Solera Networks @ Sharkfest 2008

727 views

Published on

Solera Networks develops and markets high performance storage appliances and storage and application software and hardware solutions for the emerging Network Management and Network Security Markets. Solera's flagship product, the DS Series, is a suite of network packet recorder appliances that far surpass the gigabit barrier. Acting as a large network buffer, the DS Series integrates seamlessly with existing network applications, providing network managers a complete and accurate picture of network activity and performance.

Published in: Business, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
727
On SlideShare
0
From Embeds
0
Number of Embeds
18
Actions
Shares
0
Downloads
1
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Solera Networks @ Sharkfest 2008

    1. 1. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 The Virtues of Continuous Deep Packet Capture and Stream-To-Storage March 31, 2008 Paal Tveit VP of Engineering | Solera Networks SHARK FEST '08 Foothill College March 31 - April 2, 2008
    2. 2. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Introduction <ul><li>Why Continuous and Why Complete? </li></ul><ul><li>Deployment Strategies </li></ul><ul><li>Value and Benefits </li></ul><ul><li>Use Case Scenarios </li></ul><ul><li>Demonstration </li></ul><ul><li>Q & A </li></ul>
    3. 3. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Why Not a Sample? <ul><li>A sample only gives you a piece of the puzzle </li></ul><ul><ul><li>Samples are often guesswork </li></ul></ul><ul><ul><li>Packet header captures will miss important payload data </li></ul></ul><ul><ul><li>Samples don't represent what happened – not an historical picture </li></ul></ul><ul><ul><li>Trends will be missed </li></ul></ul><ul><li>Why not get the whole picture? </li></ul><ul><ul><li>Complete capture and stream-to-storage can reveal all </li></ul></ul>
    4. 4. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Deep Packet Capture <ul><li>Considerations for Deep Packet Capture solutions: </li></ul><ul><li>Full packet (header and payload – Layer 2-7)‏ </li></ul><ul><li>Lossless – nothing gets dropped </li></ul><ul><li>Capture at today's speeds, up to and including 10Gb </li></ul><ul><li>Must be able to capture, store, organize and filter </li></ul>
    5. 5. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Stream-To-Storage – The Full Record <ul><li>Continuous capture is key </li></ul><ul><ul><li>Full record can provides foundation for analysis </li></ul></ul><ul><ul><li>Large record identifies trends </li></ul></ul><ul><ul><li>Always on – catches everything when you don't know what to look for </li></ul></ul><ul><li>Repository must be large enough for a sufficient record and extensible </li></ul><ul><li>Ability to pull data to permanent storage </li></ul><ul><ul><li>Archive select traffic for long-term analysis or compliance </li></ul></ul><ul><li>Internal RAID must match network performance </li></ul><ul><li>Fibre Channel and/or iSCSI SAN </li></ul>
    6. 6. Platform: Open vs. Proprietary? <ul><li>Proprietary platform based on tightly-coupled hardware capture and software analysis tools. Specific solutions that focus on point analysis (top talkers, protocol distribution, etc.). </li></ul><ul><li>New open platform providing a software-based solution allows for greater flexibility. </li></ul><ul><li>COTS </li></ul><ul><li>Virtual Machine </li></ul><ul><li>APIs </li></ul>
    7. 7. Software vs. Hardware <ul><li>Hardware: </li></ul><ul><li>Dedicated appliances/custom-built appliances </li></ul><ul><li>Proprietary capture cards </li></ul><ul><li>Locked into applications provided by vendor </li></ul><ul><li>Software solutions: </li></ul><ul><li>Portability </li></ul><ul><li>Virtual appliances </li></ul><ul><li>Custom applications and development </li></ul>
    8. 8. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Deployment – Physical Network DPC/STS Appliance Archive (long-term storage)‏ Additional Storage (larger window)‏
    9. 9. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Analysis Methods <ul><li>pcap snapshot files from the historical record </li></ul><ul><li>Regeneration onto another network </li></ul><ul><ul><li>DPI solutions </li></ul></ul><ul><ul><li>Traffic shaping </li></ul></ul><ul><ul><li>Throttle traffic to match speeds of analysis tools </li></ul></ul><ul><li>Virtual Interfaces </li></ul><ul><li>APIs for integration into DPC solution </li></ul>
    10. 10. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Analysis Tools – Now with Full History <ul><li>Numerous tools can benefit from a complete record of network traffic </li></ul><ul><li>Packet Analysis Tools </li></ul><ul><li>Instant Messaging (IM) Analysis Tools </li></ul><ul><li>HTTP Analysis Tools </li></ul><ul><li>Web Reporting Tools </li></ul><ul><li>Intrusion Detection/Prevention Systems (IDS/IPS) Tools </li></ul><ul><li>Network Security Tools </li></ul><ul><li>OS Detection Tools </li></ul><ul><li>Network/Application QOS Tools </li></ul><ul><li>Custom-developed toolsets </li></ul>
    11. 11. Challenges Network Security - Incomplete Views Data Loss Prevention - No Record of Events Network Management - Limited Visibility Compliance - Not Comprehensive
    12. 12. Challenges/Solutions Network Security - Incomplete Views / Comprehensive Surveillance Data Loss Prevention - No Record of Events / Complete Auditable Record Network Management - Limited Visibility / Replay Actual Events Compliance - Not Comprehensive / Unabridged Record of Events
    13. 13. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Examples of Use <ul><li>Network Security </li></ul><ul><li>Network Forensics </li></ul><ul><li>Network Management </li></ul><ul><li>eDiscovery </li></ul><ul><li>Compliance </li></ul>
    14. 14. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Network Security <ul><li>Prolonged intrusion </li></ul><ul><li>Security policy update validation </li></ul><ul><li>Data leakage detection </li></ul>
    15. 15. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Network Forensics <ul><li>DOS and DDOS analysis </li></ul><ul><li>Virus proliferation analysis </li></ul>
    16. 16. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Network Management <ul><li>Network performance analysis </li></ul><ul><li>Network reliability analysis </li></ul>
    17. 17. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 eDiscovery <ul><li>Network traffic as evidence </li></ul>
    18. 18. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Compliance <ul><li>Sarbanes-Oxley </li></ul><ul><li>HIPAA </li></ul>
    19. 19. Demonstration <ul><li>Look at virtual appliance captures </li></ul><ul><li>Download pcap </li></ul><ul><li>Use Wireshark to analyze pcap </li></ul>SHARKFEST '08 | Foothill College | March 31 - April 2, 2008
    20. 20. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Virtues of DPC and STS - Recap <ul><li>You have the whole picture, not just a sample </li></ul><ul><li>It's always on, acting as your backup </li></ul><ul><li>Nothing is lost </li></ul><ul><li>Reduce mean time to resolution of network problems – find the root cause, not just symptom </li></ul><ul><li>Open systems allow flexible deployment and analysis options </li></ul><ul><li>Supports network security, network management, forensics/eDiscovery, and compliance initiatives </li></ul><ul><li>It is becoming a best practice – complete network visibility is a priority </li></ul>
    21. 21. Q & A SHARKFEST '08 | Foothill College | March 31 - April 2, 2008
    22. 22. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Thank You Paal Tveit VP of Engineering | Solera Networks [email_address]

    ×