Network Security Monitoring with Flow Data
|
|
- Kerry Rich
- 5 years ago
- Views:
Transcription
1 Network Security Monitoring with Flow Data
2 IT Monitoring in Enterprises NPMD (Network Performance Monitoring & Diagnostics) SNMP basics Flow data for advanced analysis and troubleshooting Packet capture for specialties What about security? Different technology Different tools Different vendors
3 NPMD and Security Volumetric DDoS detection Anomaly detection Incident reporting
4 Neil MacDonald, VP Distinguished Analyst Gartner Security & Risk Management Summit, London 2015
5 What is Flow Data? Modern method for network monitoring flow measurement Cisco standard NetFlow v5/v9, IETF standard IPFIX Focused on L3/L4 information and volumetric parameters Real network traffic to flow statistics reduction ratio 500:1 Flow data
6 Flow Monitoring Principle Flow Export Start Duration Proto Src IP:Port Dst IP:Port Packets Bytes 9:35: TCP : > : :35: TCP :80 -> :
7 Flow Gathering Schemes Pros Probe on a SPAN port Probe on a TAP Flows from switch/router Accuracy Performance L2/L3/L4/L7 visibility Same as on a SPAN All packets captured Separates RX and TX Already available No additional HW Traffic on interfaces Cons Facts May reach capacity limit No interface number Fits most customers Limited SPANs number Additional HW 2 monitoring ports Usually inaccurate Visibility L3/L4 Performance impact Always test before use Use Enterprise networks ISP uplinks, DCs Branch offices (MPLS, )
8 Flow-Enabled Devices Network equipment (routers/switched) Traditional capability known for many years Firewalls, UTMs, load balancers, hypervisors Ongoing initiative of majority of vendors Packet brokers and matrix switches Convenient option
9 Flow-Based Traffic Analysis Network as a sensor concept (and enforcer) blogs.cisco.com/enterprise/the-network-as-a-security-sensor-and-enforcer Bridges the gap left by signature-based security Key technology for incident response Designed for multi 10G environment DDoS Anomaly detection Statistical analysis Volumetric DDoS detection Advanced data analysis algorithms Detection of non-volumetric anomalies
10 How L3/L4 Data Helps Security? Myth 1: Flow is sampled and highly inaccurate. This is true for sflow and NetFlow Lite For NetFlow/IPFIX this depends on flow source Probes and new network equipment do just fine Myth 2: Flow is limited to L3/L4 visibility. This is the original design but today s flow data come with L2 and L7 extensions (usually using IPFIX) Myth 3: You need continuous packet capture. Flows with L7 visibility + on-demand or triggered packet capture is cost efficient option
11 Flow vs. Packet Analysis Flow data Packet analysis Strong aspects Works in high-speed networks Resistant to encrypted traffic Visibility and reporting Network behavior analysis Full network traffic Enough details for troubleshooting Supports forensic analysis Signature based detection Weak aspects No application layer data Sometimes not enough details Sampling (routers, switches) Useless for encrypted traffic Usually too much details Very resource consuming Solution? Take advantage of strong aspects in one solution Versatile and flexible Probes for visibility into all network layers Flowmon long-term strategy
12 Probes (by Flowmon Networks) Versatile and flexible network appliances Monitoring ports convert packets to flows Un-sampled export in NetFlow v5/v9 or IPFIX Wire-speed, L2-L7 visibility, PCAPs when needed L2 MAC VLAN MPLS GRE tunnel OVT L3/L4 Standard items NPM metrics RTT, SRT, TTL, SYN size, ASN Geolocation L7 NBAR2 HTTP DNS DHCP SMB/CIFS VoIP (SIP)
13 Use Case: Enterprise Security NBAD: On-demand Triggered Packet Capture
14 Fighting Advanced Threats Network visibility is essential component of new protection strategies against advanced attacks.
15 Flowmon ADS Flowmon ADS Principles Machine Learning Adaptive Baselining Heuristics Behavior Patterns Reputation Databases
16 Traffic Analysis (Using Flows) Bridges the gap left by endpoint and perimeter security solutions Behavior based Anomaly Detection (NBA) Detection of security and operational issues Attacks on network services, network reconnaissance Infected devices and botnet C&C communication Anomalies of network protocols (DNS, DHCP, ) P2P traffic, TOR, on-line messengers, DDoS attacks and vulnerable services Configuration issues
17 SIEM Integration Event exporting (syslog based) NetFlow IPFIX Collection and Behavior Analysis Flowmon Collector & ADS Network Traffic Monitoring Syslog SNMP Event Collection and Correlation SIEM system Links Flowmon <-> Log Management Special vendor relationships IBM QRadar (whitepaper, integration SW package) ArcSight native support through CEF
18 Traffic overview, anomalies detected
19 Attacker activity (port scan, SSH authentication attack)
20 Victim of the attack, source of anomalies
21 Attacker is looking for potential victims And starts SSH attack That turns out to be successful
22 Few minutes after that breached device starts to communicate with botnet C&C
23 Botnet identification using Flowmon Threat Intelligence
24 Flow data on L2/L3/L4
25 Including L7 visibility
26 Full packet capture and packet trace (PCAP file)
27 Analysis of PCAP file with botnet C&C communication in Wireshark
28 Data exfiltration command via ICMP
29 Command to discover RDP servers
30 ICMP anomaly traffic with payload present
31 PCAP available, what is the ICMP payload?
32 Linux /etc/passwd file with user accounts and hash of passwords
33 Looking for Windows servers with RDP Attack against RDP services
34 Network Against Threats Flow monitoring including L7 Network Behavior Analysis Full packet capture Triggered by detection
35 Use Case: DDoS Protection Volumetric DDoS Detection Traffic Redirection and Mitigation Control
36 Enterprise Protection Strategy Enterprise perimeter scheme Limited number of uplinks and capacity DMZ Internet CPE In-line DDoS mitigation appliance All-in-one detection & mitigation out of the box Volumetric + application (L3/L4/L7) attacks coverage Up to the uplink capacity! LAN
37 Backbone Protection Strategy Backbone perimeter specifics Multiple peering points routers & uplinks Large transport capacity tens of gigabits easily In-line protection is close to impossible! flow export 1. Flow collection 2. DDoS detection 3. Routing control 4. Mitigation control Flow-based detection and out-of-path mitigation Easy and cost efficient to deploy in backbone/isp Prevents volumetric DDoS to reach enterprise perimeter
38 Flow-Based DDoS Protection Define customers = protected segments Usually by network subnets (simple) Configure rules for DDoS detection Multiple types of baselines per protected segment Set alerts Notify about attacks (humans & systems) Configure traffic diversion = changes in routing Divert traffic for mitigation of DDoS attack Configure mitigation control = scrubbing Integration with scrubbing equipment or services
39 Attack Detection For each segment, a set of baselines is learned from monitored traffic. The attack is detected if the current traffic exceeds defined threshold. Baseline is learned for: TCP traffic with specific flags UDP traffic ICMP traffic
40 Attack Reporting Start/end time Attack target Type and status Traffic volumes during attack/peace time Attack targets (top 10 dst IPs, source subnets, L4 protocols, TCP flags combinations )
41 Response to Attack Alerting , Syslog, SNMP trap Routing diversion PBR (Policy Based Routing) BGP (Border Gateway Protocol) BGP Flowspec RTBH (Remotely-Triggered Black Hole) User-defined scripting Automatic mitigation With out-of-band mitigation devices With services of Scrubbing centers
42 DDoS Protection Scenario 1 Out-of-path Mitigation
43 Out-of-Path Mitigation Anomaly Detection Mitigation Enforcement Dynamic Protection Policy Deployment incl. baselines and attack characteristics Traffic Diversion via BGP Route Injection Scrubbing center Flow Data Collection Learning Baselines Attack Attack path Clean path Protected Object 1 e.g. Data Center, Organization, Service etc Internet Service Provider Core Protected Object 2
44 DDoS Protection Scenario 2 Mitigation with BGP Flowspec
45 BGP Flowspec Requires dynamic signature of the attack Provides specific action to take with network traffic BGP Flowspec rules are based on Destination Prefix Source Prefix IP Protocol Destination port ICMP type ICMP code
46 BGP Flowspec Rule BGP Flowspec rules are proposed based on dynamic attack signature Manual or automatic trigger is available Default action can be modified Rule is pushed to routers via BGP session
47 BGP Flowspec Scenario Anomaly Detection Mitigation Enforcement Sending specific Route advertisement via BGP FlowSpec Dynamic signature: Dst IP: /32 Dst Port: 135 Protocol IP: 17 (UDP) Discard Flow Data Collection Learning Baselines Attack Protected Object 1 e.g. Data Center, Organization, Service etc Internet Service Provider Core Protected Object 2 Dropped traffic for Dst IP: /32 Dst Port: 135 Protocol IP: 17 (UDP)
48 Flowmon Networks
49 Customer references is an international vendor devoted to innovative network traffic & performance & security monitoring 700+ customers 30+ countries First 100G probes in the world Strong R&D background European origin
50 Technology partner of premium vendors The only vendor recognized in both NetFlow related Gartner reports network visibility & security MAGIC QUADRANT
51 Flowmon Portfolio Network Visibility IT Operations Security Network Performance Monitoring and Diagnostics Application Performance Monitoring Network Behavior Analysis NPMD APM NBA DDoS Detection & Mitigation
52 Flowmon Architecture Flow export from already deployed devices Flow data export + L7 monitoring Flow data collection, reporting, analysis Flowmon modules for advanced flow data analysis
53 Flowmon Architecture Flowmon Probes & Collectors Flowmon extension modules Flowmon Anomaly Detection Flowmon DDoS Defender Application Performance Monitoring Flowmon Traffic Recorder Network Visibility Troubleshooting IPFIX/NetFlow export Flowmon Collector Network Security Anomaly Detection Application Performance Monitoring DDoS Protection
54 User Perspective Next Generation Network Monitoring (NetFlow/IPFIX) Full network traffic visibility Close to real-time and historical data for LAN & WAN & Internet communications Network operation & connectivity cost optimization Effective troubleshooting Next Generation Network Security (NBA, NBAD) Bridges the gap left by endpoint and perimeter and signature based security solutions Behavior-based Anomaly Detection Detection of polymorphic malwares, zero days attacks, suspicious data transfers, behavior changes and various operational and configuration issues
55 User Perspective Full Packet Capture On-demand packet capture for troubleshooting and forensic analysis producing PCAP files Traffic capture capabilities on 1G/10G/40G Distributed architecture Application Performance Monitoring Agent-less monitoring of all user transactions No influence on target application Designed for HTTP/HTTPS and SQL applications DDoS Protection Flow-based detection of volumetric attacks Universal deployment scenarios (stand-alone, integrated, with scrubbing center) Traffic diversion and control of mitigation process
56 Summary Make Use of Flow Data
57 Levels of Visibility SNMP monitoring Amount of transferred data, number of packet, insufficient Flow monitoring (based on IP flows) Traffic structure visibility, anomaly detection and reporting Packet analysis For forensics and to deal with specific issues Basic monitoring Flowmon
58 Using Flow Data for Security Keep in mind that there is no silver bullet Security is balanced combination of technology, people, processes Flow data & Probes can help you with Moving the infrastructure monitoring into next level Traffic visibility, engineering and troubleshooting Performance reporting and analysis Bridging the gap left by signature-based products Detection and mitigation control of volumetric DDoS Incident response and on-demand full packet capture
59 Thank you Flowmon Networks, a.s. U Vodarny 2965/ Brno, Czech Republic
Flow-based Traffic Visibility
Flow-based Traffic Visibility Operations, Performance, Security Pavel Minařík, Chief Technology Officer What is Flow Data? Modern method for network monitoring flow measurement Cisco standard NetFlow v5/v9,
More informationFlow Measurement. For IT, Security and IoT/ICS. Pavel Minařík, Chief Technology Officer EMITEC, Swiss Test and Measurement Day 20 th April 2018
Flow Measurement For IT, Security and IoT/ICS Pavel Minařík, Chief Technology Officer EMITEC, Swiss Test and Measurement Day 20 th April 2018 What is Flow Data? Modern method for network monitoring flow
More informationIt s Flow Time! The Role and Importance of Flow Monitoring in Network Operations and Security
It s Flow Time! The Role and Importance of Flow Monitoring in Network Operations and Security Pavel Minařík, Chief Technology Officer Neutral Peering Days 2018, The Hague Your customers depend on your
More informationDDoS Protection in Backbone Networks Deployed at Trenka Informatik AG (www.trenka.ch)
DDoS Protection in Backbone Networks Deployed at Trenka Informatik AG (www.trenka.ch) Pavel Minarik, Chief Technology Officer SwiNOG meeting, 9 th Nov 2017 Backbone DDoS protection Backbone protection
More informationDDoS Protection in Backbone Networks
DDoS Protection in Backbone Networks The Czech Way Pavel Minarik, Chief Technology Officer Holland Strikes Back, 3 rd Oct 2017 Backbone DDoS protection Backbone protection is specific High number of up-links,
More informationMonitoring and diagnostics of data infrastructure problems in power engineering. Jaroslav Stusak, Sales Director CEE, Flowmon Networks
Monitoring and diagnostics of data infrastructure problems in power engineering Jaroslav Stusak, Sales Director CEE, Flowmon Networks 35,000 kilometers of electric power, which feeds around 740,000 clients...
More informationDriving Network Visibility
Flowmon Price List EUR Driving Network Visibility Flowmon Hardware Appliances... 2 Flowmon Virtual Appliances... 3 Flowmon Cloud... 3 Flowmon ADS Anomaly Detection System... 4 Flowmon DDoS Defender...
More informationNetwork Visibility or Advanced Security?
Network Visibility or Advanced Security? TechDays 2017 Roman Cupka, Regional Country Manager SEE roman.cupka@flowmon.com Who We Are Founded in 2007 as a University Spinoff International Network & Security
More informationHOW TO ANALYZE AND UNDERSTAND YOUR NETWORK
Handbook HOW TO ANALYZE AND UNDERSTAND YOUR NETWORK Part 3: Network Traffic Monitoring or Packet Analysis? by Pavel Minarik, Chief Technology Officer at Flowmon Networks www.flowmon.com In previous two
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationNext Generation Network Traffic Monitoring and Anomaly Detection. Petr Springl
Next Generation Network Traffic Monitoring and Anomaly Detection Petr Springl springl@invea-tech.com INVEA-TECH University spin-off company 10 years of development, participation in EU funded projects
More informationRethinking Security: The Need For A Security Delivery Platform
Rethinking Security: The Need For A Security Delivery Platform Cybercrime In Asia: A Changing Environment & Shifting Focus Asia, more vulnerable to cybercrime because of diversity and breadth of countries
More informationEnhancing DDoS protection TAYLOR HARRIS SECURITY ENGINEER
Enhancing DDoS protection TAYLOR HARRIS SECURITY ENGINEER Overview DDoS Evolution Typical Reactive/Proactive Mitigation Challenges and Obstacles BGP Flowspec Automated Flowspec Mitigation 2 DDoS Evolution
More informationMonitoring and Threat Detection
Monitoring and Threat Detection with Netflow Michael Belan Consulting Systems Engineer Cisco GSSO January 2017 AGENDA What is SW? Where does it fit in overall Cisco Security framework? What is SW? What
More informationplixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels
Scrutinizer Competitor Worksheet Scrutinizer Malware Incident Response Scrutinizer is a massively scalable, distributed flow collection system that provides a single interface for all traffic related to
More informationOpenFlow: What s it Good for?
OpenFlow: What s it Good for? Apricot 2016 Pete Moyer pmoyer@brocade.com Principal Solutions Architect Agenda SDN & OpenFlow Refresher How we got here SDN/OF Deployment Examples Other practical use cases
More informationF5 DDoS Hybrid Defender : Setup. Version
F5 DDoS Hybrid Defender : Setup Version 13.1.0.3 Table of Contents Table of Contents Introducing DDoS Hybrid Defender... 5 Introduction to DDoS Hybrid Defender...5 DDoS deployments... 5 Example DDoS Hybrid
More informationData Sheet. DPtech Anti-DDoS Series. Overview. Series
Data Sheet DPtech Anti-DDoS Series DPtech Anti-DDoS Series Overview DoS (Denial of Service) leverage various service requests to exhaust victims system resources, causing the victim to deny service to
More informationFlowMon ADS implementation case study
FlowMon ADS implementation case study Kamil Doležel Kamil.dolezel@advaict.com AdvaICT, a.s. Brno, Czech Republic Abstract FlowMon ADS implementation provides completely new insight into networks of all
More informationComprehensive datacenter protection
Comprehensive datacenter protection There are several key drivers that are influencing the DDoS Protection market: DDoS attacks are increasing in frequency DDoS attacks are increasing in size DoS attack
More informationVisual TruView Unified Network and Application Performance Management Focused on the Experience of the End User
Visual TruView Unified Network and Application Performance Management Focused on the Experience of the End User BUSINESS CHALLENGE Problems can occur anywhere from the physical layer to wireless, across
More informationThe Future of Threat Prevention
The Future of Threat Prevention Bricata is the leading developer of Next Generation Intrusion Prevention Systems (NGIPS) technology, providing innovative, disruptive, high-speed, high-performance network
More informationFighting the Shadows: How to Stop Real-world Cybersecurity Application Threats That You Can t See
Fighting the Shadows: How to Stop Real-world Cybersecurity Application Threats That You Can t See Louis Scialabba Carrier Solutions Marketing Nov 2015 November 16, 2015 Topics What s New in Cybersecurity
More informationERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016
Abstract The Mirai botnet struck the security industry in three massive attacks that shook traditional DDoS protection paradigms, proving that the Internet of Things (IoT) threat is real and the grounds
More informationUnderstanding Cisco Cybersecurity Fundamentals
210-250 Understanding Cisco Cybersecurity Fundamentals NWExam.com SUCCESS GUIDE TO CISCO CERTIFICATION Exam Summary Syllabus Questions Table of Contents Introduction to 210-250 Exam on Understanding Cisco
More informationListening to the Network: Leveraging Network Flow Telemetry for Security Applications Darren Anstee EMEA Solutions Architect
Listening to the Network: Leveraging Network Flow Telemetry for Security Applications Darren Anstee EMEA Solutions Architect Introduction Security has an increased focus from ALL businesses, whether they
More informationFlowmon. IPv6 Summit & SINOG mee=ng Andrej Vnuk, network&security
Flowmon IPv6 Summit & SINOG mee=ng 2016 Andrej Vnuk, network&security andrej.vnuk@alef.com ALEF distribucija SI VAD for infrastructure: NetApp leading storage vendor in Europe VAD for Network and Security:
More informationImplementing Cisco Cybersecurity Operations
210-255 Implementing Cisco Cybersecurity Operations NWExam.com SUCCESS GUIDE TO CISCO CERTIFICATION Exam Summary Syllabus Questions Table of Contents Introduction to 210-255 Exam on Implementing Cisco
More informationSOLUTION BRIEF: AN END-TO-END DATA CENTER MONITORING SOLUTION VISIT
SOLUTION BRIEF: AN END-TO-END DATA CENTER MONITORING SOLUTION VISIT WWW.PROFITAP.COM Flowmon and Profitap s joint solution offers the most efficient end-toend monitoring platform you can get for a high-speed
More informationSeceon s Open Threat Management software
Seceon s Open Threat Management software Seceon s Open Threat Management software (OTM), is a cyber-security advanced threat management platform that visualizes, detects, and eliminates threats in real
More informationCIH
mitigating at host level, 23 25 at network level, 25 26 Morris worm, characteristics of, 18 Nimda worm, characteristics of, 20 22 replacement login, example of, 17 signatures. See signatures SQL Slammer
More informationStealthwatch ülevaade + demo ja kasutusvõimalused. Leo Lähteenmäki
Stealthwatch ülevaade + demo ja kasutusvõimalused Leo Lähteenmäki 09:00-9:30 Hommikukohv ja registreerimine 09:30 11:15 Stealthwatch ülevaade + demo ja kasutusvõimalused 11:00 11:15 Kohvipaus 11:15 12:00
More informationDetecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0
Detecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0 April 9, 2012 Introduction One of the earliest indicators of an impending network attack is the presence of network reconnaissance.
More informationCompTIA Network+ Study Guide Table of Contents
CompTIA Network+ Study Guide Table of Contents Course Introduction Table of Contents Getting Started About This Course About CompTIA Certifications Module 1 / Local Area Networks Module 1 / Unit 1 Topologies
More informationIntroduction to Netflow
Introduction to Netflow Campus Network Design & Operations Workshop These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)
More informationCisco Security Manager 4.1: Integrated Security Management for Cisco Firewalls, IPS, and VPN Solutions
Data Sheet Cisco Security Manager 4.1: Integrated Security Management for Cisco Firewalls, IPS, and VPN Solutions Security Operations Challenges Businesses are facing daunting new challenges in security
More informationFlows at Masaryk University Brno
Flows at Masaryk University Brno Jan Vykopal Masaryk University Institute of Computer Science GEANT3/NA3/T4 meeting October 21st, 2009, Belgrade Masaryk University, Brno, Czech Republic The 2nd largest
More informationDDoS Detection&Mitigation: Radware Solution
DDoS Detection&Mitigation: Radware Solution Igor Urosevic Head of Technical Department SEE CCIE #26391 Ingram Micro Inc. 1 Agenda DDoS attack overview Main point of failures Key challenges today DDoS protection
More informationNetwork Management and Monitoring
Network Management and Monitoring Introduction to Netflow These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)
More informationAndrisoft Wanguard. On-premise anti-ddos solution. Carrier-grade DDoS detection and mitigation software. Product Data Sheet Wanguard 6.
Carrier-grade DDoS detection and mitigation software Andrisoft Wanguard On-premise anti-ddos solution Andrisoft Wanguard is enterprise-grade software that delivers to NOC, IT and Security teams the functionality
More informationScrutinizer Flow Analytics
Scrutinizer Flow Analytics TM Scrutinizer Flow Analytics Scrutinizer Flow Analytics is an expert system that highlights characteristics about the network. It uses flow data across dozens or several hundred
More informationSecurity by BGP 101 Building distributed, BGP-based security system
Security by BGP 101 Building distributed, BGP-based security system Łukasz Bromirski lukasz@bromirski.net May 2017, CERT EE meeting Roadmap for the session BGP as security mechanism BGP blackholing project
More informationDetecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0
Detecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0 April 9, 2012 Comments and errata should be directed to: cyber- tm@cisco.com Introduction One of the most common network
More informationThis course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N
CompTIA Network+ (Exam N10-007) Course Description: CompTIA Network+ is the first certification IT professionals specializing in network administration and support should earn. Network+ is aimed at IT
More informationCisco Day Hotel Mons Wednesday
Cisco Day 2016 20.4.2016 Hotel Mons Wednesday Three Friends in Security : Identity, Visibility and Enforcement Stop the bad guys immediately György Ács IT Security Consulting Systems Engineer 20 April
More informationCisco Cyber Threat Defense Solution 1.0
Cisco Cyber Threat Defense Solution 1.0 Contents 1. Introduction to the Cisco Cyber Threat Defense Solution 1.0 2. Technical overview of the Cisco Cyber Threat Defense Solution 1.0 3. Using the Cisco Cyber
More informationCorrigendum 3. Tender Number: 10/ dated
(A premier Public Sector Bank) Information Technology Division Head Office, Mangalore Corrigendum 3 Tender Number: 10/2016-17 dated 07.09.2016 for Supply, Installation and Maintenance of Distributed Denial
More informationCISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1
CISCO BORDERLESS NETWORKS 2009 Cisco Systems, Inc. All rights reserved. 1 Creating New Business Models The Key Change: Putting the Interaction Where the Customer Is Customer Experience/ Innovation Productivity/
More informationMcAfee Network Security Platform Administration Course
McAfee Network Security Platform Administration Course Education Services administration course The McAfee Network Security Platform Administration course from McAfee Education Services is an essential
More informationIBM Proventia Network Anomaly Detection System
Providing enterprise network visibility and internal network protection IBM Proventia Network Anomaly Detection System Enhanced network intelligence and security for enterprise networks IBM Proventia Network
More informationIBM Security QRadar Version Architecture and Deployment Guide IBM
IBM Security QRadar Version 7.3.1 Architecture and Deployment Guide IBM Note Before you use this information and the product that it supports, read the information in Notices on page 41. Product information
More informationPROTECTING INFORMATION ASSETS NETWORK SECURITY
PROTECTING INFORMATION ASSETS NETWORK SECURITY PAUL SMITH 20 years of IT experience (desktop, servers, networks, firewalls.) 17 years of engineering in enterprise scaled networks 10+ years in Network Security
More informationIncrease Threat Detection & Incident Response
Martin Rudd Carrier Scale Network Security: Increase Threat Detection & Incident Response www.telesoft-technologies.com copyright 2017 by Telesoft Technologies. All rights reserved. Agenda Brief bio Threat
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationProCurve Network Immunity
ProCurve Network Immunity Hans-Jörg Elias Key Account Manager hans-joerg.elias@hp.com 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
More informationStealthwatch and Cognitive Analytics Configuration Guide (for Stealthwatch System v6.10.x)
Stealthwatch and Cognitive Analytics Configuration Guide (for Stealthwatch System v6.10.x) Copyrights and Trademarks 2018 Cisco Systems, Inc. All rights reserved. NOTICE THE SPECIFICATIONS AND INFORMATION
More informationForeScout Agentless Visibility and Control
ForeScout Agentless Visibility and Control ForeScout Technologies has pioneered an agentless approach to network security that effectively helps address the challenges of endpoint visibility and control
More informationFloCon Netflow Collection and Analysis at a Tier 1 Internet Peering Point. San Diego, CA. Fred Stringer
10 January 2017 FloCon 2017 San Diego, CA Netflow Collection and Analysis at a Tier 1 Internet Peering Point Fred Stringer AT&T Chief Security Organization Systems Engineer/Network Architect AT&T Intellectual
More informationTHE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson
THE RSA NETWITNESS SUITE REINVENT YOUR SIEM Presented by: Walter Abeson 1 Reality Goals GOALS VERSUS REALITY OF SIEM 1.0 Single compliance & security interface Analyze & prioritize alerts across various
More informationClean Pipe Solution 2.0
Clean Pipes 2.0 1 Clean Pipe Solution 2.0 Executive Summary...3 Best Current Practices...5 Network Infrastructure BCPs...5 Host Based BCPs...5 Dedicated DDoS BCPs...6 Cisco Clean Pipes Solution Overview...6
More informationRadware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper
Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Table of Contents Abstract...3 Understanding Online Business
More informationTrisul Network Analytics - Traffic Analyzer
Trisul Network Analytics - Traffic Analyzer Using this information the Trisul Network Analytics Netfllow for ISP solution provides information to assist the following operation groups: Network Operations
More informationIBM Aurora Flow-Based Network Profiling System
IBM Aurora Flow-Based Network Profiling System Technical Aspects http://www.zurich.ibm.com/aurora/ Email: Jeroen Massar SwiNOG #15 4 December 2007 www.zurich.ibm.com/aurora
More informationCisco Cyber Range. Paul Qiu Senior Solutions Architect
Cisco Cyber Range Paul Qiu Senior Solutions Architect Cyber Range Service A platform to experience the intelligent Cyber Security for the real world What I hear, I forget What I see, I remember What I
More informationAutomated Threat Management - in Real Time. Vectra Networks
Automated Threat Management - in Real Time Security investment has traditionally been in two areas Prevention Phase Active Phase Clean-up Phase Initial Infection Key assets found in the wild $$$$ $$$ $$
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationHost Identity Sources
The following topics provide information on host identity sources: Overview: Host Data Collection, on page 1 Determining Which Host Operating Systems the System Can Detect, on page 2 Identifying Host Operating
More informationAffordable High-Speed Sensors Everywhere. ntop Meetup Flocon 2016, Daytona Beach Jan 13th 2016
Affordable High-Speed Sensors Everywhere ntop Meetup Flocon 2016, Daytona Beach Jan 13th 2016 Welcome to the ntop Meetup Meeting Goals: Meet ntop users Describe our ideas and plans for 2016 Hear your comments
More informationCisco DDoS Solution Clean Pipes Architecture
Cisco DDoS Solution Clean Pipes Architecture Dynamic filters to block attack sources Anti-spoofing to block spoofed packets Legitimate traffic Rate limits Dynamic & Static Filters Active Statistical Verification
More informationChapter 10: Denial-of-Services
Chapter 10: Denial-of-Services Technology Brief This chapter, "Denial-of-Service" is focused on DoS and Distributed Denial-of-Service (DDOS) attacks. This chapter will cover understanding of different
More informationCisco dan Hotel Crowne Plaza Beograd, Srbija.
Cisco dan 31. 3. 2016. Hotel Crowne Plaza Beograd, Srbija www.ciscoday.com Three Friends in Security : Identity, Visibility and Enforcement Stop the bad guys immediately György Ács IT Security Consulting
More informationCisco ISR G2 Management Overview
Cisco ISR G2 Management Overview Introduction The new Cisco Integrated Services Routers Generation 2 (ISR G2) Family of routers delivers the borderless network that can transform the branch office and
More informationPrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps
PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : 642-541 Title : VPN and Security Cisco SAFE Implementation Exam (CSI) Vendors : Cisco
More informationInline DDoS Protection versus Scrubbing Center Solutions. Solution Brief
Inline DDoS Protection versus Scrubbing Center Solutions Solution Brief Contents 1 Scrubbing Center vs. Inline DDoS Inspection and Mitigation... 1 2 Scrubbing Center... 2 2.1 Scrubbing Center Architecture...
More informationMULTINATIONAL BANKING CORPORATION INVESTS IN ROUTE ANALYTICS TO AVOID OUTAGES
MULTINATIONAL BANKING CORPORATION INVESTS IN ROUTE ANALYTICS TO AVOID OUTAGES CASE STUDY Table of Contents Organization Background and Network Summary 3 Outage Precursor and Impact 3 Outage Analysis 4
More informationValidation of the Network-based Dictionary Attack Detection
Validation of the Network-based Dictionary Attack Detection Jan Vykopal vykopal@ics.muni.cz Tomáš Plesník plesnik@ics.muni.cz Institute of Computer Science Masaryk University Brno, Czech Republic Pavel
More informationCCNA Exploration Network Fundamentals
CCNA Exploration 4.0 1. Network Fundamentals The goal of this course is to introduce you to fundamental networking concepts and technologies. These online course materials will assist you in developing
More informationBackscatter A viable tool for threat of the past and today. Barry Raveendran Greene March 04, 2009
Backscatter A viable tool for threat of the past and today Barry Raveendran Greene March 04, 2009 bgreene@senki.org Agenda Backscatter: What is it? VzB s use with the Backscatter Traceback Technique. Using
More informationApplication Note. Microsoft OCS 2007 Configuration Guide
Application Note Microsoft OCS 2007 Configuration Guide 15 October 2009 Microsoft OCS 2007 Configuration Guide Table of Contents 1 MICROSOFT OCS 2007 AND INGATE... 1 1.1 SIP TRUNKING SUPPORT... 2 2 INGATE
More informationTALK. agalaxy FOR THUNDER TPS REAL-TIME GLOBAL DDOS DEFENSE MANAGEMENT WITH A10 DATA SHEET DDOS DEFENSE MONITORING AND MANAGEMENT
DATA SHEET agalaxy FOR THUNDER TPS DDOS DEFENSE MONITORING AND MANAGEMENT The A10 agalaxy management system is integrated with PLATFORMS the Thunder TPS (Threat Protection System) for DDoS protection.
More informationMaster Course Computer Networks IN2097
Chair for Network Architectures and Services Prof. Carle Department for Computer Science TU München Master Course Computer Networks IN2097 Chapter 7 - Network Measurements Introduction Architecture & Mechanisms
More informationASA/PIX Security Appliance
I N D E X A AAA, implementing, 27 28 access to ASA/PIX Security Appliance monitoring, 150 151 securing, 147 150 to websites, blocking, 153 155 access control, 30 access policies, creating for web and mail
More informationTransforming the Cisco WAN with Network Intelligence
Transforming the Cisco WAN with Network Intelligence Introduction Branch office networks and the enterprise WAN are in a state of dramatic transformation, driven by three key trends. Enterprises are using
More informationRequest for Proposal (RFP) for Supply and Implementation of Firewall for Internet Access (RFP Ref )
Appendix 1 1st Tier Firewall The Solution shall be rack-mountable into standard 19-inch (482.6-mm) EIA rack. The firewall shall minimally support the following technologies and features: (a) Stateful inspection;
More informationCubro Packetmaster EX12
Cubro Packetmaster EX12 PRODUCT OVERVIEW Network Packet Broker (NPB) At a glance Definition The Packetmaster EX12 is a network packet broker and network controller switch that aggregates, filters and load
More informationModular Policy Framework. Class Maps SECTION 4. Advanced Configuration
[ 59 ] Section 4: We have now covered the basic configuration and delved into AAA services on the ASA. In this section, we cover some of the more advanced features of the ASA that break it away from a
More informationMonitoring network bandwidth on routers and interfaces; Monitoring custom traffic on IP subnets and IP subnets groups; Monitoring end user traffic;
NetVizura NetFlow Analyzer enables you to collect, store and analyze network traffic data by utilizing Cisco NetFlow, IPFIX, NSEL, sflow and compatible netflow-like protocols. It allows you to visualize
More informationAnalyzing Huge Data for Suspicious Traffic. Christian Landström, Airbus DS
Analyzing Huge Data for Suspicious Traffic Christian Landström, Airbus DS Topics - Overview on security infrastructure - Strategies for network defense - A look at malicious traffic incl. Demos - How Wireshark
More information1. Intrusion Detection and Prevention Systems
1. Intrusion Detection and Prevention Systems Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which
More informationSD-WAN Deployment Guide (CVD)
SD-WAN Deployment Guide (CVD) All Cisco Meraki security appliances are equipped with SD-WAN capabilities that enable administrators to maximize network resiliency and bandwidth efficiency. This guide introduces
More informationCisco Security Monitoring, Analysis and Response System 4.2
Q&A Cisco Security Monitoring, Analysis and Response System 4.2 GENERAL Q. What is the Cisco Security Monitoring, Analysis and Response System? A. The Cisco Security Monitoring, Analysis and Response System
More informationCHCSS. Certified Hands-on Cyber Security Specialist (510)
CHCSS Certified Hands-on Cyber Security Specialist () SYLLABUS 2018 Certified Hands-on Cyber Security Specialist () 2 Course Description Entry level cyber security course intended for an audience looking
More informationsnoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection
Snoc DDoS Protection Fast Secure Cost effective sales@.co.th www..co.th securenoc Introduction Snoc 3.0 Snoc DDoS Protection provides organizations with comprehensive protection against the most challenging
More informationCisco Performance Routing
Cisco Performance Routing As enterprise organizations grow their businesses, the demand for real-time application performance and a better application experience for users increases. For example, voice
More informationPaloalto Networks PCNSA EXAM
Page No 1 m/ Paloalto Networks PCNSA EXAM Palo Alto Networks Certified Network Security Administrator Product: Full File For More Information: /PCNSA-dumps 2 Product Questions: 50 Version: 8.0 Question:
More informationImma Chargin Mah Lazer
Imma Chargin Mah Lazer How to protect against (D)DoS attacks Oliver Matula omatula@ernw.de #2 Denial of Service (DoS) Outline Why is (D)DoS protection important? Infamous attacks of the past What types
More informationVisibility: The Foundation of your Cybersecurity Infrastructure. Marlin McFate Federal CTO, Riverbed
Visibility: The Foundation of your Cybersecurity Infrastructure Marlin McFate Federal CTO, Riverbed Detection is Only One Part of the Story Planning and Remediation are just as critical 20 18 Hackers Went
More informationEFFECTIVE SERVICE PROVIDER DDOS PROTECTION THAT SAVES DOLLARS AND MAKES SENSE
SOLUTION BRIEF EFFECTIVE SERVICE PROVIDER DDOS PROTECTION THAT SAVES DOLLARS AND MAKES SENSE Building effective, affordable and scalable DDoS defense, then monetizing investments with value added scrubbing
More informationADVANCED, UNKNOWN MALWARE IN THE HEART OF EUROPE
ADVANCED, UNKNOWN MALWARE IN THE HEART OF EUROPE AGENDA Network Traffic Analysis: What, Why, Results Malware in the Heart of Europe Bonus Round 2 WHAT: NETWORK TRAFFIC ANALYSIS = Statistical analysis,
More informationddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks
ddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks 2 WHAT IS A DDOS-ATTACK AND WHY ARE THEY DANGEROUS? Today's global network is a dynamically developing
More information