Shine a Light on the Darkening of the Internet
•Télécharger en tant que PPTX, PDF•
0 j'aime•429 vues
Slides from the recorded webinar hosted by our VP of Marketing, Cam Cullen, on the Procera Solution - where he outlines how Procera can help you navigate your way through difficulties incurred by your broadband, network, hosting, business or servicing platforms.
Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (20)
Similaire à Shine a Light on the Darkening of the Internet
Similaire à Shine a Light on the Darkening of the Internet (20)
Dernier
Dernier (20)
Shine a Light on the Darkening of the Internet
- 1. Shine a Light on the Darkening of the Internet How to maintain visibility in the age of encryption Cam Cullen, VP Marketing
- 3. Mimic bird 3
- 6. Encrypted Traffic Dominates Networks Worldwide Service Upstream % SSL v3 16.12% WebDAV 7.83% Netflix 5.65% HTTP 5.52% HTTP media stream 5.41% Raw MPEG-TS 4.85% BitTorrent transfer 4.85% uTP 4.65% BitTorrent KRPC 3.70% Google 3.40% YouTube 2.04% RTP 1.73% HTTP download 1.44% Facebook 1.44% BitTorrent encrypted transfer 1.39% Procera Networks Data - December 2016 Service Downstream % Netflix 19.27% HTTP media stream 16.39% SSL v3 9.63% YouTube 8.96% HTTP 4.47% Raw MPEG-TS 4.08% HTTP download 3.42% Facebook 3.19% QUIC 1.86% Xbox Live update 1.49% Instagram 1.46% Playstation.net download 1.16% uTP 1.09% BitTorrent transfer 1.05% HTTP2 over TLS 1.00%
- 7. Regional Popularity December 2016 Service DS% US% Netflix 22.51% 9.04% HTTP media stream 17.64% 6.84% SSL v3 8.66%18.98% Raw MPEG-TS 7.79% 8.48% YouTube 5.35% 2.05% Service DS% US% HTTP media stream 21.54% 2.77% SSL v3 8.06% 8.17% YouTube 7.23% .86% HTTP 5.17% 3.9% BitTorrent KPRC 5.13%25.68% Service DS% US% HTTP media stream 13.06% 2.72% Netflix 11.90% 1.81% SSL v3 8.78%14.88% Facebook 7.75% 1.80% YouTube 7.04% 2.22%
- 8. Worldwide Application Growth (By Volume) 2016 Growth in Key Services – Heavy on Encrypted Applications Service Upstream Netflix 30.93% YouTube 61.01% SSL v3 47.45% HTTP 63.65% Facebook 88.57% Amazon Prime 257.64% Instagram 119.20% uTP 58.37% Twitch 82.60% Twitter 93.26% Service Downstream Netflix 93.55% YouTube 67.61% SSL v3 140.25% HTTP 80.71% Facebook 76.72% Amazon Prime 217.23% Instagram 145.64% uTP 69.09% Twitch 175.47% Twitter 136.21%
- 9. What do we mean by encryption Three categories Obfuscation Proxies Encryption PROXIES ENCRYPTION VPN
- 10. Encryption Scenarios Going Forward 10 HTTP HTTPS (TLS 1.1/1.2) Full URL Hostname User Agent Content Type File Size Other HTTP/HTML Full URL Hostname (direct) User Agent Content Type File Size Other HTTP/HTML 1 TLS 1.3 SNI Clear TLS 1.3 SNI Encrypted DNS Encrypted 2 3 4 1 Happening 2015 and 2016 Will happen in 2017 May happen as part of TLS1.3 in 12-18 months May happen in 24-36 months 2 3 4 Full URL Hostname (direct) User Agent Content Type File Size Other HTTP/HTML Full URL Hostname (inferred) User Agent Content Type File Size Other HTTP/HTML Full URL Hostname (inferred) User Agent Content Type File Size Other HTTP/HTML HTTP 23% non- HTTP 77%
- 12. Weekly Signature Updates Industry-leading Agility and Speed to Keep Pace with the Internet Age 2775 signatures Average of 16 updates or additions per week over the past year
- 13. Multiple Application Detection Techniques •Expression matches: Patterns on payload •Analyzers: Virtual Services •Control/Data protocols: Port tainted •TLS detection: SNI tracking •Heuristics mechanisms: Flow behavioral analysis — Randomness — Metrics — VoIP flag Sample of DRDL techniques for Application Identification
- 14. Sophisticated Tools to Accelerate Development Highly Automated Signatures Lab Solves Major Challenges Assessing Regional Dependencies Automated Update Tracking The Device Matters
- 15. bundle Rapidly Adaptable Heuristics Engine (RAHE) Real-Time Endpoint Classification (REC) Enhanced Device detection Continuous Improvement: Enhanced Capabilities in 2017
- 16. Traffic Management Policy & Charging IT Analytics Regulatory Compliance Security Verticals Use Cases • NOC Dashboard • QoE Measurement • Capacity Planning • Worst Node Reporting • Speedtest Reporting • CDN Reporting • Device Reporting • …... • VOIP Blocking • P2P Blocking • Blocking Child Porn • Site Blacklisting • Website Access Logs • Lawful Intercept • DMCA Notice Analysis • ….. • Resolution-based TM • Peering Circuit Mgmt • Heavy User Tiering • DSCP Marking • Optimizing Circuits • Tethering Detection • Line Sharing Detection • …... • Zero Rating • CDR Generation • Tiered Bandwidth Plans • Top Up Portals • Shared Plans • Tiered Quota Plans • Subscriber Engagement • …... • Malware Detection • Spam Server Detection • SSL Attacks • Profiling Malicious Traffic • DDOS Dashboard • DDOS Forensics • Volumetric Att. Detection • …... • Revenue Assurance • Big Data Enablement • ScoreCard • OTT Trend Monitoring • …... Solution Areas • Regulatory Analytics • OTT Traffic Blocking • Compliance Logging • URL Filtering • …. • Fair Usage • Congestion Mgmt • Video Traffic Mgmt • Carrier Grade NAT • …. • PCC w/GX/Gy • Zero Rating • Quota Management • Parental Control • …. • DDOS Analytics • DDOS Mitigation • IoT Security Maintaining Visibility Across Multiple Use Cases Ensuring up-to-date visibility despite encryption
- 17. Impact of Encryption on Use Cases And leveraging virtualization SecurityIT Analytics Traffic Management Policy & Charging to Regulatory Compliance to eVolution eVolution eVolution
- 18. •Customer Shifted from a traditional probe to Procera due to reduced visibility • Supporting Tens of Millions of Mobile subscribers • Over 20 virtual systems running >40Gbps of capacity streaming IPFix to HP Big Data system •Executives get weekly reports leveraging Procera’s Unique Network, Subscriber, and Service Intelligence Virtualization: LTE Analytics Use Cases Executive Decisioning with Carrier-Scale Big Data Deployment PSM LTE Packet Core Core Router IPFix IPFix eVolution Provisioning LiveView HP Data Warehouse Sample Use Cases OTT Trending Revenue Assurance IoT Analytics Network Forensics Service Planning Performance Monitoring
- 19. Encryption: In-Line Policy Enforcement Use Cases High Profile Application Aware Services and Regulatory Compliance Real-time Visibility Real-time forensics with topology awareness Traffic Mgmt Sophisticated queuing to enhance subscriber QoE and manage P2P shaping Regulatory Compliance OTT VOIP Blocking and VPN detection Analytics Subscriber, application, location and device reporting and forecasting Customer Care Customer Care Insights for real-time problem resolution Intelligent Charging Differentiated billing based on subscriber intelligence using Gy Tiered Services Service plans enhancing customer value using Gx Peering BGP Peering analytics and management WiFi Services PCEF for the WiFi Network using Gx and Gy URL Categorization URL categorization based on a set of predefined rules OTT Partnerships Zero-rating and/or revenue sharing partnerships with OTT players IPFix Data Feed For use with sixthsense media services 40G per system 80G per system Internet . . . x9 . . . x4
- 20. Big Data: Analytics Use Cases Data Scientists + Procera Data = $$$M in Additional Revenue Generated in 2016 PRE PL 8960 PSM Cluster for Enrichment 6 Collection Sites StreamMediation . . . . PIC COLLECTOR IPFIX CDR Data Analytics Visualisation Campaign Management Billing IN CRM Network TV Log Sample Use Cases Revenue Assurance Campaign Demographics Network Forensics Service Planning QoE Monitoring Trend Monitoring
- 22. Thank you Download the whitepaper at: https://www.proceranetworks.com/lp- procera-spotlights-encryption
Notes de l'éditeur
- This is a statement we have listened many times for the last year. Is it true? Are we going dark? Is it the end of DPI? What it does mean: More privacy for the end user. Good for all of us, as Internet users. What it doesn´t mean: Encryption does not make services undetectable, but it only makes us, as DPI company, to apply smarter techniques to detect the services. Some granularity is lost, but the main service will be available. Just as an example, 3 years ago we were able to see the videos seen in youtube looking at the URL, and this is not possible anymore.
- What is common between bird-watching and traffic detection? When we talk about DPI, how it is today and how it will work in the future, the analogy between DPI and Bird-watching is very powerful. Let´s call it packet-watching Every birds have their own body shape and profile. The shape, size, colour and feature of legs, feathers, skin, beak. This is a starling Today for DPI we look into specific details of a packet, which is written in clear text, like the hostname, or which hexadecimal pattern we can find in that packet. This is going to change, the same way that in bird-watching you have to deal with a flock.
- Between 50% and 70% of traffic volume is encrypted nowadays. The trend keeps growing. This tweet by Josh Aas is the Head of Let´s Encrypt, former Mozilla employee, represents the importance of HTTPS for web browsing. For the first time, in October more than 50% page loads done in Firefox were HTTPS. Let´s Encrypt is an open certificate authority and gives free certificates to web sites.
- Netflix, with its global expansion taking hold, is the overall leader in downstream worldwide, followed closely by HTTP Media streaming, which is used by many other video streaming services from content providers.
- Regionally, Netflix is King in North America and a close 2nd in APAC, but not a force in Europe yet, with other streaming video services being major contributors throughout the regions as well. SSL v3 and HTTP represent the share of traffic to pure web browsing, and Bittorrent is still a big contributor in Europe to upstream traffic (which usually tracks where Netflix is popular).
- Netflix has grown substantially in 2016 due to it’s worldwide expansion, and both Amazon Prime and Twitch had major jumps in contribution in 2016. SSL continues to grow fast as encryption becomes more widespread. Filesharing traffic is still growing (as seen in the European traffic trends), but far slower than other traffic types.
- When we talk about encryption, we really refer to different kind of transport techniques that ensures privacy in the communication. Let’s see one by one. Obfuscation: The main purpose is to hide the traffic send, many times, like in the case of Tor, anonymizing the sender. Their main purpose is to not being detected. Using Tor gives worst performance. Other obfuscated services are Viber and Bitorrent. - Proxies: They are intermediate devices to access web content. For the web server the originator of the request is the proxy server, not the local computer. In the figure ProxyServer app, Opera turbo Encryption: We talk about keeping the payload private. There are different mechanisms: VPN: It tunnels the traffic in an extra layer towards a VPN server, but information is keept private. You usually have to pay for it. In the figure openVPN Connect app QUIC Crypto (over UDP), TLS (over TCP) are protocols which implementation is open and well described, that use certificates to keep the connection secured.
- If you remember from a previous presentation, this is the forecast we did in early 2016 about how encryption will evolve. In our current state, number 1, the prediction was that during 2017 we were going to see the introduction of TLS 1.3. How is this prediction going? TLS is not new. First TLS 1.0 RFC came in 1999 (SSL 3.0 was the original name, owned by Netscape). TLS 1.1 standard released in 2006 and TLS 1.2 was released in 2008. TLS 1.3 is still a draft. DNS over HTTPS is being under development by Google: https://developers.google.com/speed/public-dns/docs/dns-over-https
- If we move forward to the next slide, here we have a graph with the last bundles updates and additions. What is a signature? A Signatures is a service or application (from all supported devices), some of them split into different kind of traffic (for example control and data, or regular traffic and VoIP. What I would like you to highlight when you meet our customers one of our strengths compared with the competitors is not only the total amount of applications we support, but also the average number of updates we have. Number of signatures in last bundle available in http://sigdev.int.prnw.net/frontpage/
- Real-Time Endpoint Classification: Currently we can retrieve the mapping hostname-IP address using lookup on URL or SNI. Instead, we will use a Endpoint Database will give us the mapping service-IP address that won’t be possible when TLS 1-3 with 0-RTT is deployed. Bin code detectors in signature bundle: this will provide more rich detection capabilities, beyond pure signatures, available each week, without the need of waiting for a full software upgrade. Including in the RAHE is the Evolving Flow Behavior Analysis for encrypted apps. This means more metrics to improve detection. Procera has used XFB, aka behavioral classification, for over 10 years (Active, Asymmetric, Beginning, Initial flag, Bulky, CBR Streaming, Client is Local, Download, Established, Flowsynced, Inbound, Initial, Interactive, Outbound, Pseudo , Random, Server is Local, Streaming, Unidirectional, Untracked, and VoIP-like are existing behavior flags) Extended to cover encrypted VoIP and Encrypted Video detection. Device detection: Possibility of extract the device from encrypted traffic
- Over 30 solutions and 150 use cases
- Over 30 solutions and 150 use cases
- But they don’t’ get there by just buying a few boxes form us. It’s a large operation, they need additional Infrastructure such as an Hadoop Data lake, mediation systems, campaign management platforms for taking action, and machine learning technologies in order to analyze the data. You need people with specific skills, who are intelligence and high educated and also understand your business. These don’t exist (enough), Dr. Bob admitted they with in tight teams for this purpose so people complement each other – and a lot of time is spend on training. Understanding the data, researching algorithms and skilling up on Tools.
- Procera is a Subscriber, Service, and Network Intelligence software provider for network operators, with over 360M subscribers across more than 60 Tier 1 operators in 88 countries worldwide. Our customers include some of the largest and most prestigious and innovative operators in the world – Softbank in Japan, British Telecom, and Boingo Wireless t oname a few. Our solutions are based on Deep Packet Inspection, and provide real-time visibility into100% of the traffic flowing through broadband networks – regardless of the access type and at any volume of traffic. We decorate the application data with a wealth of subscriber attributes, including location, service plan, network quality, and many more. Our Headquarters is in Silicon Valley in the US, but we have engineering locations in Sweden and Canada, and regional offices in Japan, Malaysia, and Dubai. Procera employs ~219 employees worldwide, with 37% of our headcount in sales and marketing, and 32% in R&D.