One of the key points of Amit’s keynote was the need for comprehensive visibility of our environments. When the threat is unknown, or zero-day, one option for detection is analysis of traffic for anomalies. Massive traffic volumes inside ultra-scale data centres mean that detailed inspection of every packet would require a doubling of processing capacity. The commonly taken approach is to collect information on each data session or flow, and analyse flow records for unusual behaviour or anomalies, indicating a potential attack or infection.
It is not news that to make measurable improvements to network data security, organisations need to invest in the most current tools and share key knowledge, Flocon 2016 featured a full technical programme which not only highlighted some of the most critical issues surrounding analytics but also outlined actionable solutions. We fielded a number of questions from delegates regarding the growth of external and internal network data, what to do with that information and how it is now the ‘insider threat’ that poses the most risk. The fast paced nature of cybercrime means that cyber security professionals need to find a way to match the threat actors pace, to ensure that threat detection can be turned in to quick incident response.
Steve is an experienced technical B2B cyber security specialist and Director. Steve is a frequent speaker on topics including security breaches, big data analytics, audit and compliance, and IT forensics.
A signature based IDS, such as Suricata, monitors packets on the network and compares them against a database of signatures or attributes from known malicious threats. Multi-threading and load balancing across CPU cores provides performance gains, however, one of the largest CPU consumers is signature scanning, which can consume up to 80% of CPU load. By offloading signature scanning to an accelerator card, cost effective IDS systems can be built for breach detection and forensics in the network core.
The MPAC-IP 7000 series features variable offset 7 layer deterministic pattern matching at line rate and controlled using Telesoft’s rapid development API, both our 100GbE and 4x10GbE solutions allows operators to maintain ultra-high-speed links ensuring high-performance, security and compliance.
Financially motivated hackers look to exploit vulnerable networks to steal data, money, or disrupt network operations for those willing to pay for the service. It’s no longer just hobbyist hackers looking to infiltrate networks for fun. If IDS and IPS systems, a vital component of any network security architecture, become saturated any worms, spyware, or disruptive packets can bypass security measures entirely, infiltrating the network and causing damage whilst remaining undetected. At best, with fail-closed IPS, the network is disrupted. At worst, your network is the latest to be featured in the news for being hacked.
The obvious advantages of an NFV network architecture are reduced capital expenditure (CAPEX) and operating expenditure (OPEX). Whereas the old paradigm required bespoke hardware devices for each network function – hardware devices that quickly became obsolete as average hardware capabilities surpassed them – NFV allows network functions to be virtualised and run on commercial off the shelf (COTS) servers.
To reduce operating expenditure (OPEX) and minimise rack space usage hardware accelerator cards can be implemented into existing Commercial off the Shelf (COTS) servers or integrated into new systems. Offloading processing to a hardware accelerator card, such as the MPAC-IP 7000 Series from Telesoft, enables the host COTS server to maximise processing power for third party applications without the need for an expensive overhaul of existing infrastructure. Resources can then be freed up and re-purposed or used to extend processing capabilities, reducing capital expenditure (CAPEX).
Stringent standards for protocol adherence and stability meant development of these hardware devices was slow but despite the time spent developing them the continual acceleration of hardware capabilities, as described by Moore’s law, meant they soon became obsolete. This resulted in operators continually having to repeat the cycle of design, integrate and deploy just to keep up with competitors. Not only is this expensive, it does little if anything to bring in additional revenue as customers come to expect the services offered by the new hardware platforms as standard.
Sophisticated cyber-attacks, orchestrated by well organised and financially motivated criminal groups, look to take advantage of holes in network security that become vulnerable as networks increase in complexity. The goal of such attacks is to steal valuable data, money or to cause general network disruption but the effects extend beyond the immediate damage caused by the attack. The potential ramifications such as loss of credibility, reputation, customer trust and legal breaches could have a significant lasting negative impact for businesses and organisations.
A recent whitepaper from Telesoft looked at the enormous increase in high bandwidth services, in particular video, and the difficulties this creates for monitoring and analysis systems. Many providers are finding that it’s not commercially sustainable to keep purchasing more hardware and software in response to demand for high bandwidth services which are projected to keep increasing.
We are using cookies to provide statistics that help us give you the best experience of our site.
Cookies are short reports that are sent and stored on the hard drive of the user's computer through your browser when it connects to a web. Cookies can be used to collect and store user data while connected to provide you the requested services and sometimes tend not to keep. Cookies can be themselves or others.
There are several types of cookies:
Technical cookies that facilitate user navigation and use of the various options or services offered by the web as identify the session, allow access to certain areas, facilitate orders, purchases, filling out forms, registration, security, facilitating functionalities (videos, social networks, etc..).
Customization cookies that allow users to access services according to their preferences (language, browser, configuration, etc..).
Analytical cookies which allow anonymous analysis of the behavior of web users and allow to measure user activity and develop navigation profiles in order to improve the websites.
So when you access our website, in compliance with Article 22 of Law 34/2002 of the Information Society Services, in the analytical cookies treatment, we have requested your consent to their use. All of this is to improve our services. We use Google Analytics to collect anonymous statistical information such as the number of visitors to our site. Cookies added by Google Analytics are governed by the privacy policies of Google Analytics. If you want you can disable cookies from Google Analytics.
However, please note that you can enable or disable cookies by following the instructions of your browser.