Lancope, Inc., profile picture
Uploaded byLancope, Inc.
PPTX, PDF5,022 views

Data center webinar_v2_1

The document discusses securing data centers from cyber threats. It describes how attacks have evolved from manual to mechanized to sophisticated human-led attacks. It advocates employing segmentation, threat defense and visibility measures like firewalls, IDS/IPS, and NetFlow. The Cisco Cyber Threat Defense solution places these tools at the access, aggregation and core layers, including the ASA firewall, Nexus switches, and StealthWatch for network monitoring and analytics. This provides visibility into network traffic across physical and virtual infrastructure to detect threats and policy violations.

Embed presentation

Downloaded 64 times
Securing the Data Center Matt Robertson - Lancope Technical Marketing Engineer David Anderson – Cisco Principal Solution Architect, Data Center Security
Defending Against Humans
Evolution of Cyber Conflict War Dialing, Phone Phreaking … Manual Attacks (1980s) Viruses, Worms … Mechanized Attacks (1988) Google, RSA … Talented Human / Mechanized Attackers (2009) Cyrptocurrency Ransoms, Store-bought Credentials ... DIY Human / Mechanized Attackers (2011) Intelligence Driven Human Defenders Manual Defenses Unplug Mechanized Defenses Firewall, IDS/IPS Targeted Human/Mechanized DefendersReputation, App-aware FirewallAPT, Multi-Step Attacks… Target, Neiman Marcus …
Security Buckets Segmentation • Establish boundaries: network, compute, virtual • Enforce policy by functions, devices, organizations, compliance • Control and prevent unauthorized access to networks, resources, applications Threat Defense • Stop internal and external attacks and interruption of services • Patrol zone and edge boundaries • Control information access and usage, prevent data loss and data modification Visibility • Provide transparency to usage • Apply business context to network activity • Simplify operations and compliance reporting
Internet Partners Application Software Virtual Machines VSwitch Access Aggregation and Services Core Edge IP-NGN Backbone Storage and SAN Compute IP-NGN Application Control (SLB+) Service Control Firewall Services Virtual Device Contexts Fibre Channel Forwarding Fabric Extension Fabric-Hosted Storage Virtualization Storage Media Encryption Virtual Contexts for FW & SLB Port Profiles & VN- Link Port Profiles & VN-Link Line-Rate NetFlow Virtual Device Contexts Secure Domain Routing Service Profiles Virtual Machine Optimization Virtual Firewall Edge and VM Intrusion Detection PhysicalVirtual Security As A System Unified Policy
UCSVirtual AccessStorage Data Center Security Control Framework Multi-Layer, Distributed Model Data Center Core Layer DC Service Layer DC Access Layer Services • Initial filter for DC ingress and egress traffic. Virtual Context used to split polices for server-to-server filtering • Additional firewall services for server farm specific protection Infrastructure Security • Infrastructure Security features are enabled to protect device, traffic plane and control plane • 802.1ae and vPC provides internal/external separation Services • IPS/IDS provide traffic analysis and forensics • Network Analysis provide traffic monitoring and data analysis • Server load balancing masks servers and applicationsData security authenticate & access control Port security authentication, QoS features Virtual Firewall Real-time Monitoring Firewall Rules ACLs, Port Security, VN Tag, Netflow, ERSPAN, QoS, CoPP, DHCP snooping Security Management • Visibility • Event correlation, syslog, centralized authentication • Forensics • Anomaly detection • Compliance AD, ASDM CSM, VNMC, ACS DC Aggregation Layer
Visibility Challenges in the Data Center High value assets and data Large, high volume throughput Multiple layers and levels of communication Virtual hosts
NetFlow 8 10.2.2.2 port 1024 10.1.1.1 port 80 eth0/1 eth0/2 Start Time Interface Src IP Src Port Dest IP Dest Port Proto Pkts Sent Bytes Sent TCP Flags 10:20:12.221 eth0/1 10.2.2.2 1024 10.1.1.1 80 TCP 5 1025 SYN,ACK,PSH 10:20:12.871 eth0/2 10.1.1.1 80 10.2.2.2 1024 TCP 17 28712 SYN,ACK,FIN Start Time Interface Src IP Src Port Dest IP Dest Port Proto Pkts Sent Bytes Sent TCP Flags 10:20:12.221 eth0/1 10.2.2.2 1024 10.1.1.1 80 TCP 5 1025 SYN,ACK,PSH
Network Devices StealthWatch FlowCollector StealthWatch Management Console NetFlow Users/Devices Cisco ISE NBAR NSEL StealthWatch Solution Components StealthWatch FlowSensor StealthWatch FlowSensor VE NetFlow StealthWatch FlowReplicator Other tools/collectors
10 Behavior Based Analysis
Behavior-Based Attack Detection High Concern Index indicates a significant number of suspicious events that deviate from established baselines
StealthWatch: Alarms 12 Alarms • Indicate significant behavior changes and policy violations • Known and unknown attacks generate alarms • Activity that falls outside the baseline, acceptable behavior or established policies
13© 2013 Lancope, Inc. All rights reserved. Suspect Data Hoarding Unusually large amount of data inbound from other hosts Default Policy
14© 2013 Lancope, Inc. All rights reserved. Target Data Hoarding Unusually large amount of data outbound from a host to multiple hosts Default Policy
Custom Security Events Time range Object conditions Peer conditions Connection conditions
Custom Security Events High Level Use cases: • Check policy • Check for known bad conditions Examples: • IOC specific to environment • Audit compliance (ex. Users to PCI servers) • VM-to-VM communication • Inappropriate access or applications
17 Cisco Cyber Threat Defense Solution for the Data Center Design
About this section http://www.cisco.com/go/securedatacenter
CTD Data Center Validated Architecture Nexus 1000v Nexus 7000 StealthWatch FlowCollector StealthWatch Management Console https NetFlow Cisco NGACisco NGA Cisco ASA SPAN SPAN
Edge: ASA 20 NetFlow Security Event Logging: • Provides visualization into policy enforcement points Monitor communication between branches • Efficient event reporting mechanism: • Syslog - Verbose, text based, single event per packet: ~30% processing overhead • NetFlow - Compact, binary, multiple events per packet: ~7-10% processing overhead • Context rich: • Event driven: Flow Created, Denied, tear-down • Network Address Translations • User-ID
ASA NSEL Configuration 21 ! flow-export destination management <ip-address> 2055 ! policy-map global_policy class class-default flow-export event-type all destination <ip-address> ! flow-export template timeout-rate 2 logging flow-export syslogs disable !
ASA Flow Table 22 Inside local Outside global Server User
Core: Nexus 7000 & NGA 23 Nexus 7000 Cisco NGA SPAN NetFlow Generation Appliance: • 4x10 G monitoring interfaces • Non-performance impacting 1:1 NetFlow generation • NetFlow version 5, 9 and IPFIX • 80M Active Flow Cache • 200K NetFlow record export per sec
Nexus 7004 Configuration 24 ! interface port-channel8 description <<** NGA SPAN PORTS **>> switchport mode trunk switchport monitor ! monitor session 1 description SPAN ASA Data Traffic from Po20 source interface port-channel20 rx destination interface port-channel8 no shut
NGA Config 25
Alternative: Physical FlowSensor 26 Nexus 7000 StealthWatch FlowSensor SPAN StealthWatch FlowSensor • Multiple hardware platforms up to 20 Gbps throughout • Non-performance impacting 1:1 NetFlow generation • Recognition of over 900 Applications • URL capture • Additional statistics: • Server Response Time • Round Trip Time
Access: Nexus 1000v 27 Nexus 1000v Nexus 1000v: • NetFlow as close to access as possible: complete visibility • Visibility into VM-to-VM communication (across the 1000v) • Up to 256 NetFlow interfaces; one flow monitor per interface, per direction • Cache: 256 to 16384 entries - default is 4096.
Nexus 1000v NetFlow Config 28 feature netflow ! flow exporter nf-export-1 description <<** SEA Lancope Flow Collector **>> destination 172.26.164.240 use-vrf management transport udp 2055 source mgmt0 version 9 option exporter-stats timeout 300 option interface-table timeout 300 ! flow monitor sea-enclaves record netflow-original exporter nf-export-1 timeout active 60 timeout inactive 15 ! port-profile type vethernet enc1-3001 ip flow monitor sea-enclaves input
29 Optional: StealthWatch FlowSensor VE capture SERVICE CONSOLEVM VM lightweight packet capture and IPFIX generation Visibility & Context: • Flow records include: • VM name • VM server name • VM State • vMotion aware • Host Profiled in terms of VM name • Application, SRT, RRT (same as physical)
30 FlowSensor VE: VM Visbility
31 FlowSensor VE: VM Visbility Provide VM-to-VM Policy Monitoring within the same VMware server
Summary 32 More Information: • http://www.lancope.com/ • http://www.cisco.com/go/securedatacenter • http://www.cisco.com/go/threatdefense NetFlow and the Lancope StealthWatch System provide actionable security intelligence in data centers Visibility into Data Center traffic has historically been difficult
THANK YOU 33© 2013 Lancope, Inc. All rights reserved.

More Related Content

PDF
TechWiseTV Workshop: Cisco Stealthwatch and ISE
byRobb Boyd
 
PPTX
TechWiseTV Workshop: Cisco TrustSec
byRobb Boyd
 
PPTX
Software defined security-framework_final
byLan & Wan Solutions
 
PDF
TechWiseTV Workshop: Stealthwatch Learning Network License
byRobb Boyd
 
PDF
Cisco Study: State of Web Security
byCisco Canada
 
PDF
Palo Alto Networks Portfolio & Strategy Overview 2019
bySean Xie
 
PPTX
Where to Store the Cloud Encryption Keys - InterOp 2012
byTrend Micro
 
PDF
The Network as a Sensor, Cisco and Lancope
byCisco Enterprise Networks
 
TechWiseTV Workshop: Cisco Stealthwatch and ISE
byRobb Boyd
 
TechWiseTV Workshop: Cisco TrustSec
byRobb Boyd
 
Software defined security-framework_final
byLan & Wan Solutions
 
TechWiseTV Workshop: Stealthwatch Learning Network License
byRobb Boyd
 
Cisco Study: State of Web Security
byCisco Canada
 
Palo Alto Networks Portfolio & Strategy Overview 2019
bySean Xie
 
Where to Store the Cloud Encryption Keys - InterOp 2012
byTrend Micro
 
The Network as a Sensor, Cisco and Lancope
byCisco Enterprise Networks
 

What's hot

PPTX
Checkpoint Overview
byLeonardo Antichi
 
PDF
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
byCisco Canada
 
PDF
Cisco Trustsec & Security Group Tagging
byCisco Canada
 
PDF
The 5 elements of IoT security
byJulien Vermillard
 
PDF
Palo alto networks product overview
byBelsoft
 
PPTX
Network Security Architecture
byInnoTech
 
PPTX
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)
byRobb Boyd
 
PPT
Asa sslvpn security
byJack Melson
 
PDF
Cloud summit demystifying cloud security
byDavid De Vos
 
DOCX
Requirement for creating a Penetration Testing Lab
bySyed Ubaid Ali Jafri
 
PPTX
Watchguard short introduction
byJimmy Saigon
 
PDF
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
byShah Sheikh
 
PDF
My Final Year Project
byMOHAMMEDELALAM1
 
PPTX
Defending the Data Center: Managing Users from the Edge to the Application
byCisco Security
 
PDF
What is micro segmentation?
byMir Mustafa Ali
 
PDF
Eximbank security presentation
bylaonap166
 
PPSX
ISE_Pub
byWill Hatcher
 
PPTX
Sourcefire Webinar - NEW GENERATION IPS
bymmiznoni
 
PDF
Who owns security in the cloud
byTrend Micro
 
PPTX
From Physical to Virtual to Cloud
byCisco Security
 
Checkpoint Overview
byLeonardo Antichi
 
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
byCisco Canada
 
Cisco Trustsec & Security Group Tagging
byCisco Canada
 
The 5 elements of IoT security
byJulien Vermillard
 
Palo alto networks product overview
byBelsoft
 
Network Security Architecture
byInnoTech
 
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)
byRobb Boyd
 
Asa sslvpn security
byJack Melson
 
Cloud summit demystifying cloud security
byDavid De Vos
 
Requirement for creating a Penetration Testing Lab
bySyed Ubaid Ali Jafri
 
Watchguard short introduction
byJimmy Saigon
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
byShah Sheikh
 
My Final Year Project
byMOHAMMEDELALAM1
 
Defending the Data Center: Managing Users from the Edge to the Application
byCisco Security
 
What is micro segmentation?
byMir Mustafa Ali
 
Eximbank security presentation
bylaonap166
 
ISE_Pub
byWill Hatcher
 
Sourcefire Webinar - NEW GENERATION IPS
bymmiznoni
 
Who owns security in the cloud
byTrend Micro
 
From Physical to Virtual to Cloud
byCisco Security
 

Viewers also liked

PPTX
How to detect side channel attacks in cloud infrastructures
byPasquale Puzio
 
PDF
A University Network Design Exercise
byjoelavery
 
PPTX
Secure Network Design with High-Availability & VoIP
byArpan Patel
 
PDF
WWTC_implementation_plan_Group5_FINAL
byJohn Bernal
 
PPTX
ISP core routing project
byvishal sharma
 
PPTX
Developing A Strategic Business Plan
byEarl Stevens
 
PPT
Sample Business Plan Presentation
byEnigma
 
PDF
Business Plan Sample - Great Example For Anyone Writing a Business Plan
byThe Business Plan Team
 
PDF
Business plan for a BPO company in Colombia (Business Process Outsourcing - ...
byJonathan Donado
 
PPTX
Mobile Internet - Africa's Digital Backbone
byAdeyemi Fowe
 
PPT
Business Plan Powerpoint 1
byhaleydawn
 
PPT
Business Plan Highlights Template
byevansridge
 
PDF
Timing attacks have never been so practical: Advance cross site search attacks
byPriyanka Aash
 
PPT
ISP
byaj1974
 
How to detect side channel attacks in cloud infrastructures
byPasquale Puzio
 
A University Network Design Exercise
byjoelavery
 
Secure Network Design with High-Availability & VoIP
byArpan Patel
 
WWTC_implementation_plan_Group5_FINAL
byJohn Bernal
 
ISP core routing project
byvishal sharma
 
Developing A Strategic Business Plan
byEarl Stevens
 
Sample Business Plan Presentation
byEnigma
 
Business Plan Sample - Great Example For Anyone Writing a Business Plan
byThe Business Plan Team
 
Business plan for a BPO company in Colombia (Business Process Outsourcing - ...
byJonathan Donado
 
Mobile Internet - Africa's Digital Backbone
byAdeyemi Fowe
 
Business Plan Powerpoint 1
byhaleydawn
 
Business Plan Highlights Template
byevansridge
 
Timing attacks have never been so practical: Advance cross site search attacks
byPriyanka Aash
 
ISP
byaj1974
 

Similar to Data center webinar_v2_1

PDF
Security & Virtualization in the Data Center
byCisco Russia
 
PPTX
Leverage the Network to Detect and Manage Threats
byCisco Canada
 
PDF
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
byNetworkCollaborators
 
PPTX
Security and-visibility
byedwardstudyemai
 
PPTX
nsx overview with use cases 1.0
byPloynatcha Akkaraputtipat
 
PDF
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
byCisco Russia
 
PDF
NetFlow Monitoring for Cyber Threat Defense
byCisco Canada
 
PDF
VMware NSX for vSphere - Intro and use cases
byAngel Villar Garea
 
PDF
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
byLancope, Inc.
 
PDF
Cloud Security Solution Overview
byCisco Service Provider
 
PPTX
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
byLancope, Inc.
 
PPTX
Secure Data Center Solution with FP 9300 - BDM
byBill McGee
 
PDF
infraxstructure: Piotr Wojciechowski "Secure Data Center"
byPROIDEA
 
PDF
Cisco Connect 2018 Thailand - Telco service provider network analytics
byNetworkCollaborators
 
PPTX
New Threats, New Approaches in Modern Data Centers
byIben Rodriguez
 
PDF
GAMO VMware vCloud Air
byGAMO a.s.
 
PPTX
Detect Threats Faster
byForce 3
 
PPTX
Protecting Financial Networks from Cyber Crime
byLancope, Inc.
 
PDF
A rede como um sensor de segurança
byCisco do Brasil
 
PDF
Using Your Network as a Sensor for Enhanced Visibility and Security
byLancope, Inc.
 
Security & Virtualization in the Data Center
byCisco Russia
 
Leverage the Network to Detect and Manage Threats
byCisco Canada
 
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
byNetworkCollaborators
 
Security and-visibility
byedwardstudyemai
 
nsx overview with use cases 1.0
byPloynatcha Akkaraputtipat
 
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
byCisco Russia
 
NetFlow Monitoring for Cyber Threat Defense
byCisco Canada
 
VMware NSX for vSphere - Intro and use cases
byAngel Villar Garea
 
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
byLancope, Inc.
 
Cloud Security Solution Overview
byCisco Service Provider
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
byLancope, Inc.
 
Secure Data Center Solution with FP 9300 - BDM
byBill McGee
 
infraxstructure: Piotr Wojciechowski "Secure Data Center"
byPROIDEA
 
Cisco Connect 2018 Thailand - Telco service provider network analytics
byNetworkCollaborators
 
New Threats, New Approaches in Modern Data Centers
byIben Rodriguez
 
GAMO VMware vCloud Air
byGAMO a.s.
 
Detect Threats Faster
byForce 3
 
Protecting Financial Networks from Cyber Crime
byLancope, Inc.
 
A rede como um sensor de segurança
byCisco do Brasil
 
Using Your Network as a Sensor for Enhanced Visibility and Security
byLancope, Inc.
 

More from Lancope, Inc.

PDF
Network Security and Visibility through NetFlow
byLancope, Inc.
 
PPTX
SCADA Security: The Five Stages of Cyber Grief
byLancope, Inc.
 
PDF
SCADA Security: The Five Stages of Cyber Grief
byLancope, Inc.
 
PPTX
The Internet of Everything is Here
byLancope, Inc.
 
PPTX
Reverse Engineering Malware: A look inside Operation Tovar
byLancope, Inc.
 
PPTX
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
byLancope, Inc.
 
PDF
The Seven Deadly Sins of Incident Response
byLancope, Inc.
 
PDF
Solving the Visibility Gap for Effective Security
byLancope, Inc.
 
PPTX
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
byLancope, Inc.
 
PPTX
Extending Network Visibility: Down to the Endpoint
byLancope, Inc.
 
PPTX
Combating Insider Threats – Protecting Your Agency from the Inside Out
byLancope, Inc.
 
PDF
Needs of a Modern Incident Response Program
byLancope, Inc.
 
PPTX
Insider threats webinar 01.28.15
byLancope, Inc.
 
PDF
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
byLancope, Inc.
 
PPTX
Save Your Network – Protecting Healthcare Data from Deadly Breaches
byLancope, Inc.
 
PDF
5 Signs you have an Insider Threat
byLancope, Inc.
 
PPTX
Looking for the weird webinar 09.24.14
byLancope, Inc.
 
PPTX
Protecting the Crown Jewels from Devastating Data Breaches
byLancope, Inc.
 
PPTX
Combating Insider Threats – Protecting Your Agency from the Inside Out
byLancope, Inc.
 
PDF
The Library of Sparta
byLancope, Inc.
 
Network Security and Visibility through NetFlow
byLancope, Inc.
 
SCADA Security: The Five Stages of Cyber Grief
byLancope, Inc.
 
SCADA Security: The Five Stages of Cyber Grief
byLancope, Inc.
 
The Internet of Everything is Here
byLancope, Inc.
 
Reverse Engineering Malware: A look inside Operation Tovar
byLancope, Inc.
 
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
byLancope, Inc.
 
The Seven Deadly Sins of Incident Response
byLancope, Inc.
 
Solving the Visibility Gap for Effective Security
byLancope, Inc.
 
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
byLancope, Inc.
 
Extending Network Visibility: Down to the Endpoint
byLancope, Inc.
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
byLancope, Inc.
 
Needs of a Modern Incident Response Program
byLancope, Inc.
 
Insider threats webinar 01.28.15
byLancope, Inc.
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
byLancope, Inc.
 
Save Your Network – Protecting Healthcare Data from Deadly Breaches
byLancope, Inc.
 
5 Signs you have an Insider Threat
byLancope, Inc.
 
Looking for the weird webinar 09.24.14
byLancope, Inc.
 
Protecting the Crown Jewels from Devastating Data Breaches
byLancope, Inc.
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
byLancope, Inc.
 
The Library of Sparta
byLancope, Inc.
 

Recently uploaded

PDF
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
PDF
December Patch Tuesday
byIvanti
 
PPTX
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PDF
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PDF
How Mobile Apps Are Shaping the Future of Digital Innovation
byWilliam Taylor
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PPTX
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
PDF
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
PDF
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
PDF
Incident Response Planning with a Foundation Model
byKim Hammar
 
PPTX
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
PDF
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
PDF
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
PDF
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 
PDF
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
PDF
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
December Patch Tuesday
byIvanti
 
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
The year in review - MarvelClient in 2025
bypanagenda
 
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
How Mobile Apps Are Shaping the Future of Digital Innovation
byWilliam Taylor
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
Incident Response Planning with a Foundation Model
byKim Hammar
 
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 

Data center webinar_v2_1

  • 1.
    Securing the DataCenter Matt Robertson - Lancope Technical Marketing Engineer David Anderson – Cisco Principal Solution Architect, Data Center Security
  • 2.
  • 3.
    Evolution of CyberConflict War Dialing, Phone Phreaking … Manual Attacks (1980s) Viruses, Worms … Mechanized Attacks (1988) Google, RSA … Talented Human / Mechanized Attackers (2009) Cyrptocurrency Ransoms, Store-bought Credentials ... DIY Human / Mechanized Attackers (2011) Intelligence Driven Human Defenders Manual Defenses Unplug Mechanized Defenses Firewall, IDS/IPS Targeted Human/Mechanized DefendersReputation, App-aware FirewallAPT, Multi-Step Attacks… Target, Neiman Marcus …
  • 4.
    Security Buckets Segmentation • Establishboundaries: network, compute, virtual • Enforce policy by functions, devices, organizations, compliance • Control and prevent unauthorized access to networks, resources, applications Threat Defense • Stop internal and external attacks and interruption of services • Patrol zone and edge boundaries • Control information access and usage, prevent data loss and data modification Visibility • Provide transparency to usage • Apply business context to network activity • Simplify operations and compliance reporting
  • 5.
    Internet Partners Application Software Virtual Machines VSwitch Access Aggregation and Services CoreEdge IP-NGN Backbone Storage and SAN Compute IP-NGN Application Control (SLB+) Service Control Firewall Services Virtual Device Contexts Fibre Channel Forwarding Fabric Extension Fabric-Hosted Storage Virtualization Storage Media Encryption Virtual Contexts for FW & SLB Port Profiles & VN- Link Port Profiles & VN-Link Line-Rate NetFlow Virtual Device Contexts Secure Domain Routing Service Profiles Virtual Machine Optimization Virtual Firewall Edge and VM Intrusion Detection PhysicalVirtual Security As A System Unified Policy
  • 6.
    UCSVirtual AccessStorage Data CenterSecurity Control Framework Multi-Layer, Distributed Model Data Center Core Layer DC Service Layer DC Access Layer Services • Initial filter for DC ingress and egress traffic. Virtual Context used to split polices for server-to-server filtering • Additional firewall services for server farm specific protection Infrastructure Security • Infrastructure Security features are enabled to protect device, traffic plane and control plane • 802.1ae and vPC provides internal/external separation Services • IPS/IDS provide traffic analysis and forensics • Network Analysis provide traffic monitoring and data analysis • Server load balancing masks servers and applicationsData security authenticate & access control Port security authentication, QoS features Virtual Firewall Real-time Monitoring Firewall Rules ACLs, Port Security, VN Tag, Netflow, ERSPAN, QoS, CoPP, DHCP snooping Security Management • Visibility • Event correlation, syslog, centralized authentication • Forensics • Anomaly detection • Compliance AD, ASDM CSM, VNMC, ACS DC Aggregation Layer
  • 7.
    Visibility Challenges inthe Data Center High value assets and data Large, high volume throughput Multiple layers and levels of communication Virtual hosts
  • 8.
    NetFlow 8 10.2.2.2 port 1024 10.1.1.1 port 80 eth0/1 eth0/2 StartTime Interface Src IP Src Port Dest IP Dest Port Proto Pkts Sent Bytes Sent TCP Flags 10:20:12.221 eth0/1 10.2.2.2 1024 10.1.1.1 80 TCP 5 1025 SYN,ACK,PSH 10:20:12.871 eth0/2 10.1.1.1 80 10.2.2.2 1024 TCP 17 28712 SYN,ACK,FIN Start Time Interface Src IP Src Port Dest IP Dest Port Proto Pkts Sent Bytes Sent TCP Flags 10:20:12.221 eth0/1 10.2.2.2 1024 10.1.1.1 80 TCP 5 1025 SYN,ACK,PSH
  • 9.
    Network Devices StealthWatch FlowCollector StealthWatch Management Console NetFlow Users/Devices Cisco ISE NBARNSEL StealthWatch Solution Components StealthWatch FlowSensor StealthWatch FlowSensor VE NetFlow StealthWatch FlowReplicator Other tools/collectors
  • 10.
  • 11.
    Behavior-Based Attack Detection HighConcern Index indicates a significant number of suspicious events that deviate from established baselines
  • 12.
    StealthWatch: Alarms 12 Alarms • Indicatesignificant behavior changes and policy violations • Known and unknown attacks generate alarms • Activity that falls outside the baseline, acceptable behavior or established policies
  • 13.
    13© 2013 Lancope,Inc. All rights reserved. Suspect Data Hoarding Unusually large amount of data inbound from other hosts Default Policy
  • 14.
    14© 2013 Lancope,Inc. All rights reserved. Target Data Hoarding Unusually large amount of data outbound from a host to multiple hosts Default Policy
  • 15.
    Custom Security Events Timerange Object conditions Peer conditions Connection conditions
  • 16.
    Custom Security Events HighLevel Use cases: • Check policy • Check for known bad conditions Examples: • IOC specific to environment • Audit compliance (ex. Users to PCI servers) • VM-to-VM communication • Inappropriate access or applications
  • 17.
    17 Cisco Cyber ThreatDefense Solution for the Data Center Design
  • 18.
  • 19.
    CTD Data CenterValidated Architecture Nexus 1000v Nexus 7000 StealthWatch FlowCollector StealthWatch Management Console https NetFlow Cisco NGACisco NGA Cisco ASA SPAN SPAN
  • 20.
    Edge: ASA 20 NetFlow SecurityEvent Logging: • Provides visualization into policy enforcement points Monitor communication between branches • Efficient event reporting mechanism: • Syslog - Verbose, text based, single event per packet: ~30% processing overhead • NetFlow - Compact, binary, multiple events per packet: ~7-10% processing overhead • Context rich: • Event driven: Flow Created, Denied, tear-down • Network Address Translations • User-ID
  • 21.
    ASA NSEL Configuration 21 ! flow-exportdestination management <ip-address> 2055 ! policy-map global_policy class class-default flow-export event-type all destination <ip-address> ! flow-export template timeout-rate 2 logging flow-export syslogs disable !
  • 22.
    ASA Flow Table 22 Insidelocal Outside global Server User
  • 23.
    Core: Nexus 7000& NGA 23 Nexus 7000 Cisco NGA SPAN NetFlow Generation Appliance: • 4x10 G monitoring interfaces • Non-performance impacting 1:1 NetFlow generation • NetFlow version 5, 9 and IPFIX • 80M Active Flow Cache • 200K NetFlow record export per sec
  • 24.
    Nexus 7004 Configuration 24 ! interfaceport-channel8 description <<** NGA SPAN PORTS **>> switchport mode trunk switchport monitor ! monitor session 1 description SPAN ASA Data Traffic from Po20 source interface port-channel20 rx destination interface port-channel8 no shut
  • 25.
  • 26.
    Alternative: Physical FlowSensor 26 Nexus7000 StealthWatch FlowSensor SPAN StealthWatch FlowSensor • Multiple hardware platforms up to 20 Gbps throughout • Non-performance impacting 1:1 NetFlow generation • Recognition of over 900 Applications • URL capture • Additional statistics: • Server Response Time • Round Trip Time
  • 27.
    Access: Nexus 1000v 27 Nexus1000v Nexus 1000v: • NetFlow as close to access as possible: complete visibility • Visibility into VM-to-VM communication (across the 1000v) • Up to 256 NetFlow interfaces; one flow monitor per interface, per direction • Cache: 256 to 16384 entries - default is 4096.
  • 28.
    Nexus 1000v NetFlowConfig 28 feature netflow ! flow exporter nf-export-1 description <<** SEA Lancope Flow Collector **>> destination 172.26.164.240 use-vrf management transport udp 2055 source mgmt0 version 9 option exporter-stats timeout 300 option interface-table timeout 300 ! flow monitor sea-enclaves record netflow-original exporter nf-export-1 timeout active 60 timeout inactive 15 ! port-profile type vethernet enc1-3001 ip flow monitor sea-enclaves input
  • 29.
    29 Optional: StealthWatch FlowSensorVE capture SERVICE CONSOLEVM VM lightweight packet capture and IPFIX generation Visibility & Context: • Flow records include: • VM name • VM server name • VM State • vMotion aware • Host Profiled in terms of VM name • Application, SRT, RRT (same as physical)
  • 30.
  • 31.
    31 FlowSensor VE: VMVisbility Provide VM-to-VM Policy Monitoring within the same VMware server
  • 32.
    Summary 32 More Information: • http://www.lancope.com/ •http://www.cisco.com/go/securedatacenter • http://www.cisco.com/go/threatdefense NetFlow and the Lancope StealthWatch System provide actionable security intelligence in data centers Visibility into Data Center traffic has historically been difficult
  • 33.
    THANK YOU 33© 2013 Lancope,Inc. All rights reserved.