1 / 0

Managing Network Risk in Dynamic Environments

Managing Network Risk in Dynamic Environments. Agenda. Introduction One Global Network Indisputable Internet-Based Threat What’s on your network? Defense in Depth Why Network Discovery Matters to Information Security. An Intro to Me and My Company, Lumeta.

aaron
Download Presentation

Managing Network Risk in Dynamic Environments

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Managing Network Risk in Dynamic Environments

  2. Agenda Introduction One Global Network Indisputable Internet-Based Threat What’s on your network? Defense in Depth Why Network Discovery Matters to Information Security
  3. An Intro to Me and My Company, Lumeta Michael Markulec, President, Lumeta 20+ years of experience in computer networking and software. Cybersecurity & Internet Mapping Responsible for Lumeta’sIPsonar® product suite. Head Lumeta’s long-term research project on Internet Mapping Lumeta spun-out of Bell Labs in 2000. Built IPsonar® product on technology developed by famed Bell Labs scientists that first mapped the Internet, we’ve been mapping Internet for 10+ years. IPsonar is the world’s the most widely deployed solution for network discovery, mapping and network leak detection. 200+ clients including U.S. gov’t agencies (DoD, intel and civilian) Global 2,000 clients such as 15 of the 25 largest banks; 5 of the 10 largest pharma; 3 of the largest energy cos.

  4. One Global Network

  5. One Global Network
  6. Cuba – Logical Topology Accessible From USA Cuba – Logical Topology ISP – alter.net Brooklyn, NY ISP – intelsat Fort Washington, MD
  7. Geo-location .uk Address Space

  8. Indisputable Internet-Based Threat

  9. Indisputable Internet-Based Threat “The shutdown of Egypt's ties to the rest of the global Internet was not announced by the government -- instead, 3,500 Internet routes suddenly vanished” Network World (January 28, 2011) “Security experts issued a warning Wednesday about the Stuxnet virus, cautioning that the sophisticated bug could put the nation's critical infrastructure at risk.” PC Magazine (November 18, 2010) “The US government has admitted the nation's power grid is vulnerable to cyber attack, following reports it has been infiltrated by foreign spies.” Wall Street Journal (April 9. 2009) “The New York Police Department reports 70,000 attempted electronic intrusions daily.“ City Journal (Autumn 2009)
  10. Indisputable Internet-Based Threat “The Georgian embassy in the U.K. has accused forces within Russia of launching a coordinated cyberattack against Georgian Web sites, to coincide with military operations in the breakaway region of South Ossetia.” CNet News (August 11, 2008) “Hackers compromised dozens of Department of Homeland Security computers, moving sensitive information to Chinese-language Web sites, congressional investigators said …” CNN (September 24, 2007) “Many believe the Chinese People's Liberation Army (PLA) to be the sponsor of these attacks on the Britain's Foreign Office network and other key departments …” Guardian (September 5, 2007) “Coordinated cyberattacks by and against nation states no longer is an abstract possibility an Estonian official said” Government Computing News (November 28, 2007)
  11. Defending a New Domain “Most significant breach of U.S. military computers ever,” William J. Lynn III , U.S. Deputy Secretary of Defense It began when an infected flash drive was inserted into a U.S. military laptop at a base in the Middle East The flash drive's malicious computer code, placed there by a foreign intelligence agency, uploaded itself onto a network run by the U.S. Central Command That code spread undetected on both classified and unclassified systems, from which data could be transferred to servers under foreign control. Based on the location of those servers, past reports indicate that the U.S. government suspects the attack originated from Russia
  12. Hatch Nuclear Plant (Baxley, GA) Cyber Incident Blamed For Shutdown: Forced into an emergency shutdown for 48 hours after a software update was installed on a single computer An engineer installed a software update on a computer operating on the plant's business network. The computer was used to monitor chemical and diagnostic data from one of the facility's primary control systems The engineer who installed the update was not aware that was full two-way communication between certain computers on the plant's corporate and control networks.

  13. What’s on your network?

  14. Enterprise Connectivity “You can’t defend what you don’t know.” -- Mark Orndorff, director of Defense Information Systems Agency (DISA) Mission Assurance and Network Operations The Monitored Network What Else is Connected?
  15. Network Connectivity Network boundaries are changing: Business partners, customers, suppliers and joint ventures. Outsourcing is increasing Merger & network consolidations Centralized management vs. distributed management Points of network connectivity distributed across the network and around the globe.
  16. Application Usage Application usage knows no boundaries. Socializing and sharing applications enhance business responsiveness and performance, but they are largely uncontrolled, resulting in increased inbound and outbound risks. Adoption of enterprise-class, cloud-based applications is being driven by both end-users and IT. The Application Usage and Risk Report (6th Edition, Oct. 2010) from Palo Alto Networks provides a global view into enterprise application usage by summarizing application traffic assessments conducted between March 2010 and September of 2010.

  17. Defense in Depth

  18. Step 1: Network Visibility “ Before you can consolidate, you must first build a baseline along two dimensions: performance and inventory.” — Robert WhiteleyForrester Research October 2006 Accurate View of Assets and Topology Locate layer 2 and 3 devices (routers, switches), as well as IP end-stations (PCs, servers, printers, wireless, VoIP phones) Deliver accurate configuration data about installed hardware and software Calculate and show all network connections and network topology
  19. Step 2: Identify High Value Assets Information Assets Databases: Information about your customers, personnel, production, sales, marketing, finances. Data files: Transactional data giving up-to-date information about each event. Archived information: Old information that may be required to be maintained by law. Software Assets Application Software: Application software implements business rules of the organization. Integrity of application software is very important. System Software: An organization would invest in various packaged software programs like operating systems, DBMS, development tools and utilities, office productivity suites etc. Physical Assets Computer equipment: Mainframe computers, servers, desktops and notebook computers. Communication equipment: Modems, routers, EPABXs and fax machines. Storage media: Magnetic tapes, disks, CDs and DATs. Services Computing services that the organization has outsourced. Communication services like voice communication, data communication, value added services, wide area network etc.
  20. Step 3: Implement Security Domains Untrusted Network No operational access or control The Internet Perimeter Network Operationally controlled with open access DMZ or extranet Trusted Network Operationally controlled with access by hosts under your management Administrative Network Secure Network Operationally controlled with access by validated hosts Secure Data Center or SCADA network
  21. Step 4: Establish Network Access Control VPN Access Requestor (AR) Policy Decision Point (PDP) Sensors, Flow Controllers Policy Enforcement Point (PEP) Metadata Access Point (MAP)
  22. Step 5: Monitor and Manage Identify the most serious issues Investigate policy violations and security breaches Proactive IT compliance Demonstrate security effectiveness Events that tell users what's actually happening. Vulnerabilities that help users decide the impact of an occurrence. Configurations that give users a closed-loop view of policy compliance.

  23. Why Network Visibility Matters to Information Security

  24. The Need for Global Network Visibility Enables organizations to balance change, compliance, and availability Provide risk metrics from a global network perspective Provides a true view of what’s connected to the network Eliminates gaps between security policy and operational reality Optimizes deployment of information security tools
  25. Comprehensive Active Network Visibility Active Network Visibility
  26. Network Visibility Extends IT Solutions Telecommuters Mobile Users Non-Traditional IP-enabled Devices Contractors User-added devices Partners Remote Offices Legacy Connections Non-Traditional IP Devices Managed / Known Infrastructure Complete Asset Inventory ITAsset Management Security and Vulnerability Management IPAddress Management Information Protection and Control Corporate Governance (IT GRC) ITRisk Management Network Access Control Infoblox Bluecat Bridgewater BT Diamond IP Secure64 BDNA BMC CA HP IBM SAP Symantec Cisco Juniper Bradford Microsoft HP EMC Smarts Archer Brabeion Agiliance Modulo Rational Symantec Foundstone Qualys ArcSight McAfee Lumension EMC Cisco (Ironport) McAfee SonicWALL Vericept Symantec (Vontu) Skybox nCircle RedSeal SAS Network & IT Operations Compliance Security & Risk Management
  27. IPsonar DiscoveryGathering Network Data for Action Network Discovery Host Discovery Leak Discovery Device Fingerprinting Discover Known and Unknown Networks Identify theNetwork Perimeter Discover Complete Connected IP Address Space and Accompanying Hosts Pinpoint Unauthorized Connectivity Between Discovered Networks Identify Attributes of Network Devices and Discovered Hosts Actionable Network Discovery Data Real-time Policy Violation Alerting In-depth Reporting Open API & Custom Attributes for Deep Integration Interactive, Searchable Network Maps
  28. IPsonar Delivers Global Network Visibility IPsonar’s Patented Technology: Only product that provides agent-less, credential-less visibility into everything on the network Only product that reports on network leaks that represent policy violations Only product that measures risk from a network perspective Only product that finds rogue wireless devices that leak Data can be integrated into security risk management and network management platforms Lightweight, fast and safe for the world’s largest IP networks

  29. Lumeta® Corporation

    www.lumeta.com +1.732.357.3500
More Related