Transcript
Enterprise Security Gateway ESG
© 2016 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
Level 3 Solution
© 2016 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
Connected Enterprise Evolving Network Architecture Connectivity and Protection PREMISES-BASED SECURITY CHALLENGES
NETWORK-BASED SECURITY SOLUTION
• Single points of vulnerability, resource contention, performance impacts • Operational burden of deploying and managing security technologies at each location • Maintaining IT Security staff • Escalating capital expenditures for equipment and maintenance
• Secure: Simplifies centralized management of firewalls and advanced security technologies • Provides around-the-clock network protection • Efficient: Decreases operational complexity of in-house systems, compounded by lack of security staff • Helps reduce capex investment
Today’s Customer Environment
Future Customer Environment
Public Internet
Level 3 Enterprise Security Gateway • Carrier agnostic • Service chaining • Next-gen firewall • IDS • AV/AS • Web content filtering • Application awareness and control • Malware sandboxing • Data loss protection
Public Internet Level 3® MPLS/IP VPN
VPN Internet Access
Data Center
Data Center HQ
Router
Retail
Remote Office
Unified Threat Management / Firewall Advanced Security Services
HQ
Remote Office
Retail
VPN Router
Remote Office
Remote Office
© 2016 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
Mobile Employee
Remote Office
Remote Office
Secure tunnel (IPsec, GRE) Mobile Employee
Secure cellular Internet access
3
Level 3’s Solution Level 3 Enterprise Security Gateway (ESG) Our Solution: The new Level 3sm Enterprise Security Gateway (ESG) is a network-based layer of protection against an increasingly complicated threat landscape delivered in the cloud. ESG combines a wide range of next-generation security technologies that help organizations stay ahead of threats. Level 3 Value: Built on the proven foundation of network-based security, Level 3’s Enterprise Security Gateway delivers cost-effective, flexible and reliable protection wherever business happens — without sacrificing performance. The Level 3 network acts as a sensor, you have the visibility and control you need to monitor, block and report attempts to break into your network. Take control of your network security. Own your defense.
© 2016 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
4
Deploying A Multi-Layered Security Approach LOGGING, ANALYTICS AND INTELLIGENCE
PREVENTIVE MULTI-LAYERED SECURITY
Managed Firewall
Application Awareness and Control
Application Awareness and Contol identifies, reports, and enforces applications used on the network. Provides usage and risk ratings.
Intrusion Web Content / Anti-malware Data Loss Detection URL Filtering (Sandboxing) Protection
Anti-malware scans, blocks, and reports on malicious code found in network traffic. Sandboxing places unknown anomalous payloads in a protected environment for observation. If the payload acts malicious, a signature is created and pushed out to devices to detect and mitigate future threats. .
Level 3SM Professional Security Services © 2016 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
Two-Factor Authentication
Web Content Filtering service controls how Internet resources are used based on URL, Content, or IP address. • Inspect and block downloaded website content for malicious code before it reaches users. • Integrate with Active Directory server for granular policy definition and reporting.
Level 3 Global Security Operations Centers
SIEM Integration
Security Analytics / Threat Intelligence
Data Loss Protection monitors, prevents, and reports on attempts to send sensitive data.
Security Alerts With Controls
Threat Intelligence correlates traffic against known malicious communication utilizing FortiGUARD and supported by Level 3 proprietary analysis and threat data.
Level 3SM Threat Research Labs
Application Awareness And Control Allows or denies network application usage based on policies established by network administrators
Granular controls, limiting usage of popular apps. Including databases, web mail, social networking, IM, file transfer apps. etc. User notifications Customer initiates configuration changes by raising a ticket through MyLevel3 Portal
© 2016 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
Anti-malware Sandboxing Scans, Blocks and Reports on Malicious Code Found in Network Traffic Pre-Filter • Traditional filtering to weed out known threats Observes Behavior- Code Emulation • Scans files on the network, in emails, in URLs, in network file share locations, and ondemand • Inspects code to simulate/assess intended activity of code • Sandboxing detects and blocks threats by observing actual behavior, rather than relying on pre-existing (known) signatures Analyzes Impact(s)- Full Virtual Sandbox • Executes code within a virtual environment “sandbox” • Analyzes impact including system changes, exploit efforts, site visits, downloads, botnet communication etc. • All activities are logged, analyzed and a risk rating is returned – generates real-time, custom threat intelligence updates Changes: • Customer initiates configuration changes by raising a ticket through MyLevel3 Portal
© 2016 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
Data Loss Protection (DLP) Examines network traffic and blocks sensitive content from being distributed outside of a customers organization • Watermarking: digital pattern added to files • Pattern Matching: examines files/messages for specific patterns (SSNs, Credit Card #s etc.)
Detects potential data breaches / data ex-filtration transmissions in use
• Document Fingerprinting: tracking movement of documents based on each documents unique “fingerprint” • File Filtering: Files can be filtered based on size, name and type (for example, .exe, .pdf, .doc) • Changes: Customer initiates configuration changes by raising a ticket through MyLevel3 Portal © 2016 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
DLP Sensor (Blocks based on customized or pre-determined regX etc.)
Internet
Delivering Improved Security Postures For Organizations Level 3 Enterprise Security Gateway Access Methods
Set up multiple, dedicated VLANs that allow segmentation of assets, such as databases from web servers (802.1Q)
IP VPN access Head Office Third-party VPN*
Retail
Deploy VLANs among datacenters or cloud environments 3SM
Engage in Level Professional Security Services transformation and migration workshops to plan secure transitions Optimize infrastructure with flexible, bandwidth-agnostic access methods: IPsec, GRE (SSL, proxy, is available 12/2016). © 2016 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
LTE IPsec tunnel Internet
IPsec-GRE tunnel
Remote Offices
IPsec tunnel
Level 3 Enterprise Security Gateway
Proxy,* SSL* or IPsec tunnel Mobile Employee Level 3 VPN IP VPN access Branch Offices
• • • • • •
Next-gen firewall / Intrusion detection Web content filtering Anti-malware sandboxing Data loss protection Remote access Carrier agnostic Internet access
* Note that compatibility with third-party VPN, client proxy, and SSL will be available in Dec, 2016.
VPN Traffic
Internet Traffic
Phase 2
9
Global Policy
Deploying ESG Technologies
IPSec Tunnel Authentication Bi-Directional Traffic
Global Policy Management
Internet Authentication
VPN Internet
Remote Office © 2016 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
Enterprise Security Gateway
Level 3 Enterprise Security Gateway • Carrier agnostic • Service chaining • Next-gen firewall • IDS • AV/AS • Web content filtering • Application awareness and control • Malware sandboxing • Data loss protection
Secure Access Services – Rolled Up Into ESG Cost effective connectivity for MPLS/IP VPN Services helps ensure up-time and access
‣ Secure Access Site •
Secure Access Site service allows customers to connect their remote sites’ Local Area Networks to their Level 3 MPLS/IPVPN networks securely over the Internet utilizing secure site-to-site IPSEC tunnels.
•
Customer can have or procure Internet services from a third party provider (DSL, cable, wireless, etc.)
•
This allows a virtual expansion of the MPLS/IPVPN network to unsupported or small office locations.
•
It can also be used to back up an MPLS/IPVPN connected site.
IP SEC
Level 3 MPLS/IP VPN
Internet
GRE ILEC
Primary IP VPN
© 2016 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
Secure Access Services – Rolled Up Into ESG Secure Access Cellular: Keep businesses going and avoid costly downtime Immediate cellular backup in the event a customers Level 3® MPLS/IP VPN primary connection fails
Level 3 provided Managed Router (Cisco or Adtran) fully managed by Level 3
Packaged with Level 3SM Secure Access Site for Provider carrier agnostic--4G/LTE U.S. nationwide secure backup data transmission via IPsec coverage to provide the best possible cell coverage Level 3 provided integrated modem/bridge with available (Verizon and AT&T) backup solution Available with Level 3 MPLS/IP VPN service with
Simple flat rate MRC with no usage or overage charges Branch Offices, Point of Sale locations, ATMs and Kiosks
Corporate Headquarters Data Center Level 3 MPLS/IP VPN Network
IP SEC
Level 3 Internet Cellular Providers
© 2016 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
Comprehensive Portal Experience • Comprehensive and real-time visibility in the MyLevel3SM customer portal.
Next-Gen Firewall Application Awareness and Control
Network
Remote Access IDS
• Gateway availability, event statistics, and security advisories available. © 2016 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
Data Loss Protection
Web Content Filtering Anti-malware Sandboxing
13
Enterprise Security Gateway Portal
ESG Availability
Remote access
Firewall Instances
Threat Intelligence
Application Awareness and Control
*Optional log retention and streaming service provides near-real-time export of logs from the cloud to on-premises SIEM for analysis. © 2016 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
14
ESG is Backed By Threat Intelligence
Level 3 Threat Research Labs + FortiGuard Labs Level 3 Threat Research Labs and Fortinet’s FortiGuard Labs provide proactive protection against the latest security threats with active updating of threat profiles and signatures
Our Global SIEM ingests logs and threat data to help identify anomalies and potential vulnerabilities
© 2016 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
Security engineers will notify affected customers when threats are identified and update enterprise and Managed Security Services defenses based on these threats
Level 3 monitors command and control server (C2) activity and malicious IPs, and creates rules to block them on our network and for customers with configuration updates on the ESG platform
15
Backed By Threat Intelligence
Level 3 Threat Research Labs + FortiGuard Labs
FortiGuard Labs works 24 x 7 to uncover vulnerabilities and distribute updates to the ESG platform – IDS/IPS, Web and AV/AS controls are updated by Fortinet daily
Tens of millions of updates are made per week – In Q4 of 2014 they averaged over 50 million new and updated spam and intrusion prevention rules, URL ratings and AV definitions
© 2016 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
16
ESG Packages Premium
Basic
Firewall (NAT) (100 rule set) Secure Internet Access (SIA) 5 Basic Changes Internet Access or VPN IPsec GREoIPsec Alerting/Detection (IDS) Software Updates Logging & Reporting Management Services 24x7 SOC Support Services SIEM forensics & analytics Log retention (12 mths)
© 2016 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
Basic package + DLP Application Awareness Unlimited Changes
A-la-Carte
Optional Security Services Advanced Services i.e >100 Rule Anti-Malware (sandboxing) Content/URL Filtering (requires F/W)
Customer Benefits Securing all employees in any location on any device •
Improve your customers security posture as their business evolves • Deploy segmentation best practices with VLANs • Easily layer next-generation security technologies • Operationalize a uniform global security policy
•
Increase efficiencies by adopting carrier agnostic, network based protection with flexible commercial models and access options
•
Reduce Costs by moving to an OPEX model and control IT/Security Headcount
•
Simplify management with around-the-clock protection from service providers Security Operation Center
•
Increase Control with real-time reporting and self-service capabilities
© 2016 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
Why Choose Level 3? • Broad Global Coverage – Proximity to customer improves latency – Localized gateways allow regional support • Ease Of Deployment – No client software is required – Efficiently layer new technologies in a network-based environment (cloud) • Flexible Connectivity Options – Supports GRE, IPsec, IP VPN – Hybrid on-premises and cloudbased deployments
© 2016 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
• Breadth of Next-Generation Technology Options – Comprehensive suite of optional services – Based on next generation firewall technology
• Increased Efficiencies – Cloud-based protection with flexible commercial models
• Comprehensive Visibility and Control – Centralized policy management with visibility through a consolidated portal – Supported by Level 3 Threat Research Labs and SOC 19
Thank You
© 2016 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
ESG Use Cases
© 2016 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
Secure The Remote Workforce And Reduce Internet Latency
Customer Challenge: • Internet-connected remote workers have introduced security risk vectors into the organization. •
Organizations are unable to react proactively to Internet-based attacks.
•
Security controls often provide a manual response to threats.
•
Internet-based network deployments are broadening, introducing increased risk.
© 2016 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
22
Level 3 Solution: Enterprise Security Gateway Pubic Internet IPsec
www www
Remote Employee
Level 3 ESG
• • • • • • • • •
www
IPsec
Level 3® Enterprise Security Gateway •Secure Access Site connections •Intrusion Detection Service (IDS) •Anti-virus / Anti-spam •Web content and URL filtering •Application awareness and control •Data Loss Protection (DLP)
IPsec Remote Office
Remote Office
Router Secure tunnel (IPsec, GRE)
Moves inspection of all processes/files from the premises to network edge. Provides prevention of inbound and outbound exploits. Inspects all traffic for zero day exploits. Blocks threats leveraging threat intelligence. Scans and filters Internet traffic (browser and application) for APT's and malware. Provides centralized policy control. Analyzes and correlate threat intelligence into a single SIEM. Disseminates updated signatures to network and endpoints. Optional data loss prevention (DLP) for all devices available.
© 2016 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
23
Secure Hybrid Networks: Maintain Cost Efficiencies and Performance Customer Challenge: •
Due to gains in Internet speeds, organizations are moving to hybrid networking environments to improve costs.
•
Introducing more Internet connections in the network can increase the attack surface and risk.
•
Reducing connectivity cost to connect remote users to the corporate network can sacrifice security and performance.
© 2016 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
24
Level 3 Solution: Enterprise Security Gateway IPsec www
IPsec www www
www
Remote Employee
Level 3 ESG
• • • •
Remote Office
IPsec IPsec
Remote Office
Remote Office
Level 3® Enterprise Security Gateway •Secure Access Site connections •Intrusion Detection Service (IDS) •Anti-virus / Anti-spam •Web content / URL filtering •Application awareness and control •Anti-malware sandboxing •Data Loss Protection (DLP) Router Secure tunnel (IPsec, GRE)
Remote office locations connect to Level 3 Enterprise Security Gateway (ESG) over the Internet using IPsec. Inbound and outbound communications are protected by the ESG firewall and web filtering. Cost to interconnect offices is reduced due to use of Internet instead of IP VPN. Increase in performance due to elimination of backhaul.
© 2016 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
25
A Hybrid Approach to Security Management Can Reduce Risk and Augment Support Customer Challenge: •
As security deployments grow, organizations face an operational burden of deploying and managing security technologies at each location.
•
Attracting and maintaining IT Security staff is difficult in an under-resourced job market.
•
Capital expenditures for equipment and maintenance is escalating.
© 2016 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
26
Level 3 Solution: Enterprise Security Gateway
Pubic Internet
www www
IPsec
IPsec Level 3 ESG Remote Office
Datacenter
Level 3® Enterprise Security Gateway •Secure Access connectivity •Intrusion Detection Service (IDS) •Anti-virus / Anti-spam •Web content /URL filtering •Data Loss Protection (DLP) •Application awareness and control •Anti-malware sandboxing Router Secure tunnel (IPsec, GRE)
•
Remote office location and data center connect to Level 3 Enterprise Security Gateway (ESG) over the Internet using IPsec. • Anti-malware with sandboxing protects all connections. • Customer can maintain management of premise firewalls by opening the ESG firewall to pass (any-any) traffic unimpeded, and enable anti-malware to inspect traffic. • 24 x 7 Global Security Operations Center support. © 2016 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
27
