matthew adams 2019.10 · customer use case example #1: real proxy device –parsing random payloads...

Matthew Adams 2019.10.09

System Engineer / Ixia, A Keysight Business

2

You Are

3

How can we protect

them better?

4

• Systems Engineer for the past 3 years

• Professional Services Engineer for 5 years -

Designing, Implementing, and Supporting

Automation and Cybersecurity solutions

• Software Developer

• Open Source Advocate

Matt Adams

matthew.adams@keysight.com

(905) 903-4751

5

Testing

6

• Policy Validation Testing

• New Technology Adoption

• Change Management Verification

OPTIMIZE

• Threat Response

• Hands-On Exercises

• Personnel and Process Alignment

TRAIN

PEOPLE

PROCESS

TECHNOLOGY

DESIGN

• Product Design Verification

• Vendor/Solution Selection

• Capacity and Performance

• SLA Benchmarking

• Service Turn-Up Validation

• Application/Service Performance

DEPLOY

7

C U S T O M E R U S E C A S E

Example #1: Real Proxy Device

– parsing random payloads (dumb data)

Example #2: NGN Firewall with IPS

Static content can look suspicious, impacting

performance !!!

HTTP payload with all ‘0000s’ vs ‘012345..9’

8

Automation

9

A New Way of Thinking

About Deployment

“Lack of visibility proliferates due to increasing use of cloud-based apps, encryption and

general network expansion. Moving forward, IoT will add additional visibility challenges.”

GARTNER: “Avoid these ‘bottom Ten’ networking worst practices” - December 2015

10

YESTERDAY ’ S V I S I B I L I T Y

Aggregation of data

Production site

Public Cloud

Production site

Tools Farm

Single Aggregation Point

Security and Performance

11

I N D U S T R Y 4 . 0

Tools Farm

HQ Data Center

Smart Factories

Public Cloud

Internet

Only very partial visibility

Miss all the critical traffic to internet,

between sites, on sites …

12

Grab the packets and the data you need on the site

Leverage same resources for security monitoring and network and application performance

Blend of packet data, meta-data, synthetic monitoring can optimize cost of visibility at the edge

Think different:

Edge computing requires Edge Monitoring

13

Branch NPB

Remote Office NPB

Factory NPB

Colle

cte

dtra

ffic

Network Packet Broker

• Scalable visibility fabric

• Terminate remote sites

• Distribute to tools

Tools Farm

Give second life to your tools in datacenter

Preserver your skills and process

HQ Data Center

Collect traffic from remote sites and send to centralized tools

Public Cloud

14

• External Bypass Switch reliability is

5 times better!MTBF (Mean Time Between Failure in Hours)

External Bypass: 450,000

Integrated Bypass: 80,000

• Easier to replace failed devices, no risk of taking

network down

• Only external bypasses can be deployed in

conjunction with NPBs to achieve the highest

level of security resilience

• Detect failures faster using heartbeats

Pag e 5915-80 56 -0 1-50 6 1 Rev A

2660 1 A g oura Road | Calab asas, CA 9130 2 USA | Tel + 1-818-8 71-180 0 | w w w.ix iaco m .com

W HITE PA PER

In the m aximum st rength securit y architecture (show n above),

dual bypass sw itches and dual NPBs enable full recovery f rom the

failure of any inline d evice in the securit y architecture. The bypass

sw itches dep loyed in act ive-standby m ode m onitor t he health of

all devices, includ ing t he NPBs, and reroute t raf c f rom one to

another, should an outage be d etected . In t he case of a f ailure on

one b ranch, securit y is completely m aintained , and users w ould

detect no service or app licat ion outage.

The NPBs configured for HA w ith complete synchronizat ion

in act ive-act ive m ode p rovide load balancing during normal

condit ions and are configured for full p rotect ion of all t raf c if

one goes dow n. Again, users detect no dow nt ime, and securit y

monitoring is completely unaf ected .

Corp orate LA N

Int ernet

Rout er

Byp ass Sw it ch

Byp ass Sw it ch

NPB NPB

Rout er

Sw it ch Sw it ch

IPSNGFW

IPSNGFW

WA F WA F

Figure 3: Security Fabric with Maximum Strength HA

THE LIKELIHOOD OF

A N ORGA NIZATION

SUFFERING A N OUTAGE

OVER THE NEXT 2

YEA RS IS 25%.

— PONEMON INSTITUTE

15

Test your network equipment like you test drive a car.

Leverage traffic generators to identify baseline performance before you find out product shortcomings in production

TEST

Attackers are quick. Be even faster with automated responses.

Use automation to strengthen your environment and reduce the damage of an attack.

AUTOMATE

Stop guessing. See everything, with a scalable network visibility fabric.

Increase your security resiliency and reduce downtime with dedicated bypass switches.

REMOVE

BLIND SPOTS</>