DSS ITSEC 2013 Conference 07.11.2013 - IPOQUE Traffic Management

0 %
100 %
Information about DSS ITSEC 2013 Conference 07.11.2013 - IPOQUE Traffic Management

Published on November 13, 2013

Author: AndSor

Source: slideshare.net


Presentation from one of the remarkable IT Security events in the Baltic States organized by “Data Security Solutions” (www.dss.lv ) Event took place in Riga, on 7th of November, 2013 and was visited by more than 400 participants at event place and more than 300 via online live streaming.


THE SECURITY CHALLENGE • More sophisticated and effective cyber attacks mean traditional security solutions e.g. firewall, IDS/IPS, UTM are struggling to cope. • Need flexible and customized security policy control for real pro-active cyberdefense, especially to meet the high security needs of the government sector.

IPOQUE PACE = STATE OF THE ART DPI PREPROCESSING • Defragmentation Engine • Packet Re-ordering • Connection subscriber tracking • L3 encapsulation CLASSIFICATION METADATA EXTRACTION EXTRA FEATURES • Protocol • Traffic statistics • OS detection • Protocol group • Users/Subscribers’ statistics • Client-Server identification • QoS parameters • Tethering detection • Sub protocol • Application • Ads detection • Custom defined protocol • Fast Path

PACE – HOW WE DO DPI • We use a variety of analysis techniques to reliably detect network protocols: • Pattern matching • Finite state machine • Behavioral & heuristic analyses • Lengths checks • Frequency of packet sending/receiving • Amount of connections opened by a single subscriber • Encryption usage

PRE PROCESSING IMPROVES ACCURACY AND RATE OF CLASSIFICATION PREPROCESSING • Defragmentation Engine • Packet Re-ordering • Connection subscriber tracking • L3 encapsulation • Key Benefits • • Accuracy Flexibility • High performance

CLASSIFICATION Protocol History CLASSIFICATION Protocol • Flash (Group Streaming) • HTTP (Group Web) Sub Protocol • Media Application • YouTube (Group Streaming) www.ipoque.com/sites/default/files/mediafiles/ documents/data-sheet-supported-protocols.pdf

METADATA EXTRACTION METADATA EXTRACTION • Examples • • • • • • • User ID IP address Time and date of login/off Host User agent Emailsubject, body, sender, receiver, attachm ent etc. File transfer: sender, receiver, login, attachment etc.

METADATA OUTPUT NORMALIZATION Applications of same type produce the same Class Events: - i.e. each webmail has a different look and feel and proprietary structure - PADE Solution: normalize all required fields in a unified format FROM TO (CC/BCC) SUBJECT TIMESTAMP …


EXTRA FEATURES EXTRA FEATURES • Extra features • • • • • • OS detection Client-Server identification Tethering detection Advertising detection Custom defined protocols Optimization features • • • Dynamic upgrades SMP support Fast path

SECURITY BENEFITS IN USING DPI • Use application pre-filtering to recognize threats in adaptable flexible way • Improve security intelligence to qualify and block an attack in real-time • Gain efficiency by focusing only on real security threats • Stay current with dynamic changes in protocols and applications • Supports recognition of your custom-defined apps and protocols • Granular customization of security policy rules

USING PACE AS A SECOND LINE OF DEFENSE PACE DPI Cyber attacks Off the Shelf Security Products Anti-Spam, anti-virus, antimalware, firewall, DLK. Cyber Defense Solution Critical Infrastructure

HOW PACE ENSURES ACCURACY Looking for parameters a, b and c Looking for parameters d, e, f, and g Looking for parameters x and y 80 % 97% 100%

PACE DETECTION RATE All Network Elements: Protocol Groups Over 95% detection rate 71% 22% Streaming Protocols 3% Unclassified Traffic 1% VoIP Protocols 1% P2P Protocols 2% 2,000+ Applications and Protocols recognised Web Protocols Other

PACE PERFORMANCE TEST RESULTS Max. concurrent connections Average packet size (Bytes) Top 5 Protocols Gbps/core 418.720 569 HTTP, FLASH, BITTOR RENT, MPEG, SKYPE 3,4 71.191 523 HTTP, SSL, RTP, FLAS H, OPENVPN 5,6 Test Conditions: • • • Hardware: i3-2120 CPU @ 3.30GHz All application enabled All features enabled

PACE STRENGTHS AS A DPI SOLUTION • Fast Performance • High frequency of protocol and DPI engine updates • High classification accuracy (no false positives) • Low processor to memory consumption ratio • Support for over 500 protocols • Support for thousands of applications

THANK YOU! Ian Betteridge Ian.betteridge@ipoque.com Phone +49 341 594030 Fax +49 341 59403019

Add a comment

Related presentations

Related pages

DSS ITSEC 2013 Conference 07.11.2013 - ALSO - Guardium ...

Share DSS ITSEC 2013 Conference 07.11.2013 ... reporting • Sign-off management • Automated ... 2013 Conference 07.11.2013 - IPOQUE Traffic ...
Read more


DSS ITSEC 2013 Conference 07.11.2013 - IPOQUE Traffic Management Andris Soroka. Centre technique-brochure AREVA. English Espanol Portugues Français Deutsche
Read more

IBM X-Force 2013 Mid-Year Trend and Risk Report

IBM X-Force 2013 Mid-Year Trend and Risk Report ... 4th international annual conference “DSS ITSEC 2013 ... (07.11.2013) 4 IBM Security ...
Read more

Information security - Wikipedia, the free encyclopedia

In 2013, based on a thorough ... (PCI DSS) required by Visa and ... Procedures, and Standards: guidelines for effective information security management ...
Read more

Operations research - Wikipedia, the free encyclopedia

Network data traffic: ... Simulation and Education Conference (I/ITSEC) ... A Journal of the Institute for Operations Research and the Management Sciences;
Read more

Protection against DDoS and WEB attacks - 6th annual ...

(1.07.2013) – DDoS attack on ... 40Gbps of legitimate traffic Anti-DoS, NBA ... HW или VA Security Event Management (SEM) 17 . DefensePro Protection ...
Read more

Radware | LinkedIn

... Director of Security Product Management at Radware ... after a cohort of site traffic was served ... DSS ITSEC 2013 Conference 07.11.2013 -Radware ...
Read more