Solera Networks at Sharkfest 2008
-
Upload
lovemytool -
Category
Documents
-
view
220 -
download
0
Transcript of Solera Networks at Sharkfest 2008
-
8/14/2019 Solera Networks at Sharkfest 2008
1/22
SHARKFEST '08 | Foothill College | March 31 - April 2, 2008
The Virtues of Continuous DeepPacket Capture and Stream-To-StorageMarch 31, 2008
Paal TveitVP of Engineering | Solera Networks
SHARKFEST '08Foothill College
March 31 - April 2, 2008
-
8/14/2019 Solera Networks at Sharkfest 2008
2/22
SHARKFEST '08 | Foothill College | March 31 - April 2, 2008
Introduction
Why Continuous and Why Complete? Deployment Strategies
Value and Benefits
Use Case Scenarios
Demonstration
Q & A
-
8/14/2019 Solera Networks at Sharkfest 2008
3/22
SHARKFEST '08 | Foothill College | March 31 - April 2, 2008
Why Not a Sample?
A sample only gives you a piece ofthe puzzle
Samples are often guesswork
Packet header captures will missimportant payload data
Samples don't represent whathappened not an historical picture
Trends will be missed
Why not get the whole picture?
Complete capture and stream-to-storage can reveal all
-
8/14/2019 Solera Networks at Sharkfest 2008
4/22
SHARKFEST '08 | Foothill College | March 31 - April 2, 2008
Deep Packet Capture
Considerations for Deep Packet Capture solutions: Full packet (header and payload Layer 2-7)
Lossless nothing gets dropped
Capture at today's speeds, up to and including 10Gb
Must be able to capture, store, organize and filter
-
8/14/2019 Solera Networks at Sharkfest 2008
5/22
SHARKFEST '08 | Foothill College | March 31 - April 2, 2008
Stream-To-Storage The Full Record
Continuous capture is key Full record can provides foundation for analysis Large record identifies trends
Always on catches everything when you don't know whatto look for
Repository must be large enough for a sufficientrecord and extensible
Ability to pull data to permanent storage Archive select traffic for long-term analysis or compliance
Internal RAID must match network performance
Fibre Channel and/or iSCSI SAN
-
8/14/2019 Solera Networks at Sharkfest 2008
6/22
Platform: Open vs. Proprietary?
Proprietary platform based on tightly-coupled hardwarecapture and software analysis tools. Specific solutionsthat focus on point analysis (top talkers, protocoldistribution, etc.).
New open platform providing a software-based solutionallows for greater flexibility.
COTS
Virtual Machine APIs
-
8/14/2019 Solera Networks at Sharkfest 2008
7/22
Software vs. Hardware
Hardware: Dedicated appliances/custom-built appliances
Proprietary capture cards
Locked into applications provided by vendor
Software solutions:
Portability
Virtual appliances
Custom applications and development
-
8/14/2019 Solera Networks at Sharkfest 2008
8/22
SHARKFEST '08 | Foothill College | March 31 - April 2, 2008
Deployment Physical Network
DPC/STSAppliance
Archive(long-term storage)
Additional Storage(larger window)
-
8/14/2019 Solera Networks at Sharkfest 2008
9/22
SHARKFEST '08 | Foothill College | March 31 - April 2, 2008
Analysis Methods
pcap snapshot files from the historical record Regeneration onto another network
DPI solutions
Traffic shaping
Throttle traffic to match speeds of analysis tools
Virtual Interfaces
APIs for integration into DPC solution
-
8/14/2019 Solera Networks at Sharkfest 2008
10/22
SHARKFEST '08 | Foothill College | March 31 - April 2, 2008
Analysis Tools Now with Full History
Numerous tools can
benefit from a completerecord of network trafficPacket Analysis ToolsInstant Messaging (IM) AnalysisTools
HTTP Analysis ToolsWeb Reporting ToolsIntrusion Detection/PreventionSystems (IDS/IPS) ToolsNetwork Security ToolsOS Detection ToolsNetwork/Application QOS ToolsCustom-developed toolsets
-
8/14/2019 Solera Networks at Sharkfest 2008
11/22
Challenges
Network Security
- Incomplete Views
Data Loss Prevention
- No Record of Events
Network Management
- Limited Visibility
Compliance
- Not Comprehensive
11
-
8/14/2019 Solera Networks at Sharkfest 2008
12/22
Challenges/Solutions
Network Security
- Incomplete Views / Comprehensive Surveillance
Data Loss Prevention
- No Record of Events / Complete Auditable Record
Network Management
- Limited Visibility / Replay Actual Events
Compliance
- Not Comprehensive / Unabridged Record of Events
12
-
8/14/2019 Solera Networks at Sharkfest 2008
13/22
SHARKFEST '08 | Foothill College | March 31 - April 2, 2008
Examples of Use
Network Security Network Forensics
Network Management
eDiscovery
Compliance
-
8/14/2019 Solera Networks at Sharkfest 2008
14/22
SHARKFEST '08 | Foothill College | March 31 - April 2, 2008
Network Security
Prolonged intrusion Security policy update validation
Data leakage detection
-
8/14/2019 Solera Networks at Sharkfest 2008
15/22
SHARKFEST '08 | Foothill College | March 31 - April 2, 2008
Network Forensics
DOS and DDOS analysis Virus proliferation analysis
-
8/14/2019 Solera Networks at Sharkfest 2008
16/22
SHARKFEST '08 | Foothill College | March 31 - April 2, 2008
Network Management
Network performance analysis Network reliability analysis
-
8/14/2019 Solera Networks at Sharkfest 2008
17/22
SHARKFEST '08 | Foothill College | March 31 - April 2, 2008
eDiscovery
Network traffic as evidence
-
8/14/2019 Solera Networks at Sharkfest 2008
18/22
SHARKFEST '08 | Foothill College | March 31 - April 2, 2008
Compliance
Sarbanes-Oxley HIPAA
-
8/14/2019 Solera Networks at Sharkfest 2008
19/22
SHARKFEST '08 | Foothill College | March 31 - April 2, 2008
Demonstration
Look at virtual appliance capturesDownload pcap
Use Wireshark to analyze pcap
-
8/14/2019 Solera Networks at Sharkfest 2008
20/22
SHARKFEST '08 | Foothill College | March 31 - April 2, 2008
Virtues of DPC and STS - Recap
You have the whole picture, not just a sample It's always on, acting as your backup Nothing is lost Reduce mean time to resolution of network problems
find the root cause, not just symptom Open systems allow flexible deployment and analysis
options Supports network security, network management,
forensics/eDiscovery, and compliance initiatives
It is becoming a best practice complete networkvisibility is a priority
-
8/14/2019 Solera Networks at Sharkfest 2008
21/22
SHARKFEST '08 | Foothill College | March 31 - April 2, 2008
Q & A
Th k Y
-
8/14/2019 Solera Networks at Sharkfest 2008
22/22
SHARKFEST '08 | Foothill College | March 31 - April 2, 2008
Thank You
Paal Tveit
VP of Engineering | Solera Networks
mailto:[email protected]:[email protected]