1 / 34

Hot Topics for Sales Business Partners

Hot Topics for Sales Business Partners. Security in a Converged World A Better IT Security Approach. Carlos Solari Vice President, Security Solutions, Bell Labs December 13, 2006. Not Theory – Real Threats with Consequences. A Worm Attack. The story – an infected laptop Consequences.

nadda
Télécharger la présentation

Hot Topics for Sales Business Partners

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hot Topics for Sales Business Partners Security in a Converged WorldA Better IT Security Approach Carlos Solari Vice President, Security Solutions, Bell Labs December 13, 2006

  2. Not Theory – Real Threats with Consequences A Worm Attack • The story – an infected laptop • Consequences A DDOS Attack • The story – web presence • Consequences A Hacker Attack – What If… • The story – a remote access connection to IP addressable mobility stations that are part of a NGN without a rigorous security design • Consequences – cells out – brand confidence undermined - regulatory

  3. In the IP Data Networks: More vulnerabilities, faster exploitation, faster propagation 2003 2004 2005 Threats Propagating Faster 2005 - 90% of the hosts within 10-minutes. Hours Vulnerabilities Exploited Faster Minutes Avg. exploit in 2005 5.8 days. Months Seconds Weeks Days 2002 2003 2001 2004 2005 The Threat … Continues Unabated Increasing vulnerabilities and exploits 418New viruses and worms each week 72 New vulnerabilities detected per week 50% Month-to-month increase in peer to peer exploits Sources: CERT/CC, Symantec, NVD, OSVD

  4. Point Products for Point Roles Reacting to infinite possible sources Ex: polymorphism Un-manageable and no single sit-awareness Blacklists AV/AS, url blocking Increasing network Complexity Lack of Universal Standard Increasing vulnerability, example: firewall opening VOIP session calls No inherent security applied to network components Weak Links Prevalent That addresses security in a comprehensive way Threat-Expl Window Smaller Threat can occur faster than we can detect and respond The Challenge – Securing the Network Current Industry Approach…

  5. Conclusion… …Current Approach Insufficient to the Challenge • Increasing financial losses • Brand confidence at risk • Infrastructures at risk DDOS On the Rise

  6. Convergence: More Urgent Than Ever… IP-based Networks • The Upside… • Fewer Layers / Less Cost • Large Supply of Components • Enhanced Integration Potential • Improved Bandwidth Management / QoS • Capture Meta-Data to Use in Marketing Circuit-based Voice VoIP 3G/4G CDMA / GSM 2G VDSL2 or GPON based IP ATM based DSL RF-based Video IP-Video HOWEVER …There is a Downside • With Integration comes Higher Probabilities of “Contamination” • Interconnected to the high-threat environment of the Internet • DDOS – Malware – Hackers – Privacy Theft – Data Compromise • IP addressable components potentially accessible from anywhere

  7. Convergence Stresses the Security Further Example: The Firewall Needs to Adapt: • Data: ports open for specific protocols • Voice: ports open for each call session – thousands • Manage the complexity of VOIP calls without impacting perimeter security

  8. Security in the network must be designed in – not bolted on later A New Model for Security The Bell Labs Security Framework – instantiated in X.805 and ISO-18028 provides the basis for designing security into the network In combination with other standards – a comprehensive, in depth security framework for the network and the organization Also needed – an integrated security eco-system performing the functions of Prevention, Detection, and Response Integrated and automated for speed in detection and speed in response to operate within the “threat exploitation window”

  9. Layers Infrastructure Services Applications End User Control / Signaling Planes MODULE 1 MODULE 4 MODULE 7 Management MODULE 2 MODULE 5 MODULE 8 MODULE 3 MODULE 6 MODULE 9 Access Control Non-Repudiation Comms Security Availability Data Confidentiality Privacy Authentication Data Integrity (9 Modules X 8 Cells = 72 Security Cells) The Bell Labs Security Framework • ITU/X.805 Security Standard • ISO 18028 Security Standard The Bell Labs Security Framework Building Security in the DNA of Complex Systems

  10. Synergy In Standards: ISO/IEC and ITU-T The combination of ITU-T X.805 / ISO/IEC 18028-2 and ISO 27000 address business, and technical risks associated with information and network security ISO/IEC 27001:27005 ITU-T X.805/ ISO,IEC 18028-2 • Standards for implementing, maintaining and improving an Information Security Management System to manage risk within the context of an organization’s overall business environment. • Provides standards for detailed technical design, architecture, requirements, and test plans for the end-to-end network security solutions or individual products ISMS = Information Security Management Systems

  11. Ready for Audit In Two Months Current View Example: Security Audits in Complex Systems

  12. The Bell Labs Security Framework It applies… • Real Security Assessments – not a paper tiger • Common Criteria – specification and standardization • Security in the Product Development Process • The foundation for building • secure products, that build • secure systems, that build • secure infrastructures • A common security language for every level of granularity

  13. What Our Customers Expect Top Security Priorities - Carriers • Secure products – security in design, hardening, testing • Secure architectures – threat assessment, knowledge of attack trends, mitigation techniques • Protection from their own users as first/last mile bandwidth increases • Become more aware of traffic operating through network • Identity management • Application level security • Lower capex and opex of security Top Security Priorities - Enterprise • Protection from malware (infected laptops, mobile, sync-up devices) • Demonstrate stronger security on sensitive traffic to satisfy regulatory compliance (financial data, identity, health data, etc…) • Content level protection and control • Protection from attacks on convergence technologies (voice and video over IP in Enterprise) • Lower capex and opex of security

  14. Alcatel-Lucent Security Strategy… Secure By Design – System Defense Security embedded in development lifecycle with testing, audit and certification checks Trusted Networks Gives You: • Assurance of secure systems • Secure architectures for evolving communications and services infrastructure • Partnerships and collaborations that reduce your time to market for implementing trusted networks • Knowledge and insight into latest alerts and impact on products for growing occurrence of alerts • An integrated security portfolio (eco-system) to protect the network Secure by Design – Networks and Services Security as fundamental part of networkand service architectures (IPTV,UMA, IMS, LAN) Security Collaborations and Partnerships Working with greater security community to deliver trusted networks and services (VOIPSA, ATIS, 3GPP, CERT-IST) Security Incident & Response Providing rapid knowledge, education andresponse to Alcatel customers for vulnerabilities Integrated Security Eco-System An integrated security portfolio of products to act within the threat exploitation window

  15. Security - Designed into the Architecture Management Plane Control/Signaling Plane User Plane Application access dynamically updated Security policies dynamically updated Level of access granted based on network & endpoint state-of-health Security Resource Management Security Event Management Security events Security events Data about endpoint state-of-health Mutual authentication Mutual authentication Security associations Endpoints Network Applications

  16. Intrusion Prevention Re-Apply Good Configurations Intrusion Detection Black-White Lists Port Blocking Vulnerability Scanning Url Filtering Authentication AV/AS Signature DB SRM SEM Zones COMPLIANCE Firewalls Image Compliance Password Controls IP Management Departments VLans Access Control PERFORMANCE Directory Policy Network Monitoring and Performance Identity Manager SENSORS …and What We Also Need is… An Integrated Security Eco-System

  17. CloudControl (SEM) Vital ISA The Integrated Security Eco-System – At Work Third Party Best-of-Breed Security Products Rules-Based-Routing: Shunting Traffic by Protocol IDS/IPS/AV/AS url filtering VitalAAA Separating Various Departments Evros (SRM) LSMS At all Perimeter Sites NAC VitalQIP Separation by Zones, Functions or Applications VitalNet Vulnerability Scanner * Items in development

  18. Convergence Changes the Firewall Requirements The Lucent VPN Firewall – Ready to secure NGN • Carrier grade – reliable and secure • VoIP Ready: “dynamic pinholing” • Policy Based Routing – Distributed UTM • Centralized Management and Provisioning • Application layer filtering - DPI • Scales: Any size network • Stealthy & Secure (Layer 2, no CERTS) • Throughout the fabric of the architecture Enterprise to Carrier The Lucent Security Resource Manager (LSMS)

  19. Undesirable traffic DDoS Attackers, SPAM, Phishing… Mitigating Threats Before They Impact Enterprise Enterprise Customers and partners Service Providers SSH IDS/IPS Web Servers • Service Providers • Best positioned to stop malicious traffic, but… • Can’t identify customer’s traffic as good vs. bad • Enterprises • Invest Millions to protect their networks, but… • Large attacks still saturate Internet access pipes and bring down e-commerce sites… Enterprise and Service Providers can’t solve the problem by themselves

  20. Filter Detect In Out CloudControl™ solution Customers and partners Undesirable traffic SSH IDS/IPS Web Servers DDoS Attackers, SPAM, Phishing… CloudControl™ enables Enterprise and Service Provider networks to work as one to dynamically block trash traffic

  21. Simple, Efficient, Secure Access 3G WiFi VPN Policies IT Applications 3G Modem Processor Memory Battery Operating System LAN Laptop Security: The Evros Solution 24x7 IT Remote Management 2 1 Evros Enterprise Gateway Evros Agent Always accessible endpoints Remote Management 24x7 Visibility & Control via 3G Transparent secure connection via trusted platform

  22. Trust-based Link • Trusted Appliance • Always-on • Remote “Kill” Capability • Policy Enforcement • Control All Networking Options • Off-hour Back-ups The Evros Solution – Connected for Security • Configuration • Data Protection • Disablement • Policies Secure Corporate Enclave Connected? Connected? WiFi 3G LAN WiMax Worms / Viruses Intrusion / Disk Access Data Tampering Content Theft / Liability OS Integrity

  23. Viewing Descriptions Correlation Asset Analyze and Suppress Thresholder Rate, Value, Time Filter, Pattern Match, Message Map Local to Global Name Mapping, Grouping Vital ISA: Security Event Management (SEM) Alarms Customer & Mission Data Topology Data Request Additional Data, Take Action Network IDS Host IDS Firewalls AAA OS logs Routers Vulnerability Scanners Anti-Virus

  24. Security Consulting Services CISSP Certified Consultants • Trusted advisor – vendor neutral security services • Helping enterprises and service providers address complexity and risk involved in securing their business and infrastructures • Full lifecycle of security consulting & implementation capabilities • Global presence and key industry partnerships • Internationally recognized certifications • Certified assessor for Visa and MasterCard • ISO 18028 and 27000 -based methodologies

  25. DDOS Worms Intrusions Root Kits Day Zero Vulnerability Leading Research in Areas of Security Threat Mitigation Technologies • Integration of SEM and SRM to detect early and respond within the threat exploitation window • Security for Mobility Mitigating DOS attacks in mobility • Identity Management Federated Identity Management • WORM early detection Pattern matching, anomaly detection • Polymorphism Resolve day zero problem • Deep Packet Inspection At wire speed to detect threats early in the exploitation window – and respond at buildup • Trusted Computing Using device health-awareness concepts to adjust access and correct for unauthorized change

  26. Summary: Mitigating the Risk by.. …reducing vulnerability Lesson 1 – Security Must be Pervasive (architected) No amount of security products can overcome the “lack of security” of the thousands of devices in the network that operate in key roles Lesson 2 – Must Have Integrated Sit-Awareness To respond in the threat exploitation window we must first have centralized situational awareness – if your help desk is it – it is too late Lesson 3 – Must Have Integrated Response • To respond in the threat-exploitation-window we must have • Centralized and integrated operational control over the security resources (firewalls, url filters, etc.) • And automated escalation rules linking the detection to the response

  27. Convergence to IP brings many advantages – but will also increase the overall risk if we don’t apply a more effective security model. The Bottom Line of Security The old approach to security will not lower the risk – increased spending may not be effective…no matter how good we get at patching. The Bell Labs Security Framework is a blueprint to achieve more effective security designed into the network We also need an Integrated Security Eco-System to achieve speed in detection and response. We call this Integrated Security Event Management (SEM) and Security Resource Management (SRM)

  28. Lucent Technologies - Leadership in Security

  29. Additional Resources: Bell Labs Network Security Framework - Brochure VPN Firewall Portfolio At-A-Glance - DataSheet VPN Firewall Portfolio – Brochure Lucent VPN Firewall Security in 802.11x Wireless Networks – WhitePaper Lucent VPN Firewall Brick – DataSheets Security Solutions Selling Brief These and more marketing tools can be found on the BP Center of Alcatel-Lucent.com; Go to http://www.alcatel-lucent.com, log-in to “MyAccess” top right corner, “Access to former Lucent systems”, Sales Business Partner Solutions, Data, VPN and Security area

  30. Course Assessment Feedback Past Events

  31. Course Assessment Instructions • 1. Go to https://training.lucent.com/ • 2. If you are not already logged in, you'll see request to "Please Login Here“ • 3. Enter your User Name, Password and click on Submit to login • 4. For this session, enter the course number BPHT121306 in the Catalog Search area; • then click on Search Full Catalog • 5. In the Search Results, click on the Register link (to the far right) • 6. A screen will appear with a Link to the Assessment (in the upper left-hand corner) • 7. Click on the Link to Launch the Assessment To receive training credit for having participated in today's Hot Topics event, you will need to take a brief quiz. To access the quiz, follow these directions: NOTE: If you try to access the course assessment from this site the day of the HOT TOPICS event and receive a "Course Not Found" message, please try back again later that day, or the next business day; it may not have posted to the site yet.

  32. Feedback • Your feedback is valuable in helping us to assess this Hot Topics event and improve the program … • Please take a minute to fill out the Feedback Form; thank you!

  33. Past Event Replays • After logging in, scroll to the bottom of the page and • click the My Documents “View All” link • Then open the Hot Topics for Business Partners folder and click on Past Events to navigate to the event of your choice. • Missed a HOT TOPICS for Sales Business Partners Training Event? Log in to the Business Partner Center and listen to a multimedia replay at your convenience! • BP Center available at: • www.alcatel-lucent.com – MyAccess – Access to Former Lucent systemslink

  34. www.alcatel-lucent.com

More Related