End-to-End Autonomic (Closed-Loop) Security Management ...
Transcript of End-to-End Autonomic (Closed-Loop) Security Management ...
![Page 1: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/1.jpg)
ETSI TC INT AFI WG 5G PoC 2020 Demo: 8th December 2020
End-to-End Autonomic (Closed-Loop) Security Management & Control for 5G Networks
Towards Standardization of a Generic Framework for Multi-Domain Federated ETSI GANA Knowledge Planes (KPs) for End-to-End Autonomic (Closed-Loop) Security Management &
Control for 5G Slices, Networks/Services
![Page 2: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/2.jpg)
Presenters
Tayeb Ben Meriem, PhD: Orange: Senior Standardization Manager & Technical Expert: ETSI TC-INT/AFI WG Chair; ETSI PoC Steering Committee Member; France
Ranganai Chaparadza, PhD: Altran CapGemini Germany: Technical & Standardization Expert & Senior Consultant for Vodafone Consultant; IPv6 Forum; ETSI PoC Steering Committee Member; Germany
Muslim Elkotob, PhD: Vodafone: Technical Expert and Solutions Design Architect & Standardization; Germany
Benoit Radier, PhD: Orange: Standardization & Technical Expert; ETSI PoC Steering Committee Member; France
Eugen Hinz: Check Point Software Technologies GmbH, Germany
Aviv Abramovich: Check Point Software Technologies, Israel
Michael Stichel: Check Point Software Technologies GmbH, Germany
Chris Federico: Check Point Software Technologies, Israel, USA
Javier Padilla: Check Point Software Technologies, Israel, USA
Ryan Darst: Check Point Software Technologies, Israel, USA
2 © ETSI 2012. All rights reserved
![Page 3: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/3.jpg)
3 © ETSI 2012. All rights reserved
Key Messages & Reflections on the Need for Autonomic (Closed-Loop) Security Management &
Control in 5G, based on the White Paper No.6:https://intwiki.etsi.org/images/ETSI_5G_PoC_White_Paper_No_6.pdf
![Page 4: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/4.jpg)
4 © ETSI 2012. All rights reserved
AGENDA Outlook
![Page 5: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/5.jpg)
AGENDA Outlook
Opening/Introduction: Tayeb Ben Meriem, Chris Federico/Michael Stichel
Brief Overview of the 5G PoC and ETSI TC INT AFI WG; Business views of the overall 5G PoC: Presenter: Tayeb Ben Meriem, Chris Federico
Agenda Introduction: Presenter: Ranganai Chaparadza
ETSI GANA Framework for Multi-Layer Autonomics, and the Integration of the ETSI GANA Knowledge Plane (KP) with SDN, NFV, Big-Data, OSS/BSS & Other Frameworks/Systems: Presenters: Ranganai, Tayeb, Muslim, Benoit
The Generic Framework for Multi-Domain Federated ETSI GANA Knowledge Planes (KPs) for End-to-End Autonomic (Closed-Loop) Security Management & Control for 5G Slices, Networks/Services: Presenters: Ranganai, Benoit
Summary of the Next Steps to launch Standardization of the Framework in ETSI: Presenters: Ranganai, Tayeb
Capabilities of Check Point Security Components & Functions that enable the Industry to Implement the Framework (in line with the ETSI GANA Framework): Presenters: Chris Federico, Ranganai, Benoit
How Checkpoint Security Management Platform R80 can be used to implement GANA KPs’ Security Management-DEs: Presenters: Chris Federico, Ranganai,
DEMO on Autonomic Security Assurance for Differentiated Security SLAs for 5G Slices, while applying Security-as-a Service (SaaS) Model for Telcos: Presenters: Muslim, Javier Padilla
5 © ETSI 2012. All rights reserved
![Page 6: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/6.jpg)
Introduction to the ETSI INT AFI WG 5G GANA PoCand Consortium (Open to Join)
![Page 7: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/7.jpg)
ETSI 5G PoC Consortium
7 © ETSI 2012. All rights reserved
![Page 8: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/8.jpg)
8
ETSI AFI
PoC
Program
2016
Demo#2 Demo#3
Demo#1 Demo#4
2019
2020
2018
2017
Autonomic Service
Assurance for the IoT
(Smart Insurance
Implementing C-SON
as an ETSI GANA
KnowledgePlane
Programmable Traffic
Monitoring Autonomic
Service Monitoring
Autonomic Security
Management &
Control fro 5G Networks
![Page 9: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/9.jpg)
9 © ETSI 2012. All rights reserved
ETSI GANA Multi-Layer Autonomics and the Integration of the ETSI GANA Knowledge Plane (KP) with other systems, e.g. with Orchestrators, SDN Controllers,
NFV MANO, and OSS/BSS or Configuration Management Systems
![Page 10: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/10.jpg)
ETSI GANA as a Holistic & Unifying Model for AMC (Autonomic Management & Control) that fuses together the well-established models for AMC: (Reference : ETSI TS 103 195-2)
10
KNOWLEDGEPLANE
(D. Clark), MIT
EC-Funded FP7 EFIPSANS, Self-NET, E3,
SOCRATES, 4WARD, and other R&D Projects
![Page 11: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/11.jpg)
Instantiation onto CSPs’ Networks (e.g. 5G Nets)
ETSI GANA Reference Model; Instantiations onto various Networks and Mgmt&Control Architectures
11
ETSI TS 103 195-2
GANA is a Model for Multi-Layer Autonomics & Multi-Layer AI Models & Algorithms
![Page 12: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/12.jpg)
interne Orange12
GAN Multi-Layer Autonomics & AI and ETSI GANA Knowledge Plane(KP) Integration with other Systems
![Page 13: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/13.jpg)
13 © ETSI 2012. All rights reserved
The Generic Framework for Multi-Domain Federated ETSI GANA Knowledge Planes (KPs) for End-to-End Autonomic
(Closed-Loop) Security Management & Control for 5G Slices, Networks/Services
![Page 14: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/14.jpg)
interne Orange14
Hierachical Security Management & Control in GANA Framework and Security as a Service (SaaS) Enablers
![Page 15: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/15.jpg)
Security Management DE Programming StandaloneSecurity Functions or Embedded in Network Functions
![Page 16: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/16.jpg)
interne Orange16
Federation of GANA Knowledge Planes (KP) for E2E Autonomic (Closed-Loop) Service Assurance of 5G Slices
![Page 17: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/17.jpg)
interne Orange17
Federation of GANA Knowledge Planes for E2E Autonomic (Closed-Loop) Service Assurance of 5G Slices
![Page 18: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/18.jpg)
Intra-KP Decision Elements (DEs) Communications and Coordinations
![Page 19: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/19.jpg)
GANA ONIX – Real-Time Security Info/KnowledgeRepository as part of ONIX Federated Information Servers
ONIX = Overlay Network for Information Exchange
![Page 20: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/20.jpg)
Federation of Real-Time Security Info/KnowledgeRepositories Across Operators (as Multi-Domains)
ONIX = Overlay Network for Information Exchange
![Page 21: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/21.jpg)
Example Approach on How to Design a GANA Decision Element (DE) Logic, e.g. based on IBM MAPE-K Model
![Page 22: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/22.jpg)
Correlation Role of a Security-DE in Open / Closed-Loop Autonomic Security Management & Control
![Page 23: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/23.jpg)
23 © ETSI 2012. All rights reserved
Capabilities of Check Point Security Components & Functions that enable the Industry to Implement the Framework (in line with the ETSI GANA
Framework)
![Page 24: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/24.jpg)
Implementation of Security Management-DE and Real-Time Repository for Threats Information using the CheckPoint Threat Cloud
Currently the Security-Management-DE is implemented in the ThreatCloud to run in Open-Loop Mode but can be made to run in Closed-Loop Mode.
![Page 25: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/25.jpg)
Security Mgnt-DE of Specific KPs programs the Checkpoint Security Function under its responsibility
Fast Control-Loop Security Management DEs may beimplemented in Infra
Check Point Programmability: Option-A: Horizontal Federation of GANA Knowledge Plane (KP) Platforms, and
![Page 26: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/26.jpg)
Check Point Programmability: Option-B: Hierarchical Federation of GANA Knowledge Plane (KP) Platforms,
Security Mgnt-DE of Specific KPs programs its part of Checkpoint Platform
![Page 27: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/27.jpg)
Enablers for Correlation Role of a GANA KP Security-DE in Open / Closed-Loop Autonomic Security Management & Control
![Page 28: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/28.jpg)
Implementing “Fast Control-Loops DEs (GANA Level-3)” Embedment in Security Functions or Appliances
![Page 29: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/29.jpg)
Attack/Threat Detection & Prediction Engine (Module) at NE/NF Level (the module may be powered by AI) and Threat-Info Sharing
The Question of “What Information is the
Attack/Threat Detection Module accessing/using for
its analytics and output” is to be answered by “Fast
Control-Loop Innovators/Implementers”
Hyperscale Architectures and Integrations with GANA Knowledge Plane (KP) Platforms
![Page 30: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/30.jpg)
Interworking of the GANA KP Level Security Management DE and NE/NF Level Security Management DE and ONIX
![Page 31: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/31.jpg)
Detected Attack/Threat Info Dissemination (Federation) within the Same Operator Domain & to Other Collaboration Operator Domains
The standardization of the F-MBTS will
describe in full the role that can be played
by the F-MBTS
There is a role that can be played by the
ThreatCloud Repository in Federation of
Knowledge and flexibity to implement
Algorithms that run on the Repository to
create Knowledge for use by the KPs
Example Scenario
CheckPoint ThreatCloud Capability for Implementing the Realtime Inventory for Security Info/Knowledge can be used for Federation of the Info/Knowledge across Multiple Operators and Multi-Domains
![Page 32: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/32.jpg)
KP Security DEs implementation in a Cloud Environment using the CloudGuard Dome9 Cloud Security Management
![Page 33: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/33.jpg)
33 © ETSI 2012. All rights reserved
How Check Point Security Management Platform R80 can be used to implement GANA KPs’ Security Management-DEs
![Page 34: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/34.jpg)
Check Point Security Management Platform R80 can be used to implement GANA KPs’ Security Management-DEs
Exploring the Features of the Checkpoint Security Management Platform R80 that can be used to implement Security Management-DEs of ETSI GANA Knowledge Planes for specific Network Segments
Real-Time Event Correlation Capabilities of the R80 Management Platform
![Page 35: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/35.jpg)
Check Point Security Management Platform R80 can be used to implement GANA KPs’ Security Management-DEs
Considering Diversity of the Data Sources that can be used and correlated in security policies implementations using the Checkpoint Security Management R80 Platform that can be used to implement Security Management-DEs of ETSI GANA Knowledge Planes for specific Network Segments
The R80 Management API of the Checkpoint Security Management R80 Platform can be used in enhancing it with GANA Security Management-DEs(characterized as AI Models that customize the operations of the Checkpoint Security Management R80 Platform)
![Page 36: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/36.jpg)
Check Point Security Management Platform R80 can be used to implement GANA KPs’ Security Management-DEs
The R80 Management API of the Checkpoint Security Management R80 Platform that can be used in enhancing it with GANA Security Management-DEs(characterized as AI Models that customize the operations of the Checkpoint Security Management R80 Platform)
![Page 37: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/37.jpg)
Using the Check Point Platform R80 to implement Security Management-DEs of KPs for specific Network Segments
![Page 38: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/38.jpg)
38 © ETSI 2012. All rights reserved
Demo Part: Autonomic Security Assurance for Differentiated Security SLAs for 5G Slices, while applying Security-as-a Service (SaaS) Model for
Telcos
![Page 39: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/39.jpg)
Drivers for Differentiated Security: SaaS Model by Default for Telcos:• 5G/Cloud/EdgeCloud scene;
• Single Operator, multiple tenants (users) and user groups (customer classes, differentiated QoS, differentiated subscribedsecurity services)
• Subscribed security services (based on eMBB default-slice): Implying the Concept of „Security Quality of a Slice offered“
• Option (Scenario Use Case) A: Real-time Threat Protection (Security as a Service SaaS granularity andcomposabilitymicroservices in the form of multimedia flows within eMBB compose/form the overall slice)
Protection Class 0 no security service subscription
Protection Class 1 low security protection: threat detection of DDoS attack on user device
Protection Class 2 medium security protection: threat detection of DDoS attack on user device and infrastructure
Protection Class 3 high security protection: threat detection as in Class 2 SaaS and additionally encryption per segment(MEC, Transport, Core) or/and E2E;
• Option (Scenario Use Case) B: Real-time Self-Protection Against Attacks/Threats (Security Services Mix through KP Federation)
Protection Class 0 no security service subscription
Protection Class 1 low security protection: scope only covering the mobile edge
Protection Class 2 medium security protection: scope covering mobile edge and metro transport/access
Protection Class 3 high security protection: scope covering E2E mobile edge, access, transport and core part ofservices;
Our Demo Class: Protection Class 4: Protection of Slice User (Consumer) from Infected Documents that can be downloaded or exchanged with Peers
Insert Confidentiality Level in slide footer 39
7 December 2020
Use Case Demo Scenario for Autonomic Security Management; Drivers for Differentiated Security: SaaS by Default for 5G Telcos
![Page 40: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/40.jpg)
Insert Confidentiality Level in slide footer 40
7 December 2020
SaaS Class
1
SaaS
Class 2
SaaS
Class 3
Vertical SaaS Segmentation (Acrossall tiers MEC through
Core):
Class 1 SaaS: DDoSprotection UE
Class 2 SaaS: DDoSprotection on UE and
Network
Class 3 SaaS: DDoSProtection on UE and
Network and Encryption of slice per Tier or/and
E2E
SaaS Vertical Segmentation
![Page 41: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/41.jpg)
Insert Confidentiality Level in slide footer 41
7 December 2020
SaaS Class
1
SaaS
Class 2
SaaS
Class 3
SaaS Horizontal Segmentation
![Page 42: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/42.jpg)
42 © ETSI 2012. All rights reserved
Demo: GANA Autonomics in SaaS SLA for “Protection Class” in a 5G Slice: Protection of Slice
User/Consumer from Infected Documents that can be downloaded or exchanged with Peers
![Page 43: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/43.jpg)
Threat Cache
Domain A (eg. Orange)
POST new IoC Public Feed
Check PointManagement
Domain B (eg. Orange/Vodafone)
NE/Node Level Security DEFast Loop Security Enforcement
Enrichment
Phishing resources
5G eMBB Slice User[Internal Use] for Check Point employees
NE/Node Level Security DE
Edgecloud
Knowledge Plane Security DE
Knowledge PlaneSecurity DE
F-MBTSF-MBTS Translation Function may beemployed
Threat Detection Info Dissemination (Federation) within the Same Operator Domain and to Other Collaboration Operator Domains
![Page 44: End-to-End Autonomic (Closed-Loop) Security Management ...](https://reader036.fdocuments.net/reader036/viewer/2022081623/6157d3d9ce5a9d02d46f87fc/html5/thumbnails/44.jpg)
Q&A Session
Thank You
Q & A