220 likes | 518 Views
OmniVista NMS & Quarantine Manager. Delivering the Best Management for the Network Quarantine. OmniVista 2770 Quarantine Manager Agenda. Market environment and rationale for the Quarantine Manager Key customer drivers to invest in the solution The solution in brief
E N D
OmniVista NMS & Quarantine Manager Delivering the Best Management for the Network Quarantine
OmniVista 2770 Quarantine ManagerAgenda • Market environment and rationale for the Quarantine Manager • Key customer drivers to invest in the solution • The solution in brief • How to effectively sell? Our key selling arguments • 2005 directions for OV2770-QM • Positioning and comparison with AQE and the competition • In summary: three minutes to convince your customer • 2005 Directions for OmniVista NMS
Worms/Viruses Blended Threats Security beyond the Traditional Perimeter Infected Laptops - at the perimeter but also: - within core network - in front of servers - in front of users (PCs) - in hosts Internal Threats Day Zero Attacks Personal Email Accounts Perimeter is fadingThe Network is the perimeter WLAN Connectivity OmniVista 2770 Quarantine ManagerMarket environment Attacks increasing exponentially • Security becomes the highest concern Battle front is “everywhere” • Traditional perimeter of defense has blurred (Notebook, personal applications, WLAN) • Point product at localized perimeter location not enough anymore Attacks at network level and application level • Network level defense is not enough “application” level required • Cooperation of the network is required 1 2 3
OmniVista 2770 Quarantine Manager Key customer requirements • Prevent network access of non-compliant users • Avoid contaminating the rest of the network • Ability to protect different parts of the network • Scalable solution: edge, core, branch • Provide means for remediation • Isolate non-compliant user • Provide corrective action • Detection / containment • Ability to automatically detect and isolate • Malicious attacks • DOS, DDOS, operating system and web application attacks (SQL injection, etc.) • Spread of viruses, worms
OmniVista 2770 Quarantine ManagerKey selling points • Quarantine Manager is an open solution • Interfacing with any third party devices IDS/IPS syslog • Best automation with Alcatel security perimeter solution and AOS devices • Simplifying the deployment of a secure infrastructure • OneTouch automation, associating attacks with appropriate reactions • No additional software or hardware required on Alcatel devices • IT involvement is not required for end-user configuration • Overall easier to set up and administrate for the IT manager • Prevents security attack consequences • Prevents network downtime • Prevents financial liabilities
Import rule menu- Import new “canned triggers” for other IDS/IPS third party solution - Update “canned triggers” for maintenance or new events • Notification of events- “Canned triggers” rulesinterfacing with Fortinet (IDS/IPS) Syslog, from AOS based devices (Trap) • Expert Mode with a rule editor for maximum flexibility • Events are triggering reaction from the QM, either automatic or manually (candidate) Quarantine Managernew application integrated within OmniVista NMS OmniVista 2770 Quarantine ManagerHow it works • Situations or events creating security hazards: QM is notified
Candidate list - Automated operation: candidate waiting for confirmation - Manual operation: the final risk assessment is left to the Network Manager with multiple options: Release action: it was a no risk Ban action: It is a threat, it’s contained Never ban: it was a false alert after assessment, or a no risk - Can never be banned OmniVista 2770 Quarantine ManagerHow it works • Screening the potential threat and how to react:
“Banned List” Threats resulting from: “canned triggers” actions and manual rules, with automation of the containment Threats resulting from: “canned rules” and manual rules reviewed and assessed by Network Manager, and manually contained OmniVista 2770 Quarantine ManagerHow it works • Threats are detected and now contained as “banned”
Quarantine action:Available at first release: • -Isolation based on quarantine VLAN by pushing group mobility MAC based rule • One quarantine VLAN supported per OmniVista server, interfacing directly with the OV2500 VLAN Manger • VLAN must be named ‘Quarantined’ • GM Mac-based rule supported on AOS and XOS devices OmniVista 2770 Quarantine ManagerHow it works • Quarantine actions for intrusion containment in automatic and manual modes:
OmniVista 2770 Quarantine ManagerOV2770-QM vs. Alcatel Quarantine Engine- Features Matrix
OmniVista 2770 Quarantine ManagerOV2770-QM & Alcatel Quarantine Engine - Positioning • Position OmniVista 2770 Quarantine Manager first • IT organization already deploying OmniVista • Familiar with OmniVista for its ease of use, OneTouch operations • Deploying network quarantine as additional centralized services from OmniVista • Few IT resources, limited knowledge of scripting tools and open source • Inclusive, turnkey approach is a better fit. • Position Alcatel’s Quarantine Engine as alternate • Critical requirements for AQE (OV2770-QM features missing ) now • Network segmentation and ACL isolation, open source, … • Northbound interface, external scripting, … • IT shop with strong emphasis on inter-working with other apps • Complete integration with custom in house applications
OmniVista 2770 Quarantine ManagerOV2770-QM & Alcatel Quarantine Engine - Which solution? • OV2770-QM will start replacing AQE in 2005 • Both solutions will continue to be available in 2005 • both applications have pros and cons • OV2770-QM will ultimately be the only solution • OV2770-QM won’t be features equivalent with AQE until end Y2005 • AQE is a network quarantine SDK • Greater flexibility, reacting quickly to customer requirements • AQE should be “EOL” starting 2006 • Services and support opportunities still exist with OV2770-QM • “Expert Mode” customization and northbound interface performed by Professional Services • Support subscription available for updates of “canned triggers”
How is OmniVista 2770 Quarantine Manager (QM) superior? QM is an open solution, interfacing with standard approaches (traps, syslog) QM is flexible, giving broad options in the containment operation and full control to the network administrator QM requires minimal IT intervention and IT resources OmniVista 2770 Quarantine ManagerOV2770-QM and competition Cisco Self-defending Networks • Mostly a marketing, branding architecture, most capabilities are still future • Network containment relies on software deployed on every end-user networking devices • Proprietary solution. No leverage of third party, standards-based solutions • High cost of deployment for IT, requiring signification resources Enterasys Netsight Security Mgr • Tiered pricing based on end-user nodes (more expansive solution to deploy), up $78K • Port-based containment approach, less granular than OV2770-QM • Only interfaces with Enterasys proprietary IDS
OmniVista 2770 Quarantine ManagerOV2770-QM & Enterasys NetSight Security Mgr-Features Matrix
OmniVista 2770 Quarantine ManagerThe elevator pitch • Key component of the Alcatel security perimeter solution • Shielding the infrastructure from Intrusion • Provides automation, remediation for the network quarantine • Simplifies the security management with OneTouch • Cost-effective investment for an organization • Alcatel security perimeter solution combined with OV2770: • Prevents damages / financial impact from security intrusions • Minimum cost effort for the maximum protection • QM is an incremental and minimal investment for IT shop • Minimal learning curve for IT shop, minimal effort to learn, deploy, daily administrate • Protecting current and previous investments in Alcatel Infrastructure • Same immediate benefits as OmniVista (centralization, automation,…)
OmniVista 2770 Quarantine Manager The business case • Balancing the cost of no security investment for an organization • Think about all costs associated with security breaches • Revenue loss associated with network downtime due to security breaches • Liability associated to information loss … • Potential loss of credibility with clients, partners … • Minimum investment in security management for an optimal ROI • Incremental solution, with the same Alcatel Manageability • Incremental investment on network management CAPEX • Limited investment on network management operating expenses (OPEX) • Investing in OmniVista 2770 Quarantine Manager is like insurance • Minimal investment for maximum business persistence
OmniVista 2770 Quarantine ManagerConclusion • OV2770-QM released by first week of May • Press release out for N+I Interop • Best of Show N+I submission • OV2770-QM requires: • Installation of OV2540 and OV2520 - OmniVista 2500 Server • Same supported platforms (MS Windows, RedHat Linux, Sun Solaris) • Minimal release 2.4.1 OV2500 required for QM operation
OmniVista 2770 Quarantine ManagerAn enabler for Alcatel value propositions • Easier to manage … • Less complexity to implement and monitor security operations • Same manageability … • Greater anticipation, quicker IT reactions … • Better risk awareness • Less downtime, more productivity • Improving network resiliency • More secure network infrastructure … • Preventing threats, protecting sensitive data • Protecting from security intrusion liability • For the best value … • Easier to maintain with less IT resources, less IT budget • Overall ensuring business persistence of the organization
OmniVista NMS 3.0“Top 10” features by value propositions • Availability • High availability / high resiliency oriented platform support for OmniVista Server • Management / handling for multiple IP addresses • Security • OV2770 - Quarantine Manager - Phase 2 • New OneTouch security application for Access Control Lists - ACLView • OmniVista login authentication and authorization through Radius server • Manageability • New OmniVista application repackaging (Demo level) and additional platform support • Switch selection by group for actions (“Network Group”) • OmniVista extensive support for new AOS series devices • OmniVista centralized and complex operations support for OmniAccess WLAN • IPv6 Network Management migration and IPv6 features support • New operation modes for VLAN Manager and troubleshooting tools • Enhancements to centralized / bulk applications (CLI scripting and RMgr) • OneTouch QoS PolicyView enhancements
OmniVista NMS 3.0Competition dashboard - Progress & gap closing Alcatel now at parity with r3.0 Alcatel significant advantages