All rights reserved © 2005, Alcatel Enhanced Security situational Awareness for (Enterprise)...

All rights reserved © 2005, Alcatel

Enhanced Security situational Awareness for (Enterprise) networks

Bertrand Marquet / François Cosquer Alcatel

All rights reserved © 2005, AlcatelToronto, May 19th, 2005

Agenda

The security challenge

Situational awareness by Security Assurance measurement

How can security assurance be measured

Addressing complexity

Illustrations

Conclusion / questions


Security challenge

Deploying new technologies, businesses are faced with challenge of :Reducing possible associated risks With increasing productivity based on confidence in current

security functions deployed

Security Assurance = confidence / (residual) risks

Risks

Confidence in counter measures

Manage it in an acceptable range (ratio cost/loss)

Cost too high

Loss too high


Situational awareness by security assurance measurement

Assurance Measurement is characterized by : Effectiveness of the security countermeasure

versus Likelihood of a risk occurrence

Security Assurance = confidence / (residual) risks

Risks

Confidence in counter measures

Measurement

Cost too high

loss too high

Effectiveness

Likelihood


How can assurance be measured ?

Mainly, using two systems, sometimes combined,

Intrusion Detection System Measure lack of effectiveness of security function Generate too much (security) noise

Vulnerability assessment / patch management Measure likelihood of an potential vector of risk based on

combination of several thousands identified vulnerabilities Scalability challenging

Main challenge is to address complexity Main challenge is to address complexity


Addressing complexity (1/2): Concepts

Ability to assure in operation = F (1/Complexity)

Reduce the complexity to measure the assurance

Reduce the complexity to measure the assurance

Selection of points of measurement of the assurance

Selection of points of measurement of the assurance


Addressing complexity (2/2): One implementation

Reduce selectively the complexity to measure the assurance Reduce selectively the complexity to measure the assurance

Phase 2 Deploy and Calibrate intelligent “probes” Phase 2 Deploy and Calibrate intelligent “probes”

Phase 2 Provide (near) real time associated indicators Phase 2 Provide (near) real time associated indicators

During operation (require light process)

Phase 1 Spot top 10(-20) “problems” in the topology Phase 1 Spot top 10(-20) “problems” in the topology

Before operation (compatible with heavy process)


(Simplified) Illustration

Wireless / Mobile


Risk / Topology

basestation

fixed

nomadic

accesscontroller

NMS

billingsystem

IP Backbone

WiMAX

Internet

fixed

nomadicWiFi

Access Points

AAA server

mobile

SIP phone

accesscontroller

Fixed

Threat level High Medium

Low


Low level of security assurance

basestation

fixed

nomadic

accesscontroller

NMS

billingsystem

Gateway

IP Backbone

WiMAX

Internet

fixed

nomadicWiFi

Access Points

AAA server

mobile

SIP phone

accesscontroller

Fixed

Assurance Level High = A+B+C Medium = A +B

Low = A

A

A

A


Increased level of assurance + SOX

basestation

fixed

nomadic

accesscontroller

NMS

billingsystem

Gateway

IP Backbone

WiMAX

Internet

fixed

nomadicWiFi

Access Points

AAA server

mobile

SIP phone

accesscontroller

Fixed

Assurance Level High = A+B+C Medium = A +B

Low = ARegulation specific = R

B

A

A

A BB

B

R


Security assurance topology

B

A

A

A BB

R

B

A

A

A

Metric-Successful / failed auths

CalibrationStatistics

Metric

CalibrationMetric

Calibration

Low assurance Higher assurance


Conclusion


Conclusion

Security assurance as, a confidence factor, needs to be measured when securing (enterprise) network Complexity of data and voice networks is a major obstacle to measure the security assurance We are working on complementary approaches to guaranty effective security in order to protect

Intellectual property (Confidentiality, Integrity) Continuity of business (Availability)But also, Justify security (investments) Provide proofs (Regulation/law compliance)

Alcatel has initiated and is involved in several research projects to address those topics

Funded Canadian Defense project Funded European Consortium


Security

Reducing risks to an Enterprise Network

“Strategic, Technical” Protection of the intellectual property of the enterprise Business continuity

“Legal” Regulation and legal compliance


Countermeasures (1/2)

Giving countermeasures of potential threats to assets of the

enterprise

Incidentals Deliberate Internal/external

Necessary (mandatory) response for regulations compliance

SOX, GLBA HIPAA, More to come ….


Countermeasures (2/2)

Protection mechanisms deployed to guaranty fundamental properties:

Confidentiality, Integrity, Availability.

Of data flows through diverse and combined types of measures

Preventive, Detective, Reactive.


Losses vs. costs

Manage it in an acceptable

range Situational awareness

Security assurance

$

“ security level”

Riskcosts

Risk losses

Risk losses +

costs


Phase 1 “Security Reduced” topology

One solution is Topology overlay to spot most critical devices, based on vulnerabilities research So the reduced topology become the top 10-20 critical devices or functions Heavy process as a decision support not operation

Regulations explicitly describe point of measurement Traceability from requirements Assurance required on the identified security enforcing component


Phase 2:

Challenges: Define MetricsHeavy process results can be used

to validate metrics and calibrate measurement To limit false positive / retroaction

Visualization with simple indicatorsAssociation of security Assurance level

Increase/decrease the requested level of assurance– Change metrics of indicators– Increase/decrease the numbers of indicators

All rights reserved © 2005, Alcatel Enhanced Security situational Awareness for (Enterprise)...

Documents

Transcript of All rights reserved © 2005, Alcatel Enhanced Security situational Awareness for (Enterprise)...