This document discusses using an IDS appliance to monitor virtualized environments. It summarizes a survey of over 150 VMworld attendees which found that 98% saw visibility into VMware environments as critical, and 84.6% saw a network monitoring switch as important infrastructure for virtualization. The document recommends using virtualization vendor capabilities like VMware's vSphere Distributed Switch to monitor virtual environments with existing IDS appliances without needing third party virtual TAPs. It also discusses how a network monitoring switch can provide valuable access to both physical and virtual environments while addressing the increasing demands on packet-based security and monitoring tools.
Too soft[ware defined] networks SD-Wan vulnerability assessmentSergey Gordeychik
The software defined wide-area network is technology based on SDN approach applied to branch office connections in Enterprises. According to Gartner's predictions, more than 50% of routers will be replaced with SD-WAN Solutions by 2020.
The SD-WAN can have firewalls and other perimeter security features on board which makes them attractive targets for attackers. Vendors promise "on-the-fly agility, security" and many other benefits. But what does "security" really mean from a hand-on perspective? Most of SD-WAN solutions are distributed as Linux-based Virtual Appliances or a Cloud-centric service which can make them low-hanging fruit even for script kiddie.
This presentation will introduce practical analysis of different SD-WAN solutions from the attacker perspective. Attack surface, threat model and real-world vulnerabilities in SD-WAN solutions will be presented.
Too soft[ware defined] networks SD-Wan vulnerability assessmentSergey Gordeychik
The software defined wide-area network is technology based on SDN approach applied to branch office connections in Enterprises. According to Gartner's predictions, more than 50% of routers will be replaced with SD-WAN Solutions by 2020.
The SD-WAN can have firewalls and other perimeter security features on board which makes them attractive targets for attackers. Vendors promise "on-the-fly agility, security" and many other benefits. But what does "security" really mean from a hand-on perspective? Most of SD-WAN solutions are distributed as Linux-based Virtual Appliances or a Cloud-centric service which can make them low-hanging fruit even for script kiddie.
This presentation will introduce practical analysis of different SD-WAN solutions from the attacker perspective. Attack surface, threat model and real-world vulnerabilities in SD-WAN solutions will be presented.
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment Sergey Gordeychik
Denis Kolegov, Oleg Broslavsky, Power of Community 2018, Seoul, Korea
Today, «SD-WAN» is a very hot and attractive topic. Software-defined WAN (SD-WAN) is a technology based on software-defined network (SDN) approach applied to wide area networks (WAN) in enterprise networks. According to Gartner’s predictions study, more than 50% of routers will be replaced with SD-WAN solutions by 2020.
In this presentation, we disclose a set of vulnerabilities in widespread and most popular SD-WAN products including Citrix NetScaler and Silver Peak EdgeConnect. We present the new results of our research, consider some technical details of the insecure design and found vulnerabilities, and describe different attack scenarios that may allow an attacker to compromise SD-WAN control and data planes.
Over the last 5 years, Data Centers, your most important asset, have evolved massively. The pace of change continues to ramp with new Architectures, Virtualization, Fabrics and Clouds. How do you evolve your data centers and ensure they are secure, and prove they are secure, for compliance and audit? Using a practical and pragmatic approach, we will present and demonstrate how Cisco can help you tackle your security challenges, leveraging the intelligent network infrastructure and the broadest security portfolio in the industry (ASA5585, ASA SM, ASA 1000v, VSG and TrustSec with ISE).
The BreakingPoint FireStorm CTM™ Delivers 120 Gbps of Application and Live Attack Traffic to Harden Network and Data Center Resiliency
BreakingPoint’s Cyber Tomography Machines (CTMs) are the world’s only products capable of pinpointing previously impossible-to-detect weaknesses and vulnerabilities in networks, network
devices, and data centers before they are exploited to wreak havoc within critical network infrastructures. Leveraging all the power
and flexibility of the award-winning BreakingPoint Storm CTM, the BreakingPoint FireStorm CTM now takes performance to a new level to measure and harden the resiliency of today’s fastest and
most complex network and data center infrastructures.
Introduction to SDN and Network Programmability - BRKRST-1014 | 2017/Las VegasBruno Teixeira
Jason Davis, Distinguished Services Engineer , Cisco Software-Defined Networking (SDN) is an exciting new approach to network IT Service Management. If you are trying to understand what SDN is and want to understand more about Controllers, APIs, Overlays, OpenFlow and ACI, then this introductory session is for you! We will cover the genesis of SDN, what it is, what it is not, and Cisco's involvement in this space. You may also be wondering what products and services are SDN-enabled and how you can solve your unique business challenges by enhancing and differentiating your services by leveraging network programmability. Cisco's SDN-enabled Products and Services will be explained enabling you to consider your own implementations. Since SDN extends network flexibility and functionality which impacts Network Engineering and Operations teams, we'll also cover the IT Service Management impact. Finally, we'll explore what skills and capabilities are needed to take advantage of SDN and Network Programmability. Network engineers, network operation staff, IT Service Managers, IT personnel managers, and application/compute SMEs will benefit from this session.
Test LTE/4G networks and devices against the behavior of millions of users, calling, texting, streaming, emailing, spreading malware, and more. BreakingPoint CTM products allow you to conduct massive-scale LTE/4G testing quickly and cost-effectively.
For more information, please visit www.breakingpoint.com/lte
ActionPacked! Networks Hosts Cisco Application Visibility & Control WebinarActionPacked Networks
This ActionPacked/Cisco webinar session focuses on how the new Cisco IOS-based Application Visibility & Control offers a truly innovative service to optimize operations, maximize network investments, and extend the intelligence of the IP next-generation nework. The session covers and highlights:
Use cases on how to enable and use AVC in your network
How AVC can be leveraged for troubleshooting application issues
Use of LiveAction QoS to ensure application performance
Test 3G network performance, security, and stability at massive scale, quickly and cost-effectively against the behavior of millions of mobile users streaming video, calling, texting, spreading malware, and more.
White Paper: Six-Step Competitive Device EvaluationIxia
This paper presents a six-step methodology for conducting competitive product evaluations that provide advance insight into the performance, security, and stability of devices within production network and data center environments.
F5’s certified firewall protects against large-scale cyber attacks on public-facing websites. F5 solution delivers significantly better price and performance than traditional firewalls. ICSA Labs certifies BIG-IP Application Delivery Controllers to defend against DDoS and multilayer attacks.
Floor Population Metrics, presented by Chip Webb, CTO at Anue SystemsIxia NVS Group
Chip Webb, CTO from Anue Systems- a leader in test and measurement solutions, presented new ITU-T recommendations that relate to floor population metrics are emerging, including G.8260, G.8261.1 and G.8263. Network limits as well as slave tolerance limits are presented.
At the Workshop on Synchronization in Telecommunications Systems (WSTS in Broomfield, Colorado) was a call for improved testing standards, new models for supporting today’s network timing devices and new methods for reducing network errors, in a series of presentations
Network and wireless providers are under intense pressure to meet the demands for reliable information access with increased network bandwidth. This increasing demand requires network providers to ensure the accuracy of packet information shared across the network. Network “noise”, increased traffic and other factors can affect the ability of the network to accurately track data, resulting in a number of issues, such as lost or missing information or dropped calls on wireless networks.
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment Sergey Gordeychik
Denis Kolegov, Oleg Broslavsky, Power of Community 2018, Seoul, Korea
Today, «SD-WAN» is a very hot and attractive topic. Software-defined WAN (SD-WAN) is a technology based on software-defined network (SDN) approach applied to wide area networks (WAN) in enterprise networks. According to Gartner’s predictions study, more than 50% of routers will be replaced with SD-WAN solutions by 2020.
In this presentation, we disclose a set of vulnerabilities in widespread and most popular SD-WAN products including Citrix NetScaler and Silver Peak EdgeConnect. We present the new results of our research, consider some technical details of the insecure design and found vulnerabilities, and describe different attack scenarios that may allow an attacker to compromise SD-WAN control and data planes.
Over the last 5 years, Data Centers, your most important asset, have evolved massively. The pace of change continues to ramp with new Architectures, Virtualization, Fabrics and Clouds. How do you evolve your data centers and ensure they are secure, and prove they are secure, for compliance and audit? Using a practical and pragmatic approach, we will present and demonstrate how Cisco can help you tackle your security challenges, leveraging the intelligent network infrastructure and the broadest security portfolio in the industry (ASA5585, ASA SM, ASA 1000v, VSG and TrustSec with ISE).
The BreakingPoint FireStorm CTM™ Delivers 120 Gbps of Application and Live Attack Traffic to Harden Network and Data Center Resiliency
BreakingPoint’s Cyber Tomography Machines (CTMs) are the world’s only products capable of pinpointing previously impossible-to-detect weaknesses and vulnerabilities in networks, network
devices, and data centers before they are exploited to wreak havoc within critical network infrastructures. Leveraging all the power
and flexibility of the award-winning BreakingPoint Storm CTM, the BreakingPoint FireStorm CTM now takes performance to a new level to measure and harden the resiliency of today’s fastest and
most complex network and data center infrastructures.
Introduction to SDN and Network Programmability - BRKRST-1014 | 2017/Las VegasBruno Teixeira
Jason Davis, Distinguished Services Engineer , Cisco Software-Defined Networking (SDN) is an exciting new approach to network IT Service Management. If you are trying to understand what SDN is and want to understand more about Controllers, APIs, Overlays, OpenFlow and ACI, then this introductory session is for you! We will cover the genesis of SDN, what it is, what it is not, and Cisco's involvement in this space. You may also be wondering what products and services are SDN-enabled and how you can solve your unique business challenges by enhancing and differentiating your services by leveraging network programmability. Cisco's SDN-enabled Products and Services will be explained enabling you to consider your own implementations. Since SDN extends network flexibility and functionality which impacts Network Engineering and Operations teams, we'll also cover the IT Service Management impact. Finally, we'll explore what skills and capabilities are needed to take advantage of SDN and Network Programmability. Network engineers, network operation staff, IT Service Managers, IT personnel managers, and application/compute SMEs will benefit from this session.
Test LTE/4G networks and devices against the behavior of millions of users, calling, texting, streaming, emailing, spreading malware, and more. BreakingPoint CTM products allow you to conduct massive-scale LTE/4G testing quickly and cost-effectively.
For more information, please visit www.breakingpoint.com/lte
ActionPacked! Networks Hosts Cisco Application Visibility & Control WebinarActionPacked Networks
This ActionPacked/Cisco webinar session focuses on how the new Cisco IOS-based Application Visibility & Control offers a truly innovative service to optimize operations, maximize network investments, and extend the intelligence of the IP next-generation nework. The session covers and highlights:
Use cases on how to enable and use AVC in your network
How AVC can be leveraged for troubleshooting application issues
Use of LiveAction QoS to ensure application performance
Test 3G network performance, security, and stability at massive scale, quickly and cost-effectively against the behavior of millions of mobile users streaming video, calling, texting, spreading malware, and more.
White Paper: Six-Step Competitive Device EvaluationIxia
This paper presents a six-step methodology for conducting competitive product evaluations that provide advance insight into the performance, security, and stability of devices within production network and data center environments.
F5’s certified firewall protects against large-scale cyber attacks on public-facing websites. F5 solution delivers significantly better price and performance than traditional firewalls. ICSA Labs certifies BIG-IP Application Delivery Controllers to defend against DDoS and multilayer attacks.
Floor Population Metrics, presented by Chip Webb, CTO at Anue SystemsIxia NVS Group
Chip Webb, CTO from Anue Systems- a leader in test and measurement solutions, presented new ITU-T recommendations that relate to floor population metrics are emerging, including G.8260, G.8261.1 and G.8263. Network limits as well as slave tolerance limits are presented.
At the Workshop on Synchronization in Telecommunications Systems (WSTS in Broomfield, Colorado) was a call for improved testing standards, new models for supporting today’s network timing devices and new methods for reducing network errors, in a series of presentations
Network and wireless providers are under intense pressure to meet the demands for reliable information access with increased network bandwidth. This increasing demand requires network providers to ensure the accuracy of packet information shared across the network. Network “noise”, increased traffic and other factors can affect the ability of the network to accurately track data, resulting in a number of issues, such as lost or missing information or dropped calls on wireless networks.
When a global Telecommunications firm's comprehensive virtualization strategy required visibility into thousands of virtual servers spread across 5 U.S. data centers, they turned to Net Optics and its Phantom solutions.The Telco faced the challenge of supporting numerous VoIP call centers for compliance, security and call quality. This virtualized architecture encompasses more than 150 VMware ESX servers and 1600+ virtual servers. The Telco chose Net Optics Phantom™ HD, working in conjunction with the Net Optics Phantom Virtual Tap, to fulfill this complex demand. Only the Phantom solution delivers the necessary robustness to process extremely high data bandwidths.
In this webinar from Net Optics you will learn:
Presented by Net Optics' Senior Solutions Engineer, David Pham, this webinar will walk through a specific deployment scenario of Net Optics' innovative Phantom Virtual Tap and the recently introduced Phantom HD High-Throughput Tunneling Appliance
Advantages of gaining visibility into your virtualized network infrastructure
How to eliminate visibility challenges in the virtual network
Financial benefits of traffic monitoring and inspection
Watch the replay: http://cs.co/9001DxsKP
Are you getting unrivaled simplicity, end-to-end visibility, hardware reliability, and consistent policies from your WAN? You can get all of these things when you combine SD-WAN software with Cisco IOS XE routing platforms.
Experts from Cisco’s enterprise routing team will be on hand to show you what intent-based networking and software-defined simplicity in the WAN can bring. Powerful new capabilities are possible with a simple software image change.
Resources:
Watch the related TechWiseTV episode: http://cs.co/9003DvZHt
TechWiseTV: http://cs.co/9009DzrjN
At this year's FOSE 2011 conference, Government Computer News (GCN) awarded Phantom Virtual Tap the Best of FOSE / Best Networking Product for Government award. The Tap delivers unprecedented total visibility into formerly murky traffic passing between VMs on hypervisor stacks. With its ability to tap traffic between virtual servers (VMs) on a physical server, the Phantom Virtual Tap heralds a new era of network compliance, management, and security for virtualized data centers.
Presented by Net Optics' Senior Solutions Engineer, David Pham, this webinar will briefly introduce you to the Phantom Virtual Tap as well as provide insight into some of the security and compliance challenges created by data center virtualiztion. Additionally:
Advantages of gaining visibility into your virtualized network infrastructure
How to eliminate visibility challenges in the virtual network
Provide attendees the opportunity to learn more about this new technology
Software-Based Networking & Security for the CloudMatt Wolpin
As the old appliance model in network infrastructures of datacenters and clouds is being replaced by software and virtual machines, next-generation network security is paving the way for secure migration into the cloud. While one of the key benefits of the cloud is network access from any location, this brings to light critical issues including access restrictions and, more importantly, who controls it. Can providers support VPNs or dedicated connections in the IaaS cloud? This session will cover secure cloud migrations and detail the benefits of the customer-controlled virtual firewall, VPN and IPS in the IaaS cloud.
Data Access Network for Monitoring and TroubleshootingGrant Swanson
The Data Access Network is a critical network infrastructure element for network monitoring and troubleshooting. Gigamon, the leading provider of intelligent data access solutions, ensures network integrity including performance, security and compliance by enabling your monitoring tools to operate at maximum efficiency.
Software-Defined Networking SDN - A Brief IntroductionJason TC HOU (侯宗成)
Internet Research Lab at NTU, Taiwan.
Software-Defined Networking overview and framework introduction. (ppt slide for download.) Comparing server virtualization and network virtualization, take Onix controller as an example. A quick view to LightRadio from Alcetel-Lucent.
vfirewall or virtual firewallFramework is a reusable high performance DPDK optimized security solution developed to run on Intel x86 based platforms that can be used by Network Equipment Manufacturers (NEMs) to develop customized Virtual CPE (vCPE), Firewall or IDS/IPS solutions for network operators.
How to Quickly Implement a Secure Cloud for Government and Military | WebinarPLUMgrid
In this webinar see how Awnix meets your needs with its Secure Private Cloud products and services through a live demo and technical deep dive of common use cases.
Don't Let History Repeat Itself – Network Monitoring and Reporting with Watch...Savvius, Inc
Watch the full OnDemand Webcast: http://bit.ly/networkmonitoringandreporting
History repeating itself is often a bad thing. But how about on your network? When your network is running smoothly you want history to repeat itself, but when problems occur you want to know when, where and why they occurred and prevent them from repeating themselves. The theme here is history, and if you can’t adequately display, analyze and report on your network’s history, you'll never know if you’re repeating it – good or bad.
WatchPoint from WildPackets records your network history, minute by minute, from multiple sources, including SNMP, NetFlow, sFlow and WildPackets network analysis probes. Data from these varied sources are aggregated into a single reporting solution, for months or even years, providing both up-to-the-minute and long-term historical reporting and analysis of network events. When used with WildPackets network analysis and recording probes, including TimeLine, additional network details like Expert analysis and VoIP performance are also recorded for both up-to-the-minute and long-term historical reporting. With WatchPoint, you'll understand when history should be repeated, and when it should be avoided!
In this webcast, we will cover:
Key technologies used in long-term network reporting
The limitations of single technology approaches
The value of long-term historical reporting and analysis
What you will learn:
Determining long-term trends using WatchPoint
Troubleshooting ongoing issues with WatchPoint
Generating detailed, scheduled reports
Linking directly from high-level reporting to detailed packet analysis
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
2. VMworld Survey Results
98% thought visibility into VMware environments is critical to their success.
Moving forward, 82.4% of respondents plan on using a mix of physical
and virtual monitoring tools
A whopping 32.4% already using vSphere Distributed Switch. Only 9.4%
never plan to use it, and only 23.6% were unfamiliar with it.
Only 13.5% would use a third party vTAP (when asked if they would use a
virtual TAP from a third party versus the capabilities provided by VMware
and Cisco to acquire information from a virtual environment for analysis with
physical tools like IDS).
84.6% saw a network monitoring switch as a critical infrastructure
component for virtualization.
2
* Survey of over 150 people at Ixia booth at VMworld 2012
3. Best Practices
With virtualization vendor
capabilities, you can monitor
virtualized environment with
existing IDS appliance
• No need for vTAP
• “Sanctioned” visibility = cooperation
from virtualization team
Network monitoring switch can be
valuable part of security architecture
• IDS isn’t the only tool vying for access
• You have both physical & virtual to
worry about
3
4. How Security Tools get Physical Network Data
Network TAPs
• Device on network that
passes a copy of every
packet to tool
• Typical use: between Firewall
& internal network
SPAN or Mirror ports
• Cisco term: Switched Port
Analyzer
• Way to access data by
mirroring packets in/out of
port to tool
4
5. Increased Demand for Packet-Based Monitoring Tools
EMA Research: Not Just IDS Vying for Visibility
Demand
Troubleshooting / Packet Analyzers (e.g. 67%
packet “sniffers” or other analyzers) 61%
Intrusion Detection / Prevention 56%
57%
Data Loss Prevention* 56%
Application Performance Monitor 42%
42%
Data Recorder 42%
24%
Compliance 42%
26%
VoIP / Unified Communications / Video 40%
analyzers 29%
0% 20% 40% 60% 80%
Feb 2012 Dec 2009
Source: EMA, Sample Size = 91, 139
6. Network Security Monitoring Problems
No visibility into virtualized environments
Too many network segments & not
enough visibility
I can’t assess problems fast enough
Incidents happen off hours (or when
I’m trying to sleep!)
Change Board required for any required monitoring changes!
I’m stuck trying to monitor a 10 / 40G network with 1 / 10G
tools! Tools are lagging!
Lousy duplicate packets
7. Your Network BEFORE Network Monitoring Switch
COMPLIANCE MANAGEMENT TOOL
NETWORK ANALYZER Limited Visibility
Crash Cart Technology
IDS
Minimal IT Data Security
IPS
Underutilized
NETWORK DATA RECORDER
Overloaded
8. Your Network AFTER Network Monitoring Switch
COMPLIANCE MANAGEMENT TOOL
IDS
IPS
NETWORK DATA RECORDER
NETWORK ANALYZER
9. Recommendations
VMware and other vendors
VM-to-VM visibility best provided by those with
existing infrastructure
• VMware trusted server resource
• Cisco trusted networking resource
• Both well known to server and network admins
Network Monitoring Switch provides advanced
functionality…
• Line-rate Packet De-duplication
De-dup redundant packets created by VDS, 1000v or vTAP
• Traditional packet shaping and conditioning
• Traditional intelligent routing capabilities
Virtualization Vendor Recommended Approach
VMware VMware vSphere Distributed Switch (VDS)
Citrix Open vSwitch with port mirroring, which is integrated with XenServer*
Microsoft NI vTAP. Hyper-V R2 SP1 has no port mirroring
Red Hat NI vTAP. Enterprise Virtualization 2.2 (KVM) has no port mirroring
Networking Vendor Recommended Approach
Cisco Cisco Nexus 1000V Series Switches (VMware only) or Recommended Approach for Virtualization
Vendor
IBM IBM Dist. Virtual Switch 5000V (VMware only) or Recommended Approach for Virtualization Vendor
Extreme Networks Use Recommended Approach for Virtualization Vendor
HP Use Recommended Approach for Virtualization Vendor
Juniper Use Recommended Approach for Virtualization Vendor
Brocade Use Recommended Approach for Virtualization Vendor
Dell Use Recommended Approach for Virtualization Vendor
10. Vsphere 5.x VDS enhancments
VMworld 2011, VMware announced
enhancements to the vSphere Distributed
Switch – Port Mirroring = capability to send
copy of network packets to monitoring tool
• Overcomes limitation of promiscuous mode
Granular control on which traffic monitored
• Ingress Source
• Egress Source
• Helps troubleshooting by providing visibility:
Inter VM traffic
Intra VM traffic
10
20. Port mirroring on VDS Creates Duplicate Packets –
BEFORE
VM1 VMn
vNIC1 vNICn
VDS
pNIC
VM to Network
VM to VM
Tool Tool gets dup of VM to VM traffic
Inter-VM Broadcast would create many copies!
20
21. Port mirroring on VDS Creates Duplicate Packets –
AFTER
VM1 VMn
vNIC1 vNICn
vSwitch
pNIC
VM to Network
VM to VM
Tool gets correct VM to VM traffic
Tool
21
22. Bridging the Gap
Motivated by increasing visibility needs
Trustwave
IDS / IPS StillSecure
Counter Snipe
Network
Monitoring SIEM LogRhythm
Switch
Production
McAfee BlueCoat
Network
DLP EMC-RSA Intrusion Inc.
WebSense Trustwave
Cisco
Juniper Compuware
APM Endace
Dell
HP Corvil
Exfo
Brocade NW Analyzers Wireshark
LogRhythm
SS8
NW Forensics Netwitness
Niksun
Imperva
Web Security Fortinet
McAfee
22
Automation integration with NMS/SIEM providers (Tivoli, CA, HP ArcSight)
23. Network Monitoring Switch
Intelligent Traffic Distribution
IT Needs
Physical Problem: Limited number of VDS, SPANs &
TAPs & many tools needing data
Adaptive
Response
Increasing Customer Needs
Benefits
Control access to network ports, tool ports & filters
Tools receive data from multiple network access points
Packet
Conditioning Monitor 10 / 40G network with 1 /10G tools
Features
Packet aggregation for SPAN/TAP shortage
Intelligent
Packet routing to the appropriate tools
Traffic
Distribution
23
24. Network Monitoring Switch
Packet Conditioning
IT Needs
Problem: Sensitive data, protocols my tools
Adaptive can’t understand, duplicate packets caused by
Response VDS, SPANs & TAPs
Increasing Customer Needs
Benefits
Process packets with filtering & load balancing
Packet Improved incident response
Conditioning Maximized monitoring tool use - exactly right data to
right tool
Removal of sensitive data / header
Features
Intelligent
Filtering, stripping, slicing
Traffic
Distribution De-Duplication of replicated packets
Load balancing across multiple tools
Buffering bursty traffic to tools
24
25. Network Monitoring Switch
Adaptive Response
IT Needs
Problem: Need to troubleshoot network
Adaptive problems without manual intervention
Response
Increasing Customer Needs
Benefits
Dynamically update configuration without Change
Packet Board approval & manual intervention. Improved &
Conditioning simplified troubleshooting.
Features
Proactive monitoring (changes, bandwidth, events &
Intelligent threats)
Traffic Adaptive incident response proactively adjusts packet
Distribution delivery to tools as needed
25
26. Granular Access Control
Can configure to have users or groups can
have access to:
• Network Ports
• Monitoring and Analysis Tools
• Dynamic Filters
TACACS+, RADIUS
26
27. Enterprise Reference Architectures
VMware
Branch offices
Branch1
Tool1
Branch2
TAP NTO Tool2
Tooln
Branch3
Nexus ToR Multiple datacenters
5K
Tool1 Tool1 Tool1
NTO NTO
TAP NTO Tool2 Tool2 Tool2
Tooln Tooln NTO Tooln
Nexus 2K
20G link – aggregated
Rack NTO
Server 1 Tool1
Server 2
Tool1 NTO NTO Tool2
Server 3 Tool2 27Tooln
Tooln
Ingress Source is traffic going out of VM toward VDS. Traffic seeks ingress to VDS, hense source is called Ingress. Traffic received by VM is Egress Source
Admin can chhose a VLAN to encapsulate mirrored packets by selecting Encapulations VLAN box.
Depending on traffic to be monitored, choose Ingress, Egress or Ingress/Egress. Then specify the port ID of that particular source VM. To get the port ID number of a VM, Switch to Home>Inventor>Networking view. Select vDS and choose Ports tab. Scroll down to see virtual machines and associated port ID.
One configuration both normal traffic and mirror traffic flow through same physical uplink. When network admins are concerned about impact of mirror traffic on normal traffic, they can choose a separate uplink port to send mirror traffic. Traffic destination can be any VM, Vmknic or uplink port.