In association with
Axians is the VINCI Energies brand dedicated to ICT
Defence Strategies For ManagingNetwork Security Risks October 2017
182Defence Strategies for managing network security risks axians.co.uk/network-monsters
Chapter 1. Security Insights
1. Introduction - The Battle of the Network
2. Network Security Defence
2.1 Data Protection
What are the best practices to protect you network?
Match the Security Monster Move for Move with Sky ATP
2.2 Malware
What are the best practices to protect you network?
Juniper Networks: When Malware Strikes
2.3 DDoS
What are the best practices to protect you network?
Verisign: Detect and Mitigate
3. The Axians Approach - Security Assessments
183Defence Strategies for managing network security risks axians.co.uk/network-monsters
Network Gods and Monsters
THE BATTLE AGAINST CYBER SECURITY THREATS
Mythology has taught us to avoid the traps and the beaten path and keep an eye out for the
monsters. In Greek Mythology, the monsters are varied in size, style and appearance, and much like
the types of security breaches that continue to emerge, these are threats we need to know how to
overcome. But sometimes when you cut of the head of the three-headed monster, two more heads
appear in their place. So, what defences are there and how do we defeat them?
Network failure is not an option in a world where connection is a demand from consumers 24/7.
When there is a security breach in your network, there needs to be minimal delay in mitigating that
risk with no disruption to service. Network security attacks are constantly evolving and becoming
more intelligent and harder to detect, but so is the technology that helps to defend your business. In
today’s environment, the security landscape needs regular monitoring and refinement and the right
tools to protect against any attacks. If you protect yourself against one type of monster, you may find
that next time it attacks, it has some new tricks up its sleeve.
So do not ignore the monsters lurking in the dark corner of the network; discover their weaknesses
and sharpen your tools in preparation.
184Defence Strategies for managing network security risks axians.co.uk/network-monsters
Network Security Defence
KNOW YOUR DEMONS AND HOW TO DEFEAT THEM
The Tale of Jamven Taletreader (The Iron
Knight) and Spycron, The Data Demon
According to legend, Jamven Daveak was trained in the clouds as a young boy, wielding his bow and arrows to strike The Data Demons from great distances. He is never seen without his layers of armour in order to protect his people from Spycron, who pick vulnerable networks to swoop down on, clawing through data and taking rich pickings that they can blackmail for gold.
185Defence Strategies for managing network security risks axians.co.uk/network-monsters
Network Security Defence
BEST PRACTICES TO PROTECT YOUR NETWORK DATA
Defence Strategy
Data protection must form an integral part of the architecture of every organisation, considering the
way people work and communicate and how it can be done as safely and efficiently as possible. All
organisations need to balance the level of importance of the data held, where it comes from, how it’s
hosted, and who it goes to, with the level of security measures they put in place.
A sustainable framework for data governance and security, crisis management procedures and IT
architecture needs to be established to achieve a strong security ecosystem and should be at the
heart of every piece of technology used.
Defensive tools
Sky Advanced Threat Protection (ATP) accesses intelligence from the network on where attacks
are and how to mitigate them. This integrates into the Juniper Software Defined Secure Network
portfolio, building a self-healing policy and security into the core of the network. Under this
framework the response is automated so that you can fight more than one security monster at a
time, bringing together a more coherent and powerful protection.
Flowmon will detect unusual activity in the network. Not only will it detect it, but it will isolate the
issues to be fixed. It allows you to look at the behaviour of the network rather than the specific
infection.
Axians Security and Risk Assessments help understand the network challenges, for an outcome that
protects your specific needs. By reviewing, understanding and interpreting data we can build risk
assessments to help towards data compliance regulations.
Attack Spying and stealing your data
Accessing your business
Eating away at your operations
Defence Real-time protection
Extra layers of defence
Direct Detection
186Defence Strategies For Managing Network Security Risks axians.co.uk/network-monsters
MATCH YOUR SECURITY MONSTER MOVE FOR MOVE WITH JUNIPER SDSN
187Defence Strategies for managing network security risks axians.co.uk/network-monsters
Juniper Networks As security threats continue to rise, it is not enough to use traditional security measures
for defence. To outsmart cyber criminals, you need an intelligent and automated security
solution that can match the bad guys move for move.
The Software-Defi ned Secure Network (SDSN) is a cyber defence ecosystem, ready to defend your busi-
ness with end-to-end security capabilities that mitigate the risk of a breach.
Juniper’s software defined secure networks looks to automate security and adapts to stop new, hard-to-detect threats.
Increase Sophistication
Increase variability
Detecting threats that are already inside
Crucially keeping data secure throughout your network
The Next Line of Defence
Crucially keeping data secure throughout your network
Why Juniper
Leverage the entire network, including the access switches
Expanded defence posture includes third part switches
SDSN adapts to stop new, hard to detect threats
Utilise end-to-end automated security
188Defence Strategies for managing network security risks axians.co.uk/network-monsters
Network Security Defence
BEST PRACTICES TO PROTECT YOUR NETWORK
FROM MALWARE
The Tale of Daveak Goblinsfoe and
Kribsell,The Ransomware Reptile
Daveak, known for his firey auburn hair and sharp wit, is poised with his fist of fire and flaming sword to protect the network from Kribsell, The Ransomware Reptile. His long, green tentacles reaching into the network and poisoning systems will make your systems and business vulnerable.
189Defence Strategies For Managing Network Security Risks axians.co.uk/network-monsters
Network Security Defence
BEST PRACTICES TO PROTECT YOUR NETWORK
FROM MALWARE
Defence Strategy
Attacks like phishing emails are dangerous. They reach out to the whole business, easily going undetected.
Big attacks such as Mirai and Petya have shown that these threats can damage your business by infecting
and deleting data. Some of these attacks come through trusted sources and software, so your systems are
the fi rst line of defence. But your network needs strong visibility to detect and isolate these attacks.
All web connected devices, if not secured, are open doors for any malicious organisations or individuals
to gain access to internal networks or the end-point device itself. Consequently, businesses need to
ensure that they seek expertise from professionals to understand the risks and vulnerabilities as well as
the eff ective mitigation and prevention methods.
Defensive tools
Sky ATP (Advanced Threat Protection) accesses intelligence from the network on where attacks are and
how to mitigate them. It seeks out the monster and informs the network, saving your business valuable
time and operational costs.
Flowmon Network Behaviour Anomaly Detection (NBAD) solution will detect if there is malware on any
device, sensing unusual activity in the network. Not only will it identify the activity, it will isolate the
malware to be fi xed. This allows the administrator to look at the behaviour of the network rather than
the specific infection.
Axians Security Assessments and Audits will provide the visibility and expertise to help understand the
network challenges. By reviewing, understanding and interpreting the data you can make sure that
improvements are continually made.
Attack Malicious Ransomware
Damages and blocks information
Infects your systems
Defence Direct Detection
Eradicates infections
Isolation and Mitigation
1810Defence Strategies For Managing Network Security Risks axians.co.uk/network-monsters
WHEN MALWARE STRIKES: HOW WILL YOU PROTECT YOUR NETWORK ?Sky Advanced Threat Protection (ATP)
1811Defence Strategies For Managing Network Security Risks axians.co.uk/network-monsters
Juniper Networks
Sky ATP uses machine learning across all detection techniques. It employs a number of
innovative techniques to lure malware into revealing itself, which measurably increase
detection rate. Sky ATP also detects software communicating to unusual servers and
evaluates that activity.
A full networking hardware portfolio – routers, switches, and fi rewalls – gives a much richer set of data
and behaviour, far beyond what is available to vendors who only off er standalone security appliances.
New strains of malware are constantly threatening businesses and creating angst for IT Managers. As
cyber risks grow in both volume and sophistication, the tools used to fi nd and eradicate them have to get
smarter and scale better.
Early in Sky ATP’s analysis pipeline, each new sample is run against a suite of anti-virus engines, which is
a fast and effi cient way to catch and fi lter out known threats and their close variants.
The Juniper Approach
Juniper Networks Sky ATP cloud-based solution detects malware and mitigates threats. Unlike many
other security systems, which started out simplistic and evolved over time, Sky ATP was purpose-
built to take full advantage of modern and innovative machine-learning techniques.
Sky ATP includes the information and identifies what traditional threat prevention tools use but, in
addition, takes advantage of ambiguous structural and behavioural properties of potential malware
to determine maliciousness.
Removing these known threats from the analysis pipeline as early as possible reduces the load on the
more computationally expensive parts of the pipeline, which include static analysis engines and full
sandbox detonation.
Traffi c is fed to the cloud from customers’ Juniper Networks SRX Services Gateways. This way,
requirements to adapt to the current threat landscape are made centrally, and customers do not have to
change out their fi rewalls.
Conclusion
While machine-learning isn’t, by itself, the golden bullet, it fundamentally changes the security landscape
by improving accuracy of detection. Machine-learning doesn’t remove the people in the network, it
enables them by handling complex data. Combined with other security methods, machine-learning is the
only tool available that can tame attacks at a massive scale.
1812Defence Strategies for managing network security risks axians.co.uk/network-monsters
Network Security Defence
BEST PRACTICES TO PROTECT YOUR NETWORK FROM DDOS
The Tale of Aluvial Urthadar (The Scout)
and Drisddos, The Bison
Aluvial Urthadar, with her powerful rope skills is the best of the best, never failing at a quest to defend the paths of the kingdom as its most loyal scout. She has a knack to trick The Bison, sending him off the capacity path. Without this protection from Aluvial, Drisddos and his botnets can easily overwhelm the village, causing distraction and consuming your data crops.
1813Defence Strategies For Managing Network Security Risks axians.co.uk/network-monsters
Network Security Defence
BEST PRACTICES TO PROTECT YOUR NETWORK FROM DDOS
Defence Strategy
DDoS attacks can overwhelm the network bandwidth, which could lead to satisfaction in your services
dropping. It not only sits on your network consuming bandwidth, but can be used to distract you from
other viruses and monsters that are elsewhere, infecting systems. All is not lost, as 75% of DDoS attacks
could be mitigated with the hardening of your network.
Using fl ow-based protection, you can detect spikes in the bandwidth across a large estate. It helps by
identifying things out of the ordinary. On-premise detection and mitigation is also a defence strategy.
This will show you what is going in and out of the network, allowing you to stop monsters getting
through. If you have more than one path of network traffi c to deal with, there are solutions and tools
available to provide a control room, so you can direct bad traffi c to where it can be mitigated, without
disrupting day-to-day operations.
Defensive tools
Verisign’s DDoS protection services’, cloud-based mitigation platform, off ers a complete DDoS protection
solution; intelligence-driven to protect your critical applications and network.
Corero uses an on-premise mitigation solution, where the search for cyber attacks who have invaded a
network allows for these intruders to be mitigated immediately.
Axians DDoS Risk Assessments provides you with a report based on the data and best practice to
implement, mitigate or limit the exposure of a DDoS attack.
Attack Eats and blocks bandwidth
Distracts you from other attacks
Possessive and hungry
Defence Detecting their network movements
Maintaining the path
Multiple route mitigation
1814Defence Strategies For Managing Network Security Risks axians.co.uk/network-monsters
VERISIGNIn Q2 2017, Verisign observed that DDoS attacks remain unpredictable and persistent,
and vary widely in terms of volume, speed and complexity. As such, DDoS events need
to be closely monitored for changing vectors in order to optimize mitigation strategies.
NUMBER OF ATTACKS 55% decrease compared to fi rst quarter
ATTACK PEAK SIZE Volume: 12 gigabits per second
Speed: 2.5 Million packets per second
AVERAGE ATTACK PEAK SIZE 2.7 Gbps
25% of attacks over 5Gbps
MOST COMMON
ATTACK TYPE MITIGATED 57% User Datagram Protocol Floods
74% Employed multiple attack types
Q3 2017 Verisign DDOS Trends Report
EXECUTIVE SUMMARY DDoS attacks and ransomware attacks are damaging enough when used separately to cripple
an organization’s network. However, cybercriminals are becoming more sophisticated and are
combining DDoS attacks and ransomware for greater impact. In one published attack, there was a
ransomware variant that held the organization’s machine and data hostage until the ransom was
paid. While the attackers waited for the ransom payment, they used the organisation’s machines as
botnets to launch DDoS attacks on another unsuspecting victim.
1815Defence Strategies For Managing Network Security Risks axians.co.uk/network-monsters
DETECT AND MITIGATE
1816Defence Strategies for managing network security risks axians.co.uk/network-monsters
1817Defence Strategies For Managing Network Security Risks axians.co.uk/network-monsters
The Axians Approach
REDUCE THE IMPACT OF CYBER SECURITY BREACHES ON
THE NETWORK
A large percentage of businesses in the UK have suff ered a security breach in their network in the last
year, costing in operations loss, brand reputation damage and profi tability. With the complexity of
attacks increasing, it is diffi cult to keep up to date and ensure that you have the appropriate security
infrastructure in place to mitigate any threats and protect your network and customers.
Our Network Security Assessment has been designed to deliver a rapid, detailed picture of the current
state of your network and access security. Helping businesses meet objectives and ensure defences are
in place.
Our approach includes a three-phase programme; assess, educate and prepare. We start by
understanding your security needs and requirements for change:
Conducting an in-depth audit of:
The Current Network
Access Security Structure
Services And Features
Our recommendations:
Where And How Changes Can Be Made
How To Be More Secure And Reduce Risk
Address Gaps And Meeting Business Security Requirements
At the end of the assessments we off er:
Observations And Recommendations For Next Steps
Analysis Of Data Gathered
A Final Workshop To Discuss Findings In Detail And Provide Consultancy.
axians.co.uk/network-monsters
#battleforthenetwork
Viables 3, Jays CloseBasingstoke
RG224BS
+44 (0)1256 312 350
axians.co.uk