Embed Size (px)
Citation preview
HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS Danielle M. Zeedick, Ed.D., CISM, CBCP | Juniper Networks August 2016
Today’s Objectives To understand how holistic network protection works
via foundational concepts and examples.
Attendees will learn how holistic network protection—
Goal
Objectives
1. Leverages the entire network to deliver security and is comprised using a bottom-up and top-down approach.
2. Utilizes the entire network infrastructure including all network elements to assist in threat intelligence and detection.
3. Employs cloud-based threat defenses, which includes intelligence feeds from all sources and also includes cloud-based, scalable malware detection.
4. Contains elements of a centralized, dynamic policy engine and controller that addresses all network components.
THREAT TREND LANDSCAPE
Stopping outside and inside threats needs a new norm: A zero-trust security posture.
Threats from Everywhere: Our Adversaries and Techniques
Increasing sophistication with low cost equipment
Insider threat: planted or human
Capturing data in transit: exfiltration of data-in-motion not just data-at-rest
Increasing variability – mobile devices, simple code
• Security breaches are “when” not “if” events • Cloud economics can decrease costs • Cloud and cybersecurity must use a risk-
management focused cybersecurity framework and maturity model
• Perimeter hardening is no longer enough • Data-at-rest and data-in-motion need
in-line and end-to-end encryption • Practice resilience scenarios
(red/blue team exercises)
Some ideas . . .
What Leaders Need to Know
• How do we ensure personnel training on security awareness from password strength to physical security to data movement?
• How are anomalous signatures detected and stopped?
• “The Defender’s Dilemma” (RAND research report) • Survey of CISOs • Efficacy of Security Systems (countermeasures, attackers,
defenders) • Improving software • Heuristic Cybersecurity model • Lesson for Organizations and Public Policy • http://www.rand.org/pubs/research_reports/RR1024.html
More ideas . . .
What Leaders Need to Know
TODAY’S APPROACH TO CND
Attackers are always gaining, attempting to stay ahead, becoming more sophisticated,
Computer Network Defense (CND) landscape has changed.
Security Trends Today
Multiple types of nodes within the architecture = highly fluid, dynamic, and unpredictable threats from multiple sources
Risk management framework (RMF) including mitigation/isolation could help
Metrics of success: total number of attacks stopped vs reduction of risk using a risk framework
• Security layered on top of network (hard shell)
• Trust model: trust what’s inside the network; trust that it is secure;
• Visibility to the outside relies mostly on perimeter firewalls
• Constant threats require adaptability (reactive defense); unknown signatures could go undetected
Current look at the enterprise perimeter security model
Application Security
Inline Anti-Malware
Inline Intrusion
Prevention
Unified Threat Management
Data Loss Prevention
Most network security strategies focus on security at the perimeter only– outside in. Is securing the perimeter really enough?
Multiple kinds of nodes besides our standard switches, firewalls, routers, servers, clients, etc.
Emerging Challenge: The Internet of Things (IoT)
AFCEA IoT Summit: Battlefield IoT now focuses on enterprise versus tactical with many nodes
Battlefield network includes logistics, sensor nets, vehicles, networked munitions, robots/drones
Metrics of success: total number of attacks stopped vs reduction of risk using a risk framework
Attackers are always gaining, attempting to stay ahead, becoming more sophisticated,
More bandwidth needed as adversarial environment is cyber, kinetic, and jamming RF and humans are vulnerable to deception
A Change in Mindset Start talking about Secure Networks, not Network Security
Realize threats are everywhere: inside the network, outside, and evolving from worldwide threats
Recognize perimeter security isn’t enough: use risk management frameworks and risk mitigation policy
Engage in proactive and not reactive detection and enforcement should be enabled anywhere and be dynamic
Acknowledge security is everyone’s problem – horizontal and vertical – personnel security awareness is paramount
COMPONENTS
• Availability • Agile, flexible, dynamic, adaptable policy
• Integrity • Separation from the current landscape
• All components protected
• Security • Layered protection
• Heuristic security
Characteristics of Holistic Network Protection
Holistic Network Protection
• Customized, mission-specific • COTS, GOTS
People Applications
Infrastructure Data
Operating Systems
• Awareness (training key to entire workforce)
• Sufficient expertise
• Virtual clients, all components, not just perimeter
• Transmission • Storage • Transfer
• SDN has been an emerging technology in the last five years
• The basis of SDN is virtualization: software running separately from underlying hardware
• Umbrella term encompassing several kinds of network technology aimed at making the network as agile and flexible in hybrid virtualized and non-virtualized environments
• As the cloud becomes more prevalent for threat intelligence, network adaptability is key to detect, prevent, and counter potential threats
Holistic Network Protection Includes Software Defined Network (SDN) Concepts
HIGH-LEVEL ARCHITECTURE EXAMPLES
• Rings-Around-Things • Software Defined Secure Networks (SDSN) • Security Frameworks and Blueprints
Industry Examples
• Perimeter security gives way to “Rings Around Things (RAT)”
• Response to the Internet of Things (IoT) and Bring Your Own Device (BYOD) • One size does not fit all
• Segment and isolate intrusion and avoid total network infiltration
Short film and full 31-minute presentation available at https://www.youtube.com/watch?v=bMVvjZxw7GE and https://www.youtube.com/watch?annotation_id=annotation_1152569841&feature=iv&src_vid=bMVvjZxw7GE&v=gxfbpqH6NRo
AT&T’s Concept
Operating the network as single enforcement domain, every element becomes a policy enforcement point
Software Defined Secure Network
Detection
Policy
Enforcement
Create and centrally manage intent-based policy directly aligned to business objectives
Gather & distribute threat intelligence, from multiple sources – know who the bad guys are faster
Leverage cloud economics for real time analysis – find the bad guys faster
Enforce policy to the threat feed information, real time across the network – adapt the network real-time
Software Defined Secure Network
Adjusting the Bottom-Up and Top-Down Approaches • Leverage entire network and
ecosystem for threat intelligence, identification, and detection
• Utilize any point of the network as a point of enforcement (inside or perimeter)
• Dynamically execute policy across all network elements
Policy, Detection and Enforcement
Your Enterprise Network
Cloud-based Threat Defense
Enforcement
Detection
Enforcement
Detection
Dynamic and Adaptive Policy Engine
Policy Threat Intelligence
Where to Start – Modernize the Perimeter
Upgrade the network perimeter for adaptability
• Next Generation Firewall is Current Generation Firewall – simplify and remove niche security appliances
• Utilize Cloud Economics for Instant Intelligence that Leads to More Effective Detection
Your Enterprise Network
Cloud Security
Advanced Threat Prevention
Threat Intelligence Engine/Detection
Physical Firewall
Virtual Firewall
The Right Policy for the Right Job
Different threat levels need different policies
• Breached lightbulb: quarantine and create new policy for correct behavior
• Compromised core switch? The right policy for the right level of threat
Or
Entry point: networked light bulb
Kill illegitimate
tunnel
Example 1 Example 2
Software Defined Secure Network (SDSN) Policy Engine + Controller
Converse With Your Network
Deploy a policy engine that communicates with the network • Analytics Capability Based on Network
Data
• Customizable UI Provides Data Correlation
• Utilize All Network Elements as Detection & Enforcement Points
• Future: Intent Based Policy Engine to Communicate Across Any Network Element
Your Enterprise Network
Cloud Security
Advanced Threat Prevention
Secure Threat Intelligence
Security Policy Dissemination Mgmt/UI: Policy, App Visibility, Threat Map, Events
Security Policy Controller
Network Elements
Everything on Your Network can be a Potential Threat Entry-point
Normal and Abnormal Behavior
Normal operation: call home beacons, energy utilization
Is this normal? How to mitigate threat traversing the enterprise?
Abnormal behavior recognition: bursting traffic, abnormal high data download rate, slow data exfiltration, entry through different access points
• Using the IBM Security Framework / IBM Security Blueprint to Realize Business-Driven Security
IBM’s Approach: Framework & Blueprint toward Security Maturity
IBM Security Blueprint Expands on the business-oriented view of the IBM Security Framework and maps the domains to a core set of security components
• Rings-Around-Things • Looking beyond the perimeter to stop threats from
infiltrating other network segments and data stores
• Software Defined Secure Networks (SD-SN) • Disaggregates software from hardware, enabling
better agility for both security deployment and enforcement
• Security Frameworks and Blueprints • Combining a business-risk-focused framework
with a technical security blueprint to achieve security maturity
How are these holistic examples?
CONCLUDING THOUGHTS
Closing in on a Security Vision
• Simplified Policy and Management across all network elements
• Adaptable Security Solution based on real time threat intelligence information
• Detection and Enforcement utilizing the entire network to protect you
• 360-approach for holistic network protection engaging strategies at the personnel, data, devices, applications, and infrastructure levels.
From Network Security to Secure Networks Building blocks for tomorrow’s Software Defined Secure
Networks
Thank You
dzeedick @ juniper.net
