1 / 17

(CISCO) Self-Defending Networks

(CISCO) Self-Defending Networks. Ben Sangster. Agenda. (CISCO) Self-Defending Network Concept Why do we need SDN’s? Foundation of the CSDN? Endpoint Protection Admission Control Infection Containment Intelligent Correlation and Incident Response Inline IDS and Anomaly Detection

shayla
Download Presentation

(CISCO) Self-Defending Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. (CISCO) Self-Defending Networks Ben Sangster

  2. Agenda • (CISCO) Self-Defending Network Concept • Why do we need SDN’s? • Foundation of the CSDN? • Endpoint Protection • Admission Control • Infection Containment • Intelligent Correlation and Incident Response • Inline IDS and Anomaly Detection • Application Security and Anti-X Defense • Summary • Questions

  3. Cisco Self-Defending Network (CSDN) Concept • A systems-based solution that allows entities to use their existing infrastructure in new ways to: • Reduce windows of vulnerability • Minimize the impact of attacks • Improve overall infrastructure availability and reliability

  4. CSDN Concept (cont.) • CSDN also helps create autonomous systems that can quickly react to an outbreak with little to no human intervention

  5. Why do we need CSDN’s? • Evolution of networkEvolution of attacks on networks • Traditional approachDefense-in-depth • Proactive defense mechanisms • CSDN approach • Adaptive defense mechanisms

  6. Why do we need CSDN’s? (cont.) • Proactive defense mechanisms…not obsolete, simply inefficient in responding to breeches in network security • Proactive solutions frontload defense mechanisms

  7. Servers (e.g. web, e-mail, proxy) Internal Corp. Network Development Network Proactive Defense Example DMZ Internet Outer Firewall Inner Firewall

  8. Why do we need CSDN’s? (cont.) • Adaptive Solutions…focus isn’t solely on preventing network attacks • Attempt to effectively: • Detect • Respond • Recover • Little to no adverse effect on the network and its users

  9. Why do we need CSDN’s? (cont.) • Key elements of an adaptive solution: • Remain active at all times • Perform unobtrusively • Minimize propagation of attacks • Quickly respond to as-yet unknown attacks

  10. Foundation of a CSDN • Endpoint Protection • Admission Control • Infection Containment • Intelligent Correlation and Incident Response • Inline IDS and Anomaly Detection • Application Security and Anti-X Defense

  11. Endpoint Protection • You are only as strong as your weakest link • One non-sanitized end-user system connected behind a robust, efficient defense can spell D-O-O-M for a network • Cisco Security Agent • Point of presence on end user systems that enables efficient exchange of valuable network threat information as it occurs • Endpoint system virus, worm detection/protection

  12. Admission Control • Not only core component of a CSDN, but incorporated into other technologies by over 30 industry-leading vendors • Network Admission Control (NAC) assists in determining the level of access to grant an end-user system in accordance with the security policy when it initially joins the network • NAC also assists in managing end-user system’s compliance with security patches and updates

  13. Infection Containment • The ability to identify non-compliant systems or network attacks as they occur and react appropriately, minimizing the effect of the breech • Potentially the #1 core component of a secure system belonging to a CSDN

  14. Intelligent Correlation and Incident Response • Services that provide the ability to exchange: • Event information • Implications of an event occurring • Necessary actions to take • The appropriate nodes or systems to enforce actions in real-time • These services aide in adapting to changes and countering attacks that are occurring in the network as they occur rather than after they occur

  15. Application Security and Anti-X Defense • A menagerie of application layer security products that address the “ever-evolving” classes of threats which are not effectively addressed by traditional firewall and network IDS products • Threat examples: • E-mail based SPAM and phishing • Spyware • Unauthorized peer-to-peer activity

  16. Summary • New phraseology NOT a new technology • Encompassing security solution that is proactive AND adaptive in nature that envelopes every level of network security rather than just specific layers • Key difference in CSDN and traditional security solutions…ability of CSDN’s to communicate and share information among different security products employed within the CSDN

  17. Questions

More Related