2015 Angelbeat_ConvergenceMsg-FINAL
-
Upload
rick-kingsley -
Category
Documents
-
view
116 -
download
3
Transcript of 2015 Angelbeat_ConvergenceMsg-FINAL
The Convergence of
Network & Security
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 2
20 Years of Maintaining Current Enterprise IT Initiatives
Data center consolidation
BYOD and multiple devices
Cloud
Low total cost
of ownership
Virtualization
Big Data
Service assurance
1Gb -> 100Gb
Security
Application complexity
Unified Communications
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 3
Technology Manufacturing Healthcare InsuranceFinancial
servicesRetail Government Carriers
Strong and Diverse Customer Base
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 4
Challengers Leaders
Completeness of Vision
JDSU/
Network Instruments
Ability to
Execute
Magic Quadrant for Network Performance
Monitoring and Diagnostics (NPMD)
Gartner Magic Quadrant, March 2015
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 5
2015 State of the Network Survey
Study evaluates
• Role of Network teams in Security investigations
• UC adoption and challenges
• Key application management issues
322 respondents globally
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 6
NETWORK TEAM’S ROLE IN SECURITY
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 7
Is the Network Team involved in Security?
8 in 10 network teams are also involved in security
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 8
Time Spent on Security
One-quarter of network teams spend more than 10 hours per week involved in security issues
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 9
Has this Increased over the Past Year?
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 10
Network Team Roles in Security
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 11
Methods for Identifying Security Issues
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 12
Greatest Challenges Addressing Security
Network Security &
Forensics
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 14
Does your Data Center Security look like
this to Hackers?
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 15
Or this?
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 16
Types of Security Products
Technologies
• Network Based- Requires access to the network data via in-line connection, tap or
Mirror ports
• Host Based- Local system-specific settings, software calls, local security policy,
local log audits, etc…
- Must be installed on each machine
- Requires OS & SW specific configuration
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 17
Network and Host Based Security Tools
• IPS - Intrusion Prevention System - Inspects traffic flowing through a network and can block malicious
behavior
• IDS - Intrusion Detection System - Similar to IPS but does not block - only logs or alerts on malicious
traffic
• Firewall- Drops non-compliant traffic based on configured rules
• Antivirus/Malware/Spam Software- Provides local protection for server and user platforms
Are they enough?
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 18
Recent Security Breaches
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 19
http://www.informationisbeautiful.net/visualizations/worlds-
biggest-data-breaches-hacks/
A Comprehensive Security System
Firewalls
Intrusion Prevention
Intrusion Detection
Packet Forensics -
Network Packet Recorder
Increasing Level of Prevention Increasing Level of Forensics Visibility
What is a Network Packet Recorder
• A technology that records digital
communications, no matter what language
(protocol) is used between the parties
• Combined with analysis software, recorded
communications can be investigated to identify
what information was exchanged and when
Questions Answered with Network Recorders
• Who’s trying to enter/communicate with my
resource(s)?
• What other resources has this person
communicated with?
• When did this entity enter/communicate
previously?
• What Files has this entity tried to access?
• Who’s been trying to enter false passwords?
• Is an entity trying to deliver a malicious
“package” to a device on my network?
Network Forensics – Essential Capabilities
• Full packet capture with massive scale and in compliance with digital evidence rules
• Retention of data for days or weeks
• Fast access to captured data via search and other tools
• Packet header analysis, including summarizing and trending the network activity
• Packet contents analysis across protocols, including file extraction, session viewing, and L4-7 application analysis.
• Compare data with known threat signatures
• See all traffic and make inferences about relationships
NETWORK FORENSICS
Essential Capabilities
Start Investigation at the time of the Incident
Identify Threats & Reconstruct Events
• Identification Processing in Observer
o Pattern matching and filtering
• SNORT
• Custom
o Packet Processing
• IP Flow tracking
• IP Defragmentation
• TCP Stream reassembly
• HTTP URI Normalization
• ARP Inspection
• Telnet Normalization
o Anomaly Detection
o Encryption & Keys
Comparing Packets with Known Signatures
Define your own security filters, or import forensic analysis rules from SNORT.org
Forensics Analysis Log – Clear Information
Anomaly Detection & Baselining
Alarm on KPI baseline deviations
Post-Event Intrusion Resolution
• Application-Aware Network Tools with DPI can
strengthen a Security strategy
• Long term capture/storage acts like a 24/7
Video Camera on the Network
o Storage that can scale to PB retention levels
o Network and Security personnel can efficiently
detect and root-out intrusions, malware, and
other un-authorized activities within the IT
infrastructure.
o Reduce Tool sprawl and increase collaboration