1 Real-time Network Monitoring and Security Platform for Securing Next-Generation Network Assoc. Prof. Dr. Sureswaran Ramadass
2 The platform Definition A description of a software framework that makes services available to other applications through set of API s. Objectives To provide an extendable Features through the pluggable interfaces. To ease the software development process. The platform can be considered as a core component for enabling network applications. (network monitoring, network security, real-time applications, etc.)
3 The platform The platform The platform
4 Features and Benefits Provide a cross platform environment Provide a an open architecture applications. Provide a standard packet capture engine Provide advanced protocol decoder Provide a high performance circular buffer support. Provide API for network monitoring application customization API for network worm detection. API for intelligent network monitoring. API for grid monitoring. API for advanced network statistics. API for Network Security Applications. API for Buffering and Archiving.
7 Security solution. - Networks are suffering from viruses, worms, Trojans, spy-wares, adwares, hijackers, pop generators, spam, intrusion and many more. - If you have an internet connection (home, corporate) then, your machine is exposed to the Internet world. And hence you are vulnerable against Worms and Viruses. -Virus and Worm are the biggest contributors to today s network problems. -With these modern threats, firewall and antivirus alone are not enough To protect your organization from the blended threats.
8 Application: Application: Security solution i.e. i.e. worms/viruses. Because of the Speed of there infection / spread. Cost for cleanup of worms worldwide. - Sobig: USD 37.1 billion - MyDoom: USD 22.6 billion - Klez: USD 19.8 billion - Nachi: USD 13 billion - Mimail: USD 11.5 billion - Swen: USD 10.4 billion - Love Bug: USD 8.8 billion - Bugbear: USD 3.9 billion Cost for cleanup of worms in Malaysia. Code Red: RM 22 million Nimda: RM 22 million Blaster: RM 31 million Nachi: RM 31 million Source: NISER study
9 What Worms / Viruses Can do to you? Once the host is infected, it can: Steal YOUR private info and distribute it to all the users in your database. Send dummy traffic to paralyze your network. Destroy key system files that would damage and crash your computer. Destroy database system within your server.
11 How to Get Protected? You Need: To cover the loopholes left by other security products for an all round protection. To Be able to detect internal worm attack as well as external. To be updated against recent worm. To be Alerted or warned for threats attempts by. Locating the source of the problem. Providing possible solutions.
12 Efficiency and Speed The platform Provides a Set of APIs to interact with the Buffering API in order to: Adopt the Current Networks Speeds. Operate at wire speed. Archive / store critical information. Also the platform Provides a Set of APIs to interact with the Worm Engine in order to : Parse Network traffic Packets by Packets. Compare against the updated Signature DB. Detect worm existence and alerting. Extract Useful and relevant information for further action.
13 Worm Attack Detection Propagation Source IP Propagation Destination IP
28 inet Enterprise: inet inet Console Console-Critical Critical Elements monitoring
29 inet Enterprise: the Whole 1 2
30 inet Enterprise: Features Passive Monitoring Technique Not like any other active network monitoring tools that tend to be intrusive Critical Node Monitoring Netrace Observe communication among devices and stations MPLS Distribution Statistic Able to detect MPLS packets and show its packet size and protocol distribution Application Monitoring List down the applications that being used and their bandwidth usage Web Monitoring Monitor users and the websites they visited Network Address Book Detect devices detailed information such as the MAC Address and Workgroup on a network Network Reporting Toolkit Generate report of compiled information from various monitoring modules Network Packet Analyzer Capture and decode any packets within the network
31 inet Enterprise: Features Distribution Statistic Show the packets distribution according to the size, application protocol, network protocol, etc General Statistic Show the statistic of the number of packet per second, bits per second and the network utilization Critical Elements Monitoring (Server..etc) Monitor the status of the servers and send alerts whenever a server (and/or its service) is down Top Bandwidth Usage Keep track of the users who use the bandwidth the most VLAN Distribution Statistic Show the packets distribution according to the size, application protocol, network protocol on the VLAN VLAN General Statistic Show the statistic of the number of packet per second, bits per second and the network utilization On Trunk VLAN Packet Analyzer Able to detect VLAN packets
Remote Monitoring Software for Managed Services Providers PacketTrap RMM provides a cost-effective way for you to offer enterprise-class server, application, and network management to your customers. It
Top 10 SIEM Implementer s Checklist Operationalizing Information Security Compliments of AccelOps www.accelops.com Table of Contents Executive Summary....................................................................
TOTAL VIEW ONE Technical FAQ System Overview What kind of data does TVO provide and how is it effectively delivered? TVO mirrors and records the state of every connection to deliver actionable real-time
Unified Security Monitoring Best Practices June 8, 2011 (Revision 1) Copyright 2011. Tenable Network Security, Inc. All rights reserved. Tenable Network Security and Nessus are registered trademarks of
VOICE OVER IP SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
Next Generation Security with VMware NSX and Palo Alto Networks VM-Series TECHNICAL WHITE PAPER Summary of Contents Introduction... 3 Intended Audience and purpose of document.... 3 Solution Overview....
McAfee NGFW Reference Guide for Firewall/VPN Role 5.7 NGFW Engine in the Firewall/VPN Role Legal Information The use of the products described in these materials is subject to the then current end-user
Log Correlation Engine Best Practices August 14, 2012 (Revision 3) Copyright 2012. Tenable Network Security, Inc. All rights reserved. Tenable Network Security and Nessus are registered trademarks of Tenable
Controlling Web 2.0 Applications in the Enterprise SOLUTION GUIDE FORTINET Controlling Web 2.0 Applications in the Enterprise PAGE 2 Summary New technologies used in Web 2.0 applications have increased
Multi-Layered VoIP Security A DefensePro White Paper - Avi Chesla, VP Security Table of Content Abstract...3 What is VoIP...3 VoIP Protocols...4 VoIP Architecture...4 The VoIP Market & Standards...6 The
WHITE PAPER 1ntroduction... 2 Zenoss Enterprise: Functional Overview... 3 Zenoss Architecture: Four Tiers, Model-Driven... 6 Issues in Today s Dynamic Datacenters... 12 Summary: Five Ways Zenoss Enterprise
January 2013 Page 1 This paper describes the system philosophy and guidelines for keeping your DeltaV System secure from Cyber attacks. www.deltav.com January 2013 Page 2 Table of Contents Introduction...
Confidence in a Connected World MEEC Symantec Product Availability John Lally MD Education Account Executive 204-401-7342 John_Lally@symantec.com 1 Agenda New threats means advanced security tactics SEP
Nine Essential Requirements for Web Security Enabling safe, productive access to social media and other web applications Table of Contents Executive Summary...3 Introduction...4 Web Security Concerns....4
http://www.cse.wustl.edu/~jain/cse567-06/ftp/net_traffic_monitors2/ind... 1 of 11 SNMP and Beyond: A Survey of Network Performance Monitoring Tools Paul Moceri, firstname.lastname@example.org Abstract The growing
Toward a lightweight framework for monitoring public clouds Kun Ma, Runyuan Sun, Ajith Abraham Shandong Provincial Key Laboratory of Network Based Intelligent Computing University of Jinan, Jinan, China
An Oracle White Paper July 2013 Oracle Enterprise Operations Monitor: Real-Time Voice over Internet Protocol Monitoring and Troubleshooting Introduction... 1 Overview... 2 Key Functions and Features...
VoIP Security Best Practice (Version: 1.2) NEC Corporation Liability Disclaimer NEC Corporation reserves the right to change the specifications, functions, or features, at any time, without notice. NEC
TMOS Secure Development and Implementation Overview TMOS the foundation and architecture for F5 s application delivery controllers running on the BIG-IP platform brings a wealth of security to existing
A Websense White Paper ADVANCED PERSISTENT THREATS AND OTHER ADVANCED ATTACKS: THREAT ANALYSIS AND DEFENSE STRATEGIES FOR SMB, MID-SIZE, AND ENTERPRISE ORGANIZATIONS REV 2 ADVANCED PERSISTENT THREATS AND
TIME TO RETHINK NETWORK SECURITY There are three major trends currently unfolding that promise increased efficiency and effectiveness in how we do business. These are cloud computing, big data analysis