Slide 1

Cyberspace - A Global Battlespace? Joel Ebrahimi Solutions Architect Bivio Networks, Inc. Slide 2 2010 Bivio Networks, Inc. A Hackers Opportunity is Target Rich! Enterprise Personal Credit Card Government Military secrets Nuclear Information Medical Records Criminal Records Classified Secrets and Information Control of Physical Infrastructure Power Electrical Water 2 Joe Hacker Slide 3 2010 Bivio Networks, Inc. Exploitation Evolution While we look at the evolution trend, it should be noted that the less severe exploits have not gone away. They still exist today and have even increased in numbers. The problem is that we also have to deal with exploits that now affect our national security. Experimentation / Notoriety Hacktivism / Defacements Criminal Enterprise Espionage / Cyber Terrorism Slide 4 2010 Bivio Networks, Inc. Hacking Hotspots and Trends CHINA Targeting Japan, U.S., Taiwan and perceived allies of those countries; Falun Gong targeted also INDIA-PAKISTAN Worldwide targets, Kashmir-related and Muslim-related defacements MIDDLE EAST Palestinian hackers target Israeli websites; some pro-Israel activity WESTERN EUROPE Cyber-activists with anti-global/anti- capitalism goals; some malicious code BRAZIL Multiple hacker groups, many mercenary; random targets EASTERN EUROPE/RUSSIA Malicious code development; fraud and financial hacking U.S. Multiple hacker/cyber- activist/hacktivist groups; random targets Slide 5 2010 Bivio Networks, Inc. Is the threat real? 5 Slide 6 2010 Bivio Networks, Inc. Its Real and Happening Now! Stuxnet Cyber Espionage DDOS attacks in Estonia Attacks on Booz Allen Hamilton Breach of defense contractor computers that let hackers get at information on the Joint Strike Fighter Power grid compromised Repeated attacks on.gov websites Real growing threat of cyber terrorism 6 Slide 7 2010 Bivio Networks, Inc. The Threats Malware Worms Trojans Rootkits Spyware Remote of local exploitation Botnets Slide 8 2010 Bivio Networks, Inc. A Transforming Network Explosion in usage, applications, devices, protocols Basic networking problems remain Security Information assurance Cyber defense Awareness Control Network role transition from connectivity to policy Key Enabling Technology: Deep Packet Inspection Slide 9 2010 Bivio Networks, Inc. Deep Packet Inspection (DPI) Set of technologies enabling fine-grained processing of network traffic Common analogy: processing regular mail based on letter contents vs. address Not a solution or an application! L2L3L4L5 L7 Ethernet Internet Protocol (IP) Transport Layer (TCP/UDP) Email, IM Web File Transfer Peer-to-Peer (P2P) Viruses Intrusions Worms Slide 10 2010 Bivio Networks, Inc. L3/4 analysis clearly not granular enough Source/Destination often irrelevant Most information is in the payload Deeply embedded Context dependent Dynamic Tunneling makes outer protocols/headers insufficient Correlation between flows and payload often crucial Threats are real-time and dynamic; response cant be DPI is real-time networking analog to off-line analysis Dramatically shortens threat identification and response Why DPI? Slide 11 2010 Bivio Networks, Inc. The Right Technology Scalability: variable throughput, computation Performance: Computational: full packet inspection Network: wire-speed Flexibility: software is king Customization: each mission different Adaptability: inherent in space Active/Passive: monitoring and enforcement Multi-function: parallel tasks Standardization: Avoid proprietary environments Rapid deployment Slide 12 2010 Bivio Networks, Inc. Protecting The Future Infrastructure Focus on high-compute/high-throughput System design Semiconductors Keep pace with networking advances 40Gb/s 100Gb/s Storage integration Data Retention Post-processing Applications Increased sophistication of protocol analysis Increased cross-flow analysis Information sharing between applications Dynamic threat response Slide 13 2010 Bivio Networks, Inc. Summary Threats are already here Cyber Terrorism is real The network is changing and growing DPI technology underlies future networking Core technology for National Security requirements Challenges addressed in rapidly advancing market Significant innovation into the future Slide 14 2010 Bivio Networks, Inc. Not just a presenter, this is what I do Special purpose networking devices 10Gb/s+ High compute capacity Throughput and compute scaling Linux development environment Multi-application support Joel Ebrahimi jebrahimi@bivio.net Bivio Networks, Inc http://www.bivio.net Thank You!