Upload File

stackarmor microsummit - niksun network monitoring - dpi

  • Home
  • Technology
  • stackArmor MicroSummit - Niksun Network Monitoring - DPI
33
KNOW THE UNKNOWN ® NIKSUN Inc., CONFIDENTIAL - INTERNAL USE ONLY This document contains confiden0al informa0on that shall be distributed, routed or made available only within NIKSUN. Comprehensive Network Monitoring / DPI NIKSUN Inc.

Upload: gaurav-gp-pal

Post on 22-Jan-2018

46 views

Category:

Technology


0 download

Report

TRANSCRIPT

Page 1: stackArmor MicroSummit - Niksun Network Monitoring - DPI

KNOW THE UNKNOWN®

NIKSUNInc.,CONFIDENTIAL-INTERNALUSEONLYThisdocumentcontainsconfiden0alinforma0onthatshallbedistributed,routedormadeavailableonlywithinNIKSUN.

ComprehensiveNetworkMonitoring/DPI

NIKSUNInc.

Page 2: stackArmor MicroSummit - Niksun Network Monitoring - DPI

  Whydoescybercrimes0llpersist,despitesignificantinvestment?

  Whatdoesitmeantohavetrulycomprehensivemonitoring?  Surveillance,Detec0on,andForensics

  Howcanthishelpyouintherealworld?  ContextualAwareness(IncidentResponse)  FirewallMonitoring&DDoS  Malware/Ransomware  Compliance  Informa0onHiding  DNSServerHacked(Forensics)

Agenda

NIKSUN,Inc.CONFIDENTIAL--Seeconfiden0alityrestric0onson0tlepage. Slide2

Page 3: stackArmor MicroSummit - Niksun Network Monitoring - DPI

NIKSUN,Inc.CONFIDENTIAL--Seeconfiden0alityrestric0onson0tlepage.

WhyDoesCyberCrimePersist?

Slide3Copyright NIKSUN 2014

Known

Unknown

Cyber Security Products Cover this Area

Sophisticated Hackers work here!

Known

Known

Unknown Unknown

Imagine if the CDC only looked to prevent virus’ that have already wiped out millions… they would have no recourse in mitigating incidents like Ebola! •  Now imagine if they had

full visibility into every single person in the United States… they could monitor every person’s body and watch for the development of both old and new virus’

Page 4: stackArmor MicroSummit - Niksun Network Monitoring - DPI

Preven0on

  Howcanonepreventthatwhichonecan’tsee?  Whatnewservicesandapplica0onshaveenteredyournetworkthatyouareunawareof?

  Whoisbehindthem?Isitalegi0matebusinessapplica0onoratrojanormalware?

  Howdoweknowthatourdefensesareeffec0ve?

NIKSUN,Inc.CONFIDENTIAL--Seeconfiden0alityrestric0onson0tlepage. Slide4

Page 5: stackArmor MicroSummit - Niksun Network Monitoring - DPI

WhatKnowledgeIsNecessary?

  Weneedmoreadvancedsignals(“data”)thanthosewhichwehaveprogrammedapriori

  Goodcybera^ackersevadeaprioriindicatorsandexploitdifferenta^ackvectors

  Anovelapproachisnecessarytogatherinforma0onfrombothknownandunknowna^ackvectors

NIKSUN,Inc.CONFIDENTIAL--Seeconfiden0alityrestric0onson0tlepage. Slide5

Page 6: stackArmor MicroSummit - Niksun Network Monitoring - DPI

ComprehensiveMonitoring

NIKSUN,Inc.CONFIDENTIAL--Seeconfiden0alityrestric0onson0tlepage. Slide6

Page 7: stackArmor MicroSummit - Niksun Network Monitoring - DPI

Whatisneeded?•  Videocamera(surveillance)•  Sensordetec0on(laserbeams)•  Imagerecogni0on(easysearchforforensics,incidentresponse)

Whyareflowslimited?•  Generallyonlyprovideinforma0onatlayer3•  Lackgoodsupportforcorrelatedflows(FTP,Mobility,evenwebpages,etc.)•  LackofbroaderThreatIntelligencesupport(files,domains,cer0ficates,

etc.)

Whyarelogslimited?•  Developerschoosewhatlogstorecord.Can’tknowabouta^acksthat

havenotevenoccurredyet

WhatisNetworkMonitoring?

NIKSUN,Inc.CONFIDENTIAL.--Seeconfiden0alityrestric0onson0tlepage. Slide7

Page 8: stackArmor MicroSummit - Niksun Network Monitoring - DPI

SampleFlowlogs

NIKSUN,Inc.CONFIDENTIAL.--Seeconfiden0alityrestric0onson0tlepage. Slide8

Page 9: stackArmor MicroSummit - Niksun Network Monitoring - DPI

  Surveillance&ThreatHun0ng  Top-downHolis0cviewofAllNetworkAc0vity  Cri0calNetworkInfrastructureIndicators  Real-0meContentAnaly0cs  Applica0onRecogni0on/Applica0onMetadata  Geo-IP

  Detec0on  Anomaly/Signatures/Content(DataLeakage)  IntelligenceFeeds

  IncidentResponse&Forensics  Applica0onReconstruc0on&Ar0factExtrac0on  SandboxIntegra0on  Flows&Connec0ons  RawPackets

  Other  Performance  Compliance

ComprehensiveMonitoring

NIKSUN,Inc.CONFIDENTIAL--Seeconfiden0alityrestric0onson0tlepage. Slide9

Page 10: stackArmor MicroSummit - Niksun Network Monitoring - DPI

EmailServerCRM

Server WebServer

Enterprise-wideMonitoring

NIKSUN,Inc.CONFIDENTIAL.--Seeconfiden0alityrestric0onson0tlepage. Slide10

Monitor across all deployed physical and virtual devices, centrally, from any smart device

Page 11: stackArmor MicroSummit - Niksun Network Monitoring - DPI

FastMacro-to-MicroAnalysis

Slide11NIKSUN Inc., CONFIDENTIAL. See confidentiality restrictions on title page

Global Visibility

Regional View

Specific Session

Single Packet

NIKSUN, Inc. CONFIDENTIAL -- See confidentiality restrictions on title page. Slide 11

Page 12: stackArmor MicroSummit - Niksun Network Monitoring - DPI

DeepContentInspec0on-Example

NIKSUN,Inc.CONFIDENTIAL--Seeconfiden0alityrestric0onson0tlepage. Slide12

With just a few clicks, DPI / DCI can identify all of this information

Page 13: stackArmor MicroSummit - Niksun Network Monitoring - DPI

UseCase–ContextualAwareness

NIKSUN,Inc.CONFIDENTIAL--Seeconfiden0alityrestric0onson0tlepage. Slide13

Page 14: stackArmor MicroSummit - Niksun Network Monitoring - DPI

UseCase:ContextualAwareness

NIKSUN,Inc.CONFIDENTIAL--Seeconfiden0alityrestric0onson0tlepage. Slide14

Alarms

Firewall

Log Analyzer

IDS/IPS

Content Filters

SIEM

Scanners

Alarms

Incident Response -Integrated Analysis

Alarms

Attacks often occur over disparate parts of the network, over extended periods of time à forensic investigation is necessary to put together pieces of the puzzle and reveal how an attack was crafted

Page 15: stackArmor MicroSummit - Niksun Network Monitoring - DPI

UseCase–FirewallMonitoring

NIKSUN,Inc.CONFIDENTIAL--Seeconfiden0alityrestric0onson0tlepage. Slide15

Page 16: stackArmor MicroSummit - Niksun Network Monitoring - DPI

  Trendinginforma0ontotuneFirewalls  TCP-SYNrate(commonfirewallmetric)  Fragmentedpacketrate(IPv4,IPv6)  UDP,ICMP,DNS,NTP,etc.packetrates  Bandwidth

  In-depthanalysisofa^acka^empts  Resolveissueswithfirewalls

  FWvendors/usersokenneedpacketstotuneagainstana^ack  ComprehensiveIntelligenceonDDoSa^acks

  Isolatebadtrafficfromgood

  ThreatIntelligence(didanybadURLsmakeitpasttheFW?)  AnalyzeFirewalleffec0veness(Retrospec0veIDS)  ReplaytraffictotestnewFWrules

UseCase-FirewallMonitoring

NIKSUN,Inc.CONFIDENTIAL--Seeconfiden0alityrestric0onson0tlepage. Slide16

Inline systems may face latency and complexity constraints, requiring a reduction in the deployed ruleset •  Monitoring becomes

invaluable for a constant pulse on critical infrastructure

Page 17: stackArmor MicroSummit - Niksun Network Monitoring - DPI

NIKSUN,Inc.CONFIDENTIAL--Seeconfiden0alityrestric0onson0tlepage.

FirewallInbound+OutboundMonitoring

Network Internet

Who is trying to get in?

What methods are they using?

Who got in?

What did they get

out?

Backdoor?

Slide17

Page 18: stackArmor MicroSummit - Niksun Network Monitoring - DPI

DDoSMonitoring(Volumetric/Applica0on)

NIKSUN,Inc.CONFIDENTIAL--Seeconfiden0alityrestric0onson0tlepage. Slide18

Page 19: stackArmor MicroSummit - Niksun Network Monitoring - DPI

RedZone/GreenZone

NIKSUN,Inc.CONFIDENTIAL--Seeconfiden0alityrestric0onson0tlepage. Slide19

Page 20: stackArmor MicroSummit - Niksun Network Monitoring - DPI

TrafficVolume-BeforeandAkerFirewall

NIKSUN,Inc.CONFIDENTIAL--Seeconfiden0alityrestric0onson0tlepage. Slide20

Page 21: stackArmor MicroSummit - Niksun Network Monitoring - DPI

UseCase– Ransomware(Wannacry)

NIKSUN,Inc.CONFIDENTIAL--Seeconfiden0alityrestric0onson0tlepage. Slide21

Page 22: stackArmor MicroSummit - Niksun Network Monitoring - DPI

UseCase:WannacryInves0ga0on

NIKSUN,Inc.CONFIDENTIAL--Seeconfiden0alityrestric0onson0tlepage. Slide22

Page 23: stackArmor MicroSummit - Niksun Network Monitoring - DPI

UseCase:WannacryInves0ga0on(cont.)

NIKSUN,Inc.CONFIDENTIAL--Seeconfiden0alityrestric0onson0tlepage. Slide23

•  Leverage retrospective IDS •  View SMB scans on your infrastructure •  Real-time intelligence feed related information

Page 24: stackArmor MicroSummit - Niksun Network Monitoring - DPI

UseCase:WannacryInves0ga0on(cont.)

NIKSUN,Inc.CONFIDENTIAL--Seeconfiden0alityrestric0onson0tlepage. Slide24

How can we know if the hosts scanned have actually been impacted?

Page 25: stackArmor MicroSummit - Niksun Network Monitoring - DPI

UseCase–Compliance

NIKSUN,Inc.CONFIDENTIAL--Seeconfiden0alityrestric0onson0tlepage. Slide25

Page 26: stackArmor MicroSummit - Niksun Network Monitoring - DPI

  Discovercompliancelevelwithtrafficmonitoring  FasterthanPenTes0ng

  Validatesecuritypreandpostchanges  Firewalls,networks,servers

  Evidence  Rawdatacaptures

  Instantlyiden0fyinsecurecommunica0ons  Whoisusingnoncompliant:SSL2.0,SSL3.0,TLS1.0  Whoisusingwhichciphers–strongorweak?  WhatCer0ficatesareinuse?CertOrganiza0ons?  Cleartextprotocols,SSN

UseCase:Compliance-PCI/Fed/Gov

NIKSUN,Inc.CONFIDENTIAL--Seeconfiden0alityrestric0onson0tlepage. Slide26

Page 27: stackArmor MicroSummit - Niksun Network Monitoring - DPI

Compliance–SSLMetadata

Slide27NIKSUN,Inc.CONFIDENTIAL--Seeconfiden0alityrestric0onson0tlepage.

Page 28: stackArmor MicroSummit - Niksun Network Monitoring - DPI

UseCase–InformaMonHiding/

ExfiltraMon

NIKSUN,Inc.CONFIDENTIAL--Seeconfiden0alityrestric0onson0tlepage. Slide28

Page 29: stackArmor MicroSummit - Niksun Network Monitoring - DPI

NIKSUN,Inc.CONFIDENTIAL--Seeconfiden0alityrestric0onson0tlepage.

Scenic?

Slide29

Page 30: stackArmor MicroSummit - Niksun Network Monitoring - DPI

NIKSUN,Inc.CONFIDENTIAL--Seeconfiden0alityrestric0onson0tlepage.

AndNow?

Slide30COPYRIGHT 2013 - NIKSUN Inc.

Social Security Numbers hidden in picture… only way to tell is by drilling down to the raw packets!

Page 31: stackArmor MicroSummit - Niksun Network Monitoring - DPI

UseCase–DNSServerHacked

NIKSUN,Inc.CONFIDENTIAL--Seeconfiden0alityrestric0onson0tlepage. Slide31

Page 32: stackArmor MicroSummit - Niksun Network Monitoring - DPI

  Spear-phishinga^ackluredemployeestogototheirbanktoupdatetheirinfo

  TheywereredirectedtoaBADsite  DifficulttotraceastheDNSserverfixeditselfakersomeamountof0mesotheproblemcouldnotbeiden0fiedbytradi0onalmethods

  Forensicanalysis  Discoveredthatthe“windowofopportunity”wastransient  GaveIPaddressofallthosethatwereluredtothewrongsite  Reconstructedthea^ackandtracedthea^acker’smovesstep-by-step

  DamagewasminimizedduetorapididenMficaMonandimmediateremediaMon

UseCase:DNSServerHacked

NIKSUN,Inc.CONFIDENTIAL--Seeconfiden0alityrestric0onson0tlepage. Slide32

Page 33: stackArmor MicroSummit - Niksun Network Monitoring - DPI

NIKSUN:HelpingYouKnowtheUnknown®[email protected]

Foraddi0onalinforma0on:

NIKSUN,Inc.CONFIDENTIAL--Seeconfiden0alityrestric0onson0tlepage. Slide33


Towards Secure Vehicular Networks - NIKSUN › presentations › day3 › NIKSUN...Telcordia’sproposed PKI Solution (ACM DIM 2010) Unique Features: A double hashing technique to

NIKSUN NetDetector/NetVCR 10440

Sponsored by NIKSUN NetDetector/NetVCR 2005 Traffic Analyzer

A Short History of Radio - NIKSUN: Know the Unknown

Title and Content - NIKSUN · into a common global IT platform of seamless networks and networked “things”. Future Internet ... IDC Worldwide and U.S. Security Services 2011–2015

Security by Design - stackArmor...Specific ports must be open (e.g. 8443, 8089, 8191, and 9996) or else Splunk won’t work properly 8443 –Splunk search page (port used for user

Mobility Management for Next Generation Wireless Internet · Mobility Management for Next Generation Wireless Internet Ashutosh Dutta, Ph.D. Senior Scientist. NIKSUN Innovation Center

Walter Willinger NIKSUN, Inc. wwillinger@niksun · Engineering hack Example of what we can measure, not what we want to measure! Basic problem #1: IP alias resolution problem How

The Art of Cybersecurity (on a 5G canvas)5gsummit.org/docs/slides/Darryle-Merlette-5GSummit-Princeton... · Hackers and Painters NIKSUN Confidential – Restricted Access See Title

Mobility Management Requirements for NGN Ashutosh Dutta NIKSUN Princeton New Jersey, 08540 Prepared for GISFI #5 IOT - Hyderabad 1 Contact: [email protected]

stackArmor presentation for DevOpsDC ver 4

NIKSUN NetOmni 8940 - Common Criteria

NIKSUN NetVoice Datasheet v8 - Datakom: Datakom · Collect, Record and Analyze Large Number of VoIP Calls NetVoice’s huge storage capacity, ... in analyzing and visualizing calls

About the Author - NIKSUN - Network Security and Performance · 2017-09-07 · About the Author: Dr. Edward G ... • Cyber Security – Includes the NetDetector family of packet

Copyright NIKSUN 2014 Using Big Data Analytics To Thwart Cyber Threats Shivank Dua

3GPP SAE/LTE Security - NIKSUN · PDF file3GPP SAE/LTE Security Anand R. Prasad NEC Corporation NIKSUN WWSMC, 26 July, 2011, Princeton, NJ, USA MI事企画M11-0043 Disclaimer

Next Generation Monitoring of Mobile Networks : A ... · PDF fileLTE KPIs (Security) NIKSUN Confidential –Restricted Access See Title Page for Restrictions Slide 34 Metrics Use Response

NIKSUN Virtual Appliance Datasheet · » Anomaly Detection: detect anomalous traffic patterns such as covert channels, port scans, or DDoS attacks » Application Recognition: Classify

A Short History of Radio - NIKSUN...A Short History of Radio fred harris 22-July 2011 IEEE Distinguished Lecturer IEEE Fellow & Life Member It appears to be a new wireless technology

Know the Unknown NetVoice® - TelecomTest Solutionstelecomtest.com.au/datasheets/niksun/niksun-netvoice...VoIP specific services and applications, with granular views down to microseconds

Title and Content - NIKSUN · 5 •With advances in miniaturization and nanotechnology, smaller and smaller things will have the ability to interact and connect, at a lower cost •Eventually

Know the Unknown NetOmni™ Suite - NIKSUN

NIKSUN - Network Security and Performance · COMPANY WEBSITE YEAR EST. NIKSIJN 1997 New Jersey Innovation Institute (NJII) nJ11.com 2014 Business Machine Technologies Inc. 1992 Sectigo(l)

Price/Performance Value Leadership Award - NIKSUN · 2018-11-12 · Suite, NetVCR Suite, Virtual and Cloud Solutions, NetOmni, NetTradeWatch, NetMobility, ... NIKSUN’s solution

StackArmor: Comprehensive Protection from Stack-based ...giuffrida/papers/ndss-2015.pdf · contiguously allocated in memory, so the attack can safely rely on the predictability of

 · 2017-03-04 · His career, spanning more than 30 years, includes Director of Technology Security at AT&T, CTO of Wireless at a Cybersecurity company NIKSUN, Inc., Senior Scientist

stackArmor Security MicroSummit - AWS Security with Splunk

stackArmor AWS Security MicroSummit

Introducing FreeBSD in new environment of FreeBSD... · pfSense FreeNAS Niksun

NIKSUN Virtual Appliance Datasheet...Application Performance Monitoring Providing 100% visibility into infrastructure in multiple timeframes (from sub-seconds to months), NIKSUN Virtual

“We Accelerate Growth” - NIKSUN

StackArmor: Comprehensive Protection from Stack-based ... · 9/5/2017  · target bytes as path-safe and a first read-before-write event causes the DA analyzer to mark the target

NIKSUN Virtual Appliance Datasheet · RTP, RADIUS, Diameter, and many more » Integration: Authentication - TACACS+, RADIUS, CAC, LDAP and Active Directory. All NIKSUN products integrate

AWS Security Best Practices Real-world examples and …files.meetup.com/19805711/stackArmor 07-19-2016 meetup.pdf · Supported the first AWS cloud migration in 2009 for ... 1 Web

Supreme Eagle 100 Gbps - NIKSUN · 2016-10-13 · Supreme Eagle is 4 times more efficient in comparison to other industry offerings. Together, its speed and power lead to the fastest