HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS Danielle M. Zeedick, Ed.D., CISM, CBCP Juniper Networks August 2016
Today s Objectives Goal Objectives To understand how holistic network protection works via foundational concepts and examples. Attendees will learn how holistic network protection 1. Leverages the entire network to deliver security and is comprised using a bottom-up and top-down approach. 2. Utilizes the entire network infrastructure including all network elements to assist in threat intelligence and detection. 3. Employs cloud-based threat defenses, which includes intelligence feeds from all sources and also includes cloud-based, scalable malware detection. 4. Contains elements of a centralized, dynamic policy engine and controller that addresses all network components.
THREAT TREND LANDSCAPE
Threats from Everywhere: Our Adversaries and Techniques Stopping outside and inside threats needs a new norm: A zero-trust security posture. Increasing sophistication with low cost equipment Increasing variability mobile devices, simple code Insider threat: planted or human Capturing data in transit: exfiltration of data-in-motion not just data-at-rest
What Leaders Need to Know Some ideas... Security breaches are when not if events Cloud economics can decrease costs Cloud and cybersecurity must use a riskmanagement focused cybersecurity framework and maturity model Perimeter hardening is no longer enough Data-at-rest and data-in-motion need in-line and end-to-end encryption Practice resilience scenarios (red/blue team exercises)
What Leaders Need to Know More ideas... How do we ensure personnel training on security awareness from password strength to physical security to data movement? How are anomalous signatures detected and stopped? The Defender s Dilemma (RAND research report) Survey of CISOs Efficacy of Security Systems (countermeasures, attackers, defenders) Improving software Heuristic Cybersecurity model Lesson for Organizations and Public Policy http://www.rand.org/pubs/research_reports/rr1024.html
TODAY S APPROACH TO CND
Security Trends Today Computer Network Defense (CND) landscape has changed. Multiple types of nodes within the architecture = highly fluid, dynamic, and unpredictable threats from multiple sources Risk management framework (RMF) including mitigation/isolation could help Metrics of success: total number of attacks stopped vs reduction of risk using a risk framework Attackers are always gaining, attempting to stay ahead, becoming more sophisticated,
Most network security strategies focus on security at the perimeter only outside in. Is securing the perimeter really enough? Inline Intrusion Prevention Inline Anti-Malware Unified Threat Management Application Security Current look at the enterprise perimeter security model Security layered on top of network (hard shell) Trust model: trust what s inside the network; trust that it is secure; Visibility to the outside relies mostly on perimeter firewalls Constant threats require adaptability (reactive defense); unknown signatures could go undetected Data Loss Prevention
Emerging Challenge: The Internet of Things (IoT) Multiple kinds of nodes besides our standard switches, firewalls, routers, servers, clients, etc. AFCEA IoT Summit: Battlefield IoT now focuses on enterprise versus tactical with many nodes Battlefield network includes logistics, sensor nets, vehicles, networked munitions, robots/drones Metrics of success: total number of attacks stopped vs reduction of risk using a risk framework Attackers are always gaining, attempting to stay ahead, becoming more sophisticated, More bandwidth needed as adversarial environment is cyber, kinetic, and jamming RF and humans are vulnerable to deception
A Change in Mindset Start talking about Secure Networks, not Network Security Realize threats are everywhere: inside the network, outside, and evolving from worldwide threats Recognize perimeter security isn t enough: use risk management frameworks and risk mitigation policy Engage in proactive and not reactive detection and enforcement should be enabled anywhere and be dynamic Acknowledge security is everyone s problem horizontal and vertical personnel security awareness is paramount
COMPONENTS
Characteristics of Holistic Network Protection Availability Agile, flexible, dynamic, adaptable policy Integrity Separation from the current landscape All components protected Security Layered protection Heuristic security
Holistic Network Protection People Awareness (training key to entire workforce) Sufficient expertise Transmission Storage Transfer Data Applications Customized, mission-specific COTS, GOTS Infrastructure Virtual clients, all components, not just perimeter Operating Systems
Holistic Network Protection Includes Software Defined Network (SDN) Concepts SDN has been an emerging technology in the last five years The basis of SDN is virtualization: software running separately from underlying hardware Umbrella term encompassing several kinds of network technology aimed at making the network as agile and flexible in hybrid virtualized and nonvirtualized environments As the cloud becomes more prevalent for threat intelligence, network adaptability is key to detect, prevent, and counter potential threats
HIGH-LEVEL ARCHITECTURE EXAMPLES
Industry Examples Rings-Around-Things Software Defined Secure Networks (SDSN) Security Frameworks and Blueprints
AT&T s Concept Perimeter security gives way to Rings Around Things (RAT) Response to the Internet of Things (IoT) and Bring Your Own Device (BYOD) One size does not fit all Segment and isolate intrusion and avoid total network infiltration Short film and full 31-minute presentation available at https://www.youtube.com/watch?v=bmvvjzxw7ge and https://www.youtube.com/watch?annotation_id=annotation_1152569841&feature=iv&src_vid=bmvvjzxw7ge&v=gxfbpqh6nro
Software Defined Secure Network Operating the network as single enforcement domain, every element becomes a policy enforcement point Policy Create and centrally manage intent-based policy directly aligned to business objectives Detection Gather & distribute threat intelligence, from multiple sources know who the bad guys are faster Leverage cloud economics for real time analysis find the bad guys faster Enforcement Enforce policy to the threat feed information, real time across the network adapt the network real-time
Software Defined Secure Network Policy, Detection and Enforcement Cloud-based Threat Defense Detection Enforcement Threat Intelligence Your Enterprise Network Detection Enforcement Dynamic and Adaptive Policy Engine Policy Adjusting the Bottom-Up and Top-Down Approaches Leverage entire network and ecosystem for threat intelligence, identification, and detection Utilize any point of the network as a point of enforcement (inside or perimeter) Dynamically execute policy across all network elements
Where to Start Modernize the Perimeter Cloud Security Upgrade the network perimeter for adaptability Threat Intelligence Engine/Detection Physical Firewall Advanced Threat Prevention Virtual Firewall Next Generation Firewall is Current Generation Firewall simplify and remove niche security appliances Utilize Cloud Economics for Instant Intelligence that Leads to More Effective Detection Your Enterprise Network
The Right Policy for the Right Job Software Defined Secure Network (SDSN) Policy Engine + Controller Entry point: networked light bulb Kill illegitimate tunnel Different threat levels need different policies Breached lightbulb: quarantine and create new policy for correct behavior Compromised core switch? The right policy for the right level of threat Or Example 1 Example 2
Converse With Your Network Cloud Security Secure Threat Intelligence Advanced Threat Prevention Security Policy Dissemination Mgmt/UI: Policy, App Visibility, Threat Map, Events Network Elements Security Policy Controller Your Enterprise Network Deploy a policy engine that communicates with the network Analytics Capability Based on Network Data Customizable UI Provides Data Correlation Utilize All Network Elements as Detection & Enforcement Points Future: Intent Based Policy Engine to Communicate Across Any Network Element
Everything on Your Network can be a Potential Threat Entry-point Normal and Abnormal Behavior Normal operation: call home beacons, energy utilization Abnormal behavior recognition: bursting traffic, abnormal high data download rate, slow data exfiltration, entry through different access points Is this normal? How to mitigate threat traversing the enterprise?
IBM s Approach: Framework & Blueprint toward Security Maturity Using the IBM Security Framework / IBM Security Blueprint to Realize Business-Driven Security
IBM Security Blueprint Expands on the business-oriented view of the IBM Security Framework and maps the domains to a core set of security components
How are these holistic examples? Rings-Around-Things Looking beyond the perimeter to stop threats from infiltrating other network segments and data stores Software Defined Secure Networks (SD-SN) Disaggregates software from hardware, enabling better agility for both security deployment and enforcement Security Frameworks and Blueprints Combining a business-risk-focused framework with a technical security blueprint to achieve security maturity
CONCLUDING THOUGHTS
Closing in on a Security Vision From Network Security to Secure Networks Building blocks for tomorrow s Software Defined Secure Networks Simplified Policy and Management across all network elements Adaptable Security Solution based on real time threat intelligence information Detection and Enforcement utilizing the entire network to protect you 360-approach for holistic network protection engaging strategies at the personnel, data, devices, applications, and infrastructure levels.
Thank You dzeedick @ juniper.net