Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
|
|
- Alicia Reeves
- 5 years ago
- Views:
Transcription
1 Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
2 Network Modeling: A real world example Presented by: Don Slife Jarrod Echols
3 Who is MacAulay-Brown, Inc.? Cybersecurity Solutions MacAulay-Brown, Inc. (MacB) Founded in 1979 Headquartered in Dayton, OH National Capital Headquarters in Vienna, VA Over 1,500 employees Privately-held Integrated quality management by design Broad and diverse Cybersecurity customer set Frank B. Rowlett award (2001): NSA recognized Outstanding Information Systems Security Organization Blue states represent operating locations. Engineering Services Information Technology MacB Offices Huntsville, AL Santa Clara, CA Aurora/Denver, CO Panama City, FL Shalimar, FL Tampa, FL Augusta, GA Bedford, MA Aberdeen Proving Grd, MD Alexandria, VA Columbia, MD Bellevue, NE Neptune, NJ Doylestown, PA San Antonio, TX Sterling, VA Hampton, VA Roanoke, VA A Proud History of Providing Technical Excellence for Over 35 Years
4 Who are we? Don Slife 10 Years US Air Force, Computer and Network Operations 3 Years Air Force CERT 15 Years Contracting Programming Red Team SOC Operations Reverse Engineering Jarrod Echols 2 Years, Cyber Threat & Intelligence Analysis BS in Information Systems: Information & Network Security Regional Team winner, Collegiate Cyber Defense Team (CCDC) Masters of Public Administration Internship, US Senate IT Security
5 Why are we doing this? ArcSight is a very powerful tool... BUT With great power, comes great complexity... AND With great complexity, comes great confusion
6 Bringing Order to the Chaos Define the Protected Environment Identify Dark Address Space Identify/Fix Misconfigurations to Reduce Noise Define Normal Traffic User Zones Asset Type Zones (Mail, DNS, VoIP ) Network Type Zones (Public, Private) Define Critical Assets Prioritize Events Against Critical Assets ArcSight Console Users Guide
7 Goals of Today Share what we have learned so far in our voyage of discovery through ArcSight network and asset modeling. Explain the mistakes we made. Explain the things we ve learned. Share our best practices. What are we going to talk about? The model we inherited. Finding unmodeled space. Our first modeling attempt. Our second modeling attempt. Where we are going from here. GOAL: You don t have to repeat our mistakes. You get to make new mistakes!
8 The Organization Multi-state Medical Co-op of 102 Doctors 40 Research Committees Made up of Subsets of Doctors Doctors have Individual Offices Around the Country Approximately 8,000 Users Co-op has a Shared Network Backbone and Core Computing Environment ( /Messaging/VoIP/VTC)
9 The Network Class B Routable Address ( /16) Doctor and Committee Main Offices /24 s for Everyone Doctors Local Offices /28 s in Some Cases Some Public Facing IP s Common Services Exchange Internal Web VTC All 3 RFC 1918 Address Spaces /8 Internal Networking Addresses VoIP /12 Overflow Address Space for Doctors Some Public Service (via NAT) /16 Overflow Address Space for Doctors Office Wireless Network Space
10 Example: Dr Schmedley Main Office (Washington, DC) /24 Original IP Space /24 Additional Space /24 VoIP Phones /28 COOP Location Atlanta Office /26 Original IP Space /28 Expansion Space /24 VoIP Phones Sacramento Office /26 Original IP Space /24 VoIP Phones DC Dr Schmedley Atlanta Sacramento / / / / / / / / /28
11 Network Model: Version 1 Folders by IP Network Most Zones in the Public /16 Address Space Fairly Static Approximately 1,700 Zones No Asset Categories Engineering Maintained Access DB Manual Asset/Zone Creation Addition of Zones/IP Space when Discovered
12 Version 1 Pro Simple to Visualize for Network Engineers Direct Mapping to Network Engineering Database Con Zone Addition is a Manual Process Trying to Group by Doctor or Committee is Difficult Difficult to Keep up with Network Changes No Asset Categories ISSUE: Network Operations has another database, and zones are added monthly!
13 Detecting Unmodeled Space Problem: How to detect unmodeled space so it can be added? Solution: Create a second network on each connector and let ArcSight do it! Discoveries NOC adds zones weekly. Only the routers really know! Over 300 unmodeled IPs.
14 Asset Modeling on the Cheap Address Space Categories Should be Assigned to Zones Application Categories Should be Assigned to Assets Problem: Not Ready to Model Assets Solution: Apply Application Categories to Networks Issue: Category Queries Become Slightly More Complicated
15 Network Model: Version 2 Single Data Source Approximately 2,500 Zones Network Model Wizard Big Groups by Organization Started Using Categories in ESM Protected DMZ Dark Wireless Name Start Address End Address Dynamic Addressing Schmedley DC 1.0: TRUE Partee Mont 202.0: TRUE Calamba Spri VoIP 8.0: FALSE International Medicine DC 63.0: TRUE Kus Anch COOP 32.0: FALSE Chivers NewY AVAILABLE 101.0: TRUE
16 Network Model: Version 2 Pro Single Data Source Semi-Standard Naming Schema [Zone Name]: IP Start IP End Visibly Organized in ArcSight Quick to Analyze in Active Channel Con 41 Step Process CIDR to IP Range Conversion Organize Into Categories ~ 16 Hours to Massage Data Still Difficult to Group by Office Zones Tagged with Asset & Network Categories Export from Infoblox Convert CIDR to IP Range Concatenate Names Group by Category Setup for Import Import to ArcSight via Wizard Delete old (broken) Zones
17 Network Model: Version 3 Flat Model ArcSight Resource Generator for Import Quick to Massage Data Pre-Import Category Tagging Custom Category Tagging Approximately 3,700 Zones #Type Name Start Address End Address Dynamic Addressing Parent Group URI Location URI Network URI Category: Zone Schmedley DC 1.0: TRUE /All Zones/Offices /All Locations/Office/Washington DC /All Networks/US Medical Zone Partee Mont 202.0: TRUE /All Zones/Offices /All Locations/Office/Alabama /All Networks/US Medical /All Asset Categories/Office/Address Spaces/Wireless Zone Calamba Spri VoIP 8.0: FALSE /All Zones/Offices /All Locations/Office/Illinois /All Networks/US Medical /All Asset Categories/Office/Application/Type/VoIP Zone International Medicine DC 63.0: TRUE /All Zones/Offices /All Locations/Office/Washington DC /All Networks/US Medical Zone Kus Anch COOP 32.0: FALSE /All Zones/Offices /All Locations/Office/Alaska /All Networks/US Medical /All Asset Categories/Office/Address Spaces/COOP
18 Network Model: Future Automate Infoblox Export Automate Massaging of Data Zones Refresh Instead of Reload Delete/Add Changed Zones Zones Tagged with Address Space Categories Assets Tagged with Application Categories
19 Lessons Learned Darkspace Network Covering Your Entire IP Space Apply Application Categories to Zones Until Assets are Modeled Establish a Single Authoritative Source for IP s Standardized Zone Naming Schema <TITLE> <NAME> <LOCATION>: StartIP EndIP Flat Folder Structure is Much Easier Close Relationship with NOC We Recommend Beer!
20 Please give me your feedback Session TB3295 Speaker Don Slife & Jarrod Echols Please fill out a survey. Hand it to the door monitor on your way out. Thank you for providing your feedback, which helps us enhance content for future events. 20 Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
21 Thank you Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
22 Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
At a Glance. Employees 1,500. Office Locations. 16 across the U.S.
2 At a Glance Headquarters Corporate Dayton, OH National Capital Vienna, VA Employees 1,500 Office Locations 16 across the U.S. Prime/Sub Mix 75% / 25% Active Security Clearances Top Secret* 900 Secret
More informationAsset and network modeling in HP ArcSight ESM and Express
Asset and network modeling in HP ArcSight ESM and Express Till Jäger, CISSP, CEH EMEA ArcSight Architect, HP ESP Agenda Overview Walkthrough of asset modeling in ArcSight ESM More inside info about the
More informationTina Ladabouche. GenCyber Program Manager
Tina Ladabouche GenCyber Program Manager GenCyber Help all students understand correct and safe on-line behavior Increase interest in cybersecurity and diversity in cybersecurity workforce of the Nation
More informationNSA s Centers of Academic Excellence in Cyber Security
NSA s Centers of Academic Excellence in Cyber Security Centers of Academic Excellence in Cybersecurity NSA/DHS CAEs in Cyber Defense (CD) NSA CAEs in Cyber Operations (CO) Lynne Clark, Chief, NSA/DHS CAEs
More informationArcSight priority formula
ArcSight priority formula Fred Thiele, Managing Principal, South Pacific @fgthiele #HPProtect Our journey The priority formula Let s understand the ins and outs Look at some examples Take advantage of
More informationSecurity analytics: From data to action Visual and analytical approaches to detecting modern adversaries
Security analytics: From data to action Visual and analytical approaches to detecting modern adversaries Chris Calvert, CISSP, CISM Director of Solutions Innovation Copyright 2013 Hewlett-Packard Development
More informationAmazon Web Services Hands- On VPC
Amazon Web Services Hands- On VPC Copyright 2011-2015, Amazon Web Services, All Rights Reserved Page 1 Table of Contents Overview... 3 Create a VPC... 3 VPC Object Walkthrough... 6 Your VPCs... 6 Subnets...
More informationCorrelating efficiently
Correlating efficiently Rob Block Lead Engineer, ArcSight Correlation Agenda Introduction Filters Real time correlation Reporting Trends to rescue Q & A 2 Introduction Correlating efficiently: Goals Understand
More informationPost Graduation Survey Results 2015 College of Engineering Information Networking Institute INFORMATION NETWORKING Master of Science
INFORMATION NETWORKING Amazon (4) Software Development Engineer (3) Seattle WA Software Development Engineer Sunnyvale CA Apple GPU Engineer Cupertino CA Bloomberg LP Software Engineer New York NY Clari
More informationCenter for Infrastructure Assurance and Security (CIAS) Joe Sanchez AIA Liaison to CIAS
Center for Infrastructure Assurance and Security (CIAS) Joe Sanchez AIA Liaison to CIAS 1 REPORT DOCUMENTATION PAGE Form Approved OMB No. 074-0188 Public reporting burden for this collection of information
More informationA C H I E V E B O T H W I T H K E Y S I G H T. Company Profile
A C H I E V E B O T H W I T H K E Y S I G H T 1 W E H E L P Y O U C R E AT E. I N N O VAT E. A N D D E L I V E R W H AT S N E X T. The innovation leader in electronic design and test for over 75 years
More informationEnriching and Automating Fraud Response with HP ArcSight ESM
Enriching and Automating Fraud Response with HP ArcSight ESM TB3022 Ron Stamper, Regions Financial, Cybersecurity Engineer Josh Larkins, Malcovery Security, Sr Threat Intel Analyst Table of Contents Introduction
More informationConverged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products
Converged security Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products Increased risk and wasted resources Gartner estimates more than $1B in
More informationIpswitch: The New way of Network Monitoring and how to provide managed services to its customers
BRKPAR-2333 Ipswitch: The New way of Network Monitoring and how to provide managed services to its customers Paolo Ferrari, Senior Director Sales Southern Europe, Ipswitch, Inc. WhatsUp Gold Jan 2018 Agenda
More informationCore DDI Basics NIOS 8.1
DEPLOYMENT GUIDE Core DDI Basics NIOS 8.1 2017 Infoblox Inc. All rights reserved. Core DDI Basics NIOS 8.1 July 2017 Page 1 of 33 Contents Prerequisites... 3 Extensible Attributes... 3 Creating Extensible
More informationThe New Security Heroes. Alan Paller
The New Security Heroes Alan Paller apaller@sans.org How they attack Spam with infected attachments Web sites that have infected content The most dangerous: targeted attacks Fooling the victim into Installing
More informationDEVELOPMENT AND INVESTMENT OVERVIEW
DEVELOPMENT AND INVESTMENT OVERVIEW Company Overview $4.1B projects in the pipeline $7.7B projects in the process * * CAPABILITIES The firm focuses its attention on the areas where we believe we can make
More informationCopyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. September 2014 Let HP ArcSight ESM be the strong link in your Cyber Kill Chain
More informationConverged Security - Protect your Digital Enterprise May 24, Copyright 2016 Vivit Worldwide
Converged Security - Protect your Digital Enterprise May 24, 2016 Copyright 2016 Vivit Worldwide Brought to you by Copyright 2016 Vivit Worldwide Hosted By Richard Bishop Vivit Board United Kingdom Chapter
More informationBIG-IP Access Policy Manager : Secure Web Gateway. Version 13.0
BIG-IP Access Policy Manager : Secure Web Gateway Version 13.0 Table of Contents Table of Contents BIG-IP APM Secure Web Gateway Overview...9 About APM Secure Web Gateway... 9 About APM benefits for web
More informationCloud & DevOps April Big Group. April 24, 2015 Friday 1:30-2:30 p.m. Science Center Hall E
Cloud & DevOps April Big Group April 24, 2015 Friday 1:30-2:30 p.m. Science Center Hall E Agenda Program Update Megan Parmar (10 min) News and Announcements Cloud & DevOps Open House: The Results Network
More informationPresentation to NANC. January 22, 2003
Presentation to NANC January 22, 2003 Introduction Service Offering Numbering No Special Number Exhaust Issues Associated with VoIP Providers January 22, 2003 Who is Vonage? 2002 saw the introduction of
More informationInformation Technology & Cybersecurity Services & Solutions
Capabilities Brief Information Technology & Cybersecurity Services & Solutions P h o n e : 4 0 4-883- 2 0 0 0 ~ F a x : 8 7 7-282- 9 4 8 5 ~ W e b s i t e : w w w. x t r e m e s o l u t i o n s - i n c.
More informationMcAfee Security Management Center
Data Sheet McAfee Security Management Center Unified management for next-generation devices Key advantages: Single pane of glass across the management lifecycle for McAfee next generation devices. Scalability
More informationMeeting 40. CEH Networking
Cyber@UC Meeting 40 CEH Networking If You re New! Join our Slack ucyber.slack.com SIGN IN! Feel free to get involved with one of our committees: Content, Finance, Public Affairs, Outreach, Recruitment
More informationCitrix SD-WAN for Optimal Office 365 Connectivity and Performance
Solution Brief Citrix SD-WAN for Optimal Office 365 Connectivity and Performance Evolving Needs for WAN Network Architecture Enterprise networks have historically been architected to provide users access
More informationManaging Networks for Successful VoIP Implementations
Managing Networks for Successful VoIP Implementations Kevin Porter Senior Network Management Strategist November, 2008 2008 Hewlett-Packard Development Company, L.P. The information contained herein is
More informationFive Essential Capabilities for Airtight Cloud Security
Five Essential Capabilities for Airtight Cloud Security SECURITY IN THE CLOUD REQUIRES NEW CAPABILITIES It is no secret; security and compliance are at the top of the list of concerns tied to cloud adoption.
More informationCIO-SP3 Small Business Ramp On Solicitation Number NIHJT , Pre- Award Notice for the SDVOSB Program
1 of 5 Subject: CIO-SP3 Small Business Ramp On Solicitation Number NIHJT2016015, Pre- Award Notice for the SDVOSB Program Good Afternoon: The National Institutes of Health Information Technology Acquisition
More informationEffectively Measuring Cybersecurity Improvement: A CSF Use Case
SESSION ID: GRC R03F Effectively Measuring Cybersecurity Improvement: A CSF Use Case Greg Witte Sr. Cybersecurity Engineer G2, Inc. @TheNetworkGuy Tom Conkle Cybersecurity Engineer G2, Inc. @TomConkle
More informationFrom the Trenches: Lessons learned from using the NIST Cybersecurity Framework
From the Trenches: Lessons learned from using the NIST Cybersecurity Framework Greg Witte Sr. Cybersecurity Engineer G2, Inc. Greg.Witte@G2-inc.com Tom Conkle Cybersecurity Engineer G2, Inc. Tom.Conkle@G2-inc.com
More informationECE 646 Lecture 3. Key management. Required Reading. Using the same key for multiple messages
ECE 646 Lecture 3 Key management Required Reading Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E Chapter 14 Key Management and Distribution Using the same key for multiple
More informationPanelists. Patrick Michael. Darryl M. Bloodworth. Michael J. Zylstra. James C. Green
Panelists Darryl M. Bloodworth Dean, Mead, Egerton, Bloodworth, Capouano & Bozarth Orlando, FL dbloodworth@deanmead James C. Green VP, General Counsel & Corporate Secretary MANITOU AMERICAS, INC. West
More informationUnit 10: Advanced Actions
Unit 10: Advanced Actions Questions Covered What other action types are available? How can we communicate with users without sending an email? How can we clone a record, mapping just the fields we want?
More informationDisaster Recovery How to NOT do it. Derek Martin Senior TSP Azure
Disaster Recovery How to NOT do it Derek Martin Senior TSP Azure Infastructure @thebookofdoodle 1 A Bit About Me Derek Martin Senior TSP Azure Infrastructure @thebookofdoodle @doodlemania on Peepeth www.derekmartin.org
More informationQTS PISCATAWAY IS ABOUT CONNECTING YOU
QTS PISCATAWAY IS ABOUT CONNECTING YOU Where you need it, When you need it, How you need it. MORE THAN DATA SOLUTIONS. DATA SOLVED. Piscataway Connectivityyou need it, One of the largest world-class data
More informationKey management. Required Reading. Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E
ECE 646 Lecture 3 Key management Required Reading Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E Chapter 14 Key Management and Distribution 1 Using the same key for multiple
More informationIntelligence & Security Overview
Intelligence & Security Overview 2014 1 Our Mission Employees: ~10,000 84% cleared Headquarters: McLean, VA Mission: BAE Systems Intelligence & Security enables the U.S. government to transform data into
More informationState of Security Operations
State of Security Operations Roberto Sandoval / September 2014 Security Intelligence & Operations Consulting Founded: 2007 The best in the world at building state of the art security operations capabilities/cyber
More informationKey management. Pretty Good Privacy
ECE 646 - Lecture 4 Key management Pretty Good Privacy Using the same key for multiple messages M 1 M 2 M 3 M 4 M 5 time E K time C 1 C 2 C 3 C 4 C 5 1 Using Session Keys & Key Encryption Keys K 1 K 2
More informationDistracted Driving- A Review of Relevant Research and Latest Findings
Distracted Driving- A Review of Relevant Research and Latest Findings National Conference of State Legislatures Louisville, KY July 27, 2010 Stephen Oesch The sad fact is that in the coming weeks in particular,
More informationSurprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS
Surprisingly Successful: What Really Works in Cyber Defense John Pescatore, SANS 1 Largest Breach Ever 2 The Business Impact Equation All CEOs know stuff happens in business and in security The goal is
More informationQTS IS ABOUT CONNECTING YOU
QTS IS ABOUT CONNECTING YOU Where you need it, When you need it, How you need it. MORE THAN DATA SOLUTIONS. DATA SOLVED. QTS recognizes that robust,you need it, carrier-neutral connectivity is a key component
More informationECE 646 Lecture 3. Key management
ECE 646 Lecture 3 Key management Required Reading Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E Chapter 14 Key Management and Distribution Using the same key for multiple
More informationFree or Reduced Air from Select Gateways for 1st & 2nd guest on reservation
UPDATED AS OF OCTOBER 9, 2018 Free or Reduced Air from Select Gateways for 1st & 2nd guest on reservation Booking Window: 10/3/18-10/31/18 11:59pm EST Offer Valid on Select Sailings & Categories See Terms
More informationCisco Connected Factory Accelerator Bundles
Data Sheet Cisco Connected Factory Accelerator Bundles Many manufacturers are pursuing the immense business benefits available from digitizing and connecting their factories. Major gains in overall equipment
More informationCitrix ADC Web App Firewall Service
Citrix ADC Web App Firewall Service Citrix Product Documentation docs.citrix.com October 15, 2018 Contents Getting started 3 Step 1: Sign Up for Citrix Cloud.................................. 3 Step 2:
More information(Introduction Title slide) (Forward engineering) [Start demo]
(Introduction Title slide) Welcome to this demonstration of IBM InfoSphere Data Architect. InfoSphere Data Architect is a collaborative data design solution to discover, model, relate, and standardize
More informationKeeping your HP ArcSight connectors healthy
Keeping your HP ArcSight connectors healthy Tracy Barella Chief Services Strategist HP ArcSight Connector Health Agenda What is a Health? Health steps by ArcSight component Connectors Connector Appliances
More informationStandard Content Guide
Standard Content Guide Express Express 4.0 with CORR-Engine March 12, 2013 Copyright 2013 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession,
More informationCreating a Hybrid Gateway for API Traffic. Ed Julson API Platform Product Marketing TIBCO Software
Creating a Hybrid Gateway for API Traffic Ed Julson API Platform Product Marketing TIBCO Software Housekeeping Webinar Recording Today s webinar is being recorded and a link to the recording will be emailed
More informationA Measurement Study of BGP Misconfiguration
A Measurement Study of BGP Misconfiguration Ratul Mahajan, David Wetherall, and Tom Anderson University of Washington Motivation Routing protocols are robust against failures Meaning fail-stop link and
More informationImmersion Academy Annual Report 2017
Immersion Academy Annual Report 2017 Accelerated, intensive training and certification program that develops the real-world knowledge and hands-on skills needed to defend today s information security systems.
More informationTuning HP ArcSight ESM prioritization
Tuning HP ArcSight ESM prioritization Beirne Konarski, Principal Consultant #HPProtect Priority What does the priority score mean? The priority helps you determine which events are most important to act
More informationComputer Network Protocols: Myths, Missteps, and Mysteries. Dr. Radia Perlman, Intel Fellow
Computer Network Protocols: Myths, Missteps, and Mysteries Dr. Radia Perlman, Intel Fellow It s not what you don t know that s the problem. It s what you do know that ain t true.mark Twain (?) 2 Network
More informationMonthly Meeting November 16, 2016
Monthly Meeting November 16, 2016 Agenda / Announcements Welcome to Parsons, 7110 Samuel Morse Drive, Suite 200 Columbia, Maryland 21046 Non-U.S. Citizen Requirements Any guests or new members in attendance?
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationAn Aflac Case Study: Moving a Security Program from Defense to Offense
SESSION ID: CXO-W11 An Aflac Case Study: Moving a Security Program from Defense to Offense Tim Callahan SVP & Global CISO Aflac Threat Landscape Selected losses > 30,000 records (updated 10/15/16) Security
More informationCS519: Computer Networks
: Computer Networks Lecture 2, part 2: Feb 4, 2004 IP (Internet Protocol) More ICMP messages These were added over time RFC1191: Path MTU Discovery Added the size of the limiting MTU to the ICMP Packet
More informationGrow Your Business & Expand Your Service Offerings
Grow Your Business & Expand Your Service Offerings White Label Cloud PRIVATE LABEL HOSTING SOLUTIONS FOR MSP PARTNERS CREATE NEW MONTHLY RECURRING REVENUE Becoming a White Label Cloud Partner allows you
More informationMcAfee Host Intrusion Prevention Administration Course
McAfee Host Intrusion Prevention Administration Course Education Services administration course The McAfee Host Intrusion Prevention Administration course provides attendees with indepth training on the
More informationHP HP0-M54. ArcSight ESM Security Analyst. Version: 4.0
HP HP0-M54 ArcSight ESM Security Analyst Version: 4.0 QUESTION NO: 1 Which statement is true about inline filters? A. An inline filter applies only to its current Active Channel. B. An inline filter applies
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More information2017 CMU FIRST DESTINATION OUTCOMES Information Networking Institute, Information Networking (M.S.)
DESTINATION OUTCOMES 2017 CMU FIRST DESTINATION OUTCOMES Information Networking Institute, Information Networking (M.S.) SALARIES Employed 52 Total Graduates 52 AVERAGE SALARY = $117,445 MEDIAN SALARY
More informationJCM 352: Corporate Video Production. Final Cut Pro HD Overview: Beginning a Project
JCM 352: Corporate Video Production Final Cut Pro HD Overview: Beginning a Project Final Cut Pro HD from Apple Computers is a tremendously powerful nonlinear editing system. In addition, FCPHD has the
More informationSIP security and the great fun with Firewall / NAT Bernie Höneisen SURA / ViDe, , Atlanta, GA (USA)
security and the great fun with Firewall / NAT Bernie Höneisen SURA / ViDe, 29.03.2006, Atlanta, GA (USA) 2006 SWITCH Content and Firewall and NAT Privacy / Encryption SpIT / Authentication Identity General
More informationVALUE OF A CYBERSECURITY SELF-ASSESSMENT
VALUE OF A CYBERSECURITY SELF-ASSESSMENT RC3 Self-Assessment Research Program RC3 Self-Assessment Research Program Directors Cybersecurity Ecosystem CEO/GM E&O Member Services Marketing Information Technology
More informationHPE Security ArcSight User Behavior Analytics
HPE Security ArcSight Analytics Software Version: 5.0 Integration and Content Guide July 21, 2016 Legal Notices Warranty The only warranties for Hewlett Packard Enterprise products and services are set
More informationCelebrating UTSA s National Leadership. Cybersecurity and the. Biosciences. June 5, 2018
Celebrating UTSA s National Leadership Cybersecurity and the Biosciences June 5, 2018 San Antonio s National Leadership in Biomedical Research & Development San Antonio has 3,300+ MDs and PhDs and more
More informationVulnerability Management. If you only budget for one project this year...
Vulnerability Management If you only budget for one project this year... William Kyrouz Senior Manager, Information Security & Governance, Bingham McCutchen Nathaniel McInnis Information Security Lead,
More informationSANS Vendor Events. SANS offers a variety of events which bring you in touch with the highly qualified SANS community.
SANS Vendor Events SANS offers a variety of events which bring you in touch with the highly qualified SANS community. SANS National Events over 1200 profession IT Security attendees and over 45 SANS classes
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationAll about actors in HP ArcSight ESM Anurag Singla Sr. Manager, Software Development Sep 2012
All about actors in HP ArcSight ESM Anurag Singla Sr. Manager, Software Development Sep 2012 Forward-looking statements This is a rolling (up to three year) Roadmap and is subject to change without notice.
More informationThe SD-WAN security guide
The SD-WAN security guide How a flexible, software-defined WAN can help protect your network, people and data SD-WAN security: Separating fact from fiction For many companies, the benefits of SD-WAN are
More informationArcSight Activate Framework
ArcSight Activate Framework Petropoulos #HPProtect 44% Have trouble managing their SIEM eiqnetworks 2013 SIEM Survey #1 challenge Identification of key events SANS 2012 Log Management and Event Management
More informationCISO as Change Agent: Getting to Yes
SESSION ID: CXO-W02F CISO as Change Agent: Getting to Yes Frank Kim Chief Information Security Officer SANS Institute @fykim Outline Catch the Culture Shape the Strategy Build the Business Case 2 #1 Catch
More informationFileCruiser. Administrator Portal Guide
FileCruiser Administrator Portal Guide Contents Administrator Portal Guide Contents Login to the Administration Portal 1 Home 2 Capacity Overview 2 Menu Features 3 OU Space/Team Space/Personal Space Usage
More informationCyber Threat Intelligence Debbie Janeczek May 24, 2017
Cyber Threat Intelligence Debbie Janeczek May 24, 2017 AGENDA Today s Cybersecurity Challenges What is Threat Intelligence? Data, Information, Intelligence Strategic, Operational and Tactical Threat Intelligence
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationGaps in Resources, Risk and Visibility Weaken Cybersecurity Posture
February 2019 Challenging State of Vulnerability Management Today: Gaps in Resources, Risk and Visibility Weaken Cybersecurity Posture In the last two years, businesses and governments have seen data breaches
More informationCyber Hygiene: Uncool but necessary. Automate Endpoint Patching to Mitigate Security Risks
Cyber Hygiene: Uncool but necessary Automate Endpoint Patching to Mitigate Security Risks 1 Overview If you analyze any of the recent published attacks, two patterns emerge, 1. 80-90% of the attacks exploit
More informationARUBA MULTIZONE DATA SHEET
Aruba s centralized architecture provides a more secure Wi-Fi environment that is different from any other Wi-Fi vendor on the market today. Among the key security advantages of this architecture are:
More informationWelcome to YouthHockey.com.
Welcome to YouthHockey.com. Hundreds of hockey associations and thousands of teams around the country are already using YouthHockey.com. Youthhockey.com offers many great features. I am highlighting some
More informationSecurity. Bob Shantz Director of Infrastructure & Cloud Services Computer Guidance Corporation. All Rights Reserved.
Security Bob Shantz Director of Infrastructure & Cloud Services 2016 Computer Guidance Corporation. All Rights Reserved. CPE Credits To receive your CPE Credits:. Complete a survey for each session attended.
More informationAccommodating Broadband Infrastructure on Highway Rights-of-Way. Broadband Technology Opportunities Program (BTOP)
Accommodating Broadband Infrastructure on Highway Rights-of-Way Broadband Technology Opportunities Program (BTOP) Introduction Andy Spurgeon Director of Special Projects Denver, CO Key Responsibilities
More information2016 CMU First Destination Outcomes
06 CMU First Destination Outcomes College of Engineering: Information Networking Master of Science Information Security Employed 3 5 Total Graduates Salaries* Average = $ 07,570 Median = $,500 Range =
More informationAutomated Response in Cyber Security SOC with Actionable Threat Intelligence
Automated Response in Cyber Security SOC with Actionable Threat Intelligence while its biggest weakness is lack of visibility: SOCs still can t detect previously unknown threats, which is a consistent
More informationCONTENTS. Technology Overview. Workflow Integration. Sample Customers. How It Works
NetBrain s Adaptive Network Automation platform integrates with existing IT workflows to improve data visibility and streamline network assessment. NetBrain relieves engineers from manual CLIdigging and
More informationA quick survey of search interfaces for web based image and learning object collections
A quick survey of search interfaces for web based image and learning object collections SIMILE Project Mark H. Butler mark-h.butler@hp.com 2003 Hewlett-Packard Development Company, L.P. The information
More informationMAKING MONEY FROM YOUR UN-USED CALLS. Connecting People Already on the Phone with Political Polls and Research Surveys. Scott Richards CEO
MAKING MONEY FROM YOUR UN-USED CALLS Connecting People Already on the Phone with Political Polls and Research Surveys Scott Richards CEO Call Routing 800 Numbers Call Tracking Challenge Phone Carriers
More information2 Daily Statistics. 6 Visitor
Reports guide Agenda 1 Real time reporting 5 Leads reporting 2 Daily Statistics 6 Visitor statistics 3 Sales reporting 4 Operator statistics 7 Rules & Goals reporting 8 Custom reports Reporting Click on
More informationNetwork Planning Guide
Network Planning Guide Global Reach. Local Presence. Premier Service. Introduction Maritime, Energy and Mining companies know that strategic investment in their corporate communications network is critical
More informationBuild
Web Dashboard User Manual Build 2.2.0.1 2017-04-05 This is the official user manual on using SAMLite web dashboard to perform reporting and administrative tasks. This manual describes each section of reporting
More informationIntegration with McAfee DXL
DEPLOYMENT GUIDE Integration with McAfee DXL Visibility into Network Changes and Faster Threat Containment Using Outbound APIs 2017 Infoblox Inc. All rights reserved. Integration with McAfee DXL November
More informationAPP-ID. A foundation for visibility and control in the Palo Alto Networks Security Platform
APP-ID A foundation for visibility and control in the Palo Alto Networks Security Platform App-ID uses multiple identification techniques to determine the exact identity of applications traversing your
More informationHP Intelligent Management Center Remote Site Manager
HP Intelligent Management Center Remote Site Manager Administrator Guide Abstract This guide contains comprehensive information for network administrators, engineers, and operators who manage the IMC Remote
More informationNexentaStor Storage Replication Adapter User Guide
NexentaStor 5.1.1 Storage Replication Adapter User Guide Date: January, 2018 Part Number: 3000-nxs-SRA-User-Guide-5.1.1-000092-A Copyright 2018 Nexenta Systems TM, ALL RIGHTS RESERVED Notice: No part of
More informationRULES VERSUS MODELS IN YOUR SIEM
WHITE PAPER RULES VERSUS MODELS IN YOUR SIEM INTRODUCTION There has been a rapid increase in malicious insider threats, compromised insiders, and sensitive data exfiltration targeting enterprises today.
More informationMeeting 39. Guest Speaker Dr. Williams CEH Networking
Cyber@UC Meeting 39 Guest Speaker Dr. Williams CEH Networking If You re New! Join our Slack ucyber.slack.com Feel free to get involved with one of our committees: Content, Finance, Public Affairs, Outreach,
More informationCS519: Computer Networks. Lecture 2, part 2: Feb 4, 2004 IP (Internet Protocol)
: Computer Networks Lecture 2, part 2: Feb 4, 2004 IP (Internet Protocol) More ICMP messages These were added over time RFC1191: Path MTU Discovery Added the size of the limiting MTU to the ICMP Packet
More information