(CISCO) Self-Defending Networks Ben Sangster

Agenda (CISCO) Self-Defending Network Concept Why do we need SDN’s? Foundation of the CSDN? Endpoint Protection Endpoint Protection Admission Control Admission Control Infection Containment Infection Containment Intelligent Correlation and Incident Response Intelligent Correlation and Incident Response Inline IDS and Anomaly Detection Inline IDS and Anomaly Detection Application Security and Anti-X Defense Application Security and Anti-X DefenseSummaryQuestions

Cisco Self-Defending Network (CSDN) Concept A systems-based solution that allows entities to use their existing infrastructure in new ways to: Reduce windows of vulnerability Reduce windows of vulnerability Minimize the impact of attacks Minimize the impact of attacks Improve overall infrastructure availability and reliability Improve overall infrastructure availability and reliability

CSDN Concept (cont.) CSDN also helps create autonomous systems that can quickly react to an outbreak with little to no human intervention

Why do we need CSDN’s? Evolution of network  Evolution of attacks on networks Traditional approach  Defense-in-depth Proactive defense mechanisms Proactive defense mechanisms CSDN approach Adaptive defense mechanisms Adaptive defense mechanisms

Why do we need CSDN’s? (cont.) Proactive defense mechanisms…not obsolete, simply inefficient in responding to breeches in network security Proactive solutions frontload defense mechanisms

Proactive Defense Example Internet Outer Firewall DMZ Inner Firewall Internal Corp. Network Servers (e.g. web, , proxy) Development Network

Why do we need CSDN’s? (cont.) Adaptive Solutions…focus isn’t solely on preventing network attacks Attempt to effectively: Detect Detect Respond Respond Recover Recover Little to no adverse effect on the network and its users

Why do we need CSDN’s? (cont.) Key elements of an adaptive solution: Remain active at all times Remain active at all times Perform unobtrusively Perform unobtrusively Minimize propagation of attacks Minimize propagation of attacks Quickly respond to as-yet unknown attacks Quickly respond to as-yet unknown attacks

Foundation of a CSDN 1.Endpoint Protection 2.Admission Control 3.Infection Containment 4.Intelligent Correlation and Incident Response 5.Inline IDS and Anomaly Detection 6.Application Security and Anti-X Defense

Endpoint Protection You are only as strong as your weakest link One non-sanitized end-user system connected behind a robust, efficient defense can spell D-O- O-M for a network Cisco Security Agent Point of presence on end user systems that enables efficient exchange of valuable network threat information as it occurs Point of presence on end user systems that enables efficient exchange of valuable network threat information as it occurs Endpoint system virus, worm detection/protection Endpoint system virus, worm detection/protection

Admission Control Not only core component of a CSDN, but incorporated into other technologies by over 30 industry-leading vendors Network Admission Control (NAC) assists in determining the level of access to grant an end- user system in accordance with the security policy when it initially joins the network NAC also assists in managing end-user system’s compliance with security patches and updates

Infection Containment The ability to identify non-compliant systems or network attacks as they occur and react appropriately, minimizing the effect of the breech Potentially the #1 core component of a secure system belonging to a CSDN

Intelligent Correlation and Incident Response Services that provide the ability to exchange: Event information Event information Implications of an event occurring Implications of an event occurring Necessary actions to take Necessary actions to take The appropriate nodes or systems to enforce actions in real-time The appropriate nodes or systems to enforce actions in real-time These services aide in adapting to changes and countering attacks that are occurring in the network as they occur rather than after they occur

Application Security and Anti-X Defense A menagerie of application layer security products that address the “ever-evolving” classes of threats which are not effectively addressed by traditional firewall and network IDS products Threat examples: based SPAM and phishing based SPAM and phishing Spyware Spyware Unauthorized peer-to-peer activity Unauthorized peer-to-peer activity

Summary New phraseology NOT a new technology Encompassing security solution that is proactive AND adaptive in nature that envelopes every level of network security rather than just specific layers Key difference in CSDN and traditional security solutions…ability of CSDN’s to communicate and share information among different security products employed within the CSDN

Questions