Securing the Network
Welcome to Avaya ENGAGE Las Vegas 2017. View Marc Randall, Sr. VP and GM, Avaya Networking keynote to learn more about how Avaya is securing the network.
>> Ladies and gentlemen, please welcome Marc Randall, Senior Vice President and General Manager of Avaya Networking.
>> Good morning. That was a good stage change. Have to wait to get the chairs off the stage before I join. It's a pleasure to be with you. I hope that everybody is enjoying Engage.
I saw a lot of people at the breakout sessions yesterday. And at the solution hall at night. I guess one of the positive things is, in the networking side We had a none disclosure future road map discussion yesterday and you're still here. So, hopefully you like what you see.
This event to me is really great, cuz it's an opportunity for us to talk to you the customer, but more importantly having, the customers be able to talk to their peers in the industry. And yesterday, as I talked to quite a few of you, I kept asking, what's the challenge?
What's difficult? What do you need from us? And pretty consistently, maybe a little prodding on my Point. But it is, how do I deploy all of these devices that are coming out? Matter of fact, every device that comes out needs to be connected to the network. Two is, how do I simplify my network so I can actually deploy them?
And the third is, how do I secure them? Big challenge. So, what I'm gonna cover this morning, is talk a little bit about our accomplishments over the last year in the networking space. Then get into some of the challenges that we all face. And then, talk about some key solutions that we're bringing to market to address some of those challenges.
So, let's get started on the accomplishments. So, we had a good year growing, getting momentum in really three major areas. One is on the wireless side. This is an area that's growing rapidly, and we announced a new wireless solution that's probably about 18 to 24 months old now, it's the 9100 product line, and we already have over 1,600 wireless customers.
So we're seeing rapid adoption of that technology. And then the second one, I'm actually really proud of, in one quarter, we shipped over a million ports on our switches. That's the first time that we had done that in 18 quarters. And what's causing that? The explosion of the devices on the edge.
The transformation from one gig to ten gig. As edge devices, that transition from 10 gig to 40 gig in aggregation. So we're seeing an uplift and that uplift associated with the mass amount of data, that is now traversing the network. And then finally, a major accomplishment for us Is we now have a thousand fabrics deployed worldwide.
That's almost 100% increase in one year. This really affirms that our strategy and our technology that we put in place is actually being adopted. That's really starting to work. So, the business is strong. We're continuing to grow our footprint and our momentum. And, I'd like to thank everyone here in your confidence in our solution as well as the Avia team.
So thank you very much. Let's get into some of the marketing challenges that are facing us today. Trans we talked a lot about digital transformation, we talked about cloud computing, and we talked about the internet of things. Now, these are really promising trends in the market, that will give customers great agility, give you greater agility, produce more revenue, less operational expenses.
So, it's a good trend. However, as this technology rapidly changes, what's happened to the industry in networking is the network hasn't kept up. Most networks, today, are still running a foundational protocol that was Developed and shipped over 20 years ago. Can you imagine that? Can you imagine sitting down at your desk and pulling up Windows 3?
Pull out your Lisa Apple.
>> That's essentially, what's happening behind the plug that you connected your computer into. It's an old technology, it's not built to support these trends that we're talking about. Now, the network has a tremendous role to play in security. It sees all the data.
It sees all the application. It sees all the users. But it's being minimized because of these older protocols. So, with these new technologies that are coming out, with them comes threats. In fact, Price Waters Coopers did a survey, and that survey indicated that. Last year alone, they saw 38% more detected breaches.
Detected breaches. Can you imagine what wasn't detected? That's what's happening today. Gartner said by 2020, over 25% of identified attacks in the enterprise will involve the internet of things. So every device, that potentially can connect up to your network can be a threat to your network. One of the most dramatic changes in the network today is really what has happened to the perimeter of the network.
See you look at this historically, this is what the perimeter of the network looked like. It was the outer boundaries of your enterprise. You'd spend a lot of money in your IT department, protecting the outside of your enterprise. Putting firewalls, DMVs, VPNs. The problem with this is, Once you get in, if a hacker gets in, once they get in, your boundary of the outside of your network they get full access to everything inside your network.
They can roam free. Now, just to accentuate that comment, there's a large retail store that was compromised probably a year and a half ago, two years ago. You've probably even heard the story. They got compromised through their HVAC system. So they have a contractor, to save the millions of dollars by monitoring their heating and their cooling.
Great, we saved millions of dollars. What happened? A hacker used that to penetrate the edge, and they went in and they got through the HVAC, went through the network, and into their database, and lo and behold, out came customer credit card information. That's how it works, okay. Now, what does the edge really look like?
With the explosion of IoT, outsourcing, you probably all have contractors that you use. You maybe do development in other countries. They're all connected in. Cloud services, private and public, are now part of your operational efficiencies. The edge looks significantly different. The shape is changing, right? You get to the point now is, where is the edge?
Is it at the edge of the campus? Is it the cloud? Is that your edge? Is it the employees devices? Is it the manufacturing devices? Is it your medical devices? Where's the edge? Well, the edge, the perimeter now is everywhere. And you have to think of it being everywhere.
If you don't, you are gonna be susceptible to breach us. So, this leads you to believe, or questions that need to be answered, is how do I guard my crown jewels? Right. How do I guard my applications that run my business? How do I contain breaches and isolate hackers?
Cuz maybe I can't make a perfectly secure network but I can sure try to contain it if I ever get breached. How do I meet compliance and regulatory obligation? If you're in the medical field, you have HIPAA responsibility. Matter of fact, patient data's probably more important than this retail company that gave up credit cards.
When you get patient data, you get everything about that person. When you hack in a database and take a credit card you get a credit card that they see anomaly and they turn it off. Not in health care. PCI compliance, right. Do you really have a secure link back to the data center.
How do you protect physical updates? People places and assets. Video surveillance, pretty common, you walk around the casino you see it all over the place. And what do you do about those IoT devices that are connecting. So we're seeing explosion of devices. We're seeing a changing perimeter. And it's bringing security challenges.
So let me introduce you to three capabilities that are inherent in our technology [COUGH] that allow you to secure your network, allows you to handle the proliferation of IoT. And those three areas are, hyper-segmentation, elasticity, and stealth. Now network segmentation, that's been around for a while. You've probably heard that, right?
Well I have a segmented network. I put segments on VLANS. That's been the most common. Remember that discussion about running a protocol that's been around for 25 years? Welcome to one of the protocols. Or you have segmentation and you have it in your data center and it's microsegmentation and it's between machines.
None of those are a complete solution. The problem here is in every parameter you have to be able to span the entire network. Because you've got internet and things are hitting your data center from around the world. They're getting in. You have to be able to control them, right?
You need to have end to end segmentation, and you also need to consider what kind of scale you need to have. How many segments do you want to have, how many do you need in your organization? So on hyper segmentation. This greatly improves the traditional segmentation. The VLANs and the machine that I was talking about.
It also allows you to scale to millions of segments. Wherever you have a VLAN, you can get 4,000. That's great. If you're a large company, that don't work. But this technology will let you scale. And it allows you to span the entire organization from the device to the data center.
So once you have hyper segments created, what it does for you is it reduces the attack service, right? Much harder for hackers to get into your network. It helps you do anomaly screening, right? You can look just at one segment. Gives you firewall efficiency. Imagine that you could secure zones for your finance organization, your HR organization, your customer's data, your video surveillance.
You could be running video surveillance in the backbone of your network and not sucking all your bandwidth out. You could do physical security. You could have an R&D group. Your executives, devices, kiosks, you name it. You can now give them secured segmentation. Very, very powerful. Now hypersegmentation, when we talk about the scale of thousands The millions of segmentations, really becomes challenging if you don't have another capability and that's elasticity.
Elasticity, really think about this, this is the ability to extend the network configuration all the way out to a device And then when the device leaves the network, it retracts back. Essentially, closing that hole. A hacker can't come in behind it. So there's no, I'm gonna walk over, pull out this cable out of the wall.
Put in my laptop and try to hack them. Once you pull the cable out of the wall, the network retracts. Shuts the door. So [COUGH], excuse me. Think about this as plug and play functionality. A network connection occurs, plug into the network. It gets recognized. Okay, you're in the network and it appropriately puts the device into its own secured network, its own segmentation.
So really the only way that you can scale hypersegmentation is to have elasticity. Plug and play cuz is you have thousands and thousands of devices, you just don't have the staff to go and configure every single device and put it on to the network. It doesn't work. Plug and play, you can have a systems going out.
Get linemen going out. You have technicians, plug and play. And the message to them is, right, plug the device in and walk away. Okay, so now most cyber attacks don't start with the intended target. Most cyber attacks take advantage of that 20 year old protocol that's running in your network.
It's called the IP protocol. And there's a lot of tools that can take advantage of the IP protocol and be able to see all the paths within your network. And they can trace those paths and ultimately get into your data center and wreak havoc on you. That was one of the strengths of the IP protocol, was that it could determine all the paths in your network automatically.
It was really cool. And then it could show you all those paths. [COUGH] So, what was once a powerful attribute has now become the key lease attendant of the protocol, okay? Hypersegmentation on the other hand, does not expose you to the same vulnerability of IP. This means if you're breached outside of one of the segments, If you try to look beyond that segment, you see darkness.
There's nothing there. You can't see any of the switches, the routers. You can't see devices, you can't see servers. It's completely dark. Now if they breach a segment itself, let's say they come into the end and they were able to get into a segment. All they can see is the end points.
Let's go back to that large retailer that we talked about earlier in the presentation. If they had this technology and this hacker came in through the HVAC, you know what they could see? An air conditioner. They could make it really uncomfortably cold at a store. That's it, right?
That's why this is very important. So when you think about this, the important piece here is if you have segmentation and you have this technology, it makes a breach simple. It doesn't make it a catastrophe, like the large retail store went through. Okay, those are our capabilities. These are the foundational capabilities that you get in our products.
You don't have to buy anything special, this is what you get. However, the illustrations that we just walked through assume that you can identify the device that connects into the network. But many devices, you can't identify them. As an example, even federal regulations stop some devices from being identified, like in healthcare, FDA.
You may have medical devices that can connect to the network but that can't say I'm an x-ray machine, right? What do you with those? What about elasticity? You can't identify the box. That's a big issue for the Internet of things, right? And what that can turn out to be for organizations is thousands of devices being in a point of exposure.
So what I'd like to do, announce here today, a new solution that addresses the management of the Internet of things. And that solution is called Surge. It's completely new to the market. It's been built from the ground up. It's based on a deck of cards I took from the table last night.