002
Business today is driven by free-flowing information. Corporate data travels through the cloud and mobile
devices and radiates through ideas and posts in social networks. BYOD, mobility and cloud computing have
revolutionized static IT environments, introducing the need for dynamic networks and infrastructures.
But if our IT environment has changed quickly, the threat landscape has changed even faster. The
sophistication and velocity of this evolution is growing exponentially by unleashing new attack types
frequently, combining known and unknown threats, taking advantage of “zero-day” vulnerabilities, and
utilizing hidden malware inside documents, websites, hosts and networks.
In a world with high-demanding IT infrastructures and networks, where perimeters are no longer well
defined and where threats grow more intelligent every day, we need to define the right way to protect
enterprises in the ever-changing threat landscape.
Although there is a wide proliferation of point security products, these products tend to be reactive and
tactical in nature rather than architecturally oriented. Today’s corporations need a single architecture that
combines high-performance network security devices with real-time proactive protections.
Software-defined Protection (SDP) is a new, pragmatic security architecture and methodology. It offers an
infrastructure that is modular, agile and most importantly, SECURE.
Such architecture must protect organizations of all sizes at any location: headquarters, branch offices,
roaming through smartphones or mobile devices, or when using cloud environments.
Protections should automatically adapt to the threat landscape without the need for security
administrators to follow up manually on thousands of advisories and recommendations. These
protections must integrate seamlessly into the larger IT environment, and the architecture must
provide a defensive posture that collaboratively leverages both internal and external intelligent sources.
The SDP architecture partitions the security infrastructure into three interconnected layers:
An Enforcement Layer
that is based on physical and virtual security enforcement
points and that segments the network, as well as executes the protection logic in high-
demand environments.
Execut ive
Summary
ES
A new paradigm is needed to protect organizations proactively.
