The document discusses implementing ITIL practices using network discovery solutions. It summarizes that nine out of ten data breaches involve "unknown unknowns" like unknown systems, data, network connections, or privileges. It promotes using the Lumeta IPsonar network discovery tool to map network infrastructure, identify leaks, and gain situational awareness to help prevent data breaches by discovering these unknowns. IPsonar automation can also help with IT asset management, compliance, and driving ITIL process improvements.
1. Implementing ITIL v3 Practices with David Lennon Sr. Systems Engineer Lumeta Corporation [email_address] Constantine Malaxos Director, Bus. Dev. Lumeta Corporation [email_address] Lumeta Chris Johnson, President Open Access Systems [email_address] 973-838-5525
7. From Where You Stand, Can you Really See the Network Boundaries?
8.
9.
10.
11. Gathering Network Data for Action Actionable Network Discovery Data Pinpoint Unauthorized Connectivity Between Discovered Networks Discover Known and Unknown Networks Identify the Network Perimeter Discover Complete Connected IP Address Space and Accompanying Hosts Identify Attributes of Network Devices and Discovered Hosts Network Discovery Host Discovery Leak Discovery Device Fingerprinting OpenAPI Lumeta Network Index Interactive, Searchable Network Maps In-depth Reporting
12.
13.
14.
15. Enables Faster Time-to-Value for IT in Mergers, Acquisitions, Divestitures Unknown / Unmanaged Network Segments Leak to Internet Known / Managed Network Undocumented Partner Connections
16.
17.
18.
19.
20.
21. THANK YOU David Lennon Sr. Systems Engineer Lumeta Corporation [email_address] Constantine Malaxos Director, Bus. Dev. Lumeta Corporation [email_address] Chris Johnson President Open Access Systems [email_address] 973-838-5525
Notas del editor
Welcome to everyone. This is Chris Johnson from Open Access Systems Corporation. We are an IT Solutions Provider headquartered in Northern New Jersey since 1993 and are partners with Lumeta to bring Network Assurance and Risk Assessment solutions to our clients. Today we will highlight some of the features of Lumeta’s IPsonar and they how benefit ITIL v3 processes, enabling your organization to effectively secure and align IT to meet the goals and objectives of the business. ITIL v3 of course is a set of 5 Core Practices known as the IT Information Library maintained by the British government and used worldwide. Brief Lumeta History: In 1998, Bell Labs scientists developed the first generation of the IPsonar solution. The goal was to determine the boundaries and contents of the Internet itself - a successful effort now known as the Internet Mapping Project. The results are celebrated in the Guinness Book of World Records because of their massive scale. Lumeta spun off from Bell Labs in 2000 to help corporate and government enterprises achieve global network visibility. This legacy of innovation continues today. Lumeta solutions have been awarded repeatedly for advances in network assurance, as have members of their executive team - each of whom is a veteran of the network management and network security markets. During the presentation you can type in any questions or comments in the window at the lower right of your screen. We’ll try to address them while presenting and will directly answer them during the question and answer period at the end. Of course you can contact any of us to arrange an on-site meeting. We should be done in 45 minutes. 1 minute 45 seconds
Here’s a simplified slide of the ITIL Life Cycles of what a mature IT organization “should do”, but not “how” to do it. The first 4 Life Cycles are shown as vertical stacks of processes and functions that have input and output relationships with other processes. The 5 th CSI is represented horizontally on the bottom. The arrow in the upper left remind us that the business owners, CEO’s and CFO’s want their IT investment to be aligned to meet the goals and objectives of the business. The business owners also define the policies and what regulations and what compliance is required. With this information the CIO and CTO will know what they “should” do. IT is organized with this framework that goes through the Life Cycles and the accompanying processes. Not all IT organizations adopt all these principals and often select those sub-processes applicable to their situations. Today we’re talking about Network Discovery and it’s value within this framework. With ITIL the CEO and CFO’s want IT to be aligned with the goals and objectives of the business. Service Strategy reviews the market, financial resources, and what overall services IT will provide. The Service Design cycle includes the processes of how to manage and assure a secure and available IT system that meets Service and Operational levels. Here is where roles are defined – who is responsible, accountable and which process owners need to be consulted or simply kept informed of different activities. It may not be too much of a surprise that the IT Information Security Management owner is Accountable to design and maintain the computer systems and networks used. Service Transition is the cycle where specifications are transformed into hardware and software to be used. The system goes through testing to assure service will be delivered and how the service will be managed in line with other process. A release package is created and transitioned into operations. Service Operations is the day to day running of the systems and front end to all users of IT. Help desk, problem and incident management, and access management are some of the main tasks facing Operations responsible to deliver the highest quality of IT services possible and to create value for the business. The Continual Service Improvement Life Cycle monitors key performance indicators and manages the CSI tasks that takes place within every process in all life cycles. Moving from a known state to an improved state requires a consistent set of reports. Let’s look at the Information Security Management Process in the Service Design Life Cycle shown here in the second vertical stack. (3 minutes 0 seconds)
There are 5 Main Activities for the Information Security Process in ITIL v3. They’re based on inputs from Customers, SLA’s and OLA’s, Regulatory Requirements and the Business’ Security Policy. This diagram is a high level representation and was taken from the ITIL v3 wiki for Security Management – I’ve simplified the by original eliminating all the sub-process you would see if you went to the current wiki. The CONTROL process, at the center, establishes the framework and allocates responsibilities. This management process is responsible to insure monitoring and reporting for all IT Information Security activities. In order to Plan, Maintain, Implement and accurately Evaluate security you need to have exact information of what devices and network routes exist in the infrastructure and you need to know that they are monitored and under your Control. In large networks we find that devices and routes are often missed. (1 minute 10 seconds)
OK, who’s responsible for what? This is a sample RACI Matrix – The R’s, A’s, C’s , and I’s get entered into the matrix defining who is Responsible, Accountable, Consulted, on simply Informed relative to activities. This chart is organized showing a set of the grouped activities a mature IT organization might develop and they are listed down the left. Across the top are the Life Cycles and their associated Processes. You may use something like this in your organization, however, there are several useful variations. Beyond the obvious security tasks outlined by the bold rectangles, I’ve highlighted other grouped activities in pale blue where a comprehensive network discovery tool will apply. All but 7 out of the 25 main activities here can be directly supported by IPsonar. I especially like numbers 11 and 12 that relate to Risk analysis. How can you effectively fulfill your role if the information you are using is inaccurate or incomplete? (1 minute 15 seconds)
This diagram shows an overlay of a previous slide and it indicates the flow between life cycles when introducing a new service or changing an existing service. Every process’s input relies on current an accurate information about the network and devices in order to provide accurate output to the next processes. Consider again Continual Service Improvement at the bottom of the map : We work through 7 steps– define what we should measure , identify what we can measure , Gather, Process, Analyze, Report, Improve and keep optimizing IT to meet the goals and objectives of the business and to create value. With a Network Discovery tool you SHOULD be getting current, complete and accurate information of ALL network routes and devices. Lumeta CAN provide complete information about network routes and attached devices unlike any discovery or management system available as Constantine and David will discuss. You can visit the ITIL wiki and delve into each of the ITIL v3 processes I’ve mentioned and how their inputs and outputs are defined. Your particular organization may take and leave what it can use from the framework. ITIL v3 is the result of over three quarters of a century of development to achieve continual service improvement with its roots in the Deming Cycle –Plan, Do, Check, Act – which is also the basis for Six Sigma and COBIT. All are - continuous quality improvement models. You have to wonder -What ITIL v3 or improvement model has the ability to be comprehensive and conclusive if 10% of an organization’s network is not under management? -How about 20%? Can you have a successful Service Strategy, Service Design, Service Transition or Service Operations practice without breaks when you are working with inaccurate or incomplete information? It is not uncommon when we first engage an organization to discover 20% percent of the network is not visible to the IT department. That 20% consists of knowns and unknowns. At 20% if you have 10,000 IPs out there, 2000 are not visible. That 2000 is where your vulnerabilities are and your business is at risk. OK, At this point I will turn it over to Constantine Malaxos, Director of Business Development and David Lennon, Senior Systems Engineer from Lumeta. to get into these vulnerabilities and an overview of IPsonar and how to mitigate the risk. I’ll be back at the end to highlight a few Quick Wins for those of you implementing ITIL v3 practices. Use the box at the lower right of your screen to type in any questions or email us. Constantine….? (3minutes)
Chris has mentioned 20%. This amount is important, but right now we are going to delve deeper into the why? Why would a large enterprise have 20% of their network NOT under management. Simple stated, your network and ours and everyone on this call, our networks exist in a hyper-connected reality where the most sensitive data or perimeter is literally only a few hops away from some of the most onerous threats to all of our organizations.
What does the perimeter really look like? With the advent of remote computing, with our connections with customers, partners, mobile users, telecommuters and the move to cloud computing. What does your perimeter really look like? This complexity has led to an investment in solutions to help manage change in core infrastructure. Whether these tools are designed to find or assess vulnerabilities; detect/prevent intrusions; or configure, consolidate or manage your infrastructure, they all have the same “Achilles Heel”. All the infrastructure management tools deployed in global organizations today are based on a set of assumptions of what is actually connected on their network. What is visible to them. They all require you tell them which assets to work on or at least the range of IP addresses where to look to find networked assets to manage. But what about the unknown?
Let’s talk about the origin of Data Breaches. Verizon had a great report in 2008- The Data Breach Investigations Report. Nine out of 10 data breaches involved…A system unknown to the organization; A system storing data that the organization did not know existed on that system; A system that had unknown network connections or accessibility and A system that had unknown accounts or privelages. We refer to this as the unknown unknowns.
Read the quote… So, How do you Gain Situational Awareness of The Network Infrastructure: How do you fight proactively against “leaks” representing unknown, unrestricted pathways into and/or out of an organizations network. How do you Discover & map all Internet points of presence. How do you Identify and inventory all existing Internet connections. How do you Define & validate the perimeter, maintain accurate intelligence. How do you Determine where horizon boundaries exist. How do you Ensure entry points are properly managed & secured. How do you Perform active probe of entire address space. How do you Quickly and safely discover all IP addresses routed internally. How do you Prove the route of all discovered network connections. How do you Provide validation as connections are moved /changed /decommissioned. All of these questions are crucial in the proactive fight against data breaches and leaks. There is a need to reveal all unauthorized connections and identifying whether access is outbound, inbound, or both.
Lumeta empowers large enterprise and government with global network visibility, allowing clients to understand how network change affects security, availability, and compliance. Lumeta IPsonar® is the industry’s only network discovery product which discovers every asset on a network, including assets not currently under management and maps the connectivity between assets and networks to help with issues like Mergers & Acquisitions, IT Compliance, Cybersecurity, Critical Infrastructure Protection, Data Leak Prevention, and Large-scale Network Transformations and Roll-outs. Turn over to David Lennon
David Lennon: IPsonar uniquely provides global network visibility of both known and unknown network connections. Starting with the known address space, the product identifies all connectivity and lays out the perimeter of the network. The scans are modular and build upon data gathered throughout each phase. Upon completion, the data is presented is forms from targeted checklists to visual analytics to scorecards meant for senior management.
Retrieve a comprehensive set of network facts. IPsonar rapidly discovers the complete list of IP addresses and address ranges that are connected to the network. Validates reach from network management address space. Map your entire network. IPsonar easily maps every asset on a network – including assets not currently under management – visualizing the connectivity between assets and networks. Enables network and security teams to bring unknown assets under management while deploying security technology more effectively to mitigate risk. Stay in tune with ever-changing infrastructure. IPsonar accurately gauges the impact of network infrastructure change. Allows organizations to stay apprised of planned and unplanned network change, such as connectivity to a new business partner or the addition of unauthorized routers in a branch office. Identify unmanaged devices that may violate policy. Network Assurance enables organizations to discover unmanaged devices with possible policy violations, as well as vulnerable devices that are highly susceptible to a security breach. Ongoing scanning with IPsonar allows organizations to examine discrepancies in previous baselines to easily identify and remediate violations.
Unknown or unauthorized connections on the network pose a major threat to data security. These network leaks represent a means to malicious or unauthorized entry across the network perimeter. Intrusion detection systems serve as gatekeepers to defend the network; nevertheless, circumvention can and does happen – particularly if they are not properly deployed around the areas of the most sensitive data. IPsonar has a patented technology to discover network leaks, and we’re the only tool that finds these unknown, unrestricted pathways into and/or out of an organization’s network perimeter. If sensitive data resides on a system that leaks to the Internet, for example, it may be exploited and used in unauthorized data transmission or access (a “data leak”). This results in significant risk exposure for the organization – many of which have unfortunately been exploited with the exposures documented in the media. While data leaks can happen in a number of ways, proactive network leak prevention protects a potentially high exposure channel in the defense of sensitive data.
Constantine :What we propose is that an active baseline of layer 3 is a critical of a comprehensive security strategy and essential in achieving ITIL objectives. Baseline the network, Validate the assets, update the database. (If running late move to last slide)
IPsonar®, is a fully-automated, comprehensive solution that intelligently streamlines the M&A process for both companies’ networks. Only Lumeta’s Network Assurance solution can give organizations global visibility into their entire network infrastructure, reducing the risk of security gaps, unaccounted infrastructure costs, or rogue network devices. IPsonar provides organizations with the intelligence to optimally drive consolidation efforts, empowering them to: Create an accurate baseline of the entire network before networks are merged and compare that to a subsequent scan after the merge. Plan & Execute Based on Facts, not Assumptions : Automate discovery, improve IT processes. Unlock Savings : Identify opportunities for efficiencies. Improved Performance During Transition : Maintain service availability, security & compliance. Measure Success : Produce security metrics before, during transition and after. .
Maintain compliance amid network and regulatory change. Accurately gauge impact of policy change to security and compliance. Stay apprised of planned and unplanned network change, such as connectivity to a new business partner or addition of unauthorized routers in a branch office. Optimize vulnerability management and incident response. Periodically monitor compliance to assure new mandates and evolving resources do not compromise efforts. Export IPsonar’s network inventory to security tools, aligning them with network change. Eliminate audit surprises. Identify all connections and devices. Isolate configuration problems, and validate access control lists. Prioritize trouble spots so that issues are resolved before audits. Gain “fact-based” compliance reporting. Base reporting on IPsonar's objective results, not word of mouth or extrapolation
Lumeta’s Network Assurance solutions empower you to base infrastructure plans on an accurate understanding of your network, so you can minimize risks while accelerating cost savings. With a comprehensive view of your network assets and their connections, you can easily adapt, maintain, and monitor your network in order to keep your defenses aligned with infrastructure changes and be confident that all of your network assets are under management. Reduce unplanned outages and compliance violations. Gain a regularly updated map of the network based on facts, not impartial or obsolete assumptions. Enable executives and administrators to "look before they leap." Scorecard and minimize network risk. Determine whether an initiative is causing the network to grow more or less stable, compliant and secure. Scorecard network risk prior to and during execution, ranking "contributing factors" to expedite remediation. Improve business continuity preparation and execution. Use a full understanding of hosts, devices and connections to verify plans will work as intended. Improve response to actual disruptions by determining their complete downstream impact. Manage the project portfolio to expected outcomes. Deliver accurate time lines for integration and management of new resources or connectivity to new partners. Use a big-picture network view to prevent projects in one area from destabilizing efforts in another.
Statistics
Unique Differentiators for IPsonar Only product that provides visibility into every IP asset, host, node, and connection on the network; Only product that reports on network “leaks” – unknown, unrestricted pathways into and/or out of an organizations network – that represent policy violations and security threats; Only product that provides a comprehensive view of the entire routed infrastructure; Only product that measures risk from a network perspective; Only product that finds wireless access points that are connected to the wired network, and tests for inbound or outbound “leaks”; Provides information that is easily integrated into a variety of network and security management; and Is lightweight, fast and safe for the world’s largest high-assurance IP networks.
Here are a few of the quick wins that you can gain when implementing ITIL – Read through ( Thank you for attending this seminar. Please contact me to further the discussion and to possibly arrange for a sample of IPsonar reports on your network. (3 minutes)
Welcome to everyone. This is Chris Johnson from Open Access Systems Corporation. We are an IT Solutions Provider headquartered in Northern New Jersey since 1993 and are partners with Lumeta to bring Network Assurance and Risk Assessment solutions to our clients. Today we will highlight some of the features of Lumeta’s IPsonar and they how benefit ITIL v3 processes, enabling your organization to effectively secure and align IT to meet the goals and objectives of the business. ITIL v3 of course is a set of 5 Core Practices known as the IT Information Library maintained by the British government and used worldwide. Brief Lumeta History: In 1998, Bell Labs scientists developed the first generation of the IPsonar solution. The goal was to determine the boundaries and contents of the Internet itself - a successful effort now known as the Internet Mapping Project. The results are celebrated in the Guinness Book of World Records because of their massive scale. Lumeta spun off from Bell Labs in 2000 to help corporate and government enterprises achieve global network visibility. This legacy of innovation continues today. Lumeta solutions have been awarded repeatedly for advances in network assurance, as have members of their executive team - each of whom is a veteran of the network management and network security markets. During the presentation you can type in any questions or comments in the window at the lower right of your screen. We’ll try to address them while presenting and will directly answer them during the question and answer period at the end. Of course you can contact any of us to arrange an on-site meeting. We should be done in 45 minutes. 1 minute 45 seconds