Copyright © 2016 NTT. All Rights Reserved.

The increase in the number of advanced cyber-attacks such as APT/DDoS makes it impossible to prevent every attack. It is becoming more important to establish mechanisms not only to protect systems from attacks, but also to minimize the damage from them. We research network security architecture that enables quick detection/reaction against cyber-attacks by orchestrating various functions that reside within the network.

ああああああ

Network-security architecture to control/orchestrate network functions against cyber-attacks

Sustainable network security against evolving cyber-attacks

*1 DPI: Deep Packet Inspection. DPI is an advanced method of traffic analysis, traffic cleaning and others. *2 MSF: Multi Service Fabric, *3 PCRF: Policy and Charging Rules Function *4 Collaborative research project with NTT Secure Platform Laboratories

Transport network

Security functions

IDS FW

対処設計

*5

DPI (Handling)

Dirty traffic

PCRF

*3 Orchestrator

Edge router

Controller for MSF

WAF

MSF Core router

DPI (Detection)

Edge router

*1 *2

NW security engine

NW security manager

Network security controller Security controllers in

other networks

Proactive security-handling through interworking between networks

Handling- design

Analysis Decision

*4

Security- Handling

Feature 1. Quick reaction in as little as a few seconds Feature 2. Reduction of security operation costs

Collection Detection

Feature 4. Improvement of visualization and detection accuracy

Clean traffic

Feature 3. Optimal security- handling network-wide

■ In networks in the 2020s, operators will be able to protect their network infrastructure from radical and large-scale cyber-attacks.

■ Network operators can reduce OPEX required for sophisticated security operations by introducing the autonomous security reaction mechanisms.

■ Network service providers/end-users of the “Hikari Collaboration Model” can gain comprehensive security-support .

■ Data-center operators can provide advanced security packages that include network services that are more resistant to DDoS attacks.

■ 1. Enables quick reaction for service-recovery and preventive measures in as little as a few seconds by autonomous reaction to attacks.

■ 2. Reduces security operation costs by comprehensive analysis and security-handling design network-wide.

■ 3. Realizes optimal responses to advanced attacks such as APT/DDoS by dynamically controlling modularized network functions within the network and properly orchestrating them based on network topology.

■ 4. Improves visualization and detection accuracy of cyber-attacks by managing information from network functions, DPI equipment, and security functions.

Realization of

NetroSphere

N－3

Features

Application Scenarios

This technology is being confirmed in NetroSpherePIT.

〈Contact〉nw-forum@lab.ntt.co.jp