©A10 Networks, Inc.

A10 Networks solution benefits

Seminário de TIC Bancária e Segurança da Informação – Brasília

August 2015

O Evento:

A Network Eventos, empresa especializada na produção de eventos no setor de Telecomunicações e Tecnologia da

Informação, comprometida com a inovação, atualização e troca de conhecimentos, em parceria com o BB Tecnologia

e Serviços e a Caixa Econômica Federal, realizará em Brasília, a 1ª edição do Seminário de Tecnologia Bancária e

Segurança da Informação, dia 26 de agosto de 2015.

O seminário é um evento fechado, voltado para executivos do BB Tecnologia e Serviços, CAIXA e seus convidados

VIPs (Banco do Brasil, Banco de Brasília, Banco Central do Brasil, Correios, DATAPREV e SERPRO), onde serão feitas

apresentações de soluções tecnológicas de ponta.

Informações Gerais:

Data: 26 de agosto de 2015

Local: Centro de Convenções Brasil 21 – Salão Mundo Novo 1 e 2 - SHS Quadra 06, Lote 01, Conjunto A, Setor

Hoteleiro Sul - Brasília/DF

Público Alvo: Diretores, Executivos, Gerentes, Supervisores e Engenheiros das áreas de Telecomunicações e

Tecnologia da Informação do BB Tecnologia e Serviços, CAIXA, Banco do Brasil, Banco Central do Brasil, BRB, SICOOB

e seus principais clientes.

Formato: Evento fechado, distribuído em painéis e palestras.

Número de Participantes: 200 Pessoas

2 ©A10 Networks, Inc.

A10 Corporate Overview

Solution Features

Q&A

Agenda

3 ©A10 Networks, Inc.

A10 Corporate Introduction

Headquarters in San Jose

700+ Employees Offices in 27 countries Customers in 65 countries

$55M

$92M

$120M

$142M

$180M

1,000+

2,000+

2900 3900+

Q4' 11 Q4' 12 Q4' 13 Now

CUSTOMER GROWTH

COMPANY GROWTH

4 ©A10 Networks, Inc.

A10 Product Portfolio Overview

Dedicated

Network

Managed

Hosting Cloud IaaS IT Delivery Models

Application Networking Platform

Performance

Scalability

Extensibility

Flexibility

CGN TPS

ADC

ACOS Platform

Product Lines

ADC – Application Acceleration & Security

CGN – IPv4 Extension / IPv6 Migration

TPS – Network Perimeter DDoS Security Carrier Grade

Networking

Application Delivery Controller

Threat Protection System

Solution Features

Challenges and technologies

6 ©A10 Networks, Inc.

SSL anywhere

Increased Security measures and

policies

IPv4 Preservation

Strategy – IPv6 Migration

Protocol Coexistence

Application availability

XaaS

SDN readiness

Performance

DDoS attacks for all budgets and

needs

IP Version 4

7 ©A10 Networks, Inc.

Application Availability

Highly available applications and data centers

High performance

server load balancing: Scaling capacity for peak

loads

High availability: For uninterrupted

operation

Health-checks: Complete

application fault

detection

Global server load

balancing (GSLB): Intelligence for

global operations

8 ©A10 Networks, Inc.

Application Acceleration and Optimization

TCP Optimization: Improve application

performance

RAM Caching: Faster page loads equal

more revenue

SSL Acceleration: Secure applications

Compression: Optimize any

bandwidth level

Application acceleration for a faster user experience and optimized utilization

Technology for Application Acceleration

9 ©A10 Networks, Inc.

Application availability

– To maintain uptime

– SLB, GSLB, high-availability (HA), Health-checks, more…

Application acceleration

– For equipment consolidation and faster user experience

– Caching, compression, network optimization, more…

Application security services

– For brand and asset protection while enhancing your existing security

– FWLB, WAF, SSL services, more…

Enterprise Data Center

Acceleration: SSL Offload

TCP Reuse

RAM Caching

Compression

A10 ADC

Web App DNS Other App

Security: DDoS Mitigation

WAF

DAF

AAM

Availability: GSLB

High-availability

Health-checks

Backup Data Center

10 ©A10 Networks, Inc.

Scaling security devices and encrypted communications

– SSL Intercept: Eliminate encryption blind spot and scale security appliances

– FWLB and SSL offload, more…

Defend against emerging DDoS attacks

– Network and application protection

Selectively apply dynamic security chains

– Traffic steering and advanced ADC services

DMZ Security Solutions

Firewall Load Balancing

DDoS Mitigation

WAF

DAF

AAM

Traffic Steering

aFleX Scripting

SSL Offload

A10 ADC

Data Center

Firewalls

IDS/IPS

DLP

Other

Firewall Load Balancing

SSL Intercept A10 ADC

Internal Users

11 ©A10 Networks, Inc.

Application Security

Web application

firewall (WAF): Eliminate common Web

attacks

SSL insight: Eliminate the

outbound SSL

blind spot

Application access

management (AAM): Add authentication

seamlessly

DNS application

firewall (DAF): Protect critical

infrastructure

DDoS protection: Multi-vector edge

protection

Enhance existing security infrastructure, and protect against the latest threats

12 ©A10 Networks, Inc.

Cyber Threats Hidden in SSL Traffic

Sources: Sandvine Internet Phenomena Report “Security Leaders Must Address Threats From Rising SSL Traffic,” 2013

67% 50% 80% of Internet

traffic will be

encrypted

by 2016

of attacks will use

encryption to

bypass controls

by 2017

of organizations

with firewalls, IPS,

or UTM do not

decrypt SSL traffic

13 ©A10 Networks, Inc.

Next Gen Firewall

Secure Web Gateway

Intrusion Detection & Prevention

Advanced Threat Prevention

SIEM

Network Forensics

Data Loss Prevention

Unified Threat Management

Solutions are Failing

Despite $71.1B investment in

security

SOURCE: Information Security, Worldwide, 2012-2018, 2Q14 Update, Gartner

14 ©A10 Networks, Inc.

SSL Performance Impact on Next Gen Firewalls

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Performance Impact with 2048-bit SSL Ciphers

81%: The average of performance loss across 7 NG Firewalls

Source: “SSL Performance Problems,” NSS Labs, 2013

Vendor 01 Vendor 02 Vendor 03 Vendor 04 Vendor 05 Vendor 06 Vendor 07 Vendor 08

15 ©A10 Networks, Inc.

Joining forces for an advanced SSL Insight Solution

1. A Thunder ADC intercepts and decrypts SSL traffic

2. Thunder ADC forwards decrypted traffic to non-inline security devices (QRadar packet Capture devices)

3. QRadar inspects traffic for attacks or data loss

4. Thunder ADC encrypts decrypted traffic and forwards it to the intended destination

5. (Optional) based on URL classification on the cloud (Webroot) – Thunder could bypass certain website categories for user’s privacy IBM Qradar Incident Forensics Brief:

https://www.a10networks.com/sites/default/files/resource-files/A10-SB-19116-EN.pdf

16 ©A10 Networks, Inc.

132% increase in attacks (compared to Q214)

Online Gaming – top destination

China – Top sources (non spoofed)

122% increased L7 attacks

50% more attacks above 100Gbps

DDoS attacks on the rise

Source: “State of the internet Security,” Akamai Q215

17 ©A10 Networks, Inc.

Five principal methods for effective mitigation

Mitigating DDoS Attacks

Packet anomaly check: Network level packet

sanity check

(conformance)

Authentication

challenge: Network and application

level validation of client

origination integrity

Black and white lists: Network level high speed

inspection and control

Traffic rate control: Network and

application monitoring

to rate limit traffic

Protocol and

application check: Network and

application

18 ©A10 Networks, Inc.

Thunder Threat Protection System (TPS)

Multi-vector Protection Detect & mitigate application & network

attacks

Multi-level traffic visibility

60 Hardware mitigations

High Performance Mitigate Up to 155 Gbps of attack

throughput,

200 M packets per second (pps) in 1 rack unit

64k protected objects

8 x 16M black/white list capacity

Flexibility for customization and

network integration Programmatic Policy Engine

aFleX

RegExp

BPF

SDK/RESTful API for 3rd party integration

Many deployment modes

Asymmetric

Symmetric

TAP mode

Hybrid

Next Generation DDoS Protection

Multi-vector

Application &

Network Protection

High Performance

Mitigation

Flexibility for

customization and

network integration

18

19 ©A10 Networks, Inc.

Flexible and broad deployment options

– Asymmetric deployment Reactive

Reactive Deployment with CPE

Proactive

– Symmetric (inline) deployment

– Out-of-band (TAP) deployment

Flexible network support

– Routed (L3) mode or Transparent (L2) mode

– MPLS traffic protection

– IP-in-IP tunnel, GRE tunnel

– Destination & Source NAT

Open SDK using RESTful API aXAPI to integrate with standalone 3rd-party DDoS detection solutions

Easy Network Integration

3rd Party Threat Detection Device

Core Network

Data Center

Services

Flow Export

(Netflow, sFlow)

Traffic Redirection

Tunnel (GRE or

IPinIP)

3rd Party Threat Detection Device

Core Network

Data Center

Services

aXAPI Flow Export

(Netflow, sFlow)

Traffic Redirection

Tunnel

(GRE or

IPinIP)

ISP

End Customer

Services

Real-time Detection

Flood Thresholds

Protocol Anomalies

Behavioral Anomalies

Resource Starvation

L7 Scripts

Black Lists

H

TT

P

D

N

S

T

C

P

U

D

P

Host

Telemetry Collection

sFlow Collector

Log Server

Telemetry

Third Party Threat Detection

20 ©A10 Networks, Inc.

Deep packet inspection and scripting technology

Benefits

– Adjust traffic and L7 data as needed

– Fix or optimize applications

– Complete traffic control

aFleX: Comprehensive DPI and Traffic Management

Example: Automatically displays a Web page based on the user’s language, using the language set in the user’s browser.

English

Spanish Japanese Chinese

21 ©A10 Networks, Inc.

Integrate into 3rd-Party Applications

– Reporting

– Centralized configuration management

– Provisioning

Custom Management Solutions

– Integrated into homegrown apps versus using the A10 CLI or GUI

Interactive Infrastructure

– Applications can issue triggers to change traffic management behavior based on external events

aXAPI: Customizable Management Options for Integration

Authentication request, containing Thunder admin username and password.

If authentication is successful, Thunder replies with a session ID and status 200 - ok

Configuration or monitoring request, containing the session ID

Next configuration or monitoring request, containing the session ID

Third-party application sends session close request or allows session to time out.

If session ID is Valid, and session has not timed out or been closed, Thunder performs the requested action and replies with status 200 - OK

Thunder performs requested action, if session ID is valid and session has not timed out or been closed

Third-party Application aXAPI

22 ©A10 Networks, Inc.

Achieve automation, operational agility, and reduced TCO

SDN integration

– Overlay & fabric integration

– VXLAN and NVGRE

– IBM SDN-VE, Cisco APIC, VMware NSX

Cloud orchestration integration

– Policy integration with Cloud orchestration platforms

– aGalaxy, Microsoft SCVMM, VMware vCloud Director, OpenStack

3rd-Party Integrations: SDN/Cloud Orchestration Integration

Summary

24 ©A10 Networks, Inc.

Diferenciais – A10 Networks?

Alinhado con as tendências de mercado

Cumpre com todos os requerimentos apontados pelo Gartner (IPv4/IPv6, Garantia de transações, NAT, Cache e Virtualização)

Diferentes formatos e Flexibilidade para aquisição (HW, VM ou Cloud)

Melhor solução sob aspectos de escalabilidade e performance

OPEX Previsível e licenciamento todo incluso; Cisco Like CLI

Reconhecimento por terceiros

Suporte de primeira linha, plataforma robusta e com baixo RMA

25 ©A10 Networks, Inc.

Visit www.a10networks.com

– 30 days, 5 Mbps limit

– Full features

– For VMware, Hyper-V, KVM and Xen

vThunder Free Trial – Try Today

Questions??

THANK YOU www.a10networks.com