Security Enhancements

Similar documents
Diego R. López Telefónica I+D

Hybrid Cloud (Telco & IT) - en fleksibel og optimal implementering

Elastic Network Functions: Opportunities and Challenges

VMWARE AND NETROUNDS ACTIVE ASSURANCE SOLUTION FOR COMMUNICATIONS SERVICE PROVIDERS

IoT privacy risk management in ANASTACIA project

DevOps for Software-Defined Telecom Infrastructures. draft-unify-nfvrg-devops-01

We are innovating in security

Cloud Systems 2018 Training Programs. Catalog of Course Descriptions

Going Cloud native with NFV for 5G

Multi-domain Network Virtualization

ADVANCED SECURITY MECHANISMS TO PROTECT ASSETS AND NETWORKS: SOFTWARE-DEFINED SECURITY

Introduction. Delivering Management as Agile as the Cloud: Enabling New Architectures with CA Technologies Virtual Network Assurance Solution

Mobile Edge Computing:

DevOps CICD for VNF a NetOps Approach

Your Digital Network. Your Future Unlocking the True benefit of Software defined Networking. Amol September 2016

Deploy a unified NFV MANO solution that draws on decades of telecom innovation and virtualization expertise

ITU Workshop on Telecommunication Service Quality. Service assurance for Virtualized Networks and End-to-End Xhaul and C-RAN

SHAPE Integrated Security in The Cloud. CNBG/SP Bobby Zhou

NFV Reality & Assuring Services on Hybrid Networks

NFV Monitoring. Nicolas Bouthors, CTO, Qosmos Division. Qosmos is a division of Enea -

Nokia AirGile cloud-native core: shaping networks to every demand

SHIELD: A Novel NFV-based Cybersecurity Framework

Simplified service creation and delivery. Branch. SOHO Data Center. Control Center / NOC Packet Muse Service & Network Applications

Service Delivery Platform

Deployment Case Study of SDN and NFV Transformation. Marcela Blanco-Luna Solutions Architect Advanced Services

ENISA EU Threat Landscape

Partners: NFV/MEC INTRODUCTION. Presented by Dhruv Dhody, Sr System Architect, Huawei India. All rights reserved

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

White Paper NEXT GENERATION DDoS SERVICES

CHARTING THE FUTURE OF SOFTWARE DEFINED NETWORKING

OpenADN: Service Chaining of Globally Distributed VNFs

VNF on-boarding CMCC

MEF's Lifecycle Service Orchestration (LSO): Multi-operator Service Delivery from Months to Minutes..

SD-WAN / Hybrid WAN : Leveraging SDN-NFV for Networks Agility

SD-WAN Implementation & Differentiation Layer Strategies

D3.1 Specifications, design and architecture for the vnsf ecosystem

NFV Infrastructure for Media Data Center Applications

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Juniper JN0-410 Exam. Volume: 65 Questions. Question No: 1 What are two valid service VMs in a service chain? (Choose two.) A.

Virtual Network Functions Life Cycle Management

Cisco SD-WAN. Intent-based networking for the branch and WAN. Carlos Infante PSS EN Spain March 2018

UNIVERSITY OF CAGLIARI

Can the Network be the New Cloud.

Dell EMC NFV Ready Bundle for VMware. Overview Presentation September 2017

Network Function Virtualization over Open DC/OS Yung-Han Chen

Verification of NFV Services : Problem Statement and Challenges

Virtual Network Functions Life Cycle Management

Multi-domain Network Virtualization draft-bernardos-nfvrg-multidomain-01

SECURED SECurity at the network EDge

How to return control over user data back to the user The rethink framework

Network Automation. From 4G to 5G. Juan Carlos García López Global Director Technology and Architecture GCTIO, Telefonica. MWC 2018 Barcelona, Feb 27

Leveraging SDN & NFV to Achieve Software-Defined Security

CASE STUDY: Integrating Agile Operations to support NFV/SDN Deployment & B2B services redefinition, Orange Polska case study

SDN, NFV, and Mobile Edge Enabling Future Carrier Networks. Gagan Puranik January 31, 2016

Cisco SD-WAN and DNA-C

Enterprise & Cloud Security

ETSI FUTURE Network SDN and NFV for Carriers MP Odini HP CMS CT Office April 2013

ONAP CCVPN Blueprint Overview. ONAP CCVPN Blueprint Improves Agility and Provides Cross-Domain Connectivity. ONAP CCVPN Blueprint Overview 1

Innovations in Softwaredefined

Security in Cloud Environments

ONAP VoLTE Use Case Solution Brief

SD-WAN orchestrated by Amdocs

Towards an integrated regulation platform in Luxembourg. Information Security Education Day th of april

Contrail Cloud Platform Architecture

Cloud strategy and deployment Experience. Carmen Agúndez Market Area Europe and Latin America Cloud Lead

Contrail Cloud Platform Architecture

Open Security Controller Project Use Cases

The Virtual Brick Road Achievements and Challenges in NFV Space. Diego R. Lopez Telefónica NFV ISG Technical Manager October 2013

UNIFY SUBSCRIBER ACCESS MANAGEMENT AND EXPLOIT THE BUSINESS BENEFITS OF NOKIA REGISTERS ON VMWARE vcloud NFV

Open Source Possibility for 5G Edge Computing Deployment OpenStack NFV, Openshift edge container engine and Ceph data lake (

NaaS architecture through SDN-enabled NFV

MWC 2015 End to End NFV Architecture demo_

Cross-Site Virtual Network Provisioning in Cloud and Fog Computing

Overview on FP7 Projects SPARC and UNIFY

Casa Systems Axyom Software Platform

Benefits of a SD-WAN Development Ecosystem

How DPI enables effective deployment of CloudNFV. David Le Goff / Director, Strategic & Product Marketing March 2014

KNOW YOUR NETWORK. DATA SHEET VistaInsight Service Assurance for CSPs

Requirements and design of 5G experimental environments for vertical industry innovations

James Won-Ki Hong. Distributed Processing & Network Management Lab. Dept. of Computer Science and Engineering POSTECH, Korea.

NEC Virtualized Evolved Packet Core vepc

NR 5. 5G automation and qualification frameworks serving energy networks. IEEE 5G Summit Thessaloniki, 11 July 2017

Digital Transformation for Service Providers

How to Secure Your Cloud with...a Cloud?

Evolution of connectivity in the era of cloud

Cisco CloudCenter Solution with Cisco ACI: Common Use Cases

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy

SDN/NFV for Cloud Data Centers: Case Study

NFV Platform Service Assurance Intel Infrastructure Management Technologies

Phil Dredger Global Lead Network Services Cloud Platform and ITO DXC. Presentation title here edit on Slide Master

Where is the Network Edge? MEC Deployment Options, Business Case & SDN Considerations

Accelerating SDN and NFV Deployments. Malathi Malla Spirent Communications

Future X Network. Sanjay Kamat Managing Partner, Bell Labs Consulting Nokia

THE ELASTIC NETWORK. In today s world, CHANGE is the only constant. But to EXCEL - you need to change swiftly, seamlessly and profitably.

Reconstruct to re-energize

A QUICK INTRODUCTION TO THE NFV SEC WG. Igor Faynberg, Cable Labs Chairman ETSI NFV SEC WG

ONAP ETSI NFV ARCHITECTURE ALIGNEMENT

Case Study: Orchestration of Hybrid Networks

Network Virtualisation Vision and Strategy_ (based on lesson learned) Telefónica Global CTO

Practical Guide to Platform as a Service.

Transcription:

https://www.shield-h2020.eu/ Security Enhancements By means of NFV and Cognitive Security

Managed Security Services (MSS) and NFV NFV becomes a key enabler for security services Security VNFs are emerging (new or legacy appliances) New security services are demanded Next Steps: create dynamic security policies abstracted from the underlying hardware or location Multiples names for this concept Security as a Service (SECaaS) Control Software-Defined Security (SDSec) Security functionalities SECaaS Security Enhancements by means of NFV and Cognitive Security 2

Is the technology mature? Gartner Inc. s Hype Cycle for Emerging Technologies, 2016 5 to 10 years to mainstream adoption Peak of Inflated Expectations Security Enhancements by means of NFV and Cognitive Security 3

Challenges for NFV-based security services DevOps applied to security Agile onboard, instantiation and scale Quick integration of new security capabilities (a.k.a. third-party VNFs) Visibility and control on virtualized and dynamic environments Attestation and validation of topologies (SDN) and applications (NFV) Dashboards and metrics Cognitive knowledge applied to security Network-based Big Data (i.e. traffic flows, application logs, etc.) Machine Learning algorithms Security Enhancements by means of NFV and Cognitive Security 4

Proposed solution: SHIELD New telco-oriented Cybersecurity Framework EU H2020 program from Sept-2016 to Feb-2019 Support virtualized security appliances as VNFs Virtualized Network Security Functions or Security as a Service based on NFV+SDN architecture ETSI MANO reference model Includes Big Data engine and Machine Learning capabilities Real-time incident detection and mitigation Trustworthiness Pervasive Trust Computing in NFVI, VNFs (VM and Containers) and SDN Security Enhancements by means of NFV and Cognitive Security 5

SHIELD High Level Architecture Store for s & Network Services Developer API store Client API Store developers Security Agency CSIRT access Security overview dashboard O API SP access Service Provider Client Data engine API Service Provider Client Query API Remediation & Recommendation Security Dashboard: graphical front-end Actuation Catalogue Northbound API Data engine orchestrator Orchestrator Engine Data Analytics framework Processing Area CEP Staging Monitoring Infrastructure Repository Manager Engine DARE Network Infrastructure: NFVI and legacy Act. Network Mon. VNF Enterprise Service Bus Data Services Center Trust Monitor Security Enhancements by means of NFV and Cognitive Security 6

SHIELD High Level Architecture Store developers Security Agency Service Provider Service Provider Client orchestrator managing lifecycle Developer API CSIRT access SP access Client store Security overview dashboard Client API O API Data engine API Catalogue Northbound API Data engine orchestrator Orchestrator Engine Infrastructure Repository Manager Engine Query API Remediation & Recommendation Data Analytics framework Processing Area CEP DARE Staging Data Analitics & Remediation Engine real-time analysis, incident detection and mitigation Trust Monitor attesting infrastructure & services, validating their integrity Act. Network Mon. VNF Trust Monitor Enterprise Service Bus Data Services Center Security Enhancements by means of NFV and Cognitive Security 7

Where is cognitive security? Machine Learning algorithms applied to network traffic DARE is the module in charge of applying Machine Learning techniques How can we train algorithms? Real traffic High volume and performance required Privacy concerns arise Best in final stages of testing and validating Synthetic traffic Controlled environment Tagged traffic for supervised training Volume and type of traffic based on needs Best in initial stages to test different algorithms W.carter Security Enhancements by means of NFV and Cognitive Security 8

Telefonica s Mouseworld Synthetic traffic laboratory An environment that allows to apply Machine Learning (ML) concepts in a controlled way Using configurable mixes of synthetic and real traffic Including mechanisms like honeynets and adapted malware Initially conceived as part of the CogNet 1 project Apps & clients Browser Video Cloud Network VNFs CSP & Internet Web Server Video stream Cloud File Provider Illegal ML Algorithms Illegal.. HoneyPot OSS App 2 App 1?? Manageable traffic Unknown OSS App 2 App 1 Browsing Video Cloud Illegal Attacks Manageable traffic 1 http://www.cognet.5g-ppp.eu/ MouseWorld Security Enhancements by means of NFV and Cognitive Security 9

Thank you!! This project has received funding from the European Union s Horizon 2020 research and innovation programme under grant agreement No 700199. This text reflects only the author's view and the Commission is not responsible for any use that may be made of the information it contains. Security Enhancements by means of NFV and Cognitive Security 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback