Keysight Product Overview

Ridwan Satrio Hadikusuma

Who is Keysight?
75 years of Innovation & Leadership

1939-1998 The Hewlett-Packard Years

A company founded on electronic measurement innovation

1999-2013 The Agilent Technologies Years

Spun-off from HP, Agilent as premier measurement company

2014 Keysight Technologies is launched

Focus of electronic design and measurement solutions

2017 Keysight acquires Ixia

Focus of Network Test, Security and Visibility Solutions

2
 Network Applications and Security (NAS)

TEST SECURITY VISIBILITY

• Traffic Generator for L27. • Breach and Attack Simulation • Bypass Switches.
• Legitimate and malicious traffics. (BAS) tool. • Network tapping.
• Appliance or Virtual Edition (VE). • Breakingpoint. • Network Packet Brokers.
• CyPerf for SD WAN testing. • Cyber Range. • Active Monitoring (HawkEye).

3
Threat Simulator
Complexity Is The Biggest Enemy
WHICH NGFW IS RIGHT FOR HOW DID THAT CONFIGURATION
US…AND HOW MUCH AFFECT OUR RISK?
PROTECTION DO I NEED?

HOW CAN WE REDUCE DID WHAT WE DID THIS WEEK

ALERT RESPONSE TIME? MAKE US MORE SECURE?

IS MY SECURITY BUDGET
WOULD SOAR HELP US — OR WILL
MAKING US MORE SECURE?
IT CREATE MORE WORK?
“THROUGH 2023, 99% OF
FIREWALL BREACHES WILL BE
CAUSED BY FIREWALL
MISCONFIGURATIONS, NOT
FIREWALL FLAWS.”

Gartner, Technology Insight for Network Security Policy Management, Rajpreet Kaur, et al.,
Refreshed 20 May 2020, Published 21 February 2019.
VALIDATION FREQUENY
Security Assessments Today

VULNERABILITY ASSESSMENT BREACH & ATTACK SIMULATION

Low Risk, Continuous, Low Risk, Continuous,
Production, Limited Scope, Safe Production, Comprehensive, Safe

PEN-TESTING & RED TEAMS

Higher Risk, Point-in-Time,
Production, Comprehensive, Complex

PRE-DEPLOYMENT SECURITY TEST

Low Risk, Point-in-Time, Pre-Deployment,
Comprehensive, Safe

VALIDATION THOROUGHNESS
 Keysight Threat Simulator Legend
Keysight Threat Simulator Agent (simulated actor)
Threat Simulator Cloud SaaS​
User workstation (non-simulated)

Management Portal Simulated Dark Cloud Production Web Servers (non-simulated)

External Hackers
DNS servers
C2C servers Microsoft Azure
Malicious Hosts

DC-1

Internet
untrusted

untrusted
untrusted

DMZ NGFW
trust
trust trust trust
10.0.0.0/24
Branch 1 Branch 2 Branch 3
10.0.0.0/24
trust
B1 B2 B3
DC1
DMZ 10.0.1.0/24 10.0.2.0/24 10.0.3.0/24
 Threat Simulator – Multiple threat vectors
NETWORK EMAIL ENDPOINT
WAF, IPS, GAV, DLP, URL Filtering, DLP HIPS, HIDS, DLP and AV

Web Application Security / OWASP Policy Assessments MITRE ATT&CK Tactics & Techniques
-- Cross Site Scripting -- Anomalous Archives -- TA001 Initial Access
-- SQL Injection -- Compressed files -- TA002 Execution
-- Remote File Inclusion -- Corrupted files -- TA003 Persistence
-- Local File Inclusion -- Encrypted archives and documents -- TA004 Privilege Escalation
-- Server-Side Script Injection -- Encrypted content -- TA005 Defense Evasion
-- OS Command Injection -- Executable binaries -- TA006 Credential Access
-- Reflected XSS Efficiency -- Executable scripts -- TA007 Discovery
-- Stored XSS Efficiency -- Microsoft Office documents -- TA008 Lateral Movement
-- SQL Injection Efficiency -- TA009 Collection
-- TA010 Command & Control
Corporate Email Security -- TA011 Exfiltration
LAN Perimeter -- Malicious attachments -- TA040 Impact
-- Web browser vulnerabilities -- Malicious links
-- File format vulnerabilities -- CISA Top-10
-- Malware file transfer -- EICAR Validation Endpoint Security Controls
-- Command and control (C&C) -- Host based EPP/EDR/IDS/IPS
Email integrations -- Host based AV
-- Host based DLP
Post-Breach -- Microsoft Office 365 Email
-- Lateral movement
-- Data exfiltration

Full Kill Chain & APT scenarios | SIEM Integration: Splunk, QRadar, and LogZ.io
 Positioning – Threat Simulator
Target Market by Size Large Enterprises
Target Market by Sector
Government, Service Providers, FSI, Oil and Gas, ISP
(Customer who already have bunch of security controls installed in their data center)
Situation 1. OJK regulatory compliance requirements (POJK 29 Tahun 2022)
2. Using it as a red team tool.
3. Validate security controls for example WAF, or DLP. As PDP law is a hot topic
recently.
Why Keysight 1. Keysight Threat Simulator leverage the threat intelligence library from ATI which is
the industry gold standard for security testing.
2. Support on-premise deployment.
3. Pricing.
MEASURE
IDENTIFY GAPS

Understand Detection and

Blocking Capabilities
Quickly identify misconfigurations and gaps
SIEM integrations identify visibility gaps
Eliminates the assumptions that security
controls are deployed and configured correctly
Provides security assurance that they stay the
same

Rationalize Investments
Justify current and future IT spending using
insight of your infrastructure
OPTIMIZE
R E M E D I AT E FA ST E R

Improve Security Before

Purchasing New Tools
Maximize your existing tools ROI with minimal
investment
Optimally configure existing products without extra cost

Remediate Faster
Best-in-class recommendations close gaps
SAMPLE REPORTS
EXECUTIVE REPORTS, SCENARIO (DETAILED REPORTS), RECOMMENDATIONS REPORTS

BEFORE OPTIMIZATIONS AFTER OPTIMIZATIONS

Find and fix gaps, Understand Emerging Threats Automate Assessments & Monitor for Environment Drift
ENDPOINT SECURITY ASSESSMENTS
D E TA I L E D M A LWA R E E M U L AT I O N

• Endpoint Security Assessments

• Native Microsoft Windows support
• 12 MITRE Tactics 100+ techniques
• Assessments organized by Platform (e.g:
Windows)
• SIEM integration supports events from
Windows Defender & Sysmon Events
• Audit description updated to include IOCs
• Endpoint-based recommendations
• New kill chain scenarios based on
endpoint audits: Trickbot, Sunburst, and
Hafnium.
MONITOR FOR DRIFTS
C O N T I N O U S VA L I D AT I O N

Get In Front of New Attacks with

Continuous Audits
Minimize risk from configuration changes,
emerging threats, etc.

Scheduled Runs
Automated scheduled runs enable a
continuous approach to collect evidence when
environment drifts happen
Network Packet Brokers
 Network Tap

Copper Tap Fiber Tap Industrial Copper Tap Fiber Tap with Rack

Why use Tap? Keysight Tap

1. Span/port mirroring → use up ports (not free).

2. No separation between production and monitoring. Switch A Switch B
Best practice → Separate live and monitoring Span
Span
network. Traffic
Traffic
3. Can lose packets under high load.
4. Need ongoing support/management.
5. Cannot detect CRC errors. With tap, all errors are Monitoring Tools
revealed. (IDS, NDR, DDI, SIEM, etc)
18
 Sample Situation

Keysight Tap

Switch A Switch B

Monitoring Tool A Monitoring Tool B Monitoring Tool C

(IDS) (NDR) (DDI)

How to send network traffics to tool B and tool C?

19
 Network Packet Broker (NPB)

Tool A Tool B Tool C

Network Packet
Broker

Clients Network Network Network

Tap Switch Tap Switch Tap Server

20
 Keysight Network Visibility Fabric
CloudLens Taps Network
Perf Mgmt
Network Packet
1G
Brokers
Taps
Network
Switch
10G Detection &
40/100G Response
• Aggregation 4x10G
• Filtering
Taps
• Deduplication IDS/IPS
Switch • Load Balancing 25G
SPAN • SSL Decryption
40G • Netflow 25G
Virtual • Tool Sharing
Taps 40G Forensics
Servers
40G
Hybrid Network
21
 Network Packet Broker (NPB)

1G 10G 40G 100G 400G

Vision E1S Vision E10S Vision Edge OS + Vision E100

Vision E40 Vision ONE Vision X Vision 400
Vision T1000 White Box Switch Vision 7816
Vision E400S

Range of packet brokers to meet the speed, density and intelligent packet access anywhere

22
Network Packet Broker Features Matrix

23
 Network Packet Broker Software Stacks

NetStack (~NPB Basics) PacketStack (~AFM) AppStack (~ATIP) SecureStack MobileStack

• 3 Stages of Filtering • Deduplication • App detection and • Passive SSL • GTP/SIP Session
• Dynamic Filter Compiler • Header Stripping & filtering Decryption Correlation
• Double your Ports Protocol Trimming • Geolocation & Tagging • Active SSL or man-in- • GTP/SIP Load
• VLAN Tagging • Timestamping • Real-time Dashboard the-middle Decryption Balancing
• Aggregation & • Data Masking • NetFlow & IxFlow • Threat Intelligence • Subscriber sampling
Replication • GRE Tunneling generation • Subscriber filtering
• Load Balancing • Burst Protection • RegEx filtering • EPC filtering
• L2GRE/VxLAN tunneling • Data Masking +
• Inline and Inline HA • PCAP
• IFC Clustering

24
Network Packet Broker Features Matrix

25
 Positioning – Tap and NPB (Out of Band)
Target Market by Size Large Enterprises
Target Market by Sector Government, Service Providers, FSI, Oil and Gas
(Large enterprise with huge network infrastructure)
Situation 1. New data center deployment.
2. Tech refresh in existing data center where customer already use competitor's
solution. (Gigamon, Niagara, Cubro, Cisco, Garland, Huawei, Arista)
3. Tech Partners projects (NDR, NPM or APM, SOC, and any other OOB projects).
4. Issue in existing deployment (packet drop, monitoring accuracy problem, etc). It could
be customer is using span, or no dedup feature in the deployment, etc.
5. Monitoring east-west traffic in virtual environment.
Additional Info Target on nation-wide deployment from government initiatives for example lawful
interception, national data center (PDN), et cetera.
Why Keysight? 1. Zero loss architecture.
2. Proven in the market for its scalability and support.
3. Strive to always be one step ahead in the market (for example VX roadmap).

Optional Title of the Presentation 26

Bypass Switch

R1 R2 Data Path Bypass HB

Bypass Switch

Inline Tool
IDS/IPS/DLP

Why need bypass switch?

www Firewall IPS SSL Switch Servers

WAF Other
Decrypt
Tool

27
Bypass Switch

iBypass CU3 iBypass DUO iBypass 100G

4Th Gen Dual management ports 40G & 100G Fiber

Copper Fiber, 1 or 10Gbps Supports dual speed

10/100/1000Mbps Power fail, 40G and 100G
High MTBF open/close Active-Standby,
Multi-function Active-Active Active-Active
TAA Compliant TAA Compliant TAA Compliant

28
Keysight iBypass positioning

iBypass 100G

DUO

Copper

1G 10G 40G 100G

29
Network Speed
Positioning – Bypass Switch and NPB (In-Line)
1. Customers who deploy security tool that does not have built in bypass capability.
2. Customers who worry about the MTBF of internal bypass.
3. Customers who need to improve cost efficiency by doing security tools sharing.
4. Centralize SSL decryption.
5. TLS 1.3 will require customer to adopt inline architecture.

IPS Other tools

SSL Decrypt
Network Packet
Broker

Encrypted traffic Firewall Bypass Switch Servers

Switch

30
Network Visibility Deployment Scenarios

Keysight Products: Keysight Prdocuts: Keysight Product:

• Network Tap • Bypass Switch • HawkEye
• Network Packet Broker • Network Packet Broker

31
Out-Of-Band VS In-Line Architecture

Out-of-Band In-Line Security

Framework Framework

32
Hawkeye-Active Monitoring
HawkEye – Active Monitoring Hawkeye Endpoints

Hardware
Vision Edge 1S – 10G / 1G

IxProbe – 1G XRPi – 100M / Wifi

Virtual - Cloud

Software
 Hawkeye – Active Monitoring
PROACTIVE, PREDICTIVE ISSUE RESOLUTION AND EXPERIENCE MANAGEMENT

Enterprise Branch/ WAN/MPLS Data Center/ Internet/ Cloud/SaaS Provider

Remote Site Access Private Cloud Core Network Applications

Endpoints Endpoints

✓ Delay, Loss, Jitter ✓ UDP and TCP throughput ✓ VoIP multiple codecs ✓ Path discovery
✓ Round-trip time ✓ Speedtest ✓ Web based app performance
✓ Teams, Zoom, Skype ✓ Diagnostic on path
✓ COS qualification ✓ Cloud access performance
✓ ICMP, UDP, TCP ping ✓ Video, Netflix, youtube… performance
✓ Business apps: Office365,
IP Transport Circuit capacity Citrix …
Voice, Video + Virtual Hop-By-Hop
Performance verification meetings Cloud/SaaS + Discovery
Applications

35
 Positioning – HawkEye Active Monitoring
Target Market by Size Medium to large enterprises
Target Market by Sector Government, Service Providers, FSI, Oil and Gas, ISP
(customer who have many branch offices or infrastructure deployed across different
regions)
Situation 1. Bank who wants to monitor their branch offices or network connectivity of their ATM
machines. Or, any institutions who have corporate customers that the network
connectivity is critical and have to be up and running 24x7x365.
2. Regulatory who need to monitor the quality of ISP.
3. Customer who need to continuously making sure whenever there is a problem in a
certain service, it is not caused by the network performance issue. Or, if it is network
performance issue, they can use HawkEye to help troubleshoot and isolate the problem
and hence improve the MTTR.
Why Keysight? 1. Keysight has been in the testing industry for decades and with its ATI, HawkEye is
more superior in term of App Library (number of apps that can be simulated).
2. On prem support.
3. Pricing.

36
Thank You

Learn more about what we can do for you at

www.abpsecurite.com