Presentation is loading. Please wait.

Presentation is loading. Please wait.

THE CYBER PROTECTION BRIGADE, POLICY, AND CLOUD-ENABLED SECURITY

Published byRichard McBride Modified over 7 years ago

Similar presentations

Presentation on theme: "THE CYBER PROTECTION BRIGADE, POLICY, AND CLOUD-ENABLED SECURITY"— Presentation transcript:

1 THE CYBER PROTECTION BRIGADE, POLICY, AND CLOUD-ENABLED SECURITY
HOLISTIC NETWORK PROTECTION: THE CYBER PROTECTION BRIGADE, POLICY, AND CLOUD-ENABLED SECURITY Danielle M. Zeedick, Ed.D., CISM, CBCP Sr. Manager, EHS&S, FSO-CSSO-ISSO Juniper Networks AFCEA TECHNET AUGUSTA 2017

2 This discussion and presentation is UNCLASSIFIED No classified discussion in this space.
March 2017

3 Secretary Mattis “Cyber cuts across everything we do today."
Support warfighters by "establishing a culture of innovation across the Department, and encouraging the adoption of proven capabilities, rather than seeking to reinvent what already exists on the commercial market.“ The "acquisition system and culture must adapt to the reality that hardware and software systems must be integrated and change on a more frequent basis in order to meet warfighter needs, adapting to the speed of relevance.” "Poor acquisition outcomes are forfeiting U.S. technology advantages and depriving the nation of strategic capabilities, investigate the reasons why the U.S. currently lacks a clear cyber doctrine.” "Because of the cyber domain, it's not something the military can do in isolation…"

4 TODAY’S TOPICS

5 Topics JIE/JRSS Quick Overview DoD Cyber Strategy
Strategic Goals and Objectives Openstack Reference Architecture Drop-and-Go Networks Concluding Thoughts

6 JIE/JRSS OVERVIEW

7 JIE/JRSS DOD TRANSFORMATION

8 JIE End-State Environment Stable Agile Standard Managed Meshed
Protected What’s next?

9 Advantages Single Security Architecture (SSA)
Security measures from each branch to be consolidated Cultural resistance New Training Global Operations Center Increased visibility via the GOC to individual commands Interoperability for communication across DOD (e.g., San Antonio: One transport pipe (Army and Air Force)) Attack surface decreased

10 Challenges Shadow IT policies
Cybersecurity hygiene and testing not initially built in to JIE/JRSS JRSS Phase 2 delayed one year Resource allocation from each branch dedicated to this effort is low Navy and Marine Corps agreed June 2016 Air Force agreed to do IdAM later in process Attack surface decreased

11 DOD CYBER STRATEGY: APRIL 2015

12 Reasons for the New Strategy
Increasing severity and sophistication of cyber threats DoD is the largest network in the world Risk mitigation is key Use of Risk Management Framework (RMF) 2012: President Obama directed DoD to organize and plan to defend the nation against cyberattacks Requires new thinking and strategy for DoD Cooperation with other government agencies

13 DoD and Private Sector Involvement
Talent Attraction Use private sector/industry/academia for innovation Research Institutions to design and build resilient networks DoD will strengthen ties between industry and academia Budget concerns Training concerns

14 Deterrence is Key The strategy specifically explains DoD’s role in deterrence responsibilities Broader national set of capabilities Use: Declaratory policy Substantial I&W capabilities Defensive posture Effective response procedures (Is this offense?)

15 May 11, 2017 Executive Order Findings: More effective risk management and reduction in vulnerabilities needed through the following: Agency heads will be held accountable by the President for implementing risk management measures Each agency head shall use The Framework for Improving Critical Infrastructure Cybersecurity (by NIST) Establishes American Technology Council Encourages one or more consolidated network architectures and shared IT services, including , cloud, and cybersecurity services NOW headed by Chris Liddell, Former CFO of Microsoft and wants to “dial up” private industry involvement Text of the E.O.

16 STRATEGIC GOALS AND OBJECTIVES

17 Five Goals and Implementation Objectives
Build and maintain ready forces and capabilities to conduct cyberspace operations enhanced training; improved military and civilian recruitment and retention; and stronger private sector support. Defend the DoD Information network, secure DoD data, and mitigate risk to DoD missions. Be prepared to defend the U.S. homeland and U.S. vital interests from disruptive or destructive cyberattacks of significant consequence Build and maintain viable cyber options and plan to use those option t control conflict escalation and to shape the conflict environment at all stages. Build and maintain robust international alliances and partnerships to deter shared threats and increase international security and stability.

18 Cyber Mission Force DoD began building a Cyber Mission Force to carry out cyber missions. Will include over 6200 military, civilian, and contractor personnel. Strategy for the CMF’s development is clear in the strategy. All 133 of U.S. Cyber Command’s Cyber Mission Force teams achieved initial operating capability (IOC) as of October 21, 2016. All teams will be in place by 2018.

19 Cyber Protection Teams
Under Strategic Goal II CPTs are network defenders Abilities are to discover, detect, analyze, and mitigate threats and vulnerabilities to defend the DODIN. DoD will complete: Assessment of CPTs capacity, capability, and employment model in regard to mission assurance priorities as set by combatant command requirements. What innovations can align with CPTs?

20 Managing the New Strategy
Establish the Office of the Principal Cyber Advisor to the Secretary of Defense Improve cyber budgetary management Develop DoD’s cyber operations and cybersecurity policy framework Conduct an end-to-end assessment of DoD’s cyber capabilities Involve an additional 2,000 military reserve and national guardsmen to be activated by the end of 2018.

21 OPEN STACK REFERENCE ARCHITECTURE

22 OpenStack Reference Architecture (OSRA)
Virtualization Cloud Security: Analytics + Big Data + Artificial Intelligence OSRA is a typical cloud infrastructure deployment consists of a pool of resources of compute, storage, and networking infrastructure. Usually all managed by a cluster of controller nodes.

23 High-level reference architecture
High availability deployment using OpenStack deployed as a cluster of controller nodes.

24 OpenStack Objectives 99.999% availability for tenant traffic.
Anytime availability for cloud operations. Provide VIP-based access to the API and UI services. Load balance network operations across the cluster. Management and orchestration elasticity. Failure detection and recovery.

25 Limitations During failover, a REST API call may fail. The application or user must reattempt the call. Although zero packet drop is the objective, in a distributed system such as Contrail, a few packets may drop during ungraceful failures. Juniper OpenStack high availability is not tested with any third party load balancing solution other than HAProxy (for load balancing).

26 Juniper SDSN: Deployment Use Cases
Infected Host Tracking & Quarantine CAMPUS & BRANCH PRIVATE CLOUD Dynamic Segmentation & Service Chaining HYBRID CLOUD Consistent Policy for On-Prem & Cloud Applications DC MICRO-SEGMENTATION East-West Control for Physical and Virtual Apps

27 SDSN Phase-2 Key Features Customer Benefits
SDSN is a huge differentiator for Juniper Complete Threat Remediation Use Case Additional Juniper & 3rd Party Devices Introduce User Intent Based Policy Model Simplicity of policy to support agile applications & users Support Private & Public Cloud With vSRX on VMware NSX, Contrail, AWS User Intent Policy Juniper Support EX & QFX in Fusion mode & MX Contrail 3rd Party Enforcement NSX, Cisco Switches, AWS, Azure Key Features Flexible and extensible policy - Security Policy is tied to a business intent and not to a network topology Enhanced user experience and optimized network operation - Unified Security Policy across all Juniper Product Lines Ubiquitous and multi-vendor enablement – work with 3rd party devices and works on-premise as well in the Cloud Customer Benefits

28 Sky ATP Enhancements ATP Key Features Customer Benefits 3 2
Threat Sharing Ecosystem Sky Advanced Threat Prevention Cloud 2 Restful API Sandbox w/Deception Static Analysis ATP Juniper Cloud Customer (SMTP, IMAP) 1 support: SMTP, IMAP (Comprehensive support) Threat Intelligence sharing: STIX/TAXII/Cybox, Yara API ecosystem: Infected Host APIs to integrate with third-party vendors along with custom feed API Key Features bound malware prevention ability allows customers to fence off one of the largest threat vector- 70% malware comes through Rich API ecosystem that enables shared Threat Intelligence Pool to identify and prevent malware quickly and effectively Customer Benefits

29 SD-WAN Key Features Customer Benefits SD-WAN Highlights
Network Service Activator SD-WAN Controller Orchestrator SD-WAN Highlights Must support multiple WAN connections MPLS, Internet, LTE etc. MPLS Can do dynamic path selection Allows for Application based load sharing across WAN links HQ Provides simplified WAN management Support zero-touch provisioning & unified security & routing policy Internet Data Center Must support secure VPNs Support flexible VPN deployments options with Auto VPN, Group VPN Branch Integrated LTE MPIM Application based routing phase-II Phone call home client on SRX3xx / SRX1500 Application QOE Ephemeral commit (policy changes without formal commit) Key Features Enable customers to reduce WAN spending by incorporating cost-effective broadband and LTE links into the WAN Dynamic WAN path selection and load-balancing WAN traffic across multiple links based on the application, user and its performance Significant reduction in operation cost by provisioning remote branch office without truck rolls and on-site expertise Customer Benefits

30 “DROP-N-GO” NETWORKS

31 The White Box Solution White Boxes are working networks without regard to component manufacturer, NOS, etc. Byproduct of SDN. Gives the customer choice of products. All equipment in the white box is open, agile, and flexible for quick integration. Several large players in the White Box arena. Cloud services could be integrated, not just plain Internet.

32 Considering White Box Solutions
Understand why you need it. Model can be a powerful enabler, but only if your existing networking vendor harms your business agility or budget. Know your operational model. The change will affect staff, service delivery and system monitoring, and knowing the existing operational model will help you plan a path to the new model. White box solutions do not have to be organization-wide. Start small and test carefully. White box networking is not an all-or-nothing proposition. Deploy a few switches in a low-risk area.

33 White Box Solutions for “Drop-n-Go” Networks (from Big Switch Networks offers the Switch Light NOS, Big Cloud Fabric, and Big Monitoring Fabric controller applications program white box switches in the fabric via the Switch Light NOS. Pica8, with its PicOS, offers a full-featured white box NOS that can be configured via a traditional CLI as well as modern automation tools. Cumulus Networks sells Cumulus Linux, paired with a hardware abstraction layer. Cumulus Linux is aimed at shops that already use automation tools to manage the network infrastructure.

34 White Box solutions… continued
Juniper Networks introduced the QFX5200 line of access switches in November, its first platform to run a disaggregated version of Junos OS. Customers can deploy third-party network services or applications directly on Juniper platforms and program directly to Juniper systems using the Open Compute Project software model. Gigamon, a major provider of network visibility fabrics, has ported its GigaVUE-OS to white box switches.

35 White Box solutions … continued
Hewlett-Packard added a brite-box product to its networking mix. The Accton switch runs Cumulus Networks' NOS. Dell offers several of its own products as open switches, and supporting NOSs from vendors like Big Switch and Cumulus. IP Infusion has historically sold to networking vendors, but now offers its OcNOS product to white box users.

36 CONCLUDING THOUGHTS

37 Meshing DOD Cyber Strategy with Fast-moving Innovation
DOD Cyber Strategy will be using the JIE/JRSS architecture that includes: Virtualization, the Cloud, and Security measures. The Cyber Protection Brigade, Cyber Mission Force, and Cyber Protection Teams are currently rolling out (IOC 21 October 2016). Combatant Commands will integrate Cyber Protect Teams. Virtualization in the Cloud plays a large part in the training of the CPB and CPTs and defensive and offensive postures. OSRA allows for agility in network design. White box networks are by-products of SDN concepts and implementations without regard for manufacturer or OS.

38 THANK YOU! dzeedick@juniper.net

39 DISCUSSION

Download ppt "THE CYBER PROTECTION BRIGADE, POLICY, AND CLOUD-ENABLED SECURITY"

Similar presentations

The U.S. Coast Guard’s Role in Cybersecurity

The U.S. Coast Guard’s Role in Cybersecurity
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Software Defined Networking.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Software Defined Networking.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Cisco CloudVerse for Government: Helping Agencies Reduce Costs and Respond.

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Cisco CloudVerse for Government: Helping Agencies Reduce Costs and Respond.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
Preparing your Fabric & Apps for Windows Server 2003 End of Support Jeff Woolsey Principal Program Manager.

Preparing your Fabric & Apps for Windows Server 2003 End of Support Jeff Woolsey Principal Program Manager.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.

1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
MDC417 Follow me on Working as Practice Manager for Insight, he is a subject matter expert in cloud, virtualization and management.

MDC417 Follow me on Working as Practice Manager for Insight, he is a subject matter expert in cloud, virtualization and management.
1 MIKE MARCELLIN VP PRODUCT MARKETING. THE NEW NETWORK ENABLES CLOUD SERVICES, SECURITY, MOBILITY AND CONTENT DELIVERY NETWORKS.

1 MIKE MARCELLIN VP PRODUCT MARKETING. THE NEW NETWORK ENABLES CLOUD SERVICES, SECURITY, MOBILITY AND CONTENT DELIVERY NETWORKS.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Copyright © 2014 Juniper Networks, Inc. 1 Juniper Unite Cloud-Enabled Enterprise Juniper’s Innovation in Enterprise Networks.

Copyright © 2014 Juniper Networks, Inc. 1 Juniper Unite Cloud-Enabled Enterprise Juniper’s Innovation in Enterprise Networks.
© 2014 IBM Corporation Does your Cloud have a Silver Lining ? The adoption of Cloud in Grid Operations of Electric Distribution Utilities Kieran McLoughlin.

© 2014 IBM Corporation Does your Cloud have a Silver Lining ? The adoption of Cloud in Grid Operations of Electric Distribution Utilities Kieran McLoughlin.
20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.

20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.
Robert Mahowald August 26, 2015 VP, Cloud Software, IDC

Robert Mahowald August 26, 2015 VP, Cloud Software, IDC
Introduction to Avaya’s SDN Architecture February 2015.

Introduction to Avaya’s SDN Architecture February 2015.
Cisco Consulting Services for Application-Centric Cloud Your Company Needs Fast IT Cisco Application-Centric Cloud Can Help.

Cisco Consulting Services for Application-Centric Cloud Your Company Needs Fast IT Cisco Application-Centric Cloud Can Help.
CAMPUS LAN DESIGN GUIDE Design Considerations for the High-Performance Campus LAN.

CAMPUS LAN DESIGN GUIDE Design Considerations for the High-Performance Campus LAN.
Designing Cisco Data Center Unified Fabric 642-996.

Designing Cisco Data Center Unified Fabric
Digital Transformation with SD-WAN

Digital Transformation with SD-WAN
SDN & NFV Driving Additional Value into Managed Services.

SDN & NFV Driving Additional Value into Managed Services.
Check Point vSEC STORY [Protected] Non-confidential content.

Check Point vSEC STORY [Protected] Non-confidential content.

Similar presentations

Ads by Google