SlideShare a Scribd company logo

Network Automation in Support of Cyber Defense

M
Michael Kane

This document discusses how adaptive network automation can help address cyber defense challenges faced by the Department of Defense (DoD). It outlines how network automation can help provide real-time network visibility and flexible automation. The adaptive network automation framework utilizes a comprehensive data model to generate dynamic maps and define automation tasks. This framework can then apply automation before, during, and after cyber events to help identify threats, mitigate attacks, and strengthen defenses.

Government & Nonprofit
1 of 21
Download to read offline
NetBrain Technologies 15 Network Drive Burlington, MA 01803 +1 800.605.7964 info@netbraintech.com www.netbraintech.com Network Automation in Support of Cyber Defense Rick Larkin Senior Network Engineer NetBrain Technologies, Inc 23 June 2016
o DoD Cyber Defense Challenges  Real-time network visibility  Flexible network automation o Adaptive Network Automation Framework o Adaptive Network Automation Applied to Cyber Defense  Before  During  After Agenda
Addressing network visibility and automation DoD Cyber Defense Challenges
“DISA is a case in point. With 4.5 million users and 11 core data centers, its infrastructure generates about 10 million alarms per day… Approximately 2,000 of those become trouble tickets… …Then there’s hacking: DISA logs 800 billion security events per day… …Between countermeasures, configuration fixes, and the rest, DISA makes about 22,000 changes to its infrastructure every day…” MG Zabel, Vice Director, DISA http://www.cio.com/article/3068663/networks-need-automation-just-ask-the-us-military.html 𝑇𝑜𝑑𝑎𝑦′ 𝑠 𝑇ℎ𝑟𝑒𝑎𝑡 = ෍ 1986 2016 𝐼𝑇 𝐶ℎ𝑎𝑙𝑙𝑒𝑛𝑔𝑒𝑠 𝑥 10 Cyber Defense Challenges
DoD Cyber Defense Challenges NIST RMF DIACAP 8500s ATC/ATT/ATOCNDSP ASIs POND POA&M CCRIs IAVAs OPREP/SITREP/CASREPs AARsSTIGs JIE JRSS o Cyber Threats evolving rapidly, requirements increasing, resources strained o Network Automation is a key force multiplier!
Two Unsolved Challenges o Lack of Real-Time Network Visibility » Traditional methods don’t work. Example: Static Network Maps. » Need “real-time” network visualization, end to end o Limited Network Automation » Current network automation has limited functional scope, need to write complex regular expressions, not portable, etc. » Need for Network Automation 2.0, that is, o Data-driven o Dynamically created o Simplified
3 Generations of Network Visibility o Generation 1: » Discover the Network with SNMP » Generate Asset and Inventory Reports Discovery Inventory
3 Generations of Network Visibility Discovery Inventory Static mapo Generation 2: » Added Static Map generation
3 Generations of Network Visibility o Generation 3: » Network model based (configuration, SNMP, NETFLOW, network tables, etc) » Real-time, up-to-date, adaptive, dynamic solution Discovery Comprehensive Data Model Dynamic, Data Driven map
Network Visibility & Management Today • NetOps • CyberOps • CPTs • NOC • IA/ISSM • Architecture • Design • IDS • IPS • Firewall • NetFlow Data • SIEM • Big Data Analytics
Download Executable Intelligence Run Adaptive Network Automation Adaptive Network Automation Framework Comprehensive Data Model • Topology • Design • History Define Automation Task via Dynamic Map • NetOps • CyberOps • CPTs • NOC • IA/ISSM • Architecture • Design • IDS • IPS • Firewall • NetFlow Data • SIEM • Big Data Analytics
Applying Adaptive Network Automation Before, during, and after a cyber event
Map as the Single Pane of Glass » Automated Analysis – Fully Customizable » Execute manual tasks in seconds » Initiated by operators or automatically from integrated systems like IDS/IPS, Trouble Tickets, SIEM or CMDB.
Before – Discovery & Asset Identification o Deep Network discovery » Accurate, Fast o Inventory Report » Derived from comprehensive data model o Dynamic network documentation, updated daily and on demand » Supports ATO development, CCRI preparation and supports operations
o Automated Compliance validation & verification » NIST RMF, DISA/NSA STIGs, IAVAs, CC/S/A specific o Proactive NetOps & CyberOps » Automation technology can help CPTs, as well as on-site Network & IA staff Before – Vulnerability Assessment
Triggered by human intervention or backend systems (IDS/IPS, Logs, CMDB, …) » Map the threat (e.g. an attack path to a server) » Run diagnosis and health analysis on the map » Identify network changes During – Threat Identification
Apply network changes and patches with automation: » Configure policies (ACL/QoS/etc.) » Redirect traffic (honeypot) » Disable ports During – Attack Mitigation
Apply lessons-learned from attack: o Forensics/analysis o Enhance executable intelligence o Update network data model automatically After – Strengthen Cyber Defense w/ Automation
o Cyber Event Management – Automation can significantly reduce response time o Allows for collaboration between NetOps & CyberOps, as well as Tiered Teams. o Runbooks allow process chaining in response to Asymmetric Cyber threats. NetOps CyberOps Vendor Management Collaboration & Escalation of issues
Summary Adaptive Network Automation Framework in support of Cyber Defense o Before » Maintain accurate, up to date documentation – ATOs, CCRI, best practice » Verify & Validate compliance – NIST RMF, STIGs, IAVAs, CC/S/A specific o During » Identify and isolate impacted data, systems & networks » Triage environments, and support rapid remediation o After » Based on new discovered threat(s), apply new configurations and update documentation » Leverage historical information for AARs and forensics
o Founded in 2004, NetBrain is the first software provider to apply the concept of CAD automation to network management. » Awarded multiple patents in Computer Aided Network Engineering (C.A.N.E) o Customer overview » 1,300+ customers worldwide » Multiple sectors Adaptive Automation – Here and Now

Recommended

Big data lab as a service
Big data lab as a serviceBig data lab as a service
Big data lab as a serviceHadi Fadlallah
 
Intrusion detection 2001
Intrusion detection 2001Intrusion detection 2001
Intrusion detection 2001eaiti
 
2013 Power Partners Presentation
2013 Power Partners Presentation2013 Power Partners Presentation
2013 Power Partners PresentationJoseph Wilson
 
Wiki blogs and web publishing
Wiki blogs and web publishingWiki blogs and web publishing
Wiki blogs and web publishingNicole Bowie
 
DNA: an overview
DNA: an overviewDNA: an overview
DNA: an overviewCisco DevNet
 
Edge optimized architecture for fabric defect detection in real-time
Edge optimized architecture for fabric defect detection in real-timeEdge optimized architecture for fabric defect detection in real-time
Edge optimized architecture for fabric defect detection in real-timeShuquan Huang
 
cloud computing
cloud computingcloud computing
cloud computingKrishna Kumar
 
Data center webinar_v2_1
Data center webinar_v2_1Data center webinar_v2_1
Data center webinar_v2_1Lancope, Inc.
 

Recommended

Big data lab as a service
Big data lab as a serviceBig data lab as a service
Big data lab as a serviceHadi Fadlallah
 
Intrusion detection 2001
Intrusion detection 2001Intrusion detection 2001
Intrusion detection 2001eaiti
 
2013 Power Partners Presentation
2013 Power Partners Presentation2013 Power Partners Presentation
2013 Power Partners PresentationJoseph Wilson
 
Wiki blogs and web publishing
Wiki blogs and web publishingWiki blogs and web publishing
Wiki blogs and web publishingNicole Bowie
 
DNA: an overview
DNA: an overviewDNA: an overview
DNA: an overviewCisco DevNet
 
Edge optimized architecture for fabric defect detection in real-time
Edge optimized architecture for fabric defect detection in real-timeEdge optimized architecture for fabric defect detection in real-time
Edge optimized architecture for fabric defect detection in real-timeShuquan Huang
 
cloud computing
cloud computingcloud computing
cloud computingKrishna Kumar
 
Data center webinar_v2_1
Data center webinar_v2_1Data center webinar_v2_1
Data center webinar_v2_1Lancope, Inc.
 
Cloud Computing: Architecture, IT Security and Operational Perspectives
Cloud Computing: Architecture, IT Security and Operational PerspectivesCloud Computing: Architecture, IT Security and Operational Perspectives
Cloud Computing: Architecture, IT Security and Operational PerspectivesMegan Eskey
 
Deep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilotDeep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilotServicePilot
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for StreamSplunk
 
INSECS: Intelligent networks security system
INSECS: Intelligent networks security systemINSECS: Intelligent networks security system
INSECS: Intelligent networks security systemNadun Rajasinghe
 
Core intel
Core intelCore intel
Core intelKrzysztof Adamski
 
Network Automation in Support of Cyber Defense
Network Automation in Support of Cyber DefenseNetwork Automation in Support of Cyber Defense
Network Automation in Support of Cyber DefenseKen Flott
 
Network and IT Operations
Network and IT OperationsNetwork and IT Operations
Network and IT OperationsNeo4j
 
Cisco Connect 2018 Thailand - Cisco automation
Cisco Connect 2018 Thailand - Cisco automation Cisco Connect 2018 Thailand - Cisco automation
Cisco Connect 2018 Thailand - Cisco automation NetworkCollaborators
 
MongoDB for Time Series Data
MongoDB for Time Series DataMongoDB for Time Series Data
MongoDB for Time Series DataMongoDB
 
Shaping a Digital Vision
Shaping a Digital VisionShaping a Digital Vision
Shaping a Digital VisionDataWorks Summit/Hadoop Summit
 
How Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run ITHow Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run ITPeter HJ van Eijk
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself Alert Logic
 
System Support for Internet of Things
System Support for Internet of ThingsSystem Support for Internet of Things
System Support for Internet of ThingsHarshitParkar6677
 
TechWiseTV Workshop: Tetration Analytics
TechWiseTV Workshop: Tetration AnalyticsTechWiseTV Workshop: Tetration Analytics
TechWiseTV Workshop: Tetration AnalyticsRobb Boyd
 
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...Deepak Shankar
 
Building Scalable IoT Apps (QCon S-F)
Building Scalable IoT Apps (QCon S-F)Building Scalable IoT Apps (QCon S-F)
Building Scalable IoT Apps (QCon S-F)Pavel Hardak
 
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrSplunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrGeorg Knon
 
The Scope for Robotic Process Automation & Machine Learning in Telecom Operat...
The Scope for Robotic Process Automation & Machine Learning in Telecom Operat...The Scope for Robotic Process Automation & Machine Learning in Telecom Operat...
The Scope for Robotic Process Automation & Machine Learning in Telecom Operat...James Crawshaw
 
ING CoreIntel - collect and process network logs across data centers in near ...
ING CoreIntel - collect and process network logs across data centers in near ...ING CoreIntel - collect and process network logs across data centers in near ...
ING CoreIntel - collect and process network logs across data centers in near ...Evention
 
ExpertsLiveNL - Post Breach Security with ATA or ATP
ExpertsLiveNL - Post Breach Security with ATA or ATPExpertsLiveNL - Post Breach Security with ATA or ATP
ExpertsLiveNL - Post Breach Security with ATA or ATPTim De Keukelaere
 
Spring 2024 Issue Punitive and Productive Suffering
Spring 2024 Issue Punitive and Productive SufferingSpring 2024 Issue Punitive and Productive Suffering
Spring 2024 Issue Punitive and Productive Sufferingyalehistoricalreview
 
PPT Item # 5 -- Announcements Powerpoint
PPT Item # 5 -- Announcements PowerpointPPT Item # 5 -- Announcements Powerpoint
PPT Item # 5 -- Announcements Powerpointahcitycouncil
 

More Related Content

Similar to Network Automation in Support of Cyber Defense

Cloud Computing: Architecture, IT Security and Operational Perspectives
Cloud Computing: Architecture, IT Security and Operational PerspectivesCloud Computing: Architecture, IT Security and Operational Perspectives
Cloud Computing: Architecture, IT Security and Operational PerspectivesMegan Eskey
 
Deep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilotDeep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilotServicePilot
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for StreamSplunk
 
INSECS: Intelligent networks security system
INSECS: Intelligent networks security systemINSECS: Intelligent networks security system
INSECS: Intelligent networks security systemNadun Rajasinghe
 
Network Automation in Support of Cyber Defense
Network Automation in Support of Cyber DefenseNetwork Automation in Support of Cyber Defense
Network Automation in Support of Cyber DefenseKen Flott
 
Network and IT Operations
Network and IT OperationsNetwork and IT Operations
Network and IT OperationsNeo4j
 
Cisco Connect 2018 Thailand - Cisco automation
Cisco Connect 2018 Thailand - Cisco automation Cisco Connect 2018 Thailand - Cisco automation
Cisco Connect 2018 Thailand - Cisco automation NetworkCollaborators
 
MongoDB for Time Series Data
MongoDB for Time Series DataMongoDB for Time Series Data
MongoDB for Time Series DataMongoDB
 
How Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run ITHow Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run ITPeter HJ van Eijk
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself Alert Logic
 
System Support for Internet of Things
System Support for Internet of ThingsSystem Support for Internet of Things
System Support for Internet of ThingsHarshitParkar6677
 
TechWiseTV Workshop: Tetration Analytics
TechWiseTV Workshop: Tetration AnalyticsTechWiseTV Workshop: Tetration Analytics
TechWiseTV Workshop: Tetration AnalyticsRobb Boyd
 
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...Deepak Shankar
 
Building Scalable IoT Apps (QCon S-F)
Building Scalable IoT Apps (QCon S-F)Building Scalable IoT Apps (QCon S-F)
Building Scalable IoT Apps (QCon S-F)Pavel Hardak
 
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrSplunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrGeorg Knon
 
The Scope for Robotic Process Automation & Machine Learning in Telecom Operat...
The Scope for Robotic Process Automation & Machine Learning in Telecom Operat...The Scope for Robotic Process Automation & Machine Learning in Telecom Operat...
The Scope for Robotic Process Automation & Machine Learning in Telecom Operat...James Crawshaw
 
ING CoreIntel - collect and process network logs across data centers in near ...
ING CoreIntel - collect and process network logs across data centers in near ...ING CoreIntel - collect and process network logs across data centers in near ...
ING CoreIntel - collect and process network logs across data centers in near ...Evention
 
ExpertsLiveNL - Post Breach Security with ATA or ATP
ExpertsLiveNL - Post Breach Security with ATA or ATPExpertsLiveNL - Post Breach Security with ATA or ATP
ExpertsLiveNL - Post Breach Security with ATA or ATPTim De Keukelaere
 

Similar to Network Automation in Support of Cyber Defense (20)

Cloud Computing: Architecture, IT Security and Operational Perspectives
Cloud Computing: Architecture, IT Security and Operational PerspectivesCloud Computing: Architecture, IT Security and Operational Perspectives
Cloud Computing: Architecture, IT Security and Operational Perspectives
 
Deep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilotDeep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilot
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for Stream
 
INSECS: Intelligent networks security system
INSECS: Intelligent networks security systemINSECS: Intelligent networks security system
INSECS: Intelligent networks security system
 
Core intel
Core intelCore intel
Core intel
 
Network Automation in Support of Cyber Defense
Network Automation in Support of Cyber DefenseNetwork Automation in Support of Cyber Defense
Network Automation in Support of Cyber Defense
 
Network and IT Operations
Network and IT OperationsNetwork and IT Operations
Network and IT Operations
 
Cisco Connect 2018 Thailand - Cisco automation
Cisco Connect 2018 Thailand - Cisco automation Cisco Connect 2018 Thailand - Cisco automation
Cisco Connect 2018 Thailand - Cisco automation
 
MongoDB for Time Series Data
MongoDB for Time Series DataMongoDB for Time Series Data
MongoDB for Time Series Data
 
Shaping a Digital Vision
Shaping a Digital VisionShaping a Digital Vision
Shaping a Digital Vision
 
How Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run ITHow Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run IT
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
 
System Support for Internet of Things
System Support for Internet of ThingsSystem Support for Internet of Things
System Support for Internet of Things
 
TechWiseTV Workshop: Tetration Analytics
TechWiseTV Workshop: Tetration AnalyticsTechWiseTV Workshop: Tetration Analytics
TechWiseTV Workshop: Tetration Analytics
 
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...
 
Building Scalable IoT Apps (QCon S-F)
Building Scalable IoT Apps (QCon S-F)Building Scalable IoT Apps (QCon S-F)
Building Scalable IoT Apps (QCon S-F)
 
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrSplunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
 
The Scope for Robotic Process Automation & Machine Learning in Telecom Operat...
The Scope for Robotic Process Automation & Machine Learning in Telecom Operat...The Scope for Robotic Process Automation & Machine Learning in Telecom Operat...
The Scope for Robotic Process Automation & Machine Learning in Telecom Operat...
 
ING CoreIntel - collect and process network logs across data centers in near ...
ING CoreIntel - collect and process network logs across data centers in near ...ING CoreIntel - collect and process network logs across data centers in near ...
ING CoreIntel - collect and process network logs across data centers in near ...
 
ExpertsLiveNL - Post Breach Security with ATA or ATP
ExpertsLiveNL - Post Breach Security with ATA or ATPExpertsLiveNL - Post Breach Security with ATA or ATP
ExpertsLiveNL - Post Breach Security with ATA or ATP
 

Recently uploaded

Spring 2024 Issue Punitive and Productive Suffering
Spring 2024 Issue Punitive and Productive SufferingSpring 2024 Issue Punitive and Productive Suffering
Spring 2024 Issue Punitive and Productive Sufferingyalehistoricalreview
 
PPT Item # 5 -- Announcements Powerpoint
PPT Item # 5 -- Announcements PowerpointPPT Item # 5 -- Announcements Powerpoint
PPT Item # 5 -- Announcements Powerpointahcitycouncil
 
WhenWomenTakeControl.pdf Yale Historical Review
WhenWomenTakeControl.pdf Yale Historical ReviewWhenWomenTakeControl.pdf Yale Historical Review
WhenWomenTakeControl.pdf Yale Historical Reviewyalehistoricalreview
 
Item ## 4a -- April 29, 2024 CCM Minutes
Item ## 4a -- April 29, 2024 CCM MinutesItem ## 4a -- April 29, 2024 CCM Minutes
Item ## 4a -- April 29, 2024 CCM Minutesahcitycouncil
 
YHRGeorgetown Spring 2024 America should Take Her Share
YHRGeorgetown Spring 2024 America should Take Her ShareYHRGeorgetown Spring 2024 America should Take Her Share
YHRGeorgetown Spring 2024 America should Take Her Shareyalehistoricalreview
 
International Day of Families - 15 May 2024 - UNDESA.
International Day of Families - 15 May 2024 - UNDESA.International Day of Families - 15 May 2024 - UNDESA.
International Day of Families - 15 May 2024 - UNDESA.Christina Parmionova
 
Item # 9- 2nd Qtr Financial & Inv. Report
Item # 9- 2nd Qtr Financial & Inv. ReportItem # 9- 2nd Qtr Financial & Inv. Report
Item # 9- 2nd Qtr Financial & Inv. Reportahcitycouncil
 
History of DAVAO DE ORO Municipality of Maragusan
History of DAVAO DE ORO Municipality of MaragusanHistory of DAVAO DE ORO Municipality of Maragusan
History of DAVAO DE ORO Municipality of Maragusannarzilgulmatico
 
Building a better Britain: How cities like Bradford can help to end economic ...
Building a better Britain: How cities like Bradford can help to end economic ...Building a better Britain: How cities like Bradford can help to end economic ...
Building a better Britain: How cities like Bradford can help to end economic ...ResolutionFoundation
 
Managing large-scale outbreaks at Farrow-to-Weaner Farms
Managing large-scale outbreaks at Farrow-to-Weaner FarmsManaging large-scale outbreaks at Farrow-to-Weaner Farms
Managing large-scale outbreaks at Farrow-to-Weaner FarmsHarm Kiezebrink
 
Harbin-Gross-Spring2022.pdf Yale Historical Review
Harbin-Gross-Spring2022.pdf Yale Historical ReviewHarbin-Gross-Spring2022.pdf Yale Historical Review
Harbin-Gross-Spring2022.pdf Yale Historical Reviewyalehistoricalreview
 
Everything you need to know about your Parish or Town council website & .gov....
Everything you need to know about your Parish or Town council website & .gov....Everything you need to know about your Parish or Town council website & .gov....
Everything you need to know about your Parish or Town council website & .gov....Scribe
 
Topical Guide for RID 3830 Public Image Training Series.ppsx
Topical Guide for RID 3830 Public Image Training Series.ppsxTopical Guide for RID 3830 Public Image Training Series.ppsx
Topical Guide for RID 3830 Public Image Training Series.ppsxAnbr Cama
 
PPT Item # 9 2ndQTR Financial & Inv. Report
PPT Item # 9 2ndQTR Financial & Inv. ReportPPT Item # 9 2ndQTR Financial & Inv. Report
PPT Item # 9 2ndQTR Financial & Inv. Reportahcitycouncil
 
World Migratory Bird day 2024; May 11 and October 12
World Migratory Bird day 2024; May 11 and October 12World Migratory Bird day 2024; May 11 and October 12
World Migratory Bird day 2024; May 11 and October 12Christina Parmionova
 
World Migratory Bird Day 2024 "Protect insects, Protect Birds"
World Migratory Bird Day 2024 "Protect insects, Protect Birds"World Migratory Bird Day 2024 "Protect insects, Protect Birds"
World Migratory Bird Day 2024 "Protect insects, Protect Birds"Christina Parmionova
 
NGO working for orphan children’s education kurnool
NGO working for orphan children’s education kurnoolNGO working for orphan children’s education kurnool
NGO working for orphan children’s education kurnoolSERUDS INDIA
 

Recently uploaded (20)

Spring 2024 Issue Punitive and Productive Suffering
Spring 2024 Issue Punitive and Productive SufferingSpring 2024 Issue Punitive and Productive Suffering
Spring 2024 Issue Punitive and Productive Suffering
 
PPT Item # 5 -- Announcements Powerpoint
PPT Item # 5 -- Announcements PowerpointPPT Item # 5 -- Announcements Powerpoint
PPT Item # 5 -- Announcements Powerpoint
 
WhenWomenTakeControl.pdf Yale Historical Review
WhenWomenTakeControl.pdf Yale Historical ReviewWhenWomenTakeControl.pdf Yale Historical Review
WhenWomenTakeControl.pdf Yale Historical Review
 
Item ## 4a -- April 29, 2024 CCM Minutes
Item ## 4a -- April 29, 2024 CCM MinutesItem ## 4a -- April 29, 2024 CCM Minutes
Item ## 4a -- April 29, 2024 CCM Minutes
 
How to Save a Place: Get the Word Out Far And Wide
How to Save a Place: Get the Word Out Far And WideHow to Save a Place: Get the Word Out Far And Wide
How to Save a Place: Get the Word Out Far And Wide
 
YHRGeorgetown Spring 2024 America should Take Her Share
YHRGeorgetown Spring 2024 America should Take Her ShareYHRGeorgetown Spring 2024 America should Take Her Share
YHRGeorgetown Spring 2024 America should Take Her Share
 
International Day of Families - 15 May 2024 - UNDESA.
International Day of Families - 15 May 2024 - UNDESA.International Day of Families - 15 May 2024 - UNDESA.
International Day of Families - 15 May 2024 - UNDESA.
 
Item # 9- 2nd Qtr Financial & Inv. Report
Item # 9- 2nd Qtr Financial & Inv. ReportItem # 9- 2nd Qtr Financial & Inv. Report
Item # 9- 2nd Qtr Financial & Inv. Report
 
History of DAVAO DE ORO Municipality of Maragusan
History of DAVAO DE ORO Municipality of MaragusanHistory of DAVAO DE ORO Municipality of Maragusan
History of DAVAO DE ORO Municipality of Maragusan
 
Building a better Britain: How cities like Bradford can help to end economic ...
Building a better Britain: How cities like Bradford can help to end economic ...Building a better Britain: How cities like Bradford can help to end economic ...
Building a better Britain: How cities like Bradford can help to end economic ...
 
Managing large-scale outbreaks at Farrow-to-Weaner Farms
Managing large-scale outbreaks at Farrow-to-Weaner FarmsManaging large-scale outbreaks at Farrow-to-Weaner Farms
Managing large-scale outbreaks at Farrow-to-Weaner Farms
 
Harbin-Gross-Spring2022.pdf Yale Historical Review
Harbin-Gross-Spring2022.pdf Yale Historical ReviewHarbin-Gross-Spring2022.pdf Yale Historical Review
Harbin-Gross-Spring2022.pdf Yale Historical Review
 
BioandPicforRepKendrick_LastUpdatedMay2024
BioandPicforRepKendrick_LastUpdatedMay2024BioandPicforRepKendrick_LastUpdatedMay2024
BioandPicforRepKendrick_LastUpdatedMay2024
 
Everything you need to know about your Parish or Town council website & .gov....
Everything you need to know about your Parish or Town council website & .gov....Everything you need to know about your Parish or Town council website & .gov....
Everything you need to know about your Parish or Town council website & .gov....
 
The Outlook for the Budget and the Economy
The Outlook for the Budget and the EconomyThe Outlook for the Budget and the Economy
The Outlook for the Budget and the Economy
 
Topical Guide for RID 3830 Public Image Training Series.ppsx
Topical Guide for RID 3830 Public Image Training Series.ppsxTopical Guide for RID 3830 Public Image Training Series.ppsx
Topical Guide for RID 3830 Public Image Training Series.ppsx
 
PPT Item # 9 2ndQTR Financial & Inv. Report
PPT Item # 9 2ndQTR Financial & Inv. ReportPPT Item # 9 2ndQTR Financial & Inv. Report
PPT Item # 9 2ndQTR Financial & Inv. Report
 
World Migratory Bird day 2024; May 11 and October 12
World Migratory Bird day 2024; May 11 and October 12World Migratory Bird day 2024; May 11 and October 12
World Migratory Bird day 2024; May 11 and October 12
 
World Migratory Bird Day 2024 "Protect insects, Protect Birds"
World Migratory Bird Day 2024 "Protect insects, Protect Birds"World Migratory Bird Day 2024 "Protect insects, Protect Birds"
World Migratory Bird Day 2024 "Protect insects, Protect Birds"
 
NGO working for orphan children’s education kurnool
NGO working for orphan children’s education kurnoolNGO working for orphan children’s education kurnool
NGO working for orphan children’s education kurnool
 

Network Automation in Support of Cyber Defense

  • 1. NetBrain Technologies 15 Network Drive Burlington, MA 01803 +1 800.605.7964 info@netbraintech.com www.netbraintech.com Network Automation in Support of Cyber Defense Rick Larkin Senior Network Engineer NetBrain Technologies, Inc 23 June 2016
  • 2. o DoD Cyber Defense Challenges  Real-time network visibility  Flexible network automation o Adaptive Network Automation Framework o Adaptive Network Automation Applied to Cyber Defense  Before  During  After Agenda
  • 3. Addressing network visibility and automation DoD Cyber Defense Challenges
  • 4. “DISA is a case in point. With 4.5 million users and 11 core data centers, its infrastructure generates about 10 million alarms per day… Approximately 2,000 of those become trouble tickets… …Then there’s hacking: DISA logs 800 billion security events per day… …Between countermeasures, configuration fixes, and the rest, DISA makes about 22,000 changes to its infrastructure every day…” MG Zabel, Vice Director, DISA http://www.cio.com/article/3068663/networks-need-automation-just-ask-the-us-military.html 𝑇𝑜𝑑𝑎𝑦′ 𝑠 𝑇ℎ𝑟𝑒𝑎𝑡 = ෍ 1986 2016 𝐼𝑇 𝐶ℎ𝑎𝑙𝑙𝑒𝑛𝑔𝑒𝑠 𝑥 10 Cyber Defense Challenges
  • 5. DoD Cyber Defense Challenges NIST RMF DIACAP 8500s ATC/ATT/ATOCNDSP ASIs POND POA&M CCRIs IAVAs OPREP/SITREP/CASREPs AARsSTIGs JIE JRSS o Cyber Threats evolving rapidly, requirements increasing, resources strained o Network Automation is a key force multiplier!
  • 6. Two Unsolved Challenges o Lack of Real-Time Network Visibility » Traditional methods don’t work. Example: Static Network Maps. » Need “real-time” network visualization, end to end o Limited Network Automation » Current network automation has limited functional scope, need to write complex regular expressions, not portable, etc. » Need for Network Automation 2.0, that is, o Data-driven o Dynamically created o Simplified
  • 7. 3 Generations of Network Visibility o Generation 1: » Discover the Network with SNMP » Generate Asset and Inventory Reports Discovery Inventory
  • 8. 3 Generations of Network Visibility Discovery Inventory Static mapo Generation 2: » Added Static Map generation
  • 9. 3 Generations of Network Visibility o Generation 3: » Network model based (configuration, SNMP, NETFLOW, network tables, etc) » Real-time, up-to-date, adaptive, dynamic solution Discovery Comprehensive Data Model Dynamic, Data Driven map
  • 10. Network Visibility & Management Today • NetOps • CyberOps • CPTs • NOC • IA/ISSM • Architecture • Design • IDS • IPS • Firewall • NetFlow Data • SIEM • Big Data Analytics
  • 11. Download Executable Intelligence Run Adaptive Network Automation Adaptive Network Automation Framework Comprehensive Data Model • Topology • Design • History Define Automation Task via Dynamic Map • NetOps • CyberOps • CPTs • NOC • IA/ISSM • Architecture • Design • IDS • IPS • Firewall • NetFlow Data • SIEM • Big Data Analytics
  • 12. Applying Adaptive Network Automation Before, during, and after a cyber event
  • 13. Map as the Single Pane of Glass » Automated Analysis – Fully Customizable » Execute manual tasks in seconds » Initiated by operators or automatically from integrated systems like IDS/IPS, Trouble Tickets, SIEM or CMDB.
  • 14. Before – Discovery & Asset Identification o Deep Network discovery » Accurate, Fast o Inventory Report » Derived from comprehensive data model o Dynamic network documentation, updated daily and on demand » Supports ATO development, CCRI preparation and supports operations
  • 15. o Automated Compliance validation & verification » NIST RMF, DISA/NSA STIGs, IAVAs, CC/S/A specific o Proactive NetOps & CyberOps » Automation technology can help CPTs, as well as on-site Network & IA staff Before – Vulnerability Assessment
  • 16. Triggered by human intervention or backend systems (IDS/IPS, Logs, CMDB, …) » Map the threat (e.g. an attack path to a server) » Run diagnosis and health analysis on the map » Identify network changes During – Threat Identification
  • 17. Apply network changes and patches with automation: » Configure policies (ACL/QoS/etc.) » Redirect traffic (honeypot) » Disable ports During – Attack Mitigation
  • 18. Apply lessons-learned from attack: o Forensics/analysis o Enhance executable intelligence o Update network data model automatically After – Strengthen Cyber Defense w/ Automation
  • 19. o Cyber Event Management – Automation can significantly reduce response time o Allows for collaboration between NetOps & CyberOps, as well as Tiered Teams. o Runbooks allow process chaining in response to Asymmetric Cyber threats. NetOps CyberOps Vendor Management Collaboration & Escalation of issues
  • 20. Summary Adaptive Network Automation Framework in support of Cyber Defense o Before » Maintain accurate, up to date documentation – ATOs, CCRI, best practice » Verify & Validate compliance – NIST RMF, STIGs, IAVAs, CC/S/A specific o During » Identify and isolate impacted data, systems & networks » Triage environments, and support rapid remediation o After » Based on new discovered threat(s), apply new configurations and update documentation » Leverage historical information for AARs and forensics
  • 21. o Founded in 2004, NetBrain is the first software provider to apply the concept of CAD automation to network management. » Awarded multiple patents in Computer Aided Network Engineering (C.A.N.E) o Customer overview » 1,300+ customers worldwide » Multiple sectors Adaptive Automation – Here and Now