How To Make A Network Safer With Stealthwatch

Transcription

1 Netzwerkkonzept Informationsveranstaltung am Im Bristol Hotel Mainz Thema: Ideen zum Netzwerkdesign - Switching -WLAN - Security - VoIP Datum: , Seite: 1 Network Behaviour Analysis with Lancope Lancope StealthWatch Datum: , Seite: 2 Seite 1

2 Problem: Insuring Network Integrity, Reliability and Performance Network integrity, performance issues and downtime can be caused by many different events: Security incidents Network faults Bandwidth hogs Application errors Communication infrastructure bottlenecks Poor network design Rogue devices and host configurations User related issues and problems Network performance and downtime impacts: Revenue Productivity Customer Satisfaction Expenses Datum: , Seite: 3 Problem: Securing the Internal Network from Int. & Ext. Threats Perimeter Security tools were designed to prevent bad traffic from entering the enterprise network (Firewalls, IDS, and IPS). Organizations have deployed perimeter security tools but have discovered they are not effective against new worms, viruses and exploits and they were never designed to protect the enterprise from internal threats Many organizations have not deployed traditional IDS tools because they are labor intensive, generate large numbers of alerts (false positives), and do not prioritize the most serious problems Security events can be caused by internal or external sources and most organizations have not deployed technology to protect against internal threats Organizations debate the business risk of deploying IPS tools, i.e., the risk of blocking good traffic. Enterprise IPS deployment can be very expensive so most organizations only deploy IPS in certain parts of their network perimeter Most organizations lack the information and network visibility to determine the root cause of internal network security events Datum: , Seite: 4 Seite 2

3 What Are The Challenges in Solving these Problems? It often requires individuals from multiple groups to solve these problems: Users Helpdesk Network Operations Center Security Operations Center It can take hours or days to identify the source or root cause of a negative impact on the network either network performance or network security related because: Information, which may be incomplete and difficult to access, often comes from disparate systems and the accuracy can be questionable Many organizations lack the real-time visibility of the entire network required to solve complex problems Datum: , Seite: 5 Lancope s Mission with StealthWatch To optimise Network and Security operations teams ability to identify, prioritize, determine root cause, remediate and report on all network incidents that impact overall network health, host integrity, and security of the network Significantly reduce the time and resources required to identify and remediate network performance and security problems Provide visibility of all network activity Support and Enable Regulatory Compliance SOX, Japan SOX Basel II PCI Payment Card Industry COBIT HIPPA Gramm Leach Blyley Datum: , Seite: 6 Seite 3

4 Lancope StealthWatch Unique Value Proposition StealthWatch is the best technology to secure clients internal networks and optimize the performance of those networks in a single scalable solution Functionally rich technology Monitors, secures, mitigates, optimizes and reports on all network and network security activity Unique prioritization technology enables clients to focus on resolving their most serious problems (The Concern Index, Target Index, and File Sharing Index) Integration with all of the most popular Firewall, IDS, IPS, SIM, SEM, and System Management technologies (including Foundry INM) enables easy fast integration to clients current infrastructure StealthWatch matches user IP address with user Identity StealthWatch provides a sophisticated easy, to use management reporting capability StealthWatch is Intuitive and Easy to Use Point-of-View : Role-based user interface based on user s job role provides clients with the most powerful technology that is configurable for each users responsibilities. Enables distributed management responsibilities if required Datum: , Seite: 7 The StealthWatch Architecture Datum: , Seite: 8 Seite 4

5 StealthWatch Architecture: Monitor Datum: , Seite: 9 StealthWatch Architecture: Baseline Datum: , Seite: 10 Seite 5

6 StealthWatch Architecture: Secure Datum: , Seite: 11 StealthWatch Architecture: Respond Datum: , Seite: 12 Seite 6

7 StealthWatch Architecture: Optimize Datum: , Seite: 13 StealthWatch Architecture: Report Datum: , Seite: 14 Seite 7

8 Problems Solved: Network Security & Optimization StealthWatch provides a fully integrated view of all network usage, performance details, host integrity and user behaviour StealthWatch is the simplest, easiest to use, most powerful and most cost-effective solution to monitor and protect the internal client network from growing insider threats as well as external threats StealthWatch enables quick diagnosis of the source and root cause of any network problem, performance or security related, causing response time delays. We can solve problems in one tenth of the time StealthWatch enables network and security teams collaboration and to dramatically reduce the time required to identify and resolve network and network security problems StealthWatch provides extensive historical and trending data to facilitate network performance capacity planning and resource management Datum: , Seite: 15 How We Do It: Why Flow Data? Leverage existing flow data: the Who, What, When, Where and How of network traffic NetFlow Cisco and Juniper (Cflow) sflow - Foundry / Extreme / HP ProCurve/Alcatel By turning all routers and switches into a virtual surveillance system Turns raw flow data into valuable intelligence about: Network Users and Applications Performance problems Compliance problems Peak Usage Times Traffic Routing Security and Network Health Datum: , Seite: 16 Seite 8

9 StealthWatch Functional Overview Build Profile of 100 Host Attributes Apply 100 StealthWatch Algorithms Generate Alarms, Alerts, and Reports Generate Profile-Enhanced Alarms, Alerts, and Reports Send SYSLOG, SNMP, and s Perform Mitigation Action Display in UI Store Detailed Log of All Flows Collect and Process 130 Unique Flow Statistics Mirror Port, SPAN, or Tap Cisco (NetFlow) Foundry HP (sflow) Datum: , Seite: 17 StealthWatch Network Behavior Analysis & Response Datum: , Seite: 18 Seite 9

10 StealthWatch Network Behavior Analysis & Response Product Family StealthWatch Identity-1000 StealthWatch Flow Collectors StealthWatch Xe for NetFlow StealthWatch Xe for sflow StealthWatch NC Datum: , Seite: 19 How the StealthWatch System Looks at Networks Datum: , Seite: 20 Seite 10

11 How the StealthWatch System Looks at Networks Datum: , Seite: 21 How the StealthWatch System Looks at Networks Datum: , Seite: 22 Seite 11

12 How the StealthWatch System Looks at Networks Datum: , Seite: 23 How the StealthWatch System Looks at Networks Datum: , Seite: 24 Seite 12

13 How the StealthWatch System Looks at Networks Datum: , Seite: 25 How the StealthWatch System Looks at Networks Datum: , Seite: 26 Seite 13

14 StealthWatch Product Line Xe-2000 High-end StealthWatch NetFlow or sflow Collector. Xe-1000 Entry-Level/Midrange StealthWatch NetFlow or sflow Collector. G1 Designed for networks with speeds up to one gigabit per second. M250 Designed for fast Ethernet networks M45 Designed for DS3 links or underutilized fast Ethernet connections IDentity-1000 Tracks user identities into StealthWatch SMC Datum: , Seite: 27 SMC Collects and Manages multiple StealthWatch and StealthWatch Xe appliances. Seite 14