Maximize Network Visibility with NetFlow Technology · Aurora HealthCare Network Overview Largest...
Transcript of Maximize Network Visibility with NetFlow Technology · Aurora HealthCare Network Overview Largest...
![Page 1: Maximize Network Visibility with NetFlow Technology · Aurora HealthCare Network Overview Largest private employer in Wisconsin –over 27,000 employees 14 Hospitals Over 150 Clinics](https://reader036.fdocuments.us/reader036/viewer/2022071013/5fcb131f31213927cb01035a/html5/thumbnails/1.jpg)
Maximize Network Visibilitywith NetFlow Technology
Andy Wilson
Senior Systems Engineer
Lancope
![Page 2: Maximize Network Visibility with NetFlow Technology · Aurora HealthCare Network Overview Largest private employer in Wisconsin –over 27,000 employees 14 Hospitals Over 150 Clinics](https://reader036.fdocuments.us/reader036/viewer/2022071013/5fcb131f31213927cb01035a/html5/thumbnails/2.jpg)
Agenda
What is NetFlow
Introduction to NetFlow
NetFlow Examples
NetFlow in Action
Network Operations User Case
Security Operations User Case
PCI Compliance and Auditing User Case
A Glimpse into the Power of NetFlow
10+ G Ethernet Environments
Virtual Environments
MPLS and Multi-point VPNs
![Page 3: Maximize Network Visibility with NetFlow Technology · Aurora HealthCare Network Overview Largest private employer in Wisconsin –over 27,000 employees 14 Hospitals Over 150 Clinics](https://reader036.fdocuments.us/reader036/viewer/2022071013/5fcb131f31213927cb01035a/html5/thumbnails/3.jpg)
What is NetFlow?
NetFlow Fields
src and dst IP
src and dst port
start time
end time
packet count
byte count
...
Internet
NetFlowPackets
StealthWatchFlow Collector
![Page 4: Maximize Network Visibility with NetFlow Technology · Aurora HealthCare Network Overview Largest private employer in Wisconsin –over 27,000 employees 14 Hospitals Over 150 Clinics](https://reader036.fdocuments.us/reader036/viewer/2022071013/5fcb131f31213927cb01035a/html5/thumbnails/4.jpg)
NetFlow vs. Traditional SNMP Monitoring
Traditional SNMP
NetFlow Reporting
![Page 5: Maximize Network Visibility with NetFlow Technology · Aurora HealthCare Network Overview Largest private employer in Wisconsin –over 27,000 employees 14 Hospitals Over 150 Clinics](https://reader036.fdocuments.us/reader036/viewer/2022071013/5fcb131f31213927cb01035a/html5/thumbnails/5.jpg)
Flow-based Visibility and Drill-down
![Page 6: Maximize Network Visibility with NetFlow Technology · Aurora HealthCare Network Overview Largest private employer in Wisconsin –over 27,000 employees 14 Hospitals Over 150 Clinics](https://reader036.fdocuments.us/reader036/viewer/2022071013/5fcb131f31213927cb01035a/html5/thumbnails/6.jpg)
NetFlow for the Network Team
NetFlow Packet
flow1
flow2
...
Network Team
Interface utilization
Billing and chargeback
QOS monitoring
BGP ASN monitoring
MPLS visibility
Application troubleshooting
Security Team
File sharing
Malware outbreak detection
Network acceptable use
Flow forensics
Data loss prevention
StealthWatch
Flow Collector
Compliance and Auditing
PCI Compliance
HIPAA Compliance
SCADA Security
Sarbanes-Oxley
![Page 7: Maximize Network Visibility with NetFlow Technology · Aurora HealthCare Network Overview Largest private employer in Wisconsin –over 27,000 employees 14 Hospitals Over 150 Clinics](https://reader036.fdocuments.us/reader036/viewer/2022071013/5fcb131f31213927cb01035a/html5/thumbnails/7.jpg)
NetFlow in Action : Network Operations
OldCastle APG
Leading North American manufacturer of concrete masonry, lawn, garden and paving products and a regional leader in clay brick
206 Operating locations
7000+ employees
Challenge
No way to visualize who or what was causing network slowdowns
Internal IT staff using multiple tools in attempts to troubleshoot incidents
Solution
Combining Cisco NetFlow and Lancope’s StealthWatch System for visibility into the ‘who, what, when and where’ of network traffic
![Page 8: Maximize Network Visibility with NetFlow Technology · Aurora HealthCare Network Overview Largest private employer in Wisconsin –over 27,000 employees 14 Hospitals Over 150 Clinics](https://reader036.fdocuments.us/reader036/viewer/2022071013/5fcb131f31213927cb01035a/html5/thumbnails/8.jpg)
NetFlow Compliance and Auditing
NetFlow Packet
flow1
flow2
...
Network Team
Interface utilization
Billing and chargeback
QOS monitoring
BGP ASN monitoring
MPLS visibility
Application troubleshooting
Security Team
File sharing
Malware outbreak detection
Network acceptable use
Flow forensics
Data loss prevention
StealthWatch
Flow Collector
Compliance and Auditing
PCI Compliance
HIPAA Compliance
SCADA Security
Sarbanes-Oxley
![Page 9: Maximize Network Visibility with NetFlow Technology · Aurora HealthCare Network Overview Largest private employer in Wisconsin –over 27,000 employees 14 Hospitals Over 150 Clinics](https://reader036.fdocuments.us/reader036/viewer/2022071013/5fcb131f31213927cb01035a/html5/thumbnails/9.jpg)
NetFlow facilitates compliance with PCI DSS Requirements:
Verifies actual network communications (1.1.2)
Monitors services and ports in use (1.1.5)
Determines when accounts are active and what they did during this activity (8.5.6)
Audits access to anything on the network and tying activity to an individual user, including administrative accounts (10.1)
NetFlow in Action : PCI Compliance
![Page 10: Maximize Network Visibility with NetFlow Technology · Aurora HealthCare Network Overview Largest private employer in Wisconsin –over 27,000 employees 14 Hospitals Over 150 Clinics](https://reader036.fdocuments.us/reader036/viewer/2022071013/5fcb131f31213927cb01035a/html5/thumbnails/10.jpg)
NetFlow in Action : PCI Compliance
AirTran Airways
Fortune 1000 company
Geographically dispersed network across the continental US
Challenge
Required improved security and network management across the enterprise in accordance with Payment Card Industry (PCI) requirements
Wanted greater network visibility and behavioral intrusion detection
Ability to monitor a geographically dispersed network
Solution
StealthWatch identifies who does what when, and provides data to enforce accountability
![Page 11: Maximize Network Visibility with NetFlow Technology · Aurora HealthCare Network Overview Largest private employer in Wisconsin –over 27,000 employees 14 Hospitals Over 150 Clinics](https://reader036.fdocuments.us/reader036/viewer/2022071013/5fcb131f31213927cb01035a/html5/thumbnails/11.jpg)
NetFlow for the Security Team
NetFlow Packet
flow1
flow2
...
Network Team
Interface utilization
Billing and chargeback
QOS monitoring
BGP ASN monitoring
MPLS visibility
Application troubleshooting
Security Team
File sharing
Malware outbreak detection
Network acceptable use
Flow forensics
Data loss prevention
StealthWatch
Flow Collector
Compliance and Auditing
PCI Compliance
HIPAA Compliance
SCADA Security
Sarbanes-Oxley
![Page 12: Maximize Network Visibility with NetFlow Technology · Aurora HealthCare Network Overview Largest private employer in Wisconsin –over 27,000 employees 14 Hospitals Over 150 Clinics](https://reader036.fdocuments.us/reader036/viewer/2022071013/5fcb131f31213927cb01035a/html5/thumbnails/12.jpg)
Aurora HealthCare Network Overview
Largest private employer in Wisconsin – over 27,000 employees
14 Hospitals
Over 150 Clinics
200 + Pharmacies
Challenge
Monitor a widely dispersed network without deploying administratively problematic and financially burdensome individual sensors throughout the network
Needed complete visibility of the network – from the internal network to the clinics at the edge
Monitor for zero-day attacks, viruses, Trojans, etc.
Support for HIPAA Compliance
Solution
Combining NetFlow & StealthWatch System
NetFlow in Action : Security Operations
![Page 13: Maximize Network Visibility with NetFlow Technology · Aurora HealthCare Network Overview Largest private employer in Wisconsin –over 27,000 employees 14 Hospitals Over 150 Clinics](https://reader036.fdocuments.us/reader036/viewer/2022071013/5fcb131f31213927cb01035a/html5/thumbnails/13.jpg)
Visibility Lost Due to Emerging Tech
Emerging network technologies are outpacing traditional network monitoring techniques such as SNMP and SPAN/tap-based technology...
“Virtualization hides whole network segments from the network manager’s view, making VM2VM communication problems difficult to troubleshoot”
“MPLS and multi-point VPNs create a meshed WAN that’s expensive to monitor adequately”
“10G Ethernet is so fast few probe technologies can keep up and those that can are too expensive”
These issues result in an inability to react to network problems because of a basic lack of .
![Page 14: Maximize Network Visibility with NetFlow Technology · Aurora HealthCare Network Overview Largest private employer in Wisconsin –over 27,000 employees 14 Hospitals Over 150 Clinics](https://reader036.fdocuments.us/reader036/viewer/2022071013/5fcb131f31213927cb01035a/html5/thumbnails/14.jpg)
10G+ Ethernet
“10G Ethernet is so fast few probe technologies can keep up and those that can are too expensive”
traditional Ethernet sensor
Where to plug
in?
![Page 15: Maximize Network Visibility with NetFlow Technology · Aurora HealthCare Network Overview Largest private employer in Wisconsin –over 27,000 employees 14 Hospitals Over 150 Clinics](https://reader036.fdocuments.us/reader036/viewer/2022071013/5fcb131f31213927cb01035a/html5/thumbnails/15.jpg)
NetFlow in a 10G+ Ethernet Environment
“10G Ethernet is so fast few probe technologies can keep up and those that can are extremely expensive”
StealthWatchFlow Collector
![Page 16: Maximize Network Visibility with NetFlow Technology · Aurora HealthCare Network Overview Largest private employer in Wisconsin –over 27,000 employees 14 Hospitals Over 150 Clinics](https://reader036.fdocuments.us/reader036/viewer/2022071013/5fcb131f31213927cb01035a/html5/thumbnails/16.jpg)
Virtualization
“Virtualization hides whole network segments from the network manager’s view, making VM2VM communication problems difficult to troubleshoot”
VM1 VM2 VM3
virtual
switches
virtual
machines
physical machine
Physicalnetwork
traditional Ethernet probe
VM2VM
![Page 17: Maximize Network Visibility with NetFlow Technology · Aurora HealthCare Network Overview Largest private employer in Wisconsin –over 27,000 employees 14 Hospitals Over 150 Clinics](https://reader036.fdocuments.us/reader036/viewer/2022071013/5fcb131f31213927cb01035a/html5/thumbnails/17.jpg)
VM VM VMvirtual
machines
VM Server
virtual switches
VM2VM
physicalnetwork
promiscuouscapture
NetFlow v9
NetFlow in the Virtual Environment
*** Cisco Nexus 1000v also supports NetFlow ***
StealthWatchFlow Collector
![Page 18: Maximize Network Visibility with NetFlow Technology · Aurora HealthCare Network Overview Largest private employer in Wisconsin –over 27,000 employees 14 Hospitals Over 150 Clinics](https://reader036.fdocuments.us/reader036/viewer/2022071013/5fcb131f31213927cb01035a/html5/thumbnails/18.jpg)
MPLS and Multi-point VPNs
“MPLS and multi-point VPNs create a meshed WAN that’s expensive to monitor adequately”
traditional Ethernetsensor
![Page 19: Maximize Network Visibility with NetFlow Technology · Aurora HealthCare Network Overview Largest private employer in Wisconsin –over 27,000 employees 14 Hospitals Over 150 Clinics](https://reader036.fdocuments.us/reader036/viewer/2022071013/5fcb131f31213927cb01035a/html5/thumbnails/19.jpg)
MPLS and Multi-point VPNs
Fully meshed connectivity circumvents network monitoring deployed at the “hub” location…
![Page 20: Maximize Network Visibility with NetFlow Technology · Aurora HealthCare Network Overview Largest private employer in Wisconsin –over 27,000 employees 14 Hospitals Over 150 Clinics](https://reader036.fdocuments.us/reader036/viewer/2022071013/5fcb131f31213927cb01035a/html5/thumbnails/20.jpg)
MPLS and Multi-point VPNs
Full visibility requires a probe at each location throughout the WAN…
![Page 21: Maximize Network Visibility with NetFlow Technology · Aurora HealthCare Network Overview Largest private employer in Wisconsin –over 27,000 employees 14 Hospitals Over 150 Clinics](https://reader036.fdocuments.us/reader036/viewer/2022071013/5fcb131f31213927cb01035a/html5/thumbnails/21.jpg)
NetFlow Collection in the WAN
NetFlow Packet
NetFlow Packet
Deploy a StealthWatch NetFlow collector at a central location and enable NetFlow at each remote site…
StealthWatchFlow Collector
![Page 22: Maximize Network Visibility with NetFlow Technology · Aurora HealthCare Network Overview Largest private employer in Wisconsin –over 27,000 employees 14 Hospitals Over 150 Clinics](https://reader036.fdocuments.us/reader036/viewer/2022071013/5fcb131f31213927cb01035a/html5/thumbnails/22.jpg)
Quick Recap: Network Operations
Fully integrated view of network usage, performance, host integrity and user behavior
Diagnose Network congestion and provide root cause analysis of the problem causing response time delays
Visibility and Metrics for WAN Optimization
Real-time and Historical data to facilitate network performance monitoring, capacity planning and resource management
Monitor Quality of Service on a per-hop basis throughout the Network
![Page 23: Maximize Network Visibility with NetFlow Technology · Aurora HealthCare Network Overview Largest private employer in Wisconsin –over 27,000 employees 14 Hospitals Over 150 Clinics](https://reader036.fdocuments.us/reader036/viewer/2022071013/5fcb131f31213927cb01035a/html5/thumbnails/23.jpg)
Quickly pinpoint zero-day and unknown threats that bypass perimeter security
Identify policy violations, unauthorized activity/applications, misconfigured hosts, and other rogue devices
Faster Incident Resolution & detailed Forensic data
Detection of DoS/DDoS attacks, Worms, Viruses and Botnets
Track and Audit network behavior and access by Individual Hosts
Quick Recap: Security Operations
![Page 24: Maximize Network Visibility with NetFlow Technology · Aurora HealthCare Network Overview Largest private employer in Wisconsin –over 27,000 employees 14 Hospitals Over 150 Clinics](https://reader036.fdocuments.us/reader036/viewer/2022071013/5fcb131f31213927cb01035a/html5/thumbnails/24.jpg)
Quick Recap: PCI Compliance and Auditing
NetFlow Solutions supply organizations with the means to:
Continuously but passively monitoring host behaviors looking for deviations from normal processes
Tie individual users to internal network performance problems
Tie individual users to the introduction of security risks inside the internal network
Implement appropriate Network Controls and Policies
Provide for Internal Audit and Risk Assessment
![Page 25: Maximize Network Visibility with NetFlow Technology · Aurora HealthCare Network Overview Largest private employer in Wisconsin –over 27,000 employees 14 Hospitals Over 150 Clinics](https://reader036.fdocuments.us/reader036/viewer/2022071013/5fcb131f31213927cb01035a/html5/thumbnails/25.jpg)
Thank You
Andy Wilson
Senior Systems Engineer
Lancope