data security solutions
TRANSCRIPT
Proprietary and Confidential. © 2007 Verizon. All Rights Reserved. PTEXXXXX XX/07
global capability. personal accountability.
Verizon Business Verizon Business DataData Security and QOS-based Network Solutions Security and QOS-based Network Solutions
Presented to:Presented to:
CCAPCCAPTechNet Quarterly MeetingTechNet Quarterly Meeting
Proprietary and Confidential.
Operating unit of Verizon Communications – ranked 13th in U.S. Fortune 500
Advanced voice, data, IP, IT and wireless solutions for large business and governments
One of the largest and most secure global IP networks serving 2,700 cities in 150 countries
Manage networks and/or security for over 4,000 enterprises and government agencies around the world
Global network security intelligence
Global leader with full range of security & compliance services
18+ years of focused experience securing critical data and protecting identities
Mature set of managed & professional services for threat, compliance, vulnerability, forensics & identity management
Client-driven approach: - product-neutral - sourcing-neutral
ICSA Labs – in-depth security product testing & certification
Largest global provider of managed information security services
Over 1,100 security professionals worldwide
Mature solutions to address: - all layers of technology stack - security/compliance processes - enterprise risk management - cloud-to-core security
Practical & customized approach with solutions tailored to your environment and needs
Global delivery capability
Global infrastructure (7 SOCs, large IP network)
Deep security intelligence sources
Managed security solutions for large businesses and governmentsManaged security solutions for large businesses and governments
Verizon Business and Cybertrust Join ForcesVerizon Business and Cybertrust Join Forces A Global Security PowerhouseA Global Security Powerhouse
+ =
Proprietary and Confidential.
Value to the Customers:Value to the Customers:Securing the Technology StackSecuring the Technology Stack
ColocationServices
Managed Network Services
Managed HostingServices
Applications ManagementServices(Remote/Smart Center)
Managed SecurityServices
Application SecurityServices
Data Privacy services
HW Platform, OS, Storage
Facility/Infrastructure
LAN/WAN Network Access
Database/Data Privacy
Application Servers
Business Applications
Identity Services
Risk/ComplianceIT Services Security
Proprietary and Confidential.
Sample Security Client List Sample Security Client List
Proprietary and Confidential. © 2007 Verizon. All Rights Reserved. PTEXXXXX XX/07
global capability. personal accountability.
Security & Compliance Solutions
Proprietary and Confidential.
Cybertrust Offering CategoriesCybertrust Offering Categories
Managed Security Programs
Professional Services
Enabling Technologies
Full-cycle security /compliance programs
Establish and maintain key portions of a security and
compliance program (outsourcing or co-sourcing)
Vulnerability Management
Security Monitoring / Mgmt
Regulatory Compliance
User Authentication/PKI
Forensics and IR
Project-based, expert-delivered services
Assess, design, build, or augment critical components of a security
and compliance program
Planning & Decision Support
Vulnerability Management
Identity and Access Mgmt
User Authentication/PKI
Regulatory Compliance
Business process automation technologies
Improve the efficiency & accuracy of automatable, high-volume
components of security program
Regulatory Compliance
Vulnerability Management
Identity and Access Mgmt (Digital Certificates, PKI)
Business Partner Security
Proprietary and Confidential.
Verizon Business Value Verizon Business Value Solution OfferingsSolution Offerings
Security Management Program • Business Partner Security Program • PCI compliance
Security and Compliance Programs
• Strategy, assessment, design, and road mapping
• Multi-factor authentication• Digital certificates• Encryption solutions• Managed PKI / credentials• Federated Identity• Third-party technologies:
– Evaluation – Implementation – Ongoing management
• 24x7x365 security management, monitoring and alerts
– Firewall / Router / VPN– IDS / IPS– Asset, vulnerability, & threat correlation
• In-the-cloud security (DDoS, email & web content filtering)
• Managed network scanning • Application Security
– Inventory & risk assessments– Application reviews– SDLC training
• Forensics & Investigative Response
• Risk assessments– infrastructure, regulatory, enterprise
• Security design, architecture, development, and implementation
• Asset discovery & classification• Quantitative risk modeling
and remediation planning• Operational roadmap creation• Third-party technology review &
implementation • Staff augmentation
(executive & operational levels)• Merger & Acquisition support
Identity and Access Management
Threat and Vulnerability Management
Security Strategy and Consultation
Proprietary and Confidential.
Capabilities & Solution AreasCapabilities & Solution Areas
Forensics & IR
Strategic Planning
Risk Assessments
Quantitative Risk Modeling
Operational Roadmapping
M&A Support
3rd party validation / certification
Application Security
Forensics & IR
Business Partner Security
Vulnerability Management
Security Monitoring & Logging
Policy Development & Enforcement
Identity & Access Management
Compliance, Audit & PCI
Data Flow & Privacy
In-the-Cloud Security (DDoS, Email)
Strategic & Planning Functions
Operational Functions
Proprietary and Confidential.
Case Study: City Public Safety DepartmentsCase Study: City Public Safety Departments
Objective: Internet Access for City officials, PSAP and remote access for Police force.
• Redundant Internet Access with Verizon Business
• Active - Active Solution using two 4xT1 Circuits to deliver 6MB IP Ports.
• Managed Firewall Service with Cisco ASA 5520 Firewalls
• High Availability – 24/7 Monitoring
• Remote Access for Patrol Cars with Wireless Aircards
Proprietary and Confidential. © 2007 Verizon. All Rights Reserved. PTEXXXXX XX/07
global capability. personal accountability.
Verizon BusinessVerizon BusinessPrivate IP
Proprietary and Confidential.
Drivers to MPLS-Based ServicesDrivers to MPLS-Based Services
New ApplicationsNew Applications • Any-to-any, peer-to-peer applications• Supports new technologies (i.e., multicasting, VoIP,
e-learning, e-everything)• Move to network-based applications
Network Network EnhancementEnhancementand Simplificationand Simplification
• Any-to-any, restricted access available: – Fast and economical with direct interconnection to enterprise locations
and business partner sites– Reliable IP routing that provides more flexibility– Reduced network administrative burden– Investment protection for enterprise IT buyers
Flexible Network Flexible Network ResourcesResources
• Highly scalable:– Rapidly scales in bandwidth and number of sites
Leverages ExistingLeverages ExistingNetwork ResourcesNetwork Resources
• Provides voice, video, and data network convergence• Retains current network interfaces• Employs existing CPE and labor skill set• Helps improve network utilization• Frame Relay/ATM PVCs can co-exist with direct and indirect
access to MPLS-based network • Evolutionary or revolutionary transition
Proprietary and Confidential.
Technology Definition of MPLSTechnology Definition of MPLS• Multi-protocol label switching
(MPLS) integrates layer 2 (L2) switching and layer 3 (L3) routing using RFC 4364 (formerly 2547)– Enables network edge routers
to apply simple MPLS labels to packets or frames
– Switches packets according to labels
• Virtual network tables maintained in PE routers:– Not customer configurable
• Customer edge (CE) router does not run MPLS
Network CoreRouter (P)
Customer Edge Router (CE)
Provider Edge Router (PE)
Private Backbone
MPLSMPLSCoreCore
Proprietary and Confidential.
Private IP Enhanced Traffic ManagementPrivate IP Enhanced Traffic Management• Private IP with IP QoS:
– Six classes with ten queues:° Real Time/Voice (EF Class)° Video/Priority Data (AF4 Class)° Mission Critical Data (AF3 Class)° Business Data (AF2 Class)° General Data (AF1 Class)° Default Class
– Access to five Data classes is included in the port charge.
– Congestion Management offers multiple levels of prioritization within each of the four Data queues.
– Customer subscribes to Real Time/Voice (EF) CAR.
Proprietary and Confidential.
Secure Gateway ServicesSecure Gateway Services
• Secure Gateway – Firewall – Provides enterprise employees secure access to the Internet from customer
locations connected to a Verizon Private network service via a network-based firewall. Secure Gateway – Firewall bundles Internet access with a stateful firewall to help protect against a range of network security threats.
• Secure Gateway – Retail and Remote Office – A wide area network service that provides secure, encrypted, low cost,
connectivity to the corporate network from small office/home office and remote office locations. This service can be used as the primary site connection at remote locations or as a cost effective backup for access to the company’s Verizon Private network (e.g., Private IP) service at corporate sites.
Secure Gateway Services is a suite of advanced, network-based Secure Gateway Services is a suite of advanced, network-based communications services that deliver a broad range of features communications services that deliver a broad range of features to Verizon Private network services customers (i.e., Private IP, to Verizon Private network services customers (i.e., Private IP,
vBNS+, Frame Relay, or ATM).vBNS+, Frame Relay, or ATM).
Proprietary and Confidential.
Secure Gateway Services Secure Gateway Services (cont’d)(cont’d)
• Secure Gateway – Mobile User– Provides secure, encrypted, remote access for a customer’s mobile
workforce and remote employees and allows these users to securely connect to corporate data resources hosted on computers within their company’s Verizon Private network service.
Proprietary and Confidential.
Private IP Dynamic BandwidthPrivate IP Dynamic Bandwidth• Web-based access through the Verizon Business customer portal
• Port and Committed Access Rate Analysis
• Automated Access Change Requests
• Can change between Private IP Standard and Enhanced Traffic Management (ETM)
• Near-real-time port upgrade/downgrade functionality
Proprietary and Confidential.
Application and Packet – Marking Optimization Application and Packet – Marking Optimization Helping Counties Make the Most of Their MPLS VPNHelping Counties Make the Most of Their MPLS VPN• Evaluate the performance
of network applications at the desktop and user level
• Extend CoS into a customer’s LAN segment
• Ability to manage CoS down to the user and application levels specifically
• Help enterprise ensure priorities and bandwidth are being allocated to support their business needs
““Applications are real-time and more Applications are real-time and more complex, and users require LAN-like complex, and users require LAN-like performance over WANs. This all performance over WANs. This all puts more pressure on the network puts more pressure on the network manager to ensure adequate manager to ensure adequate application performance. This application performance. This requires a different approach within requires a different approach within the NOC. Performance management the NOC. Performance management needs to be at the center of needs to be at the center of operations along with fault, which operations along with fault, which will give network managers better will give network managers better visibility to respond to the most visibility to respond to the most business-critical events.”business-critical events.”
““Enterprise Network Management Enterprise Network Management Tools Get Application-Aware” Tools Get Application-Aware” Yankee, 12/05Yankee, 12/05
Proprietary and Confidential.
Case Study: County WAN Connectivity Solution with Verizon’s Case Study: County WAN Connectivity Solution with Verizon’s IP Networking ServicesIP Networking Services
County’s Objective:
Update bandwidth on WAN that will accommodate Video and a phone system that will allow 4 digit dialing and centralized Voice Mail at their remote offices.
Proposed Solutions: Verizon Business Private IP (PIP) and Hosted IP Centrex (HIPC)
-The county currently has a Frame Relay network with various PVC speeds from 256K to 768K. The county will replace this network with Verizon Business’s PIP (MPLS). The PIP Network will have T1’s (1.544MB) at each remote office. The host locations will have a 22MB (DS3) as will their backup Data Center. This will give the remote offices sufficient bandwidth to run Video, carry their county government voice traffic and be a gateway to the VOIP network.
Proprietary and Confidential.
Case Study: County WAN ConnectivityCase Study: County WAN Connectivity
-Each remote location will be configured with Polycom IP301 or IP501 Phones. The number of simultaneous callers will vary per location but we are using 8 to 1 to determine the number of paths needed. Typically these offices have between 8 and 25 users. The number of simultaneous for 8 was determined to be 4. The number of an office with 25 users was 6. All local calling is included with HIPC. Each office will receive 1,500 minutes of Long Distance calling per the number of simultaneous calls ordered.
Conclusion:
The county will see an increase in production with a more efficient WAN that allows them provide Video, give them better functionality with 4-digit dialing between locations and gives them a centralized Voice Mail system. They will see a decrease in Telco cost as their Local and Long Distance usage will become a fixed cost.