Axians Network S1Ep1 SDSN
DAVID EIGHTEEN [00:00:24] So welcome you join us today on Disruptive, where we’re going to be discussing Juniper Networks Software Defined Security Network or SDSN. And with me today to discuss matters pertaining are Ken O’Kelly, Consulting Systems Engineer for security from Juniper Networks, and Ian Parker, Senior Technical and Security Consultant from Axians Networks. Welcome, guys.
KEN O’KELLY [00:00:47] Thank you.
DAVID EIGHTEEN [00:00:47] So straight off the bat, first question to you, Ken. Security vendor market, It’s a busy place right now. Some would argue that there’s little differentiation between the vendors with application control, unified threat management, intrusion prevention. They’re all doing it. So what differentiates Juniper?
KEN O’KELLY [00:01:03] Good question, David. Yeah so I guess we looked at the market ourselves a few years ago and realized exactly the same thing, really that there is very little differentiation between the very security vendors in the firewall space, certainly. So we looked at how Juniper could take a different approach to the security market. And this is where we sort of, I guess not realization what is kind of very, very obvious is that you know, one of things that everywhere connects to is the network. So why not use that network as your enforcement part, as part of your security posture and not just the network, the wide area network as well.
DAVID EIGHTEEN [00:01:41] Okay. Thank you very much. Ian, most companies have a firewall. We accept that this doesn’t mitigate all risks. So what should a company be, an organization be thinking about now to improve their security position?
IAN PARKER [00:01:54] Yeah. So a firewall used to be sufficient enough to deal with most threats, but that’s from external threats. Right. So but now you have bring your own devices. So people are bringing laptops. They bring their own laptops, are bringing their own mobile phones, their tablets, their devices, whatever they may be. Obviously, we’ve got proliferation of IoT devices, Internet of things devices. So all of these extra devices that are coming into your network, they all have to be secured and there’s no way to do it from a firewall perspective. And also, you’ve got attackers being more advanced in their sophistication about their attacks and how they penetrate that particular network and attack it. So that majority of the time they will they will give up trying to attack that perimeter firewall because they can’t get through it will be the internal way to get into that via those devices that people bring from their home, for example.
KEN O’KELLY [00:02:58] I guess the thing that we get, as well, is that when we go to see a CISO, for example, and they will say, well, I can put mobile device management, I can put agents on my laptops, you know, I guess the thing to that is that you could put an agent mobile device management on and we get the latest software update to our particular laptop or device that breaks a mobile device management then there’s a vulnerability there.
IAN PARKER [00:03:19] But remember that people can update their own devices.
KEN O’KELLY [00:03:22] Correct.
IAN PARKER [00:03:22] How many times have you got a phone and you have software updates and you have you don’t actually apply them. And of course, the vulnerabilities are still there so.
KEN O’KELLY [00:03:32] Yeah. And as you say, you know. Yeah, right. We can put more the device management agents on our laptops and things, but we can’t really do that to the IT device, can we? To the you know, the ones that we bought from a vendor somewhere that maybe has a an old board hasn’t been patched and they’re wide open and vulnerable.
IAN PARKER [00:03:50] Yeah. And I think to summarize there, you know, businesses have got to start to think beyond that firewall, that perimeter device, because they’ve got to start to think it. The bigger threat is inside the network and being able to communicate from device to device.
DAVID EIGHTEEN [00:04:06] Anything that’s that’s an area where you say don’t necessarily think about all the time internally.
IAN PARKER [00:04:12] Absolutely. So. So the first threat that I know of is, is the DDoS attack from the outside. The second threat is inside. So if, for example, somebody downloads some software and it’s got a malicious file attached to that or an email phishing email or things like that, when that comes inside the network on that device. Soon as that device is attached to the network, it can propagate internally. And the firewall is not going to stop that.
DAVID EIGHTEEN [00:04:41] Thank you. Ken, I want to go back to something you just started to talk about. OK. I’ve heard Juniper referencing network as your next security platform. Is that the definition of a SDSN then?
KEN O’KELLY [00:04:53] It’s part of the definition, I guess. Yes. I mean, that is one of the things that we’ve said, and that’s what we looked at us with SDSN when we when we started thinking about how we would build that is looking at, you know, enabling the network to be your next security platform. And I suppose it’s very, very apt because as we were just kind of discussing there is that the one thing all of these devices connect to is the network really. So, you know, it’s it’s it’s that network that you have to traverse that. And actually, you know what? Malware has to traverse that network as well. So why not use that as a portion to get your data from to do your analytics and to do your enforcement? So, yeah, I guess it is the definition really of a SDSN.
DAVID EIGHTEEN [00:05:30] Thank you. And again, so Ian so here I am a CISO my organization has many different devices that are connecting to the network. So we saying here the SDSN can improve my security posture.
IAN PARKER [00:05:42] Yeah, absolutely. So, you know, the device has an address on that device. And if you’re going through a particular firewall that can have controls in place to stop you from going from one site to another, from one device to another, from once, you know, a device to a server, for example, in your network. But the host itself isn’t necessarily secured. So if going back to my previous example, if that host was infected with some malware or some malicious file, then any propagation of that is not stopped. Whereas SDSN what an SDSN will allow you to do is when that device connects to in a network, in a generic network, it will connect to a switch and then SDSN allows that device to be stopped at the switch rather than to propagate through the network.
KEN O’KELLY [00:06:34] Yeah exactly that a you know and if you think about it. You know. So you may put more and more firewalls throughout your network. But they’re still creating sort of bubbles of protection. And you can only do that enforcement as Ian’s saying basically as you traverse that firewall. And, you know, the difference of using the network is that you can just stop that right at the edge where that user connects in.
DAVID EIGHTEEN [00:06:52] It just seems so logical.
KEN O’KELLY [00:06:53] It does. Yeah.
DAVID EIGHTEEN [00:06:54] Yeah. I’m I’m going to ask about user intent.
KEN O’KELLY [00:06:57] Oh yes. Yeah I suppose that’s one of the other things in SDSN is around user intent. One of the other things, I guess when we were talking to security professionals and going out to see organizations was around the way organizations have changed the businesses and that will come to the security there may be an firewall administrator and say, you know, I’ve got a bunch of users inside a branch, one, whatever, I need them to access my sales order system. OK. That’s somebody has to go look up a spreadsheet, you know, find out where the users are find out what the group of users, their names, maybe their IP addresses, or the subnet. You know, that kind of technical stuff. And actually, that doesn’t really wash today. What we need to look at it and what we mean by user intent is actually why not describe a policy by, you know, site A Cooper users B application there. And then that means we’re pulling information from various resources around their network. So our CMDB system, for the description of the application, the site may be from the branch numbers, from our firewalls and users, maybe from our active directory, from an old authentication mechanism and actually build our policy that way. So we’re looking at an abstraction away from our standard technical policy and actually moving to more of a type of business type of way of building your security policy.
IAN PARKER [00:08:20] It’s all very similar to a role based job function, that kind of thing. So I think looking at it from that perspective.
KEN O’KELLY [00:08:27] Yeah. Yeah. So you’re actually you you’re extending that, say kind of a concept and actually building out more metadata and describing your application. So these are the only ports I want to allow. These are the secure ports, these are my management ports. So and actually even expanding that a bit further is where that actually applications living. Is it in you know, preproduction is in development user, acceptance testing, is it in our own datacenter or is it out in the public cloud? And actually how you change that metadata describes how that policy is and actually changes the way it change the intent of that policy really.
IAN PARKER [00:09:00] Yes, It’s like anything in security. You don’t you can’t protect anything unless you know what your information that you’re trying to protect is and where it sits.
KEN O’KELLY [00:09:09] Yeah. And, you know, you know, you might think, oh, well, how am I going to get all that information, actually? Well, that information is readily accessible, really, in most organizations. Most organizations maybe have taken on some sort of virtualization platform. In that virtualization platform is a list of all those virtual machines and policy enforcer can connect to that virtualization platform and extract that information and use it. And then just you’ve got the starting point to build that database, that information that you need to build intent policy.
DAVID EIGHTEEN [00:09:36] So we’re moving here towards automation. Sounds to me I’m going to try and put this in the right way. So with the proliferation of devices applications, there’s no end of statistics telling us how many people could be connected to the Internet in X number of years. There was also a recent research paper said that said there’s going to be two million security personnel shortage by 2019. So. So here I am again. I’m an organization. I’m head of security, network security. I don’t have a security team. I don’t have someone monitoring my network. So how can I ensure that my network is being protected in real time then?
KEN O’KELLY [00:10:14] Well, I suppose going back to what you were saying there, actually, about the shortage of security personnel. I mean, how are you ensuring it’s protected? It is one of things, actually. You know, the security personnel professional, he’s sitting there with him and, you know, might have a seam. He might have a security event management. He may have another vendor’s product, another vendor. And all these products are feeding him information on dashboards and reports, you know, and he’s got you know, I see he sees a threat on one dashboard. he’s got to maybe go to another team and another person to basically get them to action that that particular remediation on a laptop or whatever might be, you know, that guy, he’s running around the place like maybe even like a headless chicken. Let’s hope not. But, you know, trying to go around and actually address that point. And actually, you know, if there is that shortage, that means you can’t build up that entire security team to have enough people to do that. So this is where you need the automation of actually let’s pull in that information sources, those threats from the various different products, pull them in and use that in an automated fashion that we can actually either produce a machine learning, a deep learning across that information and then use that then to enforce policy across the network automatically so that that guy, that security professional is actually doing the job your hired him, which is actually looking at the security of the network and building security policies and rather than running around and firefighting basically.
IAN PARKER [00:11:33] I mean, to add to I mean, it’s it’s just, you know, Ken gave an example there about somebody monitoring systems. You know, there are businesses out there that, you know, some vertical markets, such as industrial engineering manufacturing, those kind of sort of industries that they do not have people monitoring the network actively and they don’t have a security seam, you know, an event management system or anything like that. So they have no idea what’s going on in their network from an attack threat perspective, vulnerabilities, nothing, no visibility at all so the visibility is key in this instance. Having said that, if if they haven’t got visibility and they can’t see what’s going on, they need something to to almost do that for them. They do that protection for them transparently and automatically without having to worry about that. So that’s what SDSN can give you so.
DAVID EIGHTEEN [00:12:27] So in terms of my machines just gone off here we go. And so in terms of automation SDSN it provides that it’s enabling an organization to have visibility, some control over their security without necessarily having the personnel is that what we’re saying.
KEN O’KELLY [00:12:46] Yeah. And it frees that personnel up to do the more important tasks of security. So as you said, you know, the shortage there means you’re not going to have the ability to go out and just hire loads of people because they’re just not going to be there. So you need to make sure that when you hire somebody in he’s got the tools and he’s actually able to use those tools in an automated fashion but it frees him up to do the more important jobs. You know, that that he instead of firefighting around the network.
IAN PARKER [00:13:09] Yeah. Because it is relevant even to big security teams as well. You know, I mean, security has become quite an in-depth, granular subject nowadays and is getting bigger and bigger and bigger all the time and more, more unpredictable. So these security personnel need time and they need analysis periods of time to to actually look at what’s going on in their network and those mitigation elements. If they can automate those, that makes their job a lot easier. Yeah.
DAVID EIGHTEEN [00:13:40] So Ken, SDSN it’s a Juniper brand. So I’ll have to ask, really, is it only for Juniper Estate or is it more open standards?
KEN O’KELLY [00:13:51] So, yeah, I mean one of the founding the other founding principles of SDSN from Juniper was that we wanted it be open. Juniper has always been around open standards, so we took that same philosophy through to the SDSN and with the policy enforcer, which is one of the key components of SDSN, is that there is a set of API’s there that are published out that any vendor on the market can use to write information into the SDSN system so they can integrate in. But yeah, I mean the other thing is, I guess, you know, you’re not going to have maybe everybody having a Juniper network. So, you know, we’ll work with third party wireless and third party network vendors, even third party rooting vendors as well. So, you know, we want to open this up to be completely agnostic not just to Juniper networking equipment, but also to third party networking equipment as well.
DAVID EIGHTEEN [00:14:40] Okay. And Ian, you and I have spoken before in respect to having disparate sites. So how does the SDSN mitigate against sort of one site having an issue and then the other sites being protected against that particular issue?
IAN PARKER [00:14:59] Well, SDSN has a very powerful component, it has a cloud threat intelligence system so that basically if a company had multiple sites or more multiple offices around the world, for example, on a global side of things, and they all had this SDSN solution, any threats that happen or any sort of exploitation of attacks or whatever happens from a negative point of view at a particular site that will be fed up to that threat intelligence in the cloud effectively. And then the other sites will have visibility of that and their estate and their network will have visibility of that as well.
KEN O’KELLY [00:15:42] I mean, I agree. So, you know, that’s one of the key things here is the threat, intelligence sharing, the ability to enforce policy. I mean, with again, with the key components of SDSN is able to touch all the branch sites and so if you do get a threat, as Ian said, that it’s enacted across all the sites automatically and seamlessly as well. So you get that protection across your entire estate. And actually it doesn’t mean it doesn’t matter whether that is actually the branch network or into the public cloud as well. So the cloud infrastructure that you can extend that exact same threat prevention that Ian talked about and threat intelligence sharing to your cloud infrastructure as well. So we’re not just talking about what’s in your branch network, your data centre, but it’s also a public cloud.
IAN PARKER [00:16:25] And to expand on that, it’s not just the company, obviously. So if they’ve got multiple sites and they have this solution, then they’re able to use that facility. Having said that. So is everybody else or multiple other companies that or businesses that that have that particular solution would also have that that that facility to be able to get to. So for what I’m trying to say is, is that if they have a threat or an exploitation that is unique to that to that particular site, the other people or other users of SDSN has the benefit to as the threat engineer will learn that and understand it and then feed that down to the other networks for the other businesses as well. So it’s quite it’s quite advantageous from that perspective.
DAVID EIGHTEEN [00:17:12] We are just about out of time. So in summary, I would say so SDSN is a serious consideration for any organization trying to improve its security posture.
KEN O’KELLY [00:17:23] Yeah, yeah, I agree. Yes, certainly. I mean, you know, it’s changes the dynamic really we’re moving from network security to building secure networks. Really. And that’s the kind of thing I would say. It’s like, you know, if we build our network security from the start, network security will just be part of that, that it’s just it’s it’s giving us a holistic view of our security and enforcement across our network.
DAVID EIGHTEEN [00:17:48] I made some notes here earlier. So I said it is a pervasive yep not persuasive, pervasive, pervasive, pervasive software in cloud defined yep. Automated. Yes, user intent. We’ve gone through user intent. So, yes, we know what that means. Open and standardized. So I think that’s been a really interesting discussion. There is clearly a lot more we could talk about. Sadly not today. So thank you. This has been an Axians Network production on Disruptive. My name is David Eighteen and I look forward to seeing you again.