matthew adams 2019.10 · customer use case example #1: real proxy device –parsing random payloads...
TRANSCRIPT
Matthew Adams 2019.10.09
System Engineer / Ixia, A Keysight Business
2
You Are
3
How can we protect
them better?
4
• Systems Engineer for the past 3 years
• Professional Services Engineer for 5 years -
Designing, Implementing, and Supporting
Automation and Cybersecurity solutions
• Software Developer
• Open Source Advocate
Matt Adams
(905) 903-4751
5
Testing
6
• Policy Validation Testing
• New Technology Adoption
• Change Management Verification
OPTIMIZE
• Threat Response
• Hands-On Exercises
• Personnel and Process Alignment
TRAIN
PEOPLE
PROCESS
TECHNOLOGY
DESIGN
• Product Design Verification
• Vendor/Solution Selection
• Capacity and Performance
• SLA Benchmarking
• Service Turn-Up Validation
• Application/Service Performance
DEPLOY
7
C U S T O M E R U S E C A S E
Example #1: Real Proxy Device
– parsing random payloads (dumb data)
Example #2: NGN Firewall with IPS
Static content can look suspicious, impacting
performance !!!
HTTP payload with all ‘0000s’ vs ‘012345..9’
8
Automation
9
A New Way of Thinking
About Deployment
“Lack of visibility proliferates due to increasing use of cloud-based apps, encryption and
general network expansion. Moving forward, IoT will add additional visibility challenges.”
GARTNER: “Avoid these ‘bottom Ten’ networking worst practices” - December 2015
10
YESTERDAY ’ S V I S I B I L I T Y
Aggregation of data
Production site
Public Cloud
Production site
Tools Farm
Single Aggregation Point
Security and Performance
11
I N D U S T R Y 4 . 0
Tools Farm
HQ Data Center
Smart Factories
Public Cloud
Internet
Only very partial visibility
Miss all the critical traffic to internet,
between sites, on sites …
12
Grab the packets and the data you need on the site
Leverage same resources for security monitoring and network and application performance
Blend of packet data, meta-data, synthetic monitoring can optimize cost of visibility at the edge
Think different:
Edge computing requires Edge Monitoring
13
Branch NPB
Remote Office NPB
Factory NPB
Colle
cte
dtra
ffic
Network Packet Broker
• Scalable visibility fabric
• Terminate remote sites
• Distribute to tools
Tools Farm
Give second life to your tools in datacenter
Preserver your skills and process
HQ Data Center
Collect traffic from remote sites and send to centralized tools
Public Cloud
14
• External Bypass Switch reliability is
5 times better!MTBF (Mean Time Between Failure in Hours)
External Bypass: 450,000
Integrated Bypass: 80,000
• Easier to replace failed devices, no risk of taking
network down
• Only external bypasses can be deployed in
conjunction with NPBs to achieve the highest
level of security resilience
• Detect failures faster using heartbeats
Pag e 5915-80 56 -0 1-50 6 1 Rev A
2660 1 A g oura Road | Calab asas, CA 9130 2 USA | Tel + 1-818-8 71-180 0 | w w w.ix iaco m .com
W HITE PA PER
In the m aximum st rength securit y architecture (show n above),
dual bypass sw itches and dual NPBs enable full recovery f rom the
failure of any inline d evice in the securit y architecture. The bypass
sw itches dep loyed in act ive-standby m ode m onitor t he health of
all devices, includ ing t he NPBs, and reroute t raf c f rom one to
another, should an outage be d etected . In t he case of a f ailure on
one b ranch, securit y is completely m aintained , and users w ould
detect no service or app licat ion outage.
The NPBs configured for HA w ith complete synchronizat ion
in act ive-act ive m ode p rovide load balancing during normal
condit ions and are configured for full p rotect ion of all t raf c if
one goes dow n. Again, users detect no dow nt ime, and securit y
monitoring is completely unaf ected .
Corp orate LA N
Int ernet
Rout er
Byp ass Sw it ch
Byp ass Sw it ch
NPB NPB
Rout er
Sw it ch Sw it ch
IPSNGFW
IPSNGFW
WA F WA F
Figure 3: Security Fabric with Maximum Strength HA
THE LIKELIHOOD OF
A N ORGA NIZATION
SUFFERING A N OUTAGE
OVER THE NEXT 2
YEA RS IS 25%.
— PONEMON INSTITUTE
15
Test your network equipment like you test drive a car.
Leverage traffic generators to identify baseline performance before you find out product shortcomings in production
TEST
Attackers are quick. Be even faster with automated responses.
Use automation to strengthen your environment and reduce the damage of an attack.
AUTOMATE
Stop guessing. See everything, with a scalable network visibility fabric.
Increase your security resiliency and reduce downtime with dedicated bypass switches.
REMOVE
BLIND SPOTS</>