Download - The Hidden Network Killer
![Page 1: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/1.jpg)
THE HIDDEN NETWORK KILLERFRANCESCO TRAMA / CO-FOUNDER
![Page 2: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/2.jpg)
AGENDA▸ Traffic Volume, Velocity, and Variety
▸ How Traffic Volume Supports Threats
▸ Network Security Practices Today
▸ Decreasing Volume Improves Security
▸ Challenges in today’s security paradigm
▸ PacketViper
![Page 3: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/3.jpg)
TRAFFIC VOLUME, VELOCITY, AND VARIETY
![Page 4: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/4.jpg)
INTERNET WAS BUILT ON A SHARED PLATFORM
![Page 5: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/5.jpg)
TRAFFIC TRENDS EST BY 2020 ‣ Global IP traffic will reach 2.3 ZB per year, or 194 EB
per month
‣ Global IP traffic will increase nearly threefold
‣ Smartphone traffic will exceed PC traffic
‣ IP traffic in North America will reach 59.1 EB per month
‣ IP traffic in Western Europe will reach 28.0 EB per month
‣ IP traffic in Asia Pacific will reach 67.8 EB per month
‣ IP traffic in Latin America will reach 11.6 EB per month
‣ Devices connected to IP networks will be 3X as high as the global population.
Reference: Cisco VNI™ Forecast June 2016
![Page 6: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/6.jpg)
NETWORK SECURITY TODAY
THERE PLENTY OF SECURITY TOOLS. EACH PROVIDE THEIR OWN EXPERTISE TO SECURITY. NO ONE ALONE SOLVES THE SECURITY
PROBLEM!
EACH IMPROVED BY LESS TRAFFIC VOLUME
![Page 7: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/7.jpg)
How Traffic Volume Supports Threats
![Page 8: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/8.jpg)
THIS IS THE REALITY
‣ Protection has always been a short term fix ‣ Software has breadcrumbs to its origins ‣ Upgrades and Patching not equally done ‣ Short term memory ‣ We are all connected!
LET’S SAY IT OUT LOUD! THREATS WILL ALWAYS BE
![Page 9: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/9.jpg)
A New Zero-Day Vulnerability Discovered Each Week In 2015, the number of zero-day vulnerabilities discovered more than doubled to 54, a 125 percent increase from the year before. Or put another way, a new zero-day vulnerability was found every week (on average) in 2015.
Source Symantec: 2016 Internet Security Threat Report
![Page 10: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/10.jpg)
APPLICATION LAYER DDOS AND BOTS
▸ 18 BOTNET INFECTIONS PER SECOND According to the director of FBI’s cyber division, Joseph Demarest,
▸ 2016 perpetrators could slip through standard security challenges, commonly used to filter out attack traffic.
▸ In Q1 2016, the number of such bots mushroomed to 36.6 percent of total bot traffic
▸ Such capabilities, when combined with a legitimate looking HTTP fingerprint, make malicious bots impervious to most common detection methods.
Source: Q1 2016 Global DDoS Threat Landscape Report Mad Skills
![Page 11: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/11.jpg)
500 MILLION Compromised computers per year.
196 COUNTRIESAs stated by the FBI in a recent Senate statement,
“Botnets have caused over $9 Billion in losses to US victims and over $110 Billion in losses globally. Approximately 500 Million computers are infected globally each year, translating into 18 Victims per second”
Source: Global Security, Safety, and Sustainability
![Page 12: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/12.jpg)
DELIVERY PLATFORMS▸ 2 Million + Apple Apps
▸ 2.2 Million + Android Apps
▸ 669,000 Microsoft Apps
▸ 1.1 Billion Websites
▸ 130+ Billion Emails per day
▸ 3 + Billion Users
▸ 7.2 Billion Mobile Devices
▸ Billions Of USB sticks
▸ 6.4 Billion IoT Devices
Sources: Radicati, Windows Central, Statista, US Census
![Page 13: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/13.jpg)
PITFALLS THAT HURT NETWORK SECURITY
‣ Failure to recognize security is about humans
‣ You believe your are seeing all threats
‣ Believing “Top Anything” reports is the complete picture.
‣ Believe Garbage in not Garbage Out
‣ You Have Clear Visibility
‣ You are prepared for the inevitable breach
‣ OPEX Budgets do not determine your network security strength, viability, and effectiveness.
![Page 14: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/14.jpg)
ATTACKERS ARE AWARE OF YOUR NETWORK CHALLENGES!
Stay Small, Nimble, and Humble
![Page 15: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/15.jpg)
NOT UNDERSTANDING OR OVER THINKING THE GLOBAL REACH OF NETWORKS
▸ CDN and ADN’s provide businesses with content and application everywhere capabilities
▸ Low rent cloud providers provide business and hackers global capabilities.
▸ Applications and business are borderless
Forces security teams to loosen perimeter security and nearly abandoned large scale IP prevention
![Page 16: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/16.jpg)
Security devices do not consider the Business of the Internet, rather the Application of the Internet.
Windows Firewall and Port Settings for Client Computers in Configuration Manager
For the management point to notify client computers about an action that it must take when an administrative user selects a client action in the Configuration Manager console, such as download computer policy or initiate a malware scan, add the following as an exception to the Windows Firewall:
Outbound: TCP Port 10123
Remote Control: To use Configuration Manager remote control, allow the following port:
Inbound: TCP Port2701
Wake-Up Proxy: For System Center 2012 Configuration Manager SP1 and later:
Outbound: UDP Port 25536 Outbound: UDP Port 9
![Page 17: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/17.jpg)
‣ Complexity of today’s internet business.
‣ Services provide live data of the latest malicious IP Traffic via cloud or other wise
‣ Management of such large list become cumbersome and weigh security devices down.
‣ Firewalls would reach their limits attempting to handle a large rule base.
ABANDONMENT OF LARGE SCALE IP PREVENTION FACTORS
![Page 18: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/18.jpg)
‣ Softening perimeter rules, ‣ Exposure of portals (VPN, OWA, FTP, ETC) ‣ To restrictions could introduce latency and complexity ‣ Logging is vague and difficult to understand who or what ‣ Inspect everything cause drag on the team, systems, and
causes logging whiteouts
RESULTS
![Page 19: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/19.jpg)
Network Security Practices Today
![Page 20: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/20.jpg)
NETWORK SECURITY TODAY
▸ Deep Packet Inspection ▸ Stateful Inspections ▸ Application Identification ▸ Protocol Analysis and Detection ▸ Blacklist, AutoShun, Honeypot ▸ Content Inspection ▸ Algorithmic Detection ▸ Operational Behavioral Detection ▸ Logging, Alerting
![Page 21: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/21.jpg)
WWW
SSH
TELN
IMAP
FI
RE
WA
LL
IDS
IPS
SSL
APP
SPI
Rule
s
Con
tent
Insp
ectio
ns
Auth
APP
ID
RBL
ID
LOG
/
Aler
t
Mal
war
e In
spec
tions
![Page 22: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/22.jpg)
LOG ANALYZE ALERTTRAFFIC
24X7X365Monitoring and Management Required
![Page 23: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/23.jpg)
Limits Visibility, Accuracy, Dependability
Increases Latency
Hampers threat identification and remediation
Increases Logging, Alerting, False Positives
Increase costs
Adds Complexity, Management time, and Fatigue
VOLUMETRAFFIC
ITS EFFECT TO NETWORK SECURITY
![Page 24: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/24.jpg)
Decreasing Volume Improves Security
![Page 25: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/25.jpg)
REDUCING TRAFFIC VOLUME REDUCES NETWORK SECURITY INSPECTIONS
TSA▸ Less Deep Packet Inspection ▸ Less Stateful Inspections ▸ Less Application Identification ▸ Less Protocol Analysis and Detection ▸ Less Blacklist, AutoShun, Honeypot ▸ Less Content Inspection ▸ Less Algorithmic Detection ▸ Less Operational Behavioral Detection ▸ Less Logging, Alerting
![Page 26: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/26.jpg)
COMMON SENSE APPLICATION USE
IDENTIFYING YOUR INTERNET BUSINESS
VPN
FTP
OWA
CONNECTION
ChinaItalyRussia
Canada
![Page 27: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/27.jpg)
IDENTIFYING YOUR INTERNET BUSINESS
ChinaItalyRussia
Canada
COMMON SENSE APPLICATION USE
![Page 28: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/28.jpg)
IDENTIFYING YOUR INTERNET BUSINESS
Italy
Canada
AmazonBusiness AGoogle
Business DGoogle
COMMON SENSE APPLICATION USE
![Page 29: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/29.jpg)
IDENTIFYING YOUR INTERNET BUSINESS
Italy
Canada
AmazonBusiness AGoogle
Business DGoogle
COMMON SENSE APPLICATION USE
![Page 30: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/30.jpg)
APPLICATION LOCATION PROBABILITY
▸ Does traffic need to come from high risk areas of the world?
▸ What are your operating areas?
▸ Which businesses are within those high risk areas?
▸ What public services are being offered to customers and employees:
▸ VPN, FTP, WEB, MAILINSPECTION
COUNTRYPORT, PROBABILITY
BUSINESSPORT, PROBABILITY
APPLICATION USEPORT, PROBABILITY
LOCATION THREAT FACTORS
NETWORKPORT, PROBABILITY
![Page 31: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/31.jpg)
BUSINESSKEY FACTORS TO REDUCING TRAFFIC
▸ Business Operating Space
▸ Country
▸ Business
▸Network
▸ Threat probability
COLOCATION CLOUD
CN
UK
IT
RU
AU
OPERATING NETWORK
PERMITTED SERVICES
SERVICES
Targeting probability areas of expected traffic vectors eliminates unwanted traffic and reduces perimeter noise.
![Page 32: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/32.jpg)
WWW
VPN
SSH
TELN
IMAP
FTP
HTTP
VPN
SSH
TELNET
IMAP
Less Activity
![Page 33: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/33.jpg)
V
S
T
I
FTPMAIHTVPSSTELIMA
LOG ANALYZE ALERTTRAFFIC
Connections
![Page 34: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/34.jpg)
Challenges in today’s security paradigm
![Page 35: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/35.jpg)
NETWORK SECURITY TODAY
UNFORTUNATELY SECURITY IS NOT ALL UNICORNS AND RAINBOWS
‣ The belief this can be done with existing firewalls (FW/NGFW)
‣ Rules and management efforts would be tremendous
‣ Can not effectively identify the business factors of the traffic
‣ firewalls have limited global sight
‣ There are limits to the amount of rules
‣ Firewalls have limits on the amount of objects and rules
‣ The effort needed within existing firewalls would make it latent
‣ Firewalls are great inspection point, but lack global business perspective
Nuts!
![Page 36: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/36.jpg)
THREAT INTELLIGENCE CONUNDRUM! “WE MUST HAVE THREAT INTELLIGENCE!”▸ “Threat of the Day”
▸ Many threats go unannounced for months and years
▸ Threat intelligence can not look into the future. Many assumption lead to many false positives.
▸ To many threat intelligence sources can/will be overwhelming.
▸ Does your team understand proper key indicators to new or unannounced threats?
▸ Fact is: You have little control over threats
Coming
Off Radar
Cultivating
![Page 37: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/37.jpg)
FRANCESCO TRAMA - CO-FOUNDER
PACKETVIPER - BASED IN PITTSBURGH PA
▸ Advanced IP-Filtering Solution
▸ Address traffic at the perimeter before it enters the security environment
▸ Inline device that replaces nothing, no latency
▸ 5 min install
▸ Patented Advanced IP filtering that addresses the country, company, network space, and threats bi-directionally by network port
![Page 38: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/38.jpg)
WHAT IS PACKETVIPER?
Geo Location Data
Rules Management
Logging & Reporting Engine
![Page 39: The Hidden Network Killer](https://reader031.vdocuments.site/reader031/viewer/2022030312/58edeeb01a28abf8358b45bf/html5/thumbnails/39.jpg)
REDUCE THE VOLUMEIMPROVE SECURITY
with
www.packetviper.com
855-758-4737