Holistic Network Protection in Software Defined Networks

Holistic Network Protection in Software Defined Networks

Loading
Loading Social Plug-ins...
Language: English
Save to myLibrary Download PDF
Go to Page # Page of 30

Description: To understand how holistic network protection works via foundational concepts and examples. Attendees will learn how holistic network protectionó Goal Objectives 1. Leverages the entire network to deliver security and is comprised using a bottom-up and top-down approach.

2. Utilizes the entire network infrastructure including all network elements to assist in threat intelligence and detection. 3.

Employs cloud-based threat defenses, which includes intelligence feeds from all sources and also includes cloud-based, scalable malware detection. 4. Contains elements of a centralized, dynamic policy engine and controller that addresses all network components.

 
Author: Danielle M. Zeedick Ed.D . CISM CBC  | Visits: 281 | Page Views: 434
Domain:  Business Category: Management 
Upload Date:
Link Back:
Short URL: https://www.wesrch.com/business/pdfBU1H5H000YOQW
Loading
Loading...



px *        px *

* Default width and height in pixels. Change it to your required dimensions.

 
Contents:
HOLISTIC NETWORK PROTECTION:
INNOVATIONS IN SOFTWARE
DEFINED NETWORKS
Danielle M. Zeedick, Ed.D., CISM, CBCP | Juniper Networks
August 2016

Today’s Objectives
Goal
Objectives

To understand how holistic network protection works
via foundational concepts and examples.
Attendees will learn how holistic network protection—
1. Leverages the entire network to deliver security and is
comprised using a bottom-up and top-down approach.
2. Utilizes the entire network infrastructure including all network
elements to assist in threat intelligence and detection.
3. Employs cloud-based threat defenses, which includes
intelligence feeds from all sources and also includes
cloud-based, scalable malware detection.
4. Contains elements of a centralized, dynamic policy engine
and controller that addresses all network components.

THREAT TREND
LANDSCAPE

Threats from Everywhere:
Our Adversaries and Techniques
Stopping outside and inside threats needs a
new norm: A zero-trust security posture.
Increasing sophistication with low cost equipment
Increasing variability –
mobile devices, simple code
Insider threat: planted or human

Capturing data in transit: exfiltration of
data-in-motion not just data-at-rest

What Leaders Need to Know
Some ideas . . .
• Security breaches are “when” not “if” events
• Cloud economics can decrease costs
• Cloud and cybersecurity must use a riskmanagement focused cybersecurity
framework and maturity model
• Perimeter hardening is no longer enough
• Data-at-rest and data-in-motion need
in-line and end-to-end encryption
• Practice resilience scenarios
(red/blue team exercises)

What Leaders Need to Know
More ideas . . .





How do we ensure personnel training on security
awareness from password strength to physical
security to data movement?
How are anomalous signatures detected and
stopped?
“The Defender’s Dilemma” (RAND research report)
• Survey of CISOs
• Efficacy of Security Systems (countermeasures, attackers,
defenders)
• Improving software
• Heuristic Cybersecurity model
• Lesson for Organizations and Public Policy
• http://www.rand.org/pubs/research_reports/RR1024.html

TODAY’S APPROACH
TO CND

Security Trends Today
Computer Network Defense (CND)
landscape has changed.
Multiple types of nodes within the architecture =
highly fluid, dynamic, and unpredictable threats
from multiple sources
Risk management framework (RMF) including
mitigation/isolation could help
Metrics of success: total number of attacks stopped
vs reduction of risk using a risk framework
Attackers are always gaining, attempting to stay
ahead, becoming more sophisticated,

Most network security
strategies focus on
security at the perimeter
only– outside in.
Is securing the perimeter
really enough?

Inline
Intrusion
Prevention

Unified Threat
Management

Inline
Anti-Malware

Application
Security

Data Loss
Prevention

Current look at the enterprise
perimeter security model
• Security layered on top of network
(hard shell)
• Trust model: trust what’s inside the network;
trust that it is secure;
• Visibility to the outside relies mostly on
perimeter firewalls
• Constant threats require adaptability
(reactive defense); unknown signatures
could go undetected

Emerging Challenge:
The Internet of Things (IoT)
Multiple kinds of nodes besides our standard
switches, firewalls, routers, servers, clients, etc.
AFCEA IoT Summit: Battlefield IoT now focuses on enterprise
versus tactical with many nodes
Battlefield network includes logistics, sensor nets, vehicles,
networked munitions, robots/drones
Metrics of success: total number of attacks stopped vs
reduction of risk using a risk framework
Attackers are always gaining, attempting to stay ahead,
becoming more sophisticated,
More bandwidth needed as adversarial environment is cyber,
kinetic, and jamming RF and humans are vulnerable to
deception

A Change in Mindset
Start talking about Secure Networks,
not Network Security
Realize threats are everywhere: inside the network,
outside, and evolving from worldwide threats
Recognize perimeter security isn’t enough: use risk
management frameworks and risk mitigation policy
Engage in proactive and not reactive detection and
enforcement should be enabled anywhere and be
dynamic
Acknowledge security is everyone’s problem –
horizontal and vertical – personnel security
awareness is paramount

COMPONENTS

Characteristics of Holistic Network
Protection
• Availability


Agile, flexible, dynamic, adaptable policy

• Integrity


Separation from the current landscape



All components protected

• Security


Layered protection



Heuristic security

Holistic Network Protection
People
• Awareness (training key to
entire workforce)
• Sufficient expertise

Data
• Transmission
• Storage
• Transfer

Applications
• Customized, mission-specific
• COTS, GOTS

Infrastructure
• Virtual clients,
all components, not just
perimeter

Operating Systems

Holistic Network Protection
Includes Software Defined Network (SDN) Concepts

• SDN has been an emerging technology in the last
five years
• The basis of SDN is virtualization: software
running separately from underlying hardware
• Umbrella term encompassing several kinds of
network technology aimed at making the network
as agile and flexible in hybrid virtualized and nonvirtualized environments
• As the cloud becomes more prevalent for threat
intelligence, network adaptability is key to detect,
prevent, and counter potential threats

HIGH-LEVEL
ARCHITECTURE
EXAMPLES

Industry Examples
• Rings-Around-Things
• Software Defined Secure Networks (SDSN)
• Security Frameworks and Blueprints

AT&T’s Concept
• Perimeter security gives way to “Rings
Around Things (RAT)”
• Response to the Internet of Things (IoT)
and Bring Your Own Device (BYOD)
• One size does not fit all

• Segment and isolate intrusion and avoid
total network infiltration
Short film and full 31-minute presentation available at https://www.youtube.com/watch?v=bMVvjZxw7GE and
https://www.youtube.com/watch?annotation_id=annotation_1152569841&feature=iv&src_vid=bMVvjZxw7GE&v=gxfbpqH6NRo

Software Defined Secure Network
Operating the network as single enforcement domain, every
element becomes a policy enforcement point
Policy
Create and centrally manage intent-based policy
directly aligned to business objectives

Detection
Gather & distribute threat intelligence, from multiple
sources – know who the bad guys are faster
Leverage cloud economics for real time analysis – find
the bad guys faster

Enforcement
Enforce policy to the threat feed information, real time
across the network – adapt the network real-time

Software Defined Secure Network
Policy, Detection and Enforcement

Dynamic and Adaptive
Policy Engine

Cloud-based
Threat Defense

Detection

Adjusting the Bottom-Up and
Top-Down Approaches




Utilize any point of the network
as a point of enforcement
(inside or perimeter)



Threat
Intelligence

Leverage entire network and
ecosystem for threat intelligence,
identification, and detection

Dynamically execute policy
across all network elements

Policy

Enforcement

Your Enterprise Network

Detection
Enforcement

Where to Start – Modernize the Perimeter
Upgrade the network perimeter
for adaptability

Cloud Security
Threat Intelligence
Engine/Detection

Advanced Threat
Prevention

Virtual
Firewall

Your Enterprise Network

Next Generation Firewall is Current
Generation Firewall – simplify and
remove niche security appliances


Physical
Firewall



Utilize Cloud Economics for Instant
Intelligence that Leads to More
Effective Detection

The Right Policy for the Right Job
Software Defined Secure Network (SDSN)
Policy Engine + Controller

Different threat levels need
different policies


Entry point:
networked
light bulb

Kill
illegitimate
tunnel

Or
Example 1

Example 2

Breached lightbulb: quarantine and
create new policy for correct behavior



Compromised core switch? The right
policy for the right level of threat

Converse With Your Network
Cloud Security
Secure Threat
Intelligence

Advanced Threat
Prevention

Deploy a policy engine
that communicates with
the network



Network Elements

Security
Policy
Controller

Your Enterprise Network

Customizable UI Provides Data
Correlation



Utilize All Network Elements as Detection
& Enforcement Points



Security Policy Dissemination Mgmt/UI:
Policy, App Visibility, Threat Map, Events

Analytics Capability Based on Network
Data

Future: Intent Based Policy Engine to
Communicate Across Any Network
Element

Everything on Your Network can be
a Potential Threat Entry-point

Normal and Abnormal
Behavior
Normal operation: call home
beacons, energy utilization
Abnormal behavior recognition: bursting traffic,
abnormal high data download rate, slow data
exfiltration, entry through different access points
Is this normal? How to mitigate threat
traversing the enterprise?

IBM’s Approach: Framework &
Blueprint toward Security Maturity
• Using the IBM Security Framework / IBM Security
Blueprint to Realize Business-Driven Security

IBM Security Blueprint
Expands on the business-oriented view of the IBM Security Framework and maps the
domains to a core set of security components

How are these holistic examples?
• Rings-Around-Things
• Looking beyond the perimeter to stop threats from
infiltrating other network segments and data stores

• Software Defined Secure Networks (SD-SN)
• Disaggregates software from hardware, enabling
better agility for both security deployment and
enforcement

• Security Frameworks and Blueprints
• Combining a business-risk-focused framework
with a technical security blueprint to achieve
security maturity

CONCLUDING
THOUGHTS

Closing in on a Security Vision
From Network Security to Secure Networks
Building blocks for tomorrow’s Software Defined Secure
Networks
• Simplified Policy and Management across all
network elements
• Adaptable Security Solution based on real time
threat intelligence information
• Detection and Enforcement utilizing the entire
network to protect you
• 360-approach for holistic network protection
engaging strategies at the personnel, data,
devices, applications, and infrastructure levels.

Thank You
dzeedick @ juniper.net