Presentation is loading. Please wait.

Presentation is loading. Please wait.

Software-Defined Secure Networks in Action

Published byLukas Weiß Modified over 5 years ago

Similar presentations

Presentation on theme: "Software-Defined Secure Networks in Action"— Presentation transcript:

1 Software-Defined Secure Networks in Action
Nguyễn Tiến Đức ASEAN Security Specialist

2 1 2 3 4 AGENDA IoT Malware Software-Defined Secure Networks
Software-Defined Secure Networks in Action 4 Sumary

3 IoT malware

4 Real world examples of IoT malware/ransomware
Thermostat ransomware1 Amazon cameras malware2 Jeep remote control3

5 Software-Defined Secure Networks

6 Software Defined Secure Networks
Policy, Detection, and Enforcement Unified and Responsive Leverage entire network and ecosystem for threat intelligence and detection Automated Malware Defense Dynamic, Adaptive Policy Orchestration Threat Intelligence DETECTION POLICY ENFORCEMENT Utilize any element of the network as an enforcement point Dynamically execute policy across all network components including third party devices DETECTION ENFORCEMENT

7 Software Defined Secure Networks (SDSN) Unified Security Platform
DETECTION Third Party Threat Intel Juniper Security Cloud Detection Spotlight Secure Threat Intelligence Sky Advanced Threat Prevention (ATP) Fast, effective protection from advanced threats Integrated threat intelligence Policy POLICY Security Director + Policy Enforcer Policy Enforcement, Visibility, Automation Intelligent enforcement to firewalls, switches, third party devices and routers Robust visibility and management DETECTION SRX Physical Firewall vSRX Virtual Firewall Enforcement ENFORCEMENT Third Party Elements* Consistent protection across physical/virtual Open and programmable environment EX & QFX Switches MX Routers* *Roadmap Network as a single enforcement domain - Every element is a policy enforcement point

8 The ATP verdict chain Staged analysis: combining rapid response and deep analysis Suspect file Suspect files enter the analysis chain in the cloud Cache lookup: (~1 second) Files we’ve seen before are identified and a verdict immediately goes back to SRX 1 Anti-virus scanning: (~5 second) Multiple AV engines to return a verdict, which is then cached for future reference 2 3 Static analysis: (~30 second) The static analysis engine does a deeper inspection, with the verdict again cached for future reference Dynamic analysis: (~7 minutes) Dynamic analysis in a custom sandbox leverages deception and provocation techniques to identify evasive malware 4

9 Security Director Policy Enforcer Infected Endpoint Scenario
Enables remediation via Policy Enforcer workflows in Security Director Delivers micro security services to switches such as EX, QFX Updates enforcement criteria automatically with new threat data Tracks infected host/endpoint movement from site to site via MAC address vs IP address Sky ATP detects malware; renders verdict 2 Threat Intel Sky ATP 3 Enforcement policy rendered vSRX Firewall 4 Policy Enforcer Security Director Switch 4 Enforcement policy automatically deployed Malware enters 1 5 Infected endpoint quarantined

10 Software-Defined Secure Networks in Action

11 SDSN isolates infected host
State-full filter on Firewall + Access list on the Switch port Threat Intel Sky ATP Infected host = Firewall Firewall Switch Switch

12 Client is no longer able to browse the internet or local network
Within minutes the client is isolated from the network preventing proliferation of the malware

13 SDSN tracks host and enforces
Threat Intel Sky ATP Infected host = Firewall Firewall Switch Switch

14 The Right Policy for the Right Job
Different threat levels need different policies Anomalous lightbulb? Quarantine and create new policy for appropriate behavior Compromised core switch? Neutralize the threat and shut down the tunnel vs. killing the switch Software Defined Secure Networks (SDSN) Policy Orchestration + Enforcement Shut down light bulb OR Kill illegitimate tunnel

15 Summary

16 Thank you

Download ppt "Software-Defined Secure Networks in Action"

Similar presentations

Palo Alto Networks Jay Flanyak Channel Business Manager

Palo Alto Networks Jay Flanyak Channel Business Manager
Security Life Cycle for Advanced Threats

Security Life Cycle for Advanced Threats
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.

11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.
Ronald Beekelaar Beekelaar Consultancy Forefront Overview.

Ronald Beekelaar Beekelaar Consultancy Forefront Overview.
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
SECURE CLOUD-READY DATA CENTERS AppSecure development IDC IT Security conference – 2011 Budapest.

SECURE CLOUD-READY DATA CENTERS AppSecure development IDC IT Security conference – 2011 Budapest.
MIGRATION FROM SCREENOS TO JUNOS based firewall

MIGRATION FROM SCREENOS TO JUNOS based firewall
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
The World's Most Secured Browsing Solution COCKPIT4i is a radically new, powerful solution that protects against the security risks posed by exposure to.

The World's Most Secured Browsing Solution COCKPIT4i is a radically new, powerful solution that protects against the security risks posed by exposure to.
Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.

Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.
©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.

©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.
Internal NetworkExternal Network. Hub Internal NetworkExternal Network WS.

Internal NetworkExternal Network. Hub Internal NetworkExternal Network WS.
How STERIS is using Cloud Technology to Protect Web Access Presented By: Ed Pollock, CISSP-ISSMP, CISM CISO STERIS Corporation “Enabling Business”

How STERIS is using Cloud Technology to Protect Web Access Presented By: Ed Pollock, CISSP-ISSMP, CISM CISO STERIS Corporation “Enabling Business”
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Welcome to the Human Network Matt Duke 11/29/06.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Welcome to the Human Network Matt Duke 11/29/06.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
MANAGEMENT ANTIMALWARE PLATFORM Microsoft Malware Protection Center Dynamic Signature Svc Available only in Windows 8 Endpoint Protection Management.

MANAGEMENT ANTIMALWARE PLATFORM Microsoft Malware Protection Center Dynamic Signature Svc Available only in Windows 8 Endpoint Protection Management.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.

1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.

Similar presentations

Ads by Google