Securing Your Network with Anomaly Detection using Distributed Learning Architecture (Learning Networks)
|
|
- Todd Thomas
- 5 years ago
- Views:
Transcription
1
2 Securing Your Network with Anomaly Detection using Distributed Learning Architecture (Learning Networks) Alex Honoré, CCIE #19553, Technical Leader, Engineering BRKSEC-3056
3 Self Learning Networks: A terrific Journey of Innovation BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 3
4 What Self Learning Networks is About... SLN is fundamentally a hyper-distributed analytics platform... Putting together analytics and networking... Goldmine of untouched data on networking gear (sensing) Network learns and computes models on premise (analytics) The Network adapts, modifies its behavior (control) SLN for Security: attacks are incredibly sophisticated and targeted, exfiltration of data being a major concern, requiring a next-generation approach => Stealthwatch Learning Network License True Technology disruption... BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 4
5 Botnets and Data Ex-Filtration Techniques Size can range from thousands to millions of compromised hosts Botnet can cause DDoS & other malicious traffic (spam,...) to originate from the inside of the corporate network C&C (C2) servers become increasingly evasive Fast Flux Service Networks (FFSN), single or double Flux DGA-based malware (Domain Generation Algorithms) DNS/NTP Tunneling Peer-to-Peer (P2P) protocols Anonymized services (Tor) Steganography, potentially combined with Cryptography Social media updates or messages Mixed protocols... Timing Channels Internet C&C Server(s) BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 5
6 A true paradigm shift (Current) Generation of Security Architectures and Products Specialized security gear connected to the network (FW, IPS,...) Heavily signature-based... to detect known malwares Dynamic update of signatures SLN is Machine Learning-based and pervasive Use of adaptive Machine Learning (AI) technology to detect advanced, evasive Malware: build a model of normal patterns and detect outliers (deviations) High focus on 0-day attacks Use every node in the network as a security engine to detect attacks Complementary to all other technologies (FW, IPS,...) BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 6
7 Network as a Sensor in the Branch Learning Network License: Algorithmic Based Anomaly Detector ISR 4K only Stealthwatch: Historical/Statistical Based Anomaly Detector Learning Network License Stealthwatch Behavioral Analytics with Machine Learning Packet Capture at the Branch Level Immediate Local Detection with Machine Learning communication Together Find zero day attacks immediately and find historical trends 30, 60, 90 days in the past Netflow and Behavioral Analytics for Branch Level Security Complete Broad and Deep Branch Level Visibility Behavioral Analytics Based on Rules and Statistical Analysis Packet Capture Integration with Security Packet Analyzer Central Detection with Full Historical Data BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 7
8 Joint Use Case: Retail Stealthwatch Management Console Cisco ISE Stealthwatch Learning Manager Retail Store ISR4K with Learning Network License Internet Headquarters MPLS Retail Store ISR4K with Learning Network License Stealthwatch Flow Sensor Netflow and Behavioral Analytics for Branch Level Security Integrated Threat Intelligence with Cisco Identity Services Engine (ISE) Complete Broad and Deep Branch Level Visibility Better Together BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 8
9 SLN Architecture
10 SLN Architecture Principles For Security Fundamentally distributed, building models for visibility and detection at edge Uses Machine Learning (ML) Context enrichment (using ISE integration, Threat Intelligence,... ) Ability to adapt to user feed-back (Reinforcement Learning) Advanced control for fine-grained mitigation BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 10
11 Agent Manager SLN Architecture ISE Orchestration of Learning Network Agents Advanced Visualization of anomalies Centralized policy for mitigation Interaction with other security components such as ISE and Threat Intelligence Feeds North bound API to SIEM/Database (e.g. Splunk) using CEF format Evaluation of anomaly relevancy Manager WAN Threat Intel Internet Sensing (knowledge): granular data collection with knowledge extraction from NetFlow but also Deep DLA Packet Inspection on control and data plane & local states Machine Learning: real-time embedded behavioral modeling and anomaly detection Control: autonomous embedded control, advanced networking control (police, shaper, recoloring, redirect,...) Agent 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
12 An Open Architecture (Manager / SCA) Identity Services Engine Context Enrichment: IP Address (key) Audit session ID User AD Domain MAC address NAS IP & port (!!) Posture TrustSec, SGT,... CEF export (syslog transport) pushing anomalies as events into DB and SIEM SIEM, DB ISE Manager Public/Private Internet Agent Threat Intel Internet TALOS, potentially others FW, IPS/IDS API triggering Mitigation form external Sources such as Firewall, IPS/IDS,... Abstracting networking complexity 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
13 Agent An Open Architecture (Agent / DLA) Manager ISE Threat Intel Threat Grid, OpennDNS, WBRS,... Other TI feeds Northbound API TIP DLC PCM Internet NSC NCC Public/Private Internet Netflow DPI Local Other States Agent BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 13
14 SOLT & Traffic Modeling
15 Before we start... A few (random) facts: Two camps... Super Pro ML and Anti-ML, both have good arguments Extremely wide range of ML algorithms with no one-size-fits-all "No Free Lunch" theorem ML/AI incredibly powerful if applied to solve the right problems Hard to tune? Yes if naively applied... Interpretability, scalability & user experience are essential BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 15
16 Discussing Recall, Precision, FP,... Few simple notions required when discussing Machine Learning: False Positive (FP), True Positive (TP), False Negative (FN), True Negative (TN), Recall and Precision. Take a Classifier C trained to detect if an event E is relevant (Like) or not (irrelevant). TP: E is classified as relevant and is indeed an relevant FP: E is classified as relevant and is in fact irrelevant (noise) TN: E is classified as irrelevant and is indeed irrelevant FN: E is classified as irrelevant and is in fact an relevant Recall = TP / ( TP + FN) (notion of sensitivity) Precision = TP / (TP + FP) (positive predictive value) Accuracy ACC = (TP + TN) / (TP + TN + FP + FN), Example: if a classifier that is trained to detect dogs in a picture detects 15 dogs, only 10 of them are dogs, and there are 20 dogs in the picture then the Precision = 10/15 = 0.66 and Recall = 10/20 = 0.50 BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 16
17 Clusters, Self Organizing Learning Topology and Anomalies Key question: how can we model host behaviors? Modeling mixed-behaviors unavoidably leads to hiding anomalies... The fundamental idea of dynamics clustering is to group devices according to behavioral similarity Self Organizing Learning Topologies (SOLT): ability to build Virtual topologies used to learn models between dynamic clusters Clusters become nodes of a graph, traffic becomes the edges Example: find model for HTTP traffic from cluster A to cluster B BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 17
18 Dynamic Clustering Internet DLA Cluster: known/internal/network Public/Private Internet Branch 2 Cluster: known/internal/collab Agent Cluster: known/internal/inet::windows Branch 1 BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 18
19 Dynamic Clustering Learning of cluster assignment is a dynamic task, and hosts are allowed to transition BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 19
20 SOLT Clustering Statistics Total # clusters quickly converges towards the mark Hosts gradually transition to known state as the system collects more and more samples Behavioral transitions keep occurring as behaviors evolve and/or addresses get reassigned BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 20
21 Life of an Anomaly Agent Manager Anomaly Clustering: dynamic clustering according to behavioral degree of similarity SOLT NSC NSC : Traffic analysis from multiple data feeds
22 Hierarchical ML Models Model Germany Boston Scr/Dest Cluster Layer Collab models C1-D1, C1-D2, C1-D3, C2-D1,... NYC File Transfer models C1-D1, C1- D2, C1-D3, C2-D1,... Collab models from C1, from C2, from C3 Collab File Transfer File Transfer models from C1, from C2, from C3 Cluster Layer Voice Printing Application Layer Collab File Transfer BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 22
23 Inside a Model... Germany Internet High number of dimensions extracted from multi feeds (Netflow, DPI) Public/Private Internet (hundreds of dimensions)... Multi-dimensional and Hierarchical models using stateless/statefull features Rich DNS features: avr names length, # of consecutives vowels, average entropy of characters,... Multi-layer: cluster-clusterapp, cluster-app, app DLA BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 23
24 Computing SOLT Scores Each scored flow update is evaluated against prior observations, computing the rank of the score over a sliding time window. Flow updates are then marked as anomalous or not based a set of criterion to be met (Maximum rank to be considered as anomalous, Score value, # of samples contributing to model, Maturity of the model (# of samples, time,...). Boosting based on Expert knowledge (application sensitivity, # of features,...) Computes an anomaly score and select TOP anomalies BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 24
25 Life of an Anomaly Agent Manager Anomaly Clustering: dynamic clustering according to behavioral degree of similarity Modeling SOLT NSC Modeling: dynamically learned baseline with multiple layers, high dimensions space, anomaly detection NSC : Traffic analysis from multiple data feeds
26 Demo
27 In this demo, we will show - Smart Dashboard: stats on anomalies,... - SLN System state after learning: cluster,... - DLA states: CPU, memory, Cisco and/or its affiliates. All rights reserved. Cisco Public
28 Selective Anomaly Forwarder (SAF) & Selective Anomaly Pullers (SAP)
29 Selective Anomaly Forwarder (SAF) and Selective Anomaly Puller (SAP) Manager 1. When an anomaly is detected by an Agent, its Selective Anomaly Forwarder decides whether this anomaly is worth being sent to the Manager (every Agent is given a "budget" of anomalies it may report) 2. If the SAF decides to forward the anomaly, a digest of the anomaly is sent to the Manager 3. When a digest of an anomaly is received by the Manager, its Selective Anomaly Puller decides whether this anomaly is worth being completely pulled 4. If the SAP decides to pull the anomaly, all the information about this anomaly is requested to the Agent WAN Agent BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 29
30 Selective Anomaly Forwarder (on the DLA) SAF role is to select the most interesting anomalies to be forwarded to the SCA according to Score of the anomaly, According to a forwarding Budget, with exploration Forwarded Anomalies available budget Considered for exploration Forwarded with probability proportional to importance and available budget BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 30
31 ANOMALY SHOWN TO USER Selective Anomaly Pullers (on SCA) SAP role is to select the most interesting anomalies from all DLAs to be shown to the user, according to Score of the anomaly for a given DLA and across all DLAs (ensuring good diversity of anomalies), local Budget with exploration Distributed Relevance Learning explained later in great details pull like Inbox Puller (relevance) do not pull Exploration Puller (importance) do not pull DRL prediction pull Discarded Puller (-relevance) ANOMALY IS NOT PULLED dislike do not pull pull BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 31
32 Life of an Anomaly Agent Anomaly Anomal 9 y 6 A Anomal maly Ano y 4 A n maly n o om 5 aly 1 o m 2 m a al a l y y l 3 y 7 Manager Anomaly Scoring & Ranking Selective Anomaly Forwarder: select the most interesting anomalies according to their score, with exploration Clustering: dynamic clustering according to behavioral degree of similarity Modeling SOLT NSC Modeling: dynamically learned baseline with multiple layers, high dimensions space, anomaly detection NSC : Traffic analysis from multiple data feeds
33 Demo
34 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
35 Killing False Positives with Distributed Relevance Learning
36 ISE SCA Threat Intel Controller Public/Private Internet DLA 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
37 Traditional Anomaly Detection Systems Focus on Detection (wrong) SCA Core challenge is not Detection itself but Precision (avoid False Threat Intel Positive / Irrelevant alarms) Controller Public/Private Internet ISE DLA 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
38 Traditional Anomaly Detection Systems Focus on Detection (wrong) SCA Core challenge is not Detection itself but Precision (avoid False Threat Intel Positive / Irrelevant alarms) SLN Approach Efficient detection and Precision Controller Public/Private Internet Make the Network learn form its own mistakes DLA and eliminate False Positive! There is a notion of subjectivity too Not a feature but an Architecture ISE 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
39 Distributed Relevance Learning Manager Public/Private Network Reinforcement Learning: Actor Agent training data Statistical Classifier predictions Optimal Forwarder BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 39
40 Up to 5000 distributed agents analyzing 9 billion networking events Agent Heuristics Optimal Forwarder Pre-trained heuristic selects relevant events Agent Agent WAN Manager Optimal Forwarder ML Model Inbox supervised training Agent 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
41 Relevance can be subjective too! BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 41
42 Behind the scenes...
43 Challenges... Design an algorithm with the following properties: 1) Remove False Positive (FP) (anomalies that are not of interest) 2) Do not remove true positive (anomalies that are relevant) 3) Learn quickly (do not require too much feed-back from the user) 4) Be consistent across data set (robustness) 5) Handle inconsistency between users, changing decisions (unlearn) Sophisticated architecture involving several components: 1) Deep Neural Networks (DNN) 2) Classifiers trained with Supervised Learning 3) Active Learning to request labeling of specific elements of a set based on an importance function BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 43
44 SLN may improperly discard an actual anomaly... (False Negative of the Like Class) => The user can correct mistakes too thanks to the Discarded Box. BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 44
45 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
46 SLN asking for help... (remember exploration?) BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 46
47 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
48 Life of an Anomaly Agent Anomaly Anomal 9 y 6 A Anomal maly Ano y 4 A n maly n o om 5 aly 1 o m 2 m a al a l y y l 3 y 7 Manager Selective Anomaly Puller: select the most interesting anomalies according to their score per Agent and across all Agents, with exploration Relevancy Learning Anomaly Selection Anomaly Distributed Relevancy Learning: Likelihood of relevancy (False Positive reduction) DRL Scoring & Ranking Modeling SOLT Selective Anomaly Forwarder: select the most interesting anomalies according to their score, with exploration Modeling: dynamically learned baseline with multiple layers, high dimensions space, anomaly detection Clustering: dynamic clustering according to behavioral degree of similarity NSC NSC : Traffic analysis from multiple data feeds
49 Packet Capture & Mitigation
50 PBC Agent DLC PCAP of Anomalous Traffic TIP Northbound API DLC PCM Anomaly Detected: The DLC detects an anomaly in the traffic and gathers all the details to characterize it: time, IP etc. PBC Message: Sends a message to the PBC with the characteristics of the anomaly Circular Buffer NSC Netflow DPI Local Other States Compressed PCAP Files PBC SPAN Traffic Branch Traffic Anomaly Message: Receives the anomaly details from the DLC PBC Search and Extract: Searches for all the packets that match the anomaly characteristics and extracts them to a compressed PCAP file PCAP storage: Maintains list of files per anomaly and purges unused files periodically Push files: Pushes all PCAP files for an anomaly from the Agent when a user requests it Packet Details: File contains packets that have either source or destination IP of the anomaly. Allows to see all activity around the anomaly PCAP Size: Typically ~ 10KB-100KB, 10K-500K packets 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
51 On-Premise Edge Control Honeypot (Forensic Analysis) Controller infrastructure Manager Control Policy Smart Traffic flagging Traffic segregation & selection Network-centric control (shaping, policing, divert/redirect) Public/Private Internet Agent Agent Agent Shaping BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 51
52 In this demo, we will show Mitigation triggered by a user from a given anomaly 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
53 System Requirements
54 Stealthwatch Learning Network License Requirements Learning Network Manager VMWare ESXi 5.5 Memory 16 Gb 4 Virtual CPUs 1 Virtual NIC 200 Gb of hard disk SCA Manager is Smart Enabled Requires Smart Account on CCO Learning Network Agent ISR 4000 (4451, 4431, and ISR 4351, 4331) ISR 4321 and 4421 support in process for Container, Spring 2017 As a SW Only Agent we require IOS-XE S / 15.4(3)S1 > LXC Container APPX license Application Experience ISR AX, AXV and C1 Bundle includes APPX 8 to 16G memory upgrade (included in all ISR 4K C1 Bundles) Option to add NIM-SSD 200Gb Storage for PCAP Can also be deployed on UCS Blade ISR 28/ Cisco and/or its affiliates. All rights reserved. Cisco Public
55 ISR 4K w/learning Agent inside IOS XE IOSd Control Plane Learning Agent Linux Service Container Linux OS Netflow and NBAR Data Platform-Specific Data Plane Cisco ISR 4000 Platform Security monitoring now built inside your Cisco NG ISR 4K Router with dedicated core for AD Agent 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
56 Findings
57 Quick Status on SLN... Findings? The system does learn, as expected Relevant detected anomalies (time of day, volume, unexpected flows, long live flows,...) SLN detected anomalies it was not explicitly programmed for (Cognitive Computing) Does it detect everything without False Positive? No, such systems simply do not exist but SLN learns and quickly adjusts to customer relevancy learning The Place In the Network (PIN) is fundamental => dramatically extending the protection surface and visibility BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 57
58 Anomaly: Tor client on corporate network Tor = anonymous/tunneled browsing system based on encryption and multiple hops Host on Beta customer network opened SSL connection to 3 Tor nodes 2 are located in Europe, a 3 rd one has a Japanese hostname but is geolocated in the US BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 58
59 Anomaly: retail branch subnet scanned for Telnet & SSH Host external to the branch performing a scan of ports TCP/22 & TCP/23 Very subtle scan on a narrow scope and probing only two ports per host BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 59
60 Anomaly: branch printer making numerous DNS requests over TCP & UDP Abnormally high number of DNS requests for a printer Mix of UDP and TCP for DNS is also unusual BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 60
61 Anomaly: branch device scanning across the WAN Branch host is scanning addresses located elsewhere on the corporate network Wide port scan, NMAP-style BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 61
62 Anomaly: new branch host detected at night New host appears on branch network and starts Windows logon sequence Behavior is unusual at this time of day (after 6pm local time) BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 62
63 Anomaly: SSH session causing a large number of TACACS+ requests Branch network device performs 280 TACACS+ requests in a few seconds Occurs while an SSH session to the device was active Most likely command authorization and/or accounting requests BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 63
64 Anomaly: branch host transfers 2GB from SSH server running on HTTPS port Branch host downloads 2GB of data from an SSH server on the internet SSH connection terminates on port 443 which is assigned to HTTPS Manual check confirms port misuse, most likely to evade simple L4 firewalls BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 64
65 Anomaly: branch host performs miniature SYN Flood on server Nearly a thousand incomplete TCP handshakes to a CIFS server within <1 minute; almost like a miniature SYN Flood attempt BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 65
66 Anomaly: malware Command & Control using DNS as covert channel Active malware Command & Control (C2) channel going to another country Using DNS as covert channel (not fully RFC compliant, but enough to be classified as DNS) Only detected by SLN, although FW and IPS/IDS were active on the network BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 66
67 Conclusion
68 Manager ISE Threat Intel Controller Internet Public/Private Internet Agent Agent Agent X 1,000s... BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 68
69 Manager ISE (Hyper) Distributed Architecture... Scale This *is* the challenge Threat Intel Controller Internet Public/Private Internet Agent Agent Agent X 1,000s... BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 69
70 Manager ISE (Hyper) Distributed Architecture... Scale This *is* the challenge Threat Intel Controller Internet Public/Private Internet Learning... Adaptive, Ease of Use With dynamic False Positive Reduction Agent Agent Agent X 1,000s... BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 70
71 Manager ISE (Hyper) Distributed Architecture... Scale This *is* the challenge Threat Intel Controller Internet Public/Private Internet Learning... Adaptive, Ease of Use With dynamic False Positive Reduction Agent Agent Agent X 1,000s Lightweight... Pervasive... BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 71
72 Product Roadmap (subject to change) FCS 1.0 and X 3.X Enter market & gain validation Extended capability & context enrichment Expanded footprint HW HW ISR 4431/51, 4351, 4331,and UCS-E Blade HW: add ISR 4321, ISR 4221, ENC 5400 w/isrv, and CSR HW: ASR 1001/1002, investigate NG Switching SW ML driven detection of security anomalies network, Reinforcement Learning Initial mitigation capabilities (API) Central viewing of anomalies on the Learning Manager Dynamic cluster creation PCAP Integration with SMC (new SCA Dashboard in SMC ) Support for Polaris IOS XE 16.4,.5 Reporting with and POV Reports External anomaly context enrichment : Talos and ETTA Continue SMC Console integration Real-time alerting ( )* Mix of Manual/Automatic cluster definition IPV6 Investigate SLNL (QoS) shaping and ACL capability Q4 FY16 FY17 2H FY17 * SLN DLA (Agent Arch) is specifically targeted for new NG HW from Cisco that support LXC Container, as a Cisco feature differentiator 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
73 SLNL Part Numbers and Orderability Part Number L-SW-LN-44-1Y-K9 L-SW-LN-44-3Y-K9 L-SW-LN-43-1Y-K9 L-SW-LN-43-3Y-K9 L-SW-LN-UCS-1Y-K9 L-SW-LN-UCS-3Y-K9 L-SW-SCA-K9 L-SW-LN-44-K9= L-SW-LN-43-K9= L-SW-LN-UCS-K9= Product Description Cisco Stealthwatch Learning Network License for Cisco 4400 Series Integrated Services Routers 1 Yr Term Cisco Stealthwatch Learning Network License for Cisco 4400 Series Integrated Services Routers 3 Yr Term Cisco Stealthwatch Learning Network License for Cisco 4300 Series Integrated Services Routers 1 Yr Term Cisco Stealthwatch Learning Network License for Cisco 4300 Series Integrated Services Routers 3 Yr Term Cisco Stealthwatch Learning Network License for Cisco UCS 1 Yr Term Cisco Stealthwatch Learning Network License for Cisco UCS 3 Yr Term Stealthwatch Learning Network Centralized Agent Manager Cisco Stealthwatch Learning Network Software for 4400 Series Cisco Stealthwatch Learning Network Software for 4300 Series Cisco Stealthwatch Learning Network Software for UCS Series The 1Y and 3Y SKU s above indicate the software term. The price for each is on Cisco Global Price List and in Cisco Commerce (CCW). An equal sign (=) in the SKU denotes the software you download and is the master SKU for Ordering BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 73
74 Complete Your Online Session Evaluation Please complete your Online Session Evaluations after each session Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt All surveys can be completed via the Cisco Live Mobile App or the Communication Stations Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 74
75 Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Lunch & Learn Meet the Engineer 1:1 meetings LTRSEC-2011 SLN Deployment Lab (instructor-led) Thu 14:00 18:00 (this afternoon!) Hall 2 Level 1, Lab Room 601 BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 75
76 Thank You
77
Threat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN)
Threat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN) JP Vasseur, PhD - Cisco Fellow jpv@cisco.com Maik G. Seewald, CISSP Sr. Technical Lead maseewal@cisco.com June 2016 Cyber
More informationSelf Learning Networks An Overview
Self Learning Networks An Overview Alvaro Retana aretana@cisco.com Distinguished Engineer, Cisco Services Slides by JP Vasseur and Jeff Apcar. What Self Learning Networks is About SLN is fundamentally
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationIntroduction. Learning Network License Introduction
The following provides an introduction to installing the Cisco Stealthwatch Learning Network License (Learning Network License) platform, installing a controller on an ESXi host, and deploying an agent
More informationThe following describes an example Learning Network License deployment and example use cases.
The following describes an example Learning Network License deployment and example use cases. Example Deployment, page 2 Example Learning Network License Deployment, page 3 Example Deployment Use Cases,
More informationMonitoring and Threat Detection
Monitoring and Threat Detection with Netflow Michael Belan Consulting Systems Engineer Cisco GSSO January 2017 AGENDA What is SW? Where does it fit in overall Cisco Security framework? What is SW? What
More informationplixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels
Scrutinizer Competitor Worksheet Scrutinizer Malware Incident Response Scrutinizer is a massively scalable, distributed flow collection system that provides a single interface for all traffic related to
More informationCisco Stealthwatch Learning Network License Virtual Service Installation Guide
Cisco Stealthwatch Learning Network License Virtual Service Installation Guide First Published: July 13, 2016 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA
More informationCorrigendum 3. Tender Number: 10/ dated
(A premier Public Sector Bank) Information Technology Division Head Office, Mangalore Corrigendum 3 Tender Number: 10/2016-17 dated 07.09.2016 for Supply, Installation and Maintenance of Distributed Denial
More informationCisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics
Solution Overview Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics BENEFITS Gain visibility across all network conversations, including east-west and north-south
More informationEncrypted Traffic Analytics
Encrypted Traffic Analytics Introduction The rapid rise in encrypted traffic is changing the threat landscape. As more businesses become digital, a significant number of services and applications are using
More informationStealthwatch ülevaade + demo ja kasutusvõimalused. Leo Lähteenmäki
Stealthwatch ülevaade + demo ja kasutusvõimalused Leo Lähteenmäki 09:00-9:30 Hommikukohv ja registreerimine 09:30 11:15 Stealthwatch ülevaade + demo ja kasutusvõimalused 11:00 11:15 Kohvipaus 11:15 12:00
More informationAnalytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS
Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS Overview Cyberattacks are increasingly getting more frequent, more sophisticated and more widespread than ever
More informationCisco Tetration Analytics
Cisco Tetration Analytics Real-time application visibility and policy management using advanced analytics Yogesh Kaushik, Sr. Director Product Management PSOACI-2100 Agenda Market context Introduction:
More informationBorderless Networks. Tom Schepers, Director Systems Engineering
Borderless Networks Tom Schepers, Director Systems Engineering Agenda Introducing Enterprise Network Architecture Unified Access Cloud Intelligent Network & Unified Services Enterprise Networks in Action
More informationFlow Measurement. For IT, Security and IoT/ICS. Pavel Minařík, Chief Technology Officer EMITEC, Swiss Test and Measurement Day 20 th April 2018
Flow Measurement For IT, Security and IoT/ICS Pavel Minařík, Chief Technology Officer EMITEC, Swiss Test and Measurement Day 20 th April 2018 What is Flow Data? Modern method for network monitoring flow
More informationFlow-based Traffic Visibility
Flow-based Traffic Visibility Operations, Performance, Security Pavel Minařík, Chief Technology Officer What is Flow Data? Modern method for network monitoring flow measurement Cisco standard NetFlow v5/v9,
More informationCisco Cloud Security. How to Protect Business to Support Digital Transformation
Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,
More informationNetwork Security Monitoring with Flow Data
Network Security Monitoring with Flow Data IT Monitoring in Enterprises NPMD (Network Performance Monitoring & Diagnostics) SNMP basics Flow data for advanced analysis and troubleshooting Packet capture
More informationHow to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption
How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption Nikos Mourtzinos, CCIE #9763 Cisco Cyber Security Sales Specialist April 2018 New
More informationBattle between hackers and machine learning. Alexey Lukatsky Cybersecurity Business Consultant April 03, 2019
Battle between hackers and machine learning Alexey Lukatsky Cybersecurity Business Consultant April 03, 2019 Google: facts and numbers Real Cisco Big Data for Security Training Set Why is Machine Learning
More informationImproved C&C Traffic Detection Using Multidimensional Model and Network Timeline Analysis
Improved C&C Traffic Detection Using Multidimensional Model and Elad Menahem Avidan Avraham Modern Threats Are More Sophisticated & Evasive CYBER KILL CHAIN: Infection Phase Post-Infection Recon Weaponization
More informationPSOACI Tetration Overview. Mike Herbert
Tetration Overview Mike Herbert Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion
More informationData Sheet. DPtech Anti-DDoS Series. Overview. Series
Data Sheet DPtech Anti-DDoS Series DPtech Anti-DDoS Series Overview DoS (Denial of Service) leverage various service requests to exhaust victims system resources, causing the victim to deny service to
More informationInternet Behavioral Analytics (IBA) using Self Learning Networks. JP Vasseur, PhD, Cisco Fellow BRKSEC-3056
Internet Behavioral Analytics (IBA) using Self Learning Networks JP Vasseur, PhD, Cisco Fellow jpv@cisco.com BRKSEC-3056 Agenda Why a predictive analytics approach for next generation security? Security
More informationCisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer
Cisco Next Generation Firewall and IPS Dragan Novakovic Security Consulting Systems Engineer Cisco ASA with Firepower services Cisco TALOS - Collective Security Intelligence Enabled Clustering & High Availability
More informationAMP for Endpoints & Threat Grid
AMP for Endpoints & Threat Grid Response & Prevention Dean De Beer & Eric Hulse BRKSEC-2029 AMP Threat Grid Malware Analysis Engines & Techniques A little background Malware Analysis & Threat Intelligence
More informationCisco ASA Next-Generation Firewall Services
Q&A Cisco ASA Next-Generation Firewall Services Q. What are Cisco ASA Next-Generation Firewall Services? A. Cisco ASA Next-Generation Firewall Services are a modular security service that extends the Cisco
More informationRequest for Proposal (RFP) for Supply and Implementation of Firewall for Internet Access (RFP Ref )
Appendix 1 1st Tier Firewall The Solution shall be rack-mountable into standard 19-inch (482.6-mm) EIA rack. The firewall shall minimally support the following technologies and features: (a) Stateful inspection;
More informationTetration Hands-on Lab from Deployment to Operations Support
LTRACI-2184 Tetration Hands-on Lab from Deployment to Operations Support Furong Gisiger, Solutions Architect Lawrence Zhu, Sr. Solutions Architect Cisco Spark How Questions? Use Cisco Spark to communicate
More informationCisco Advanced Malware Protection against WannaCry
Cisco Advanced Malware Protection against WannaCry "A false sense of security is worse than a true sense of insecurity" Senad Aruc Consulting Systems Engineer Advanced Threats Group Nils Roald Advanced
More informationERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016
Abstract The Mirai botnet struck the security industry in three massive attacks that shook traditional DDoS protection paradigms, proving that the Internet of Things (IoT) threat is real and the grounds
More informationIt s Flow Time! The Role and Importance of Flow Monitoring in Network Operations and Security
It s Flow Time! The Role and Importance of Flow Monitoring in Network Operations and Security Pavel Minařík, Chief Technology Officer Neutral Peering Days 2018, The Hague Your customers depend on your
More informationAnomaly Detail. Anomaly Detail Overview. The following describes how to review an anomaly's detailed information.
The following describes how to review an anomaly's detailed information. Overview, page 1 Summary Information, page 2 Anomaly Whitelist Rules, page 3 Packet Buffer Capture, page 5 Anomaly Facts Pane, page
More informationQuickSpecs. Aruba IntroSpect User and Entity Behavior Analytics. Overview. Aruba IntroSpect User and Entity Behavior Analytics Product overview
Overview Product overview Aruba s User and Entity Behavior Analytics (UEBA) solution, Aruba IntroSpect, detects attacks by spotting small changes in behavior that are often indicative of attacks that have
More informationThe Future of Threat Prevention
The Future of Threat Prevention Bricata is the leading developer of Next Generation Intrusion Prevention Systems (NGIPS) technology, providing innovative, disruptive, high-speed, high-performance network
More informationCisco Security Enterprise License Agreement
Cisco Security Enterprise License Agreement Deploy Software and Technology more easily The Cisco Security Enterprise Licensing Agreement (ELA) gives you a simpler way to manage your licenses. And it saves
More informationFeatures. HDX WAN optimization. QoS
May 2013 Citrix CloudBridge Accelerates, controls and optimizes applications to all locations: datacenter, branch offices, public and private clouds and mobile users Citrix CloudBridge provides a unified
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationCisco dan Hotel Crowne Plaza Beograd, Srbija.
Cisco dan 31. 3. 2016. Hotel Crowne Plaza Beograd, Srbija www.ciscoday.com Three Friends in Security : Identity, Visibility and Enforcement Stop the bad guys immediately György Ács IT Security Consulting
More informationSnort: The World s Most Widely Deployed IPS Technology
Technology Brief Snort: The World s Most Widely Deployed IPS Technology Overview Martin Roesch, the founder of Sourcefire and chief security architect at Cisco, created Snort in 1998. Snort is an open-source,
More informationCisco Wide Area Application Services: Secure, Scalable, and Simple Central Management
Solution Overview Cisco Wide Area Application Services: Secure, Scalable, and Simple Central Management What You Will Learn Companies are challenged with conflicting requirements to consolidate costly
More informationCisco Stealthwatch Learning Network License Virtual Service Quick Start Guide
Cisco Stealthwatch Learning Network License Virtual Service Quick Start Guide Cisco Stealthwatch Learning Network License Quick Start Guide 2 Learning Network License Introduction 2 Installation Prerequisites
More informationAlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment
BRKPAR-2488 AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment Edy Almer How to Secure and Automate Your Heterogeneous Cisco Environment Yogesh Kaushik, Senior Director Cisco Doug
More informationSubscriber Data Correlation
Subscriber Data Correlation Application of Cisco Stealthwatch to Service Provider mobility environment Introduction With the prevalence of smart mobile devices and the increase of application usage, Service
More informationAPP-ID. A foundation for visibility and control in the Palo Alto Networks Security Platform
APP-ID A foundation for visibility and control in the Palo Alto Networks Security Platform App-ID uses multiple identification techniques to determine the exact identity of applications traversing your
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.
More informationKey Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.
Key Technologies for Security Operations 2 Traditional Security Is Not Working 97% of breaches led to compromise within days or less with 72% leading to data exfiltration in the same time Source: Verizon
More informationHidden Figures: Securing what you cannot see
Hidden Figures: Securing what you cannot see TK Keanini, Distinguished Engineer Stealthwatch, Advanced Threat Solutions CID-0006 Hello My Name is TK Keanini Keanini (Pronounced Kay-Ah-Nee-Nee) TK: The
More informationCisco Cyber Range. Paul Qiu Senior Solutions Architect
Cisco Cyber Range Paul Qiu Senior Solutions Architect Cyber Range Service A platform to experience the intelligent Cyber Security for the real world What I hear, I forget What I see, I remember What I
More informationBasic Concepts in Intrusion Detection
Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification
More informationWhat is New in Cisco ACE 4710 Application Control Engine Software Release 3.1
What is New in Cisco ACE 4710 Application Control Engine Software Release 3.1 PB478675 Product Overview The Cisco ACE Application Control Engine 4710 represents the next generation of application switches
More informationCisco ISR G2 Management Overview
Cisco ISR G2 Management Overview Introduction The new Cisco Integrated Services Routers Generation 2 (ISR G2) Family of routers delivers the borderless network that can transform the branch office and
More informationThreat Centric Network Security
BRKSEC-2056 Threat Centric Network Security Ted Bedwell, Principal Engineer Network Threat Defence Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this
More informationCisco Tetration Analytics
Cisco Tetration Analytics Enhanced security and operations with real time analytics John Joo Tetration Business Unit Cisco Systems Security Challenges in Modern Data Centers Securing applications has become
More informationCisco Container Platform
Cisco Container Platform Pradnesh Patil Suhail Syed Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click
More informationAdvanced CSR Lab with High Availability and Transit VPC
Advanced CSR Lab with High Availability and Transit VPC Fan Yang, Cisco, Engineer, Technical Marketing Nikolai Pitaev, Cisco, Engineer, Technical Marketing LTRVIR-3004 Agenda Slides (30 Min.): CSR 1000V
More informationMonitoring and diagnostics of data infrastructure problems in power engineering. Jaroslav Stusak, Sales Director CEE, Flowmon Networks
Monitoring and diagnostics of data infrastructure problems in power engineering Jaroslav Stusak, Sales Director CEE, Flowmon Networks 35,000 kilometers of electric power, which feeds around 740,000 clients...
More informationCisco Day Hotel Mons Wednesday
Cisco Day 2016 20.4.2016 Hotel Mons Wednesday Three Friends in Security : Identity, Visibility and Enforcement Stop the bad guys immediately György Ács IT Security Consulting Systems Engineer 20 April
More informationCisco Security Manager 4.1: Integrated Security Management for Cisco Firewalls, IPS, and VPN Solutions
Data Sheet Cisco Security Manager 4.1: Integrated Security Management for Cisco Firewalls, IPS, and VPN Solutions Security Operations Challenges Businesses are facing daunting new challenges in security
More informationOpenFlow: What s it Good for?
OpenFlow: What s it Good for? Apricot 2016 Pete Moyer pmoyer@brocade.com Principal Solutions Architect Agenda SDN & OpenFlow Refresher How we got here SDN/OF Deployment Examples Other practical use cases
More informationWITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:
SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE Protecting your business assets and sensitive data requires regular vulnerability assessment,
More informationSecurity? where to? Adrian Aron. Consultant Systems Engineer. 19 Oct
Security? where to? Adrian Aron Consultant Systems Engineer 19 Oct Agenda Industry shift and trends Router security, switch security OpenDNS Integration and automation Q&A Road from task to implementation
More informationOSSIM Fast Guide
----------------- OSSIM Fast Guide ----------------- February 8, 2004 Julio Casal http://www.ossim.net WHAT IS OSSIM? In three phrases: - VERIFICATION may be OSSIM s most valuable contribution
More informationCisco Firepower NGIPS Tuning and Best Practices
Cisco Firepower NGIPS Tuning and Best Practices John Wise, Security Instructor High Touch Delivery, Cisco Learning Services CTHCRT-2000 Cisco Spark How Questions? Use Cisco Spark to communicate with the
More informationIntroducing Cisco Network Assurance Engine
BRKACI-2403 Introducing Cisco Network Assurance Engine Intent Based Networking for Data Centers Sundar Iyer, Distinguished Engineer Head Cisco Network Assurance Engine Team Dhruv Jain, Director of Product
More informationAnomaly Detection in Communication Networks
Anomaly Detection in Communication Networks Prof. D. J. Parish High Speed networks Group Department of Electronic and Electrical Engineering D.J.Parish@lboro.ac.uk Loughborough University Overview u u
More informationEncrypted Traffic Security (ETS) White Paper
Encrypted Traffic Security (ETS) White Paper The rapid rise in encrypted traffic is changing the security landscape. As more organizations become digital, an increasing number of services and applications
More informationCisco Stealthwatch Endpoint License
Data Sheet Cisco Stealthwatch Endpoint License With the Cisco Stealthwatch Endpoint License you can conduct in-depth, context-rich investigations into endpoints that exhibit suspicious behavior. In our
More informationCisco Security Monitoring, Analysis and Response System 4.2
Q&A Cisco Security Monitoring, Analysis and Response System 4.2 GENERAL Q. What is the Cisco Security Monitoring, Analysis and Response System? A. The Cisco Security Monitoring, Analysis and Response System
More informationTransforming the Cisco WAN with Network Intelligence
Transforming the Cisco WAN with Network Intelligence Introduction Branch office networks and the enterprise WAN are in a state of dramatic transformation, driven by three key trends. Enterprises are using
More informationProtect vital DNS assets and identify malware
N2 THREATAVERT Protect vital DNS assets and identify malware Service Providers recognize network security drives brand equity because it directly impacts subscriber satisfaction. Secure networks are also
More informationEnhanced Threat Detection, Investigation, and Response
Enhanced Threat Detection, Investigation, and Response What s new in Cisco Stealthwatch Enterprise Release 6.10.2 Cisco Stealthwatch Enterprise is a comprehensive visibility and security analytics solution
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats Digital Transformation on a Massive Scale 15B Devices Today Attack Surface 500B Devices In 2030 Threat Actors $19T Opportunity Next 10 Years
More informationCisco Virtual Networking Solution for OpenStack
Data Sheet Cisco Virtual Networking Solution for OpenStack Product Overview Extend enterprise-class networking features to OpenStack cloud environments. A reliable virtual network infrastructure that provides
More informationFeatures and Functionality
Features and functionality introduced in previous versions may be superseded by new features and functionality in later versions. New or Changed Functionality in Version 6.2.2.x, page 1 Features Introduced
More informationCyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems
Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems Section 1: Command Line Tools Skill 1: Employ commands using command line interface 1.1 Use command line commands to gain situational
More informationIntrusion Detection by Combining and Clustering Diverse Monitor Data
Intrusion Detection by Combining and Clustering Diverse Monitor Data TSS/ACC Seminar April 5, 26 Atul Bohara and Uttam Thakore PI: Bill Sanders Outline Motivation Overview of the approach Feature extraction
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking
More informationUnderstanding Cisco Cybersecurity Fundamentals
210-250 Understanding Cisco Cybersecurity Fundamentals NWExam.com SUCCESS GUIDE TO CISCO CERTIFICATION Exam Summary Syllabus Questions Table of Contents Introduction to 210-250 Exam on Understanding Cisco
More informationStealthwatch and Cognitive Analytics Configuration Guide (for Stealthwatch System v6.10.x)
Stealthwatch and Cognitive Analytics Configuration Guide (for Stealthwatch System v6.10.x) Copyrights and Trademarks 2018 Cisco Systems, Inc. All rights reserved. NOTICE THE SPECIFICATIONS AND INFORMATION
More informationApplied Advanced Network Telemetry: ETA and Beyond
BRKSEC-2809 Applied Advanced Network Telemetry: ETA and Beyond TK Keanini, Principal Engineer Blake Anderson, Technical Leader Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker
More informationThe IINS acronym to this exam will remain but the title will change slightly, removing IOS from the title, making the new title.
I n t r o d u c t i o n The CCNA Security IINS exam topics have been refreshed from version 2.0 to version 3.0. This document will highlight exam topic changes between the current 640-554 IINS exam and
More informationProCurve Network Immunity
ProCurve Network Immunity Hans-Jörg Elias Key Account Manager hans-joerg.elias@hp.com 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
More informationImplementing and Configuring Cisco SDWAN (ICSDWAN-CT)
Implementing and Configuring Cisco SDWAN (ICSDWAN-CT) COURSE OVERVIEW: This course discusses the Cisco s SDWAN solution using Viptela. In this class, students will configure and manage the Viptela Fabric.
More informationDeploying and Administering Cisco s Digital Network Architecture (DNA) and Intelligent WAN (IWAN) (DNADDC)
Deploying and Administering Cisco s Digital Network Architecture (DNA) and Intelligent WAN (IWAN) (DNADDC) COURSE OVERVIEW: Deploying and Administering Cisco s Digital Network Architecture (DNA) and Intelligent
More informationCourse 831 Certified Ethical Hacker v9
Course 831 Certified Ethical Hacker v9 Duration: 5 days What You Get: CEH v9 Certification exam voucher 5 days of high quality classroom training 18 comprehensive modules 40% of class hours dedicated to
More informationIncrease Threat Detection & Incident Response
Martin Rudd Carrier Scale Network Security: Increase Threat Detection & Incident Response www.telesoft-technologies.com copyright 2017 by Telesoft Technologies. All rights reserved. Agenda Brief bio Threat
More informationCisco 4000 Series Integrated Services Routers: Architecture for Branch-Office Agility
White Paper Cisco 4000 Series Integrated Services Routers: Architecture for Branch-Office Agility The Cisco 4000 Series Integrated Services Routers (ISRs) are designed for distributed organizations with
More informationFighting the Shadows: How to Stop Real-world Cybersecurity Application Threats That You Can t See
Fighting the Shadows: How to Stop Real-world Cybersecurity Application Threats That You Can t See Louis Scialabba Carrier Solutions Marketing Nov 2015 November 16, 2015 Topics What s New in Cybersecurity
More informationCisco Tetration Analytics
Cisco Tetration Analytics Enhanced security and operations with real time analytics Christopher Say (CCIE RS SP) Consulting System Engineer csaychoh@cisco.com Challenges in operating a hybrid data center
More informationIntelligent WAN : CVU update
Intelligent WAN : CVU update Deliver enhanced mobile experience at the branch with Intelligent WAN Soren D. Andreasen (sandreas@cisco.com) Technical Solution Architect CCIE# 3252 Agenda IWAN 2.0/2.1 overview
More informationTroubleshooting with Network Analysis Module
Troubleshooting with Network Analysis Module Introduction The Cisco Network Analysis Module (NAM) provides visibility into how the network is performing and how users experience the applications and services
More informationIpswitch: The New way of Network Monitoring and how to provide managed services to its customers
BRKPAR-2333 Ipswitch: The New way of Network Monitoring and how to provide managed services to its customers Paolo Ferrari, Senior Director Sales Southern Europe, Ipswitch, Inc. WhatsUp Gold Jan 2018 Agenda
More informationCisco - ASA Lab Camp v9.0
Cisco - ASA Lab Camp v9.0 Code: 0007 Lengt h: 5 days URL: View Online Based on our enhanced SASAC v1.0 and SASAA v1.2 courses, this exclusive, lab-based course, provides you with your own set of equipment
More informationNovetta Cyber Analytics
Know your network. Arm your analysts. Introduction Novetta Cyber Analytics is an advanced network traffic analytics solution that empowers analysts with comprehensive, near real time cyber security visibility
More informationNSG100 Nebula Cloud Managed Security Gateway
Managed Security Gateway The Zyxel Nebula Cloud Managed Security Gateway is built with remote management and ironclad security for organizations with growing numbers of distributed sites. With the extensive
More informationDetecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0
Detecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0 April 9, 2012 Introduction One of the earliest indicators of an impending network attack is the presence of network reconnaissance.
More informationBuilding a Video Optimized Private Cloud Platform on Cisco Infrastructure Rohit Agarwalla, Technical
Building a Video Optimized Private Cloud Platform on Cisco Infrastructure Rohit Agarwalla, Technical Leader roagarwa@cisco.com, @rohitagarwalla DEVNET-1106 Agenda Cisco Media Blueprint Media Workflows
More information