Page 38 - Publication6
P. 38
Not a week passes without news of another company or buy it. This article will address the high level
announcing a data security breach. Many of these breaches components required to build a solution, and then close
start with the Point of Sale (POS) systems, but as we saw with a complete off the shelf product that you can purchase
with Anthem, Sony and Edward Snowden, that isn't always today which provides many of these capabilities as it
the case. Regardless of where the breach starts, nearly all of leverages all the components discussed. Building versus
the valuable data lost flows through, and eventually out of buying is often a corporate culture thing, but when facing
the enterprise. Imagine if a small team of clowns walked the problem of real-time data breaches the solution
into your business in the middle of the day, went straight requires fairly new high performance technology that is
to your server room, pulled out big clown scissors, cut all just starting to appear in appliance class products.
the cables front and back on your servers and proceeded
to carry them out to their clown car. Certainly employees We�re talking about wire-rate packet capture over multiple,
would question what was going on, and surely someone possibly many 10GbE and 40GbE links, perhaps between
would stop them before the servers actually left the virtual machines, amassing huge volumes of data, then
building. Today that's exactly what's happening; only the crunching through this data in real time hunting for
clowns are black hat hackers acting remotely. external leaks or insiders amassing files as they prepare for
their departure. Everyone eventually leaves their company,
All companies have firewalls, many have intrusion so enterprises should be prepared for employee departures,
detection systems, and some install intrusion prevention especially IT staff, people like yourself, who know where
systems, but does your company capture and analyze all all the keys are stored.
the traffic flows entering, and leaving your enterprise� Even
Building Your Own Real Time Threat Visibility System
more daunting, imagine capturing all of the flows within
To solve any mystery one needs clues. In the world of
your company, then scrubbing that data looking for unique
networking we look for clues in the network packets we
traffic patterns, perhaps in real time�
capture. There are several ways to capture packets. If your
servers leverage virtual machines you can spawn another
At then end of December Norse specifically identified the
virtual machine on each server to automatically receive a
Sony employee who was laid off in May, and who departed
copy of all the �network� packets entering, leaving, or
with tens of gigabytes of Sony movies and digital assets.
travelling between VMs on that server.
This employee was someone in IT, possibly very much like
you who, had access to many of the digital security
How is this possible� If you utilize Solarflare Flareon ®
certificates, admin ids and passwords within Sony, many
network adapters, they have a Layer-2 switch in the silicon
of those items were included in files and spreadsheets that
that handles all VM to VM communications, and it also
Gods Of Peace released.
has the capability to sniff, send a copy of every packet to a
®
VM running SolarCapture Pro (SCP). For more traditional
Sony knew months before that they were separating people
servers you�ll need to setup capture servers with Flareon
from the business, had they been looking for unusual
adapters that are running SCP.
internal network traffic patterns they might very well have
been able to thwart this digital theft.
You can then put optical network taps on your production
server�s fiber ports to capture a copy of all the traffic
So as your corporation�s security expert how can you detect
entering and leaving these servers. Another method is to
and halt the theft of your company�s digital assets� There
connect your capture server up to your switch�s spanning
are two simple approaches to a solution. You can build it
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 3
