A network IPS can effectively defend your OpenStack cloud against targeted attacks, even at large scale, once enabled as a virtual network function (VNF).
Traditional security approaches in OpenStack, such as security groups and FWaaS, lack flexibility and manageability. These solutions also do not provide sophisticated active responses like running defensive scripts in case of attacks, and are not effective in protecting big enterprise clouds against sophisticated cyber attacks.
A network IPS delivered through Tap-as-a-Service and vRouter (enabled by the Fuel Contrail plugin) as a forwarding plane can identify targeted attacks by monitoring and analyzing east-west traffic.
Moreover, we extend the architecture with an open source malware sandbox (e.g. Cuckoo or PyBox) as an IPS back end to identify targeted attacks (e.g. CloudAtlas and Minidionis APTs), and help an incident response team with a forensic investigation.
We will demonstrate features and discuss security best practices.
Attendees will learn how to:
- Use the Fuel Contrail plugin to enable SDN on top of OpenStack
- Enable IPS as a VNF in OpenStack
- Extend your security protection by enabling a malware sandbox
- Detect targeted attacks with IPS and a malware sandbox