Mar. 2017

Datanet continued its workshop series dedicated for networking and security specialists with another event, where they have presented the latest solutions offered by Fortinet, Arbor Networks and Juniper Networks and analyzed their utilization scenarios.

The applications highlighted by Datanet Systems specialists during the “Carrier-class Networking and Cybersecurity Technical Update” workshop were mainly targeting the services suppliers and the companies with distributed architectures, but also the organizations that want to increase their proactivity and to reduce the security events impact on the services and business process availability.

 

FortiSIEM running scenarios

As a response to this critical request, Faruk Hairedin and Catalin Petrisan, Senior Security Consultants at Datanet Systems, have detailed the FortiSIEM usage scenarios.

The SIEM system delivered by Fortinet allows three main developing phases, that can be personalized by Datanet Systems specialists depending on the specific requirements of each company:

– A “stand alone” system delivered like a virtual machine, that covers all specific functionalities of a SIEM solutions (logs collection, data correlation analysis, report generation and warnings in case of anomalies identifications that could signal a security incident) that is also capable for the networking area (network detection/inventory, performance monitoring, etc.)

– A cluster made of one single supervisor and more nodes (“workers”), that partially clears the supervisor from the general load generated by the increasing number of equipment in the network that delivers logs. In such development, the supervisor covers the functionalities of network detection and tasks attribution, log collection and processing and network performance monitoring, these being ensured both by the supervisor and the “workers”.

– A system that integrates a supervisor and a collector network, that gets installed in distance locations, where it collects all equipment logs, comprises and delivers to the supervisor, which covers all FortiSIEM functionalities.” The supervisors-collectors development model is useful for the companies with a distributed IT infrastructure, and have subsidiaries, branches and working points allover certain geographical area where they have installed firewalls or routers that don’t allow the direct access of the supervisor to the network equipment. It is also a popular model amongst the services suppliers, which, together with this development, can deliver SIEM services to their clients – for each client it can be allocated a collector that delivers data to the supervisor. The management and analysis are centralized but the system delivers unique reports and warnings for each client.” explained Faruk Hairedin.

Also, Catalin Petrisan explained in detail the practical integration of the Windows Systems with FortiSIEM solutions, presenting the specific models of collection and log filtering, like the requirements and specific Microsoft areas topologies. Datanet specialists have given examples of advanced integration capabilities with a live demo, showing the way that FortiSIEM can block an IP’ access to a network by sending a automated command to a Cisco ASA firewall when the SIEM system detects the breaking of a predefined security rule. Datanet session was completed by Madalin Vasile, Fortinet Manager Presales System Engineer – SEE, that presented Fortinet Security Gateway solutions and GI and GTP new generation firewallsdesigned for service suppliers and mobile operators.

 

Advanced protection against DDoS attacks

In the second part of the workshop session, Eduard Gheorghiu, Deputy Technical Director at Datanet Systems, has presented the autonomy of an information attack like Distributed Denial of Service (DDoS), detailing its effects on a data center and the way they can be eliminated with help of Arbor Networks solutions.

“Arbor Networks is one of the main global suppliers of protection solution against DDoS attacks, with a vast experience in this area. At this moment, Arbor Networks equipment and applications monitor approximately 120 TBps from the entire global Internet traffic and they are used by all Internet Tier I service suppliers, the company being present almost in every country in the world.” stated Eduard Gheorghiu.

Datanet specialist explained entirely all Peakflow SP functionalities designed for service suppliers and of Pravail Availability Protection System (APS), designated for companies that operate personal data centers. Pravail ASP combines the out of box protection with Network Behavior Learning technologies, and traffic applications that allow it to deliver prevention measures automatically. The solution can be integrated with Arbor Security Engineer and Response Team (ASERT) for traffic filtering by using a base of signatures identifies dar also with advanced Cloud protection services. In case of a huge DDoS attack detection, that outcomes the on-premise capacities, Pravail activates automatelly Arbour Cloud Signaling service, which can reduce an attack blocking time to 5 seconds down.  The practice usage scenarios have been illustrated through Arbor Network TMS, which eliminates the not legit traffic generated by DD0S attacks, without interrupting network services, delivering real time visibility of network applications and proactively monitoring the Denial of Service threats. With a Cisco partnership, TMS technology is available as a option (vDDoS Protection) and for the Cisco ASR 9000 routers series (A TMS virtual instance can be installed through Cisco Virtualized Service Module card.).

The final session of Datanet workshop presentation has been sustained by Dezco Csonka, Senior Systems Engineer Juniper Networks, who presented the latest equipment of High Speed Networking portfolio, deisgned to respond to the increasing band width requirements that are needed for data centers.

The “Carrier-class Networking and Cybersecurity Technical Update” workshop is part of Datanet Systems event series dedicated to the companies that consider information security a critical priority and need a solid guarantee of the service availability level.

“Datanet Systems is constantly expanding its portfolio with performant security solutions, capable to ensure advanced protection to new information threats. We are permanently investing in acquiring high certification levels of our specialists’ competences, to deliver complete integrated security solutions. The vast projects managed over the years is a guarantee of our through experience to approach any critical area”, stated Gabriel Musat, Datanet Systems Deputy Executive Director.

For more information, please visit our site,  www.datanets.ro.