Protecting Your SDN and NFV Network from Cyber Security Vulnerabilities with Full Perimeter Defense
Telco Systems and Celare in a nutshell Company overview Some of our customers Sister companies, subsidiary of BATM group (LSE:BVC) End-to-end CE 2.0, MPLS, SDN & NFV and Cyber portfolio Among the first to launch SDN & NFV solutions Multi-billion dollar install base at 300+ service provides in 50 countries Headquarters in the United States and Israel, international offices in LATAM, EMEA and APAC 2
What do we do at the SDN/NFV era? Carrier Grade D-NFV Solution x86 CPU Blade NFV Host Hardware Acceleration Hardware Offload Centralized Orchestration of D-NFV Devices Data Path Service Management VNF Lifecycle Management & Chaining SBI: Netconf & OpenFlow NBI: SOAP Best of Breed Application Portfolio 3
Please rate the level of security risk posed by the following aspects of virtualization # of respondents: 97
Please rate the level of security risk posed by the following aspects of virtualization
Telecom networks today Used for providing L2/L3 pipes Control plane is separated from data plane Devices run closed proprietary OS: Cisco IOS, Juniper JONOS, Telco Systems BiNOX End users can t access the control plane therefore infrastructure attack is more challenging Nx10GE MPLS/Ethernet IP/MPLS core 10GE IP/MPLS core 6
Tomorrow s networks the SDN/NFV era New Dimensions of Cyber Threats SDN Software based networks Devices are remotely provisioned and controlled, on-demand in realtime, therefore networks are hackable via programmable devices Invoked by end-user in self-service or business facing representative (vs. engineering/network) NFV Virtualize the network infrastructure: Telcos networks become open to IT threats Malware can run on any device DDoS attacks on network resources Broadband Ethernet CO Cellular CPE 7
Security challenges with distributed-nfv OpenStack is the De facto enabler for NFV NFV/Cloud Computing Compute Nodes Controller Data Center Fact: NFV expands out of the Data Center: ucpe, vcpe, MEC, 8
Security challenges with distributed-nfv ucpe vcpe Distributed NFV Compute Controller Mobile Edge Computing Compute OpenStack Controller to Compute implements multiple interfaces over the WAN/Internet: VNC, SSH, HTTP & more Enterprise/CPE 9
Security challenges with distributed-nfv Over 500 pin holes had to be opened in the firewall to allow this to work Openstack s design presents too many attack vectors. Peter Wills, BT How NFV is different from Cloud: Using OpenStack for Distributed NFV October 2015 10
NFV device zoom in NFV OS is based on open building blocks: Linux, Open vswitch, OpenStack User traffic flows through the data plane to the control plane and to the applications (VMs) VM#1 VM#2 VM#N Malware Remote Access VNF Specific Hypervisor / vswitch Linux OS Malware DDoS Remote Access USERS 11
Telco Systems and Celare introduce: SDN/NFV Security Infrastructure solution 12
NFV CyberGuard solution Network Probes, NFVI Agents, Big Data Analytics and SDN Controller Agent on NFV Device Network Probe 4. Action 2. Analytics 3. Detection 1.Collection Agent on NFV Device Network Probe Agent on NFV Platform SDN CONTROLLER BIG DATA 13
NFV CyberGuard solution Distributed, Big-Data, Actionable Network-wide probes: Probes: POP, CO, DC, vce Agents: NFVI Full session reconstruction Metadata / context extraction Wire Speed / HW Acceleration Centralized control & orchestration Remote shut-off flows, services,vnf, devices Distributed bypass, reroute, redirect Active prove deployment & collection NFV CyberGuard Big Data Recording & Indexing, Historical network DB, Network situational awareness Investigation, Information discovery & analytics Network behavior anomaly detection (NBAD), Threat Prediction Execute 3 rd party applications & algorithms 14
Secure virtual appliance Celare smart probe plugin to Telco TVE (Telco Virtualization Engine) inline mode TVE Carrier Grade Virtualization Engine VM#1 VM#2 VM#N Inspecting every flow entering the virtualization engine Blocking the threats/malware at: VNFI Carrier Ethernet switch: Control the L2 switch to block flows Access List Hypervisor / vswitch Linux OS X86/ARM L2 Switch 15
Big data - conceptual architecture Applications & Services Detectors Analytics Learning Get Service Request (Start Session) Enrichment Network Metadata Statistics NoSQL Database Aggregator OEP Insights & Alert Enrichment Index Analyst Desktop Information Discovery Reports PCAP s External Graph Analytical DB Ad-hoc - Queries Configuration HDFS System MD Store Analytics Logs 16
Event processing engine Rule set can be defined easily, on demand and can be activate immediately Monitor streams in real-time Filtering - New stream filtered for specific criteria Pattern Matching - Notification of detected event patterns, e.g. events A, B and C occurred within 15 minute window In-Memory, continuous queries CAT BA CATERPILLAR BOEING D 22.5 77.57 600 41.575 20080305 20080305 10:03:03:46 5 800 10:03:02:78 DO DUPONT 41.57 3000 20080305 DO DUPONT D 41.57 3000 20080305 10:03:04:12 5 10:03:04:12 AA ALCOA INC D 20.12 1000 20080305 5 10:03:01:55 AXP AMER EXPRESS 45.87 500 20080305 CAT CATERPILLAR D 22.5 600 20080305 CO 5 10:03:02:10 10:03:03:46 BA BOEING 77.57 800 20080305 DO DUPONT D 41.57 3000 10:03:02:78 20080305 COMPLEX QUERIES 5 10:03:04:12 CAT CATERPILLAR D 22.5 600 20080305 10:03:03:46 AA ALCOA INC D 20.12 1000 20080305 5 10:03:01:55 DO DUPONT D 41.57 3000 20080305 5 10:03:04:12 AXP AMER EXPRESS D 45.87 500 20080305 CO 5 10:03:02:10 AA ALCOA INC D 20.12 1000 20080305 5 10:03:01:55 BA BOEING D 77.57 800 20080305 5 10:03:02:78 AXP AMER EXPRESS D 45.87 500 20080305 CO 5 10:03:02:10 BA BOEING D 77.57 800 20080305 5 10:03:02:78 Runs In-Memory (not database) with continuous Queries on the data Powerful and potentially limitless Extensibility with Data Cartridges 17
Visualization & information discovery Solution designed to be Event driven Supports GEO/Maps Advanced graphs and filters Network Situational Awareness Facet search Leading the way to IT-aware networks www.telco.com 18
Graph network visualization Intuitive visualization Visual filters Advanced search: nodes & links Zoom for details Multiple views 11/4/2015 19
Actionable control & protection VNF SDN CONTROLLER 1. vcach VNF under Attack 2. Bypass VNF 3. Stop VNF vfw X vcache NFVI 20
Actionable control & protection VNF SDN CONTROLLER 1. vcach VNF under Attack 2. Bypass VNF 3. Stop VNF 4. Resume Operations vfw vcache NFVI 21
Actionable control & protection Device SDN CONTROLLER X 1. Infected Device 2. Shut-Down Services 3. Reroute 4. Shut-Down Device NFVI 22
Solution benefits Currently the only real comprehensive solution to protect NFV infrastructure targeted to Telecom networks Inspecting network traffic at the network edge & close to the end points. Cloud based Big Data reservoir providing the Operator global centralized view for all NFV appliances & infrastructure Integrated with Oracle Big Data & tools and SDN controller Ability to block wide range of network cyber Threats Open API for external systems and 3rd party applications and algorithms 23
Thank you!