2015 Angelbeat_ConvergenceMsg-FINAL

The Convergence of

Network & Security

© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 2

20 Years of Maintaining Current Enterprise IT Initiatives

Data center consolidation

BYOD and multiple devices

Cloud

Low total cost

of ownership

Virtualization

Big Data

Service assurance

1Gb -> 100Gb

Security

Application complexity

Unified Communications


Technology Manufacturing Healthcare InsuranceFinancial

servicesRetail Government Carriers

Strong and Diverse Customer Base

http://www.vodafone.com/hub_page.html

http://www.vodafone.com/hub_page.html


Challengers Leaders

Completeness of Vision

JDSU/

Network Instruments

Ability to

Execute

Magic Quadrant for Network Performance

Monitoring and Diagnostics (NPMD)

Gartner Magic Quadrant, March 2015


2015 State of the Network Survey

Study evaluates

• Role of Network teams in Security investigations

• UC adoption and challenges

• Key application management issues

322 respondents globally


NETWORK TEAM’S ROLE IN SECURITY


Is the Network Team involved in Security?

8 in 10 network teams are also involved in security


Time Spent on Security

One-quarter of network teams spend more than 10 hours per week involved in security issues


Has this Increased over the Past Year?


Network Team Roles in Security


Methods for Identifying Security Issues


Greatest Challenges Addressing Security

Network Security &

Forensics


Does your Data Center Security look like

this to Hackers?


Or this?


Types of Security Products

Technologies

• Network Based- Requires access to the network data via in-line connection, tap or

Mirror ports

• Host Based- Local system-specific settings, software calls, local security policy,

local log audits, etc…

- Must be installed on each machine

- Requires OS & SW specific configuration


Network and Host Based Security Tools

• IPS - Intrusion Prevention System - Inspects traffic flowing through a network and can block malicious

behavior

• IDS - Intrusion Detection System - Similar to IPS but does not block - only logs or alerts on malicious

traffic

• Firewall- Drops non-compliant traffic based on configured rules

• Antivirus/Malware/Spam Software- Provides local protection for server and user platforms

Are they enough?


Recent Security Breaches


http://www.informationisbeautiful.net/visualizations/worlds-

biggest-data-breaches-hacks/

A Comprehensive Security System

Firewalls

Intrusion Prevention

Intrusion Detection

Packet Forensics -

Network Packet Recorder

Increasing Level of Prevention Increasing Level of Forensics Visibility

What is a Network Packet Recorder

• A technology that records digital

communications, no matter what language

(protocol) is used between the parties

• Combined with analysis software, recorded

communications can be investigated to identify

what information was exchanged and when

Questions Answered with Network Recorders

• Who’s trying to enter/communicate with my

resource(s)?

• What other resources has this person

communicated with?

• When did this entity enter/communicate

previously?

• What Files has this entity tried to access?

• Who’s been trying to enter false passwords?

• Is an entity trying to deliver a malicious

“package” to a device on my network?

Network Forensics – Essential Capabilities

• Full packet capture with massive scale and in compliance with digital evidence rules

• Retention of data for days or weeks

• Fast access to captured data via search and other tools

• Packet header analysis, including summarizing and trending the network activity

• Packet contents analysis across protocols, including file extraction, session viewing, and L4-7 application analysis.

• Compare data with known threat signatures

• See all traffic and make inferences about relationships

NETWORK FORENSICS

Essential Capabilities

Start Investigation at the time of the Incident

Identify Threats & Reconstruct Events

• Identification Processing in Observer

o Pattern matching and filtering

• SNORT

• Custom

o Packet Processing

• IP Flow tracking

• IP Defragmentation

• TCP Stream reassembly

• HTTP URI Normalization

• ARP Inspection

• Telnet Normalization

o Anomaly Detection

o Encryption & Keys

Comparing Packets with Known Signatures

Define your own security filters, or import forensic analysis rules from SNORT.org

Forensics Analysis Log – Clear Information

Anomaly Detection & Baselining

Alarm on KPI baseline deviations

Post-Event Intrusion Resolution

• Application-Aware Network Tools with DPI can

strengthen a Security strategy

• Long term capture/storage acts like a 24/7

Video Camera on the Network

o Storage that can scale to PB retention levels

o Network and Security personnel can efficiently

detect and root-out intrusions, malware, and

other un-authorized activities within the IT

infrastructure.

o Reduce Tool sprawl and increase collaboration

2015 Angelbeat_ConvergenceMsg-FINAL

Documents

Transcript of 2015 Angelbeat_ConvergenceMsg-FINAL