Open Source in Government: Delivering Network Security, Flexibility and Interoperability

Similar documents
Open Source Software for Cyber Operations:

COUNTERSNIPE

Suricata IDS. What is it and how to enable it

Bricata Next Generation Intrusion Prevention System A New, Evolved Breed of Threat Mitigation

SANS Top 20 Critical Controls for Effective Cyber Defense

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

Introducing IBM s Advanced Threat Protection Platform

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Network Performance + Security Monitoring

Overview of NetFlow NetFlow and ITSG-33 Existing Monitoring Tools Network Monitoring and Visibility Challenges Technology of the future Q&A

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

Next-Generation Firewalls: Critical to SMB Network Security

NitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring

Unified Threat Management Throughput Performance

Moving Beyond Proxies

REMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

Leveraging Symantec CIC and A10 Thunder ADC to Simplify Certificate Management

Content-ID. Content-ID URLS THREATS DATA

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Bridging the gap between COTS tool alerting and raw data analysis

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

Requirements When Considering a Next- Generation Firewall

Load Balancing Security Gateways WHITE PAPER

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

INTRODUCING isheriff CLOUD SECURITY

Business Case for a DDoS Consolidated Solution

VULNERABILITY MANAGEMENT

Cisco IPS Tuning Overview

Content Scanning for secure transactions using Radware s SecureFlow and AppXcel together with Aladdin s esafe Gateway

Defending Against Cyber Attacks with SessionLevel Network Security

IBM Security Network Intrusion Prevention System

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why Sorting Solutions? Why ProtectPoint?

Extreme Networks Security Analytics G2 Vulnerability Manager

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

Saisei and Intel Maximizing WAN Bandwidth

Chapter 9 Firewalls and Intrusion Prevention Systems

Out-of-Band Security Solution // Solutions Overview

Scalable Extraction, Aggregation, and Response to Network Intelligence

CLOUD GUARD UNIFIED ENTERPRISE

WHITE PAPER. Extending Network Monitoring Tool Performance

Meeting the Challenges of Virtualization Security

SELECTING THE RIGHT HOST INTRUSION PREVENTION SYSTEM:

White paper. Keys to SAP application acceleration: advances in delivery systems.

Six Days in the Network Security Trenches at SC14. A Cray Graph Analytics Case Study

The Cisco ASA 5500 as a Superior Firewall Solution

Providing Secure IT Management & Partnering Solution for Bendigo South East College

Symantec Enterprise Firewalls. From the Internet Thomas Jerry Scott

WanVelocity. WAN Optimization & Acceleration

Achieve Deeper Network Security and Application Control

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

Secure Cloud-Ready Data Centers Juniper Networks

Windows Server on WAAS: Reduce Branch-Office Cost and Complexity with WAN Optimization and Secure, Reliable Local IT Services

Unified Threat Management, Managed Security, and the Cloud Services Model

Intrusion Prevention System

SourceFireNext-Generation IPS

Juniper Networks Solution Portfolio for Public Sector Network Security

SYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.

Virtualized Security: The Next Generation of Consolidation

Analyzing Full-Duplex Networks

Architecture Overview

Concierge SIEM Reporting Overview

IBM Security Network Protection

5 Things You Need to Know About Deep Packet Inspection (DPI)

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

How To Buy Nitro Security

SP Monitor. nfx One gives MSPs the agility and power they need to confidently grow their security services business. NFX FOR MSP SOLUTION BRIEF

First Line of Defense to Protect Critical Infrastructure

High performance security for low-latency networks

Network Security Monitoring

10 Strategies to Optimize IT Spending in an Economic Downturn. Wong Kang Yeong, CISA, CISM, CISSP Regional Security Architect, ASEAN

Lumeta IPsonar. Active Network Discovery, Mapping and Leak Detection for Large Distributed, Highly Complex & Sensitive Enterprise Networks

Network Monitoring using MMT:

IBM Security Intrusion Prevention Solutions

Technical Note. ForeScout CounterACT: Virtual Firewall

Network Access Control in Virtual Environments. Technical Note

Business Case for Data Center Network Consolidation

McAfee Server Security

Cyber Watch. Written by Peter Buxbaum

STEALTHWATCH MANAGEMENT CONSOLE

Safeguarding the cloud with IBM Dynamic Cloud Security

Windows Embedded Security and Surveillance Solutions

On-Premises DDoS Mitigation for the Enterprise

Cisco Wide Area Application Services (WAAS) Software Version 4.0

Protecting the Infrastructure: Symantec Web Gateway

QRadar Security Intelligence Platform Appliances

Juniper Networks Solution Portfolio for Public Sector Network Security

Cisco IWAN and Akamai Intelligent Platform : Maximize Your WAN Investment

Intrusion Prevention System

Clean VPN Approach to Secure Remote Access for the SMB

E-Guide. Sponsored By:

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

Network Immunity Solution. Technical White paper. ProCurve Networking

Transcription:

W H I T E P A P E R Open Source in Government: Delivering Network Security, Flexibility and Interoperability Uncompromising performance. Unmatched flexibility.

Introduction Amid a growing emphasis on transparency and accountability, government agencies are striving to make information more readily accessible and ensure interoperability among and within agencies. Conversely, these same agencies are operating in an evolving networking environment, marked by a growing pool of complex security threats and a dramatic rise in network use. In addition, tight budgets are forcing agencies to look for ways to meet their information assurance and network security objectives while also containing spending. The result is an increasing demand for economically viable policy-centric data inspection and processing capabilities to insure secure information delivery and assurance in this volatile networking environment. Fortunately, some of the most innovative cyber security, traffic analysis, traffic management, app lication acceleration and mobility solutions are available to government agencies as open source software applications. Adoption of open source has soared in recent years at all levels of government, as agencies and systems integrators increasingly embrace the advantages these applications present over proprietary solutions and self-funded initiatives. Open source applications that are deep packet inspection (DPI)-enabled can help agencies better assess and manage network traffic to ensure data integrity and security while keeping pace with the high-performance demands of a collaborative, net-centric environment. By deploying open source applications, government agencies can implement the best solutions for their needs without many of the security, interoperability and cost challenges associated with proprietary or in-house developed products. This white paper explores some key benefits to government agencies when open source applications are deployed to enhance cyber security and network awareness. In addition to offering a list of commonly deployed applications, the paper also discusses the improvements in flexibility, agility, solution stability, as well as the potential reduction in the total cost of ownership that comes with open source solutions. 1

5 Key Values of Open Source Software 1. Breadth and Depth of Open Source Cyber Security Solutions Given the bandwidth-intensive, collaborative and sensitive nature of government networks, many agencies are especially eager to deploy open source applications that provide greater visibility, security, and control over network traffic. Several leading edge open source applications are available to and are being deployed by government IT and security managers today, particularly to address network security, flow analysis, and traffic monitoring and management requirements. Key Open Source Security Applications: Application Purpose Description Argus System & Network Monitoring Audit data to support network operations, performance, and security management, including network forensics, non-repudiation, network asset and service inventory. Arpwatch ARP monitoring tool Provides alerts on modifications to ARP tables Barnyard Bro nprobe Alert Processor for SNORT Passive Intrusion Detection Active Inline Prevention NetFlow Collector Offloads the output processing task by parsing the SNORT unified output format into textual or database alerts. Network intrusion prevention and detection application using eventoriented analysis Scalable network monitoring architecture that passively monitors and collects netflow information on high-speed network links ntop GUI for network metrics Network traffic probe that displays network usage SANCP Connection Profiler Creates network connection and traffic logs for auditing, historical analysis, and network activity discovery SiLK Flow Analysis Engine Delivers historic and real time analysis of network traffic. SNORT Squid Suricata Passive Intrusion Detection Active Inline Prevention Web Proxy Passive Intrusion Detection Active Inline Prevention Network intrusion, prevention and detection application that combines the benefits of signature, protocol and anomaly-based inspection methods Web caching proxy for HTTP, HTTPS, FTP, and others that reducesbandwidth and improves response times. Next generation multi-threaded IDS/IPS from Open Information Security Foundation (OISF). TCPdump Packet Capture Open source tool for capturing and analyzing packets YAF Flow Analysis Sensor Network flow recording program that processes packet flows into IPFIX format for later analysis. Core to the optimal execution of each of these applications is deep packet inspection (DPI) technology. DPI technology allows IT managers to set network access, control and monitoring policies that are customized according to the agency s unique network security needs and requirements. 2

Agency Location #1 Agency Location #2 Government Agency Characteristics Classified and Unclassified Networks Single and/or Multiple Locations Legitimate and Malicious Users Internal & External Threats Unclassified Network INTERNET Argus Classified Network Open Source Cyber Security Applications Arpwatch Bro IDS/IPS SiLK SNORT Suricata YAF Agency Location #3 What s Required To Protect Agency Networks A high performance DPI networking device aggregating on a single platform - Security / Intrusion Detection & Prevention - Flow Analysis - Monitoring & Surveillance For example, DPI-enabled network flow recording and analysis tools, like YAF and SiLK, can provide agencies with comprehensive visibility into network protocols and data traversing their network, presenting an all-inclusive view of the network environment, network users, and bandwidth trends. By recording and analyzing network flows, YAF and SiLK can help identify and report policy violations as well as viruses, worms, botnets, malware and other vulnerabilities. As seen above, DPI-enabled open source applications are widely available for government use. However, agencies must carefully select the appropriate host processing platform(s) to meet network security and bandwidth requirements; usually these applications function best when integrated with a high-performance DPI-enabled platform. 2. Empowering Government with Flexibility and Agility With unique mission goals, government agencies need flexibility, control and oftentimes scalability over the form, fit and function of network solutions. However, rather than enabling agencies with customized solutions that are best-suited for their objectives, proprietary products can create vendor dependency, locking agencies into costly products with pricey licensing agreements. Unfortunately, once locked-in to a single vendor solution, the switching costs to more flexible, value-add solutions may be high. Open source software based solutions eliminate vendor lock-in and dependency. Instead of relying on one specific vendor, agencies have access to a wide range of best of breed technologies and are freed from dependency (and risk) on a single vendor for upgrades, security patches and other enhancements. While government-off-the-shelf (GOTS) solutions afford agencies a high level of direct control over product specifications and can be freely shared among agencies, they require dedicated software programmers and can be costly to modify. Modular open source systems allow programmers to adapt key features or add new capabilities when needed, rapidly developing and deploying customized applications to address their specific challenges. Open source allows government programmers to tailor existing open source code, minimizing the time and money needed to create a custom solution. 3

3. Bolstering Security and Innovation Open source users can count on a large and active community that offers best practices in network access awareness and control, cyber security and information assurance. This community presents a significant pool of knowledge and resources government IT managers can tap for fresh ideas, a variety of opinions and reliable insight, as opposed to relying on a single vendor source. The open source user community is particularly beneficial when it comes to one of the most pressing concerns for government agencies: cyber security. For highly sensitive government networks, security vulnerabilities are not an option. Fortunately, access to open source program blueprints enhances security while also promoting continuous product improvement. User communities are constantly testing and validating open source software. When security patches are required, the open source community responds rapidly to fix the bugs, developing fixes for security vulnerabilities, sharing patches and continually refining and refreshing software, ensuring that open source solutions continuously evolve and improve. This open source community approach enhances security, since vulnerabilities are quickly identified and remedied before they can be exploited. In other words, cyber security vulnerabilities are minimized when thousands of experienced programmers have the opportunity to independently view, modify and validate the blueprint. 4. Doing More with Less A perennial challenge for government IT managers is making the most of tight budgets in networking environments where they lack the necessary human and financial resources required to keep up with software changes, equipment upgrades, licensing fees and maintenance costs that come with closed or proprietary technologies. Open source software has lower total cost of ownership (TCO) than closed solutions, and enables government agencies to develop and deploy scalable applications at a fraction of the time and cost of proprietary software. Often, open source solutions are available for free with technical support in terms of ongoing patches and upgrades provided by the community at large. In additional, some high-performance DPI-enabled platforms allow multiple open source applications to run simultaneously on common data streams without impacting performance, further reducing CapEx and OpEx costs for agencies. 5. Supporting Collaboration and Interoperability With open source, IT managers can share critical information among and within agencies. Open source makes it easier for agencies to collaborate among themselves and with private sector solutions providers, and to provide constituents with easy access to resources and information. For example, government agencies can use standards-based, self-serve open source Web applications to make information available to constituents or other agencies, furthering transparency and simplifying access to unclassified information. Bivio Networks: Optimizing Open Source Applications with High-Performance Infrastructure To optimally support open source DPI-enabled applications with minimal porting effort, government agencies need policy-centric network infrastructure that can execute deep packet inspection and processing at multi-gigabit speeds on a single platform. 4

To this end, Bivio Networks application and network processor scaling technology, coupled with a standard Linux operating environment, makes the company s DPI application platforms uniquely suited to support the deep packet processing capabilities of a variety of open source applications and services. Leveraging Bivio s DPI-enabled network appliances, government agencies achieve dramatic increases in the performance of open source applications. In fact, through its Application Library, Bivio provides government agencies and channel partners deploying network security, monitoring and analysis solutions one-click access to and implementation of industry-leading open source networking applications on Bivio s DPI application platforms. Applications include a range of security, flow analysis and network optimization software packages, all of which are certified to perform at throughput speeds of up to 10 Gbps on the Bivio 7000 DPI Application Platform, with higher performance available through Bivio s innovative scaling capabilities. The initial set of applications includes Argus, Arpwatch, Barnyard, Bro, nprobe, ntop, SANCP, SiLK, SNORT, Squid, Suricata, TCPdump, and YAF. The Application Library program allows agency network managers to couple Bivio s industry- leading network appliance platforms with certified open source applications so they can economically leverage the very best solutions available. Bivio also offers the Continuous Threat Monitoring Solution (CTMS), a multi-function, high-performance network monitoring probe designed to provide the best possible defense against known and unknown attacks, often grouped as advanced persistent threats. Bivio CTMS aggregates multiple open source and licensed software engines in a fully-integrated solution to meet customer-specific network awareness and forensics requirements. Get Ahead with Open Source Budget and security considerations often keep government agencies from getting ahead of the curve when it comes to advancing their networks in support of unique mission objectives. But with open source, agencies can implement the applications that are best-suited to mitigate cyber security threats, facilitate collaboration and adapt to evolving network requirements without the restrictions of proprietary or self-funded initiatives. Agencies are increasingly recognizing that, when deployed on high-performance DPI devices like Bivio s, the benefits of open source are many and are moving forward to deploy open source applications to lower costs, promote and encourage innovation and safeguard their networks. For more information on how your agency can get ahead with open source applications through Bivio s Application Library and Continuous Threat Monitoring Solution, please visit http://www.bivio.net/products. 5

About Bivio Networks Bivio Networks is a leading provider of network systems for securing, monitoring and controlling critical network infrastructure. Bivio s global customer base includes worldwide government agencies and service providers. Its product suite enables customers and partners, which include application developers and systems integrators, to develop and deploy leading solutions to secure, monitor and control customer networks. Bivio is privately-held and is headquartered in the San Francisco Bay Area with office locations worldwide. More information is available at www.bivio.net. Bivio Networks, Inc. 4457 Willow Road, Suite 200 Pleasanton, California 94588 Phone: 925-924-8600 Fax: 925-924-8650 www.bivio.net 2011 Bivio Networks, Inc. All rights reserved. The Bivio logo, BiviOS, Bivio 7000 Series, Bivio 7100, Bivio 7500, DPI Application Platform and FlowInspect are trademarks or registered trademarks of Bivio Networks, Inc. All other company and product names may be trademarks of their respective owners. Bivio Networks may make changes to specifications and product descriptions at any time, without notice. Uncompromising performance. Unmatched flexibility.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information