Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Security-Centric Networking


Published on

Presenter: Sharon Besser - VP of Technology, Net Optics

Today’s advanced network security threats are growing in complexity, scale and scope. Highly co-ordinated resources and activities are being leveraged to assault today’s networks with unprecedented speed and agility—a new paradigm in network security monitoring is required in order for organizations to adapt and respond to these threats.

In this presentation, Net Optics VP of Technology & Solutions Sharon Besser defines the next generation approach to security utilizing security-centric SDN, and provides concrete steps organizations must take with their network security and monitoring.

Published in: Technology
  • Be the first to comment

Security-Centric Networking

  1. 1. • Providing end-to-end visibility across physical, virtual environments • Install based: 80% of F100, 50% of G2000 • R&D in US, Israel • Large and growing customer base in Israel • leading OEM source • Security • Monitoring • Forensics • Instrumentation
  2. 2. Source: 2012 Data Breach Investigations Report, Verizon.
  3. 3. 9,500 will NOT be recorded, captured, logged, monitored or seen by the organizations as they are being lost Source: 2012 Data Breach Investigations Report, Verizon. “Chinese cyberspies stealing key data, U.S. analysts say." CBC News, 12 Dec. 2011
  4. 4. Records
  5. 5. Management Needs to Be Simple, and Centralized Need to Have Total Visibility of the Network Monitoring and Enforcement Should be Separate Provisioning of Threat Response Needs to be Easy Utilize Industry Standards
  6. 6. Outdated Innovations Threat Advanced Persistent Threats Threat Zero-day Exploits Threat Limited Resources Threat
  7. 7. • Security is should be a strategic initiative yet implementation is tactical and incident response is at “best effort” • Risk mitigation of multiple attack vectors require several security systems integrated together • Technology of implemented solution is 1-2 years old at day one • Solutions/technology used must be future ready and current
  8. 8. There’s a need for a better (working!) method to implement defense in depth
  9. 9. • Availability: Ability to respond fast, accurately with needed power • Agility: Reinforce defense when needed • Advance: promote security tools across the network as needed
  10. 10. I shell use the concept of SDN
  11. 11. Agility Network Packet Broker • Total Network Visibility • Easy Provisioning of Threat Mitigation Centralized Controller (via SDN) • Centralized Management • Policies and Rules • Industry Standards
  12. 12. • Separation of network elements and monitoring devices • Automation and provisioning of monitoring applications and tools based on real time traffic behavior • End-to-end network monitoring • Easy operation • Improved Security & Monitoring
  13. 13. • You can view your network entirely. Every bit, every stream without performance degradation • You can connect any security tool to your network. Always on, always active • Your security devices support any load and scale as needed
  14. 14. • Risk management and mitigation plan • SDN controller • Network Packet Broker (NPB) and access devices • Your favorite security solutions SDN Controller NPB
  15. 15. Network Packet Broker Traffic Grooming and Filtering SDN Controller Network Tools and Resources North-South APIs
  16. 16. Chaining security solutions, turning “defense in depth” into reality
  17. 17. • Learn the network, react to changes dynamically • Use Network Packet Brokers for traffic distribution • Add network controller that measures the network , provisions SDN and reacts to network activity Device provisioning and management Router SDN Controller
  18. 18. Production Network Threat Centralized Controller Network Packet Broker ! !! Network Monitoring Forensics & Enforcement X X X Phase 1 Phase 2
  19. 19. Security tools Security tools DMZ Network SwitchRouter Router Switch xStream 10GxStream 10G TAP/inline Forensic Tools Cyber security Tools TAP/inline MSG: Send Traffic Network measurement Network measurement NPBHA w/ state sync Device provisioning and management Device provisioning and management SDN Controller Cyber security Tools
  20. 20. • It is possible to create a “security switch” to deploy tactical security solutions in a strategic fashion using NPB • Security Defined Networks are possible by adopting the SDN concept
  21. 21. Now It’s Your Turn
  22. 22. Net Optics, Inc 5303 Betsy Ross Dr Santa Clara, CA 95054 U.S.A 1.408.737.7777 Sharon Besser VP Technologies