Transcript Global - afcea

Verizon Business
Marlin Forbes
Vice President
Defense and International Services
global capability. personal accountability.
© 2007 Verizon. All Rights Reserved. PTE12079 03/07
Verizon Communications
Three Key Business Units
2
•
•
•
•
Communications services for consumer and small business
Building one of the most advanced broadband networks
Handling 1+B* calls a day with 99.99% reliability
Serving 30M U.S. households
•
•
•
•
Mobile services for U.S. consumer and business
Nation’s most reliable wireless network
Highest in customer loyalty
Nearly 55M customers
•
•
•
•
Global Solutions for large business and government
Created by merger of Verizon and MCI in January 2006
Most connected IP Backbone
Serving 94% of Fortune 500
*Average number of calls handled each business day.
Global Industry Trends
Telecom Industry Trends
• IP Everywhere
• Migration to Private IP
• Broadband Everywhere
• Convergence of Voice, Data and Imagery
• Application Layer embedded in network
• Optical Networking
• Seamless Networks
• Migration to IPv6
Strategic Network Programs
• Upgrade Backbone to Ultra Long Haul fiber
• Access Moves to Converged Packet Architecture
• Voice Network Migration to IP
• Fully meshed networks with enhanced survivability
3
Global IP Network
Delivering Around the Globe
• 6 continents
• 150+ countries
• 2,700 + cities
• Expansive coverage of Internet data centers
• Fully meshed transatlantic IP network
4
Europe
• Services in 23 countries
• Metro loops in nine
countries, 44 cities
• National networks in
eight countries
• Transatlantic connectivity
• One of only two U.S./
European carriers in 160 Gbps
SEA-ME-WE-4 consortium
• Private IP available in nearly
50 countries in Europe
5
Existing Node
Planned Expansion During 2006
Asia Pacific
• Metro networks in Singapore, Tokyo,
Osaka, Melbourne, and Sydney
• National networks in Japan
and Australia
• Facilities based licenses in Hong Kong,
Australia, Japan, and Singapore
• Investments in 22 major submarine cable
systems serving the region
Seoul
Hong Kong
Tokyo
Osaka
Taipei
Guam
Singapore
• Migrated to Self-Healing Rings
• Singapore to Paris latency reduced
to 180ms with SEA-ME-WE-4
6
Sydney
Existing Node
Auckland
India
• Partner solutions are in place
with VSNL, Reliance, and Bharti
• Added Direct Private IP and IP
connectivity with Europe and
Asia to improve latency
New Delhi
Cox’s Bazaar
Mumbai
Chennai
Banglalore
Existing Node
7
China
• Established agreements
with many major Chinese
carriers to extend coverage
• Working with five major
Asian carriers to develop
Trans-Pacific Express (TPE)
Cable – expected
completion in 2008
Beijing
Shanghai
• IP peering with Chinese
carriers for reduced latency
Guangzhou
Existing Node
8
Global Reach and Investment
Americas Regions
Sweetwater
Blaine
Seattle
Spokane
Fargo
Billings
Minneapolis
Eau Claire
Portland
Rouses Pt.
Kalamazoo
Boise
Albany
Syracuse
Rochester
Sioux Falls
Eugene
Alden
Evanston
Cedar Rapids
Flint
Grand
Rapids
Chicago
Sioux City
Cheyenne
Midland
Mil.
Topeka
Salt Lake
City
Co. Sprgs.
Pueblo
Wichita
Eugene
Kansas
City
Joplin
Cincinnati
St.
Louis
Springfield
LA
Palmdale
Las
Vegas
Rialto
Santa Fe
Phoenix
Albuquerque
Lubbock
Dominguez
Hills
San Diego
Tucson
Tuls
a
Amarillo
El Paso
Richmond
Knoxville
Charlotte
Memphis
Okla.
City
Baltimore
Washington
Louisville
Nashville
San
Francisco
New York
Newark
Pittsburgh
Columbus
Denver
Reno
Salinas
Scranton
Indianapolis
Lincoln
Chico
Poughkeepsie
Cleveland
Omaha
Davenport
Raleigh
Huntsville
WichitaDallas
Falls
Little
Jackson
Rock
Shreveport
Columbia
Birmingham Atlanta
Abilene
Midland
Macon
Montgomery
Savannah
Albany
Austin
Mobile
San Antonio
Houston
Tallahassee
Gainesville
Lafayette
New
Lake
Corpus ChristiCharles Baton Orleans
Rouge
Harlingen
Tampa
Orlando
McAllen
Jacksonville
Cocoa Beach
West Palm Beach
Boca Raton
Ft Lauderdale
Miami
United States: Long Distance
Americas
•
•
•
•
9
Network in 10 Countries
Facilities Based Licenses in 3 Counties
18 Major Submarine Cable Routes
7 Data Centers
•
•
•
•
•
48,000+ Route Miles
31 Submarine Cable Routes
125+ Voice Switches
2100+ Data Switches
200+ Data Centers
Hartford
Buffalo
Detroit
Expanding the Reach of
Global IP Network
• Private IP Services
continue to expand:
– 356 edge switches
deployed in 128 cities
for direct access
– Ethernet Access available
in US and 21 countries in
Europe and Asia Pacific
– Expansion plans for an
additional 100+ edge
switches in 12+ new cities
in 2007
10
Private IP available in 116 countries
Global Reach and Investment
Pan-European Regions
• Network in 23 Countries
• Facilities Based Licenses in 9
Countries
• Metro Loops in 9 Countries, 41 Cities
• 31 Submarine Cable Routes
• Trans-Atlantic Cable Mesh Network
Completed
2006 Atlantic Mesh Backbone
• 54 Data Centers
Cable System 1a
Cable System 3a
Bude, UK
60 Hudson
London
UK2
111 8th Ave
London
UK5
Crystal
Lake, NJ
Cable System 3b
Terrestrial
11
Wet
Paris
Terrestrial
Taiwan Earthquake
Verizon Performance
• Taiwan Earthquake – 12/26/06
– Earthquake of magnitude 7.2
– Unprecedented 20 cuts on 8 cables
– Isolation of Taiwan from the Public IP
and Data networks
• PIP Continued to Operate at Full
Capacity
• Public IP & Data Restored as much
as 24 hours Earlier than other
Carriers
– Restoration with backhaul &
SMW-4 within the first night
– Leveraged Partnerships to obtain
additional capacity
12
Epicenter
Trans Pacific Express (TPE) Cable System
• First Multi-Terabit Optical Submarine Cable System Directly Linking
the U.S. Mainland and China
• VzB is only U.S. Carrier of 6 Consortium Members
• First Cable System with Direct 10 Gbps Wavelength Access to China
• Adds Diversity, Speeds Provisioning, Reduces Latency
• Planned Completion: 3Q08
– Initial Capacity: up to 1.28 Tbps
– Design Capacity: up to 5.12 Tbps
• Provides direct connectivity to
Beijing, Shanghai, Taipei, Seoul,
Hong Kong (via China), and
India (via China)
13
Ultra-Long Haul (ULH) & Dual Rail Architecture
 Reduces Network Elements by up to
70%
 Lowers DS3 Per Mile Cost by up to
70%
 Enables Wavelength Services
Dual Rail ULH Architecture
Metro
Ring
Metro
Ring
Current
Technology
Current
Technology
 Provides a Higher Level of
Regenerator
ULH
Technology
Regenerator
14
ULH Rails Interconnected
with OADM Technology
ULH
Technology
Resiliency and
Performance
 Improves Latency
 Lessens Customer Impact
during Maintenance
Converged Packet Access
Long Distance
PBX
Local
Converged
IP Core
Internet
Private IP
Customer Premise
Frame Relay
ATM
Today: Multiple Access Circuits
Customer Premise
With CPA: Ethernet Aggregation
• Enables Logical / Automated Service Provisioning
• Enables Scaleable Bandwidth on Demand
• Reduces Traditional TDM Bandwidth Requirements up to
60%
• Expanding from 30 to over 60 sites
15
Customer Portal
Providing Information on Demand
• Verizon Business
Customer Center:
–
–
–
–
Global view
Support in 6 languages
More than 55 applications
Dashboard with
key statistics
• eBonding:
– Links your back office
with ours
– Scalable for large transactions
Online tools that enable you
to monitor performance around
the globe
16
Security Intelligence Portal
Available on Verizon Business Corporate Website
• Analyst Diary
– Daily summary of observed security
events and information from Verizon
Business Analyst team
• Activity Dashboard
– Dashboard representation of
security information observed
from various data sources
• Event Calendar
– Trending calendar allowing a
user to view dashboard trending
from previous days
• Data Key
– TCP and UDP port and protocol legend
• Publications
– Various relevant security
publications from Verizon Business’
security experts
17
Deriving Intelligence
18
Data Capture, Collection, Analysis, and Sharing
Security Intelligence Console
Capturing, Collecting, and Analyzing
Internal and External Data Sources
Managed Services
Operation Center
NOC, SOC, Internet
IP Backbone
Operations
Verizon Business Internet
and Public Internet
Internal IT
Operations
Verizon Business
Enterprise IT Operations
Third Party
Open source,
Network and
Technology Providers
Global Customer Security Event Management; managing
network and security devices and technologies deployed
at various demarcation levels within an enterprise, and
supported on multiple provider networks worldwide.
Global IP backbone operations and managed services
support; worldwide IP traffic visibility on Verizon Business
backbone and across public peering relationships with
other network providers, including technology vendor
relationships for networking hardware and software.
Global enterprise IT operations; visibility to all IT security
areas resulting from the support of Verizon Business office
locations, infrastructure assets, and employees that are
deployed worldwide.
Global relevant outside sources; news and media,
government, industry affiliation, peering agreements
and relationships, technology vendors and partners.
Network Security Environment
External Breaches Over the Past 12 Months
Virus/worms
Phishing/pharming
Spyware/malware
Social engineering
Brand hijacking
Hacking
Denial of service
Zombie networks
Other form of external breach
Website defacement
Web application breach
Wireless network breach
Online extortion
0
10
20
30
40
50
60
70
Internal Breaches Over the Past 12 Months
Virus/worms
Insider fraud
Leakage of customer data
Internal network breach
Wireless network breach
Other form of internal breach
Have not been breached
0
19
Source: Deloitte 2006 Global Security
10
20
30
40
Global Information Sources
Providing Massive Amounts of Data in
Near Real Time
Scope
Information Source
Description
Remarks
Near real time capture of flow
traffic between hosts
Identification of infected source address,
unique distribution host address or port,
remote access port, Distributed Denial
of Service attack profiles
Over 4 million records
captured per minute
Network wide activity snapshot
Identification of origin of a security
incident, historical analysis of emerging
threats or outbreaks
Over 422 million records
captured per hour
Global
Routing security events captured
from Verizon Business’s IP
backbone infrastructure assets
Identification of malicious, mis-configured
or otherwise misdirected hosts on the
public Internet
Approximately 30,000 records
captured per hour
Global
Honeynet – Simulated
enterprise environment
Identification of exploit methods and
malware propagation methods
Up to 5 million network
segments or hosts monitored
Global
Operating System and Link
characterization of TCP sessions
Identification of OS identity trends
in the infectious, malicious attacking
or distribution hosts
One observance per minute
typical; up to 5 million network
segments or hosts monitored
Passive network
statistics collection
Capture, trend and characterization of
payload emerging from network trends
for scope verification
Event-driven
Global
Intrusion Detection Systems
Identification of Zero-day attacks and
other malicious activity
Up to 2 million event records
observed per day
USA
Global
Global
20
Derivative Information
Global Information Sources
Providing Massive Amounts of Data in
Near Real Time (cont’d)
Scope
Information Source
Description
Global
Identification of zero-day attacks and
other malicious activity; cross reference
capabilities against port and protocol
trending indicators
Up to 1.5 million records
per day
Verizon Internal IT Operations
Network, computer, server, endpoint, and
application security events
Event-driven
DNS Alerts
Domain Name Services variations
and abnormalities
Event-driven
Managed Services Event
Information
Identification of unique or common
exploits affecting various networking
and security demarcations, devices
and technologies deployed on
various networks
Event-driven
IP Backbone operations
Identification of network traffic and
network device events impacting or
interesting to IT security; including abuse
tickets reported on Verizon Business’
Internet backbone
Event-driven
External sources: News,
Government, Security group,
Network providers, technology
vendors and providers
Identification of public or third-party
security event or information; situational
awareness, unique, or common threat
identification, product and platform
threats and vulnerabilities
Event-driven
Global
Global
Global
21
Remarks
Traces – Payload capture
Global
Global
Derivative Information
Secure Information Portal
•
How to provide:
»
»
»
»
Assured authentication
File and data security
Capability for sending sensitive data
Security for mobile devices (PDA’s)
•
How to allow: Secure Intra/Inter Agency or Coalition/Allied
Collaboration
•
How to ensure: Data Integrity and Non-Repudiation
Non-repudiation is the concept of ensuring that a contract, especially one agreed to via the Internet, cannot later be denied by one of the parties involved.
22
Hosted Federated Authentication
Value Proposition
– Authentication
CONUS
23
of
choice
– Leverage existing
infrastructure
– Enable information
exchange
– Supports ad hoc
secure collaboration
Collaboration Portal
• Text Collaboration (Chat & IM): Provides ability for users to
initiate and participate in low bandwidth text chat sessions
• Web Conferencing
–
–
–
–
–
–
Audio over IP:
Video over IP
Whiteboarding & Annotation: Ability to import objects
Application Sharing/Broadcasting
Presence and Awareness: Ability to identify users
Cross Domain Participation: Ad hoc conferencing
• Session Management: Management, customization, and control
• Accessible through web portal
24
The New Reality
• Voice/Data/Video is IP
• Security concerns driving Private IP migration
• IP Convergence offers opportunity to address issues
• Network is now providing critical IT tools
• COOP planning easier with “mesh” and smart portals
• Global threat requires significant flexibility in IT delivery
• OPTEMPO and sophisticated threat forcing all options
25