Security-Centric Networking


Published on

Presenter: Sharon Besser - VP of Technology, Net Optics

Today’s advanced network security threats are growing in complexity, scale and scope. Highly co-ordinated resources and activities are being leveraged to assault today’s networks with unprecedented speed and agility—a new paradigm in network security monitoring is required in order for organizations to adapt and respond to these threats.

In this presentation, Net Optics VP of Technology & Solutions Sharon Besser defines the next generation approach to security utilizing security-centric SDN, and provides concrete steps organizations must take with their network security and monitoring.

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Industry analysts consistently recognize Net Optics as one of America’s top private companies. And our company founder, EldadMatityahu, knows that while we built the company in Silicon Valley, the best way to secure our place as leaders is by tapping into the best and the brightest…and that means opening offices here in the Startup Nation. See the future by creating it.
  • I want to begin today with some sobering statistics. In the same amount of time that I will be standing on this stage, approximately 10,000 customer records will be stolen from networks around the world. Of course, this statistic is not shocking to anyone in this room. After all, we’re here because we are well aware of the threats to network security and, specifically, cybersecurity.
  • What SHOULD surprise you is that 9,500 of these stolen records will NOT be recorded, captured, logged, monitored or seen by the organizations as they are being lost. The breaches are all too frequently invisible to the organizations. And the targeted organizations and their customers only learn about it when and if credit or law enforcement agencies get involved – essentially - when it’s too late.  In December, news broke that hackers – believed to have ties to the Chinese military - infiltrated the computer systems of the U-S Chamber of Commerce. This was just the latest in a series of cyber attacks. Some in the United States accuse China of stealing $400 billion worth of sensitive information a year. The breaches are so serious that the National Counterintelligence Executive described them as a “long term strategic threat to the United States of America.” And he added “failure is not an option.” Of course, the news hits close to home here in Israel – Just last week, Kaspersky Labs detected the Flame worm and cybersecurity has been the top headline ever since. I’ll bet we’ll all be paying very close attention later this afternoon when Eugene Kaspersky takes to the podium.Israel’s largest bank and several other public institutions have come under attack –by Iranian and Saudi hackers – and we can only assume there will be more to come.
  • But what has happened in the Cyber Security arena in the past year? As you know, when it comes to Cyber Security, the situation is getting worse, not better:130+ major Data Breaches have occurred in the first three months of 2013,Nearly 70% of these breaches go undetected47,000 Incidents were reported in 2012And nearly 44 million records were compromised last year Companies such as Checkpoint, Imperva, Radware, and other security firms are developing solutions that companies are paying billions of dollars for – and this may be somewhat controversial, but these individual solutions don’t appear to be stemming the tide.
  • Scale, Scope, Resources, Speed of attacks – unprecedentedOrganized Crime – Financial BenefitGovernment Sponsored – State SecretsCheap Resources – Bot NetsTargets of Choice - Some Organizations will be a target regardless of what they do, but most will become a target because of what they do. There’s a need for a better (working!) method to implement defense in depth
  • Combining, integrating, layering, looking beyond patterns of activity - but still not quite there yet
  • The BEST Practices are now looking at the entire Architecture of the Network -- not just silo’s -- we need to view our networks in their entirety from the Cloud to the Data Center to the remote branches. We can’t turn on a nightlight here and a flashlight there to guide us through the dark. We need night vision goggles to eliminate the blind spots.Visibility Solutions that just look at the network edge or see only the random monitoring data that doesn’t get dropped by an oversubscribed SPAN port are simply not robust or comprehensive enough. As the diversity of applications increase, and the devices that access or host them spread to every corner of your organization, Visibility needs to become a core function incorporated into every network architecture. The past decade has seen Network Access and Visibility rise sharply as a critical component for gaining accurate information about the state of the network and that trend will only continue.
  • Security-Centric Networking

    1. 1. • Providing end-to-end visibility across physical, virtual environments • Install based: 80% of F100, 50% of G2000 • R&D in US, Israel • Large and growing customer base in Israel • leading OEM source • Security • Monitoring • Forensics • Instrumentation
    2. 2. Source: 2012 Data Breach Investigations Report, Verizon.
    3. 3. 9,500 will NOT be recorded, captured, logged, monitored or seen by the organizations as they are being lost Source: 2012 Data Breach Investigations Report, Verizon. “Chinese cyberspies stealing key data, U.S. analysts say." CBC News, 12 Dec. 2011
    4. 4. Records
    5. 5. Management Needs to Be Simple, and Centralized Need to Have Total Visibility of the Network Monitoring and Enforcement Should be Separate Provisioning of Threat Response Needs to be Easy Utilize Industry Standards
    6. 6. Outdated Innovations Threat Advanced Persistent Threats Threat Zero-day Exploits Threat Limited Resources Threat
    7. 7. • Security is should be a strategic initiative yet implementation is tactical and incident response is at “best effort” • Risk mitigation of multiple attack vectors require several security systems integrated together • Technology of implemented solution is 1-2 years old at day one • Solutions/technology used must be future ready and current
    8. 8. There’s a need for a better (working!) method to implement defense in depth
    9. 9. • Availability: Ability to respond fast, accurately with needed power • Agility: Reinforce defense when needed • Advance: promote security tools across the network as needed
    10. 10. I shell use the concept of SDN
    11. 11. Agility Network Packet Broker • Total Network Visibility • Easy Provisioning of Threat Mitigation Centralized Controller (via SDN) • Centralized Management • Policies and Rules • Industry Standards
    12. 12. • Separation of network elements and monitoring devices • Automation and provisioning of monitoring applications and tools based on real time traffic behavior • End-to-end network monitoring • Easy operation • Improved Security & Monitoring
    13. 13. • You can view your network entirely. Every bit, every stream without performance degradation • You can connect any security tool to your network. Always on, always active • Your security devices support any load and scale as needed
    14. 14. • Risk management and mitigation plan • SDN controller • Network Packet Broker (NPB) and access devices • Your favorite security solutions SDN Controller NPB
    15. 15. Network Packet Broker Traffic Grooming and Filtering SDN Controller Network Tools and Resources North-South APIs
    16. 16. Chaining security solutions, turning “defense in depth” into reality
    17. 17. • Learn the network, react to changes dynamically • Use Network Packet Brokers for traffic distribution • Add network controller that measures the network , provisions SDN and reacts to network activity Device provisioning and management Router SDN Controller
    18. 18. Production Network Threat Centralized Controller Network Packet Broker ! !! Network Monitoring Forensics & Enforcement X X X Phase 1 Phase 2
    19. 19. Security tools Security tools DMZ Network SwitchRouter Router Switch xStream 10GxStream 10G TAP/inline Forensic Tools Cyber security Tools TAP/inline MSG: Send Traffic Network measurement Network measurement NPBHA w/ state sync Device provisioning and management Device provisioning and management SDN Controller Cyber security Tools
    20. 20. • It is possible to create a “security switch” to deploy tactical security solutions in a strategic fashion using NPB • Security Defined Networks are possible by adopting the SDN concept
    21. 21. Now It’s Your Turn
    22. 22. Net Optics, Inc 5303 Betsy Ross Dr Santa Clara, CA 95054 U.S.A 1.408.737.7777 Sharon Besser VP Technologies