(CISCO) Self-Defending

Networks
Ben Sangster
 Agenda
(CISCO) Self-Defending Network Concept
Why do we need SDN’s?
Foundation of the CSDN?
 Endpoint Protection
 Admission Control
 Infection Containment
 Intelligent Correlation and Incident Response
 Inline IDS and Anomaly Detection
 Application Security and Anti-X Defense
Summary
Questions
 Cisco Self-Defending Network
(CSDN) Concept
A systems-based solution that allows
entities to use their existing infrastructure
in new ways to:
 Reduce windows of vulnerability
 Minimize the impact of attacks
 Improve overall infrastructure availability and
reliability
 CSDN Concept (cont.)
CSDN also helps create autonomous
systems that can quickly react to an
outbreak with little to no human
intervention
 Why do we need CSDN’s?
Evolution of networkEvolution of attacks
on networks
Traditional approachDefense-in-depth
 Proactive defense mechanisms
CSDN approach
 Adaptive defense mechanisms
Why do we need CSDN’s? (cont.)
Proactive defense mechanisms…not
obsolete, simply inefficient in responding
to breeches in network security
Proactive solutions frontload defense
mechanisms
 Proactive Defense Example

Servers (e.g. web, e-mail, proxy)

Internal
Internet DMZ Corp.
Network

Outer Inner
Firewall Firewall

Development
Network
Why do we need CSDN’s? (cont.)
Adaptive Solutions…focus isn’t solely on
preventing network attacks
Attempt to effectively:
 Detect
 Respond
 Recover
Little to no adverse effect on the network
and its users
Why do we need CSDN’s? (cont.)
Key elements of an adaptive solution:
 Remain active at all times
 Perform unobtrusively
 Minimize propagation of attacks
 Quickly respond to as-yet unknown attacks
 Foundation of a CSDN
1. Endpoint Protection
2. Admission Control
3. Infection Containment
4. Intelligent Correlation and Incident
Response
5. Inline IDS and Anomaly Detection
6. Application Security and Anti-X Defense
 Endpoint Protection
You are only as strong as your weakest link
One non-sanitized end-user system connected
behind a robust, efficient defense can spell D-O-
O-M for a network
Cisco Security Agent
 Point of presence on end user systems that enables
efficient exchange of valuable network threat
information as it occurs
 Endpoint system virus, worm detection/protection
 Admission Control
Not only core component of a CSDN, but
incorporated into other technologies by over 30
industry-leading vendors
Network Admission Control (NAC) assists in
determining the level of access to grant an end-
user system in accordance with the security
policy when it initially joins the network
NAC also assists in managing end-user
system’s compliance with security patches and
updates
 Infection Containment
The ability to identify non-compliant
systems or network attacks as they occur
and react appropriately, minimizing the
effect of the breech
Potentially the #1 core component of a
secure system belonging to a CSDN
Intelligent Correlation and Incident
Response
Services that provide the ability to exchange:
 Event information
 Implications of an event occurring
 Necessary actions to take
 The appropriate nodes or systems to enforce actions
in real-time
These services aide in adapting to changes and
countering attacks that are occurring in the
network as they occur rather than after they
occur
 Application Security and Anti-X
Defense
A menagerie of application layer security
products that address the “ever-evolving”
classes of threats which are not effectively
addressed by traditional firewall and
network IDS products
Threat examples:
 E-mail based SPAM and phishing
 Spyware
 Unauthorized peer-to-peer activity
 Summary
New phraseology NOT a new technology
Encompassing security solution that is proactive
AND adaptive in nature that envelopes every
level of network security rather than just specific
layers
Key difference in CSDN and traditional security
solutions…ability of CSDN’s to communicate
and share information among different security
products employed within the CSDN
Questions