Presenter: Sharon Besser - VP of Technology, Net Optics
Today’s advanced network security threats are growing in complexity, scale and scope. Highly co-ordinated resources and activities are being leveraged to assault today’s networks with unprecedented speed and agility—a new paradigm in network security monitoring is required in order for organizations to adapt and respond to these threats.
In this presentation, Net Optics VP of Technology & Solutions Sharon Besser defines the next generation approach to security utilizing security-centric SDN, and provides concrete steps organizations must take with their network security and monitoring.
2. • Providing end-to-end visibility across physical, virtual environments
• Install based: 80% of F100, 50% of G2000
• R&D in US, Israel
• Large and growing customer base in Israel
• leading OEM source
• Security
• Monitoring
• Forensics
• Instrumentation
4. 9,500
will NOT be
recorded, captured, logged,
monitored or seen by the
organizations as they are
being lost
Source: 2012 Data Breach Investigations Report, Verizon. “Chinese cyberspies stealing key data, U.S. analysts say." CBC News, 12 Dec. 2011
6. Management
Needs to Be
Simple, and
Centralized
Need to Have
Total
Visibility
of the Network
Monitoring
and
Enforcement
Should be
Separate
Provisioning
of Threat
Response
Needs to be
Easy
Utilize
Industry
Standards
8. • Security is should be a strategic initiative yet implementation is
tactical and incident response is at “best effort”
• Risk mitigation of multiple attack vectors require several security
systems integrated together
• Technology of implemented solution is 1-2 years old at day one
• Solutions/technology used must be future ready and current
9.
10.
11. There’s a need for a
better (working!)
method to
implement defense
in depth
12. • Availability: Ability to respond
fast, accurately with needed power
• Agility: Reinforce defense when needed
• Advance: promote security tools across
the network as needed
14. Agility
Network Packet
Broker
• Total Network Visibility
• Easy Provisioning of
Threat Mitigation
Centralized
Controller
(via SDN)
• Centralized
Management
• Policies and Rules
• Industry Standards
15. • Separation of network elements and monitoring devices
• Automation and provisioning of monitoring applications and
tools based on real time traffic behavior
• End-to-end network monitoring
• Easy operation
• Improved Security & Monitoring
16. • You can view your network entirely. Every bit, every stream
without performance degradation
• You can connect any security tool to your network. Always
on, always active
• Your security devices support any load and scale as
needed
17.
18. • Risk management and mitigation plan
• SDN controller
• Network Packet Broker (NPB) and access devices
• Your favorite security solutions
SDN Controller
NPB
21. • Learn the network, react to changes dynamically
• Use Network Packet Brokers for traffic distribution
• Add network controller that measures the network , provisions SDN and reacts
to network activity
Device provisioning and
management
Router
SDN Controller
26. • It is possible to create a “security switch” to deploy tactical
security solutions in a strategic fashion using NPB
• Security Defined Networks are possible by adopting the
SDN concept
28. Net Optics, Inc
5303 Betsy Ross Dr
Santa Clara, CA 95054
U.S.A
www.netoptics.com
1.408.737.7777
Sharon Besser
VP Technologies
Notas del editor
Industry analysts consistently recognize Net Optics as one of America’s top private companies. And our company founder, EldadMatityahu, knows that while we built the company in Silicon Valley, the best way to secure our place as leaders is by tapping into the best and the brightest…and that means opening offices here in the Startup Nation. See the future by creating it.
I want to begin today with some sobering statistics. In the same amount of time that I will be standing on this stage, approximately 10,000 customer records will be stolen from networks around the world. Of course, this statistic is not shocking to anyone in this room. After all, we’re here because we are well aware of the threats to network security and, specifically, cybersecurity.
What SHOULD surprise you is that 9,500 of these stolen records will NOT be recorded, captured, logged, monitored or seen by the organizations as they are being lost. The breaches are all too frequently invisible to the organizations. And the targeted organizations and their customers only learn about it when and if credit or law enforcement agencies get involved – essentially - when it’s too late. In December, news broke that hackers – believed to have ties to the Chinese military - infiltrated the computer systems of the U-S Chamber of Commerce. This was just the latest in a series of cyber attacks. Some in the United States accuse China of stealing $400 billion worth of sensitive information a year. The breaches are so serious that the National Counterintelligence Executive described them as a “long term strategic threat to the United States of America.” And he added “failure is not an option.” Of course, the news hits close to home here in Israel – Just last week, Kaspersky Labs detected the Flame worm and cybersecurity has been the top headline ever since. I’ll bet we’ll all be paying very close attention later this afternoon when Eugene Kaspersky takes to the podium.Israel’s largest bank and several other public institutions have come under attack –by Iranian and Saudi hackers – and we can only assume there will be more to come.
But what has happened in the Cyber Security arena in the past year? As you know, when it comes to Cyber Security, the situation is getting worse, not better:130+ major Data Breaches have occurred in the first three months of 2013,Nearly 70% of these breaches go undetected47,000 Incidents were reported in 2012And nearly 44 million records were compromised last year Companies such as Checkpoint, Imperva, Radware, and other security firms are developing solutions that companies are paying billions of dollars for – and this may be somewhat controversial, but these individual solutions don’t appear to be stemming the tide.
Scale, Scope, Resources, Speed of attacks – unprecedentedOrganized Crime – Financial BenefitGovernment Sponsored – State SecretsCheap Resources – Bot NetsTargets of Choice - Some Organizations will be a target regardless of what they do, but most will become a target because of what they do. There’s a need for a better (working!) method to implement defense in depth
Combining, integrating, layering, looking beyond patterns of activity - but still not quite there yet
The BEST Practices are now looking at the entire Architecture of the Network -- not just silo’s -- we need to view our networks in their entirety from the Cloud to the Data Center to the remote branches. We can’t turn on a nightlight here and a flashlight there to guide us through the dark. We need night vision goggles to eliminate the blind spots.Visibility Solutions that just look at the network edge or see only the random monitoring data that doesn’t get dropped by an oversubscribed SPAN port are simply not robust or comprehensive enough. As the diversity of applications increase, and the devices that access or host them spread to every corner of your organization, Visibility needs to become a core function incorporated into every network architecture. The past decade has seen Network Access and Visibility rise sharply as a critical component for gaining accurate information about the state of the network and that trend will only continue.