Campus SDN

SDN Solutions Showcase, October 14-17, 2014 © 2014 Open Networking Foundation

SDNSOLUTIONSSHOWCASE

Campus SDN ONF SDN Solutions Showcase Theme Demonstrations

1



Scalable Threat Protection for Campus & DC Blue Coat Systems, Advanced Threat Protection Big Switch Networks, SDN Monitoring using Big Tap

2

Advanced Threat Protection

Big Tap Scalable SDN Monitoring Fabric

Datacenter-Wide Security Monitoring & Threat Protection



About Blue Coat & Big Switch

3

•! Blue Coat Systems, Inc. –! Advanced Threat Protection / Security Lifecycle Defense

•! Threat Intelligence •! Secure Web Gateway (Proxy++) •! Security Analytics & Forensics •! SSL Visibility / Encrypted Traffic Management •! Malware Analysis Platform

•! Big Switch Networks –! Big Tap Monitoring Fabric

•! Pervasive Monitoring –! TAP every rack, TAP every location

•! Flexible scale-out deployment •! Operational simplicity/programmability •! Significant cost savings (bare-metal switches)



Post-Prevention Security Gap

4

84%

Initial Attack to Compromise

78%

Initial Compromise to Discovery

Hours 60%

Days 13%

weeks 2% Seconds

11% Minutes 13%

Months 62%

Weeks

12%

Days

11%

Hours

9% Years

4%



Post-Prevention Security Gap

5

NG

FW

IDS

/ IP

S

Hos

t AV

Web

Gat

eway

SIE

M

Em

ail G

atew

ay

DLP

Web

App

licat

ion

Fire

wal

l

Advanced Threat Protection

•! Content

•! Detection

•! Analytics

•! Context

•! Visibility

•! Analysis

•! Intelligence

SIGNATURE-BASED DEFENSE-IN-DEPTH TOOLS

Nation States Cybercriminals

Hacktivists Insider-Threats

Threat Actors

Known Threats Known Malware

Known Files Known IPs/URLs

Traditional Threats

Novel Malware Zero-Day Threats Targeted Attacks Modern Tactics &

Techniques

Advanced Threats

SSL



Monitoring Threats with SDN

6

TRADITIONAL ARCHITECTURE

TAP AND TOOL SILOS WITH

NETWORK PACKET BROKERS (NPBs)

1G SPAN

10G SPAN

TAP 1/10G

TAP 1/10G TAP 1/10G

NPB

NPB

NPB

PRODUCTION NETWORK

1G to 10G Migration

10G to 40G Migration

Control Network

NPB NPB

Bar

e M

etal

, Sca

labl

e Fa

bric

1G/10G/40G Tool Farm

NPB Services

Big Tap Controller

Bar

e M

etal

, Sca

labl

e Fa

bric

B

are

Met

al, S

cala

ble

Fabr

ic

Bar

e M

etal

, Sca

labl

e Fa

bric

Tool Farm

Bar

e M

etal

, Sca

labl

e Fa

bric

B

are

Met

al, S

cala

ble

Fabr

ic

Bar

e M

etal

, Sca

labl

e Fa

bric

B

are

Met

al, S

cala

ble

Fabr

ic

Control Network

1G SPAN

10G SPAN

TAP 1/10G

TAP 1/10G TAP 1/10G

PRODUCTION NETWORK

NEXT GENERATION ARCHITECTURE

BARE METAL SDN MONITORING FABRIC



Visibility Where Needed

7

NPB

FILL

TER

PO

RTS

DE

LIV

ER

Y P

OR

TS

SERVICE PORTS

1/10/40G ETHERNET MONITORING FABRIC BLUE COAT

NPB

PRIMARY DATA CENTER(S)

CENTRALIZED

BIG TAP CONTROLLER

REMOTE SITES

PRODUCTION NETWORK

L2-GRE Tunnels

1G SPAN

10G SPAN

TAP 1/10G TAP 1/10G

TAP 1/10G

DATA CENTER PRODUCTION

NETWORK Advanced Threat

Protection



Scalability in SDN Campus/DC Big Tap

Controller

Control Network

BLUE COAT Threat Protection

Network



Dynamic Policy Creation via REST API

9 (c) 2014, BIG SWITCH NETWORKS, INC. PROPRIETARY AND CONFIDENTIAL

SPAN

SPAN

TAP

TAP

PRODUCTION NETWORK

•! Invoke REST API of the Big Tap Monitoring Fabric

•! Dynamically provision / activate / update the policy

•! The Intruder Traffic is now replicated to the malware analysis device

Control Network

NPB NPB

1G/10G/40G Tool Farm

Big Tap Controller

Control Network

F1

D1

D2

Normal packet

Intruder Packet

BLUE COAT SECURITY ANALYTICS

BLUE COAT MALWARE ANALYSIS DEVICE

Big Tap Controller

Tool Farm

D1 D1

D2 D2 D2 D2 D2

BLUE COAT SECURITY

BLUE COAT MALWARE ANALYSIS DEVICE



Going to Video…

10

•! Recap –! Today’s security landscape requires rapid response

•! Impossible to block unknown-unknowns –! Effective security tools require DVR functionality, context and

analytics to expedite root cause •! Forensics requires retrospect, context and content

–! SDN enables efficiency and scalability in a cost effective package •! Scalable visibility, tool efficiency

–! API integration enables ‘smart TAP’ functionality for intelligent monitoring

•! Capture interesting or suspect traffic –! Support for partitioned Multi-tenancy

•! Need to securely share ‘co-mingled’ data discretely •! For more information, see us at our booth •! Let’s go to the demo •! Thank you for your time!

Campus SDN

Documents

Transcript of Campus SDN