• Like
  • Save
Next Generation Security
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Next Generation Security

  • 1,961 views
Published

Understanding and insight on the next-generation security technology.

Understanding and insight on the next-generation security technology.

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,961
On SlideShare
0
From Embeds
0
Number of Embeds
2

Actions

Shares
Downloads
0
Comments
0
Likes
9

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Next Generation Security 2013.02, By Claude Conrad
  • 2. Part I. Understanding Next-Gen. SecurityPart II. The Direction of FutureSystems’ NGFW (…this part is private!)
  • 3. Evolution of Network Security [Acronym] • SPI : Stateful Packet Inspection • DPI : Deep Packet Inspection • OC : Outbound Control • FCI : Full Content Inspection 1984 1988 1991 1993 2001 2002 2004 2009 2011 Boom of Network Security Signature Packet Application SPI Application/User ContextTechnology DPI OC FCI detection filtering proxy awareness awareness IDS IPS NGIPS Next Anti-DDoS Generation Security!!Product Firewall Firewall UTM NGFW URL filtering DLP Web-FW SWG
  • 4. Market Segmentation • 2011 : $1.19 Billion IPS/NGIPS ~ 2016 : 2.5% CAGR Divergence McAfee IPS HP Sourcefire • 2011 : $1.28 Billion ~ 2017 : CAGR 15% FW+IPS UTM Check Point Palo Alto Fortinet Check PointFW+IPS+Other SonicWall Enterprise Firewall /NGFW • 2011 : $6.3 Billion WatchGuard ~ 2017 : 7.3% CAGRConvergence Small Midsize Enterprise Large User ~100 ~1,000 ~20,000 +20,000 Throughput ~1G ~10G +10G
  • 5. UTM  UTM is multifunction network security products used by small or midsize businesses(SMBs). AdvancedNow App. awareness User awareness Content awareness UTM WLAN controller WAN optimization VoIP Gateway …. Web-FW SSL Proxy DLP NAC Extended UTM URL filtering SSL VPN Anti-spam Anti-malware Firewall IPsec VPN IPS Anti-virus Basic2004 UTM Defined by IDC, 2004
  • 6. NGFW Next-generation Firewall provides multiple protection mechanisms and features designed to prevent threats/attacks from network to application layers. Support in-line Bump-in-the-wire config. Minimum features; Standard first-generation firewall capabilities Integrated rather than merely colocated network IPS Application awareness and full stack visibility Extrafirewall intelligence : User ID directory, URL/IP DB Support upgrade paths to address future threats Defined by Gartner, 2009
  • 7. NGFW - Application awareness Role Application Application detection control Regardless of the port, protocol, and Application access control (SSL) encrypted traffic! and action control! Composition Application Decryption (SSL, SSH) Application Protocol Decoding (Detect HTTP tunneling, individual function, etc.) Application Signature Application Heuristics (App. anomaly detection)
  • 8. NGFW - Security Policy of NGFW Existing FW NGFW Allow SOURCE to DESTINATION Allow Application SOURCE to DESTINATION SOURCE : IP addresses, Port #  SOURCE : IP addresses, Port #, Users DESTINATION : IP addresses, Port #  DESTINATION : IP addresses, Port # Allow 192.120.10.110 80 to any 80 Allow Facebook any any manager to any any Allow the use of 80-port for designated IP.  Allow the access of “Facebook” for designated user group. (regardless of the port, protocol, and encrypted traffic!)
  • 9. NGFW vs. UTM #1 Range ofSecurity features UTM NGFW Throughput NGFW (FW+IPS+AV) UTM Market SMB Enterprise
  • 10. NGFW vs. UTM #2 UTM NGFW App. ID as a IPS pattern! Port App. ID Port Traffic Classification Engine Traffic Classification Engine See applications only default port, See applications on every port, not just default port Identify potentially malicious traffic by port Identify potentially malicious traffic by application type
  • 11. NGIPS Next-generation IPS builds on typical IPS solutions by providing application & contextual awareness to promptly assess threats, ensure a consistent and appropriate response, and reduce an organization’s security expenditures. Support in-line Bump-in-the-wire config. Minimum features; Standard first-generation IPS capabilities Application awareness and full stack visibility information sources ; user identities, vulnerability, Context awareness : patching state and geo-location information, etc. Content awareness Agile engine : Support upgrade paths to address future threats Defined by Gartner, 2011
  • 12. NGIPS - Context awareness (Definition) Context awareness(External intelligence, situational awareness) is the ability to deliver additional, relevant information to the FW & IPS engine to enable more accurate decisions to allow, alert, or block more quickly, accurately, and securely with fewer false positives.  Context is the complex set of network circumstances.  Context awareness is understanding the entire environment. Mgmt. system Devices Application (host profile (client side) with OS) Information Context Appliance awareness Configuration Service Vulnerabilities Context Security policy (server side (historical information! application) patching state) Special event detected! Network User ID Behaviors (NBA) How to respond?
  • 13. NGIPS - Context awareness (Example) Context awareness provides “Actionable Intelligent”!!! [Automated Tuning] [Incident Prioritization] Unknown devise detection Linux-based Alerting exploit detection (if Detection mode) Needless action! Abnormal traffic detection Target server No Dismissing/Logging Provided? Unexpected App./User detection Impact level low! Yes … Target server No New vulnerability Blocking patched? reported Impact level high! Yes Dismissing/Logging Recommend related policy Impact level middle!
  • 14. NGIPS vs. NGFW #1 Context awarenessNGFW-v2 User Other Content awareness NGFW Application awareness NGIPS Existing Firewall Existing IPS
  • 15. NGIPS vs. NGFW #2 Element Typical FW NGFW Typical IPS NGIPS NGFW v2 Attack signature O O O O Application Applications O O O awareness User Users (Identity) O O O awareness Vulnerabilities O ODITECT Host profiles O O Context Client applications/ awareness Mobile devices O O O Virtual machines O O O NW Behavior anomaly △ O O O NBA Network access O O O O O URLCONTROL Site access O O O filtering User User access O O awareness Application Lauer 7 access O O awareness PaloAlto SourceFire Vendors CheckPoint McAfee SourceFire
  • 16. The Meaning of Next-gen. Security #1 Evolution of Convergence Awareness NGFW TCP/IP Layer IPS UTM Application Transport Internet • Network-centric • Application-centric Link Convergence Convergence • Colocated security • Closely integrated feature security feature
  • 17. The Meaning of Next-gen. Security #2 Age of Awareness (Expansion of DPI)All of awareness NGIPS for security Context Awareness NGFW Application User awareness awareness • Full content DLP, Anti-malware, inspection URL filtering Content awareness Pattern awareness • Pattern matching IPS (Basic awareness) for attack detection Anti-DDoS Deep Packet Inspection
  • 18. The Meaning of Next-gen. Security #3 Hardened Security Management Hardened Configuration features!! Policy setting Automation Information Mgmt. Appliance Monitoring Configuration system Security policy Visualization Reporting Detection Context Analysis Blocking awareness Context awareness is base of Active Control!
  • 19. The Future of Security Industry  Product 2 Modulization 4 6Product 8 4  ESM 3  SIEMMgmt. 1system 1  Consulting 3 4Service 1 3  MSS 1990~ 2000~ 2010~ 2020~ Virus DB IPS DB Application DB Context DB
  • 20. The most important thing for strategy is "Information", The most important thing for planning is "Insight", The most important thing for development is "Practical ability", The most important thing for business is "Timing", The most important thing for service is "Executive ability“. The most important thing for outdoor activities is "Network",The most important thing for business practice is "Political power"! 2013.02, By Claude Conrad