Advanced Threat Defence using NetFlow and ISE
|
|
- Belinda Hardy
- 6 years ago
- Views:
Transcription
1
2 Advanced Threat Defence using NetFlow and ISE Matthew Robertson TME, Cisco David Salter Technical Director, Lancope
3 Abstract Trends such as BYOD and the rise of the Advanced Persistent Threat (APT) are leading to the erosion of the security perimeter and increasingly attackers are gaining operational footprints on the network interior. Participants of this session will learn how to leverage NetFlow and the Lancope StealthWatch System in concert with the Cisco ISE and ASA to gain contextual awareness of network activity in order to identify insidious threats and accelerate incident response. Using realworld examples from Cisco s Security Incident Response Team (CSIRT) where appropriate, this session will cover how to leverage these technologies to gain visibility throughout the kill chain to accomplish tasks such as identifying command and control channels, detecting network reconnaissance, tracking malware propagation and detecting data loss. The target audience for this session are security administrators and analysts interested in learning how to best leverage NetFlow and other telemetry sources as part of their security toolkit. 3
4 Speakers Matthew Robertson Technical Marketing Engineer, Cisco Systems Matt is a Technical Marketing Engineering in the Security Technology Group at Cisco Systems. David Salter Technical Director, EMEA & International, Lancope Inc. David manages Lancope s technical operations outside of North America. 4
5 Agenda Introduction Meet John: Professional Mercenary How To #1: Breaking the business Learning from History Introduction to the Kill Chain Gaining Visibility with NetFlow How To #2: The security blanket you didn t know you had A lesson from Sun Tzu Adding Context Case Studies Protecting the Virtual Data Center Conclusion 5
6 Session Objectives At the end of the session, the participants should be able to: Understand the key challenges to complex threat visibility Define Cisco s approach to solving this problem Understand how to instrument their network infrastructure to gain visibility and context How to use the increased level of visibility and context to identify cyber threats 6
7 Meet John Professional Mercenary University Graduate Contracted by a Nation State Success Driven 7
8 Objective Assigned by Employer payment on delivery Steal critical secrets 8
9 Step 1: Reconnaissance Learn personal information Identify employees 9
10 Step 2: Infection Installs remote control software using legitimate password 10
11 Step 3: Propagation Performs exploratory activity in internal network. Identifies assets, information, targets Gains access to target systems 11
12 Step 4: Exfiltration Data is obtained from repository and stolen. 12
13 Debrief So what happened here? Skilled, determined, motivated attacker with defined measure of success Perimeter successfully bypassed Propagation throughout the internal network Valid credentials used Data moved from critical asset and exfiltrated 13
14 The Evolution of Cyber Threats Viruses (1990s) Defense: Anti-Virus, Firewalls Worms (2000s) Defense: Intrusion Detection & Prevention Botnets (late 2000s to current) Defense: Reputation, DLP, App.-aware Firewalls Directed Attacks (APTs) (today) Strategy: Visibility and Context ILOVEYOU Melissa Anna Kournikova Nimda SQL Slammer Conficker Tedroo Rustock Conficker Aurora Shady Rat Duqu 14
15 Thinking Beyond the Perimeter Advanced Persistent Threats and other Modern threats are consistently bypassing the security perimeter as they break the rules. X X X X O X X X O O 15
16 Concept: Kill Chain Reconnaissance Weaponization Delivery Exploitation Command and Control Actions on Objectives Harvesting addresses, identifying information, etc. Coupling exploit with backdoor into deliverable payload Delivering weaponized bundle to the victim via , web, USB, etc. Exploiting a vulnerability to execute code in victim system Command channel for remote manipulation of victim Intruders accomplish their original goal 16
17 Kill Chain: Post Breach 1. Command and Control 17
18 Kill Chain: Post Breach 2. Reconnaissance 1. Command and Control 18
19 Kill Chain: Post Breach 2. Reconnaissance 1. Command and Control 3.Propagation 19
20 Kill Chain: Post Breach 2. Reconnaissance 1. Command and Control 3.Propagation 20
21 Kill Chain: Post Breach 2. Reconnaissance 1. Command and Control 3.Propagation 21
22 Kill Chain: Post Breach 2. Reconnaissance 1. Command and Control 3.Propagation 22
23 Kill Chain: Post Breach 2. Reconnaissance 1. Command and Control 3.Propagation 23
24 Kill Chain: Post Breach 2. Reconnaissance 1. Command and Control 3.Propagation 4. Data Theft 24
25 If ignorant of both of your enemy and yourself, you are certain to be in peril. Sun Tzu Visibility of all host-to-host communication, inside and out, are essential to the maintenance of a strong security posture. 25
26 Know the Attacker Who? Nation-state? Competitor? Individual? What? What is the target? When? Is there a time when the attacker is most active? Where? Where is the attacker? Where are they successful? Why? How? Why are they attacking what is their goal? How are they attacking Zero-day? Knownpasswords? Insider? 26
27 Know Yourself Who? What? When? Where? Why? How? Is on the the network? Are your users doing? application? Behaviour? The device was on the network? Is it normal? Where do users normally access the network from? Why are they using that application? Are they accessing the network? 27
28 Telemetry Metadata you leverage every day Itemized telephone bill Flow Records 28
29 NetFlow 29
30 NetFlow NetFlow v fields to choose from including IPv6 and payload sections 30
31 Expert Systems for Analytics 31
32 Flow Based Anomaly Detection 32
33 Behaviour Based Analysis 33
34 Leveraging NetFlow
35 Components for Advanced Threat Detection StealthWatch Management Console Reputation Feed (Optional) Other tools/collectors https StealthWatch Labs Information Center https StealthWatch FlowReplicator StealthWatch FlowCollector Cisco ISE NetFlow NetFlow StealthWatch FlowSensor NBAR NSEL Cisco Network StealthWatch FlowSensor VE Users/Devices 35
36 Cisco NetFlow Support Cisco ASA Cisco 2900 Cisco 2800 Cisco 1700 Cisco 7600 Cisco NGA Cisco 7200 VXR Hardware Supported Cisco ISR G2 Cisco XR Cisco ASR Cisco 3560/3750-X Cisco Nexus 7000 Cisco Catalyst 4500 Cisco Catalyst
37 Versions of NetFlow Version Major Advantage Limits/Weaknesses V5 Defines 18 exported fields Simple and compact format Most commonly used format IPv4 only Fixed fields, fixed length fields only Single flow cache V9 Template-based IPv6 flows transported in IPv4 packets MPLS and BGP nexthop supported Defines 104 fields, including L2 fields Reports flow direction IPv6 flows transported in IPv4 packets Fixed length fields only Uses more memory Slower performance Single flow cache Flexible NetFlow (FNF) Template-based flow format (built on V9 protocol) Supports flow monitors (discrete caches) Supports selectable key fields and IPv6 Supports NBAR data fields Less common Requires more sophisticated platform to produce Requires more sophisticated system to consume IP Flow Information Export (IPFIX) AKA NetFlow V10 Standardized RFC 5101, 5102, 6313 Supports variable length fields, NBAR2 Can export flows via IPv4 and IPv6 packets Even less common Only supported on a few Cisco platforms NSEL (ASA only) Built on NetFlow v9 protocol State-based flow logging (context) Pre and Post NAT reporting Missing many standard fields Limited support by collectors 37
38 NetFlow Deployment Each network layer offers unique NetFlow capabilities Access Distribution & Core Edge Catalyst 3560/3750-X Catalyst 4500 ISR Catalyst 4500 Catalyst 6500 ASA ASR 38
39 NetFlow Deployment Access Catalyst 3560/3750-X Catalyst 4500 Access: New network edge Detect threats as the enter the network Detect threats inside the switch east-west Layer 2 traffic Fewer false positives Higher-granular visibility Identify the endpoint collect MAC Address 39
40 NetFlow Deployment Distribution & Core Catalyst 4500 Distribution & Core: Traditional deployment Minimal recommended deployment Enable at critical points/bottle necks Typically done on a Layer 3 boundary Detect threats internal to the VLAN When deployed on an SVI interface Detect threats as they traverse the internal network Move between subnets Catalyst
41 NetFlow Deployment Edge ISR ASA Edge: Detect threats as they enter and leave the network Monitor communication between branches Gain context from edge devices Application - NBAR Events - NSEL ASR 41
42 eth0/1 eth0/2 NetFlow Challenges: Flow Stitching Uni-directional flow records port port 80 Start Time Interface Src IP Src Port Dest IP Dest Port Proto Pkts Sent Bytes Sent 10:20: eth0/ TCP :20: eth0/ TCP Start Time Client IP Client Port Server IP Server Port Proto Client Bytes Client Pkts Server Bytes Server Pkts Interfaces 10:20: TCP eth0/1 eth0/2 Bi-directional: Conversation flow record Allows easy visualization and analysis 42
43 NetFlow Challenges: De-duplication Router A: :1024 -> :80 Router B: :1024 -> :80 Router C: :80 -> :1024 Duplicates Router C port 1024 Router B Router A Without de-duplication: Traffic volume can be misreported False positive would occur Allows for the efficient storage of flow data Necessary for accurate host-level reporting Does not discard data port 80 43
44 The need for context A key challenge in threat visibility Who is ? Policy Start Active Time Alarm Source Source Host Groups Target Details Desktops & Trusted Wireless Jan 3, 2013 Suspect Data Loss Atlanta, Desktops Multiple Hosts Observed 5.33G bytes. Policy maximum allows up to 500M bytes. 44
45 Obtain Context through the Cisco ISE Attribute flows and behaviours to a user and device Policy Start Active Time Alarm Source Source Host Groups Source User Name Device Type Target Desktops & Trusted Wireless Jan 3, 2013 Suspect Data Loss Atlanta, Desktops John Chambers Apple-iPad Multiple Hosts 45
46 Obtaining Context through NSEL Flow Action field can provide additional context State-based NSEL reporting is taken into consideration in StealthWatch s behavioral analysis Concern Index points accumulated for Flow Denied events NAT stitching 46
47 Providing Scalable Visibility Drilling into a single flow yields a wealth of information 47
48 Attack Detection without Signatures High Concern Index indicates a significant number of suspicious events that deviate from established baselines Host Groups Host CI CI% Alarms Alerts Desktops ,645,669 8,656% High Concern index Ping, Ping_Scan, TCP_Scan Monitor and baseline activity for a host and within host groups. 48
49 Aside: CSIRT NetFlow Collection at Cisco San Jose RTP Amsterdam Tokyo Bangalore 15.6 billion flows / day Sydney 90 day retention 49
50 Working with NetFlow
51 Detecting Command and Control Periodic phone home activity What to analyze: Countries Applications Uploads/Downloads ratio Time of day Repeated connections Beaconing - Repeated dead connections Long lived flows Known C&C servers StealthWatch Method of Detection: Host Lock Violation Suspect Long Flow Beaconing Host SLIC Reputation Feed 51
52 Detecting Command and Control Alarm indicating communication with known BotNet Controllers Source user name IP Address Target that triggered alarm Alarm details Start Active Time Alarms Source User Name Source Source Host Groups Target Target Host Groups Details Dec 11, 2012 Bot Infected Host Attempted C&C Activity John Chambers Sales and Marketing, Atlanta, Desktops node1.bytecluster.com ( ) Optima, United Kingdom Attempted communication was detected between this inside host and C&C server using port 80 and the TCP protocol 52
53 Identifying Reconnaissance Activity Long and slow activity to discover resources and vulnerabilities What to analyze: High number of flows High client byte ratio One-way or unanswered flows Flows within the subnet/host group Flows to non-existent IP s Flow patterns Abnormal behaviour StealthWatch Method of Detection: Concern Index High Traffic High Connections Trapped Hosts 53
54 Identifying Reconnaissance Activity 54
55 Identifying Reconnaissance Activity High Concern Index indicates a significant number of suspicious events that deviate from established baselines Host Groups Host CI CI% Alarms Alerts Desktops ,645,669 8,656% High Concern Index Ping, Ping_Scan, TCP_Scan 55
56 Identifying Reconnaissance Activity 56
57 Identifying Malware Propagation Discovered host answers and vulnerability exploited What to analyze: High number of flows High client byte ratio Connections within the subnet/host group Flow patterns Abnormal behaviour StealthWatch Method of Detection: Concern Index, Target Index Scanning Alarms Touched Host Worm Propagation Alarm Worm Tracker 57
58 Detecting Internally Spreading Malware Prioritized Threats 58
59 Detecting Internally Spreading Malware Targeted resources and behaviour 59
60 Detecting Internally Spreading Malware Source user, asset and connection point 60
61 Detecting Data Loss Intermediary resource used to obfuscate theft Data is exported off resource What to analyze: Historical data transfer behaviour Applications Time of day Countries Amount of data single and in aggregate Time frames Asymmetric traffic patterns Traffic between Host Groups StealthWatch Method of Detection: Suspect Data Loss Alarm 61
62 Detecting Data Loss 62
63 Detecting Data Loss 63
64 Detecting Data Loss Source host, peer and data volume 64
65 Secure the Virtualized Datacenter VM VM SERVICE CONSOLE lightweight packet capture and flow creation performed using a virtual FlowSensor appliance capture Visibility & Context: Flow records include: VM name VM server name VM State vmotion aware Host Profiled in terms of VM name FlowSensor verifies over 900 applications Monitors response time measurements 65
66 Secure the Virtualized Datacenter 66
67 Secure the Virtualized Datacenter Provide VM-to-VM visibility within the same VMware server 67
68 Key Takeaways Advanced threats are consistently bypassing the traditional security perimeter. Threat detection requires visibility and context into network traffic. NetFlow can provide the necessary visibility and when joined with context from products such as the Cisco ISE, ASA, ISR and Lancope StealthWatch, these threats can be detected. 68
69 Call to Action Schedule a Whisper Suite Briefing to experience the following demos/solutions in action: Schedule a demo with your Cisco or Lancope representative Meet the Engineer Matt and David are available the rest of the week. Discuss your project s challenges at the Technical Solutions Clinics 69
70 71
71
Cyber Threat Defence. Cisco Public BRKSEC Cisco and/or its affiliates. All rights reserved.
Cyber Threat Defence 2 Abstract Trends such as BYOD and the rise of the Advance Persistent Threat (APT) have led to the erosion of the security perimeter of the enterprise. The Cisco Cyber Threat Defence
More informationMonitoring and Threat Detection
Monitoring and Threat Detection with Netflow Michael Belan Consulting Systems Engineer Cisco GSSO January 2017 AGENDA What is SW? Where does it fit in overall Cisco Security framework? What is SW? What
More informationCisco Cyber Threat Defense Solution 1.0
Cisco Cyber Threat Defense Solution 1.0 Contents 1. Introduction to the Cisco Cyber Threat Defense Solution 1.0 2. Technical overview of the Cisco Cyber Threat Defense Solution 1.0 3. Using the Cisco Cyber
More informationCisco Day Hotel Mons Wednesday
Cisco Day 2016 20.4.2016 Hotel Mons Wednesday Three Friends in Security : Identity, Visibility and Enforcement Stop the bad guys immediately György Ács IT Security Consulting Systems Engineer 20 April
More informationCisco dan Hotel Crowne Plaza Beograd, Srbija.
Cisco dan 31. 3. 2016. Hotel Crowne Plaza Beograd, Srbija www.ciscoday.com Three Friends in Security : Identity, Visibility and Enforcement Stop the bad guys immediately György Ács IT Security Consulting
More informationCisco Cyber Range. Paul Qiu Senior Solutions Architect
Cisco Cyber Range Paul Qiu Senior Solutions Architect Cyber Range Service A platform to experience the intelligent Cyber Security for the real world What I hear, I forget What I see, I remember What I
More informationStealthwatch ülevaade + demo ja kasutusvõimalused. Leo Lähteenmäki
Stealthwatch ülevaade + demo ja kasutusvõimalused Leo Lähteenmäki 09:00-9:30 Hommikukohv ja registreerimine 09:30 11:15 Stealthwatch ülevaade + demo ja kasutusvõimalused 11:00 11:15 Kohvipaus 11:15 12:00
More informationDetecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0
Detecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0 April 9, 2012 Comments and errata should be directed to: cyber- tm@cisco.com Introduction One of the most common network
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationUsing Lancope StealthWatch for Information Security Monitoring
Cisco IT Case Study February 2014 How CSIRT uses StealthWatch Using Lancope StealthWatch for Information Security Monitoring How the Cisco Computer Security Incident Response Team (CSIRT) uses Lancope
More informationThreat Defense with Full NetFlow
White Paper Network as a Security Sensor Threat Defense with Full NetFlow Network Security and Netflow Historically IT organizations focused heavily on perimeter network security to protect their networks
More informationplixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels
Scrutinizer Competitor Worksheet Scrutinizer Malware Incident Response Scrutinizer is a massively scalable, distributed flow collection system that provides a single interface for all traffic related to
More informationCisco Stealthwatch Endpoint License
Data Sheet Cisco Stealthwatch Endpoint License With the Cisco Stealthwatch Endpoint License you can conduct in-depth, context-rich investigations into endpoints that exhibit suspicious behavior. In our
More informationRethinking Security: The Need For A Security Delivery Platform
Rethinking Security: The Need For A Security Delivery Platform Cybercrime In Asia: A Changing Environment & Shifting Focus Asia, more vulnerable to cybercrime because of diversity and breadth of countries
More informationDetecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0
Detecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0 April 9, 2012 Introduction One of the earliest indicators of an impending network attack is the presence of network reconnaissance.
More informationCisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics
Solution Overview Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics BENEFITS Gain visibility across all network conversations, including east-west and north-south
More informationCisco Stealthwatch Endpoint License with Cisco AnyConnect NVM
Cisco Stealthwatch Endpoint License with Cisco AnyConnect NVM How to implement the Cisco Stealthwatch Endpoint License with the Cisco AnyConnect Network Visibility Module Table of Contents About This Document...
More informationCisco Stealthwatch. Internal Alarm IDs 7.0
Cisco Stealthwatch Internal Alarm IDs 7.0 Stealthwatch Internal Alarm IDs Some previously used alarms are now obsolete and no longer listed in this file. 1 Host Lock Violation 5 SYN Flood 6 UDP Flood 7
More informationHow to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption
How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption Nikos Mourtzinos, CCIE #9763 Cisco Cyber Security Sales Specialist April 2018 New
More informationCIH
mitigating at host level, 23 25 at network level, 25 26 Morris worm, characteristics of, 18 Nimda worm, characteristics of, 20 22 replacement login, example of, 17 signatures. See signatures SQL Slammer
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationMAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER
MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1 Mobility Cloud Threat Customer centric
More informationAutomated Threat Management - in Real Time. Vectra Networks
Automated Threat Management - in Real Time Security investment has traditionally been in two areas Prevention Phase Active Phase Clean-up Phase Initial Infection Key assets found in the wild $$$$ $$$ $$
More informationThe Future of Threat Prevention
The Future of Threat Prevention Bricata is the leading developer of Next Generation Intrusion Prevention Systems (NGIPS) technology, providing innovative, disruptive, high-speed, high-performance network
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK INTRODUCTION Attivo Networks has partnered with Cisco Systems to provide advanced real-time inside-the-network
More informationBusiness Decision Series
Business Decision Series Cisco Catalyst 2960X, 2960XR, 3650 & 3850 Test Results and s September 2018 2018 Miercom and/or its affiliates. All rights reserved. Making Business Dollars and Sense It s the
More informationCisco Cyber Range. Paul Qiu Senior Solutions Architect June 2016
Cisco Cyber Range Paul Qiu Senior Solutions Architect June 2016 What I hear, I forget What I see, I remember What I do, I understand ~ Confucius Agenda Agenda Cyber Range Highlights Cyber Range Overview
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationCisco Tetration Analytics
Cisco Tetration Analytics Enhanced security and operations with real time analytics John Joo Tetration Business Unit Cisco Systems Security Challenges in Modern Data Centers Securing applications has become
More informationEncrypted Traffic Analytics
Encrypted Traffic Analytics Introduction The rapid rise in encrypted traffic is changing the threat landscape. As more businesses become digital, a significant number of services and applications are using
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationSubscriber Data Correlation
Subscriber Data Correlation Application of Cisco Stealthwatch to Service Provider mobility environment Introduction With the prevalence of smart mobile devices and the increase of application usage, Service
More informationA Unified Threat Defense: The Need for Security Convergence
A Unified Threat Defense: The Need for Security Convergence Udom Limmeechokchai, Senior system Engineer Cisco Systems November, 2005 1 Agenda Evolving Network Security Challenges META Group White Paper
More informationDDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH
DDoS Protector Block Denial of Service attacks within seconds Simon Yu Senior Security Consultant CISSP-ISSAP, MBCS, CEH 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 2012
More informationWHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION. A Novetta Cyber Analytics Brief
WHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION A Novetta Cyber Analytics Brief Why SIEMs with advanced network-traffic analytics is a powerful combination. INTRODUCTION Novetta
More informationStopping Advanced Persistent Threats In Cloud and DataCenters
Stopping Advanced Persistent Threats In Cloud and DataCenters Frederik Van Roosendael PSE Belgium Luxembourg 10/9/2015 Copyright 2013 Trend Micro Inc. Agenda How Threats evolved Transforming Your Data
More informationValidating the Security of the Borderless Infrastructure
SESSION ID: CDS-R01 Validating the Security of the Borderless Infrastructure David DeSanto Director, Product Management Spirent Communications, Inc. @david_desanto Agenda 2 The Adversary The Adversary
More informationPALANTIR CYBERMESH INTRODUCTION
100 Hamilton Avenue Palo Alto, California 94301 PALANTIR CYBERMESH INTRODUCTION Cyber attacks expose organizations to significant security, regulatory, and reputational risks, including the potential for
More informationAgenda: Insurance Academy Event
Agenda: Insurance Academy Event Drs Ing René Pluis MBA MBI Cyber Security Lead, Country Digitization Acceleration program the Netherlands The Hague, Thursday 16 November Introduction Integrated Security
More informationMaximize Network Visibility with NetFlow Technology. Adam Powers Chief Technology Officer Lancope
Maximize Network Visibility with NetFlow Technology Adam Powers Chief Technology Officer Lancope Agenda What is NetFlow h Introduction to NetFlow h NetFlow Examples NetFlow in Action h Network Operations
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationEvolution of Data Center Security Automated Security for Today s Dynamic Data Centers
Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers Speaker: Mun Hossain Director of Product Management - Security Business Group Cisco Twitter: @CiscoDCSecurity 2 Any
More informationGetting over Ransomware - Plan your Strategy for more Advanced Threats
Getting over Ransomware - Plan your Strategy for more Advanced Threats Kaspersky Lab Hong Kong Eric Kwok General Manager Lapcom Ltd. BEYOND ANTI-VIRUS: TRUE CYBERSECURITY FROM KASPERSKY LAB 20 years ago
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationSecurity Events and Alarm Categories (for Stealthwatch System v6.9.0)
Security Events and Alarm Categories (for Stealthwatch System v6.9.0) Copyrights and Trademarks 2017 Cisco Systems, Inc. All rights reserved. NOTICE THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS
More informationCisco Security Exposed Through the Cyber Kill Chain
Cisco Forschung & Lehre Forum für Mecklenburg Vorpommern Cisco Security Exposed Through the Cyber Kill Chain Rene Straube CSE, Cisco Advanced Threat Solutions January, 2017 The Cisco Security Model BEFORE
More informationCisco IOS Inline Intrusion Prevention System (IPS)
Cisco IOS Inline Intrusion Prevention System (IPS) This data sheet provides an overview of the Cisco IOS Intrusion Prevention System (IPS) solution. Product Overview In today s business environment, network
More informationSeceon s Open Threat Management software
Seceon s Open Threat Management software Seceon s Open Threat Management software (OTM), is a cyber-security advanced threat management platform that visualizes, detects, and eliminates threats in real
More informationEndpoint Protection : Last line of defense?
Endpoint Protection : Last line of defense? First TC Noumea, New Caledonia 10 Sept 2018 Independent Information Security Advisor OVERVIEW UNDERSTANDING ENDPOINT SECURITY AND THE BIG PICTURE Rapid development
More informationCISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1
CISCO BORDERLESS NETWORKS 2009 Cisco Systems, Inc. All rights reserved. 1 Creating New Business Models The Key Change: Putting the Interaction Where the Customer Is Customer Experience/ Innovation Productivity/
More informationAgile Security Solutions
Agile Security Solutions Piotr Linke Security Engineer CISSP CISA CRISC CISM Open Source SNORT 2 Consider these guys All were smart. All had security. All were seriously compromised. 3 The Industrialization
More informationStealthwatch System v6.9.0 Internal Alarm IDs
Stealthwatch System v6.9.0 Internal Alarm IDs Copyrights and Trademarks 2017 Cisco Systems, Inc. All rights reserved. NOTICE THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE
More informationScrutinizer Flow Analytics
Scrutinizer Flow Analytics TM Scrutinizer Flow Analytics Scrutinizer Flow Analytics is an expert system that highlights characteristics about the network. It uses flow data across dozens or several hundred
More informationUn SOC avanzato per una efficace risposta al cybercrime
Un SOC avanzato per una efficace risposta al cybercrime Identificazione e conferma di un incidente @RSAEMEA #RSAEMEASummit @masiste75 Mauro Costantini - Presales Consultant Agenda A look into the threat
More informationTrend Micro and IBM Security QRadar SIEM
Trend Micro and IBM Security QRadar SIEM Ellen Knickle, PM QRadar Integrations Robert Tavares, VP IBM Strategic Partnership February 19, 2014 1 Agenda 1. Nature of the IBM Relationship with Trend Micro
More informationFloCon Netflow Collection and Analysis at a Tier 1 Internet Peering Point. San Diego, CA. Fred Stringer
10 January 2017 FloCon 2017 San Diego, CA Netflow Collection and Analysis at a Tier 1 Internet Peering Point Fred Stringer AT&T Chief Security Organization Systems Engineer/Network Architect AT&T Intellectual
More informationCyberArk Privileged Threat Analytics
CyberArk Privileged Threat Analytics Table of Contents The New Security Battleground: Inside Your Network 3 Privileged account security 3 Collect the right data 4 Detect critical threats 5 Alert on critical
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationTrustSec (NaaS / NaaE)
TrustSec (NaaS / NaaE) per@cisco.com Security on top of the mind for our customers 60% 85% 54% of data is stolen in HOURS of point-of-sale intrusions aren t discovered for WEEKS of breaches remain undiscovered
More informationNetwork Security Monitoring with Flow Data
Network Security Monitoring with Flow Data IT Monitoring in Enterprises NPMD (Network Performance Monitoring & Diagnostics) SNMP basics Flow data for advanced analysis and troubleshooting Packet capture
More informationCloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationSmart Attacks require Smart Defence Moving Target Defence
Smart Attacks require Smart Defence Moving Target Defence Prof. Dr. Gabi Dreo Rodosek Executive Director of the Research Institute CODE 1 Virtual, Connected, Smart World Real World Billions of connected
More informationCisco Security Enterprise License Agreement
Cisco Security Enterprise License Agreement Deploy Software and Technology more easily The Cisco Security Enterprise Licensing Agreement (ELA) gives you a simpler way to manage your licenses. And it saves
More informationCYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta
CYBER ANALYTICS Architecture Overview Technical Brief May 2016 novetta.com 2016, Novetta Novetta Cyber Analytics: Technical Architecture Overview 1 INTRODUCTION 2 CAPTURE AND PROCESS ALL NETWORK TRAFFIC
More informationRethinking Security CLOUDSEC2016. Ian Farquhar Distinguished Sales Engineer Field Lead for the Gigamon Security Virtual Team
Rethinking Security CLOUDSEC2016 Ian Farquhar Distinguished Sales Engineer Field Lead for the Gigamon Security Virtual Team Breaches Are The New Normal Only The Scale Surprises Us OPM will send notifications
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationFlow Measurement. For IT, Security and IoT/ICS. Pavel Minařík, Chief Technology Officer EMITEC, Swiss Test and Measurement Day 20 th April 2018
Flow Measurement For IT, Security and IoT/ICS Pavel Minařík, Chief Technology Officer EMITEC, Swiss Test and Measurement Day 20 th April 2018 What is Flow Data? Modern method for network monitoring flow
More informationRSA Security Analytics
RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Analyze & prioritize alerts across various sources The cornerstone of security
More informationUDP Director Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0)
UDP Director Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0) Installation and Configuration Guide: UDP Director VE v6.9.0 2016 Cisco Systems, Inc. All rights reserved.
More informationHidden Figures: Securing what you cannot see
Hidden Figures: Securing what you cannot see TK Keanini, Distinguished Engineer Stealthwatch, Advanced Threat Solutions CID-0006 Hello My Name is TK Keanini Keanini (Pronounced Kay-Ah-Nee-Nee) TK: The
More informationCisco Self Defending Network
Cisco Self Defending Network Integrated Network Security George Chopin Security Business Development Manager, CISSP 2003, Cisco Systems, Inc. All rights reserved. 1 The Network as a Strategic Asset Corporate
More informationADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY
ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY OUTLINE Advanced Threat Landscape (genv) Why is endpoint protection essential? Types of attacks and how to prevent them
More informationNext Generation Network Traffic Monitoring and Anomaly Detection. Petr Springl
Next Generation Network Traffic Monitoring and Anomaly Detection Petr Springl springl@invea-tech.com INVEA-TECH University spin-off company 10 years of development, participation in EU funded projects
More informationTHE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson
THE RSA NETWITNESS SUITE REINVENT YOUR SIEM Presented by: Walter Abeson 1 Reality Goals GOALS VERSUS REALITY OF SIEM 1.0 Single compliance & security interface Analyze & prioritize alerts across various
More informationNovetta Cyber Analytics
Know your network. Arm your analysts. Introduction Novetta Cyber Analytics is an advanced network traffic analytics solution that empowers analysts with comprehensive, near real time cyber security visibility
More informationNetwork Segmentation Through Policy Abstraction: How TrustSec Simplifies Segmentation and Improves Security Sept 2014
In most organizations networks grow all the time. New stacks of security appliances, new applications hosted on new clusters of servers, new network connections, new subnets, new endpoint platforms and
More informationTrisul Network Analytics - Traffic Analyzer
Trisul Network Analytics - Traffic Analyzer Using this information the Trisul Network Analytics Netfllow for ISP solution provides information to assist the following operation groups: Network Operations
More informationCisco Intrusion Prevention Solutions
Cisco Intrusion Prevention Solutions Proactive Integrated, Collaborative, and Adaptive Network Protection Cisco Intrusion Prevention System (IPS) solutions accurately identify, classify, and stop malicious
More informationTHE ACCENTURE CYBER DEFENSE SOLUTION
THE ACCENTURE CYBER DEFENSE SOLUTION A MANAGED SERVICE FOR CYBER DEFENSE FROM ACCENTURE AND SPLUNK. YOUR CURRENT APPROACHES TO CYBER DEFENSE COULD BE PUTTING YOU AT RISK Cyber-attacks are increasingly
More informationDEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise
DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS Security Without Compromise CONTENTS INTRODUCTION 1 SECTION 1: STRETCHING BEYOND STATIC SECURITY 2 SECTION 2: NEW DEFENSES FOR CLOUD ENVIRONMENTS 5 SECTION
More informationKey Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.
Key Technologies for Security Operations 2 Traditional Security Is Not Working 97% of breaches led to compromise within days or less with 72% leading to data exfiltration in the same time Source: Verizon
More informationCourse Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture
About this Course This course will best position your organization to analyse threats and detect anomalies that could indicate cybercriminal behaviour. The payoff for this new proactive approach would
More informationProCurve Network Immunity
ProCurve Network Immunity Hans-Jörg Elias Key Account Manager hans-joerg.elias@hp.com 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
More informationPROTECTING INFORMATION ASSETS NETWORK SECURITY
PROTECTING INFORMATION ASSETS NETWORK SECURITY PAUL SMITH 20 years of IT experience (desktop, servers, networks, firewalls.) 17 years of engineering in enterprise scaled networks 10+ years in Network Security
More informationINSIDE. Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server. Enhanced virus protection for Web and SMTP traffic
Virus Protection & Content Filtering TECHNOLOGY BRIEF Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server Enhanced virus protection for Web and SMTP traffic INSIDE The need
More informationARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE
ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE Vectra Cognito HIGHLIGHTS Finds active attackers inside your network Automates security investigations with conclusive
More informationSDN Security BRKSEC Alok Mittal Security Business Group, Cisco
SDN Security Alok Mittal Security Business Group, Cisco Security at the Speed of the Network Automating and Accelerating Security Through SDN Countering threats is complex and difficult. Software Defined
More informationSAFE Architecture Guide. Places in the Network: Secure Campus
SAFE Architecture Guide Places in the Network: Secure Campus January 2018 SAFE Architecture Guide Places in the Network: Secure Campus Contents January 2018 Contents 3 5 8 9 13 15 21 22 25 Overview Business
More informationCombating Cyber Risk in the Supply Chain
SESSION ID: CIN-W10 Combating Cyber Risk in the Supply Chain Ashok Sankar Senior Director Cyber Strategy Raytheon Websense @ashoksankar Introduction The velocity of data breaches is accelerating at an
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationPerimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN
T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN Perimeter Defenses Enterprises need to take their security strategy beyond stacking up layers of perimeter defenses to building up predictive
More informationHow Cisco IT Upgraded Intrusion Detection to Improve Scalability and Performance
How Cisco IT Upgraded Intrusion Detection to Improve Scalability and Performance Migration to 4250 Sensor improves intrusion detection performance and manageability. Cisco IT Case Study / Security and
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationVisibility: The Foundation of your Cybersecurity Infrastructure. Marlin McFate Federal CTO, Riverbed
Visibility: The Foundation of your Cybersecurity Infrastructure Marlin McFate Federal CTO, Riverbed Detection is Only One Part of the Story Planning and Remediation are just as critical 20 18 Hackers Went
More informationCato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN
Cato Cloud Software-defined and Cloud-based Secure Enterprise Network Solution Brief NETWORK + SECURITY IS SIMPLE AGAIN Legacy WAN and Security Appliances are Incompatible with the Modern Enterprise The
More informationCisco Ransomware Defense The Ransomware Threat Is Real
Cisco Ransomware Defense The Ransomware Threat Is Real Seguridad Integrada Abril 2018 Ransomware B Malicious Software Encrypts Critical Data Demands Payment Permanent Data Loss Business Impacts Ramifications
More informationCopyright 2011 Trend Micro Inc.
Copyright 2011 Trend Micro Inc. 2008Q1 2008Q2 2008Q3 2008Q4 2009Q1 2009Q2 2009Q3 2009Q4 2010Q1 2010Q2 2010Q3 2010Q4 2011Q1 2011Q2 2011Q3 2011Q4 M'JPY Cloud Security revenue Q to Q Growth DeepSecurity/Hosted/CPVM/IDF
More information