Network Security Today: Finding Complex Attacks at 100Gb/s
|
|
- Beverly Hicks
- 6 years ago
- Views:
Transcription
1 : Finding Complex Attacks at 100Gb/s Robin Sommer International Computer Science Institute, & Lawrence Berkeley National Laboratory
2 The Old Days Border Traffic Lawrence Berkeley National Lab (Today) 10GE upstream, 4,000 user, 12,000 hosts Total connections 2
3 The Old Days Border Traffic Lawrence Berkeley National Lab (Today) 10GE upstream, 4,000 user, 12,000 hosts Total connections Successful connections Attempted connections 2
4 The Old Days Border Traffic Lawrence Berkeley National Lab (Today) 10GE upstream, 4,000 user, 12,000 hosts Total connections Successful connections Attempted connections 2
5 Today s Threats 3
6 Today s Threats Trend 1: Commercialization of attacks Thriving underground economy ( Crime-as-a-Service ). Bear Race: Attack is good enough if it pays. Source: Gary Larson 3
7 Today s Threats Trend 1: Commercialization of attacks Thriving underground economy ( Crime-as-a-Service ). Bear Race: Attack is good enough if it pays. Trend 2: High-skill / high-resource attacks. Activist Hacking. Advanced Persistent Threats / Nation-states. Source: Wikimedia Commons Source: Computer Security Articles Source: EFF 3
8 Today s Threats Trend 1: Commercialization of attacks Thriving underground economy ( Crime-as-a-Service ). Bear Race: Attack is good enough if it pays. Trend 2: High-skill / high-resource attacks. Activist Hacking. Advanced Persistent Threats / Nation-states. Trend 3: Insider Attacks Exfiltration Sabotage 3
9 Defender Challenges Varying threat models. No ring rules them all. 4
10 Defender Challenges Varying threat models. No ring rules them all. Semantic complexity. The action is really at the application-layer. 4
11 Defender Challenges Varying threat models. No ring rules them all. Semantic complexity. The action is really at the application-layer. Volume and variability. Network traffic is an enormous haystack. 4
12 Deep Packet Inspection at High Speed 5
13 Analyzing Semantics 6
14 Analyzing Semantics Internet Tap Internal Network IDS Example: Finding downloads of known malware. 6
15 Analyzing Semantics Internet Tap Internal Network IDS Example: Finding downloads of known malware. 1. Find and parse all Web traffic. 2. Find and extract binaries. 3. Compute hash and compare with database. 4. Report, and potentially kill, if found. 6
16 Back in 2005 TBytes/month Munich Scientific Network (2005) 3 major Total universities, bytes 1 GE upstream Incoming bytes ~100,000 Users ~50,000 Hosts Total upstream bytes Incoming bytes Data: Leibniz-Rechenzentrum, München 7
17 Back in 2005 TBytes/month Munich Scientific Network (Today) Total bytes Incoming bytes 3 major universities, 2x10GE upstream ~100,000 Users ~65,000 Hosts Total upstream bytes Incoming bytes Oct Data: Leibniz-Rechenzentrum, München 8
18 Traditional Gap: Research vs. Operations Conceptually simple tasks can be hard in practice. Academic research often neglects operational constraints. Operations cannot leverage academic results. We focus on working with operations. Close collaborations with several large sites. Extremely fruitful for both sides. 9
19 Research Platform: Bro 10
20 Research Platform: Bro Originally developed by Vern Paxson in Open-source, BSD-license, maintained at ICSI and NCSA. In operational use since the beginning. Conceptually very different from other IDS. 10
21 Architecture Packets Network 11
22 Architecture Events Protocol Decoding Event Engine Packets Network 11
23 Architecture Logs Notification Analysis Logic Script Interpreter Events Protocol Decoding Event Engine Packets Network 11
24 Architecture Logs Notification User Interface Analysis Logic Script Interpreter Events Protocol Decoding Event Engine Packets Network 11
25 Script Example: Matching URLs Task: Report all Web requests for a file passwd 12
26 Script Example: Matching URLs Task: Report all Web requests for a file passwd event http_request(c: connection, # Connection. method: string, # HTTP method. original_uri: string, # Requested URL. unescaped_uri: string, # Decoded URL. version: string) # HTTP version. { if ( method == "GET" && unescaped_uri == /.*passwd/) NOTICE(...); # Alarm. } 12
27 Script Example: Scan Detector Task: Count failed connection attempts per source address. 13
28 Script Example: Scan Detector Task: Count failed connection attempts per source address. global attempts: table[addr] of count &default=0; event connection_rejected(c: connection) { local orig = c$id$orig_h; # Get originator address. local n = ++attempts[orig]; # Increase counter. if ( n == SOME_THRESHOLD ) # Check for threshold. NOTICE(...); # Alarm. } 13
29 Who s Using It? Diverse Deployment Base Universities Research Labs Supercomputer Centers Government Organizations Fortune 20 Enterprises Examples Lawrence Berkeley National Lab National Center for Supercomputing Applications National Center for Atmospheric Research Indiana University... and many more sites Fully integrated into Security Onion Popular security-oriented Linux distribution Recent User Meetings Bro Workshops 2011/13 at NCSA Bro Exchange 2012 at NCAR Attended by about operators from from organizations 14
30 Bro History Vern writes 1st line of code
31 Bro History Vern writes 1st line of code LBNL starts using Bro operationally v0.2 1st CHANGES entry v0.4 HTTP analysis Scan detector IP fragments Linux support v0.6 RegExps Login analysis v0.7a90 Profiling State Mgmt v0.7a175/0.8ax Signatures SMTP IPv6 support User manual v0.8ax/0.9ax SSL/SMB STABLE releases BroLite v1.1/v1.2 when Stmt Resource tuning Broccoli DPD v1.0 BinPAC IRC/RPC analyzers 64-bit support Sane version numbers v1.5 BroControl v1.4 DHCP/BitTorrent HTTP entities NetFlow Bro Lite Deprecated Bro SDCI v2.0 New Scripts v2.2 File Analysis Summary Stat. v2.1 IPv6 Input Framew. Bro Center v0.7a48 Consistent CHANGES 0.8a37 Communication Persistence Namespaces Log Rotation v1.3 Ctor expressions GeoIP Conn Compressor
32 Bro History Host Context Time Machine Enterprise Traffic TRW State Mgmt. Independ. State Bro Cluster Shunt Academic Publications USENIX Paper Stepping Stone Detector Anonymizer Active Mapping Context Signat. BinPAC DPD 2nd Path Parallel Prototype Autotuning Input Framework Vern writes 1st line of code LBNL starts using Bro operationally v0.2 1st CHANGES entry v0.4 HTTP analysis Scan detector IP fragments Linux support v0.6 RegExps Login analysis v0.7a90 Profiling State Mgmt v0.7a175/0.8ax Signatures SMTP IPv6 support User manual v0.8ax/0.9ax SSL/SMB STABLE releases BroLite v1.1/v1.2 when Stmt Resource tuning Broccoli DPD v1.0 BinPAC IRC/RPC analyzers 64-bit support Sane version numbers v1.5 BroControl v1.4 DHCP/BitTorrent HTTP entities NetFlow Bro Lite Deprecated Bro SDCI v2.0 New Scripts v2.2 File Analysis Summary Stat. v2.1 IPv6 Input Framew. Bro Center v0.7a48 Consistent CHANGES 0.8a37 Communication Persistence Namespaces Log Rotation v1.3 Ctor expressions GeoIP Conn Compressor
33 Bro History Host Context Time Machine Enterprise Traffic TRW State Mgmt. Independ. State Bro Cluster Shunt Academic Publications Stepping Stone Example: USENIX Processing Paper Detector performance 1995 Anonymizer Active Mapping Context Signat. BinPAC DPD 2nd Path LBNL operations had trouble keeping up Research question: How can Bro scale up? Parallel Prototype Autotuning Input Framework Vern writes 1st line of code LBNL starts using Bro operationally v0.2 1st CHANGES entry v0.4 HTTP analysis Scan detector IP fragments Linux support v0.6 RegExps Login analysis v0.7a90 Profiling State Mgmt v0.7a175/0.8ax Signatures SMTP IPv6 support User manual v0.8ax/0.9ax SSL/SMB STABLE releases BroLite v1.1/v1.2 when Stmt Resource tuning Broccoli DPD v1.0 BinPAC IRC/RPC analyzers 64-bit support Sane version numbers v1.5 BroControl v1.4 DHCP/BitTorrent HTTP entities NetFlow Bro Lite Deprecated Bro SDCI v2.0 New Scripts v2.2 File Analysis Summary Stat. v2.1 IPv6 Input Framew. Bro Center v0.7a48 Consistent CHANGES 0.8a37 Communication Persistence Namespaces Log Rotation v1.3 Ctor expressions GeoIP Conn Compressor
34 Load-balancing Architecture 16
35 Load-balancing Architecture NIDS 10G Packet Analysis Detection Logic 16
36 External Packet Load-Balancer Load-balancing Architecture Flows NIDS 1 1G Packet Analysis Detection Logic NIDS 2 10G 1G Packet Analysis Detection Logic NIDS 3 1G Packet Analysis Detection Logic 16
37 External Packet Load-Balancer Load-balancing Architecture Flows NIDS 1 1G Packet Analysis Detection Logic Communication NIDS 2 10G 1G Packet Analysis Detection Logic Communication NIDS 3 1G Packet Analysis Detection Logic 16
38 External Packet Load-Balancer Load-balancing Architecture Flows NIDS 1 Bro Cluster 1G Packet Analysis Detection Logic Communication NIDS 2 10G 1G Packet Analysis Detection Logic Communication NIDS 3 1G Packet Analysis Detection Logic 16
39 A Production Load-Balancer 17
40 A Production Load-Balancer cflow: 10GE line-rate, stand-alone load-balancer 10 Gb/s in/out Web & CLI Filtering capabilities 17
41 A Production Load-Balancer cflow: 10GE line-rate, stand-alone load-balancer 10 Gb/s in/out Web & CLI Filtering capabilities 17
42 Next Stop: 100 Gb/s 2011 Now these sites need a monitoring solution... Working with cpacket on a 100GE loadbalancer DOE/ESNet 100G Advanced Networking Initiative Source: ESNet Source: ESNet 18
43 Next Stop: 100 Gb/s 2014 Source: ESNet 19
44 On Deck: 400G Connectivity Berkeley National Laboratory File System Links 2 x 100G Inter-site Traffic 100G Computational Research and Theory Building. WAN 100G WAN 100G Oakland Scientific Facility. Sources: ESNet/LBNL/NERSC 20
45 Science DMZ Internet 10G 10G 10G Campus LAN 21
46 Science DMZ Internet 100G 100G 100G Campus LAN 21
47 Science DMZ Internet 100G 10G 10G Campus LAN 21
48 Science DMZ Internet 100G 10G 10G 100G Campus LAN Science DMZ Switch 100G Transfer/Storage Nodes 21
49 Science DMZ Internet 100G 10G 10G Clean, highbandwith path 100G Low-bandwidth campus access Campus LAN Science DMZ Switch 100G Transfer/Storage Nodes 21
50 Science DMZ Internet 100G 10G 10G 10G 100G Campus LAN Science DMZ Switch 100G Transfer/Storage Nodes 22
51 Science DMZ Internet 100G 10G 10G 10G 100G Campus LAN Science DMZ Switch 100G 100G Transfer/Storage Nodes 22
52 100G Bro Cluster Science DMZ Switch 100G 23
53 100G Bro Cluster Science DMZ Switch 100G 100G Load-balancer 23
54 100G Bro Cluster Science DMZ Switch 100G 100G Load-balancer 10G 23
55 100G Bro Cluster Science DMZ Switch 100G 100G Load-balancer 10G Bro Cluster 23
56 100G Bro Cluster Science DMZ Switch 100G 100G Load-balancer API 10G Control Bro Cluster 23
57 100G Bro Cluster Science DMZ Switch API 100G 100G Load-balancer API 10G Control Control Bro Cluster 23
58 100G Bro Cluster Science DMZ Switch API 100G 100G Load-balancer API 10G Control Control Bro Cluster 23
59 Parallelizing DPI on Multi-core Systems 24
60 Going Multi-Core Bro is single-threaded Cluster backends have muitple cores, mostly idle. Work-around: Cluster in a box We really want multi-threading, though. Needs to scale well with increasing numbers of cores. Needs to be transparent to the operator. For some IDS, that s not so hard. For others, it is... 25
61 Concurrent Analysis Logs Notification Analysis Logic Script Interpreter Events Protocol Decoding Event Engine Packets Network 26
62 Concurrent Analysis Logs Notification Single Thread Analysis Logic Script Interpreter Events Protocol Decoding Event Engine Packets Network 26
63 Concurrent Analysis Notification Detection Logic Scripting Language Script Threads Events Packet Analysis Event Engine Event Engine Threads Packets Dispatcher Kernel or NIC Network 27
64 Concurrent Analysis Notification Detection Logic Scripting Language Script Threads Events Packet Analysis Event Engine Event Engine Threads Cluster in a Box Packets Dispatcher Kernel or NIC Network 27
65 Concurrent Analysis How to parallelize a scripting language? Notification Detection Logic Scripting Language Script Threads Events Packet Analysis Cluster in a Box Event Engine Packets Dispatcher Kernel or NIC Event Engine Threads Network 27
66 How to Parallelize Event Handlers? Simple: State-less Analysis 28
67 How to Parallelize Event Handlers? Simple: State-less Analysis event http_request(c: connection, # Connection. method: string, # HTTP method. original_uri: string, # Requested URL. unescaped_uri: string, # Decoded URL. version: string) # HTTP version. { if ( method == "GET" && unescaped_uri == /.*passwd/) NOTICE(...); # Alarm. } 28
68 How to Parallelize Event Handlers? (2) Challenging: Analysis that keeps global state. 29
69 How to Parallelize Event Handlers? (2) Challenging: Analysis that keeps global state. global attempts: table[addr] of count &default=0; event connection_rejected(c: connection) { local orig = c$id$orig_h; # Get originator address. local n = ++attempts[orig]; # Increase counter. if ( n == SOME_THRESHOLD ) # Check for threshold. NOTICE(...); # Alarm. } 29
70 Parallelizing Event Execution attempts[addr] of count addr count connection_rejected(c): s = c.originator ++attempts[s] 30
71 Parallelizing Event Execution attempts[addr] of count addr count connection_rejected(c): # s = c.originator ++attempts[s] 30
72 Parallelizing Event Execution attempts[addr] of count addr count Thread 1 connection_rejected(c): # s = c.originator ++attempts[s] Thread 2 connection_rejected(c): # s = c.originator ++attempts[s] Thread 3 connection_rejected(c): # s = c.originator ++attempts[s] 30
73 Parallelizing Event Execution attempts[addr] of count addr count Thread 1 connection_rejected(c): # s = c.originator LOCK(attempts) ++attempts[s] UNLOCK(attempts) Thread 2 connection_rejected(c): # s = c.originator LOCK(attempts) ++attempts[s] UNLOCK(attempts) Thread 3 connection_rejected(c): # s = c.originator LOCK(attempts) ++attempts[s] UNLOCK(attempts) 30
74 Parallelizing Event Execution attempts[addr] of count addr count Thread 1 connection_rejected(c): # s = c.originator ++attempts[s] Thread 2 connection_rejected(c): # s = c.originator ++attempts[s] Thread 3 connection_rejected(c): # s = c.originator ++attempts[s] 30
75 Parallelizing Event Execution attempts_1 attempts_2 attempts_3 attempts[addr] of count addr count Thread 1 connection_rejected(c): # s = c.originator ++attempts[s] Thread 2 connection_rejected(c): # s = c.originator ++attempts[s] Thread 3 connection_rejected(c): # s = c.originator ++attempts[s] 30
76 Parallelizing Event Execution attempts_1 attempts_2 attempts_3 attempts[addr] of count addr count Thread 1 connection_rejected(c): # s = c.originator ++attempts[s] ++attempts_1[s] Thread 2 connection_rejected(c): # s = c.originator ++attempts[s] ++attempts_2[s] Thread 3 connection_rejected(c): # s = c.originator ++attempts[s] ++attempts_3[s] 30
77 Parallelizing Event Execution attempts_1 attempts_2 attempts_3 attempts[addr] of count addr count hash: addr -> {1, 2,3} hash(addr) Thread 1 connection_rejected(c): # s = c.originator ++attempts[s] ++attempts_1[s] Thread 2 connection_rejected(c): # s = c.originator ++attempts[s] ++attempts_2[s] Thread 3 connection_rejected(c): # s = c.originator ++attempts[s] ++attempts_3[s] 30
78 Parallelizing Event Execution attempts_1 attempts_2 attempts_3 attempts[addr] of count addr count hash: addr -> {1, 2,3} hash(addr) Thread 1 connection_rejected(c): # s = c.originator ++attempts[s] ++attempts_1[s] ++attempts_(hash(s))[s] Thread 2 connection_rejected(c): # s = c.originator ++attempts[s] ++attempts_2[s] ++attempts_(hash(s))[s] Thread 3 connection_rejected(c): # s = c.originator ++attempts[s] ++attempts_3[s] ++attempts_(hash(s))[s] 30
79 Parallelizing Event Execution attempts_1 attempts_2 attempts_3 attempts[addr] of count addr count hash: addr -> {1, 2,3} hash(addr) Thread 1 connection_rejected(c): Thread hash(s) # s = c.originator ++attempts[s] ++attempts_1[s] ++attempts_(hash(s))[s] Thread 2 connection_rejected(c): # s = c.originator ++attempts[s] ++attempts_2[s] ++attempts_(hash(s))[s] Thread hash(s) Thread hash(s) Thread 3 connection_rejected(c): # s = c.originator ++attempts[s] ++attempts_3[s] ++attempts_(hash(s))[s] 30
80 Parallelizing Event Execution Thread 1 s attempts Thread 2 s attempts Thread 3 s attempts attempts[addr] of count addr count hash: addr -> {1, 2,3} hash(addr) Thread 1 connection_rejected(c): Thread hash(s) # s = c.originator ++attempts[s] ++attempts_1[s] ++attempts_(hash(s))[s] Thread 2 connection_rejected(c): # s = c.originator ++attempts[s] ++attempts_2[s] ++attempts_(hash(s))[s] Thread hash(s) Thread hash(s) Thread 3 connection_rejected(c): # s = c.originator ++attempts[s] ++attempts_3[s] ++attempts_(hash(s))[s] 30
81 Parallelizing Event Execution Thread 1 s attempts Thread 2 s attempts Thread 3 s attempts attempts[addr] of count addr count hash: addr -> {1, 2,3} hash(addr) Thread 1 connection_rejected(c): Thread hash(s) # s = c.originator ++attempts_1[s] ++attempts_(hash(s))[s] ++attempts[s] Thread 2 connection_rejected(c): # s = c.originator ++attempts_2[s] ++attempts_(hash(s))[s] ++attempts[s] Thread hash(s) Thread hash(s) Thread 3 connection_rejected(c): # s = c.originator ++attempts_3[s] ++attempts_(hash(s))[s] ++attempts[s] 30
82 Parallel Event Scheduling 31
83 Parallel Event Scheduling Thread 1 Thread 2 Thread 3 Thread 4 Thread n 31
84 Parallel Event Scheduling Thread 1 Thread 2 Thread 3 Thread 4 Thread n Orig A conn_rejected 31
85 Parallel Event Scheduling Thread 1 Thread 2 Thread 3 Thread 4 Thread n Orig A conn_rejected Orig A conn_rejected 31
86 Parallel Event Scheduling Thread 1 Thread 2 Thread 3 Thread 4 Thread n Orig A conn_rejected Orig A conn_rejected Orig B conn_rejected 31
87 Parallel Event Scheduling Thread 1 Thread 2 Thread 3 Thread 4 Thread n Orig A Orig A Orig B Conn X conn_rejected conn_rejected conn_rejected http_request 31
88 Parallel Event Scheduling Thread 1 Thread 2 Thread 3 Thread 4 Thread n Orig A Orig A Orig B Conn X Conn Y conn_rejected conn_rejected conn_rejected http_request http_request 31
89 Parallel Event Scheduling Thread 1 Thread 2 Thread 3 Thread 4 Thread n Orig A Orig A Orig B Conn X Conn Y Conn conn_rejected conn_rejected conn_rejected http_request http_request http_reply 31
90 Parallel Event Scheduling Thread 1 Thread 2 Thread 3 Thread 4 Thread n Orig A Orig A Orig B Conn X Conn Y Conn Conn Y conn_rejected conn_rejected conn_rejected http_request http_request http_reply http_reply 31
91 Parallel Event Scheduling Thread 1 Thread 2 Thread 3 Thread 4 Thread n Orig A Orig A Orig B Conn X Conn Y Conn Conn Y Orig A conn_rejected conn_rejected conn_rejected http_request http_request http_reply http_reply conn_rejected 31
92 Parallel Event Scheduling Thread 1 Thread 2 Thread 3 Thread 4 Thread n Orig A Orig A Orig B Conn X Conn Y Conn Conn Y Orig A conn_rejected conn_rejected conn_rejected http_request http_request http_reply http_reply conn_rejected Challenge: Implementing this 31
93 New Platform: Abstract Machine A High-Level Intermediary Language for Traffic Inspection 32
94 New Platform: Abstract Machine A High-Level Intermediary Language for Traffic Inspection Domain-specific Data Types State Management Concurrent Analysis Real-time Performance Robust/Secure Execution High-level Standard Components First-class networking types built-in Containers with state management support Domain-specific concurrency model Scalability through parallelization Well-defined, contained execution environment Platform for building high-level, reusable functionality on Timers can drive execution Support for incremental processing Compilation to native code Static type-system, and robust error handling Extensive optimization potential 32
95 New Platform: Abstract Machine A High-Level Intermediary Language for Traffic Inspection Domain-specific Data Types State Management Concurrent Analysis Real-time Performance Robust/Secure Execution High-level Standard Components First-class networking types built-in Containers with state management support Domain-specific concurrency model Scalability through parallelization Well-defined, contained execution environment Platform for building high-level, reusable functionality on Timers can drive execution Support for incremental processing Compilation to native code Static type-system, and robust error handling Extensive optimization potential 32
96 Summary 33
97 Conclusions Threats have changed. Detection requires deep, flexible, semantic analysis. Working to push the limits. Leverage capabilities of modern network hardware. Exploit parallelism inherent in network traffic analysis. Bro is an ideal platform for such work. Operationally deployed across the country. Bridges traditional gap between academia and operations. 34
98 Thanks for you attention Robin Sommer International Computer Science Institute, & Lawrence Berkeley National Laboratory 35
Exploiting Multi-Core Processors For Parallelizing Network Intrusion Prevention
Exploiting Multi-Core Processors For Parallelizing Network Intrusion Prevention Robin Sommer International Computer Science Institute, & Lawrence Berkeley National Laboratory robin@icsi.berkeley.edu http://www.icir.org
More informationSSL Research with Bro
SSL Research with Bro Johanna Amann International Computer Science Institute johanna@icir.org http://www.icir.org/johanna Bro History TRW State Mgmt. Independ. State Host Context Time Machine Enterprise
More informationThe Bro Cluster The Bro Cluster
The Bro Cluster The Bro Cluster Intrusion Detection at 10 Gig and A High-Performance beyond using the NIDS Bro Architecture IDS for the Lawrence Berkeley National Lab Robin International Computer Science
More informationThe Bro Network Security Monitor. Broadmap. Bro Workshop NCSA, Urbana-Champaign, IL. Bro Workshop 2011
The Bro Network Security Monitor Broadmap NCSA, Urbana-Champaign, IL Outline Near- to Medium-term Roadmap Current Research Projects Workshop Wrap-Up 2 Version 2.0 Final 3 Version 2.0 Final Timeline: Early
More informationHILTI: An Abstract Execution Environment for Deep, Stateful Network Traffic Analysis
HILTI: An Abstract Execution Environment for Deep, Stateful Network Traffic Analysis Robin Sommer International Computer Science Institute, & Lawrence Berkeley National Laboratory robin@icsi.berkeley.edu
More informationThe Bro Network Intrusion Detection System
The Bro Network Intrusion Detection System Robin Sommer Lawrence Berkeley National Laboratory rsommer@lbl.gov http://www.icir.org Outline Design of the Bro NIDS Philosophy Architecture LBNL s Bro Installation
More informationThe NIDS Cluster: Scalable, Stateful Network Intrusion Detection on Commodity Hardware
The NIDS Cluster: Scalable, Stateful Network Intrusion Detection on Commodity Hardware Matthias Vallentin 1, Robin Sommer 2,3, Jason Lee 2, Craig Leres 2 Vern Paxson 3,2, and Brian Tierney 2 1 TU München
More informationIntroduction to Bro-IDS. Seth Hall The Ohio State University
Introduction to Bro-IDS Seth Hall The Ohio State University Concepts Fundamentally, Bro provides a real-time network analysis framework. Not necessarily aiming to create an IDS turns
More informationEnhancing Byte-Level Network Intrusion Detection Signatures with Context
Enhancing Byte-Level Network Intrusion Detection Signatures with Context Robin Sommer sommer@in.tum.de Technische Universität München Germany Vern Paxson vern@icir.org International Computer Science Institute
More informationOperational Experiences With High-Volume Network Intrusion Detection
Operational Experiences With High-Volume Network Intrusion Detection Holger Dreger 1 Anja Feldmann 1 Vern Paxson 2 Robin Sommer 1 1 TU München Germany 2 ICSI / LBNL Berkeley, CA, USA ACM Computer and Communications
More informationicast / TRUST Collaboration Year 2 - Kickoff Meeting
icast / TRUST Collaboration Year 2 - Kickoff Meeting Robin Sommer International Computer Science Institute robin@icsi.berkeley.edu http://www.icir.org Projects Overview Project 1 NIDS Evasion Testing in
More informationA Graphical User Interface Framework for Detecting Intrusions using Bro IDS
A Graphical User Interface Framework for Detecting Intrusions using Bro IDS Shaffali Gupta M.Tech Scholar Thapar University, Patiala Rachit Goel M.tech Scholar Doon Valley, Karnal ABSTRACT Internet has
More informationBro: Actively defending so that you can do other stuff
Bro: Actively defending so that you can do other stuff Aashish Sharma & LBNL Cyber Security Team Lawrence Berkeley National Lab UNIVERSITY OF CALIFORNIA The goal of this talk is to provide you with detailed
More informationPolicy Scripts to Detect Network Intrusions
Policy Scripts to Detect Network Intrusions Sanmeet Kaur, Maninder Singh Abstract Security is a big issue for all networks in today s enterprise environment. Hackers and intruders have made many successful
More informationDistributed Cooperative Security Monitoring
Distributed Cooperative Security Monitoring Robin Sommer Lawrence Berkeley National Laboratory rsommer@lbl.gov http://www.icir.org/robin Cooperative Security Monitoring Internet sites monitor their network
More informationSeeking Visibility Into Network Activity for Security Analysis
Seeking Visibility Into Network Activity for Security Analysis Robin Sommer Lawrence Berkeley National Laboratory & International Computer Science Institute robin@icsi.berkeley.org http://www.icir.org
More informationMalicious Activity and Risky Behavior in Residential Networks
Malicious Activity and Risky Behavior in Residential Networks Gregor Maier 1, Anja Feldmann 1, Vern Paxson 2,3, Robin Sommer 2,4, Matthias Vallentin 3 1 TU Berlin / Deutsche Telekom Laboratories 2 International
More informationVery Fast Containment of Scanning Worms. Nicholas Weaver, Stuart Staniford, Vern Paxson ICSI, Nevis Networks, ICSI & LBNL
Very Fast Containment of Scanning Worms Nicholas Weaver, Stuart Staniford, Vern Paxson ICSI, Nevis Networks, ICSI & LBNL 1 Outline Worm Containment Scan Suppression Hardware Implementation Cooperation
More informationA First Look at Modern Enterprise Traffic
A First Look at Modern Enterprise Traffic Ruoming Pang, Princeton University Mark Allman (ICSI), Mike Bennett (LBNL), Jason Lee (LBNL), Vern Paxson (ICSI/LBNL), and Brian Tierney (LBNL) The Question What
More informationIntrusion Detection Systems. Evan Misshula
Intrusion Detection Systems Evan Misshula emisshula@qc.cuny.edu How old is hacking? In 1972, the US Air Force was worried about computer security problems. https://www.sans.org/reading-room/whitepapers/detection/historyevolution-intrusion-detection-344
More informationDetecting Credential Spearphishing Attacks in Enterprise Settings
Detecting Credential Spearphishing Attacks in Enterprise Settings Grant Ho UC Berkeley Aashish Sharma, Mobin Javed, Vern Paxson, David Wagner 1 Spear Phishing Targeted email that tricks victim into giving
More informationBroker. Matthias Vallentin UC Berkeley International Computer Science Institute (ICSI) BroCon '16
Broker Matthias Vallentin UC Berkeley International Computer Science Institute (ICSI) BroCon '16 Communication in Bro Exploiting Independent State For Network Intrusion Detection Tap Broccoli, Independent
More informationBehavior-Based IDS: StealthWatch Overview and Deployment Methodology
Behavior-Based IDS: Overview and Deployment Methodology Lancope 3155 Royal Drive, Building 100 Alpharetta, Georgia 30022 Phone: 770.225.6500 Fax: 770.225.6501 www.lancope.com techinfo@lancope.com Overview
More informationImproving Network Infrastructure to Enable Large Scale Scientific Data Flows and Collaboration (Award # ) Klara Jelinkova Joseph Ghobrial
Improving Network Infrastructure to Enable Large Scale Scientific Data Flows and Collaboration (Award # 1659348) Klara Jelinkova Joseph Ghobrial NSF Campus Cyberinfrastructure PI and Cybersecurity Innovation
More informationDetecting Network Intruders in Real Time
Detecting Network Intruders in Real Time Vern Paxson ICSI Center for Internet Research (ICIR) International Computer Science Institute and Lawrence Berkeley National Laboratory University of California
More informationEngagement With Scientific Facilities
Engagement With Scientific Facilities Eli Dart, Network Engineer ESnet Science Engagement Lawrence Berkeley National Laboratory Global Science Engagement Panel Internet2 Technology Exchange San Francisco,
More informationTelex Anticensorship in the
Telex Anticensorship in the Network Infrastructure Eric Wustrow Ian Goldberg * Scott Wolchok J. Alex Halderman University of Michigan University of Michigan * University of Waterloo Background Internet
More informationHILTI: An Abstract Execution Environment for High Performance Network Traffic Analysis
HILTI: An Abstract Execution Environment for High Performance Network Traffic Analysis Robin Sommer, Nick Weaver, and Vern Paxson TR 10 003 February 2010 Abstract When building applications that process
More informationFollowing the Packets: A Walk Through Bro s Internal Processing Pipeline
Following the Packets: A Walk Through Bro s Internal Processing Pipeline Robin Sommer robin@icir.org Corelight, Inc. International Computer Science Institute Lawrence Berkeley National Laboratory Outline
More informationBUILDING A NEXT-GENERATION FIREWALL
How to Add Network Intelligence, Security, and Speed While Getting to Market Faster INNOVATORS START HERE. EXECUTIVE SUMMARY Your clients are on the front line of cyberspace and they need your help. Faced
More informationKlaudia Bakšová System Engineer Cisco Systems. Cisco Clean Access
Klaudia Bakšová System Engineer Cisco Systems Cisco Clean Access Agenda 1. Securing Complexity 2. NAC Appliance Product Overview and In-Depth 3. NAC Appliance Technical Benefits The Challenge of Securing
More informationTelex Anticensorship in the Network Infrastructure
Telex Anticensorship in the Network Infrastructure Eric Wustrow Scott Wolchok Ian Goldberg * J. Alex Halderman University of Michigan *University of Waterloo In Proceedings of the 20 th USENIX Security
More informationConfiguring BIG-IP ASM v12.1 Application Security Manager
Course Description Configuring BIG-IP ASM v12.1 Application Security Manager Description The BIG-IP Application Security Manager course gives participants a functional understanding of how to deploy, tune,
More informationImprove Web Application Performance with Zend Platform
Improve Web Application Performance with Zend Platform Shahar Evron Zend Sr. PHP Specialist Copyright 2007, Zend Technologies Inc. Agenda Benchmark Setup Comprehensive Performance Multilayered Caching
More informationPresentation by Brett Meyer
Presentation by Brett Meyer Traditional AV Software Problem 1: Signature generation Signature based detection model Sheer volume of new threats limits number of signatures created by one vendor Not good
More informationRethinking Security: The Need For A Security Delivery Platform
Rethinking Security: The Need For A Security Delivery Platform Cybercrime In Asia: A Changing Environment & Shifting Focus Asia, more vulnerable to cybercrime because of diversity and breadth of countries
More informationSam Pickles, F5 Networks A DAY IN THE LIFE OF A WAF
Sam Pickles, F5 Networks A DAY IN THE LIFE OF A WAF Who am I? Sam Pickles Senior Engineer for F5 Networks WAF Specialist and general security type Why am I here? We get to see the pointy end of a lot of
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 19: Intrusion Detection Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Intruders Intrusion detection host-based network-based
More informationPeerApp Case Study. November University of California, Santa Barbara, Boosts Internet Video Quality and Reduces Bandwidth Costs
PeerApp Case Study University of California, Santa Barbara, Boosts Internet Video Quality and Reduces Bandwidth Costs November 2010 Copyright 2010-2011 PeerApp Ltd. All rights reserved 1 Executive Summary
More informationUsing (Suricata over) PF_RING for NIC-Independent Acceleration
Using (Suricata over) PF_RING for NIC-Independent Acceleration Luca Deri Alfredo Cardigliano Outlook About ntop. Introduction to PF_RING. Integrating PF_RING with
More informationDesign and Deployment of SourceFire NGIPS and NGFWL
Design and Deployment of SourceFire NGIPS and NGFWL BRKSEC - 2024 Marcel Skjald Consulting Systems Engineer Enterprise / Security Architect Abstract Overview of Session This technical session covers the
More informationEnabling Science Through Cyber Security At 100G
Enabling Science Through Cyber Security At 100G Submitted by: Rosio Alvarez, Ph.D. Chief Information Officer, Berkeley Lab RAlvarez@lbl.gov Project team: IT Division, Cyber Security Team Aashish Sharma
More informationNSF Transition to Practice Challenges. Anita Nikolich National Science Foundation Program Director, Advanced Cyberinfrastructure November, 2015
NSF Transition to Practice Challenges Anita Nikolich National Science Foundation Program Director, Advanced Cyberinfrastructure November, 2015 Networking and IT Research and Development (NITRD) FY16 Supplement
More informationFinding the Needle in the Haystack
Finding the Needle in the Haystack Jonzy Data Security Analysis, Sr. Finding the Needle in the Haystack With all the information available via NetFlows, finding the "Needle in the Haystack" (the bad actor
More informationAdvOSS AAA: Architecture, Call flows and implementing emerging business use cases
AdvOSS AAA: Architecture, Call flows and implementing emerging business use cases An AdvOSS White Paper Latest version of this white paper can always be found at http://advoss.com/resources/whitepapers/advoss-aaa-workflows.pdf
More informationSOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM
RSA NETWITNESS EVOLVED SIEM OVERVIEW A SIEM is technology originally intended for compliance and log management. Later, as SIEMs became the aggregation points for security alerts, they began to be more
More informationSuricata Performance with a S like Security
Suricata Performance with a S like Security É. Leblond Stamus Networks July. 03, 2018 É. Leblond (Stamus Networks) Suricata Performance with a S like Security July. 03, 2018 1 / 31 1 Introduction Features
More informationAchieving the Science DMZ
Achieving the Science DMZ Eli Dart, Network Engineer ESnet Network Engineering Group Joint Techs, Winter 2012 Baton Rouge, LA January 22, 2012 Outline of the Day Motivation Services Overview Science DMZ
More informationIntroduction Challenges with using ML Guidelines for using ML Conclusions
Introduction Challenges with using ML Guidelines for using ML Conclusions Misuse detection Exact descriptions of known bad behavior Anomaly detection Deviations from profiles of normal behavior First proposed
More informationBeyond a sensor. Towards the Globalization of SURFids. FIRST 20 th Annual Conference Vancouver, Canada
Beyond a sensor Towards the Globalization of SURFids Wim.Biemolt@surfnet.nl FIRST 20 th Annual Conference Vancouver, Canada 1 SURFnet6 2 SURFcert 3 18 th Annual FIRST Conference Goals - Understanding:
More informationThe Future of Threat Prevention
The Future of Threat Prevention Bricata is the leading developer of Next Generation Intrusion Prevention Systems (NGIPS) technology, providing innovative, disruptive, high-speed, high-performance network
More informationCompetitive Analysis. Version 1.0. February 2017
Competitive Analysis Version 1.0 February 2017 WWW.SOLIDASYSTEMS.COM Introduction This document discusses competitive advantages between Systems security appliances and other security solutions in the
More informationBehavioral Detection of Stealthy Intruders
Behavioral Detection of Stealthy Intruders Vern Paxson University of California, Santa Barbara University of California, Berkeley Georgia Institute of Technology ARO/MURI Annual Review September 9, 2011
More informationCisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer
Cisco Next Generation Firewall and IPS Dragan Novakovic Security Consulting Systems Engineer Cisco ASA with Firepower services Cisco TALOS - Collective Security Intelligence Enabled Clustering & High Availability
More informationPopular SIEM vs aisiem
Popular SIEM vs aisiem You cannot flip a page in any Cybersecurity magazine, or scroll through security blogging sites without a mention of Next Gen SIEM. You can understand why traditional SIEM vendors
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.
More informationData Sheet. DPtech Anti-DDoS Series. Overview. Series
Data Sheet DPtech Anti-DDoS Series DPtech Anti-DDoS Series Overview DoS (Denial of Service) leverage various service requests to exhaust victims system resources, causing the victim to deny service to
More informationPulse Secure Application Delivery
DATA SHEET Pulse Secure Application Delivery HIGHLIGHTS Provides an Application Delivery and Load Balancing solution purposebuilt for high-performance Network Functions Virtualization (NFV) Uniquely customizable,
More informationSpicy: A Unified Deep Packet Inspection Framework Dissecting All Your Data
Spicy: A Unified Deep Packet Inspection Framework Dissecting All Your Data Robin Sommer International Computer Science Institute, & Corelight, Inc. robin@icsi.berkeley.edu robin@corelight.io http://www.icir.org/robin
More informationImplementing Cisco Network Security (IINS) 3.0
Implementing Cisco Network Security (IINS) 3.0 COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationSentryWire Next generation packet capture and network security.
Next generation packet capture and network security. 1 The data landscape 5 big cyber security trends for 2018 More data, more danger. Data proliferation brings many new opportunities but also many downsides:
More informationSentryWire Next generation packet capture and network security.
Next generation packet capture and network security. 1 The data landscape More data, more danger. Data proliferation brings many new opportunities but also many downsides: more data breaches, more sophisticated
More informationHigh-Speed Network Processors. EZchip Presentation - 1
High-Speed Network Processors EZchip Presentation - 1 NP-1c Interfaces Switch Fabric 10GE / N x1ge or Switch Fabric or Lookup Tables Counters SDRAM/FCRAM 64 x166/175mhz SRAM DDR NBT CSIX c XGMII HiGig
More informationIntroduction. The Safe-T Solution
Secure Application Access Product Brief Contents Introduction 2 The Safe-T Solution 3 How It Works 3 Capabilities 4 Benefits 5 Feature List 6 6 Introduction As the world becomes much more digital and global,
More informationBro vs Suricata Two Approaches to Network Security Monitoring
Bro vs Suricata Two Approaches to Network Security Monitoring Christian Kreibich christian@corelight.com @ckreibich Your speaker Part 1 Background on Bro ( ) Already covered yesterday Part 2 Background
More informationHackveda Training - Ethical Hacking, Networking & Security
Hackveda Training - Ethical Hacking, Networking & Security Day1: Hacking windows 7 / 8 system and security Part1 a.) Windows Login Password Bypass manually without CD / DVD b.) Windows Login Password Bypass
More informationCYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) Securing Virtual Environments
CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) 2010 October 25 29, 2010 Kuala Lumpur Convention Centre Securing Virtual Environments Raimund Genes CTO Trend Micro The Changing Datacenter
More informationWLCG SOC Working Group
WLCG SOC Working Group David Crooks david.crooks@cern.ch Liviu Vâlsan liviu.valsan@cern.ch Introduction Following on from ISGC 2017 WLCG Security Operations Centres Working Group Security Operations Centres
More informationWired internetworking devices. Unit objectives Differentiate between basic internetworking devices Identify specialized internetworking devices
Wired internetworking devices Unit objectives Differentiate between basic internetworking devices Identify specialized internetworking devices Topic A Topic A: Basic internetworking devices Topic B: Specialized
More informationNetwork Security Protection Alternatives for the Cloud
A Trend Micro White Paper May 2016 Network Security Protection Alternatives for the Cloud» A technical brief summarizing the deployment options that can be used to deploy IDS/IPS protection for cloud instances
More informationComputer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers
Computer Information Systems (CIS) CIS 101 Introduction to Computers This course provides an overview of the computing field and its typical applications. Key terminology and components of computer hardware,
More informationConfiguring Access Rules
Configuring Access Rules Rules > Access Rules About Access Rules Displaying Access Rules Specifying Maximum Zone-to-Zone Access Rules Changing Priority of a Rule Adding Access Rules Editing an Access Rule
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationTRex Realistic Traffic Generator
DEVNET-1120 TRex Realistic Traffic Generator Hanoch Haim, Principal Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco
More informationSupra-linear Packet Processing Performance with Intel Multi-core Processors
White Paper Dual-Core Intel Xeon Processor LV 2.0 GHz Communications and Networking Applications Supra-linear Packet Processing Performance with Intel Multi-core Processors 1 Executive Summary Advances
More informationDeployment Guide AX Series with Oracle E-Business Suite 12
Deployment Guide AX Series with Oracle E-Business Suite 12 DG_OEBS_032013.1 TABLE OF CONTENTS 1 Introduction... 4 2 Deployment Prerequisites... 4 3 Oracle E-Business Topology... 5 4 Accessing the AX Series
More informationAn Alert has Fired. Now What?
An Alert has Fired. Now What? Open-source Bro solves security problems traditional tools can t. May 2017 Anyone who works in a security operations center understands the drill: An alert fires from a source
More informationCisco IOS Inline Intrusion Prevention System (IPS)
Cisco IOS Inline Intrusion Prevention System (IPS) This data sheet provides an overview of the Cisco IOS Intrusion Prevention System (IPS) solution. Product Overview In today s business environment, network
More informationCNIT 121: Computer Forensics. 9 Network Evidence
CNIT 121: Computer Forensics 9 Network Evidence The Case for Network Monitoring Types of Network Monitoring Types of Network Monitoring Event-based alerts Snort, Suricata, SourceFire, RSA NetWitness Require
More informationLecture Notes on Critique of 1998 and 1999 DARPA IDS Evaluations
Lecture Notes on Critique of 1998 and 1999 DARPA IDS Evaluations Prateek Saxena March 3 2008 1 The Problems Today s lecture is on the discussion of the critique on 1998 and 1999 DARPA IDS evaluations conducted
More informationFundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin,
Fundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin, ydlin@cs.nctu.edu.tw Chapter 1: Introduction 1. How does Internet scale to billions of hosts? (Describe what structure
More informationAll-in one security for large and medium-sized businesses.
All-in one security for large and medium-sized businesses www.entensys.com sales@entensys.com Overview UserGate UTM provides firewall, intrusion detection, anti-malware, spam and content filtering, and
More informationMiddleboxes. CSU CS557 - Fall 2017 Instructor: Lorenzo De Carli
Middleboxes CSU CS557 - Fall 2017 Instructor: Lorenzo De Carli What is a middlebox? Middlebox : networking parlance for any network device which performs analysis and/or transformation of application-level
More informationCyberP3i Course Module Series
CyberP3i Course Module Series Spring 2017 Designer: Dr. Lixin Wang, Associate Professor Firewall Configuration Firewall Configuration Learning Objectives 1. Be familiar with firewalls and types of firewalls
More informationSCRIPT: An Architecture for IPFIX Data Distribution
SCRIPT Public Workshop January 20, 2010, Zurich, Switzerland SCRIPT: An Architecture for IPFIX Data Distribution Peter Racz Communication Systems Group CSG Department of Informatics IFI University of Zürich
More informationLoad Balancing Microsoft IIS. Deployment Guide v Copyright Loadbalancer.org
Load Balancing Microsoft IIS Deployment Guide v1.6.4 Copyright Loadbalancer.org Table of Contents 1. About this Guide...4 2. Loadbalancer.org Appliances Supported...4 3. Loadbalancer.org Software Versions
More informationData Sources for Cyber Security Research
Data Sources for Cyber Security Research Melissa Turcotte mturcotte@lanl.gov Advanced Research in Cyber Systems, Los Alamos National Laboratory 14 June 2018 Background Advanced Research in Cyber Systems,
More informationAn Introduction to Software Architecture. David Garlan & Mary Shaw 94
An Introduction to Software Architecture David Garlan & Mary Shaw 94 Motivation Motivation An increase in (system) size and complexity structural issues communication (type, protocol) synchronization data
More informationLoad Balancing Bloxx Web Filter. Deployment Guide v Copyright Loadbalancer.org
Load Balancing Bloxx Web Filter Deployment Guide v1.3.5 Copyright Loadbalancer.org Table of Contents 1. About this Guide...4 2. Loadbalancer.org Appliances Supported...4 3. Loadbalancer.org Software Versions
More informationManaging Latency in IPS Networks
Revision C McAfee Network Security Platform (Managing Latency in IPS Networks) Managing Latency in IPS Networks McAfee Network Security Platform provides you with a set of pre-defined recommended settings
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking
More informationIJSER. Virtualization Intrusion Detection System in Cloud Environment Ku.Rupali D. Wankhade. Department of Computer Science and Technology
ISSN 2229-5518 321 Virtualization Intrusion Detection System in Cloud Environment Ku.Rupali D. Wankhade. Department of Computer Science and Technology Abstract - Nowadays all are working with cloud Environment(cloud
More informationELFms industrialisation plans
ELFms industrialisation plans CERN openlab workshop 13 June 2005 German Cancio CERN IT/FIO http://cern.ch/elfms ELFms industrialisation plans, 13/6/05 Outline Background What is ELFms Collaboration with
More informationEnhancing Infrastructure: Success Stories
Enhancing Infrastructure: Success Stories Eli Dart, Network Engineer ESnet Network Engineering Group Joint Techs, Winter 2012 Baton Rouge, LA January 24, 2012 Outline Motivation for strategic investments
More informationA Robust Classifier for Passive TCP/IP Fingerprinting
A Robust Classifier for Passive TCP/IP Fingerprinting Rob Beverly MIT CSAIL rbeverly@csail.mit.edu April 20, 2004 PAM 2004 Typeset by FoilTEX Outline A Robust Classifier for Passive TCP/IP Fingerprinting
More informationDevelopment of Complex KNX Devices
Development of Complex KNX Devices Complex KNX Devices Device Models Solutions for Linux and WinCE Quick Client Development with ios KNX Product Database Generation Weinzierl Engineering GmbH Jason Richards,
More informationActivating Intrusion Prevention Service
Activating Intrusion Prevention Service Intrusion Prevention Service Overview Configuring Intrusion Prevention Service Intrusion Prevention Service Overview Intrusion Prevention Service (IPS) delivers
More informationDetecting Attacks, Part 1
Detecting Attacks, Part 1 CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/
More informationAbout DPI-SSL. About DPI-SSL. Functionality. Deployment Scenarios
DPI-SSL About DPI-SSL Configuring Client DPI-SSL Settings Configuring Server DPI-SSL Settings About DPI-SSL About DPI-SSL Functionality Deployment Scenarios Customizing DPI-SSL Connections per Appliance
More informationEvent-Based Software-Defined Networking: Build a Secure Science DMZ
White Paper Event-Based Software-Defined Networking: Build a Secure Science DMZ What You Will Learn As the need to efficiently move large data sets around the world increases, the Science DMZ - built at
More information