SlideShare a Scribd company logo

Network Automation in Support of Cyber Defense

R
Richard Larkin

Network Automation improves efficiency of NetOps by providing real-time and historic network visibility, compliance verification and validation, on-demand monitoring through visual troubleshooting and remediation, which facilitates collaboration with CyberOps. It can have a dramatic impact before, during and after cyber-attacks. With the increasing pace and complexity of cyber-attacks in a resource strained environment, network automation is important for maintaining a solid cyber defense.

Technology
1 of 21
Download to read offline
NetBrain Technologies 15 Network Drive Burlington, MA 01803 +1 800.605.7964 info@netbraintech.com www.netbraintech.com Network Automation in Support of Cyber Defense Rick Larkin Senior Network Engineer NetBrain Technologies, Inc 23 June 2016
o DoD Cyber Defense Challenges  Real-time network visibility  Flexible network automation o Adaptive Network Automation Framework o Adaptive Network Automation Applied to Cyber Defense  Before  During  After Agenda
Addressing network visibility and automation DoD Cyber Defense Challenges
“DISA is a case in point. With 4.5 million users and 11 core data centers, its infrastructure generates about 10 million alarms per day… Approximately 2,000 of those become trouble tickets… …Then there’s hacking: DISA logs 800 billion security events per day… …Between countermeasures, configuration fixes, and the rest, DISA makes about 22,000 changes to its infrastructure every day…” MG Zabel, Vice Director, DISA http://www.cio.com/article/3068663/networks-need-automation-just-ask-the-us-military.html 𝑇𝑜𝑑𝑎𝑦′ 𝑠 𝑇ℎ𝑟𝑒𝑎𝑡 = ෍ 1986 2016 𝐼𝑇 𝐶ℎ𝑎𝑙𝑙𝑒𝑛𝑔𝑒𝑠 𝑥 10 Cyber Defense Challenges
DoD Cyber Defense Challenges NIST RMF DIACAP 8500s ATC/ATT/ATOCNDSP ASIs POND POA&M CCRIs IAVAs OPREP/SITREP/CASREPs AARsSTIGs JIE JRSS o Cyber Threats evolving rapidly, requirements increasing, resources strained o Network Automation is a key force multiplier!
Two Unsolved Challenges o Lack of Real-Time Network Visibility » Traditional methods don’t work. Example: Static Network Maps. » Need “real-time” network visualization, end to end o Limited Network Automation » Current network automation has limited functional scope, need to write complex regular expressions, not portable, etc. » Need for Network Automation 2.0, that is, o Data-driven o Dynamically created o Simplified
3 Generations of Network Visibility o Generation 1: » Discover the Network with SNMP » Generate Asset and Inventory Reports Discovery Inventory
3 Generations of Network Visibility Discovery Inventory Static mapo Generation 2: » Added Static Map generation
3 Generations of Network Visibility o Generation 3: » Network model based (configuration, SNMP, NETFLOW, network tables, etc) » Real-time, up-to-date, adaptive, dynamic solution Discovery Comprehensive Data Model Dynamic, Data Driven map
Network Visibility & Management Today • NetOps • CyberOps • CPTs • NOC • IA/ISSM • Architecture • Design • IDS • IPS • Firewall • NetFlow Data • SIEM • Big Data Analytics
Download Executable Intelligence Run Adaptive Network Automation Adaptive Network Automation Framework Comprehensive Data Model • Topology • Design • History Define Automation Task via Dynamic Map • NetOps • CyberOps • CPTs • NOC • IA/ISSM • Architecture • Design • IDS • IPS • Firewall • NetFlow Data • SIEM • Big Data Analytics
Applying Adaptive Network Automation Before, during, and after a cyber event
Map as the Single Pane of Glass » Automated Analysis – Fully Customizable » Execute manual tasks in seconds » Initiated by operators or automatically from integrated systems like IDS/IPS, Trouble Tickets, SIEM or CMDB.
Before – Discovery & Asset Identification o Deep Network discovery » Accurate, Fast o Inventory Report » Derived from comprehensive data model o Dynamic network documentation, updated daily and on demand » Supports ATO development, CCRI preparation and supports operations
o Automated Compliance validation & verification » NIST RMF, DISA/NSA STIGs, IAVAs, CC/S/A specific o Proactive NetOps & CyberOps » Automation technology can help CPTs, as well as on-site Network & IA staff Before – Vulnerability Assessment
Triggered by human intervention or backend systems (IDS/IPS, Logs, CMDB, …) » Map the threat (e.g. an attack path to a server) » Run diagnosis and health analysis on the map » Identify network changes During – Threat Identification
Apply network changes and patches with automation: » Configure policies (ACL/QoS/etc.) » Redirect traffic (honeypot) » Disable ports During – Attack Mitigation
Apply lessons-learned from attack: o Forensics/analysis o Enhance executable intelligence o Update network data model automatically After – Strengthen Cyber Defense w/ Automation
o Cyber Event Management – Automation can significantly reduce response time o Allows for collaboration between NetOps & CyberOps, as well as Tiered Teams. o Runbooks allow process chaining in response to Asymmetric Cyber threats. NetOps CyberOps Vendor Management Collaboration & Escalation of issues
Summary Adaptive Network Automation Framework in support of Cyber Defense o Before » Maintain accurate, up to date documentation – ATOs, CCRI, best practice » Verify & Validate compliance – NIST RMF, STIGs, IAVAs, CC/S/A specific o During » Identify and isolate impacted data, systems & networks » Triage environments, and support rapid remediation o After » Based on new discovered threat(s), apply new configurations and update documentation » Leverage historical information for AARs and forensics
o Founded in 2004, NetBrain is the first software provider to apply the concept of CAD automation to network management. » Awarded multiple patents in Computer Aided Network Engineering (C.A.N.E) o Customer overview » 1,300+ customers worldwide » Multiple sectors Adaptive Automation – Here and Now

Recommended

Big data lab as a service
Big data lab as a serviceBig data lab as a service
Big data lab as a service
Hadi Fadlallah
 
Intrusion detection 2001
Intrusion detection 2001Intrusion detection 2001
Intrusion detection 2001eaiti
 
Cyber Defense in 2016
Cyber Defense in 2016Cyber Defense in 2016
Cyber Defense in 2016
Nixu Corporation
 
Nixu Cyber Defense Center - You have one fear less.
Nixu Cyber Defense Center - You have one fear less.Nixu Cyber Defense Center - You have one fear less.
Nixu Cyber Defense Center - You have one fear less.
Nixu Corporation
 
Cyber Defense: three fundamental steps
Cyber Defense: three fundamental stepsCyber Defense: three fundamental steps
Cyber Defense: three fundamental steps
Leonardo
 
Nixu 30.8.2016 First North -tilaisuus Nordnet
Nixu 30.8.2016 First North -tilaisuus NordnetNixu 30.8.2016 First North -tilaisuus Nordnet
Nixu 30.8.2016 First North -tilaisuus Nordnet
Nordnet Suomi
 
Intro to Nick Arancio and NOC Building philosophy
Intro to Nick Arancio and NOC Building philosophyIntro to Nick Arancio and NOC Building philosophy
Intro to Nick Arancio and NOC Building philosophy
Nick Arancio
 
Tietovastuu - Pilvipalveluiden turvallisuus
Tietovastuu - Pilvipalveluiden turvallisuusTietovastuu - Pilvipalveluiden turvallisuus
Tietovastuu - Pilvipalveluiden turvallisuusNixu Corporation
 

Recommended

Big data lab as a service
Big data lab as a serviceBig data lab as a service
Big data lab as a service
Hadi Fadlallah
 
Intrusion detection 2001
Intrusion detection 2001Intrusion detection 2001
Intrusion detection 2001eaiti
 
Cyber Defense in 2016
Cyber Defense in 2016Cyber Defense in 2016
Cyber Defense in 2016
Nixu Corporation
 
Nixu Cyber Defense Center - You have one fear less.
Nixu Cyber Defense Center - You have one fear less.Nixu Cyber Defense Center - You have one fear less.
Nixu Cyber Defense Center - You have one fear less.
Nixu Corporation
 
Cyber Defense: three fundamental steps
Cyber Defense: three fundamental stepsCyber Defense: three fundamental steps
Cyber Defense: three fundamental steps
Leonardo
 
Nixu 30.8.2016 First North -tilaisuus Nordnet
Nixu 30.8.2016 First North -tilaisuus NordnetNixu 30.8.2016 First North -tilaisuus Nordnet
Nixu 30.8.2016 First North -tilaisuus Nordnet
Nordnet Suomi
 
Intro to Nick Arancio and NOC Building philosophy
Intro to Nick Arancio and NOC Building philosophyIntro to Nick Arancio and NOC Building philosophy
Intro to Nick Arancio and NOC Building philosophy
Nick Arancio
 
Tietovastuu - Pilvipalveluiden turvallisuus
Tietovastuu - Pilvipalveluiden turvallisuusTietovastuu - Pilvipalveluiden turvallisuus
Tietovastuu - Pilvipalveluiden turvallisuusNixu Corporation
 
Network operations center best practices (3)
Network operations center best practices (3)Network operations center best practices (3)
Network operations center best practices (3)Gabby Nizri
 
Higher education IAM-seminar Turku 10.12.2009
Higher education IAM-seminar Turku 10.12.2009Higher education IAM-seminar Turku 10.12.2009
Higher education IAM-seminar Turku 10.12.2009
Kim Westerlund
 
What has changed in Corporate Cybersecurity?
What has changed in Corporate Cybersecurity?What has changed in Corporate Cybersecurity?
What has changed in Corporate Cybersecurity?
Nixu Corporation
 
Pirater un compte facebook
Pirater un compte facebookPirater un compte facebook
Pirater un compte facebook
zabakpolak
 
Cybertech 2014, Irsaël
Cybertech 2014, IrsaëlCybertech 2014, Irsaël
Cybertech 2014, Irsaël
FSJU AUJF
 
Les nouveaux usages géographiques du cyberespace
Les nouveaux usages géographiques du cyberespaceLes nouveaux usages géographiques du cyberespace
Les nouveaux usages géographiques du cyberespace
Jérémie34
 
Fiche type nouveau media il fr
Fiche type nouveau media il frFiche type nouveau media il fr
Fiche type nouveau media il fr
FSJU AUJF
 
Aerospace Defense Cyber Security Executive Search
Aerospace Defense Cyber Security Executive SearchAerospace Defense Cyber Security Executive Search
Aerospace Defense Cyber Security Executive Search
NextGen Global Executive Search
 
Cyber defense: Understanding and Combating the Threat
Cyber defense: Understanding and Combating the ThreatCyber defense: Understanding and Combating the Threat
Cyber defense: Understanding and Combating the Threat
IBM Government
 
Présentation Cyber espace
Présentation Cyber espacePrésentation Cyber espace
Présentation Cyber espaceadelvigne
 
Sécuriser son espace Cyber-base face aux usages illicites - ExplorCamp (2009)
Sécuriser son espace Cyber-base face aux usages illicites - ExplorCamp (2009)Sécuriser son espace Cyber-base face aux usages illicites - ExplorCamp (2009)
Sécuriser son espace Cyber-base face aux usages illicites - ExplorCamp (2009)
Ardesi Midi-Pyrénées
 
Rapport Bockel sur la cyber-défense
Rapport Bockel sur la cyber-défenseRapport Bockel sur la cyber-défense
Rapport Bockel sur la cyber-défenseFrançois Bourboulon
 
Valdes cyberguerre-barcamp2012
Valdes cyberguerre-barcamp2012Valdes cyberguerre-barcamp2012
Valdes cyberguerre-barcamp2012
Valdes Nzalli
 
Critical Controls Of Cyber Defense
Critical Controls Of Cyber DefenseCritical Controls Of Cyber Defense
Critical Controls Of Cyber DefenseRishu Mehra
 
PCI DSS 3.0 muutokset – “editor’s pick”
PCI DSS 3.0 muutokset – “editor’s pick”PCI DSS 3.0 muutokset – “editor’s pick”
PCI DSS 3.0 muutokset – “editor’s pick”
Nixu Corporation
 
L'année 2014 de la cyberdéfense
L'année 2014 de la cyberdéfenseL'année 2014 de la cyberdéfense
L'année 2014 de la cyberdéfense
ncaproni
 
Cyberwar22092011
Cyberwar22092011Cyberwar22092011
Cyberwar22092011
Paolo Passeri
 
Cyberdéfense-Eldorado-Emplois-Reconversion-v2r0
Cyberdéfense-Eldorado-Emplois-Reconversion-v2r0Cyberdéfense-Eldorado-Emplois-Reconversion-v2r0
Cyberdéfense-Eldorado-Emplois-Reconversion-v2r0
Eric DUPUIS
 
Barcamp2015 cyberguerre et-botnet
Barcamp2015 cyberguerre et-botnetBarcamp2015 cyberguerre et-botnet
Barcamp2015 cyberguerre et-botnetBarcampCameroon
 
Cyber threats landscape and defense
Cyber threats landscape and defenseCyber threats landscape and defense
Cyber threats landscape and defense
fantaghost
 
DNA: an overview
DNA: an overviewDNA: an overview
DNA: an overview
Cisco DevNet
 
Edge optimized architecture for fabric defect detection in real-time
Edge optimized architecture for fabric defect detection in real-timeEdge optimized architecture for fabric defect detection in real-time
Edge optimized architecture for fabric defect detection in real-time
Shuquan Huang
 

More Related Content

Viewers also liked

Network operations center best practices (3)
Network operations center best practices (3)Network operations center best practices (3)
Network operations center best practices (3)Gabby Nizri
 
Higher education IAM-seminar Turku 10.12.2009
Higher education IAM-seminar Turku 10.12.2009Higher education IAM-seminar Turku 10.12.2009
Higher education IAM-seminar Turku 10.12.2009
Kim Westerlund
 
What has changed in Corporate Cybersecurity?
What has changed in Corporate Cybersecurity?What has changed in Corporate Cybersecurity?
What has changed in Corporate Cybersecurity?
Nixu Corporation
 
Pirater un compte facebook
Pirater un compte facebookPirater un compte facebook
Pirater un compte facebook
zabakpolak
 
Cybertech 2014, Irsaël
Cybertech 2014, IrsaëlCybertech 2014, Irsaël
Cybertech 2014, Irsaël
FSJU AUJF
 
Les nouveaux usages géographiques du cyberespace
Les nouveaux usages géographiques du cyberespaceLes nouveaux usages géographiques du cyberespace
Les nouveaux usages géographiques du cyberespace
Jérémie34
 
Fiche type nouveau media il fr
Fiche type nouveau media il frFiche type nouveau media il fr
Fiche type nouveau media il fr
FSJU AUJF
 
Aerospace Defense Cyber Security Executive Search
Aerospace Defense Cyber Security Executive SearchAerospace Defense Cyber Security Executive Search
Aerospace Defense Cyber Security Executive Search
NextGen Global Executive Search
 
Cyber defense: Understanding and Combating the Threat
Cyber defense: Understanding and Combating the ThreatCyber defense: Understanding and Combating the Threat
Cyber defense: Understanding and Combating the Threat
IBM Government
 
Présentation Cyber espace
Présentation Cyber espacePrésentation Cyber espace
Présentation Cyber espaceadelvigne
 
Sécuriser son espace Cyber-base face aux usages illicites - ExplorCamp (2009)
Sécuriser son espace Cyber-base face aux usages illicites - ExplorCamp (2009)Sécuriser son espace Cyber-base face aux usages illicites - ExplorCamp (2009)
Sécuriser son espace Cyber-base face aux usages illicites - ExplorCamp (2009)
Ardesi Midi-Pyrénées
 
Rapport Bockel sur la cyber-défense
Rapport Bockel sur la cyber-défenseRapport Bockel sur la cyber-défense
Rapport Bockel sur la cyber-défenseFrançois Bourboulon
 
Valdes cyberguerre-barcamp2012
Valdes cyberguerre-barcamp2012Valdes cyberguerre-barcamp2012
Valdes cyberguerre-barcamp2012
Valdes Nzalli
 
Critical Controls Of Cyber Defense
Critical Controls Of Cyber DefenseCritical Controls Of Cyber Defense
Critical Controls Of Cyber DefenseRishu Mehra
 
PCI DSS 3.0 muutokset – “editor’s pick”
PCI DSS 3.0 muutokset – “editor’s pick”PCI DSS 3.0 muutokset – “editor’s pick”
PCI DSS 3.0 muutokset – “editor’s pick”
Nixu Corporation
 
L'année 2014 de la cyberdéfense
L'année 2014 de la cyberdéfenseL'année 2014 de la cyberdéfense
L'année 2014 de la cyberdéfense
ncaproni
 
Cyberwar22092011
Cyberwar22092011Cyberwar22092011
Cyberwar22092011
Paolo Passeri
 
Cyberdéfense-Eldorado-Emplois-Reconversion-v2r0
Cyberdéfense-Eldorado-Emplois-Reconversion-v2r0Cyberdéfense-Eldorado-Emplois-Reconversion-v2r0
Cyberdéfense-Eldorado-Emplois-Reconversion-v2r0
Eric DUPUIS
 
Barcamp2015 cyberguerre et-botnet
Barcamp2015 cyberguerre et-botnetBarcamp2015 cyberguerre et-botnet
Barcamp2015 cyberguerre et-botnetBarcampCameroon
 
Cyber threats landscape and defense
Cyber threats landscape and defenseCyber threats landscape and defense
Cyber threats landscape and defense
fantaghost
 

Viewers also liked (20)

Network operations center best practices (3)
Network operations center best practices (3)Network operations center best practices (3)
Network operations center best practices (3)
 
Higher education IAM-seminar Turku 10.12.2009
Higher education IAM-seminar Turku 10.12.2009Higher education IAM-seminar Turku 10.12.2009
Higher education IAM-seminar Turku 10.12.2009
 
What has changed in Corporate Cybersecurity?
What has changed in Corporate Cybersecurity?What has changed in Corporate Cybersecurity?
What has changed in Corporate Cybersecurity?
 
Pirater un compte facebook
Pirater un compte facebookPirater un compte facebook
Pirater un compte facebook
 
Cybertech 2014, Irsaël
Cybertech 2014, IrsaëlCybertech 2014, Irsaël
Cybertech 2014, Irsaël
 
Les nouveaux usages géographiques du cyberespace
Les nouveaux usages géographiques du cyberespaceLes nouveaux usages géographiques du cyberespace
Les nouveaux usages géographiques du cyberespace
 
Fiche type nouveau media il fr
Fiche type nouveau media il frFiche type nouveau media il fr
Fiche type nouveau media il fr
 
Aerospace Defense Cyber Security Executive Search
Aerospace Defense Cyber Security Executive SearchAerospace Defense Cyber Security Executive Search
Aerospace Defense Cyber Security Executive Search
 
Cyber defense: Understanding and Combating the Threat
Cyber defense: Understanding and Combating the ThreatCyber defense: Understanding and Combating the Threat
Cyber defense: Understanding and Combating the Threat
 
Présentation Cyber espace
Présentation Cyber espacePrésentation Cyber espace
Présentation Cyber espace
 
Sécuriser son espace Cyber-base face aux usages illicites - ExplorCamp (2009)
Sécuriser son espace Cyber-base face aux usages illicites - ExplorCamp (2009)Sécuriser son espace Cyber-base face aux usages illicites - ExplorCamp (2009)
Sécuriser son espace Cyber-base face aux usages illicites - ExplorCamp (2009)
 
Rapport Bockel sur la cyber-défense
Rapport Bockel sur la cyber-défenseRapport Bockel sur la cyber-défense
Rapport Bockel sur la cyber-défense
 
Valdes cyberguerre-barcamp2012
Valdes cyberguerre-barcamp2012Valdes cyberguerre-barcamp2012
Valdes cyberguerre-barcamp2012
 
Critical Controls Of Cyber Defense
Critical Controls Of Cyber DefenseCritical Controls Of Cyber Defense
Critical Controls Of Cyber Defense
 
PCI DSS 3.0 muutokset – “editor’s pick”
PCI DSS 3.0 muutokset – “editor’s pick”PCI DSS 3.0 muutokset – “editor’s pick”
PCI DSS 3.0 muutokset – “editor’s pick”
 
L'année 2014 de la cyberdéfense
L'année 2014 de la cyberdéfenseL'année 2014 de la cyberdéfense
L'année 2014 de la cyberdéfense
 
Cyberwar22092011
Cyberwar22092011Cyberwar22092011
Cyberwar22092011
 
Cyberdéfense-Eldorado-Emplois-Reconversion-v2r0
Cyberdéfense-Eldorado-Emplois-Reconversion-v2r0Cyberdéfense-Eldorado-Emplois-Reconversion-v2r0
Cyberdéfense-Eldorado-Emplois-Reconversion-v2r0
 
Barcamp2015 cyberguerre et-botnet
Barcamp2015 cyberguerre et-botnetBarcamp2015 cyberguerre et-botnet
Barcamp2015 cyberguerre et-botnet
 
Cyber threats landscape and defense
Cyber threats landscape and defenseCyber threats landscape and defense
Cyber threats landscape and defense
 

Similar to Network Automation in Support of Cyber Defense

DNA: an overview
DNA: an overviewDNA: an overview
DNA: an overview
Cisco DevNet
 
Edge optimized architecture for fabric defect detection in real-time
Edge optimized architecture for fabric defect detection in real-timeEdge optimized architecture for fabric defect detection in real-time
Edge optimized architecture for fabric defect detection in real-time
Shuquan Huang
 
cloud computing
cloud computingcloud computing
cloud computing
Krishna Kumar
 
Data center webinar_v2_1
Data center webinar_v2_1Data center webinar_v2_1
Data center webinar_v2_1Lancope, Inc.
 
Cloud Computing: Architecture, IT Security and Operational Perspectives
Cloud Computing: Architecture, IT Security and Operational PerspectivesCloud Computing: Architecture, IT Security and Operational Perspectives
Cloud Computing: Architecture, IT Security and Operational Perspectives
Megan Eskey
 
Deep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilotDeep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilot
ServicePilot
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for Stream
Splunk
 
INSECS: Intelligent networks security system
INSECS: Intelligent networks security systemINSECS: Intelligent networks security system
INSECS: Intelligent networks security system
Nadun Rajasinghe
 
Core intel
Core intelCore intel
Core intel
Krzysztof Adamski
 
Network Automation in Support of Cyber Defense
Network Automation in Support of Cyber DefenseNetwork Automation in Support of Cyber Defense
Network Automation in Support of Cyber Defense
Ken Flott
 
Network and IT Operations
Network and IT OperationsNetwork and IT Operations
Network and IT Operations
Neo4j
 
Cisco Connect 2018 Thailand - Cisco automation
Cisco Connect 2018 Thailand - Cisco automation Cisco Connect 2018 Thailand - Cisco automation
Cisco Connect 2018 Thailand - Cisco automation
NetworkCollaborators
 
MongoDB for Time Series Data
MongoDB for Time Series DataMongoDB for Time Series Data
MongoDB for Time Series Data
MongoDB
 
Shaping a Digital Vision
Shaping a Digital VisionShaping a Digital Vision
Shaping a Digital Vision
DataWorks Summit/Hadoop Summit
 
How Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run ITHow Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run IT
Peter HJ van Eijk
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself Alert Logic
 
System Support for Internet of Things
System Support for Internet of ThingsSystem Support for Internet of Things
System Support for Internet of Things
HarshitParkar6677
 
TechWiseTV Workshop: Tetration Analytics
TechWiseTV Workshop: Tetration AnalyticsTechWiseTV Workshop: Tetration Analytics
TechWiseTV Workshop: Tetration Analytics
Robb Boyd
 
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...
Deepak Shankar
 
Building Scalable IoT Apps (QCon S-F)
Building Scalable IoT Apps (QCon S-F)Building Scalable IoT Apps (QCon S-F)
Building Scalable IoT Apps (QCon S-F)
Pavel Hardak
 

Similar to Network Automation in Support of Cyber Defense (20)

DNA: an overview
DNA: an overviewDNA: an overview
DNA: an overview
 
Edge optimized architecture for fabric defect detection in real-time
Edge optimized architecture for fabric defect detection in real-timeEdge optimized architecture for fabric defect detection in real-time
Edge optimized architecture for fabric defect detection in real-time
 
cloud computing
cloud computingcloud computing
cloud computing
 
Data center webinar_v2_1
Data center webinar_v2_1Data center webinar_v2_1
Data center webinar_v2_1
 
Cloud Computing: Architecture, IT Security and Operational Perspectives
Cloud Computing: Architecture, IT Security and Operational PerspectivesCloud Computing: Architecture, IT Security and Operational Perspectives
Cloud Computing: Architecture, IT Security and Operational Perspectives
 
Deep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilotDeep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilot
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for Stream
 
INSECS: Intelligent networks security system
INSECS: Intelligent networks security systemINSECS: Intelligent networks security system
INSECS: Intelligent networks security system
 
Core intel
Core intelCore intel
Core intel
 
Network Automation in Support of Cyber Defense
Network Automation in Support of Cyber DefenseNetwork Automation in Support of Cyber Defense
Network Automation in Support of Cyber Defense
 
Network and IT Operations
Network and IT OperationsNetwork and IT Operations
Network and IT Operations
 
Cisco Connect 2018 Thailand - Cisco automation
Cisco Connect 2018 Thailand - Cisco automation Cisco Connect 2018 Thailand - Cisco automation
Cisco Connect 2018 Thailand - Cisco automation
 
MongoDB for Time Series Data
MongoDB for Time Series DataMongoDB for Time Series Data
MongoDB for Time Series Data
 
Shaping a Digital Vision
Shaping a Digital VisionShaping a Digital Vision
Shaping a Digital Vision
 
How Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run ITHow Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run IT
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
 
System Support for Internet of Things
System Support for Internet of ThingsSystem Support for Internet of Things
System Support for Internet of Things
 
TechWiseTV Workshop: Tetration Analytics
TechWiseTV Workshop: Tetration AnalyticsTechWiseTV Workshop: Tetration Analytics
TechWiseTV Workshop: Tetration Analytics
 
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...
 
Building Scalable IoT Apps (QCon S-F)
Building Scalable IoT Apps (QCon S-F)Building Scalable IoT Apps (QCon S-F)
Building Scalable IoT Apps (QCon S-F)
 

Recently uploaded

Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 

Recently uploaded (20)

Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 

Network Automation in Support of Cyber Defense

  • 1. NetBrain Technologies 15 Network Drive Burlington, MA 01803 +1 800.605.7964 info@netbraintech.com www.netbraintech.com Network Automation in Support of Cyber Defense Rick Larkin Senior Network Engineer NetBrain Technologies, Inc 23 June 2016
  • 2. o DoD Cyber Defense Challenges  Real-time network visibility  Flexible network automation o Adaptive Network Automation Framework o Adaptive Network Automation Applied to Cyber Defense  Before  During  After Agenda
  • 3. Addressing network visibility and automation DoD Cyber Defense Challenges
  • 4. “DISA is a case in point. With 4.5 million users and 11 core data centers, its infrastructure generates about 10 million alarms per day… Approximately 2,000 of those become trouble tickets… …Then there’s hacking: DISA logs 800 billion security events per day… …Between countermeasures, configuration fixes, and the rest, DISA makes about 22,000 changes to its infrastructure every day…” MG Zabel, Vice Director, DISA http://www.cio.com/article/3068663/networks-need-automation-just-ask-the-us-military.html 𝑇𝑜𝑑𝑎𝑦′ 𝑠 𝑇ℎ𝑟𝑒𝑎𝑡 = ෍ 1986 2016 𝐼𝑇 𝐶ℎ𝑎𝑙𝑙𝑒𝑛𝑔𝑒𝑠 𝑥 10 Cyber Defense Challenges
  • 5. DoD Cyber Defense Challenges NIST RMF DIACAP 8500s ATC/ATT/ATOCNDSP ASIs POND POA&M CCRIs IAVAs OPREP/SITREP/CASREPs AARsSTIGs JIE JRSS o Cyber Threats evolving rapidly, requirements increasing, resources strained o Network Automation is a key force multiplier!
  • 6. Two Unsolved Challenges o Lack of Real-Time Network Visibility » Traditional methods don’t work. Example: Static Network Maps. » Need “real-time” network visualization, end to end o Limited Network Automation » Current network automation has limited functional scope, need to write complex regular expressions, not portable, etc. » Need for Network Automation 2.0, that is, o Data-driven o Dynamically created o Simplified
  • 7. 3 Generations of Network Visibility o Generation 1: » Discover the Network with SNMP » Generate Asset and Inventory Reports Discovery Inventory
  • 8. 3 Generations of Network Visibility Discovery Inventory Static mapo Generation 2: » Added Static Map generation
  • 9. 3 Generations of Network Visibility o Generation 3: » Network model based (configuration, SNMP, NETFLOW, network tables, etc) » Real-time, up-to-date, adaptive, dynamic solution Discovery Comprehensive Data Model Dynamic, Data Driven map
  • 10. Network Visibility & Management Today • NetOps • CyberOps • CPTs • NOC • IA/ISSM • Architecture • Design • IDS • IPS • Firewall • NetFlow Data • SIEM • Big Data Analytics
  • 11. Download Executable Intelligence Run Adaptive Network Automation Adaptive Network Automation Framework Comprehensive Data Model • Topology • Design • History Define Automation Task via Dynamic Map • NetOps • CyberOps • CPTs • NOC • IA/ISSM • Architecture • Design • IDS • IPS • Firewall • NetFlow Data • SIEM • Big Data Analytics
  • 12. Applying Adaptive Network Automation Before, during, and after a cyber event
  • 13. Map as the Single Pane of Glass » Automated Analysis – Fully Customizable » Execute manual tasks in seconds » Initiated by operators or automatically from integrated systems like IDS/IPS, Trouble Tickets, SIEM or CMDB.
  • 14. Before – Discovery & Asset Identification o Deep Network discovery » Accurate, Fast o Inventory Report » Derived from comprehensive data model o Dynamic network documentation, updated daily and on demand » Supports ATO development, CCRI preparation and supports operations
  • 15. o Automated Compliance validation & verification » NIST RMF, DISA/NSA STIGs, IAVAs, CC/S/A specific o Proactive NetOps & CyberOps » Automation technology can help CPTs, as well as on-site Network & IA staff Before – Vulnerability Assessment
  • 16. Triggered by human intervention or backend systems (IDS/IPS, Logs, CMDB, …) » Map the threat (e.g. an attack path to a server) » Run diagnosis and health analysis on the map » Identify network changes During – Threat Identification
  • 17. Apply network changes and patches with automation: » Configure policies (ACL/QoS/etc.) » Redirect traffic (honeypot) » Disable ports During – Attack Mitigation
  • 18. Apply lessons-learned from attack: o Forensics/analysis o Enhance executable intelligence o Update network data model automatically After – Strengthen Cyber Defense w/ Automation
  • 19. o Cyber Event Management – Automation can significantly reduce response time o Allows for collaboration between NetOps & CyberOps, as well as Tiered Teams. o Runbooks allow process chaining in response to Asymmetric Cyber threats. NetOps CyberOps Vendor Management Collaboration & Escalation of issues
  • 20. Summary Adaptive Network Automation Framework in support of Cyber Defense o Before » Maintain accurate, up to date documentation – ATOs, CCRI, best practice » Verify & Validate compliance – NIST RMF, STIGs, IAVAs, CC/S/A specific o During » Identify and isolate impacted data, systems & networks » Triage environments, and support rapid remediation o After » Based on new discovered threat(s), apply new configurations and update documentation » Leverage historical information for AARs and forensics
  • 21. o Founded in 2004, NetBrain is the first software provider to apply the concept of CAD automation to network management. » Awarded multiple patents in Computer Aided Network Engineering (C.A.N.E) o Customer overview » 1,300+ customers worldwide » Multiple sectors Adaptive Automation – Here and Now