Scribd Logo
Upload

Welcome to Scribd!

  • Solera Networks at Sharkfest 2008

    Uploaded by

    lovemytool
    35 views22 pages
    Solera Networks develops and markets high performance storage appliances and storage and application software and hardware solutions for the emerging Network Management and Network Security Markets. Solera's flagship product, the DS Series, is a suite of network packet recorder appliances that far surpass the gigabit barrier. Acting as a large network buffer, the DS Series integrates seamlessly with existing network applications, providing network managers a complete and accurate picture of network activity and performance.

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Solera Networks develops and markets high performance storage appliances and storage and application software and hardware solutions for the emerging Network Management and Network Security Markets. Solera's flagship product, the DS Series, is a suite of network packet recorder appliances that far surpass the gigabit barrier. Acting as a large network buffer, the DS Series integrates seamlessly with existing network applications, providing network managers a complete and accurate picture of network activity and performance.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    35 views22 pages

    Solera Networks at Sharkfest 2008

    Uploaded by

    lovemytool
    Solera Networks develops and markets high performance storage appliances and storage and application software and hardware solutions for the emerging Network Management and Network Security Markets. Solera's flagship product, the DS Series, is a suite of network packet recorder appliances that far surpass the gigabit barrier. Acting as a large network buffer, the DS Series integrates seamlessly with existing network applications, providing network managers a complete and accurate picture of network activity and performance.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 22

    The Virtues of Continuous Deep

    Packet Capture and Stream-To-


    Storage
    March 31, 2008

    Paal Tveit
    VP of Engineering | Solera Networks

    SHARKFEST '08
    Foothill College
    March 31 - April 2, 2008

    SHARKFEST '08 | Foothill College | March 31 - April 2, 2008


    Introduction

    Why Continuous and Why Complete?

    Deployment Strategies

    Value and Benefits

    Use Case Scenarios

    Demonstration

    Q&A

    SHARKFEST '08 | Foothill College | March 31 - April 2, 2008


    Why Not a Sample?

    A sample only gives you a piece of


    the puzzle

    Samples are often guesswork

    Packet header captures will miss
    important payload data

    Samples don't represent what
    happened – not an historical picture

    Trends will be missed
    Why not get the whole picture?

    Complete capture and stream-to-
    storage can reveal all

    SHARKFEST '08 | Foothill College | March 31 - April 2, 2008


    Deep Packet Capture

    Considerations for Deep Packet Capture solutions:



    Full packet (header and payload – Layer 2-7)

    Lossless – nothing gets dropped

    Capture at today's speeds, up to and including 10Gb

    Must be able to capture, store, organize and filter

    SHARKFEST '08 | Foothill College | March 31 - April 2, 2008


    Stream-To-Storage – The Full Record

    Continuous capture is key

    Full record can provides foundation for analysis

    Large record identifies trends

    Always on – catches everything when you don't know what
    to look for

    Repository must be large enough for a sufficient
    record and extensible

    Ability to pull data to permanent storage

    Archive select traffic for long-term analysis or compliance

    Internal RAID must match network performance

    Fibre Channel and/or iSCSI SAN

    SHARKFEST '08 | Foothill College | March 31 - April 2, 2008


    Platform: Open vs. Proprietary?

    Proprietary platform based on tightly-coupled hardware


    capture and software analysis tools. Specific solutions
    that focus on point analysis (top talkers, protocol
    distribution, etc.).

    New open platform providing a software-based solution


    allows for greater flexibility.

    COTS

    Virtual Machine

    APIs
    Software vs. Hardware

    Hardware:

    Dedicated appliances/custom-built appliances

    Proprietary capture cards

    Locked into applications provided by vendor

    Software solutions:

    Portability

    Virtual appliances

    Custom applications and development
    Deployment – Physical Network

    DPC/STS
    Appliance

    Archive
    (long-term storage)
    Additional Storage
    (larger window)

    SHARKFEST '08 | Foothill College | March 31 - April 2, 2008


    Analysis Methods

    pcap snapshot files from the historical record

    Regeneration onto another network

    DPI solutions

    Traffic shaping

    Throttle traffic to match speeds of analysis tools

    Virtual Interfaces

    APIs for integration into DPC solution

    SHARKFEST '08 | Foothill College | March 31 - April 2, 2008


    Analysis Tools – Now with Full History
    Numerous tools can
    benefit from a complete
    record of network traffic

    Packet Analysis Tools

    Instant Messaging (IM) Analysis
    Tools

    HTTP Analysis Tools

    Web Reporting Tools

    Intrusion Detection/Prevention
    Systems (IDS/IPS) Tools

    Network Security Tools

    OS Detection Tools

    Network/Application QOS Tools

    Custom-developed toolsets

    SHARKFEST '08 | Foothill College | March 31 - April 2, 2008


    Challenges
    Network Security

    - Incomplete Views

    Data Loss Prevention

    - No Record of Events

    Network Management

    - Limited Visibility

    Compliance

    - Not Comprehensive

    11
    Challenges/Solutions
    Network Security

    - Incomplete Views / Comprehensive Surveillance

    Data Loss Prevention

    - No Record of Events / Complete Auditable Record

    Network Management

    - Limited Visibility / Replay Actual Events

    Compliance

    - Not Comprehensive / Unabridged Record of Events

    12
    Examples of Use

    Network Security

    Network Forensics

    Network Management

    eDiscovery

    Compliance

    SHARKFEST '08 | Foothill College | March 31 - April 2, 2008


    Network Security

    Prolonged intrusion

    Security policy update validation

    Data leakage detection

    SHARKFEST '08 | Foothill College | March 31 - April 2, 2008


    Network Forensics

    DOS and DDOS analysis

    Virus proliferation analysis

    SHARKFEST '08 | Foothill College | March 31 - April 2, 2008


    Network Management

    Network performance analysis

    Network reliability analysis

    SHARKFEST '08 | Foothill College | March 31 - April 2, 2008


    eDiscovery

    Network traffic as evidence

    SHARKFEST '08 | Foothill College | March 31 - April 2, 2008


    Compliance

    Sarbanes-Oxley

    HIPAA

    SHARKFEST '08 | Foothill College | March 31 - April 2, 2008


    Demonstration

    Look at virtual appliance captures


    Download pcap
    Use Wireshark to analyze pcap

    SHARKFEST '08 | Foothill College | March 31 - April 2, 2008


    Virtues of DPC and STS - Recap

    You have the whole picture, not just a sample

    It's always on, acting as your backup

    Nothing is lost

    Reduce mean time to resolution of network problems –
    find the root cause, not just symptom

    Open systems allow flexible deployment and analysis
    options

    Supports network security, network management,
    forensics/eDiscovery, and compliance initiatives
    It is becoming a best practice – complete network
    visibility is a priority

    SHARKFEST '08 | Foothill College | March 31 - April 2, 2008


    Q&A

    SHARKFEST '08 | Foothill College | March 31 - April 2, 2008


    Thank You

    Paal Tveit
    VP of Engineering | Solera Networks
    ptveit@soleranetworks.com

    SHARKFEST '08 | Foothill College | March 31 - April 2, 2008

    You might also like