Hidden Figures: Securing what you cannot see

Size: px
Start display at page:

Download "Hidden Figures: Securing what you cannot see"

Transcription

1

2 Hidden Figures: Securing what you cannot see TK Keanini, Distinguished Engineer Stealthwatch, Advanced Threat Solutions CID-0006

3 Hello My Name is TK Keanini Keanini (Pronounced Kay-Ah-Nee-Nee) TK: The past 53 years in a nutshell 3

4 Agenda The problem responsible for the innovation Overview of Encrypted Traffic Analytics Encrypted Traffic Analytics Outcomes Encrypted Traffic Analytics Solution Conclusion

5 Networks are becoming more and more opaque! Chrome will start marking all HTTP sites as not secure in July

6 The new threat landscape Organizations are at risk 38% 81% 41% 64% 62% of organizations have been victims of a cyber attack of attackers used encryption to evade detection cannot detect malicious content in encrypted traffic Decrypt Do not decrypt New attack vectors Employees browsing over HTTPS: Malware infection, covert channel with command and control server, data exfiltration Employees on internal network connecting to DMZ servers: Lateral propagation of encrypted threats Source: Ponemon Report, 2016

7 Malicious Activity within Encrypted Traffic Attackers embrace encryption to conceal their command-and-control activity November % 19% October % 70% 12% Increase 268% Increase Global Encrypted Web Traffic Malicious Sandbox Binaries with Encryption

8 Now Available: Cisco Encrypted Traffic Analytics Industry s first network with the ability to find threats in encrypted traffic without decryption Avoid, stop, or mitigate threats faster then ever before Real-time flow analysis for better visibility Encrypted traffic Non-encrypted traffic Privacy AND Security

9 Artificial Intelligence/Machine Learning Cisco research Known Malware Traffic Known Benign Traffic Extract Observable Features in the Data Employ Machine Learning techniques to build detectors Known Malware sessions detected in encrypted traffic with high accuracy Identifying Encrypted Malware Traffic with Contextual Flow Data AISec 16 Blake Anderson, David McGrew (Cisco Fellow)

10 ETA Solution Overview Telemetry Exporter* Cisco Stealthwatch NetFlow Telemetry for encrypted malware detection and cryptographic compliance Metadata Machine Learning Malware detection and cryptographic compliance Enhanced NetFlow Leveraged network Faster investigation Higher precision Stronger protection Enhanced NetFlow from Cisco s newest switches and routers Enhanced analytics and machine learning Global-to-local knowledge correlation Continuous Enterprise-wide compliance

11 How can we inspect encrypted traffic? Initial data packet Make the most of the unencrypted fields Sequence of packet lengths and times Identify the content type through the size and timing of packets Global risk map Who s who of the Internet s dark side C2 message Data exfiltration Self-Signed certificate Broad behavioral information about the servers on the Internet.

12 Multi-Layer Machine Learning Initial data packet Multi-layer Machine Learning Global risk map Sequence of packet lengths and times

13 Encrypted Traffic Analytics: Example Incident

14 Cryptographic Compliance

15 How much of your digital business travels in the clear versus encrypted?

16 Encryption details on all network flows

17 Filter Flows by TLS/SSL BRK SEC-

18 The ETA Solution Set

19 ETA expands into the cloud and branch offices NEW NEW Campus Branch Cloud Catalyst 9000 ISR & ASR CSR 1000V Devices generating ETA telemetry

20 What do you buy? Licensing / packaging Solution element Software version License Enterprise switches (Cisco Catalyst 9000 Series)* Cisco IOS XE Included in Cisco DNA Advantage license/ Cisco ONE Advanced Branch routers (ASR 1000 Series, 4000 Series ISR, CSR, ISRv, 1100 Series ISR)** Stealthwatch Enterprise Cisco IOS XE v Included in SEC/k9 license Cisco ONE foundation Management Console, Flow Collector, Flow Rate License *C9300 series with , C9400 series available with **Available for Proof of Concept (PoC) with , General availability in

21 Conclusion Nearly all network communication is encrypted these days. Decryption is not a viable option. ETA is a solution set! It is not a product. o Branch, WAN and Cloud routers o Campus switches o Cisco Stealthwatch Enterprise ETA delivers two outcomes: o Cryptographic compliance. o Detection of malicious traffic in encrypted traffic WITHOUT decryption.

22 Thank you

23

Encrypted Traffic Analytics

Encrypted Traffic Analytics Encrypted Traffic Analytics Introduction The rapid rise in encrypted traffic is changing the threat landscape. As more businesses become digital, a significant number of services and applications are using

More information

How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption

How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption Nikos Mourtzinos, CCIE #9763 Cisco Cyber Security Sales Specialist April 2018 New

More information

Applied Advanced Network Telemetry: ETA and Beyond

Applied Advanced Network Telemetry: ETA and Beyond BRKSEC-2809 Applied Advanced Network Telemetry: ETA and Beyond TK Keanini, Principal Engineer Blake Anderson, Technical Leader Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker

More information

Encrypted Traffic Security (ETS) White Paper

Encrypted Traffic Security (ETS) White Paper Encrypted Traffic Security (ETS) White Paper The rapid rise in encrypted traffic is changing the security landscape. As more organizations become digital, an increasing number of services and applications

More information

Cisco Encrypted Traffic Analytics Security Performance Validation

Cisco Encrypted Traffic Analytics Security Performance Validation Cisco Encrypted Traffic Analytics Security Performance Validation March 2018 DR180222D Miercom.com www.miercom.com Contents 1.0 Executive Summary... 3 2.0 About the Product Tested... 5 3.0 How We Did It...

More information

Demystifying Machine Learning

Demystifying Machine Learning Demystifying Machine Learning Dmitry Figol, WW Enterprise Sales Systems Engineer - Programmability @dmfigol CTHRST-1002 Agenda Machine Learning examples What is Machine Learning Types of Machine Learning

More information

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics Solution Overview Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics BENEFITS Gain visibility across all network conversations, including east-west and north-south

More information

Machine Learning with Python

Machine Learning with Python DEVNET-2163 Machine Learning with Python Dmitry Figol, SE WW Enterprise Sales @dmfigol Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session

More information

Encrypted Traffic Analytics Deployment Guide

Encrypted Traffic Analytics Deployment Guide Cisco Validated design Encrypted Traffic Analytics Deployment Guide December 2017 Table of Contents Table of Contents Introduction... 1 Design Overview... 2 Components at a Glance...6 Use Cases... 10 Crypto

More information

Enhanced Threat Detection, Investigation, and Response

Enhanced Threat Detection, Investigation, and Response Enhanced Threat Detection, Investigation, and Response What s new in Cisco Stealthwatch Enterprise Release 6.10.2 Cisco Stealthwatch Enterprise is a comprehensive visibility and security analytics solution

More information

Why Most IoT Projects Fail And how to ensure success with OSIsoft and Cisco Kinetic

Why Most IoT Projects Fail And how to ensure success with OSIsoft and Cisco Kinetic Why Most IoT Projects Fail And how to ensure success with OSIsoft and Cisco Kinetic Presented by Stephen Friedenthal, IoT Solutions Architect About Cisco Systems, Inc. San Fran Companies want to derive

More information

Battle between hackers and machine learning. Alexey Lukatsky Cybersecurity Business Consultant April 03, 2019

Battle between hackers and machine learning. Alexey Lukatsky Cybersecurity Business Consultant April 03, 2019 Battle between hackers and machine learning Alexey Lukatsky Cybersecurity Business Consultant April 03, 2019 Google: facts and numbers Real Cisco Big Data for Security Training Set Why is Machine Learning

More information

Compare Security Analytics Solutions

Compare Security Analytics Solutions Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch

More information

Cisco Techupdate November 17

Cisco Techupdate November 17 Cisco Techupdate November 17 Stealthwatch Cloud, ETA brief & Tue s tips & tricks Tue Frei Nørgaard & Jesper Rathsach Consulting systems engineers, Cisco Security North team 9th November 2017 Introduktion

More information

Stealthwatch ülevaade + demo ja kasutusvõimalused. Leo Lähteenmäki

Stealthwatch ülevaade + demo ja kasutusvõimalused. Leo Lähteenmäki Stealthwatch ülevaade + demo ja kasutusvõimalused Leo Lähteenmäki 09:00-9:30 Hommikukohv ja registreerimine 09:30 11:15 Stealthwatch ülevaade + demo ja kasutusvõimalused 11:00 11:15 Kohvipaus 11:15 12:00

More information

Cisco ONE Software Overview. October 2017

Cisco ONE Software Overview. October 2017 Cisco ONE Software Overview October 2017 Agenda Why Cisco ONE Software and the Outcome Offers and Use Case Access (Wireless and Switching) WAN Cloud and Compute DC Networking Smart Accounts Resources Cisco

More information

Transforming the Network for the Digital Business

Transforming the Network for the Digital Business Transforming the Network for the Digital Business Driven by Software Defined Platforms Hugo Padilla Prad Enterprise Networks Digital Acceleration Team CCIE Emeritus #12444 Cisco Forum Kiev, November 14

More information

Introduction. Learning Network License Introduction

Introduction. Learning Network License Introduction The following provides an introduction to installing the Cisco Stealthwatch Learning Network License (Learning Network License) platform, installing a controller on an ESXi host, and deploying an agent

More information

THE NETWORK. INTUITIVE. Powered by intent, informed by context. Rajinder Singh Product Sales Specialist - ASEAN August 2017

THE NETWORK. INTUITIVE. Powered by intent, informed by context. Rajinder Singh Product Sales Specialist - ASEAN August 2017 THE NETWORK. INTUITIVE. Powered by intent, informed by context. Rajinder Singh Product Sales Specialist - ASEAN August 2017 The Network. Intuitive. Constantly learning, adapting and protecting. L E A R

More information

The Future of Threat Prevention

The Future of Threat Prevention The Future of Threat Prevention Bricata is the leading developer of Next Generation Intrusion Prevention Systems (NGIPS) technology, providing innovative, disruptive, high-speed, high-performance network

More information

Classifying Encrypted Traffic with TLSaware

Classifying Encrypted Traffic with TLSaware Classifying Encrypted Traffic with TLSaware Telemetry Blake Anderson, David McGrew, and Alison Kendler blaander@cisco.com, mcgrew@cisco.com, alkendle@cisco.com FloCon 2016 Problem Statement I need to understand

More information

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson THE RSA NETWITNESS SUITE REINVENT YOUR SIEM Presented by: Walter Abeson 1 Reality Goals GOALS VERSUS REALITY OF SIEM 1.0 Single compliance & security interface Analyze & prioritize alerts across various

More information

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Cisco Cloud Security. How to Protect Business to Support Digital Transformation Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,

More information

Segment Your Network for Stronger Security

Segment Your Network for Stronger Security Segment Your Network for Stronger Security Protecting Critical Assets with Cisco Security 2017 Cisco and/or its affiliates. All rights reserved. 2017 Cisco and/or its affiliates. All rights reserved. The

More information

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1 Mobility Cloud Threat Customer centric

More information

Cisco Ransomware Defense The Ransomware Threat Is Real

Cisco Ransomware Defense The Ransomware Threat Is Real Cisco Ransomware Defense The Ransomware Threat Is Real Seguridad Integrada Abril 2018 Ransomware B Malicious Software Encrypts Critical Data Demands Payment Permanent Data Loss Business Impacts Ramifications

More information

Network Automation and Branch Agility The Network Helps Enable Digital Business. Rajinder Singh Product Sales Specialist June 2016

Network Automation and Branch Agility The Network Helps Enable Digital Business. Rajinder Singh Product Sales Specialist June 2016 Network Automation and Branch Agility The Network Helps Enable Digital Business Rajinder Singh Product Sales Specialist June 2016 Agenda WAN Market Drivers Cisco Intelligent WAN (IWAN) Cisco Intelligent

More information

Monitoring and Threat Detection

Monitoring and Threat Detection Monitoring and Threat Detection with Netflow Michael Belan Consulting Systems Engineer Cisco GSSO January 2017 AGENDA What is SW? Where does it fit in overall Cisco Security framework? What is SW? What

More information

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

Cisco Cyber Range. Paul Qiu Senior Solutions Architect Cisco Cyber Range Paul Qiu Senior Solutions Architect Cyber Range Service A platform to experience the intelligent Cyber Security for the real world What I hear, I forget What I see, I remember What I

More information

KEY FINDINGS INTERACTIVE GUIDE. Uncovering Hidden Threats within Encrypted Traffic

KEY FINDINGS INTERACTIVE GUIDE. Uncovering Hidden Threats within Encrypted Traffic KEY FINDINGS INTERACTIVE GUIDE Uncovering Hidden Threats within Encrypted Traffic Introduction In a study commissioned by A10 Networks, Ponemon surveyed 1,023 IT and IT security practitioners in North

More information

Cisco Cyber Threat Defense Solution 1.0

Cisco Cyber Threat Defense Solution 1.0 Cisco Cyber Threat Defense Solution 1.0 Contents 1. Introduction to the Cisco Cyber Threat Defense Solution 1.0 2. Technical overview of the Cisco Cyber Threat Defense Solution 1.0 3. Using the Cisco Cyber

More information

Cisco Stealthwatch Endpoint License with Cisco AnyConnect NVM

Cisco Stealthwatch Endpoint License with Cisco AnyConnect NVM Cisco Stealthwatch Endpoint License with Cisco AnyConnect NVM How to implement the Cisco Stealthwatch Endpoint License with the Cisco AnyConnect Network Visibility Module Table of Contents About This Document...

More information

Cisco SD-WAN. Intent-based networking for the branch and WAN. Carlos Infante PSS EN Spain March 2018

Cisco SD-WAN. Intent-based networking for the branch and WAN. Carlos Infante PSS EN Spain March 2018 Cisco SD-WAN Intent-based networking for the branch and WAN Carlos Infante PSS EN Spain March 2018 Aug-12 Oct-12 Dec-12 Feb-13 Apr-13 Jun-13 Aug-13 Oct-13 Dec-13 Feb-14 Apr-14 Jun-14 Aug-14 Oct-14 Dec-14

More information

SAFE Architecture Guide. Places in the Network: Secure Campus

SAFE Architecture Guide. Places in the Network: Secure Campus SAFE Architecture Guide Places in the Network: Secure Campus January 2018 SAFE Architecture Guide Places in the Network: Secure Campus Contents January 2018 Contents 3 5 8 9 13 15 21 22 25 Overview Business

More information

How can we gain the insights and control we need to optimize the performance of applications running on our network?

How can we gain the insights and control we need to optimize the performance of applications running on our network? SOLUTION BRIEF CA Network Flow Analysis and Cisco Application Visibility and Control How can we gain the insights and control we need to optimize the performance of applications running on our network?

More information

Stealthwatch and Cognitive Analytics Configuration Guide (for Stealthwatch System v6.10.x)

Stealthwatch and Cognitive Analytics Configuration Guide (for Stealthwatch System v6.10.x) Stealthwatch and Cognitive Analytics Configuration Guide (for Stealthwatch System v6.10.x) Copyrights and Trademarks 2018 Cisco Systems, Inc. All rights reserved. NOTICE THE SPECIFICATIONS AND INFORMATION

More information

The Need For A New IT Security Architecture: Global Study On The Risk Of Outdated Technologies

The Need For A New IT Security Architecture: Global Study On The Risk Of Outdated Technologies The Need For A New IT Security Architecture: Global Study On The Risk Of Outdated Technologies Daniel Yeung Technical Manager, Hong Kong & Taiwan AUG 2017 2017 Citrix Why Worry? Security needs to be top-of-mind

More information

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Cisco Firepower NGFW. Anticipate, block, and respond to threats Cisco Firepower NGFW Anticipate, block, and respond to threats Digital Transformation on a Massive Scale 15B Devices Today Attack Surface 500B Devices In 2030 Threat Actors $19T Opportunity Next 10 Years

More information

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Cisco Firepower NGFW. Anticipate, block, and respond to threats Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid

More information

Next generation branch with SD-WAN and NFV

Next generation branch with SD-WAN and NFV Next generation branch with SD-WAN and NFV Kiran Ghodgaonkar, Senior Manager, Enterprise Marketing Mani Ganeson, Senior Product Manager PSOCRS-2004 @ghodgaonkar Cisco Spark How Questions? Use Cisco Spark

More information

Več kot SDN - SDA arhitektura v uporabniških omrežjih

Več kot SDN - SDA arhitektura v uporabniških omrežjih Več kot SDN - SDA arhitektura v uporabniških omrežjih Aleksander Kocelj SE Cisco Agenda - Introduction to Software Defined Access - Brief description on SDA - Cisco SDA Assurance - DEMO 2 New Requirements

More information

Rethinking Security: The Need For A Security Delivery Platform

Rethinking Security: The Need For A Security Delivery Platform Rethinking Security: The Need For A Security Delivery Platform Cybercrime In Asia: A Changing Environment & Shifting Focus Asia, more vulnerable to cybercrime because of diversity and breadth of countries

More information

Rethinking Security CLOUDSEC2016. Ian Farquhar Distinguished Sales Engineer Field Lead for the Gigamon Security Virtual Team

Rethinking Security CLOUDSEC2016. Ian Farquhar Distinguished Sales Engineer Field Lead for the Gigamon Security Virtual Team Rethinking Security CLOUDSEC2016 Ian Farquhar Distinguished Sales Engineer Field Lead for the Gigamon Security Virtual Team Breaches Are The New Normal Only The Scale Surprises Us OPM will send notifications

More information

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson Delivering Integrated Cyber Defense for the Generation Darren Thomson Vice President & CTO, EMEA Region Symantec In 2009 there were 2,361,414 new piece of malware created. In 2015 that number was 430,555,582

More information

INFINIT Y TOTAL PROTECTION

INFINIT Y TOTAL PROTECTION CHECK POINT INFINIT Y TOTAL PROTECTION CHECK POINT INFINITY TOTAL PROTECTION Be s t T hre at P revention, A ll Inclusi ve INTRODUCTION Enterprises today need to battle Gen V (5th Generation) cyber-attacks,

More information

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.

More information

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016 Abstract The Mirai botnet struck the security industry in three massive attacks that shook traditional DDoS protection paradigms, proving that the Internet of Things (IoT) threat is real and the grounds

More information

Automated Threat Management - in Real Time. Vectra Networks

Automated Threat Management - in Real Time. Vectra Networks Automated Threat Management - in Real Time Security investment has traditionally been in two areas Prevention Phase Active Phase Clean-up Phase Initial Infection Key assets found in the wild $$$$ $$$ $$

More information

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security

More information

IWAN APIC-EM Application Cisco Intelligent WAN

IWAN APIC-EM Application Cisco Intelligent WAN IWAN APIC-EM Application Cisco Intelligent WAN René og Per Cisco DK SE s Feb 23 th 2016 AVC MPLS Private Cloud 3G/4G-LTE Virtual Private Cloud Branch WAAS PfR Internet Public Cloud Control, Management,

More information

Best Practices in Healthcare Risk Management. Balancing Frameworks/Compliance and Practical Security

Best Practices in Healthcare Risk Management. Balancing Frameworks/Compliance and Practical Security Best Practices in Healthcare Risk Management Balancing Frameworks/Compliance and Practical Security Our industry is full of jargon terms that make it difficult to understand what we are buying To accelerate

More information

Configuring Encrypted Traffic Analytics

Configuring Encrypted Traffic Analytics Restrictions for Encrypted Traffic Analytics, page 1 Information about Encrypted Traffic Analytics, page 1 How to Configure Encrypted Traffic Analytics, page 2 Configuration Examples, page 4 Additional

More information

Subscriber Data Correlation

Subscriber Data Correlation Subscriber Data Correlation Application of Cisco Stealthwatch to Service Provider mobility environment Introduction With the prevalence of smart mobile devices and the increase of application usage, Service

More information

Isla Web Malware Isolation and Network Sandbox Solutions Security Technology Comparison and Integration Guide

Isla Web Malware Isolation and Network Sandbox Solutions Security Technology Comparison and Integration Guide Isla Web Malware Isolation and Network Sandbox Solutions Security Technology Comparison and Integration Guide How the Two Approaches Compare and Interoperate Your organization counts on its security capabilities

More information

Gladiator Incident Alert

Gladiator Incident Alert Gladiator Incident Alert Allen Eaves Sabastian Fazzino FINANCIAL PERFORMANCE RETAIL DELIVERY IMAGING PAYMENT SOLUTIONS INFORMATION SECURITY & RISK MANAGEMENT ONLINE & MOBILE 1 2016 Jack Henry & Associates,

More information

Battle between hackers and machine learning Current status and trends

Battle between hackers and machine learning Current status and trends Battle between hackers and machine learning Current status and trends Mikhail Kader Distinguished System Engineer July, 5 2018 Alexey Lukatsky Business Development Manager Our agenda AI for cyber security

More information

Service Provider Security Architecture

Service Provider Security Architecture Service Provider Security Architecture Andrew Turner Technical Marketing, Security Business Group April 12 th 2017 Digitization is disrupting the SP business The world has gone mobile Traffic growth, driven

More information

Borderless Networks. Tom Schepers, Director Systems Engineering

Borderless Networks. Tom Schepers, Director Systems Engineering Borderless Networks Tom Schepers, Director Systems Engineering Agenda Introducing Enterprise Network Architecture Unified Access Cloud Intelligent Network & Unified Services Enterprise Networks in Action

More information

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM RSA NETWITNESS EVOLVED SIEM OVERVIEW A SIEM is technology originally intended for compliance and log management. Later, as SIEMs became the aggregation points for security alerts, they began to be more

More information

Technology Overview. Overview CHAPTER

Technology Overview. Overview CHAPTER CHAPTER 2 Revised: July 29, 2013, This overview of AVC technology includes the following topics: Overview, page 2-1 AVC Features and Capabilities, page 2-2 AVC Architecture, page 2-4 Interoperability of

More information

SAFE Architecture Guide. Places in the Network: Secure Branch

SAFE Architecture Guide. Places in the Network: Secure Branch SAFE Architecture Guide Places in the Network: Secure Branch January 2018 SAFE Architecture Guide Places in the Network: Secure Branch Contents January 2018 Contents 3 5 8 9 13 17 22 23 26 Overview Business

More information

Cisco SD-WAN. Securely connect any user to any application across any platform, all with a consistent user experience.

Cisco SD-WAN. Securely connect any user to any application across any platform, all with a consistent user experience. Cisco Securely connect any user to any application across any platform, all with a consistent user experience. Introduction Moving applications to the cloud requires faster, more reliable connectivity.

More information

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk Wayward Wi-Fi How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk 288 MILLION There are more than 288 million unique Wi-Fi networks worldwide. Source: Wireless Geographic Logging

More information

APP-ID. A foundation for visibility and control in the Palo Alto Networks Security Platform

APP-ID. A foundation for visibility and control in the Palo Alto Networks Security Platform APP-ID A foundation for visibility and control in the Palo Alto Networks Security Platform App-ID uses multiple identification techniques to determine the exact identity of applications traversing your

More information

Using Lancope StealthWatch for Information Security Monitoring

Using Lancope StealthWatch for Information Security Monitoring Cisco IT Case Study February 2014 How CSIRT uses StealthWatch Using Lancope StealthWatch for Information Security Monitoring How the Cisco Computer Security Incident Response Team (CSIRT) uses Lancope

More information

Cisco.Network.Intuitive FastLane IT Forum. Andreas Korn Systems Engineer

Cisco.Network.Intuitive FastLane IT Forum. Andreas Korn Systems Engineer Cisco.Network.Intuitive FastLane IT Forum Andreas Korn Systems Engineer 12.10.2017 Ziele dieser Session New Era of Networking - Was ist darunter zu verstehen? Software Defined Access Wie revolutioniert

More information

Cognitive Threat Analytics Tech update

Cognitive Threat Analytics Tech update Cognitive Threat Analytics Tech update Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting Systems Engineer, Cyber Security, Denmark CTA CTA CTA Cognitive Threat Analytics

More information

Identity Based Network Access

Identity Based Network Access Identity Based Network Access Identity Based Network Access - Agenda What are my issues Cisco ISE Power training What have I achieved What do I want to do What are the issues? Guest Student Staff Contractor

More information

SentinelOne Technical Brief

SentinelOne Technical Brief SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking

More information

Cisco Advanced Malware Protection against WannaCry

Cisco Advanced Malware Protection against WannaCry Cisco Advanced Malware Protection against WannaCry "A false sense of security is worse than a true sense of insecurity" Senad Aruc Consulting Systems Engineer Advanced Threats Group Nils Roald Advanced

More information

Advanced Threat Defence using NetFlow and ISE

Advanced Threat Defence using NetFlow and ISE Advanced Threat Defence using NetFlow and ISE Matthew Robertson TME, Cisco David Salter Technical Director, Lancope Abstract Trends such as BYOD and the rise of the Advanced Persistent Threat (APT) are

More information

RSA NetWitness Suite Respond in Minutes, Not Months

RSA NetWitness Suite Respond in Minutes, Not Months RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations

More information

JUNIPER SKY ADVANCED THREAT PREVENTION

JUNIPER SKY ADVANCED THREAT PREVENTION Data Sheet JUNIPER SKY ADVANCED THREAT PREVENTION Product Overview Juniper Sky Advanced Threat Prevention is a cloud-based service that provides complete advanced malware protection. Integrated with SRX

More information

Cisco Advanced Malware Protection (AMP) for Endpoints Security Testing

Cisco Advanced Malware Protection (AMP) for Endpoints Security Testing Cisco Advanced Malware Protection (AMP) for Endpoints Security Testing 7 September 2018 DR180821E Miercom.com www.miercom.com Contents 1.0 Executive Summary... 3 2.0 Test Summary... 4 3.0 Product Tested...

More information

Connection Logging. Introduction to Connection Logging

Connection Logging. Introduction to Connection Logging The following topics describe how to configure the Firepower System to log connections made by hosts on your monitored network: Introduction to, page 1 Strategies, page 2 Logging Decryptable Connections

More information

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS Overview Cyberattacks are increasingly getting more frequent, more sophisticated and more widespread than ever

More information

Cisco Secure Access Control

Cisco Secure Access Control Cisco Secure Access Control Delivering Deeper Visibility, Centralized Control, and Superior Protection Martin Briand - Security Escalation VSE Global Virtual Engineering Oriol Madriles Soriano Security

More information

Cisco Security Manager 4.1: Integrated Security Management for Cisco Firewalls, IPS, and VPN Solutions

Cisco Security Manager 4.1: Integrated Security Management for Cisco Firewalls, IPS, and VPN Solutions Data Sheet Cisco Security Manager 4.1: Integrated Security Management for Cisco Firewalls, IPS, and VPN Solutions Security Operations Challenges Businesses are facing daunting new challenges in security

More information

Digital Network Architecture for Securing Enterprise Networks

Digital Network Architecture for Securing Enterprise Networks Digital Network Architecture for Securing Enterprise Networks Matt Robertson Evgeny Mirolyubov Technical Marketing Engineers, Advanced Threat Solutions Cisco Spark How Questions? Use Cisco Spark to communicate

More information

CloudSOC and Security.cloud for Microsoft Office 365

CloudSOC and  Security.cloud for Microsoft Office 365 Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed

More information

How Vectra Cognito enables the implementation of an adaptive security architecture

How Vectra Cognito enables the implementation of an adaptive security architecture Compliance brief How Vectra Cognito enables the implementation of an adaptive security architecture Historically, enterprises have relied on prevention and policy-based controls for security, deploying

More information

Artificial Intelligence Drives the next Generation of Internet Security

Artificial Intelligence Drives the next Generation of Internet Security Artificial Intelligence Drives the next Generation of Internet Security Sam Lee Regional Director sam.lee@cujo.com Copyright 2017 CUJO LLC, All rights reserved. Artificial Intelligence Leads the Way Copyright

More information

Cisco Stealthwatch Endpoint License

Cisco Stealthwatch Endpoint License Data Sheet Cisco Stealthwatch Endpoint License With the Cisco Stealthwatch Endpoint License you can conduct in-depth, context-rich investigations into endpoints that exhibit suspicious behavior. In our

More information

Connection Logging. About Connection Logging

Connection Logging. About Connection Logging The following topics describe how to configure the Firepower System to log connections made by hosts on your monitored network: About, page 1 Strategies, page 2 Logging Decryptable Connections with SSL

More information

Security Monitoring with Stealthwatch:

Security Monitoring with Stealthwatch: Security Monitoring with Stealthwatch: The Detailed Walkthrough Matthew Robertson, Technical Marketing Engineer BRKSEC-3014 Cisco Spark How Questions? Use Cisco Spark to chat with the speaker after the

More information

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY OUTLINE Advanced Threat Landscape (genv) Why is endpoint protection essential? Types of attacks and how to prevent them

More information

Deploying and Administering Cisco s Digital Network Architecture (DNA) and Intelligent WAN (IWAN) (DNADDC)

Deploying and Administering Cisco s Digital Network Architecture (DNA) and Intelligent WAN (IWAN) (DNADDC) Deploying and Administering Cisco s Digital Network Architecture (DNA) and Intelligent WAN (IWAN) (DNADDC) COURSE OVERVIEW: Deploying and Administering Cisco s Digital Network Architecture (DNA) and Intelligent

More information

The following describes an example Learning Network License deployment and example use cases.

The following describes an example Learning Network License deployment and example use cases. The following describes an example Learning Network License deployment and example use cases. Example Deployment, page 2 Example Learning Network License Deployment, page 3 Example Deployment Use Cases,

More information

Security analysis and assessment of threats in European signalling systems?

Security analysis and assessment of threats in European signalling systems? Security analysis and assessment of threats in European signalling systems? New Challenges in Railway Operations Dr. Thomas Störtkuhl, Dr. Kai Wollenweber TÜV SÜD Rail Copenhagen, 20 November 2014 Slide

More information

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large Executive Summary As a County Government servicing about 1.5 million citizens, we have the utmost responsibility to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

More information

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1 RSA Advanced Security Operations Richard Nichols, Director EMEA 1 What is the problem we need to solve? 2 Attackers Are Outpacing Defenders..and the Gap is Widening Attacker Capabilities The defender-detection

More information

Office 365 Buyers Guide: Best Practices for Securing Office 365

Office 365 Buyers Guide: Best Practices for Securing Office 365 Office 365 Buyers Guide: Best Practices for Securing Office 365 Microsoft Office 365 has become the standard productivity platform for the majority of organizations, large and small, around the world.

More information

SentinelOne Technical Brief

SentinelOne Technical Brief SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.

More information

THE EVOLUTION OF SIEM

THE EVOLUTION OF SIEM THE EVOLUTION OF SIEM Why it is critical to move beyond logs BUSINESS-DRIVEN SECURITY SOLUTIONS THE EVOLUTION OF SIEM Why it is critical to move beyond logs Despite increasing investments in security,

More information

Detecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0

Detecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0 Detecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0 April 9, 2012 Comments and errata should be directed to: cyber- tm@cisco.com Introduction One of the most common network

More information

CIH

CIH mitigating at host level, 23 25 at network level, 25 26 Morris worm, characteristics of, 18 Nimda worm, characteristics of, 20 22 replacement login, example of, 17 signatures. See signatures SQL Slammer

More information

SDN Security BRKSEC Alok Mittal Security Business Group, Cisco

SDN Security BRKSEC Alok Mittal Security Business Group, Cisco SDN Security Alok Mittal Security Business Group, Cisco Security at the Speed of the Network Automating and Accelerating Security Through SDN Countering threats is complex and difficult. Software Defined

More information

Incident Response Agility: Leverage the Past and Present into the Future

Incident Response Agility: Leverage the Past and Present into the Future SESSION ID: SPO1-W03 Incident Response Agility: Leverage the Past and Present into the Future Torry Campbell CTO, Endpoint and Management Technologies Intel Security The Reality we Face Reconnaissance

More information

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved. Key Technologies for Security Operations 2 Traditional Security Is Not Working 97% of breaches led to compromise within days or less with 72% leading to data exfiltration in the same time Source: Verizon

More information

Technical Brochure F-SECURE THREAT SHIELD

Technical Brochure F-SECURE THREAT SHIELD Technical Brochure F-SECURE THREAT SHIELD F-SECURE THREATSHIELD F-Secure ThreatShield is a gateway-level security solution for protecting email and web traffic, with built-in network sandboxing technology.

More information