m
    

m


AGENDA
Ô( ) Self-Defending Network Concept
Ô Why do we need SDN·s?
Ô Foundation of the SDN?
j Endpoint Protection
j Admission Control
j Infection Containment
j Intelligent Correlation and Incident Response
j Inline IDS and Anomaly Detection
j Application Security and Anti-X Defense
Ô Summary
Ô Questions
 SELF-DEFENDING NETWORK
(SDN) CONCEPT
Ô A systems-based solution that allows entities to
use their existing infrastructure in V

 to:
j Reduce windows of vulnerability
j Minimize the impact of attacks
j Improve overall infrastructure availability and
reliability
SDN CONCEPT (CONT.)
Ô SDN also helps create autonomous systems that
can quickly react to an outbreak with little to no
human intervention
WHY DO WE NEED SDN·S?
Ô Evolution of network Evolution of attacks on
networks
Ô Traditional approach Defense-in-depth
j Proactive defense mechanisms
Ô SDN approach
j Adaptive defense mechanisms
WHY DO WE NEED SDN·S? (CONT.)
Ô Proactive defense mechanisms«not obsolete,
simply inefficient in responding to breeches in
network security
Ô Proactive solutions defense mechanisms
PROACTIVE DEFENSE EXAMPLE

 
 

Õ


Õ
 
w
 




 Õ 

 


 



WHY DO WE NEED SDN·S? (CONT.)
Ô Adaptive Solutions«focus isn·t solely on
preventing network attacks
Ô Attempt to effectively:
j Detect
j Respond
j Recover

Ô Little to no adverse effect on the network and its

users
WHY DO WE NEED SDN·S? (CONT.)
Ô Key elements of an adaptive solution:
j Remain active at all times
j Perform unobtrusively
j Minimize propagation of attacks
j Quickly respond to as-yet unknown attacks
FOUNDATION OF A SDN
1. Endpoint Protection
2. Admission Control
3. Infection Containment
4. Intelligent Correlation and Incident Response
5. Inline IDS and Anomaly Detection
6. Application Security and Anti-X Defense
ENDPOINT PROTECTION
Ô You are only as strong as your weakest
link
Ô One non-sanitized end-user system
connected behind a robust, efficient
defense can spell D-O-O-M for a network
Ô Security Agent
j Point of presence on end user systems that
enables efficient exchange of valuable network
threat information as it occurs
j Endpoint system virus, worm
detection/protection
ADMISSION CONTROL
Ô Not only core component of a SDN, but
incorporated into other technologies by
over 30 industry-leading vendors
Ô Network Admission Control (NAC) assists
in determining the level of access to grant
an end-user system in accordance with the
security policy when it initially joins the
network
Ô NAC also assists in managing end-user
system·s compliance with security patches
and updates
INFECTION CONTAINMENT
Ô The ability to identify non-compliant systems or
network attacks as they occur and react
appropriately, minimizing the effect of the breech
Ô Potentially the #1 core component of a secure
system belonging to a SDN
INTELLIGENT CORRELATION AND
INCIDENT RESPONSE
Ô Services
that provide the ability to
exchange:
j Event information
j Implications of an event occurring
j Necessary actions to take
j The appropriate nodes or systems to enforce
actions in real-time
Ô These services aide in adapting to changes
and countering attacks that are occurring
in the network  
 
V  

APPLICATION SECURITY AND ANTI-
X DEFENSE
Ô A menagerie of application layer security
products that address the ´ever-evolvingµ classes
of threats which are not effectively addressed by
traditional firewall and network IDS products
Ô Threat examples:
j E-mail based SPAM and phishing
j Spyware
j Unauthorized peer-to-peer activity
SUMMARY
Ô New phraseology NOT a new technology
Ô Encompassing security solution that is
proactive AND adaptive in nature that
envelopes every level of network security
rather than just specific layers
Ô Key difference in SDN and traditional
security solutions«ability of SDN·s to
communicate and share information
among different security products
employed within the SDN
QUESTIONS