 |
| SC15 security technology racks with help from Dell, Gigamon, Reservoir Labs, Splunk, and Verisign. |
With more than 12,000 researchers, students, professionals,
and vendors attending the conference on high performance computing, networking,
storage and analysis conference, better known as SC, SC’s internet, SCinet, has
to be at the forefront of network security research and implementations to stay
ahead of the game on viruses, trojans, denial of service and other forms of
compromise.
As the backbone of data communications for SC, SCinet
supports high-bandwidth demos, HPC workshops, classrooms, and thousands of conference
attendees accessing the network at any given point. With network traffic from
the exhibit floor, wireless and external network traffic, there are many
opportunities for the network to be compromised. SCinet’s Network Security team
works to develop novel strategies to protect the integrity of the network.
supports high-bandwidth demos, HPC workshops, classrooms, and thousands of conference
attendees accessing the network at any given point. With network traffic from
the exhibit floor, wireless and external network traffic, there are many
opportunities for the network to be compromised. SCinet’s Network Security team
works to develop novel strategies to protect the integrity of the network.
“The Network Security team has transitioned from using
signatures to detect single instances of malicious activity in the network to
performing behavioral analytics, which track the overall patterns of security
threats,” says Jeff Boote, Technical Staff at Sandia National Laboratories and
co-lead for the SCinet Network Security team. “We started using these security
algorithms to detect malicious hosts on the network about 2-3 years ago to be
more proactive and evolve with the security trends.”
signatures to detect single instances of malicious activity in the network to
performing behavioral analytics, which track the overall patterns of security
threats,” says Jeff Boote, Technical Staff at Sandia National Laboratories and
co-lead for the SCinet Network Security team. “We started using these security
algorithms to detect malicious hosts on the network about 2-3 years ago to be
more proactive and evolve with the security trends.”
 |
| Resevoir Labs staff on SCinet. |
One reason for major changes in the current security
strategy is the dramatic increase in network traffic at the conference. Carrie
Gates, Chief Security Scientist at Dell Research and Co-lead for the Network
Security team, estimates that the amount of traffic that they monitor is two to
three orders of magnitude greater than the monitored traffic three years ago.
“We went from 2 10-gigabit taps (20-gigabit aggregate) in
2011, to 31 taps with 580-gigabit aggregate in 2015. With an expected 5000 simultaneous
hosts on the Wi-Fi alone, on an open network that is only up for one to two
weeks, the Network Security team must find novel ways to prevent malicious
activity on the network,” says Gates.
2011, to 31 taps with 580-gigabit aggregate in 2015. With an expected 5000 simultaneous
hosts on the Wi-Fi alone, on an open network that is only up for one to two
weeks, the Network Security team must find novel ways to prevent malicious
activity on the network,” says Gates.
Working with vendors and partners, the SCinet team
integrates the technologies to monitor for harmful network traffic, detect and
prevent compromised systems, and mitigate the effects of compromised systems.
integrates the technologies to monitor for harmful network traffic, detect and
prevent compromised systems, and mitigate the effects of compromised systems.
Over the last three years, SCinet has used Gigamon to help
monitor and secure its network operation centers and Internet access gateway.
Gigamon acts as a type of mirror, allowing the Network Security team to peer
into network traffic and observe a copy of the activity going through the
gateway. This traffic is being analyzed
by technologies such as the Dell Firewall Sandwich, which provides high-speed
deep packet inspection for malicious security events.
monitor and secure its network operation centers and Internet access gateway.
Gigamon acts as a type of mirror, allowing the Network Security team to peer
into network traffic and observe a copy of the activity going through the
gateway. This traffic is being analyzed
by technologies such as the Dell Firewall Sandwich, which provides high-speed
deep packet inspection for malicious security events.
SCinet also serves as a research testbed for the network
security.
security.
“Back in 2000, the intrusion detection system, Bro, was
being developed by Berkeley Lab and ICSI. SCinet was used as a place to test
their technology on a network that is both production and research oriented,”
says Gates. “It’s a balance here. SCinet provides the protection grade security
of a full production network, while at same time working with technology
experts who want to test new features. We’re able to provide both on SCinet. We
provide production level network security while allowing for research
innovation.”
being developed by Berkeley Lab and ICSI. SCinet was used as a place to test
their technology on a network that is both production and research oriented,”
says Gates. “It’s a balance here. SCinet provides the protection grade security
of a full production network, while at same time working with technology
experts who want to test new features. We’re able to provide both on SCinet. We
provide production level network security while allowing for research
innovation.”
One SCinet partner, Reservoir Labs, began as a SCinet
Sandbox (now called Network Research Exhibition) project and is now an integral
part of security architecture. Reservoir uses Bro technology under the covers to
both log and analyze activity on the network.
Like Bro, Reservoir used SCinet to test the high-speed analysis features
of their product while also providing production-level stability and results.
Sandbox (now called Network Research Exhibition) project and is now an integral
part of security architecture. Reservoir uses Bro technology under the covers to
both log and analyze activity on the network.
Like Bro, Reservoir used SCinet to test the high-speed analysis features
of their product while also providing production-level stability and results.
While SCinet has done behavior-based analysis of security
data within a research context for more than a decade, these techniques are
becoming ever more popular in day-to-day network operations. To fulfill that
role in 2015, SCinet is using Splunk to aggregate the security events from
Gigamon, Reservoir, and Dell SonicWALL, along with intelligence data from
Verisign’s iDefense, to look for suspicious behaviors in network traffic.
data within a research context for more than a decade, these techniques are
becoming ever more popular in day-to-day network operations. To fulfill that
role in 2015, SCinet is using Splunk to aggregate the security events from
Gigamon, Reservoir, and Dell SonicWALL, along with intelligence data from
Verisign’s iDefense, to look for suspicious behaviors in network traffic.
This year, SCinet has over $5,000,000 in vendor loaned technology for network
security.
 |
| The SC15 SCinet Network Operating Center brining in 1.62 Terabits per second of network bandwidth. |
We want to thank all the vendors and researchers over the
years for engaging with SCinet and allowing us to explore the boundaries of
security technologies. We look forward to seeing you at SC16!
years for engaging with SCinet and allowing us to explore the boundaries of
security technologies. We look forward to seeing you at SC16!
