Applied Advanced Network Telemetry: ETA and Beyond
|
|
- Annabel Harmon
- 5 years ago
- Views:
Transcription
1
2 BRKSEC-2809 Applied Advanced Network Telemetry: ETA and Beyond TK Keanini, Principal Engineer Blake Anderson, Technical Leader
3 Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space cs.co/ciscolivebot#brksec Cisco and/or its affiliates. All rights reserved. Cisco Public
4 Hello My Name is TK Keanini Keanini (Pronounced Kay-Ah-Nee-Nee) TK: The past years in a nutshell BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 4
5 Hello My Name is Blake Anderson Born in Memphis, Tennessee Anderson (Pronounced And-er-son) PhD in security/machine learning from the University of New Mexico New Mexico = Joined Cisco ~3 years ago My puppy longingly stares at her food bowl all day Arya = BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 5
6 Agenda Encrypted Traffic Analytics Cryptographic Compliance Malware Detection without decryption Robust Network Data Features OS Fingerprinting Adversarial Machine Learning
7 Encrypted Traffic Analytics (ETA)
8 Encrypted Traffic Analytics Only solution that provides visibility and malware detection without decryption Malware in encrypted traffic Cryptographic compliance BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 8
9 Encrypted Traffic Analytics (ETA) NFv9 with ETA information elements ETA Collector(s) Cloud Analysis Malware detection and cryptographic compliance Leveraged Network Faster Investigation Higher Precision Enhanced NetFlow from Cisco s newest switches and routers Enhanced analytics and machine learning Global-to-local knowledge correlation 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
10 The early days of network telemetry NetFlow Provides A trace of every conversation in your network An ability to collect records everywhere in your network (switch, router, or firewall) Network usage measurements An ability to find north-south as well as east-west communication Lightweight visibility compared to Switched Port Analyzer (SPAN)-based traffic analysis Indications of compromise (IOC) Security group information Internet Switches Routers Flow Information Packets SOURCE ADDRESS DESTINATION ADDRESS SOURCE PORT DESTINATION PORT 443 INTERFACE Gi0/0/0 IP TOS 0x00 IP PROTOCOL 6 NEXT HOP TCP FLAGS 0x1A SOURCE SGT 100 : : APPLICATION NAME NBAR SECURE-HTTP BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 10
11 End-to-end visibility across all telemetry User Device Server Switch Router WAN Router Firewall Server Cisco Identity Services Engine Router Switch Firewall Data Center ISR CSR ASR WLC Catalyst IE ETA enabled Catalyst ASA FTD Meraki Nexus switch Tetration Web Endpoint Policy and User Info Other Web Security Appliance (WSA) AnyConnect Identity Services Engine (ISE) Stealthwatch Flow Sensor Stealthwatch Enterprise also enables telemetry ingestion from many third-party exporters BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 11
12 Encrypted Traffic Analytics Overview Outcomes Analytics Cryptographic Compliance ETA Enhanced Analytics Malware Detection IDP SPLT BD* ETA Data Features Initial Data Packet The first packets of any connection contain valuable data about the content. Sequence of Packet Lengths and Times The SPLT field gives us visibility beyond the first packet of the encrypted flows. srcip, dstip, srcport, dstport, prot, starttime, stoptime, numbytes, numpackets, IDP, SPLT, BD Exporters of Netflow Byte Distribution The BD keeps a count for each byte value encountered in the payloads of the packets of the flow being analyzed Routers/Switches Packet Capture Devices Other Exporters *BD in fast follow release BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 12
13 IP Header TCP Header Initial Data Packet TLS Header TLS version SNL (Server Name) Ciphersuites Certificate Organization Issuer Issued Expires BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 13
14 Sequence of packet lengths and time Flow Start Time BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 14
15 Cryptographic Compliance
16 How much of my digital business is encrypted versus in the clear? 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
17 Encryption Details on all Network Flows 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
18 Filter Flows by TLS/SSL BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 18
19 Malware Detection without decryption
20 Telemetry Features Incidents Threat context Power of multi-layer machine learning Threat Analytics Threat Grid Encrypted Traffic Analytics Internet scrapers Global risk map Threat correlation 10B requests per day Anomaly detection Trust modeling Event classification Entity modeling Relationship modeling Layer 2 Layer 3 50,000 incidents per day Layer 1 Anomalous Requests Processed NetFlow + Proxy (weblog) Malicious Events (telemetry sequences) Threat Incidents (aggregated events) BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 20
21 Power of multi-layer machine learning Increase fidelity of detection using best-in-class security analytics 10,000,000,000 requests per day Anomaly detection Trust modeling Anomalous Traffic Global Risk Map Threat Grid, TALOS Event classification Entity modeling Malicious Events 50,000 incidents per day Relationship modeling Threat Incidents BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 21
22 Expanded CTA Dashboard View Encrypted Traffic Analytics Cognitive Analytics BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 22
23 Stealthwatch Threat Analytics User Flows CTA Widget on SW Dashboard CTA Incident Timeline on SW Host Report CTA Incident Detail on CTA Dashboard Select IP Address Select Incident Detail CTA Dashboard on Separate Tab BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 23
24 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
25 Future Research The Future of Encrypted Traffic Analytics Telemetry
26 How Much of my Traffic is not Encrypted? BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 26
27 Ports/Protocols are not Sufficient Custom encryption over port 80 TLS over port 80 Unknown protocol Known protocol over nonstandard port HTTP over port 80 Known protocol over standard port BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 27
28 Plaintext Detection Leverage additional ETA data features, signatures, and machine learning Data Sources Data Features {Encrypted} {Plaintext} TCP UDP TCP UDP IP Known Encrypted Protocols IP Known Plaintext Protocols SPLT/IDP Per-packet byte distribution (ppbd) Information Data Packet (IDP+) BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 28
29 TLS alert Messages client_ hello client_key _exchange change_ cipher_ spec encrypted _handshake _message app_data app_data server_ hello certificate cont. server_ key_ exchange change_ cipher_ spec encrypted _handshake _message app_data encrypted _alert server_ hello_ done BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 29
30 TLS alert Messages close_notify Indicates one party wishes to close the connection bad_record_mac, record_overflow, decode_error, etc. Active attacks (e.g., padding oracle attack) Bug in the client/server software BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 30
31 TLS alert Message Inference Leverage ETA data features and supervised machine learning Data Sources Data Features Endpoint Logs Server Logs Network Traffic Sequences of TLS Record Lengths and Times BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 31
32 Robust Network Data Features
33 Detecting Malware not Sandboxes Sandbox Intranet Malware Benign BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 33
34 Benign Malware Detecting Malware not Sandboxes Sandbox Intranet No HTTP Via header HTTP Via header from proxy BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 34
35 Benign Malware Detecting Malware not Sandboxes Sandbox Intranet Sandbox Label Assignment Intranet Label Assignment Identical Client Runs BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 35
36 MiTM/Proxies Premises Internet MiTM certificate/etc. record altered client_hello/etc. records altered BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 36
37 Length Generic Receive Offload (GRO) Time BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 37
38 Robust Network Data Features Normalize as much as possible: RTT estimate, individual packets application messages TLS cipher_suites category of TLS library (Schannel, Firefox, etc.) HTTP Via / MiTM TLS cipher_suites remove features and add proxy indicator [200 bytes, 39k bytes ] HTTP headers [Via, X-Forwarded-For] Web Proxy: WSA/10.x BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 38
39 Solution Overview Cisco Products classifier description auxiliary data fingerprint rules flow record Enhanced NetFlow Network Inference OS Inference Application Inference Malware Detection Malware Family flow record Enhanced NetFlow labels Endpoint Context OS, Applications, PMTU, RTT, Infection, BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 39
40 OS Fingerprinting
41 OS Fingerprinting Goals Understand devices sending attack traffic Identify evasion through network header rewriting Understand infected internal devices Detect unauthorized devices Detect obsolete, vulnerable OSes BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 41
42 Data Features BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 42
43 Classifier Results acc=97.50% BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 43
44 Evasion Model: attacker can control a fraction of the data features Windows Mac OS X Mac,iOS Win SP1 BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 44
45 Adversarial Machine Learning
46 Adversarial Machine Learning Evasion Attacks Craft samples to evade detection of a specific classifier Training Dataset Testing Evading Sample Typical Samples BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 46
47 Evading Classifiers Inferred Application Behavior (v: 52.0) + = (v: 1.0.1r) + = BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 47
48 Attacking Evasion with More Data Endpoint Monitoring Inferred Application Behavior Server s Identity (v: 52.0) (v: 1.0.1r) BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 48
49 Adversarial Machine Learning Poisoning Attacks Craft samples to corrupt a specific classifier Normal Dataset Poisoned Dataset Poisoning Samples BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 49
50 Poisoning Real-World Datasets Prerequisites: Approximate knowledge of the classifier (white papers / blogs / ETA license) Influence over the training data (ThreatGrid and/or ETA license) Optimal Poisoning Sample(s) Poisoned Model BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 50
51 Attacking Poisoning with More Data ETA Classifier Training AMP Poisoning-Resistant Model Submission Metadata Poisoning Detection BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 51
52 Conclusions
53 Conclusions The threat landscape will continue to evolve, and we evolving with it Cisco is continuing to innovate around ETA to address future threats Malware's Exclusive Use of TLS 20.00% 18.00% 16.00% 14.00% 12.00% 10.00% 8.00% 6.00% 4.00% 2.00% 0.00% Sep-16 Nov-16 Dec-16 Feb-17 Mar-17 May-17 Jul-17 Aug-17 BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 53
54 References ETA Overview ETA Deployment Guide Martin Rehak, Blake Anderson Securing Encrypted Traffic on a Global Scale; Cisco Blogs Blake Anderson, David McGrew; Machine Learning for Encrypted Malware Traffic Classification: Accounting for Noisy Labels and Non-Stationarity; KDD, 2017 Blake Anderson, David McGrew; Identifying Encrypted Malware Traffic with Contextual Flow Data; CCS AISec, 2016 Blake Anderson, Subharthi Paul, David McGrew; Deciphering Malware s Use of TLS (without Decryption); Journal of Computer Virology and Hacking Techniques, Blake Anderson, David McGrew; OS Fingerprinting: New Techniques and a Study of Information Gain and Obfuscation; CNS, 2017 Open source package for network data capture and analysis: BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 54
55 Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space cs.co/ciscolivebot#brksec Cisco and/or its affiliates. All rights reserved. Cisco Public
56 Please complete your Online Session Evaluations after each session Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt All surveys can be completed via the Cisco Live Mobile App or the Communication Stations Complete Your Online Session Evaluation Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at Cisco and/or its affiliates. All rights reserved. Cisco Public
57 Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Tech Circle Meet the Engineer 1:1 meetings Related sessions BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 57
58 Thank you
59
Hidden Figures: Securing what you cannot see
Hidden Figures: Securing what you cannot see TK Keanini, Distinguished Engineer Stealthwatch, Advanced Threat Solutions CID-0006 Hello My Name is TK Keanini Keanini (Pronounced Kay-Ah-Nee-Nee) TK: The
More informationEncrypted Traffic Analytics
Encrypted Traffic Analytics Introduction The rapid rise in encrypted traffic is changing the threat landscape. As more businesses become digital, a significant number of services and applications are using
More informationHow to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption
How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption Nikos Mourtzinos, CCIE #9763 Cisco Cyber Security Sales Specialist April 2018 New
More informationClassifying Encrypted Traffic with TLSaware
Classifying Encrypted Traffic with TLSaware Telemetry Blake Anderson, David McGrew, and Alison Kendler blaander@cisco.com, mcgrew@cisco.com, alkendle@cisco.com FloCon 2016 Problem Statement I need to understand
More informationStealthwatch ülevaade + demo ja kasutusvõimalused. Leo Lähteenmäki
Stealthwatch ülevaade + demo ja kasutusvõimalused Leo Lähteenmäki 09:00-9:30 Hommikukohv ja registreerimine 09:30 11:15 Stealthwatch ülevaade + demo ja kasutusvõimalused 11:00 11:15 Kohvipaus 11:15 12:00
More informationUnderstanding network traffic through Intraflow data
Understanding network traffic through Intraflow data David McGrew and Blake Anderson mcgrew@cisco.com, blaander@cisco.com FloCon 2016 Exploring threat data features at scale pcap pcap2flow json Offline
More informationAn Introduction to Monitoring Encrypted Network Traffic with "Joy"
An Introduction to Monitoring Encrypted Network Traffic with "Joy" Philip Perricone (SE) Bill Hudson (TL) Blake Anderson (TL) David McGrew (Fellow) Cisco Spark How Questions? Use Cisco Spark to communicate
More informationThreat Centric Network Security
BRKSEC-2056 Threat Centric Network Security Ted Bedwell, Principal Engineer Network Threat Defence Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this
More informationMonitoring and Threat Detection
Monitoring and Threat Detection with Netflow Michael Belan Consulting Systems Engineer Cisco GSSO January 2017 AGENDA What is SW? Where does it fit in overall Cisco Security framework? What is SW? What
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationNXOS in the Real World Using NX-API REST
NXOS in the Real World Using NX-API REST Adrian Iliesiu Corporate Development Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session
More informationTetration Hands-on Lab from Deployment to Operations Support
LTRACI-2184 Tetration Hands-on Lab from Deployment to Operations Support Furong Gisiger, Solutions Architect Lawrence Zhu, Sr. Solutions Architect Cisco Spark How Questions? Use Cisco Spark to communicate
More informationAlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment
BRKPAR-2488 AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment Edy Almer How to Secure and Automate Your Heterogeneous Cisco Environment Yogesh Kaushik, Senior Director Cisco Doug
More informationEncrypted Traffic Security (ETS) White Paper
Encrypted Traffic Security (ETS) White Paper The rapid rise in encrypted traffic is changing the security landscape. As more organizations become digital, an increasing number of services and applications
More informationSecurity Monitoring with Stealthwatch:
Security Monitoring with Stealthwatch: The Detailed Walkthrough Matthew Robertson, Technical Marketing Engineer BRKSEC-3014 Cisco Spark How Questions? Use Cisco Spark to chat with the speaker after the
More informationCisco Encrypted Traffic Analytics Security Performance Validation
Cisco Encrypted Traffic Analytics Security Performance Validation March 2018 DR180222D Miercom.com www.miercom.com Contents 1.0 Executive Summary... 3 2.0 About the Product Tested... 5 3.0 How We Did It...
More informationCisco Cloud Security. How to Protect Business to Support Digital Transformation
Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,
More informationDemystifying Machine Learning
Demystifying Machine Learning Dmitry Figol, WW Enterprise Sales Systems Engineer - Programmability @dmfigol CTHRST-1002 Agenda Machine Learning examples What is Machine Learning Types of Machine Learning
More informationAMP for Endpoints & Threat Grid
AMP for Endpoints & Threat Grid Response & Prevention Dean De Beer & Eric Hulse BRKSEC-2029 AMP Threat Grid Malware Analysis Engines & Techniques A little background Malware Analysis & Threat Intelligence
More informationCisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics
Solution Overview Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics BENEFITS Gain visibility across all network conversations, including east-west and north-south
More informationCisco Stealthwatch Endpoint License with Cisco AnyConnect NVM
Cisco Stealthwatch Endpoint License with Cisco AnyConnect NVM How to implement the Cisco Stealthwatch Endpoint License with the Cisco AnyConnect Network Visibility Module Table of Contents About This Document...
More informationCisco SD-Access Hands-on Lab
LTRCRS-2810 Cisco SD-Access Hands-on Lab Larissa Overbey - Technical Marketing Engineer, Cisco Derek Huckaby - Technical Marketing Engineer, Cisco https://cisco.box.com/v/ltrcrs-2810-bcn2018 Password:
More informationMachine Learning with Python
DEVNET-2163 Machine Learning with Python Dmitry Figol, SE WW Enterprise Sales @dmfigol Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session
More informationSubscriber Data Correlation
Subscriber Data Correlation Application of Cisco Stealthwatch to Service Provider mobility environment Introduction With the prevalence of smart mobile devices and the increase of application usage, Service
More informationDigital Network Architecture for Securing Enterprise Networks
Digital Network Architecture for Securing Enterprise Networks Matt Robertson Evgeny Mirolyubov Technical Marketing Engineers, Advanced Threat Solutions Cisco Spark How Questions? Use Cisco Spark to communicate
More informationCisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017
Cisco Security Advanced Malware Protection Guillermo González Security Systems Engineer Octubre 2017 The New Security Model Attack Continuum Before During After Before Discover During Detect After Scope
More informationHands-On with IoT Standards & Protocols
DEVNET-3623 Hands-On with IoT Standards & Protocols Casey Bleeker, Developer Evangelist @geekbleek Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this
More informationEnhanced Threat Detection, Investigation, and Response
Enhanced Threat Detection, Investigation, and Response What s new in Cisco Stealthwatch Enterprise Release 6.10.2 Cisco Stealthwatch Enterprise is a comprehensive visibility and security analytics solution
More informationCloud-Managed Security for Distributed Networks with Cisco Meraki MX
Cloud-Managed Security for Distributed Networks with Cisco Meraki MX Joe Aronow, Product Architect Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this
More informationCloud Mobility: Meraki Wireless & EMM
BRKEWN-2002 Cloud Mobility: Meraki Wireless & EMM Emily Sporl Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile
More informationCognitive Threat Analytics Tech update
Cognitive Threat Analytics Tech update Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting Systems Engineer, Cyber Security, Denmark CTA CTA CTA Cognitive Threat Analytics
More informationCisco Cyber Threat Defense Solution 1.0
Cisco Cyber Threat Defense Solution 1.0 Contents 1. Introduction to the Cisco Cyber Threat Defense Solution 1.0 2. Technical overview of the Cisco Cyber Threat Defense Solution 1.0 3. Using the Cisco Cyber
More informationIntroducing Cisco Network Assurance Engine
BRKACI-2403 Introducing Cisco Network Assurance Engine Intent Based Networking for Data Centers Sundar Iyer, Distinguished Engineer Head Cisco Network Assurance Engine Team Dhruv Jain, Director of Product
More informationAPIC-EM / EasyQoS - End to End Orchestration of QoS in Enterprise Networks
APIC-EM / EasyQoS - End to End Orchestration of QoS in Enterprise Networks Saurav Prasad Technical Marketing Engineer CTHNMS-1002 Cisco Spark How Questions? Use Cisco Spark to chat with the speaker after
More informationCisco Advanced Malware Protection against WannaCry
Cisco Advanced Malware Protection against WannaCry "A false sense of security is worse than a true sense of insecurity" Senad Aruc Consulting Systems Engineer Advanced Threats Group Nils Roald Advanced
More informationThe Future of Threat Prevention
The Future of Threat Prevention Bricata is the leading developer of Next Generation Intrusion Prevention Systems (NGIPS) technology, providing innovative, disruptive, high-speed, high-performance network
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats Digital Transformation on a Massive Scale 15B Devices Today Attack Surface 500B Devices In 2030 Threat Actors $19T Opportunity Next 10 Years
More informationCisco Day Hotel Mons Wednesday
Cisco Day 2016 20.4.2016 Hotel Mons Wednesday Three Friends in Security : Identity, Visibility and Enforcement Stop the bad guys immediately György Ács IT Security Consulting Systems Engineer 20 April
More informationStop Threats Before They Stop You
Stop Threats Before They Stop You Gain visibility and control as you speed time to containment of infected endpoints Andrew Peters, Sr. Manager, Security Technology Group Agenda Situation System Parts
More informationEncrypted Traffic Analytics Deployment Guide
Cisco Validated design Encrypted Traffic Analytics Deployment Guide December 2017 Table of Contents Table of Contents Introduction... 1 Design Overview... 2 Components at a Glance...6 Use Cases... 10 Crypto
More informationGlobal vision. Local knowledge. Cisco Forum Kyiv Country Day Month Year
Global vision. Local knowledge. Cisco Forum Kyiv Country Day Month Year Firepower Next Generation Firewall Subtitle goes here William Young Security Solutions Architect, Global Security Architecture Team
More informationCisco Container Platform
Cisco Container Platform Pradnesh Patil Suhail Syed Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click
More informationSourcefire Network Security Analytics: Finding the Needle in the Haystack
Sourcefire Network Security Analytics: Finding the Needle in the Haystack Mark Pretty Consulting Systems Engineer #clmel Agenda Introduction The Sourcefire Solution Real-time Analytics On-Demand Analytics
More informationThe following topics describe how to configure correlation policies and rules.
The following topics describe how to configure correlation policies and rules. Introduction to and Rules, page 1 Configuring, page 2 Configuring Correlation Rules, page 5 Configuring Correlation Response
More informationCisco Firepower NGIPS Tuning and Best Practices
Cisco Firepower NGIPS Tuning and Best Practices John Wise, Security Instructor High Touch Delivery, Cisco Learning Services CTHCRT-2000 Cisco Spark How Questions? Use Cisco Spark to communicate with the
More informationRouting Underlay and NFV Automation with DNA Center
BRKRST-1888 Routing Underlay and NFV Automation with DNA Center Prakash Rajamani, Director, Product Management Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session
More informationDetecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0
Detecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0 April 9, 2012 Comments and errata should be directed to: cyber- tm@cisco.com Introduction One of the most common network
More informationSeceon s Open Threat Management software
Seceon s Open Threat Management software Seceon s Open Threat Management software (OTM), is a cyber-security advanced threat management platform that visualizes, detects, and eliminates threats in real
More informationUnderstanding HTTPS to Decrypt it
Understanding HTTPS to Decrypt it James Everett Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join
More informationThe Transformation of Media & Broadcast Video Production to a Professional Media Network
The Transformation of Media & Broadcast Video Production to a Professional Media Network Subha Dhesikan, Principal Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after
More informationCisco Tetration Analytics
Cisco Tetration Analytics Real-time application visibility and policy management using advanced analytics Yogesh Kaushik, Sr. Director Product Management PSOACI-2100 Agenda Market context Introduction:
More informationBattle between hackers and machine learning. Alexey Lukatsky Cybersecurity Business Consultant April 03, 2019
Battle between hackers and machine learning Alexey Lukatsky Cybersecurity Business Consultant April 03, 2019 Google: facts and numbers Real Cisco Big Data for Security Training Set Why is Machine Learning
More informationPSOACI Tetration Overview. Mike Herbert
Tetration Overview Mike Herbert Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationNetwork Visibility and Segmentation
Network Visibility and Segmentation 2019 Cisco and/ or its affiliates. All rights reserved. Contents Network Segmentation A Services Approach 3 The Process of Segmentation 3 Segmentation Solution Components
More informationCisco dan Hotel Crowne Plaza Beograd, Srbija.
Cisco dan 31. 3. 2016. Hotel Crowne Plaza Beograd, Srbija www.ciscoday.com Three Friends in Security : Identity, Visibility and Enforcement Stop the bad guys immediately György Ács IT Security Consulting
More informationGet Hands On With DNA Center APIs for Managing Intent
DEVNET-3620 Get Hands On With DNA Center APIs for Managing Intent Adam Radford Distinguished Systems Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session
More informationBGP in the Enterprise for Fun and (fake) Profit: A Hands-On Lab
BGP in the Enterprise for Fun and (fake) Profit: A Hands-On Lab Michael Kowal, Principal Systems Engineer, @ciscomk Dash Thompson, Systems Engineer, @dash_thompson Abel Ramirez, Systems Engineer, @ramirezabel21
More informationSegment Your Network for Stronger Security
Segment Your Network for Stronger Security Protecting Critical Assets with Cisco Security 2017 Cisco and/or its affiliates. All rights reserved. 2017 Cisco and/or its affiliates. All rights reserved. The
More informationYes, You can protect your endpoints! Szilard Csordas, Security Consultant scsordas [at] cisco.com
Yes, You can protect your endpoints! Szilard Csordas, Security Consultant scsordas [at] cisco.com Endpoint Footprint Problem: TOO MANY AGENTS! Anti-Virus/Anti-Spyware agent IPSec/SSLVPN agent Host IPS/FW
More informationSDN Security BRKSEC Alok Mittal Security Business Group, Cisco
SDN Security Alok Mittal Security Business Group, Cisco Security at the Speed of the Network Automating and Accelerating Security Through SDN Countering threats is complex and difficult. Software Defined
More informationStealthwatch and Cognitive Analytics Configuration Guide (for Stealthwatch System v6.10.x)
Stealthwatch and Cognitive Analytics Configuration Guide (for Stealthwatch System v6.10.x) Copyrights and Trademarks 2018 Cisco Systems, Inc. All rights reserved. NOTICE THE SPECIFICATIONS AND INFORMATION
More informationCisco Security Exposed Through the Cyber Kill Chain
Cisco Forschung & Lehre Forum für Mecklenburg Vorpommern Cisco Security Exposed Through the Cyber Kill Chain Rene Straube CSE, Cisco Advanced Threat Solutions January, 2017 The Cisco Security Model BEFORE
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview Organizations today are under the constant threat of cyber attack, and security breaches happen every day. Cisco Advanced Malware
More informationIpswitch: The New way of Network Monitoring and how to provide managed services to its customers
BRKPAR-2333 Ipswitch: The New way of Network Monitoring and how to provide managed services to its customers Paolo Ferrari, Senior Director Sales Southern Europe, Ipswitch, Inc. WhatsUp Gold Jan 2018 Agenda
More informationDeploying Intrusion Prevention Systems
Deploying Intrusion Prevention Systems Gary Halleen Consulting Systems Engineer II Agenda Introductions Introduction to IPS Comparing Cisco IPS Solutions IPS Deployment Considerations Migration from IPS
More informationWe re Gonna Need a Bigger Boat
SESSION ID: CSV-F01 We re Gonna Need a Bigger Boat Alan Ross Senior Principal Engineer Intel Corporation Grant Babb Research Scientist Intel Corporation IT Analytics: All about the changing Enterprise
More informationCloudCenter for Developers
DEVNET-1198 CloudCenter for Developers Conor Murphy, Systems Engineer Data Centre Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the
More informationCisco Cyber Range. Paul Qiu Senior Solutions Architect
Cisco Cyber Range Paul Qiu Senior Solutions Architect Cyber Range Service A platform to experience the intelligent Cyber Security for the real world What I hear, I forget What I see, I remember What I
More informationCisco Techupdate November 17
Cisco Techupdate November 17 Stealthwatch Cloud, ETA brief & Tue s tips & tricks Tue Frei Nørgaard & Jesper Rathsach Consulting systems engineers, Cisco Security North team 9th November 2017 Introduktion
More informationCisco Advanced Malware Protection. May 2016
Cisco Advanced Malware Protection May 2016 The Reality Organizations Are Under Attack and Malware Is Getting in 95% of large companies targeted by malicious traffic 100% Cybercrime is lucrative, barrier
More informationCisco Enterprise Agreement
PSODGT-1076 Cisco Enterprise Agreement John Marshall, Global Director: Cisco Enterprise Agreement strategy Vinay Nichani, WW Software Sales Cisco Spark How Questions? Use Cisco Spark to communicate with
More informationThe Internet of Everything is changing Everything
The Internet of Everything is changing Everything Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763 Global Security Sales Organization Changing Business Models Any Device
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationInsights into your WLC with Wireless Streaming Telemetry
Insights into your WLC with Wireless Streaming Telemetry Jeremy Cohoe Technical Marketing Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this
More informationMcAfee Advanced Threat Defense
Advanced Threat Defense Detect advanced malware Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike
More informationHow to build a multi-layer Security Architecture to detect and remediate threats in real time
How to build a multi-layer Security Architecture to detect and remediate threats in real time Nikos Mourtzinos, CCIE #9763 Cisco Cyber Security Sales Specialist March 2018 Agenda Cisco Strategy Umbrella
More informationYour API Toolbelt Tools and techniques for testing, monitoring, and troubleshooting REST API requests
DEVNET-1631 Your API Toolbelt Tools and techniques for testing, monitoring, and troubleshooting REST API requests Adam Kalsey, Spark Developer Relations Cisco Spark How Questions? Use Cisco Spark to communicate
More informationVeč kot SDN - SDA arhitektura v uporabniških omrežjih
Več kot SDN - SDA arhitektura v uporabniških omrežjih Aleksander Kocelj SE Cisco Agenda - Introduction to Software Defined Access - Brief description on SDA - Cisco SDA Assurance - DEMO 2 New Requirements
More informationCisco Advanced Malware Protection (AMP) for Endpoints Security Testing
Cisco Advanced Malware Protection (AMP) for Endpoints Security Testing 7 September 2018 DR180821E Miercom.com www.miercom.com Contents 1.0 Executive Summary... 3 2.0 Test Summary... 4 3.0 Product Tested...
More informationInside Cisco IT: Secure, Simultaneous Access to Trusted and Untrusted Networks using C-Bridge
Inside Cisco IT: Secure, Simultaneous Access to Trusted and Untrusted Networks using C-Bridge Tom Woodard Cisco InfoSec Architect BRKCOC-1900 This solution solves business challenges by securely allowing
More informationAutomation and Programmability using Cisco Open NXOS and DevOps Tools
Automation and Programmability using Cisco Open NXOS and DevOps Tools Jeff Lester Sr. Solutions Integration Architect Matt Tarkington Consulting Engineer Services Cisco Spark How Questions? Use Cisco Spark
More informationCisco ASA Next-Generation Firewall Services
Q&A Cisco ASA Next-Generation Firewall Services Q. What are Cisco ASA Next-Generation Firewall Services? A. Cisco ASA Next-Generation Firewall Services are a modular security service that extends the Cisco
More informationFile Reputation Filtering and File Analysis
This chapter contains the following sections: Overview of, page 1 Configuring File Reputation and Analysis Features, page 5 File Reputation and File Analysis Reporting and Tracking, page 14 Taking Action
More informationCYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta
CYBER ANALYTICS Architecture Overview Technical Brief May 2016 novetta.com 2016, Novetta Novetta Cyber Analytics: Technical Architecture Overview 1 INTRODUCTION 2 CAPTURE AND PROCESS ALL NETWORK TRAFFIC
More informationDesigning Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015
Designing Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015 What Could It Cost You? Average of $0.58 a record According to the Verizon
More informationIntuit Application Centric ACI Deployment Case Study
Intuit Application Centric ACI Deployment Case Study Joon Cho, Principal Network Engineer, Intuit Lawrence Zhu, Solutions Architect, Cisco Agenda Introduction Architecture / Principle Design Rollout Key
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationThe Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company
The Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company November 12, 2014 Malware s Evolution Why the change? Hacking is profitable! Breaches and Malware are Projected to Cost $491
More informationCisco ASA with FirePOWER Services
Cisco ASA with FirePOWER Services TDM Thomas Jankowsky Consulting Systems Engineer May 2015 Introduction Industry s First Threat-Focused Next-Generation Firewall (NGFW) Proven Cisco ASA firewalling Industry-leading
More informationCisco Security Enterprise License Agreement
Cisco Security Enterprise License Agreement Deploy Software and Technology more easily The Cisco Security Enterprise Licensing Agreement (ELA) gives you a simpler way to manage your licenses. And it saves
More informationTRex Realistic Traffic Generator
DEVNET-1120 TRex Realistic Traffic Generator Hanoch Haim, Principal Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco
More informationIntroduction. Learning Network License Introduction
The following provides an introduction to installing the Cisco Stealthwatch Learning Network License (Learning Network License) platform, installing a controller on an ESXi host, and deploying an agent
More informationAutomated Threat Management - in Real Time. Vectra Networks
Automated Threat Management - in Real Time Security investment has traditionally been in two areas Prevention Phase Active Phase Clean-up Phase Initial Infection Key assets found in the wild $$$$ $$$ $$
More informationWHITE PAPER HIGH-FIDELITY THREAT INTELLIGENCE: UNDERSTANDING FALSE POSITIVES IN A MULTI-LAYER SECURITY STRATEGY
WHITE PAPER HIGH-FIDELITY THREAT INTELLIGENCE: UNDERSTANDING FALSE POSITIVES IN A MULTI-LAYER SECURITY STRATEGY Dave Dubois, Global Security Product Management Version: 1.0, Jan 2018 A Multi-Layer Approach
More informationDNA Automation Services Offerings
DNA Automation Services Offerings Jamie Owen, Solutions Architect, Cisco Advanced Services Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session
More informationUn SOC avanzato per una efficace risposta al cybercrime
Un SOC avanzato per una efficace risposta al cybercrime Identificazione e conferma di un incidente @RSAEMEA #RSAEMEASummit @masiste75 Mauro Costantini - Presales Consultant Agenda A look into the threat
More informationBorderless Networks. Tom Schepers, Director Systems Engineering
Borderless Networks Tom Schepers, Director Systems Engineering Agenda Introducing Enterprise Network Architecture Unified Access Cloud Intelligent Network & Unified Services Enterprise Networks in Action
More informationCisco UCS Director and ACI Advanced Deployment Lab
Cisco UCS Director and ACI Advanced Deployment Lab Michael Zimmerman, TME Vishal Mehta, TME Agenda Introduction Cisco UCS Director ACI Integration and Key Concepts Cisco UCS Director Application Container
More information