Scenarios
Where can a Solera Networks solution be put to use? Here are a few network security, network managment, and compliance challenges and how to solve them using a Solera Networks solution.
1. Major security breach
Problem:
A large retailer experiences a security breach and theft of credit card information over time (i.e. - TJX - T.J. MAXX parent company). How do you begin to triage the attack, identify the hacker’s exploits, know what data leaked out and close the breach?
Solution:
Replay the historical network traffic that was captured by the Solera DS appliance looking for unauthorized access. Pinpoint the source, using tools like Wireshark, ntop, Snort, etc., determine the data that was requested by the attacking host and take corrective measures.
Result:
Close the hole and stop the leakage early and avoid the potential of ongoing theft of data. (94 million credit card numbers were stolen from TJX, starting in 2005.)
2. Major system deployment
Problem:
A new deployment of an SAP system that was rolled-out into production causes system errors and the roll-out team is having a difficult time recreating the problem in the test environment – the CEO wanted SAP deployed 2 quarters ago. How do you recreate the errors in a staging environment in order to resolve the errors before going to production?
Solution:
Record all network activity with SAP in the staging environment. Replay the traffic through analysis tools to identify the issues. Resolve issues, then deploy in production environment.
Result:
Smooth deployment of major applications and problems ironed out ahead of time.
3. Stolen identify
Problem:
A customer calls into a bank claiming that their identity has been stolen (they know this because strange money transfers appear in their account history that were not authorized). The Bank looks at the transaction records and the web application logs and sees that the customer has logged in using the proper account info and password. The customer still disputes that he originated the transactions. How do you find out who is right, the bank or the customer?
Solution:
The bank replays the historical record of web sessions using the Solera Networks appliance and discovers that the MAC address of the requestor is not consistent with the customer’s MAC address on the customer’s machine. The money transfer is rolled back and the customer is happy, the bank moves to investigate the fraud further and uses the historical record as evidence for prosecution.
Result:
Cusrtomer is happy and the culprit is identified and prosecuted.
4. Network outage on trading network
Problem:
A serious network outage occurred in the fiber ring of a datacenter storage network for a major trading network and all access to the datacenter's storage network is shutdown.Transactions aren’t being stored.
Solution:
The company has a Solera Networks appliance deployed in front of the datacenter storage network in conjunction with high-availability application clusters. The applications are still serving client requests and all network traffic (transaction archives) going to the datacenter storage network is buffered and queued for 20 mins while the datacenter is brought back online. All network transactions are then streamed into the datacenter storage network.
Result:
No transactions were lost and are processed with the proper timestamp. Millions saved
5. Worm, virus, or malware makes it past the firewall
Problem:
Your firewall, IDS or IPS wasn’t updated with the latest software. A new worm, virus, or malware shows up on your system. How do you identify the infected system that was first afflicted, and how do you resolve the security breach?
Solution:
Replay your historic network traffic through your now updated system to uncover where the worm, virus or malware entered your system. Filter on any known signature of the offending data and you will narrow in on the details of how it got through. Take measures to close the breach and further update your layers of security to prevent it from happening again.
Result:
Get the to root cause of the intrusion and identify weak security points much faster. You don’t have to wait for the same intrusion to happen again. You can identify the problem in a safe environment using historical traffic.
6. Served with a lawsuit or warrant requesting email records
Problem:
You're served with a subpoena, warrant or lawful request that requires you to produce all email from a certain account or IP address. How do you capture mail sent using Yahoo, Gmail, or other Web-based email accounts? How do you comply with ediscovery requirements? (Morgan Stanley was forced to pay $1.5 Billion to Ronald Perlman for not delivering email records in a timely manner.)
Solution:
With a historical record of network traffic, you can replay network traffic and filter based on MAC address or IP address using identifiers to filter for email traffic. Replay the filtered traffic to uncover email conversations.
Result:
You can easily deliver a record of email going through your own email system, the Solera Networks solution will give you a record of Internet-based email that crosses your network, which you don’t have direct control over.
7. Served with a lawsuit or warrant requesting IM conversations
Problem:
You're served with a subpoena, warrant, or lawful request that requires you to produce all IM conversations from a certain account or IP address. How do you capture IM traffic from online accounts like AIM, Yahoo, MSN, etc.? How do you comply with e-discovery requirements?
Solution:
With a historical record of network traffic, you can replay network traffic and filter based on MAC address or IP address using identifiers to filter for IM traffic. Replay the filtered traffic to uncover IM conversations.
Result:
You can easily deliver a record of IM traffic going through your own messaging system, the Solera Networks solution will give you a record of Internet-based IM that crosses your network, which you don’t have direct control over.
8. You are an ISP and have just been issued a CALEA-mandated warrant
Problem:
You are an ISP, telco, or VoIP provider and just got a warrant to deliver to a Law Enforcement Agency (LEA) all network traffic to and from one of your customers. How do you deliver this data and avoid a $10,000/day fine if you can’t deliver?
Solution:
Deploy a Solera CALEA Appliance to capture and record all traffic from any IP address, MAC address, etc. Regenerate the traffic directly to the LEA or deliver data in a PCAP file.
Result:
Within minutes of receiving the warrant, you can capturing traffic and creating a record for the LEA. While not in use collecting data for a warrant, you can use the box to monitor your regular traffic to identify security issues or improve performance. You get a positive ROI for your CALEA investment.
9. Enforcing Internet use policy
Problem:
A public school district has mandated strict public school network usage policies for both staff and students. You get a report that a staff member has been abusing the policies and viewing inappropriate content. How do you investigate, view his past history, and obtain evidence?
Solution:
With a Solera Networks appliance, you simply replay traffic and filter on his MAC or IP address. Use one of a variety of commercial or open source tools to view the traffic, such as WireShark, DataEcho, Clearsite, ZettaView, etc.
Result:
You have an actual recording of the network traffic and offending content so you have evidence to take action as needed. Announce your capability to record traffic to network users to provide a deterrent to others.
10. Abnormal network traffic is happening at off-peak hours
Problem:
You are responsible for network security at a large eCommerce organization. One morning your network dashboard reveals abnormal network utilization during off-peak hours. How do you identify the root cause of the abnormal traffic?
Solution:
Replay the actual network traffic from the previous night and analyze using any number of analysis tools.
Result:
You don’t have to wait for the abnormality to happen again and hope you are looking this time. The historical record reveals the actual occurrence and you make corrections before it happens again—risk averted.
11. Hospital is accused of violating HIPAA compliance
Problem:
A hospital is accused of violating HIPAA compliance by electronically releasing unauthorized medical records resulting in possible fines and/or jail time. How do you validate or refute this claim?
Solution:
With the Solera Networks appliance recording network traffic, the hospital is able to replay network traffic that has been filtered based on identifiers within the secured records (patients name, account number, social security number, etc.).
Result:
Replaying the actual transactions of the patient records will identify if this was a security breach from outside or if hospital policy was violated. Either way, the hospital can 1) prove they are in compliance, or 2) identify who the perpetrator is and prosecute using transaction evidence.
12. VoIP quality of service (QoS) is threatened by massive amounts of traffic
Problem:
A hospital’s VoIP QoS is being threatened by massive amounts of traffic. 100% reliability of voice and video is not only critical in day-to-day operations, but also jeopardizes doctor response time in life-threatening situations. How do you find what is generating this traffic and hampering QoS?
Solution:
The hospital uses Solera Networks to replay the traffic and pinpoint bandwidth problems by replaying traffic surrounding alarms, events, and logs that could cause bandwidth to choke and QoS degradation.
Result:
An actual historical record of VoIP traffic provides context to alarms and alerts and will uncover the root cause of QoS issues and minimize risk—identify the problem before it escalates.
13. You have to ensure quality of service for sites you host
Problem:
You provide website and application hosting for key business customers. You receive complaints of poor connectivity or performance. Simple alerts alone don’t point out the root cause of the problem that develops slowly over time. How do you troubleshoot the problem and find the root cause?
Solution:
With a Solera Networks appliance you have a historical record of all network traffic. Replay any slice of network traffic and identify why the connection was slow or down, why customers couldn’t access an application or what caused a crash.
Result:
Get to the root of the problem quickly, ensure application uptime, deliver guaranteed level of service, and improve customer satisfaction.
14. Provide a historical “system of record” of compliance for Sarbanes-Oxley
Problem:
Sarbanes-Oxley requires that IT management establish controls to ensure compliance. This includes things such as, controls over program changes, access to programs, computer operations, and application controls. Organizations must be able to monitor, audit and provide proof of compliance with communication and reporting regulations.
Solution:
With a Solera Networks appliance in place, IT and security personnel can create an historical record of electronic communication and all network traffic between corporate executives, accounting institutions and other parties involved. Establishing awareness of this practice alone helps ensure voluntary compliance with regulations.
Result:
Knowing that all communication and network transactions are recorded improves the probability of compliance. In the event of an external audit, the historical record provides proof of compliance or evidence to take diciplinary action, if needed.
