• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
DSS ITSEC 2013 Conference 07.11.2013  - IPOQUE Traffic Management
 

DSS ITSEC 2013 Conference 07.11.2013 - IPOQUE Traffic Management

on

  • 293 views

Presentation from one of the remarkable IT Security events in the Baltic States organized by “Data Security Solutions” (www.dss.lv ) Event took place in Riga, on 7th of November, 2013 and was ...

Presentation from one of the remarkable IT Security events in the Baltic States organized by “Data Security Solutions” (www.dss.lv ) Event took place in Riga, on 7th of November, 2013 and was visited by more than 400 participants at event place and more than 300 via online live streaming.

Statistics

Views

Total Views
293
Views on SlideShare
293
Embed Views
0

Actions

Likes
0
Downloads
6
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Youtube example – file PDF with every release - Marcel
  • Youtube example – file PDF with every release - Marcel

DSS ITSEC 2013 Conference 07.11.2013  - IPOQUE Traffic Management DSS ITSEC 2013 Conference 07.11.2013 - IPOQUE Traffic Management Presentation Transcript

  • DEEP PACKET INSPECTION (DPI) AS A SOLUTION TO MANAGING SECURITY THREATS Ian Betteridge November 2013
  • THE SECURITY CHALLENGE • More sophisticated and effective cyber attacks mean traditional security solutions e.g. firewall, IDS/IPS, UTM are struggling to cope. • Need flexible and customized security policy control for real pro-active cyberdefense, especially to meet the high security needs of the government sector.
  • IPOQUE PACE = STATE OF THE ART DPI PREPROCESSING • Defragmentation Engine • Packet Re-ordering • Connection subscriber tracking • L3 encapsulation CLASSIFICATION METADATA EXTRACTION EXTRA FEATURES • Protocol • Traffic statistics • OS detection • Protocol group • Users/Subscribers’ statistics • Client-Server identification • QoS parameters • Tethering detection • Sub protocol • Application • Ads detection • Custom defined protocol • Fast Path
  • PACE – HOW WE DO DPI • We use a variety of analysis techniques to reliably detect network protocols: • Pattern matching • Finite state machine • Behavioral & heuristic analyses • Lengths checks • Frequency of packet sending/receiving • Amount of connections opened by a single subscriber • Encryption usage
  • PRE PROCESSING IMPROVES ACCURACY AND RATE OF CLASSIFICATION PREPROCESSING • Defragmentation Engine • Packet Re-ordering • Connection subscriber tracking • L3 encapsulation • Key Benefits • • Accuracy Flexibility • High performance
  • CLASSIFICATION Protocol History CLASSIFICATION Protocol • Flash (Group Streaming) • HTTP (Group Web) Sub Protocol • Media Application • YouTube (Group Streaming) www.ipoque.com/sites/default/files/mediafiles/ documents/data-sheet-supported-protocols.pdf
  • METADATA EXTRACTION METADATA EXTRACTION • Examples • • • • • • • User ID IP address Time and date of login/off Host User agent Emailsubject, body, sender, receiver, attachm ent etc. File transfer: sender, receiver, login, attachment etc.
  • METADATA OUTPUT NORMALIZATION Applications of same type produce the same Class Events: - i.e. each webmail has a different look and feel and proprietary structure - PADE Solution: normalize all required fields in a unified format FROM TO (CC/BCC) SUBJECT TIMESTAMP …
  • METADATA EXAMPLE
  • EXTRA FEATURES EXTRA FEATURES • Extra features • • • • • • OS detection Client-Server identification Tethering detection Advertising detection Custom defined protocols Optimization features • • • Dynamic upgrades SMP support Fast path
  • SECURITY BENEFITS IN USING DPI • Use application pre-filtering to recognize threats in adaptable flexible way • Improve security intelligence to qualify and block an attack in real-time • Gain efficiency by focusing only on real security threats • Stay current with dynamic changes in protocols and applications • Supports recognition of your custom-defined apps and protocols • Granular customization of security policy rules
  • USING PACE AS A SECOND LINE OF DEFENSE PACE DPI Cyber attacks Off the Shelf Security Products Anti-Spam, anti-virus, antimalware, firewall, DLK. Cyber Defense Solution Critical Infrastructure
  • HOW PACE ENSURES ACCURACY Looking for parameters a, b and c Looking for parameters d, e, f, and g Looking for parameters x and y 80 % 97% 100%
  • PACE DETECTION RATE All Network Elements: Protocol Groups Over 95% detection rate 71% 22% Streaming Protocols 3% Unclassified Traffic 1% VoIP Protocols 1% P2P Protocols 2% 2,000+ Applications and Protocols recognised Web Protocols Other
  • PACE PERFORMANCE TEST RESULTS Max. concurrent connections Average packet size (Bytes) Top 5 Protocols Gbps/core 418.720 569 HTTP, FLASH, BITTOR RENT, MPEG, SKYPE 3,4 71.191 523 HTTP, SSL, RTP, FLAS H, OPENVPN 5,6 Test Conditions: • • • Hardware: i3-2120 CPU @ 3.30GHz All application enabled All features enabled
  • PACE STRENGTHS AS A DPI SOLUTION • Fast Performance • High frequency of protocol and DPI engine updates • High classification accuracy (no false positives) • Low processor to memory consumption ratio • Support for over 500 protocols • Support for thousands of applications
  • THANK YOU! Ian Betteridge Ian.betteridge@ipoque.com Phone +49 341 594030 Fax +49 341 59403019