Extreme Networks: A SOLUTION WHITE PAPER



Similar documents
The Purview Solution Integration With Splunk

Purview. Product Overview NETWORK-POWERED APPLICATION ANALYTICS AND OPTIMIZATION DATA SHEET PURVIEW HIGHLIGHTS

Extreme Networks CoreFlow2 Technology TECHNOLOGY STRATEGY BRIEF

Extreme Networks Solutions for Microsoft Skype for Business Deployments SOLUTION BRIEF

We are able to increase application response time thus increasing productivity

Information Technology Policy

IBM Security IBM Corporation IBM Corporation

Introducing IBM s Advanced Threat Protection Platform

Sikkerhet Network Protector SDN app Geir Åge Leirvik HP Networking

IBM QRadar Security Intelligence April 2013

IBM QRadar Security Intelligence Platform appliances

What is Security Intelligence?

Bridging the gap between COTS tool alerting and raw data analysis

QRadar SIEM 6.3 Datasheet

Extreme Networks Purview Application Analytics Integration with VMware vrealize Log Insight

Concierge SIEM Reporting Overview

Pluribus Netvisor Solution Brief

QRadar Security Intelligence Platform Appliances

QRadar SIEM and Zscaler Nanolog Streaming Service

Q1 Labs Corporate Overview

SANS Top 20 Critical Controls for Effective Cyber Defense

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

SDN and NFV in the WAN

QRadar SIEM and FireEye MPS Integration

IBM SECURITY QRADAR INCIDENT FORENSICS

APPLICATION PROGRAMMING INTERFACE

Leveraging SDN and NFV in the WAN

FIREMON SECURITY MANAGER

IBM QRadar as a Service

Kevin Hayes, CISSP, CISM MULTIPLY SECURITY EFFECTIVENESS WITH SIEM

Network as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats

Extreme Networks Software Defined Networking (SDN) Platform: Open, Standards-based and Comprehensive

Boosting enterprise security with integrated log management

Application and Database Security with F5 BIG-IP ASM and IBM InfoSphere Guardium

AMPLIFYING SECURITY INTELLIGENCE

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

QRadar Security Management Appliances

Lumeta IPsonar. Active Network Discovery, Mapping and Leak Detection for Large Distributed, Highly Complex & Sensitive Enterprise Networks

場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR

Network Security Monitoring: Looking Beyond the Network

McAfee Network Security Platform

Virtualized Network Services SDN solution for enterprises

MRV EMPOWERS THE OPTICAL EDGE.

Security strategies to stay off the Børsen front page

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

How To Protect Your Virtual Infrastructure From Attack From A Cyber Threat

Unified Security, ATP and more

IBM Security QRadar Vulnerability Manager

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

IBM Security QRadar Risk Manager

IBM Security Intelligence Strategy

SDN Software Defined Networks

Software Defined Networking Hva kan du starte med i dag? Geir Åge Leirvik HP Networking

Minder. simplifying IT. All-in-one solution to monitor Network, Server, Application & Log Data

IBM Advanced Threat Protection Solution

First Line of Defense

Speed Up Incident Response with Actionable Forensic Analytics

AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide

Software defined networking. Your path to an agile hybrid cloud network

Comprehensive Advanced Threat Defense

IBM Security Network Protection

Find the needle in the security haystack

INTRODUCTION TO FIREWALL SECURITY

RAVEN, Network Security and Health for the Enterprise

Classic IOS Firewall using CBACs Cisco and/or its affiliates. All rights reserved. 1

WildFire. Preparing for Modern Network Attacks

Safeguarding the cloud with IBM Dynamic Cloud Security

Simplifying Data Data Center Center Network Management Leveraging SDN SDN

Monitoring Hybrid Cloud Applications in VMware vcloud Air

End-to-End Application Security from the Cloud

FISMA / NIST REVISION 3 COMPLIANCE

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

Gaining Operational Efficiencies with the Enterasys S-Series

VMware Integrated Partner Solutions for Networking and Security

Extreme Networks Security Analytics G2 Risk Manager

Extreme Networks Security Analytics G2 SIEM

FASTER, SIMPLER AND SMARTER NETWORKS THROUGH SDN INNOVATION

A Presentation at DGI 2014 Government Cloud Computing and Data Center Conference & Expo, Washington, DC. September 18, 2014.

NitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring

Network Performance + Security Monitoring

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Cover. White Paper. (nchronos 4.1)

RSA Security Analytics

Forcepoint Stonesoft Management Center

When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs

Next-Generation Firewall Overview

RSA Security Analytics Security Analytics System Overview

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

IBM Security Intrusion Prevention Solutions

JOURNAL OF OBJECT TECHNOLOGY

Extreme Networks Security Analytics G2 Vulnerability Manager

New Virtual Application Networks Innovations Advance Software-defined Network Leadership

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA

End-user Security Analytics Strengthens Protection with ArcSight

Your Location Instant NOC using Kaseya. Administrator at Remote Location Secure access to Management Console from anywhere using only a browser

Transcription:

Extreme Networks: The Purview Solution Integration with SIEM Integrating Application Management and Business Analytics into other IT management systems A SOLUTION WHITE PAPER

WHITE PAPER Introduction Purview integration with Security information Event Management (SIEM) Purview is a network powered application analytics and optimization solution that captures and analyzes context-based application traffic to deliver meaningful intelligence - about applications, users, locations and devices. It is the Industry s very first and only patent pending - solution to transform the Network into a Strategic Business Asset - by enabling the mining of network-based business events and strategic information that help business leaders make faster and more effective decisions. It does this all from a centralized command control center that combines Network Management with Business Analytics, and at unprecedented scale (100M sessions) and scope. Enterprise Mobility is more than the mobile device mobility and agility across the entire enterprise requires access to data from any device it has also resulted in a change of the application landscape by moving away from installing and maintaining traditional applications to private and public cloud based delivery models such as SalesForce.com, Google Apps, and many more. Apps Everywhere Public and Private Cloud Millions of new applications have been developed to support new work efficiencies, with new apps showing up every day; some become business critical the next How users see applications: How traditional switches see applications: Port 80 Port 443 1 Loss of application visibility and control Purview SIEM White Paper 2

day while others may have no real value. Additionally mobile users demand immediate access to all of their social media apps. Social, mobile, cloud and Big Data is everywhere. To maximize the user experience IT must make sure that applications can be seamlessly delivered from the cloud private or public - to those users and devices that require them to perform their jobs. What is Purview? The 3 main solution components that make up this unique Purview architecture are: OneFabric Control Center with OneFabric Connect Purview (Application Fingerprint) Engine CoreFlow2 based Device OneFabric Control Center provides centralized visibility and control over the entire network. Centralized visibility and control enables infrastructure and application teams to work together, eliminating costly misalignments and errors that occur through typical operational workflows. Embedded automation and orchestration features improve application delivery for dynamic and mobile environments leveraging cloud, virtualization, and server/storage consolidation. OneFabric Control Center provides unified, centralized management and control, which allows network operations to leverage the power and intelligence, built into Extreme Networks networking solutions and thereby unlock the full potential of Purview. Additionally OneFabric Control Center as a SDN (Software Defined Network) management and control solution integrates with external systems via OneFabric Connect - a set of APIs that increases visibility and control to new heights. The data that Purview provides can be accessed via OneFabric Connect to create new third party integrations or augment existing integrations. The integration options are: Scheduled reporting (email via PDF) OneFabric Connect API (XML) support for integration with other IT applications Real time application detection notification (using syslog) Purview is in fact a deep packet inspection (DPI) solution that can be deployed at scale, across the entire network infrastructure from the data center to the mobile edge wired and wireless providing a superior user experience while optimizing network resource utilization. A fully integrated and unified solution can also eliminate point products thereby reducing the operational complexity and cost that is associated with these existing approaches. By providing more contextual information the solution becomes a business asset for analytics and networkdriven business intelligence. CoreFlow2 is the cornerstone of Extreme Networks switching technology addressing the need for application monitoring and control at scale and high performance. CoreFlow2 is a highly programmable custom designed ASIC, which delivers flexibility in packet classification and reframing not found in competitive offerings. The granularity of packet analysis and controls is unsurpassed, and it translates into real-world benefits in the data center and the campus network. The flow based application visibility provided by CoreFlow2 is used to provide the Purview flow mirroring to the Purview Fingerprint Engine. Overview Purview Integration with Extreme Networks SIEM The Purview solution has an application flow export option. This option allows all flows from a given Purview engine to be forwarded via syslog to an external log aggregation system like a SIEM Security Information Management system or other analytics solutions. The format of the events follows the Log Event Extended Format (LEEF) which is supported by the Extreme Networks SIEM and IBM s QRadar solution. Essentially, a LEEF event is a collection of standard fields in the Name/Value Figure 2 Purview solution architecture and components Purview SIEM White Paper 3

Example Purview event parsed and normalized in the Extreme Networks SIEM: pair format which are automatically parsed and normalized by the SIEM system. The remainder of the fields is metadata fields derived from the specific flow by Purview like SSLVersion, Common Names, URL, URI, content type, Request cookie, Request referrer, Request method, User-Agent and more. Purview Correlation within the Extreme Networks SIEM Within the SIEM system each event from the Purview system is mapped to an ACL Permit category. This allows the SIEM to correlate the Purview flow as if it were a router ACL event and expose the Purview flows to correlation across a large number of the SIEM s standard behavior and security rules. The standard correlation rules produced the following list of rules that will successfully correlate Purview events. Anomaly: Excessive Firewall Accepts Across Multiple Hosts Anomaly: Excessive Firewall Accepts From Multiple Sources to a Single Destination Anomaly: Potential Honeypot Access Anomaly: Remote Access from Foreign Country Anomaly: Systems using many different protocols Botnet: Local host on Botnet CandC List (DST) Botnet: Local host on Botnet CandC List (SRC) Botnet: Potential Botnet Connection (DNS) Botnet: Potential Connection to a Known Botnet CandC Botnet: Successful Inbound Connection from a Known Botnet CandC Compliance: Traffic from DMZ to Internal Network Compliance: Traffic from Untrusted Network to Trusted Network Exploit: Exploits Followed by Firewall Accepts Policy: Connection to Internet on Unauthorized Port Policy: Create Offenses for All Instant Messenger Traffic Policy: New DHCP Server Discovered Recon: Remote Mail Server Scanner Recon: <approximately 50 additional recon rules tied to specific services> Purview SIEM White Paper 4

SuspiciousActivity: Communication with Known Hostile Networks SuspiciousActivity: Common Non-Local to Remote Ports SuspiciousActivity: Communication with Known Online Services SuspiciousActivity: Communication with Known Watched Networks Purview Visibility within the Extreme Networks SIEM solution The Extreme Networks SIEM and IBM QRadar solutions are able to provide significant network visibility regarding the monitored network by processing Purview events in similar fashion and capability to the way Firewall events are handled. Basically, the SIEM solution provides key network visibility in the following four areas: All Purview events are indexed, stored, and immediately available for real-time queries to assist with network debugging efforts Audit queries can be created and saved to help satisfy compliance requirements, Dashboard views can be created to graphically display critical aspects of Purview flows in real-time Trend reporting can pull from stored and indexed data to create custom daily, weekly, and monthly reports Summary Purview provides application visibility for IT operations and business analytics at unparalleled scale and performance. Purview is also part of the OneFabric Control Center suite of network management solutions. By taking advantage of the OneFabric Connect API Purview acts as a data broker and can feed application layer data to other third party applications like a SIEM so that it can help detect potential malicious applications and monitor security compliance. http://www.extremenetworks.com/contact Phone +1-408-579-2800 2014 Extreme Networks, Inc. All rights reserved. Extreme Networks and the Extreme Networks logo are trademarks or registered trademarks of Extreme Networks, Inc. in the United States and/or other countries. All other names are the property of their respective owners. For additional information on Extreme Networks Trademarks please see http://www.extremenetworks.com/company/legal/trademarks/. Specifications and product availability are subject to change without notice. 6614-1014 WWW.EXTREMENETWORKS.COM Purview SIEM White Paper 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information