By
Dr. Antonio Nucci
Managing and securing large IP networks has become nothing short of a nightmare for network operators due to their increasing complexity. Defending against a gamut of innovative and sophisticated network attacks adds to the complexity, making it harder for operators to effectively deliver value-added services to increase business revenue. Operators tend to install silo applications to address specific network problems, resulting in inefficient business operations.
However, operators are turning to a new concept in which their existing infrastructure investments are leveraged and combined with security and traffic management solutions to create a complete system – a gateway to traffic intelligence.
Common Solutions for Managing and Protecting IP Traffic
Historically, operators have purchased siloed applications and installed them incrementally to address specific needs, each of them deployed to solve a specific problem. This practice led to a dispersion of information across many products that do not interact with each other, and a large operational investment to manage and maintain this complex infrastructure.
|
|
As DPI vendors are asked to handle increasingly faster speeds, content inspection and data analysis are sacrificed. |
|
In terms of security, many shields of defense are needed and thus deployed in today's networks, such as firewalls, IDSs, SEMs, and NBAD. Firewalls examine incoming or outgoing packets and allow or disallow their transmission or acceptance on the basis of a set of configurable rules, called policies. Although firewalls represent an indispensable shield to deploy, they require knowledge of attacks in order to be effective, and thus are vulnerable to zero-day threats and
|
|
|
|
Operators most often use deep packet inspection (DPI) for traffic management, and a wide range of solutions for traffic security, including firewalls, intrusion detection systems (IDSs), security event managers (SEMs), and network behavior anomaly detection (NBAD).
DPI provides visibility and control of protocols, services, and applications, but its intelligence is confined to inspecting one link at a time and is therefore unable to provide visibility of the traffic from a network-wide perspective. As DPI vendors are asked to handle increasingly faster speeds, content inspection and data analysis are sacrificed. DPIs are limited in their abilities to parse entire packet payloads and act as forensic devices, and are unable to process data with sophisticated algorithms that are required to deal with present and future threats.
|
|
sophisticated attacks. Furthermore, they have no visibility into the attack preparation, propagation, result and identity of the attacker.
IDSs detect unwanted manipulations of end hosts; several types of malicious behaviors such as network attacks against vulnerable services; data-driven attacks on applications; host-based attacks, such as privilege escalation, unauthorized logins and access to sensitive files; and malware. Although IDSs are capable of detecting zero-day attacks, they still do not provide visibility into attack preparation, propagation, intent, identity, and effectiveness. SEMs enable SOC efficiency by correlating dispersed and unassociated security events. An SEM system allows the operator access to all logs through a consistent central interface. The events can be parsed for
article page
| 1
| 2
| 3
| 4
| |
|
