Copyright © 2016 NTT. All Rights Reserved.
The increase in the number of advanced cyber-attacks such as APT/DDoS makes it impossible to prevent every attack. It is becoming more important to establish mechanisms not only to protect systems from attacks, but also to minimize the damage from them. We research network security architecture that enables quick detection/reaction against cyber-attacks by orchestrating various functions that reside within the network.
ああああああ
Network-security architecture to control/orchestrate network functions against cyber-attacks
Sustainable network security against evolving cyber-attacks
*1 DPI: Deep Packet Inspection. DPI is an advanced method of traffic analysis, traffic cleaning and others. *2 MSF: Multi Service Fabric, *3 PCRF: Policy and Charging Rules Function *4 Collaborative research project with NTT Secure Platform Laboratories
Transport network
Security functions
IDS FW
対処設計
*5
DPI (Handling)
Dirty traffic
PCRF
*3 Orchestrator
Edge router
Controller for MSF
WAF
MSF Core router
DPI (Detection)
Edge router
*1 *2
NW security engine
NW security manager
Network security controller Security controllers in
other networks
Proactive security-handling through interworking between networks
Handling- design
Analysis Decision
*4
Security- Handling
Feature 1. Quick reaction in as little as a few seconds Feature 2. Reduction of security operation costs
Collection Detection
Feature 4. Improvement of visualization and detection accuracy
Clean traffic
Feature 3. Optimal security- handling network-wide
■ In networks in the 2020s, operators will be able to protect their network infrastructure from radical and large-scale cyber-attacks.
■ Network operators can reduce OPEX required for sophisticated security operations by introducing the autonomous security reaction mechanisms.
■ Network service providers/end-users of the “Hikari Collaboration Model” can gain comprehensive security-support .
■ Data-center operators can provide advanced security packages that include network services that are more resistant to DDoS attacks.
■ 1. Enables quick reaction for service-recovery and preventive measures in as little as a few seconds by autonomous reaction to attacks.
■ 2. Reduces security operation costs by comprehensive analysis and security-handling design network-wide.
■ 3. Realizes optimal responses to advanced attacks such as APT/DDoS by dynamically controlling modularized network functions within the network and properly orchestrating them based on network topology.
■ 4. Improves visualization and detection accuracy of cyber-attacks by managing information from network functions, DPI equipment, and security functions.
Realization of
NetroSphere
N-3
Features
Application Scenarios
This technology is being confirmed in NetroSpherePIT.
〈Contact〉[email protected]