A New Hybrid Approach for Infrastructure Discovery, Monitoring and Control

Presented at DEF CON 13 (2005), July 30, 2005, 8 p.m. (50 minutes).

An enterprise IT infrastructure is a complex and a dynamic environment that is generally described as a black hole by its IT managers. The knowledge about an enterprise network's layout (topology), resources (availability and usage), elements residing on the network (devices, applications, their properties and the interdependencies among them) as well as the ability to maintain this knowledge up-to-date, are all of critical for managing and securing IT assets and resources. Unfortunately, the current available network discovery technologies (active network discovery and passive network discovery) suffer from numerous technological weaknesses which prevent them from providing with complete and accurate information about an enterprise IT infrastructure. Their ability to keep track of changes is unsatisfactory at best. The inability to "know" the network directly results with the inability to manage and secure the network in an appropriate manner. This is since it is impossible to manage or to defend something, or against something, its existence is unknown or that only partial information about it exists. The first part of the talk presents the current available network discovery technologies, active network discovery and passive network discovery, and explains their strengths and weaknesses. The talk highlights technological barriers, which cannot be overcome, with open source and commercial applications using these technologies. The second part of the talk presents a new hybrid approach for infrastructure discovery, monitoring and control. This agent-less approach provides with real-time, complete, granular and accurate information about an enterprise infrastructure. The underlying technology of the solution enables maintaining the information in real-time, and ensures the availability of accurate, complete and granular network context for other network and security applications. During the talk new technological advancements in the fields of infrastructure discovery, monitoring and auditing will be presented.

Presenters:

  • Ofir Arkin - CTO and Co-Founder, Insightix
    Ofir Arkin is the CTO and Co-founder of Insightix, which pioneers the next generation of IT infrastructure discovery, monitoring and auditing systems for enterprise networks. Ofir holds 10 years of experience in data security research and management. Prior to co-founding Insightix, Ofir served as a CISO of a leading Israeli international telephone carrier. In addition, Ofir has consulted and worked for multinational companies in the financial, pharmaceutical and telecommunication sectors. Ofir conducts cutting edge research in the information security field and has published several research papers, advisories and articles in the fields of information warfare, VoIP security, and network discovery, and lectured in a number of computer security conferences about the research. Hi best known published papers are: "ICMP Usage in Scanning", "Security Risk Factors with IP Telephony based Networks", "Trace-Back", "Etherleak: Ethernet frame padding information leakage". He is a co-author of the remote active operating system fingerprinting tool Xprobe2. Ofir is an active member with the Honeynet project and is co-author of the team's book, "Know Your Enemy" published by Addison-Wesley. Ofir is also the founder of Sys-Security Group (http://www.sys-security.com), a computer security research group.

Links:

Similar Presentations: