrastructure and speed your recovery. Efficient. The VNXe3200 lowers $/IOPS and $/GB with “set it and forget it” FAST VP auto-tiering. The FAST Suite combines auto-tiering and SSD caching in a single package, giving you the immediate benefit of caching writes and the longerterm benefit of storage tiering. Store more in less space with the VNXe3200. Advanced efficiency services, such as thin provisioning and file deduplication with compression, reduce initial capacity requirements by up to 50%.
Data Domain systems provide backup, archive and disaster recovery on a single system, giving you the opportunity to consolidate data protection from across your IT environment.
The DD2200 directly integrates with enterprise applications and backup applications through DD Boost to simplify your backup infrastructure and speed your recovery. Protect more with less with industry-leading Data Domain deduplication technology. With Data Domain deduplication, you can reduce backup and archive storage requirements by 10 to 30x. With the new DD2200, you can protect up to 860TB logical capacity in 2U enabling you to retain data online and onsite for longer retention periods. Data Domain systems provide backup, archive and disaster recovery on a single system, giving you the opportunity to consolidate data protection from across your IT environment. This will lower your costs, enable you to better meet your SLAs and improve management of your entire environment. Protected. Capture different states of the business at any point in time with VNXe3200 Unified Snapshots for block and file. The Data Domain Data Invulnerability Architecture – built into every Data Domain system – provides the industry’s best defense against data integrity issues. Inline write and read verification protects against and automatically recovers from data integrity issues during data ingest. Continuous fault detection and self-healing ensure data stays
www.arrowecs.ae
correct and returns correctly so that data is recoverable and accessible throughout its lifecycle. All Data Domain systems support encryption for data at rest and data inflight to ensure that user data is never in a vulnerable, unencrypted state while being backed up, stored or sent to the DR site. Data Domain systems provide network-efficient replication via DD Replicator software. With DD Replicator, only compressed, deduplicated data is transferred asynchronously over the WAN, eliminating up to 99% of the bandwidth required compared to standard replication methods. With DD Retention Lock, you can be assured that archived data stored on Data Domain is securely retained in order to meet retention requirements mandated by corporate policies and/or regulatory obligations. If you are looking for a converged infrastructure, EMC’s VSPEX solutions unite the storage and data protection capabilities of VNXe, Data Domain and Data Protection Suite. The world’s fastest-growing and most popular reference architecture, VSPEX accelerates your journey to a virtualized environment. The choice is yours from EMC – redefining storage and data protection for mid-sized organizations.
October 2014 | Channel Advisor
5
E N I F E RED
YOUR DATA STORAGE AND BACKUP
Make your IT transformation easy & increase both the and cost-effectiveness of your operations Meet your growing data & application needs with our new VNXe3200 Protect your data with the new DD2200 and reduce risk Finance offers designed to suit your business, without squeezing your
EMC VNXe3200 is Powered by Intel速 Xeon速 Processor
RSA | insight
Keeping data safe RSA Data Discovery enables content aware security investigations. CONTENT AWARE INSIGHTS FOR RSA SECURITY ANALYTICS Security attacks are becoming more targeted and sophisticated, and security teams are required to gain as much visibility as possible into the attacks and the corresponding business impact in order to
effectively protect the organization’s most sensitive data. Furthermore, the attacks could come from external sources or from a malicious insider, both aiming to steal valuable data. Security analysts investigating suspicious network traffic may not have the appropriate visibility into the business context
or the types of data targeted by advanced attacks, and as a result are unable to correctly prioritize alerts for additional investigation and remediation. RSA Data Discovery is a data classification tool for RSA Security Analytics that not only discovers IT assets such as
www.arrowecs.ae
data repositories (file servers, SharePoint servers, etc.) and endpoints, but also identifies if sensitive data such as credit card data, privacy data, and intellectual property is residing in these assets. RSA Data Discovery feeds meta data information to RSA Security Analytics about IT assets
October 2014 | Channel Advisor
7
insight | RSA
containing critical information (such as regulatory data or intellectual property), so that organizations can quickly identify attacks on critical assets and enable security analysts to better prioritize investigations. RSA Data Discovery is based on matured RSA Data Loss Prevention (DLP) content analysis technologies, where various sophisticated techniques, such as pattern and proximity analysis, derivative, and full signature analysis are used. This offering comes with more than 170 out-of-the-box expert information classification policies including policies for HIPAA, PCI, NERC, and EU Data Privacy that organizations can just turn on. ENABLE CONTENT AWARE SECURITY INVESTIGATIONS Using RSA Data Discovery
8
Channel Advisor | October 2014
for RSA Security Analytics, organizations can quickly identify and investigate advanced attacks involving both external sources and malicious insiders. Key benefits include: • Simplified Investigations: Faced with a large number of suspect network sessions, the security analyst can use the contextual information of the IT assets to quickly drill down to suspicious network traffic involving IT assets with sensitive data. • Prioritized Alerts and Incidents: Based on the data discovered on IT assets, RSA Security Analytics can prioritize alerts involving IT assets that contain sensitive data. For example, you can generate a high priority alert when outbound encrypted traffic is detected from an IT asset containing sensitive
www.arrowecs.ae
RSA Data Discovery is based on matured RSA Data Loss Prevention content analysis technologies, where various sophisticated techniques such as pattern and proximity analysis are used. data going to an unknown destination server, which could be a malicious drop zone in another country or location. • Report Generation: The reporting capabilities of RSA Security Analytics are further enhanced by the additional IT asset classification information presented by the RSA Data Discovery feed. A security analyst can generate security reports that also contain information
classification for IT assets. These reports can be useful for both security investigations as well as tracking of assets having compliance or regulatory data. For example, tasked with creating security reports concerning IT assets that have PII data, a security analyst can now generate reports about all suspected activity identified by RSA Security Analytics on IT assets containing PII data.
INTELLIGENCE-DRIVEN
FRAUD DETECTION AND PREVENTION EMC2, EMC, RSA, the RSA logo, and the EMC logo are registered trademarks or trademarks of EMC Corporation in the United States and other countries. Š Copyright 2013 EMC Corporation. All rights reserved.
opinion | infoblox
Safeguarding servers Current approaches to stop DoS/DDoS attacks on DNS servers are costly and only partially successful solutions. Infoblox IB-4030 DNS Caching Appliance thwart the attack in real time as it enters the infrastructure, disabling it before it can cause any disruption to performance or service. The DNS server is one of the primary and most vulnerable infrastructure components through which communications service providers suffer Denial of Service and Distributed Denial of
10
Channel Advisor | October 2014
Service (DoS/DDoS) attacks. ISPs, Telcos, and mobile providers are at constant risk of service interruptions due to failure of DNS servers that become overwhelmed by malicious queries and their
www.arrowecs.ae
assorted malware-generated cousins. The current threat landscape is continuing to grow rapidly as these attacks impact budgets, reputations, consumers and clients.
The cost of an attack can be counted in millions of dollars — with nefarious tactics ranging from criminal threats that force extortion payments to attacks that cause outright loss of Internet
opinion | infoblox
connectivity, services and webbased revenue. Effective attacks can also result in additional nonmonetary losses in customer loyalty and satisfaction that, in the case of extended, high profile outages, may lead to significant brand damage. Most ISPs focus on customer retention and growth by upgrading their infrastructure to meet the growing demand for bandwidth, driven in large part by smartphones, social
DoS/DDoS attacks is the idea of building the antidote directly into a hardened, high integrity DNS appliance. Instead of trying to stop attacks when they reach the customer (which has proved very difficult), this method catches them as they enter the provider infrastructure — at the DNS server. Rather than adding more generic servers and load balancers (a mostly ineffective and costly effort), this solution installs highintegrity DNS infrastructure that is
cannot be implemented at high speed in software-based servers. Infoblox IB-4030 DNS caching appliance — Botnets Beware! Infoblox has introduced a new DNS caching appliance that is designed specifically to meet the needs of large ISPs, Telcos and mobile providers. The IB-4030 DNS Caching Appliance serves one million DNS queries per second, more than enough to handle most DoS/DDoS attacks
The IB-4030 DNS Caching Appliance serves one million DNS queries per second, more than enough to handle most DoS/DDoS attacks through processing power alone. It also includes built-in protection against various DoS/ DDoS attack methods. media applications, and the proliferation of personal mobile devices. However, they take their eyes off a far greater threat to customer satisfaction: connectivity. Bandwidth-centric upgrades are necessary, but they are only part of the service provider’s edge over competitors. Today’s sophisticated consumers and businesses simply will not tolerate service disruptions. ISPs must secure their Internet infrastructure against increasingly aggressive and frequent DoS/ DDoS attacks in order to maintain uninterrupted connectivity and preserve their customers’ Internet experience, thereby guarding their own reputation. Enter high integrity appliancebased DNS caching Infrastructure A new and dramatic shift in thinking about how to prevent
12
Channel Advisor | October 2014
purpose-built for the task. Such an approach requires a high-capacity DNS server that prevents most DoS/ DDoS attacks outright simply by keeping up with them, employing raw horsepower to handle the increased load. An appliance approach may also use special algorithms to recognize common attack methods and harden the infrastructure against them. In order to maintain service under extreme load conditions, it is important that these DNS servers do not simply stop when they reach a saturation point. As the DNS query load increases beyond specified limits, this powerful DNS server should maintain constant, low DNS caching latency. This capability is typically dependent on a hardware implementation using advanced packet filtering and load shedding which typically
www.arrowecs.ae
through processing power alone. The IB-4030 also includes built-in protection against various DoS/ DDoS attack methods. This approach enables ISPs and mobile operators to scale their DNS infrastructure to support billions of queries per second, providing high transactional scalability under extreme traffic loads, while also enabling high labor scalability by virtue of Infoblox GridTM technology. The Grid enables providers to deploy large scale, highly distributed but remotely manageable DNS infrastructure — without adding staff for administration and support. Inherently secure, with no root access and a pre-built Infoblox software load, the Infoblox IB4030 DNS Caching server is a purpose-built, carrier-grade appliance that includes redundant AC or DC power supplies, fans
and hard disk drives. The onboard DoS/DDoS protection features are built-in and automated, so that no additional software installation or manual configuration of these functions is needed, thereby eliminating any possibility of manual configuration errors. The IB-4030 also includes automated support for DNSSEC as a standard feature to protect against Kaminsky-style attacks that poison the DNS cache to force redirection to unauthorized or malicious sites. The IB-4030 includes rolebased access controls, ensuring that only those functions for which the specific user and role has permissions can be accessed. Moreover, all changes to appliance settings by each user are time-stamped and stored in the appliance’s audit logs. Let Protection Replace Vulnerability in the DNS Infrastructure The continued rise of DoS/DDoS attacks on service provider DNS infrastructure shows no sign of abating any time soon. Indeed, it is most likely to become an even greater scourge to the industry. As the creators of these attacks become ever more resourceful and devious, the means of combating their efforts must also evolve and add capabilities to outpace their designs. Because of the very nature of connectivity, DoS/ DDoS attacks cannot simply be prevented because traffic is traffic until its malicious nature is detected. Rather, such behavior must be thwarted, overcome or defeated. High integrity DNS caching, like that offered by the Infoblox IB-4030 DNS Caching Appliance, is the latest and strongest weapon in the arsenal against botnet attacks.
F5 | insight
Pioneering in security F5 explains how businesses can fill the Threat Management Gateway void with the company’s Secure Web Gateway services. With the discontinuation of Microsoft Forefront Threat Management Gateway, enterprises need to find a replacement. F5 Secure Web Gateway Services offer a superior solution to secure and manage corporate web access. The recent discontinuation of Microsoft Forefront Threat Management Gateway (TMG) requires enterprises to find a new solution to secure corporate access to the web. In choosing
a new solution, it’s important for decision-makers to ensure that the solution they select includes the features and functionality necessary to ensure safe and appropriate web access. Combining comprehensive features and functionality with superior scalability and performance, F5 Secure Web Gateway Services are uniquely positioned to provide the best alternative for TMG replacement. Moving beyond TMG, how will
the enterprise provide its users with secure and controlled access to the Internet? Failure in outbound security—whether it’s a direct financial impact from data loss or the liability or loss of employee productivity due to inappropriate use of the Internet—can be very costly to the enterprise. In addition to using traditional and next-generation firewalls, many organizations have identified a need to use a web proxy, such as TMG, to deliver
www.arrowecs.ae
user access to Internet resources while protecting corporate assets. While there are various vendors and solutions available to the enterprise, IT decision-makers should ensure the solution they select contains the necessary feature set to ensure secure and managed access to Internet resources, including the four functions outlined below: Forward web proxy: Providing a level of anonymity between corporate systems and resources
October 2014 | Channel Advisor
13
insight | F5
on the Internet is a key requirement to providing secure web access. A solution should include a full forward proxy where outbound connections are terminated at the proxy and reestablished on behalf of the client. The client system (whether located on premises or remotely) should be obscured from the Internet resource. URL/content filtering: To prevent malicious or inappropriate traffic from entering the corporate environment, a web proxy needs to have visibility into a given site/ content and respond accordingly. This includes both encrypted (SSL) traffic as well as unencrypted. User access control: Enterprises often need to control different users’ access to Internet resources according to a number of factors such as position, work hours, and general business need. For a web proxy to provide real value to the enterprise, it must incorporate a variety of features and functionality that control access based upon users’ attributes and behavior. Auditing and compliance: Ensuring acceptable use policies are appropriately configured and adhered to is a critical function of both HR and IT departments. A web proxy solution must include the ability to monitor and report on end-user activity. The F5 Solution: Secure Web Gateway Services F5 Secure Web Gateway Services provide enterprises with a comprehensive, forward-proxy solution. The combination of BIGIP Access Policy Manager, BIG-IP Local Traffic Manager, and BIGIP Advanced Firewall Manager creates a solution that significantly streamlines web proxy deployments
14
Channel Advisor | October 2014
while providing enhanced functionality and security. Forward Web Proxy Secure Web Gateway Services provide full, forward web proxy functionality, including the ability to evaluate and proxy encrypted, SSL-based traffic. The solution can be configured to secure web access for a variety of clients, both internal and remote. With Secure Web Gateway Services, rather than a client connecting directly to a web resource outside of the enterprise, the client connects to and requests content (such as a web page or file) from the proxy server. The Secure Web Gateway Services proxy server then makes the request on behalf of the client. This obscures the internal clients and allows the proxy server to evaluate the request and/or response and apply various controls. Many administrators face the challenge of how to proxy and secure SSL-based traffic while still ensuring the confidentiality of the end user’s information. Secure Web Gateway Services address this by providing category-based proxy services. For example, an organization may want to intercept, analyze, and filter employees’ SSL-encrypted, HTTPS traffic while excluding banking-related activities. URL and Content Filtering A critical function of a web proxy is to provide a central control point for web access, ensuring only acceptable and secure activity is allowed. User access controls along with URL filtering and content inspection deliver this control. Secure Web Gateway Services block access to more malicious sites
www.arrowecs.ae
The threat intelligence behind Secure Web Gateway Services analyzes more than 5 billion web requests every day to produce a comprehensive categorization database of 40 million website URLs. than any other solution. The threat intelligence behind Secure Web Gateway Services analyzes more than 5 billion web requests every day to produce a comprehensive categorization database of 40 million website URLs. User Access Control Not all users are created equal. To effectively establish and enforce acceptable use policies, enterprises need to have the ability to evaluate a given user and apply controls appropriately based upon multiple factors such as group membership, authentication method, time of day, and so on. Secure Web Gateway Services use the power of BIG-IP Access Policy Manager to give administrators the flexibility to evaluate and assign policy at an extremely granular level. For example, an administrator might apply a specific set of URL filters to a particular user within a certain Active Directory group for a specific period of time. With the increasing popularity of bring-your-own-device (BYOD) and mobile workforces, controlling web activity for both remote and on-site users is an administrative challenge that an effective proxy solution should address. Acting as a single point of control in the organization’s perimeter network, the F5 solution can provide remote users with access to
corporate assets as well as secure Internet web access. Compliance Ensuring acceptable and secure web access is more than just good business; more often than not, it’s corporate policy—with the potential for very real consequences if not appropriately managed. Secure Web Gateway Services provide IT administrators and HR professionals with the tools they need to ensure acceptable use policies are both effective and appropriate. The solution includes several dynamically generated and exportable reports that provide a clear picture of the enterprise’s web activity. Additionally, the F5 solution can be integrated with many remote central logging systems. With the discontinuation of Microsoft Forefront Threat Management Gateway, organizations that have relied upon or have been considering using TMG to secure corporate access to the web are now faced with a challenge. While there are many vendors and solutions to choose from, F5 Secure Web Gateway Services offer a superior alternative. The F5 solution combines granular access control, robust compliance reporting, and the most comprehensive categorization database to provide the single point of control enterprises need to ensure safe and appropriate web access.
NEEDS STRONG APP EVERY NETWORK INFRASTRUCTURE SECURITY. NEEDS STRONG APP Scale and protect with F5. SECURITY. Scale and protect with F5.
www.f5.com
insight | gigamon
Strategic partnerships Gigamon’s GigaVUE-VM enhances comprehensive security capabilities of an organisation’s virtual server infrastructure.
Gigamon and VMware come together to offer a joint solution to provide pervasive and intelligent visibility into the physical and virtual networks. Gigamon, a leader in network visibility and monitoring (NVM) solutions and VMware, the leader in server and network
16
Channel Advisor | October 2014
virtualization, are extending their partnership to provide pervasive and intelligent visibility into the physical and virtual networks by integrating the Gigamon Visibility Fabric with VMware NSX platform. VMware NSX is the leading network virtualization platform that delivers the operational model of a virtual machine for the network.
www.arrowecs.ae
Similar to virtual machines for compute, virtual networks are programmatically provisioned and managed independent of underlying hardware. NSX reproduces the entire network model in software, enabling any network topology—from simple to complex multi-tier networks— to be created and provisioned
in seconds. Gigamon’s Visibility Fabric architecture is an innovative solution that delivers pervasive and dynamic visibility of traffic traversing communication networks. The Visibility Fabric architecture significantly improves network flexibility by enabling static tools to connect to dynamic, virtualized applications, so users
PERVASIVE NETWORK VISIBILITY Gigamon’s range of Network Visibility solutions give you the power to see into every corner of your network, both physical and virtual, ensuring it’s always: • • •
Efficient Cost-effective Secure
Visit us at stand A12, Hall 1 at Gitex to learn how you and your business can take full advantage of total network visibility. emea.gigamon.com
Stand: A12, Hall 1
insight | gigamon
can efficiently and securely address their business needs. The Visibility Fabric consists of distributed physical (GigaVUE H Series platforms) and virtual (GigaVUE-VM) nodes that provide an advanced level of filtering intelligence. At the heart of the fabric is Gigamon’s patented Flow Mapping technology that identifies and directs incoming traffic to single or multiple tools based on user-defined rules implemented from a centralized fabric management console, GigaVUE-FM. How the joint solution works VMware NSX leverages the vSwitches already present in server hypervisors across the data center. NSX coordinates these vSwitches and the network services pushed to them for connected VMs to effectively deliver a platform—or ‘network hypervisor’—for the creation of virtual networks. These virtual networks are created using encapsulation technologies like VXLAN, which create Layer 2 logical networks that are encapsulated in standard Layer 3 IP packets,
The Challenge
Current network and security solutions are rigid, complex, and often vendor-specific. This creates a costly barrier to realizing the full agility of the software-defined data center (SDDC). Limitations of physical networking and traditional security tie an increasingly dynamic virtual world back to inflexible, dedicated hardware, creating artificial barriers to fast provisioning of networking and security services and simplified network operations. Manual provisioning and fragmented management interfaces reduce efficiency and limit the ability of enterprises to rapidly and securely deploy, move, and scale applications and data to meet business demands. Paramount to monitoring the SDDC infrastructure is the ability to have an immediate and rich understanding of activity in your network. To accomplish this, network monitoring solutions require visibility and monitoring of both virtual and physical infrastructure. This requirement can be challenging. Pervasive visibility into your SDDC requires this information to be readily accessible so that network, application and security monitoring tools can leverage the physical and virtual data flows to analyze congestion points, security threats, and application behavior to help automate, secure, and optimize the SDDC.
Key Benefits • • • •
Non-disruptive deployment over existing physical networks or next generation topologies Place and move virtual workloads independent of physical topology Use data center micro-segmentation to achieve tenant level isolation and security Pervasive visibility into virtual and physical network traffic by offloading intelligent and scalable filtering policies to Gigamon’s Visibility Fabric™ while optimizing operational tool infrastructure • Operational efficiency through automation using VMware NSX APIs and Gigamon’s GigaVUE-VM ‘Visibility in Motion’ policy migration
thus allowing the extension of Layer 2 virtual networks across physical boundaries. A ‘Segment ID’ in every frame differentiates the VXLAN logical networks from each other without any need for VLAN-Tags. With a 24 bit segment ID to uniquely identify broadcast domains,
Gigamon and VMware joint solution.
18
Channel Advisor | October 2014
www.arrowecs.ae
VXLAN enables multi-tenant environments at cloud scale and extends the Layer 2 network across physical boundaries by encapsulating the original frames in a MAC-in-UDP encapsulation. Monitoring performance of VXLAN networks and virtual tunnel endpoints is the key to
enabling network operations teams to control and comprehend the “virtual” domains floated on top of the common networking and virtualization infrastructure. Gigamon’s solutions extend visibility into the “Virtual Networks” using existing physical network monitoring tools. • Filter and monitor traffic at virtual network level using GigaSMART Adaptive Packet Filtering. • Decapsulate VXLAN traffic using GigaSMART Header Stripping. • Integration with VMware vCenter to extend visibility policies for inter-host VM traffic using GigaVUE-VM. • Automated migration of VMlevel monitoring policies when vMotion is detected. • Centralized management of physical and virtual visibility policies using GigaVUE-FM Fabric Manager.
VCE | insight
Ad-Partner-8.5x11-Proof.pdf
1
9/18/13
9:23 AM
Taking the leap VCE sheds light on why organisations should invest in converged infrastructure.
Although that can cause some Depending on which analyst THEconfusion NUMBERS UP. among ADD IT buyers, or vendor you follow, TM infrastructure is the term converged infrastructure canVCEconverged VBLOCK SYSTEMS. that is starting to gainVblock widerSystems often go under different labels suchFocus on business, not infrastructure. are builtacceptance. on the Cisco Unified Computing System That’s backed upwith by a as integrated systems, unified from EMC and virtualization from VMware. Survey of 100 IT decisioncomputing or converged systems. storageVCE The results speak for themselves – more productivity with less cost. Learn more at www.vce.com/roi
YOUR LOGO HERE
makers carried out by IDG UK where most respondents indicated they were fairly comfortable being able to define converged infrastructure with 42 percent claiming they could do so ‘well’ or ‘very well’.
www.arrowecs.ae
At a fairly simple level converged infrastructure is the joining together of the networking, server and storage layers of infrastructure into one integrated system that can then
October 2014 | Channel Advisor
19
insight | VCE
be managed through a single management console. Analysts and market watchers are now seeing converged infrastructure adoption steadily increase across organisations of all sizes. According to IDC, worldwide spending on converged systems in the data centre will grow at a compound annual growth rate of 54.7 percent, rising to $17.8bn by 2016. And converged infrastructure will account for 12.8 percent of total storage, server, networking and software spending by 2016, up from just 3.9 percent in 2012. A separate survey of 180 server and virtualisation professionals by TheInfoPro, a division of 451 Research, says integrated infrastructure offerings are now gaining strong acceptance in their various forms. Specifically 17 percent of respondents are currently using converged infrastructure with a further 16 percent saying they are actively considering it in the next two years. Three reasons not to fear converged infrastructure Organisations spent more than $5.4bn on converged infrastructure in 2013 and that is forecast to increase by nearly half that amount again in 2014, according to IDC. But despite that growing interest some organisations remain reluctant to take the plunge, unconvinced about potential benefits, such as cost reduction, and fearful also of the risks. In a VCE/IDG survey of 100 IT decision-makers almost a third (31 per cent) of respondents were unsure of the benefits of converged infrastructure. It is worth noting, however,
20
Channel Advisor | October 2014
that almost a fifth (17 Per cent) indicated no reservations at all about deploying converged infrastructure. Based on those survey responses we take a look below at the three biggest areas of concern about deploying converged infrastructure and address the fears of IT chiefs, showing why they should actually be part of the case for adoption. Cost Although the economy is finally showing signs of recovery, pressure on IT budgets remains with almost two-thirds (61 per cent) of 100 IT decision-makers in a VCE/IDG survey saying they expected their data centre budgets to remain flat over the next year. It’s not surprising then that the single biggest reservation about deploying converged infrastructure is cost, according to more than a third (35 percent) of respondents. In fact, cost reduction is one of the biggest potential benefits of converged infrastructure. An IDC study of organisations specifically deploying VCE’s Vblock converged infrastructure solution found reduced hardware costs and time managing operations cut annual data centre costs by half. The bottom-line is that at the very least it reduces data centre hardware and footprint. A separate converged infrastructure study by research group Forrester identified cost savings in power consumption, storage management and new system configuration among other things, with 15 per cent of respondents saying they made
www.arrowecs.ae
cost savings of between 11-20 percent overall. Complexity “Increased complexity makes engineering skills more specialist and harder to find/retain complexity drives up total cost of ownership which often cancels out the perceived cost savings/ efficiency gains.” That was one of the responses to the VCE/IDG survey in response to the question about the reservations of deploying converged infrastructure. The
said deploying new software and hardware within a converged infrastructure environment took slightly less or significantly less time than with a traditional data centre environment. Security and regulatory and compliance Risk was another reservation of deploying converged infrastructure cited by some respondents to the VCE/IDG survey. That ranges from the risk of deploying a relatively new and emerging technology to the risk of downtime, data loss
Converged infrastructure is the joining together of the networking, server and storage layers of infrastructure into one integrated system that can then be managed through a single management console. Ad-Partner-8.5x11-Proof.pdf
reality is that the modular nature of converged infrastructure with storage, network, computing and management bundled together helps reduce data centre complexity with all its silos and fiefdoms. In a world where cloud, mobile and Big Data are putting greater pressure than ever on the IT department to respond to fast-changing business and customer demands, converged infrastructure increases agility and means new infrastructure, services and applications can be installed, configured and tested much faster. The IDC study found that converged infrastructure made deployments five times faster, simplified operations and improved agility, while in the Forrester survey some 60 percent of respondents
1
9/18/13
and of vendor lock-in. Converged infrastructure can actually help reduce risk and boost security. The simplified management dashboard and automation give real-time visibility of the entire infrastructure across servers, storage, network and applications. Potential network security attacks can be spotted and alerted much faster and the pooling of computing resources means they can be dynamically allocated to tasks and applications when needed in response to spikes in demand. Traditional periods of downtime for maintenance are also a thing of the past. Typically a converged infrastructure comes fully patched with new updates pre-tested and pushed out automatically.
9:23 AM
insight | Websense
Strategize to defend Websense lists out five key essentials that security solutions need to provide in order to protect against advanced persistent threats effectively.
Real-time Threat Analysis Traditional defenses rely on signatures, rendering them largely ineffective to combat today’s advanced threats. In order to protect against spear-phishing, exploit kits, dynamic redirects, or similar components of an APT attack, additional real-time analysis needs to be conducted, and risk scores need to be assigned for traffic. Global Threat Awareness Any security solution can benefit greatly from a large threat detection network. The larger the network, the greater the threat awareness and protection capabilities of the solution. DL P Capabilities The ultimate goal of an APT is data theft. Considering an APT’s complexity, it is crucial to not just rely on inbound defenses, but also have cutting-edge outbound data theft technology in place. Patternmatching alone is not enough; rather, a fully contextually
22
Channel Advisor | October 2014
aware DLP solution must be deployed to protect your sensitive data against exfiltration. Sandboxing Cybersecurity has become a handon business for IT and security professionals. Effective reporting and analysis done on malware and advanced threats has become crucial. Security professionals need insights into how malware would behave and how it would impact their networks to better protect their companies’ assets. A good sandboxing solution provides this capability. Forensic and Behavioral Reporting Hand-in-hand with any security deployment goes the need for excellent forensic and behavioral reporting. Actionable reports providing valuable insight into threat behavior, impact and forensic details are a key component of any security deployment. The more actionable a report is, the more value it has to an IT or security professional.
www.arrowecs.ae
Websense solutions for protecting against APTs Websense offers a full suite of products that provide thorough protection against APTs and other advanced threats. The product portfolio consists of the following product groups: • Protection Products: Websense TRITON products include proxy gateway solutions for web, email, data and mobile security. All provide: • Real-Time Advanced Threat Detection and Protection: Websense ACE (Advanced Classification Engine) uses eight defense assessment areas with over 10,000 analytics to provide real-time threat analysis of web traffic. • Global Threat Awareness: Websense ThreatSeeker Intelligence Cloud unites over 900 million endpoints and analyzes up to 3-5 billion requests per day, providing global threat awareness and vital defense analytics to ACE. • Data Theft and Loss Detection: Websense DLP
defenses detect and block data exfiltration for registered and described data. Industry leading features within Websense DLP include OCR of text within images, geolocation destination awareness, detection of criminal-encrypted uploads and password file data theft, and slow data leak protection. • Sandboxing Solution: Websense TRITON ThreatScope offers unparalleled sandboxing and analytics functionality, providing security professionals with valuable behavioral and forensic insights about malware contained in files and URLs. • Threat Monitoring Solutions: Websense TRITON RiskVision is a complete threat monitoring solution offering effective detection of the most advanced threats including APTs and data exfiltration attempts. Behavioral and forensic reporting provides actionable data empowering security professionals to decrease the risk exposure.
Extreme Networks | insight
Unlocking networks How to turn your network into a strategic business asset with Extreme Network’s Purview eBook What is Purview and how can it be used? Extreme Networks Purview is a network-based business intelligence solution that captures and analyzes context-based application traffic to deliver meaningful intelligence about applications, users, locations and devices – providing IT with the context to make faster and more effective decisions. Many times, as IT departments get ready to create new solutions, they need to choose between various platforms. They think they know the right answer and move
ahead to create the solution only to find out they built for the wrong group. Other times, a company may use one device, such as Windows machines, but a specific group, such as engineering, may run mostly Linux machines. Only by having the right data and the ability to easily check can IT be certain to make the right decisions. Purview enables the mining of network-based business events and strategic information to help business leaders answer questions such as: • Which apps go to which users? Are the right users
taking advantage of our application investments? • What devices are being used? Are more people using Windows, Mac or Linux machines? • What platforms are being used? Are more people using iOS, Android, Windows or BlackBerry? • Do I have a problem with Shadow IT on my network? Are employees downloading their own apps and potentially compromising security? With the right answers to these questions, IT is empowered to turn the network into a strategic business asset that can
www.arrowecs.ae
now provide value to other lines of business. Purview can be used by IT operations to optimize the network for each and every application, enhance security for applications and provide data for business analytics. Purview can be used to help IT to confidently solve the issues they face on a daily basis such as: • Perform data center analysis – decide if it makes sense to move an application from one location to another. • See what applications are slow – easily see what
October 2014 | Channel Advisor
23
insight | Extreme Networks
applications for a particular user, group, location or device type aren’t performing well. • Troubleshoot network issues with OneView – determine where the problem is, and whether it is a network problem, client, server or storage problem. • Detect malicious applications – see what applications people are using on your network and find applications running that you don’t support. • Find Shadow IT or unapproved applications on the network – discover what applications might have been ordered from other ‘Rogue IT’ departments. • Ensure the adoption of applications – determine how effective you are when it comes to deploying new applications. • Help with license visibility and auditing – ensure adoption of licensed software and that you aren’t running software without licenses. Let Purview make the unknown become known to you. Using Purview for business analytics Purview’s analytical capabilities make the unknown – known by transforming seemingly unrelated and detailed information into meaningful, business-focused intelligence. This enables organizations to apply analytics to outperform their peers and grow the business by empowering them to analyze application investments and ROI. With Purview, an organization is able to understand the adoption and usage of applications to ensure that investments are being maximized. Having access to information about application usage by device type and the flow of users – where they go first, how long they stay, what applications they use, what websites they visit and at what times of the day – can help the businesses make informed decisions. Purview
24
Channel Advisor | October 2014
can even come to the rescue of businesses faced with a software licensing audit, by helping them to ensure that they aren’t running software they aren’t licensed for. For example, at some point, your company could be subject to a software licensing audit. These audits could be driven by internal entities such as the CFO, or by external entities such as the software vendors. An internal audit might be driven based on budgeting and procurement of new software. Your CFO might ask a simple question: “Before I buy more licenses, I want context of who’s using currently licensed software, from what locations
Purview provides visibility into application usage and from where the application is being used. By locating servers closest to the largest user populations for those applications, network bandwidth is freed up for other applications. Purview can also be used to help to determine how to optimize performance, thereby leading to quicker application response times for users, reduced service operations and higher user productivity. When performance or other issues are reported to the helpdesk, it is often hard to tell if the issue is the network, application, client or server.
Purview can be used to optimize the network and server architecture to best support bandwidth intensive applications, enhance user productivity and streamline troubleshooting. and on what devices?” This type of internal audit is one realm of consideration where Purview illuminates insight to help guide your business direction. An external audit, on the other hand, can cost thousands or even millions of dollars if you are using illegal software – even if you don’t know you are. Purview provides the context and awareness of who’s using licensed software and help you ensure that licensed software is being used in your business. Using Purview to optimize network management Purview can be used to optimize the network and server architecture to best support bandwidth intensive applications, enhance user productivity and streamline troubleshooting.
www.arrowecs.ae
Purview separates application and network response times and reports them on a per-application basis, and also a per-user basis for each application. This allows IT to focus on the true problem, eliminate finger pointing and quickly resolve the issue. Using Purview to enhance your security Purview can be used to help detect malicious applications and find Shadow IT or unapproved applications on the network. With users’ easy access to so many applications and websites, including those not provided by the organization, there is a need to understand whether or not the applications in use on your network meet security requirements. Purview allows you to understand what applications
are in use and how they are being used to understand if the right products are being supported. While not all unapproved applications are a security risk, they can still impact IT. Purview allows applications to be monitored to understand which applications are in use that are not on the approved list. By understanding the type of users who are using these applications and which applications they are, IT can then start to understand why they are being used. This allows IT to not only proactively identify potential security risks, but to also help analyze whether the approved applications are meeting the needs of the business, as compared to unapproved ones. This allows IT to collaborate with lines of business to ensure organization success. There are also many other countless ways to use Purview to provide business value through: • Optimized resource utilization and capacity management for business-critical applications • Troubleshooting and managed application services • Application traffic management • Network and application response time management • Providing application usage data for compliance reporting • Analyzing customers’ application usage profile to better understand your customers No matter what type of business you serve – education, healthcare, hospitality, government or manufacturing – Purview can provide more context and insight into who is using what, when, where and how to ensure the deployment of new applications that enable more efficient business processes and pave the way for you to make better business decisions using network-powered insights.
insight | trend micro
Enhancing value Trend Micro outlines how custom defense against targeted attacks is created and the value of the solutions it offers.
Any areas that are left uncovered create gaps in your defense against attackers. Without a comprehensive 360 degree defense your organization will, in effect, be providing attackers with sanctioned access to your networks and data. We take a look at the major aspects of how a custom defense against targeted attack is created. Communication protocols Without the ability to monitor a broad range of communication protocols defensive holes will result. Attackers typically conduct advance reconnaissance on your networks, applications and communications methods. Further, they use this insight to select communication methods that are least likely to be detected, and, those that extend beyond web, email and file. Network ports  In executing a targeted attack,
26
Channel Advisor | October 2014
attackers do not use a predictable or predefined subset of network ports but instead exploit a variety of ports, also based on reconnaissance and network defense. Further, as needed attackers can readily change ports to remain elusive. In short, any unmonitored ports will become an un-policed thoroughfare for attackers. Threat insight  Ease of access to correlated and relevant threat insight is also paramount to an effective defense. The ability to rapidly identify compromised command and control servers, bad IP addresses, untrusted files, attack patterns and other malware behavior enable proactive identification and reaction to threat activity. Further, it is important for any solution provider to have a broad and diverse set of threat insight capabilities including a sizable threat research team, a proven track record of assisting international and national law
www.arrowecs.ae
enforcement with arrest and prosecution of cyber criminals, and intern, a portfolio of integrated capabilities across a variety of security offerings, and, the ability to proactively monitor malware and the threat landscape with the intent of continuous advancement of threat detection algorithms, means and methods of thwarting attacks. Known & unknown threats In attempt to create economies of scale and speed time to attack, perpetrators do re-use and repurpose command and control servers, payloads, files, websites and other assets. Without both extensive threat insight, and the ability to rapidly triage all network traffic across all ports and protocols, your IT and security teams may be left temporarily blinded to an attack, and, be faced with needless remediation activities. With Trend Micro, advance triage is a built in capability. Further, the efficacy and efficiency of this capability is based on a reliable and extensive source of threat insight, which is referred to as The Smart Protection Network. Included as part of Deep Discovery, the Smart Protection Network provides access to services such as mobile application reputation, IP blacklists, identified command and control servers, known exploits, web site reputation, file reputation, email reputation, threat actor intelligence and much more. The ability to identify unknown threats involves a variety of capabilities beyond just malware detection. Correlating and recognizing attacker behavior, having countermeasures to malware evasion techniques, identification of document, file and application exploits, the ability to investigate multiple file types and sizes, the ability to replicate malware behavior in a sandbox that mirrors your environment and computing images, and, the ability to associate this insight across all devices and activity on your network is key to
defending against a targeted attack. Without these capabilities malware may not be identified, could avoid or evade detection. Use of predefined sandboxes that do not exactly match. Evolving threats Targeted attacks are often dynamic in nature. Identifying changing IP addresses, command and control epatterns the number of compromised hosts and other attributes enable an organization to make effective decisions on adapting their security posture in order to contain and effectively mitigate against additional compromises or attack outbreaks. Network traffic The ability to monitor inbound, internal and outbound network traffic for suspicious behavior and malicious activity is key. Further, this capability should be agnostic and work across both tethered, mobile and any IP based device. The rationale for this is having insight into threats that are emerging from an external source, being able to identify lateral movement within your network, and / or attacks that are initiated from internal sources, as well as the ability to identify and terminate any attacks or malicious behavior that emanate from your network or connected devices to customers, suppliers or any outside party. This capability must be agnostic to all network ports, and, cover more than just http or other web-based protocols. Trend Micro capabilities Custom detection • Custom sandboxing to matches exact computing images, providing accurate detection and reduced false positives. Images can include anything desired that runs on Windows. Your security team is not limited to a checklist of standard products and operating system versions. • Deep Discovery malware detection is not just sandboxing.
It uses multiple threat detection engines and multi-level threat correlation rules to detect malware in several ways. Among the benefits: detection of Mac and mobile malware. • But malware is only part of the story – usually just the first step in a targeted attack. Deep Discovery detection engines and rules also identify C&C communications and high risk attacker activities. • And to make all of the above truly effective – you need to examine all ports and protocols – not just email & HTTP traffic and associated ports. Deep Discovery examines all ports and over eighty protocols and applications to detect malware, communications or attacker activities wherever and however they are happening • Custom blacklists can be configured and custom threat detection rules created (supported in 2014). Custom intelligence • Direct access to extensive threat insight and information in an intuitive form that expedites fast risk assessment and response that includes: • Threat Profile: What are the characteristics, origins and variants of this malware. • C&C Information: What is the nature of the detected C&C. What C&C addresses are known to be associated with this malware or incident. • Attack Group/Campaign: Who and what is behind this threat. • Containment and Remediation: What to look for, how to remediate and eradicate. • Deep Discovery provides an even more context-Rrich view of the incident and can collect and analyze logs from any security product you own. With this rich information, you can match the threat profile to events across your network, quickly determining
www.arrowecs.ae
Total cost of ownership • Deep Discovery Inspector does it all in a single appliance – all protocols and ports, web, email, internal traffic. No separate appliances for web, email, and coordination between the two. • Deep Discovery Analyzer is an optional separate server for additional custom sandboxing capacity beyond the native capabilities provided with Deep Discovery Inspector. • Deep Discovery runs on standard hardware – nothing proprietary. We offer bundled HW appliances, but also virtual appliances, letting you choose the HW platform, reducing your costs and giving you flexibility. • Deep Discovery is priced to meet your budget. Competitive pricing, flexible form factors and a single appliance approach mean that Deep Discovery will be half the price of the competition. The custom defense • Deep Discovery adds the critical network detection and analysis capability that any organization needs. But Deep Discovery can do more than that. • Deep Discovery open APIs allow the malware detection engines and sandboxing to be integrated into any product and also used directly by your security response teams as well as sharing of detected command and control information with firewalls, gateways and other security products. • All information can be fed to your SIEM, but focused log analysis can speed your response without the complexity of a SIEM. • These capabilities help unite your entire security infrastructure into a better defense against targeted attacks – what we call a Custom Defense. Why settle for an isolated, point product when you can improve your entire security posture?
October 2014 | Channel Advisor
27
Let’s lead together Visit us at GITEX 2014 Hall 1, stand A1-12
Platinum Sponsors
Gold Sponsors
Silver Sponsors
arrowecs.ae Arrow ECS, Dubai Silicon Oasis Headquarters E-Wing, Office 301 – 306 & 309, Dubai, UAE, P.O. Box 341027 Call: +971 4 372 4372 | Email: sales-ae@arrowecs.ae @Arrow_ECS_AE
Arrow ECS Middle East