2015 angelbeat_convergencemsg-final
TRANSCRIPT
![Page 1: 2015 Angelbeat_ConvergenceMsg-FINAL](https://reader033.vdocument.in/reader033/viewer/2022051720/58a5901a1a28abe61a8b6fbb/html5/thumbnails/1.jpg)
The Convergence of
Network & Security
![Page 2: 2015 Angelbeat_ConvergenceMsg-FINAL](https://reader033.vdocument.in/reader033/viewer/2022051720/58a5901a1a28abe61a8b6fbb/html5/thumbnails/2.jpg)
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 2
20 Years of Maintaining Current Enterprise IT Initiatives
Data center consolidation
BYOD and multiple devices
Cloud
Low total cost
of ownership
Virtualization
Big Data
Service assurance
1Gb -> 100Gb
Security
Application complexity
Unified Communications
![Page 3: 2015 Angelbeat_ConvergenceMsg-FINAL](https://reader033.vdocument.in/reader033/viewer/2022051720/58a5901a1a28abe61a8b6fbb/html5/thumbnails/3.jpg)
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 3
Technology Manufacturing Healthcare InsuranceFinancial
servicesRetail Government Carriers
Strong and Diverse Customer Base
![Page 4: 2015 Angelbeat_ConvergenceMsg-FINAL](https://reader033.vdocument.in/reader033/viewer/2022051720/58a5901a1a28abe61a8b6fbb/html5/thumbnails/4.jpg)
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 4
Challengers Leaders
Completeness of Vision
JDSU/
Network Instruments
Ability to
Execute
Magic Quadrant for Network Performance
Monitoring and Diagnostics (NPMD)
Gartner Magic Quadrant, March 2015
![Page 5: 2015 Angelbeat_ConvergenceMsg-FINAL](https://reader033.vdocument.in/reader033/viewer/2022051720/58a5901a1a28abe61a8b6fbb/html5/thumbnails/5.jpg)
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 5
2015 State of the Network Survey
Study evaluates
• Role of Network teams in Security investigations
• UC adoption and challenges
• Key application management issues
322 respondents globally
![Page 6: 2015 Angelbeat_ConvergenceMsg-FINAL](https://reader033.vdocument.in/reader033/viewer/2022051720/58a5901a1a28abe61a8b6fbb/html5/thumbnails/6.jpg)
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 6
NETWORK TEAM’S ROLE IN SECURITY
![Page 7: 2015 Angelbeat_ConvergenceMsg-FINAL](https://reader033.vdocument.in/reader033/viewer/2022051720/58a5901a1a28abe61a8b6fbb/html5/thumbnails/7.jpg)
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 7
Is the Network Team involved in Security?
8 in 10 network teams are also involved in security
![Page 8: 2015 Angelbeat_ConvergenceMsg-FINAL](https://reader033.vdocument.in/reader033/viewer/2022051720/58a5901a1a28abe61a8b6fbb/html5/thumbnails/8.jpg)
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 8
Time Spent on Security
One-quarter of network teams spend more than 10 hours per week involved in security issues
![Page 9: 2015 Angelbeat_ConvergenceMsg-FINAL](https://reader033.vdocument.in/reader033/viewer/2022051720/58a5901a1a28abe61a8b6fbb/html5/thumbnails/9.jpg)
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 9
Has this Increased over the Past Year?
![Page 10: 2015 Angelbeat_ConvergenceMsg-FINAL](https://reader033.vdocument.in/reader033/viewer/2022051720/58a5901a1a28abe61a8b6fbb/html5/thumbnails/10.jpg)
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 10
Network Team Roles in Security
![Page 11: 2015 Angelbeat_ConvergenceMsg-FINAL](https://reader033.vdocument.in/reader033/viewer/2022051720/58a5901a1a28abe61a8b6fbb/html5/thumbnails/11.jpg)
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 11
Methods for Identifying Security Issues
![Page 12: 2015 Angelbeat_ConvergenceMsg-FINAL](https://reader033.vdocument.in/reader033/viewer/2022051720/58a5901a1a28abe61a8b6fbb/html5/thumbnails/12.jpg)
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 12
Greatest Challenges Addressing Security
![Page 13: 2015 Angelbeat_ConvergenceMsg-FINAL](https://reader033.vdocument.in/reader033/viewer/2022051720/58a5901a1a28abe61a8b6fbb/html5/thumbnails/13.jpg)
Network Security &
Forensics
![Page 14: 2015 Angelbeat_ConvergenceMsg-FINAL](https://reader033.vdocument.in/reader033/viewer/2022051720/58a5901a1a28abe61a8b6fbb/html5/thumbnails/14.jpg)
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 14
Does your Data Center Security look like
this to Hackers?
![Page 15: 2015 Angelbeat_ConvergenceMsg-FINAL](https://reader033.vdocument.in/reader033/viewer/2022051720/58a5901a1a28abe61a8b6fbb/html5/thumbnails/15.jpg)
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 15
Or this?
![Page 16: 2015 Angelbeat_ConvergenceMsg-FINAL](https://reader033.vdocument.in/reader033/viewer/2022051720/58a5901a1a28abe61a8b6fbb/html5/thumbnails/16.jpg)
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 16
Types of Security Products
Technologies
• Network Based- Requires access to the network data via in-line connection, tap or
Mirror ports
• Host Based- Local system-specific settings, software calls, local security policy,
local log audits, etc…
- Must be installed on each machine
- Requires OS & SW specific configuration
![Page 17: 2015 Angelbeat_ConvergenceMsg-FINAL](https://reader033.vdocument.in/reader033/viewer/2022051720/58a5901a1a28abe61a8b6fbb/html5/thumbnails/17.jpg)
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 17
Network and Host Based Security Tools
• IPS - Intrusion Prevention System - Inspects traffic flowing through a network and can block malicious
behavior
• IDS - Intrusion Detection System - Similar to IPS but does not block - only logs or alerts on malicious
traffic
• Firewall- Drops non-compliant traffic based on configured rules
• Antivirus/Malware/Spam Software- Provides local protection for server and user platforms
Are they enough?
![Page 18: 2015 Angelbeat_ConvergenceMsg-FINAL](https://reader033.vdocument.in/reader033/viewer/2022051720/58a5901a1a28abe61a8b6fbb/html5/thumbnails/18.jpg)
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 18
Recent Security Breaches
![Page 19: 2015 Angelbeat_ConvergenceMsg-FINAL](https://reader033.vdocument.in/reader033/viewer/2022051720/58a5901a1a28abe61a8b6fbb/html5/thumbnails/19.jpg)
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 19
http://www.informationisbeautiful.net/visualizations/worlds-
biggest-data-breaches-hacks/
![Page 20: 2015 Angelbeat_ConvergenceMsg-FINAL](https://reader033.vdocument.in/reader033/viewer/2022051720/58a5901a1a28abe61a8b6fbb/html5/thumbnails/20.jpg)
A Comprehensive Security System
Firewalls
Intrusion Prevention
Intrusion Detection
Packet Forensics -
Network Packet Recorder
Increasing Level of Prevention Increasing Level of Forensics Visibility
![Page 21: 2015 Angelbeat_ConvergenceMsg-FINAL](https://reader033.vdocument.in/reader033/viewer/2022051720/58a5901a1a28abe61a8b6fbb/html5/thumbnails/21.jpg)
What is a Network Packet Recorder
• A technology that records digital
communications, no matter what language
(protocol) is used between the parties
• Combined with analysis software, recorded
communications can be investigated to identify
what information was exchanged and when
![Page 22: 2015 Angelbeat_ConvergenceMsg-FINAL](https://reader033.vdocument.in/reader033/viewer/2022051720/58a5901a1a28abe61a8b6fbb/html5/thumbnails/22.jpg)
Questions Answered with Network Recorders
• Who’s trying to enter/communicate with my
resource(s)?
• What other resources has this person
communicated with?
• When did this entity enter/communicate
previously?
• What Files has this entity tried to access?
• Who’s been trying to enter false passwords?
• Is an entity trying to deliver a malicious
“package” to a device on my network?
![Page 23: 2015 Angelbeat_ConvergenceMsg-FINAL](https://reader033.vdocument.in/reader033/viewer/2022051720/58a5901a1a28abe61a8b6fbb/html5/thumbnails/23.jpg)
Network Forensics – Essential Capabilities
• Full packet capture with massive scale and in compliance with digital evidence rules
• Retention of data for days or weeks
• Fast access to captured data via search and other tools
• Packet header analysis, including summarizing and trending the network activity
• Packet contents analysis across protocols, including file extraction, session viewing, and L4-7 application analysis.
• Compare data with known threat signatures
• See all traffic and make inferences about relationships
![Page 24: 2015 Angelbeat_ConvergenceMsg-FINAL](https://reader033.vdocument.in/reader033/viewer/2022051720/58a5901a1a28abe61a8b6fbb/html5/thumbnails/24.jpg)
NETWORK FORENSICS
Essential Capabilities
![Page 25: 2015 Angelbeat_ConvergenceMsg-FINAL](https://reader033.vdocument.in/reader033/viewer/2022051720/58a5901a1a28abe61a8b6fbb/html5/thumbnails/25.jpg)
Start Investigation at the time of the Incident
![Page 26: 2015 Angelbeat_ConvergenceMsg-FINAL](https://reader033.vdocument.in/reader033/viewer/2022051720/58a5901a1a28abe61a8b6fbb/html5/thumbnails/26.jpg)
Identify Threats & Reconstruct Events
• Identification Processing in Observer
o Pattern matching and filtering
• SNORT
• Custom
o Packet Processing
• IP Flow tracking
• IP Defragmentation
• TCP Stream reassembly
• HTTP URI Normalization
• ARP Inspection
• Telnet Normalization
o Anomaly Detection
o Encryption & Keys
![Page 27: 2015 Angelbeat_ConvergenceMsg-FINAL](https://reader033.vdocument.in/reader033/viewer/2022051720/58a5901a1a28abe61a8b6fbb/html5/thumbnails/27.jpg)
Comparing Packets with Known Signatures
Define your own security filters, or import forensic analysis rules from SNORT.org
![Page 28: 2015 Angelbeat_ConvergenceMsg-FINAL](https://reader033.vdocument.in/reader033/viewer/2022051720/58a5901a1a28abe61a8b6fbb/html5/thumbnails/28.jpg)
Forensics Analysis Log – Clear Information
![Page 29: 2015 Angelbeat_ConvergenceMsg-FINAL](https://reader033.vdocument.in/reader033/viewer/2022051720/58a5901a1a28abe61a8b6fbb/html5/thumbnails/29.jpg)
Anomaly Detection & Baselining
![Page 30: 2015 Angelbeat_ConvergenceMsg-FINAL](https://reader033.vdocument.in/reader033/viewer/2022051720/58a5901a1a28abe61a8b6fbb/html5/thumbnails/30.jpg)
Alarm on KPI baseline deviations
![Page 31: 2015 Angelbeat_ConvergenceMsg-FINAL](https://reader033.vdocument.in/reader033/viewer/2022051720/58a5901a1a28abe61a8b6fbb/html5/thumbnails/31.jpg)
Post-Event Intrusion Resolution
• Application-Aware Network Tools with DPI can
strengthen a Security strategy
• Long term capture/storage acts like a 24/7
Video Camera on the Network
o Storage that can scale to PB retention levels
o Network and Security personnel can efficiently
detect and root-out intrusions, malware, and
other un-authorized activities within the IT
infrastructure.
o Reduce Tool sprawl and increase collaboration