• Save
Solera Networks @ Sharkfest 2008
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Solera Networks @ Sharkfest 2008

on

  • 1,042 views

Solera Networks develops and markets high performance storage appliances and storage and application software and hardware solutions for the emerging Network Management and Network Security Markets. ...

Solera Networks develops and markets high performance storage appliances and storage and application software and hardware solutions for the emerging Network Management and Network Security Markets. Solera's flagship product, the DS Series, is a suite of network packet recorder appliances that far surpass the gigabit barrier. Acting as a large network buffer, the DS Series integrates seamlessly with existing network applications, providing network managers a complete and accurate picture of network activity and performance.

Statistics

Views

Total Views
1,042
Views on SlideShare
1,037
Embed Views
5

Actions

Likes
0
Downloads
1
Comments
0

2 Embeds 5

http://www.lovemytool.com 4
http://www.typepad.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Solera Networks @ Sharkfest 2008 Presentation Transcript

  • 1. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 The Virtues of Continuous Deep Packet Capture and Stream-To-Storage March 31, 2008 Paal Tveit VP of Engineering | Solera Networks SHARK FEST '08 Foothill College March 31 - April 2, 2008
  • 2. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Introduction
    • Why Continuous and Why Complete?
    • Deployment Strategies
    • Value and Benefits
    • Use Case Scenarios
    • Demonstration
    • Q & A
  • 3. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Why Not a Sample?
    • A sample only gives you a piece of the puzzle
      • Samples are often guesswork
      • Packet header captures will miss important payload data
      • Samples don't represent what happened – not an historical picture
      • Trends will be missed
    • Why not get the whole picture?
      • Complete capture and stream-to-storage can reveal all
  • 4. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Deep Packet Capture
    • Considerations for Deep Packet Capture solutions:
    • Full packet (header and payload – Layer 2-7)‏
    • Lossless – nothing gets dropped
    • Capture at today's speeds, up to and including 10Gb
    • Must be able to capture, store, organize and filter
  • 5. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Stream-To-Storage – The Full Record
    • Continuous capture is key
      • Full record can provides foundation for analysis
      • Large record identifies trends
      • Always on – catches everything when you don't know what to look for
    • Repository must be large enough for a sufficient record and extensible
    • Ability to pull data to permanent storage
      • Archive select traffic for long-term analysis or compliance
    • Internal RAID must match network performance
    • Fibre Channel and/or iSCSI SAN
  • 6. Platform: Open vs. Proprietary?
    • Proprietary platform based on tightly-coupled hardware capture and software analysis tools. Specific solutions that focus on point analysis (top talkers, protocol distribution, etc.).
    • New open platform providing a software-based solution allows for greater flexibility.
    • COTS
    • Virtual Machine
    • APIs
  • 7. Software vs. Hardware
    • Hardware:
    • Dedicated appliances/custom-built appliances
    • Proprietary capture cards
    • Locked into applications provided by vendor
    • Software solutions:
    • Portability
    • Virtual appliances
    • Custom applications and development
  • 8. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Deployment – Physical Network DPC/STS Appliance Archive (long-term storage)‏ Additional Storage (larger window)‏
  • 9. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Analysis Methods
    • pcap snapshot files from the historical record
    • Regeneration onto another network
      • DPI solutions
      • Traffic shaping
      • Throttle traffic to match speeds of analysis tools
    • Virtual Interfaces
    • APIs for integration into DPC solution
  • 10. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Analysis Tools – Now with Full History
    • Numerous tools can benefit from a complete record of network traffic
    • Packet Analysis Tools
    • Instant Messaging (IM) Analysis Tools
    • HTTP Analysis Tools
    • Web Reporting Tools
    • Intrusion Detection/Prevention Systems (IDS/IPS) Tools
    • Network Security Tools
    • OS Detection Tools
    • Network/Application QOS Tools
    • Custom-developed toolsets
  • 11. Challenges Network Security - Incomplete Views Data Loss Prevention - No Record of Events Network Management - Limited Visibility Compliance - Not Comprehensive
  • 12. Challenges/Solutions Network Security - Incomplete Views / Comprehensive Surveillance Data Loss Prevention - No Record of Events / Complete Auditable Record Network Management - Limited Visibility / Replay Actual Events Compliance - Not Comprehensive / Unabridged Record of Events
  • 13. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Examples of Use
    • Network Security
    • Network Forensics
    • Network Management
    • eDiscovery
    • Compliance
  • 14. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Network Security
    • Prolonged intrusion
    • Security policy update validation
    • Data leakage detection
  • 15. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Network Forensics
    • DOS and DDOS analysis
    • Virus proliferation analysis
  • 16. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Network Management
    • Network performance analysis
    • Network reliability analysis
  • 17. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 eDiscovery
    • Network traffic as evidence
  • 18. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Compliance
    • Sarbanes-Oxley
    • HIPAA
  • 19. Demonstration
    • Look at virtual appliance captures
    • Download pcap
    • Use Wireshark to analyze pcap
    SHARKFEST '08 | Foothill College | March 31 - April 2, 2008
  • 20. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Virtues of DPC and STS - Recap
    • You have the whole picture, not just a sample
    • It's always on, acting as your backup
    • Nothing is lost
    • Reduce mean time to resolution of network problems – find the root cause, not just symptom
    • Open systems allow flexible deployment and analysis options
    • Supports network security, network management, forensics/eDiscovery, and compliance initiatives
    • It is becoming a best practice – complete network visibility is a priority
  • 21. Q & A SHARKFEST '08 | Foothill College | March 31 - April 2, 2008
  • 22. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Thank You Paal Tveit VP of Engineering | Solera Networks [email_address]