스스로판단하고진화하는네트워크 intent based networking · © 2017 cisco and/or its...

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

스스로 판단하고 진화하는 네트워크Intent Based NetworkingPowered by Cisco DNA (Digital Network Architecture)


Agenda

1

2

3

4

5

새로운 시대를 위한 Networking

Cisco DNA로 진화하는 네트워크

Intent-based Networking

Supporting Platform

Encrypted Traffic Analysis


By the year 2020


현 모든 IT business 는 Software 기반 속도에 비례

그러면 인프라인 Network는?


The Old Way사이트에 기반 인프라를 적용할려면……


영역확장

IT 및 IT Business의가시성 부족

초당 6천3백만의새로운 기기가온라인에 접속

by 20201

복잡성

느리고, 오류 있는수동적 운영방식

3배 증가한 네트웍

오퍼레이션 업무2)

보안성

암호화되고정교해지는 해킹

6개월 마다 탐지되는

새로운 위험 요소들3)

IT Network에 대한 다양한 수요증가

1. Gartner Report - Gartner’s 2017 Strategic Roadmap for Networking2. McKinsey Study of Network Operations for Cisco – 20163. Ponemon Research Institute Study on Malware Detection, Mar 2016

http://www.gartner.com/reprints/cisco-v6-us1?id=1-3YQCDRO&ct=170425&st=sb

http://www.ponemon.org/blog/new-ponemon-study-on-malware-detection-prevention-released


이런 생각을 해 본적이 없나요?

①평소와 다른 사용자 행위를 자동으로 막을 수 없을까? ② 먼가 느리다던데누가/얼마나영향받은 거지? Delay는?

정책위반, 정보유출시도…

3F

“수많은 유저 중에서 어떻게 찾아? 찾더라도

그때는 이미 늦었지. ….그리고 이걸 내가 항상

보고 있어야해? 할 일이 얼마나 많은데..”

가용한 모든 정보 기반 분석

누가 느린거지?

IP Address는?

무선AP 문제? 서버? 스위치?

다른 사용자는?

어제도 발생?

아니면 특정 서비스만 잘 안되는 건가?”

현업의 “잘 안되요” 란 질문은

접속/관리기기의 증가

3배 증가한네트웍 업무


얼마전 모두 체감했던 보안이슈6개월 마다 탐지되는

새로운 위험 요소들3)

6개월마다새로운위협


Intent-based Networking


Users, Device and IOT 기기 분리

Seamless 한 Mobility구성 Follow up

클라우드에 Secure 한Connectivity 구성

End-End Security셋업 필요

WAN

VLAN 2

HQ

ACL 1 ACL 2

ACL 2

과거 방식의 IT Network 구성 및 운영으로 더 이상…

VLAN 1

Remote

Branch ABranch AACL 3

VLAN 3VLAN 1

VLAN 2 VLAN 3


Why is this Different?

IBN에서 관리자는＂무엇을?“ 에 대한 의사만 결정하기만 하면 되고& 시스템은 “어떻게” 하는 것을 알아서 할 것이다. -Zeus

Execution

나는 10:00AM에 비디오화상회의를 해야하는데…

나는 공장 기기 모니터링을위해 새로운 IoT app을적용시켜야 하는데..

새로운 지점을 오픈하고, 좀더 나은 서비스를 하게해야함

고장난 변기를 고쳐야하는데..

새로운 Factory Device를 위해 VLAN을 나누어야 하고, IoT app 트래픽을 다른 쪽이랑 분리시키고 정책도적용해야 하고, SLA도 최적화 시켜야 해야하는데...

브랜치 네트웍을 위해 Provision&configure 를해야하고, Staff를 위해 보안설정도 해야하고어플리케이션 속도도 점검해야 하고...

관리실에 연락해서, 업체전화번호를 알고, 전화해서스케줄을 잡고, 결재는 어떻게 해야하는지 파악하고...

Intent

HD video 연결 설정 ; E2E QoS 우선순위 점검; 비디오 화질 및 퍼포먼스 세팅; 커뮤니케이션 중대기;회의이후 원상복구..


네트웍의 새로운 가이드를 제시할Intent-based Networking !!

“ 과거 수동적/메뉴얼적/단순반복 IT 는 이제 그만…“

“운영자가 IT Network으로 하고자 하는 최종 결과만 중요함나머지는 System의 Self-Running을 통해 Automation되게..＂


The Old Way사이트에 기반 인프라를 적용할려면……


The New Way모든 IT Network을 직관적이고 심플하게..

INTENT


The New Way 만약 새로운 건물/지점등이 생긴다면 Fabric Network으로 Add하기만 하면 끝


Policy SegmentationThe New Way User/Device/Policy 모두 한 곳에서….


ContextUser,apps,devices,threats등 모든 정보를 네트웍이 수집하고 이를 다시 Running 하고 표시

The New Way


Encrypted Traffic Analytics

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Protect the Business:Encrypted Traffic Analytics Visibility and Malware Detection without Decryption

ETA 알고리즘은multiple network data sources

분석함

악성코드/해킹In Encrypted Traffic

별도 Decryption

없이도 분석

보안성 및개인정보보호

99.99%

탐지정확성


Encrypted Traffic Analytics overview

Global-to-local knowledge correlation results in higher precision of threat findings

Cisco® Stealthwatch® enhanced analytics and machine learning reduce threat investigation time

Enhanced NetFlow with Encrypted Traffic Analytics from Cisco’s newest switches and routers

Network sensors

NetFlow

Encrypted malwaretelemetry and Crypto

audittelemetry Flow

collector(s)

cognitive.cisco.com

https

글로벌에서 발생한 위험을 로컬과상호연관 분석하여 보다 높은

위함발견 결과를 고객에게 제공

Stealthwatch enhanced analytics And 와 머신러닝은 99%의 위험탐지

정확성과 효율성을 제공

Enhanced NetFlow 를 통해Encrypted traffic analytics 구현

Cisco 만의 특별한 HW 및 SW아키텍쳐 구조 적용

CognitiveAnalytics

https://cognitive.cisco.com/

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwjWko6epcHUAhVByGMKHTEeBXMQjRwIBw&url=http://www.clipartpanda.com/clipart_images/cloud-icon-38027120&psig=AFQjCNHCFInNNX8BcZZiCcpCN05R6LugEg&ust=1497665586076765


Initial Data PacketSequence of Packet Lengths and Times

어떻게 Encrypted traffic안의 위험을 탐지하나?

Make the most of the unencrypted fields

Identify the content type through the size and timing of

packets

Self-Signed Certificate

Data Exfiltration

C2 Message

Threat Intelligence map

Who’s who of the Internet’s dark side

Broad behavioral information

about the servers on the Internet.

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Cybersecurity and Network Context Catalyst 9000 view of the data

• Talos Threat Intelligence

• Catalyst 9000 network context

• Machine learning identifies malware in encrypted traffic

• Network closed-loop response

Google Search

Firefox self-repair

Bestafera Malware

Machine Learning Identifies Malware


Cisco Catalyst 9000 Family enables enhanced network as a sensor with ETA

Stealthwatch®

pxGrid

MitigationISEMachine learning with enhanced behavior analytics

Encrypted Traffic Analytics

• Industry’s most pervasively deployable solution for Encrypted Traffic Analytics

• Complements other encrypted traffic management solutions

Networktelemetry based(no decryption)

Line-rate performance

Investment optimization

Simplifiedmanagement

Globally correlated threat intel

네트웍을 가시화 시키다는 것은…

Cisco DNA

Constantly Learning

Support 100X new devices, apps, users

Constantly Protecting

See and predict issues and threats and respond fast

Constantly Adapting

Respond instantly to business demands with limited staff and budget


Framework of Cisco DNA

Intent Context

Security

Learning

Intent-Based Network Infrastructure

DNA Center

AnalyticsPolicy Automation

Switching Routers Wireless

DC BranchCampus


Framework of Cisco DNA

Assurance


Assurance by NDP

Data Type: Users, User Group

Data Source: AD, ISE

Mechanism: Pull (API)

Rate: Triggered

Data Type: Policy

Data Source: ISE

Mechanism:

Subscription through PxGrid

Rate: Triggered

Data Type: Location

Data Source: APIC-EM. MSE

Mechanism: Built-in

Connector, Pull

Rate: Triggered

Data Type: Flow, Applications

Data Source: Network Device

Mechanism: Push

Rate: 100K fps+

Data Type: SNMP


Mechanism: Pull

Rate: 10,000 OIDs/min+

Data Type: Logs, Traps


Mechanism: Push

Rate: 10,000 msgs/min+

Data Type: Topology, Inventory,

Configuration, Capabilities

Data Source: APIC-EM

Mechanism: Built-in Connector

Rate: 1000 devices/request

Data Type: IP Address

Management, Namespaces

Data Source: Infoblox, DHCP, DNS

Mechanism: Pull (API)

Rate: 1000 blocks/request

Data Type: Wireless Signaling,

Roaming data

Data Source: WLC/AP

Mechanism: Streaming

Rate: Triggered

A singular framework for ingestion

• Types of Collection


DNA Center high-level architecture

Telemetry protocols: NetFlow, SNMP, Syslog, streaming

CLI, SNMP, PnP, NETCONF

Northbound Open REST APIs

Cisco DNA Center

NDPAPIC-EM 2.0ISE

물리적/가상화/클라우드 네트웍 인프라

Meraki dashboardCisco Meraki™

Meraki® Dashboard API

Wireless AP

Catalyst(R) 2000/3000

Catalyst 4000/6000

Cisco Nexus(R)

7000

WLC ISR/ASR NFV-IS

Northbound Open REST APIs

IPAM (3rd Party)


Supported Platform


DNA Ready Platforms

ASR-1000-X

ASR-1000-HX

ISR 4430

ISR 4450

WIRELESSROUTINGSWITCHING

AIR-CT5520

AIR-CT8540

Wave 2 APs (1800, 2800,3800)

Wave 1 APs* (1700, 2700,3700)

Catalyst 9400

Catalyst 9300

Catalyst 9500

Catalyst 4500E Catalyst 6K Nexus 7700

Catalyst 3850 and 3650

AIR-CT3504

CSR 1000V

*with Caveats


DNA Ready Platforms

C9300 Series

C9400 Series

C9500 Series

C3850/3650 Series

C4500 Series (샤시형)

C4500-X Series


The Journey to the New Network

Infrastructure Readiness

Open and Programmable

Policy Based

AutomationSimplify, scale network deployment

for Cloud, Mobile, IoT

Intent-based Network

Constantly learning, adapting, protecting

Analytics for AssurancePredictive performance with machine learning

Secure

FoundationRapid threat detection

and mitigation

Software-Driven Innovation

스스로판단하고진화하는네트워크 intent based networking · © 2017 cisco and/or its...

Documents