exhibitor session: efficient ip
TRANSCRIPT
Exhibitor session 1bChair: Simon Cooper
Please switch your mobile phones to silent
17:30 - 19:00
No fire alarms scheduled. In the event of an alarm, please follow directions of NCC staffExhibitor showcase and drinks reception
18:00 - 19:00
Birds of a feather sessions
Efficient IP
Solving the Top 5 Network Challenges for Higher EducationNick Fennell, Lead UK Pre-Sales11 April, 2017
Page 5Confidential-Property of EfficientIP - All rights reserved-Copyright © 2017
Top Five Education Network Challenges
Network security
BYOD: Controlling and securing the network services
IT process automation: Decreasing operational costs
Network visibility & capacity planning control
Digital Learning & Smart Classroom in the Millennial Age
Page 6Confidential-Property of EfficientIP - All rights reserved-Copyright © 2017
1) Network Security
Page 7Confidential-Property of EfficientIP - All rights reserved-Copyright © 2017
DNS Security Context
JANET Network faced multiple major DDoS attacks 2015-2016
74% of UK organisations faced DNS attacks- Last 12 months1
DNS is one of the top primary targets2 for application layer attacks
91% of malware uses DNS protocol3
11 Critical DoS Vulnerabilities on BIND in 20161 EfficientIP 2016 DNS Security
Report2 Arbor Network 2016 Security
Report3 Cisco 2016 Security Report
Page 8Confidential-Property of EfficientIP - All rights reserved-Copyright © 2017
Three Main Reasons Why DNS Is On the Top of a Hacker’s List
3Not Effectively
Protected
2Easy to Exploit
1Mission Critical
Page 9Confidential-Property of EfficientIP - All rights reserved-Copyright © 2017
Why Is DNS Mission Critical?
DNS - DHCP - IPAMNETWORK
Customers - Employees - Suppliers - Citizens - Students
DNS Services Enable Business Operations by Ensuring Access to Critical Applications & Services
Students – Professors – Researchers - Visitors
Page 10Confidential-Property of EfficientIP - All rights reserved-Copyright © 2017
Open service by design Connectionless (UDP) Attack target & threat vector Great attack variety and sophistication Not analysed by 68% of organisations 1
Why Is DNS Easy to Exploit?
1Cisco 2016 Security Report
Page 11Confidential-Property of EfficientIP - All rights reserved-Copyright © 2017
UK Damages Incurred From DNS Attacks
Application downtime
Compromised website
Data exfiltration Brand damage
35%
23%
13%16%
The Effects of DNS Attacks on UK Organisations 2016
SOURCE: EfficientIP 2016 DNS Security Report
Page 12Confidential-Property of EfficientIP - All rights reserved-Copyright © 2017
1. No DNS analytics for behavioural threat detection Only based on DNS packet frequency, request entropy, payload or data encoding
signature
2. Complex to deploy & maintain Threats are evolving: configuration & tuning of filtering rules while ensuring
consistency
3. Basic mitigation techniques with a high risk of false positives Countermeasures are limited to blocking DNS traffic
4. Not proactive Unable to mitigate new attacks without new filtering rules No mitigation capability of zero-day attacks
5. Not powerful enough to handle volumetric attacks 49% of all DNS DDoS attacks are above 1M QPS 1
Traditional Security Solutions Fail at DNS Protection
1EfficientIP 2016 DNS Security Report
Page 13Confidential-Property of EfficientIP - All rights reserved-Copyright © 2017
2) BYOD
Page 14Confidential-Property of EfficientIP - All rights reserved-Copyright © 2017
More connected devices will create major pressure on network services
Higher education networks must ensure application availability to students, faculty and visitors
Network service performance must support the increasing amount of connected devices
Securing the network is essential, as you don’t control the security level of the connected devices
The BYOD Threat
Page 15Confidential-Property of EfficientIP - All rights reserved-Copyright © 2017
Average of 3-5 connected devices per student1
Top 10 ranked UK universities provide network access to an average of more than 25,000 students…a potential 125,000+ connected devices to support!
A combined 89% of students expect to be able to use their own Apple computers, tablets and phones to access university software2
BYOD Prevalence In Higher Education
1Cisco Visual Networking Index2Software2 EdTech BYOD Survey 2016
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
The BYOD Threat Illustrated
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
Transaction Analysis for Behavioural Threat Detection- Real-time DNS traffic statistics to detect data exfiltration- No risk of false positives or excluding legitimate customers- Real-time reputation domain
Graduated Protection with Smart Countermeasures- Block source IPs of the attacks- Quarantine suspected source IPs of attacks- Ensure service continuity even if the attack source is unidentifiable
Using DNS with Built-In Security as aSource of Protection
Page 18Confidential-Property of EfficientIP - All rights reserved-Copyright © 2017
3) Visibility & Capacity Planning
Page 19Confidential-Property of EfficientIP - All rights reserved-Copyright © 2017
Visibility: what is connected to the network?
Control & detection of unauthorised or unplanned changes
Multi-vendor tools and disparate processes are error-prone, putting network availability at risk
Repetitive and unitary manual tasks are costly & inefficient
Management delegation is risky, advanced skills required
Highly complex to enforce policies and standardise operations
Network Management Issues
Page 20Confidential-Property of EfficientIP - All rights reserved-Copyright © 2017
Creating Comprehensive Network Visibility
Devices & Network Equipment Hardware & virtual
Device Location Switch-port-VLAN-IP-MAC-name
Network Devices Routes L3 switch, router, firewall, load balancer
Page 21Confidential-Property of EfficientIP - All rights reserved-Copyright © 2017
Campus Network Capacity Planning
Identify physical devices connected to port (versus what is supposed to be connected)
Reclaim unused ports
Management at the port level
Control & optimise switch port occupancy to save money
Page 22Confidential-Property of EfficientIP - All rights reserved-Copyright © 2017
4) IT Process Automation
Page 23Confidential-Property of EfficientIP - All rights reserved-Copyright © 2017
Network IT Process Issues Bottlenecks/longer time to complete tasks
Fewer skilled employees with access rights- most tasks must be done by these resources, adding strain
Automation reduces manual processes with fewer errors, and introduces templates
True delegation only possible with automation software in place- enforces best practices & masks complexities
Weak integration with cloud or virtual application automation Cannot get the value of cloud when there are still manual processes in place- must automate 100%
If DDI is not included in the process of real-time creation of new virtual environments, the process will have to stop to manually obtain definitions
Student and research collaboration can be compromised
Page 24Confidential-Property of EfficientIP - All rights reserved-Copyright © 2017
Automation Solutions Enable your facility with DDI (DNS-DHCP-IPAM) automation
Control, automate & streamline resource deployments
Provisioning process automation according to needs
Delegation control & workflow management
Boost cloud infrastructure/virtualisation agility with integrated DDI
Page 25Confidential-Property of EfficientIP - All rights reserved-Copyright © 2017
5) Millennial Age Learning
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
Millennial Learning Online courses
Massive Open Online Courses (MOOC) Connected laboratories for collaborative research Smart classrooms/Active learning platforms and software Alignment with JANET schemas Mobile apps for enrollment, campus services, email,
group project collaboration
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2016
Millennial Learning Foundations• Mobility
• Facilities often have multiple locations• Agility
• Transition from WIFI to mobile• Flexibility
• Multiple operating systems and devices• Control
• Tracking devices across multiple networks• Security and forensics
• Device audit and identification
Page 28Confidential-Property of EfficientIP - All rights reserved-Copyright © 2017
EfficientIP Solution Suite
DNSDHCP IPAM
DNSSecurity
NetworkAutomation
DDIIPAM, VRF, VLAN
& Network Services
MVSMMulti-Vendor DNS DHCPServices Management
Device ManagerDevice Deployment
Management
SPXRIR DeclarationManagement
Hybrid DNSEngine
DNS Firewall
DNS Guardian
DNS Cloud
DNS Blast
NetchangeIPLocator
Network Discovery
NetchangeNetwork Discovery
& Configuration
Unified Database and AdvancedReportingPhysical & Virtual SOLIDserver Appliance
DNSDHCP IPAM
DNSSecurity
NetworkAutomation
DDIIPAM, VRF, VLAN
& Network Services
MVSMMulti-Vendor DNS DHCPServices Management
Device ManagerDevice Deployment
Management
SPXRIR DeclarationManagement
Hybrid DNSEngine
DNS Firewall
DNS Guardian
DNS Cloud
DNS Blast
NetchangeIPLocator
Network Discovery
NetchangeNetwork Discovery
& Configuration
Unified Database and AdvancedReportingPhy
Page 29Confidential-Property of EfficientIP - All rights reserved-Copyright © 2017
EfficientIP In Brief
24 x 7Fastest Growing DDI Company*
Awarded Technologies
Follow-The-Sun Support Services
+90Employees
650+ Customers
5 Continents
110+ Countries
HQEMEA - Paris, FranceUSA - West Chester, PA APAC - Singapore
Innovative DDI CompanySecurity - Availability - Agility
*IDC 2015 DDI (DNS-DHCP-IPAM) Market Update
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2017
Thank You!Visit us at Stand 51 for more information on
higher education DNS-DHCP-IPAM solutions
Circle IT
jisc.ac.uk
Thank you
03/05/2023Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)