UCOP Monitoring of the Berkeley Network Ethan Ligon February 2, 2016 ❖✉t❧✐♥❡ ❲❤❛t ❦✐♥❞ ♦❢ ♠♦♥✐t♦r✐♥❣ ✐s ❜❡✐♥❣ ❞♦♥❡❄ ■s ❝✉rr❡♥t ♠♦♥✐t♦r✐♥❣ ❝♦♥s✐st❡♥t ✇✐t❤ ♣♦❧✐❝②❄ ❲❤♦ ❝♦♥tr♦❧s t❤❡ ♠♦♥✐t♦r✐♥❣❄ ❲❤♦ ❝♦♥tr♦❧s t❤❡ ♠♦♥✐t♦rs❄ ❚♦♣✐❝ ❲❤❛t ❦✐♥❞ ♦❢ ♠♦♥✐t♦r✐♥❣ ✐s ❜❡✐♥❣ ❞♦♥❡❄ ■s ❝✉rr❡♥t ♠♦♥✐t♦r✐♥❣ ❝♦♥s✐st❡♥t ✇✐t❤ ♣♦❧✐❝②❄ ❲❤♦ ❝♦♥tr♦❧s t❤❡ ♠♦♥✐t♦r✐♥❣❄ ❲❤♦ ❝♦♥tr♦❧s t❤❡ ♠♦♥✐t♦rs❄ ❲❤❛t ❦✐♥❞ ♦❢ ♠♦♥✐t♦r✐♥❣ ✐s ❜❡✐♥❣ ❞♦♥❡❄ ❚❤❡ ❞❡✈✐❝❡ ❞❡♣❧♦②❡❞ ✐s ❛ ❋✐❞❡❧✐s ❳P❙ s②st❡♠✱ ✇❤✐❝❤ s✐ts ✐♥ ❲❛rr❡♥ ❍❛❧❧✱ ♠♦♥✐t♦r✐♥❣ ❛❧❧ ✐♥✲❜♦✉♥❞ ❛♥❞ ♦✉t✲❜♦✉♥❞ ❞❛t❛✳ ❋✐❞❡❧✐s ❳P❙ ❈♦♠♣❛♥② ❋✐❞❡❧✐s ❈②❜❡rs❡❝✉r✐t②✳ ❋♦r♠❡r❧② ♦✇♥❡❞ ❜② ●❡♥❡r❛❧ ❉②♥❛♠✐❝s✳ ❚②♣✐❝❛❧ ❝✉st♦♠❡rs ✐♥❝❧✉❞❡ ❣♦✈❡r♥♠❡♥t ❛❣❡♥❝✐❡s✱ ✜♥❛♥❝✐❛❧ ✜r♠s✱ ❛♥❞ ❞❡❢❡♥❝❡ ❝♦♥tr❛❝t♦rs✳ ❙♦❧❞ t♦ ♣r✐✈❛t❡ ❡q✉✐t② ✜r♠ ✐♥ ❙♣r✐♥❣ ✷✵✶✺✳ ❊①❝❡r♣ts ❢r♦♠ ❛ ✷✵✶✷ ♣r❡s❡♥t❛t✐♦♥ ♦♥ t❤❡ ❋✐❞❡❧✐s ❳P❙ s②st❡♠✳ ✳ ✳ DLP Data Leakage Protection Fidelis Security Exfiltration Business Partners webm . Leakage 4% Uneducal'ed User Malicio us Msider Sociai et working Cioud Nation States Organized Nan-State Adan: (ea, Terraris?t graups?) Organized Crime External Threat Actors A a'van cea' Pe rgigtent Th re ats In lenmm Fidelis XPS Products Threat Intelligence - De?ne policies Fidelis XPS - Aggregate threat intelligence CommandPost - Visualize information ?ows 0 Mnage and externalize alerts Policies - Analyze forensic data Intelligenoe Alerts. Metadata Fidelis - Decode, inspect and analyze traf?c Sensors - Enforce policies (alert. prevent. etc} - Collect information flow metadala r: im The Secret Sauce: Deep Session Inspection. Deep Session Inspection? Policies Actions Go nte nt Analyzers Info rmatio How Payload Deood era Ap plicaiion Decoders - Total visibility and control over inbound and outbound network traffic - Deep, session-level application, payload and content decoding and analysis - Flexible, multi-level policy engine with multiple real-time enforcement options a. Fidelis SSL Inspector Solution Fidelis 83L Ins pector SS TrafFidelis XFS Comma nd Post Policies Alerts - Identifies and all 55 UTLS traffic - Based on SSLITLS handshake detectim, not on TCP port [part-hdependmt} - evemhhg over 55L (HTTP. POP3. 1 just (Clear) Traf?c Fidelis XPS Dirth 1000, Edge 25, Edge 200 Dr Internal 1000 Sensor - Fomards ALL traf?c (SSL and nan-SS to XPS for analysis . Fidelis Extrusion Prevention System??Fidelis The Power to Prevent: It?s the Next Generation Prevention on 3! - Wire-speed perfbr Network Appliance Fast to deploy quick time-to- Easy to manage - Enables zones of control I INnuxn? Policy Engine: Power of Context -In addition to pre-built policies, customer-specific policies can easily be built using Fidelis powerful policy engine. - Policy group of one or more rules - Rule logical combination of one or more triggers delivers context Trigger> Content Trigger Location Sensitive information defined Sender and recipient in content information analyzers 1. Smart Identity Profiling 1.source IP address 2. Keyword 2.destinatioan address 3.Geogra ph ical Data?the country in hich the IP address is registered 4. Userna me 5. LDAP directory attributes 3. Keyword Sequence RegularEx pressions S. Binary Signatures 6. Files 7. File Names 3. Exact File Matching 9. Partial Document Matching 10.Embedded Images con-tux? teksl\ the interrelated conditions in which I something exists or occurs Trigger: channel Details about the information flow lApplicationf protocol [port independentl user, e-mailaddress, subject, filename, URL, cipher, and many more: 3.Por?t (Source; Destinatan 4.5ession length I size 5.Day ofweek {Time ofday 5.5essionduration ?.Decoding path I it IIM Fidelis XPS: Risk assessment in vivo 88 suspects culled out of >150,000 transactions in a 24 hour period. I llur mm llum mum mun um cum - I in? mm (?mum Mill-m ?rim-c?"Pr1?ce list trawling in password? . a protected areas over FFP in clear text 3.. IH lenmm ❇❡r❦❡❧❡② ■♥st❛❧❧❛t✐♦♥ ■♥✈♦❧✈❡s t✇♦ ✏❘❛❝❦s✑ t♦t❛❧❧✐♥❣ ✹✵❯❀ ❖♥ t❤❡ ♦r❞❡r ♦❢ ✸✵ ❚❡r❛❜②t❡s ♦❢ st♦r❛❣❡❀ ❋✐rst r❛❝❦ ❝♦♥✜❣✉r❡❞ ✉♥❝♦♥✈❡♥t✐♦♥❛❧❧②❀ ❤❛s ✷✹❯ ✐♥ ✐t❄ ❙❡❝♦♥❞ r❛❝❦✿ ✶✻ ✉♥✐t ✭✶✻❯✮ ✏❈♦❧❧❡❝t♦r ❝❧✉st❡r✑✳ ❊❛❝❤ ✉♥✐t ✭♣❡r ♦❧❞ ❞❛t❛s❤❡❡t✮ ✷✳✹ ❚❡r❛❜②t❡s ♦❢ st♦r❛❣❡ ❈❛♥ ❤❛♥❞❧❡ ✶●❜♣s ♦❢ ❞❛t❛ mmnoa Ema?A Pr✐❝❡ ❧✐st ❢♦r ❋✐❞❡❧✐s ❡q✉✐♣♠❡♥t ✫ ❧✐❝❡♥s❡s Fidelis Security Systems - GSA price list, GS-35F-4679G TO PLACE AN ORDER OR FOR QUESTIONS CALL 1-800-326-5683, FAX 1-530-677-1416 or INFO@GVTECHSOLUTIONS.COM SIN 132-8 132-8 132-8 132-8 132-8 132-8 132-8 132-8 132-8 132-8 132-8 132-8 132-8 132-8 132-8 132-8 132-8 132-8 132-8 132-8 Fidelis Part # FSS-CP FSS-CP+ FSS-CONNECT FSS-CONNECT+ FSS-DIR-1000 FSS-DIR-2500 FSS-EDGE-25 FSS-EDGE-200 FSS-INT-1000 FSS-INT-2500 FSS-MAIL FSS-PROXY+ FSS-SCOUT FSS-VM-CP FSS-VM-Proxy FSS-VM-Mail FSS-VM-Connect FSS-VM-DIRECT FSS-VM-INTERNAL FSS-DIR-UNM-LP1 Description Fidelis XPS CommandPost Appliance Fidelis XPS CommandPost+ Appliance Fidelis XPS Connect Appliance Fidelis XPS Connect+ Appliance Fidelis XPS Direct 1000 Appliance Fidelis XPS Direct 2500 Appliance Fidelis XPS Edge 25 Appliance Fidelis XPS Edge 200 Appliance Fidelis XPS Internal 1000 Appliance Fidelis XPS Internal 2500 Appliance Fidelis XPS Mail Appliance Fidelis XPS Proxy+ Appliance Fidelis XPS Scout Appliance Fidelis XPS CommandPost Virtual Appliance Fidelis XPS Proxy Virtual Appliance Fidelis XPS Mail Virtual Appliance Fidelis XPS Connect Virtual Appliance Fidelis XPS Direct Virtual Appliance Fidelis XPS Internal Virtual Appliance License Pack for 1 instance of the Fidelis XPS Direct unlimited native-mode software for installation ONLY on a Fidelis-specified blade server hardware platform in conjunction with a CloudShield packet processing module US List $20,000 $40,000 $25,000 $50,000 $150,000 $220,000 $40,000 $75,000 $150,000 $220,000 $40,000 $40,000 $75,000 $14,000 $18,000 $34,000 $19,000 $143,000 $143,000 $163,000 GSA Price $15,960 $31,920 $19,950 $39,900 $119,700 $175,560 $31,920 $59,850 $119,700 $175,560 $31,920 $31,920 $59,850 $11,172 $14,364 $27,132 $15,162 $114,114 $114,114 $130,074 132-8 FSS-DIR-UNM-LP2 License Pack for 2 instances of the Fidelis XPS Direct unlimited native-mode software for installation ONLY on a Fidelis-specified blade server hardware platform in conjunction with a CloudShield packet processing module $316,000 $252,168 132-8 FSS-DIR-UNM-LP3 License Pack for 3 instances of the Fidelis XPS Direct unlimited native-mode software for installation ONLY on a Fidelis-specified blade server hardware $468,000 $373,464 Pr✐❝❡s ❳P❙ ❉✐r❡❝t ✶✵✵✵ ✭♠❛② ♠❛t❝❤ ♠❛✐♥ ❤❛r❞✇❛r❡✮ ❧✐st ♣r✐❝❡✿ ✩✶✷✵✱✵✵✵ ✕ ✩✶✺✵✱✵✵✵ ♣❡r ✉♥✐t ✭✉♣ t♦ ❢♦rt② ✉♥✐ts❄✮ ❚♦♣✐❝ ❲❤❛t ❦✐♥❞ ♦❢ ♠♦♥✐t♦r✐♥❣ ✐s ❜❡✐♥❣ ❞♦♥❡❄ ■s ❝✉rr❡♥t ♠♦♥✐t♦r✐♥❣ ❝♦♥s✐st❡♥t ✇✐t❤ ♣♦❧✐❝②❄ ❲❤♦ ❝♦♥tr♦❧s t❤❡ ♠♦♥✐t♦r✐♥❣❄ ❲❤♦ ❝♦♥tr♦❧s t❤❡ ♠♦♥✐t♦rs❄ ❋r♦♠ t❤❡ ✏❊❧❡❝tr♦♥✐❝ ❈♦♠♠✉♥✐❝❛t✐♦♥s P♦❧✐❝②✑ ■❱✳❆ ✏❚❤❡ ❯♥✐✈❡rs✐t② ❞♦❡s ♥♦t ❡①❛♠✐♥❡ ♦r ❞✐s❝❧♦s❡ ❡❧❡❝tr♦♥✐❝ ❝♦♠♠✉♥✐❝❛t✐♦♥s r❡❝♦r❞s ✇✐t❤♦✉t t❤❡ ❤♦❧❞❡r✬s ❝♦♥s❡♥t✳✑ ❊①❝❡♣t✳ ✳ ✳ ❋r♦♠ t❤❡ ✏❊❧❡❝tr♦♥✐❝ ❈♦♠♠✉♥✐❝❛t✐♦♥s P♦❧✐❝②✑ ■❱✳❇ ✏❚❤❡ ❯♥✐✈❡rs✐t② s❤❛❧❧ ♣❡r♠✐t t❤❡ ❡①❛♠✐♥❛t✐♦♥ ♦r ❞✐s❝❧♦s✉r❡ ♦❢ ❡❧❡❝tr♦♥✐❝ ❝♦♠♠✉♥✐❝❛t✐♦♥s r❡❝♦r❞s ✇✐t❤♦✉t t❤❡ ❝♦♥s❡♥t ♦❢ t❤❡ ❤♦❧❞❡r ♦❢ s✉❝❤ r❡❝♦r❞s ♦♥❧②✿ ✶✳ ✇❤❡♥ r❡q✉✐r❡❞ ❜② ❛♥❞ ❝♦♥s✐st❡♥t ✇✐t❤ ❧❛✇❀ ✷✳ ✇❤❡♥ t❤❡r❡ ✐s s✉❜st❛♥t✐❛t❡❞ r❡❛s♦♥✳ ✳ ✳ t♦ ❜❡❧✐❡✈❡ t❤❛t ✈✐♦❧❛t✐♦♥s ♦❢ ❬♣❛rt✐❝✉❧❛r❪ ❧❛✇ ♦r ♦❢ ❯♥✐✈❡rs✐t② ♣♦❧✐❝✐❡s✳ ✳ ✳ ❤❛✈❡ t❛❦❡♥ ♣❧❛❝❡❀ ✸✳ ✇❤❡♥ t❤❡r❡ ❛r❡ ❝♦♠♣❡❧❧✐♥❣ ❝✐r❝✉♠st❛♥❝❡s✳ ✳ ✳ ✱ ♦r❀ ✹✳ ✉♥❞❡r t✐♠❡✲❞❡♣❡♥❞❡♥t✱ ❝r✐t✐❝❛❧ ♦♣❡r❛t✐♦♥❛❧ ❝✐r❝✉♠st❛♥❝❡s✳✏ ❚❡r♠s ✐♥ ✐t❛❧✐❝s ❛❜♦✈❡ ❛r❡ ❞❡✜♥❡❞ ✐♥ ❆♣♣❡♥❞✐① ❆ ♦❢ ❊❈P✳ ❇r❛❝❦❡t❡❞ ❧✐sts ❛r❡ ❣✐✈❡♥ ✐♥ ❆♣♣❡♥❞✐① ❈ ♦❢ ❊❈P ❋r♦♠ t❤❡ ✏❊❧❡❝tr♦♥✐❝ ❈♦♠♠✉♥✐❝❛t✐♦♥s P♦❧✐❝②✑ ■❱✳❈✷❜ ✏■♥ t❤❡ ♣r♦❝❡ss ♦❢ s✉❝❤ ♠♦♥✐t♦r✐♥❣✱ ❛♥② ✉♥❛✈♦✐❞❛❜❧❡ ❡①❛♠✐♥❛t✐♦♥ ♦❢ ❡❧❡❝tr♦♥✐❝ ❝♦♠♠✉♥✐❝❛t✐♦♥s ✭✐♥❝❧✉❞✐♥❣ tr❛♥s❛❝t✐♦♥❛❧ ✐♥❢♦r♠❛t✐♦♥✮ s❤❛❧❧ ❜❡ ❧✐♠✐t❡❞ t♦ t❤❡ ❧❡❛st ✐♥✈❛s✐✈❡ ❞❡❣r❡❡ ♦❢ ✐♥s♣❡❝t✐♦♥ r❡q✉✐r❡❞ t♦ ♣❡r❢♦r♠ s✉❝❤ ❞✉t✐❡s✳ ❚❤✐s ❡①❝❡♣t✐♦♥ ❞♦❡s ♥♦t ❡①❡♠♣t s②st❡♠s ♣❡rs♦♥♥❡❧ ❢r♦♠ t❤❡ ♣r♦❤✐❜✐t✐♦♥ ✭s❡❡ ❙❡❝t✐♦♥ ■❱✳❆✱ ■♥tr♦❞✉❝t✐♦♥✮ ❛❣❛✐♥st ❞✐s❝❧♦s✉r❡ ♦❢ ♣❡rs♦♥❛❧ ♦r ❝♦♥✜❞❡♥t✐❛❧ ✐♥❢♦r♠❛t✐♦♥✳ ❊①❝❡♣t ❛s ♣r♦✈✐❞❡❞ ❛❜♦✈❡✱ s②st❡♠s ♣❡rs♦♥♥❡❧ s❤❛❧❧ ♥♦t ✐♥t❡♥t✐♦♥❛❧❧② s❡❛r❝❤ t❤❡ ❝♦♥t❡♥ts ♦❢ ❡❧❡❝tr♦♥✐❝ ❝♦♠♠✉♥✐❝❛t✐♦♥s ♦r tr❛♥s❛❝t✐♦♥❛❧ ✐♥❢♦r♠❛t✐♦♥ ❢♦r ✈✐♦❧❛t✐♦♥s ♦❢ ❧❛✇ ♦r ♣♦❧✐❝②✳✏ ❚♦♣✐❝ ❲❤❛t ❦✐♥❞ ♦❢ ♠♦♥✐t♦r✐♥❣ ✐s ❜❡✐♥❣ ❞♦♥❡❄ ■s ❝✉rr❡♥t ♠♦♥✐t♦r✐♥❣ ❝♦♥s✐st❡♥t ✇✐t❤ ♣♦❧✐❝②❄ ❲❤♦ ❝♦♥tr♦❧s t❤❡ ♠♦♥✐t♦r✐♥❣❄ ❲❤♦ ❝♦♥tr♦❧s t❤❡ ♠♦♥✐t♦rs❄ ❯❈❖P ❝♦♥tr♦❧s t❤❡ ♠♦♥✐t♦r✐♥❣✳ ❆ ❝❡♥tr❛❧ ♣♦✐♥t ✐s t❤❛t t❤♦✉❣❤ ❯❈❇ ■❚ ♣❡♦♣❧❡ ❛r❡ r❡s♣♦♥s✐❜❧❡ ❢♦r ♠❛♥❛❣✐♥❣ ♦✉r ♥❡t✇♦r❦✱ ❯❈❖P ❤❛s✱ ♦✈❡r t❤❡✐r ♦❜❥❡❝t✐♦♥s✿ ❆ss❡rt❡❞ t❤❡ r✐❣❤t t♦ st✐❝❦ ❛ ❜✐❣ ❜❧❛❝❦ ❜♦① ♦♥ t❤❡ ❡❞❣❡ ♦❢ ♦✉r ♥❡t✇♦r❦❀ ❉❡♥✐❡❞ t❤❡ r✐❣❤t ❢♦r ♦✉r ■❚ ♣❡♦♣❧❡ t♦ ❤❛✈❡ ❛♥② ❛❝❝❡ss t♦ ♦r ❝♦♥tr♦❧ ♦❢ t❤❛t ❜❧❛❝❦ ❜♦①❀ ❙❝❛♥♥✐♥❣ ❝r✐t❡r✐❛ ✭✇❤♦✱ ✇❤❛t✱ ✇❤❡r❡✮ ❛r❡ s❡❝r❡t✱ ❛r❡ ❦♥♦✇♥ ♦♥❧② t♦ ❯❈❖P✱ ❛♥❞ ❝❛♥ ❜❡ ❝❤❛♥❣❡❞ ❛♥② t✐♠❡❀ ❘❡q✉✐r❡❞ ❯❈❇ ■❚ ❙t❛✛ t♦ ❦❡❡♣ ❛❧❧ ♦❢ t❤✐s s❡❝r❡t✦ ❚♦♣✐❝ ❲❤❛t ❦✐♥❞ ♦❢ ♠♦♥✐t♦r✐♥❣ ✐s ❜❡✐♥❣ ❞♦♥❡❄ ■s ❝✉rr❡♥t ♠♦♥✐t♦r✐♥❣ ❝♦♥s✐st❡♥t ✇✐t❤ ♣♦❧✐❝②❄ ❲❤♦ ❝♦♥tr♦❧s t❤❡ ♠♦♥✐t♦r✐♥❣❄ ❲❤♦ ❝♦♥tr♦❧s t❤❡ ♠♦♥✐t♦rs❄ ❲❤♦ ❝♦♥tr♦❧s t❤❡ ♠♦♥✐t♦rs❄ ❯❈❖P ❝r❡❛t❡❞ ♥❡✇ ❜✉r❡❛✉❝r❛t✐❝ str✉❝t✉r❡s t♦ ❞❡❛❧ ✇✐t❤ s❡❝✉r✐t② ❛♥❞ ♣r✐✈❛❝②✿ ❈❛♠♣✉s ♣r✐✈❛❝② ♦✣❝❡rs ✭r❡♣♦rt t♦ ❛❞♠✐♥✐str❛t✐♦♥✮ ❈②❜❡r✲❘✐s❦ ●♦✈❡r♥❛♥❝❡ ❈♦♠♠✐tt❡❡ ❙✉♣♣♦s❡❞ t♦ ❜❡ ❛❝❛❞❡♠✐❝ s❡♥❛t❡ r❡♣r❡s❡♥t❛t✐♦♥ ♦♥ t❤✐s ❝♦♠♠✐tt❡❡✳