exhibitor session: efficient ip

Exhibitor session 1bChair: Simon Cooper

Please switch your mobile phones to silent

17:30 - 19:00

No fire alarms scheduled. In the event of an alarm, please follow directions of NCC staffExhibitor showcase and drinks reception

18:00 - 19:00

Birds of a feather sessions

Efficient IP

Solving the Top 5 Network Challenges for Higher EducationNick Fennell, Lead UK Pre-Sales11 April, 2017

Confidential-Property of EfficientIP - All rights reserved-Copyright © 2017

Top Five Education Network Challenges

Network security

BYOD: Controlling and securing the network services

IT process automation: Decreasing operational costs

Network visibility & capacity planning control

Digital Learning & Smart Classroom in the Millennial Age


1) Network Security


DNS Security Context

JANET Network faced multiple major DDoS attacks 2015-2016

74% of UK organisations faced DNS attacks- Last 12 months1

DNS is one of the top primary targets2 for application layer attacks

91% of malware uses DNS protocol3

11 Critical DoS Vulnerabilities on BIND in 20161 EfficientIP 2016 DNS Security

Report2 Arbor Network 2016 Security

Report3 Cisco 2016 Security Report


Three Main Reasons Why DNS Is On the Top of a Hacker’s List

3Not Effectively

Protected

2Easy to Exploit

1Mission Critical


Why Is DNS Mission Critical?

DNS - DHCP - IPAMNETWORK

Customers - Employees - Suppliers - Citizens - Students

DNS Services Enable Business Operations by Ensuring Access to Critical Applications & Services

Students – Professors – Researchers - Visitors


Open service by design Connectionless (UDP) Attack target & threat vector Great attack variety and sophistication Not analysed by 68% of organisations 1

Why Is DNS Easy to Exploit?

1Cisco 2016 Security Report


UK Damages Incurred From DNS Attacks

Application downtime

Compromised website

Data exfiltration Brand damage

35%

23%

13%16%

The Effects of DNS Attacks on UK Organisations 2016

SOURCE: EfficientIP 2016 DNS Security Report


1. No DNS analytics for behavioural threat detection Only based on DNS packet frequency, request entropy, payload or data encoding

signature

2. Complex to deploy & maintain Threats are evolving: configuration & tuning of filtering rules while ensuring

consistency

3. Basic mitigation techniques with a high risk of false positives Countermeasures are limited to blocking DNS traffic

4. Not proactive Unable to mitigate new attacks without new filtering rules No mitigation capability of zero-day attacks

5. Not powerful enough to handle volumetric attacks 49% of all DNS DDoS attacks are above 1M QPS 1

Traditional Security Solutions Fail at DNS Protection

1EfficientIP 2016 DNS Security Report


2) BYOD


More connected devices will create major pressure on network services

Higher education networks must ensure application availability to students, faculty and visitors

Network service performance must support the increasing amount of connected devices

Securing the network is essential, as you don’t control the security level of the connected devices

The BYOD Threat


Average of 3-5 connected devices per student1

Top 10 ranked UK universities provide network access to an average of more than 25,000 students…a potential 125,000+ connected devices to support!

A combined 89% of students expect to be able to use their own Apple computers, tablets and phones to access university software2

BYOD Prevalence In Higher Education

1Cisco Visual Networking Index2Software2 EdTech BYOD Survey 2016


The BYOD Threat Illustrated


Transaction Analysis for Behavioural Threat Detection- Real-time DNS traffic statistics to detect data exfiltration- No risk of false positives or excluding legitimate customers- Real-time reputation domain

Graduated Protection with Smart Countermeasures- Block source IPs of the attacks- Quarantine suspected source IPs of attacks- Ensure service continuity even if the attack source is unidentifiable

Using DNS with Built-In Security as aSource of Protection


3) Visibility & Capacity Planning


Visibility: what is connected to the network?

Control & detection of unauthorised or unplanned changes

Multi-vendor tools and disparate processes are error-prone, putting network availability at risk

Repetitive and unitary manual tasks are costly & inefficient

Management delegation is risky, advanced skills required

Highly complex to enforce policies and standardise operations

Network Management Issues


Creating Comprehensive Network Visibility

Devices & Network Equipment Hardware & virtual

Device Location Switch-port-VLAN-IP-MAC-name

Network Devices Routes L3 switch, router, firewall, load balancer


Campus Network Capacity Planning

Identify physical devices connected to port (versus what is supposed to be connected)

Reclaim unused ports

Management at the port level

Control & optimise switch port occupancy to save money


4) IT Process Automation


Network IT Process Issues Bottlenecks/longer time to complete tasks

Fewer skilled employees with access rights- most tasks must be done by these resources, adding strain

Automation reduces manual processes with fewer errors, and introduces templates

True delegation only possible with automation software in place- enforces best practices & masks complexities

Weak integration with cloud or virtual application automation Cannot get the value of cloud when there are still manual processes in place- must automate 100%

If DDI is not included in the process of real-time creation of new virtual environments, the process will have to stop to manually obtain definitions

Student and research collaboration can be compromised


Automation Solutions Enable your facility with DDI (DNS-DHCP-IPAM) automation

Control, automate & streamline resource deployments

Provisioning process automation according to needs

Delegation control & workflow management

Boost cloud infrastructure/virtualisation agility with integrated DDI


5) Millennial Age Learning


Millennial Learning Online courses

Massive Open Online Courses (MOOC) Connected laboratories for collaborative research Smart classrooms/Active learning platforms and software Alignment with JANET schemas Mobile apps for enrollment, campus services, email,

group project collaboration


Millennial Learning Foundations• Mobility

• Facilities often have multiple locations• Agility

• Transition from WIFI to mobile• Flexibility

• Multiple operating systems and devices• Control

• Tracking devices across multiple networks• Security and forensics

• Device audit and identification


EfficientIP Solution Suite

DNSDHCP IPAM

DNSSecurity

NetworkAutomation

DDIIPAM, VRF, VLAN

& Network Services

MVSMMulti-Vendor DNS DHCPServices Management

Device ManagerDevice Deployment

Management

SPXRIR DeclarationManagement

Hybrid DNSEngine

DNS Firewall

DNS Guardian

DNS Cloud

DNS Blast

NetchangeIPLocator

Network Discovery

NetchangeNetwork Discovery

& Configuration

Unified Database and AdvancedReportingPhysical & Virtual SOLIDserver Appliance

DNSDHCP IPAM

DNSSecurity

NetworkAutomation

DDIIPAM, VRF, VLAN

& Network Services

MVSMMulti-Vendor DNS DHCPServices Management

Device ManagerDevice Deployment

Management

SPXRIR DeclarationManagement

Hybrid DNSEngine

DNS Firewall

DNS Guardian

DNS Cloud

DNS Blast

NetchangeIPLocator

Network Discovery

NetchangeNetwork Discovery

& Configuration

Unified Database and AdvancedReportingPhy


EfficientIP In Brief

24 x 7Fastest Growing DDI Company*

Awarded Technologies

Follow-The-Sun Support Services

+90Employees

650+ Customers

5 Continents

110+ Countries

HQEMEA - Paris, FranceUSA - West Chester, PA APAC - Singapore

Innovative DDI CompanySecurity - Availability - Agility

*IDC 2015 DDI (DNS-DHCP-IPAM) Market Update


Thank You!Visit us at Stand 51 for more information on

higher education DNS-DHCP-IPAM solutions

Circle IT

jisc.ac.uk

http://www.jisc.ac.uk/

Thank you

03/05/2023Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)