How To Make A Network Safer With Stealthwatch

Datum: 03.07.2007, Seite: 1 Referenten: Gregor Mendel, Marcel Britten

Netzwerkkonzept

Informationsveranstaltung

am 03.07.2007

Im Bristol Hotel Mainz

Thema:

Ideen zum Netzwerkdesign

- Switching

- WLAN

-

Security

- VoIP

Network Behaviour Analysis with Lancope

Datum: 03.07.2007, Seite: 3 Referenten: Gregor Mendel, Marcel Britten

Problem: Insuring Network Integrity, Reliability and Performance

„

Network integrity, performance issues and downtime can be caused by

many different events:

• Security incidents

• Network faults

• Bandwidth hogs

• Application errors

• Communication infrastructure bottlenecks

• Poor network design

• Rogue devices and host configurations

• User related issues and problems

„

Network performance and downtime impacts:

• Revenue

• Productivity

• Customer Satisfaction

• Expenses

Problem: Securing the Internal Network from Int. & Ext. Threats

„

Perimeter Security tools were designed to prevent bad traffic from

entering the enterprise network (Firewalls, IDS, and IPS). Organizations

have deployed perimeter security tools but have discovered they are not

effective against new worms, viruses and exploits and they were never

designed to protect the enterprise from internal threats

„

Many organizations have not deployed traditional IDS tools because

they are labor intensive, generate large numbers of alerts (false

positives), and do not prioritize the most serious problems

„

Security events can be caused by internal or external sources and most

organizations have not deployed technology to protect against internal

threats

„

Organizations debate the business risk of deploying IPS tools, i.e., the

risk of blocking good traffic. Enterprise IPS deployment can be very

expensive so most organizations only deploy IPS in certain parts of their

network perimeter

Datum: 03.07.2007, Seite: 5 Referenten: Gregor Mendel, Marcel Britten

What Are The Challenges in Solving these

Problems

?

„

It often requires individuals from multiple groups to

solve these problems:

• Users

• Helpdesk

• Network Operations Center

• Security Operations Center

„

It can take hours or days to identify the source or root

cause of a negative impact on the network – either

network performance or network security related

because:

• Information, which may be incomplete and difficult to access, often

comes from disparate systems and the accuracy can be questionable

• Many organizations lack the real-time visibility of the entire network

required to solve complex problems

Lancope’s Mission with StealthWatch

•To optimise Network and Security operations teams ability to identify,

prioritize, determine root cause, remediate and report on all network incidents

that impact overall network health, host integrity, and security of the network

•Significantly reduce the time and resources required to identify and remediate

network performance and security problems

•Provide visibility of all network activity

•Support and Enable Regulatory Compliance

•SOX, Japan SOX

•Basel II

•PCI Payment Card Industry

•COBIT

•HIPPA

Datum: 03.07.2007, Seite: 7 Referenten: Gregor Mendel, Marcel Britten

Lancope StealthWatch Unique Value Proposition

„

StealthWatch is the best technology to secure clients internal networks

and optimize the performance of those networks in a single scalable

solution

„

Functionally rich technology

•

Monitors, secures, mitigates, optimizes and reports on all network and

network security activity

•

Unique prioritization technology enables clients to focus on resolving their

most serious problems (The Concern Index™, Target Index, and File Sharing

Index)

•

Integration with all of the most popular Firewall, IDS, IPS, SIM, SEM, and

System Management technologies (including Foundry INM) enables easy fast

integration to clients current infrastructure

•

StealthWatch matches user IP address with user Identity

•

StealthWatch provides a sophisticated easy, to use management reporting

capability

„

StealthWatch is Intuitive and Easy to Use

•

Point-of-View™: Role-based user interface based on user’s job role provides

clients with the most powerful technology that is configurable for each users

responsibilities. Enables distributed management responsibilities if required

Datum: 03.07.2007, Seite: 9 Referenten: Gregor Mendel, Marcel Britten

StealthWatch Architecture:

Monitor

Datum: 03.07.2007, Seite: 11 Referenten: Gregor Mendel, Marcel Britten

StealthWatch Architecture:

Secure

Datum: 03.07.2007, Seite: 13 Referenten: Gregor Mendel, Marcel Britten

StealthWatch Architecture:

Optimize

Datum: 03.07.2007, Seite: 15 Referenten: Gregor Mendel, Marcel Britten

Problems Solved: Network Security & Optimization

„

StealthWatch provides a fully integrated view of all network

usage, performance details, host integrity and user behaviour

„

StealthWatch is the simplest, easiest to use, most powerful and

most cost-effective solution to monitor and protect the internal

client network from growing insider threats as well as external

threats

„

StealthWatch enables quick diagnosis of the source and root

cause of any network problem, performance or security related,

causing response time delays. “ We can solve problems in one

tenth of the time”

„

StealthWatch enables network and security teams collaboration

and to dramatically reduce the time required to identify and

resolve network and network security problems

„

StealthWatch provides extensive historical and trending data to

facilitate network performance capacity planning and resource

management

How We Do It: Why Flow Data?

„

Leverage existing flow data: the “Who, What, When, Where and How” of

network traffic

• NetFlow – Cisco and Juniper (Cflow)

• sFlow - Foundry / Extreme / HP ProCurve/Alcatel

„

By turning all routers and switches into a virtual surveillance system

„

Turns raw flow data into valuable intelligence about:

• Network Users and Applications

• Performance problems

• Compliance problems

• Peak Usage Times

• Traffic Routing

Datum: 03.07.2007, Seite: 17 Referenten: Gregor Mendel, Marcel Britten

StealthWatch Functional Overview

Collect and

Process 130

Unique Flow

Statistics

Apply

100

StealthWatch

Algorithms

Generate

Alarms, Alerts,

and Reports

Build Profile of 100

Host Attributes

Send SYSLOG,

SNMP, and

Emails

Perform

Mitigation Action

Display in UI

Mirror Port,

SPAN, or Tap

Cisco

(NetFlow)

Foundry HP

(sFlow)

Generate

Profile-Enhanced

Alarms, Alerts,

and Reports

Store Detailed Log

of All Flows

Datum: 03.07.2007, Seite: 19 Referenten: Gregor Mendel, Marcel Britten

StealthWatch Network Behavior Analysis & Response

Product Family

StealthWatch

Identity-1000

StealthWatch

Flow Collectors

StealthWatch

NC

StealthWatch Xe

for NetFlow

StealthWatch Xe

for sFlow

Datum: 03.07.2007, Seite: 21 Referenten: Gregor Mendel, Marcel Britten

How the StealthWatch System Looks at Networks

Datum: 03.07.2007, Seite: 23 Referenten: Gregor Mendel, Marcel Britten

How the StealthWatch System Looks at Networks

Datum: 03.07.2007, Seite: 25 Referenten: Gregor Mendel, Marcel Britten

How the StealthWatch System Looks at Networks

Datum: 03.07.2007, Seite: 27 Referenten: Gregor Mendel, Marcel Britten

StealthWatch Product Line

SMC

Collects and Manages

multiple StealthWatch

and StealthWatch Xe

appliances.

Xe-1000

Entry-Level/Midrange

StealthWatch NetFlow

or sFlow Collector.

Xe-2000

High-end StealthWatch

NetFlow or sFlow

Collector.

M250

Designed for fast

Ethernet networks

G1

Designed for networks

with speeds up to one

gigabit per second.

M45

Designed for DS3 links

or underutilized fast

Ethernet connections