SESSION ID:

#RSAC

Network of Steel –

Designing Ultra-Resilient Networks to

Counter Mega Scale Cyber Attacks

Cyber-Security Evangelist

Ixia

SPO-F03

Amritam Putatunda

#RSAC

What this session will cover

Assessment based Policy Configurations and Purchase decisions

Scareware / Consequence

Key aspects of network security

End point/Auth security methods

In the event of eventuality -Visibility to increase network Resiliency

What this session will not cover

Lower layer(Dot1X, IPsec) security

#RSAC

Why Steel?

Strong

At times vulnerable

Trustworthy

Resilient

#RSACPrelude: Know who you are and what your worth.

Cost of Breach

Your present Security Posture

Data driven Implementation

Resiliency with Visibility

#RSAC

Designing Network of Steel-Key Areas of Focus

Net

wo

rk D

efen

seApplication Performance

Application Visibility and Control

Attack Detection/Mitigation Capability

Intrusion Prevention Efficiency

Anti-DDoS Capability

Advanced Breach Detection

#RSAC

6

How is it Done?

MGMTserver

IPSWebfarm

Serverfarm

DB farm

IPS

IPS

WLAN/LANGW

IPS

IPS

WAN

WAF

DAM

NGFWTraffic GeneratorTraffic Generator

Traffic Generator

Traffic Generator

Traffic Generator

Traffic Generator

Application Traffic

Network Traffic

User Behavior modeling

Attacker traffic

Mix of Apps & Attacks

#RSAC#1 Application Performance

Theoretical Max performance

Ideal performance with application mix

Major traffic blockage points

Key Assessment

Recommendations

Wan OptimizersApplication rules and policy analysis

Result Based recommendationsApp Delivery Cntrolers

Server Load Balancers

#RSAC#2 Application Visibility and Control

Applications Detection Capability

Application Control capability

Key Assessment

Recommendations

Application MonitorTailor made application rules

Application visibility implementation Deep Packet Inspector

SSL Proxies

#RSAC#3 Attack Mitigation Capability

Signature detections for Malwares

Signature detections for Vulnerabilities

Detection efficiency under evasion

Assessment

Recommendations

Next Generation FirewallBlocking rules/policies streamlining

Result Based recommendations Advanced Filters

#RSAC#4 Intrusion Prevention Efficiency

URL Filtering abilities

Bot to C&C transaction detection

Ability to eliminate False Positives

Assessment

Recommendations

URL FiltersStreamlining policies to eliminate FP

Result Based recommendationsSpam/Spyware Filters

File processors

#RSAC#5 DDoS Capability

Volumetric DDoS mitigation ability

Low and Slow DDoS mitigation ability

Application DDoS mitigation ability

Assessment

RecommendationsDDoS scrubbers

Server session/memory limit settings

Result Based recommendations

Clean Pipe Solutions

False Positive elimination

#RSAC#6 Advanced Breach Detection/Mitigation

Attacks hidden within apps

Advanced Targeted/persistent attacks

Kill Chain Life Cycle analysis

Assessment

RecommendationsSand Box’s

Result Based recommendations Managed Services

Heuristics Analysis tools

#RSAC

Time To Detect

In the Event of a Breach

Every defense has its own weaknesses

Endpoints can be compromised and footprints erased

Enhance Resiliency

Log Everything-Once Logged in network it stays forever

Alert: Access from ip 12.1.21.1

Alert: Port snoop detected in zone

High: Dark hotel APT intrusion

Log: Unencrypted PDF sent detected

Log: North Korean IP detected at zo

Time To Compromise

#RSAC

© 2015 Forrester Research, Inc. Reproduction Prohibited 14

MGMTserver

IPSWebfarm

Serverfarm

DB farm

IPS

IPS

WLANGW

IPS

IPS

WAN

WAF

DAM

DAN

SIMNAV

Inspect and log everything

NAV – Network Analysis and Visibility

SIM – Security Information Management

DAN – Data Acquisition Network

NGFW

#RSAC

MGMTserver

IPSWebfarm

Serverfarm

DB farm

IPS

IPS

WLANGW IPS

IPS

WAN

WAF

DAM

DAN

SIM NAV

Building a DAN

SPAN Ports are ineffective

TAP all internal traffic

Send everything intelligently to SA

#RSAC

Network discovery

Flow data analysis

Packet capture and

analysis

Network metadata analysis

Network forensic

examination

Network Analysis and Visibility (NAV) is a diverse set of tools with similar functionality

Provides scalable insight into the network

Verifies access and behavior.Reconstructs and reviews application level traffic.

Sends a message to potential malicious insiders

Changes user behaviors.Reduces temptation

#RSAC

Visibility Architecture Data Flow

17

LAN/WAN

Appl. Mon. Compliance or capture toolsSecurity Tool

Farms

Virtual Network

Physical Tap

Access Layer Virtual Taps

Physical Taps

Control Layer

NPBs for filtering, load balance,

aggregation, regeneration

Performance ToolsMonitoring Layer tools provide

analytics and performance metrics

Network Packet Broker

Inline Bypasses

Virtual Taps

#RSAC

To Summarize

18

Understand your network status and present needs

Be prepared for eventuality – RESILIENT Architecture

Implement Complete visibility and Intelligent logging to ensure there’s no place to hide

Remove assumptions and focus on Data Driven Investments –Trust but Verify