Stealthwatch ülevaade + demo ja kasutusvõimalused. Leo Lähteenmäki
|
|
- Garey Wilkerson
- 5 years ago
- Views:
Transcription
1 Stealthwatch ülevaade + demo ja kasutusvõimalused Leo Lähteenmäki
2 09:00-9:30 Hommikukohv ja registreerimine 09:30 11:15 Stealthwatch ülevaade + demo ja kasutusvõimalused 11:00 11:15 Kohvipaus 11:15 12:00 Cisco pilvepõhised turvalahendused koos demode ja kasutusvõimalustega: Cisco Umbrella/OpenDNS features for web content inspection Next generation malware protection for endpoint and Securing cloud based assets with Cloudlock 12:00 13:00 Lõunasöök Taevas 22. korruse restoranis
3 Overview Stealthwatch for network engineer demo Stealthwatch in security Demo Deployment details
4
5
6
7 Traditional network security model Perimeter security Intranet Big Bad Internet Antivirus
8 US-CERT Recommendations Organizations can no longer rely on perimeter devices to protect the network from cyber intrusions There has never been a greater need to improve network infrastructure security Alert TA16-250A, September 2016 Harden Network Devices Apply software updates/patches Restrict physical access Robust password and encryption policies Validate Integrity of Hardware and Software Buy from Authorized channel; Avoid grey market Inspect for hardware tampering Verify the software has not been modified Implement Supply Chain security
9 Secure digital businesses demand increased visibility KNOW every host RECORD every conversation Understand what is NORMAL Be alerted to CHANGE Respond to THREATS quickly HQ Branch Network Cloud Users Data Center Admin Roaming Users
10 Network Telemetry Telemetry: an automated communications process by which measurements and other data are collected at remote or inaccessible points and transmitted to receiving equipment for monitoring. Talos Endpoint Agent Access Switch Distribution/Core Switch Firewall Proxy Identity Network Devices Isolated knowledge based on function and location AD & DNS Global Intelligence
11 What Is Stealthwatch? Monitor Detect CISCO STEALTHWATCH Analyze Respond Extended Network Cloud Branch Data Center Gain unique visibility across your business Simplify segmentation throughout your networks Address threats faster Enable your network to take action Extend visibility and granular access control to your remote branches Prevent the lateral movement of threats Protect your critical information Simplify policy enforcement and data center segmentation Accelerate incidence response in the data center Gain enhanced visibility into the cloud Make the cloud a part of your segmentation strategy Identify threats quickly and take action
12 Visibility Through Netflow Netflow Provides Flow Information Packets A trace of every conversation in your network SOURCE ADDRESS DESTINATION ADDRESS An ability to collect records everywhere in your network (switch, router, or firewall) Network usage measurements An ability to find north-south as well as east-west communication Lightweight visibility compared to Switched Port Analyzer (SPAN)- based traffic analysis Switches Routers SOURCE PORT DESTINATION PORT 443 INTERFACE Gi0/0/0 IP TOS 0x00 IP PROTOCOL 6 NEXT HOP TCP FLAGS 0x1A SOURCE SGT 100 Indications of compromise (IOC) Security group information Internet : : APPLICATION NAME NBAR SECURE-HTTP URL, AppID,.
13 Stealthwatch System Overview Non-NetFlow-Capable Device SPAN Stealthwatch Flow Sensor Generate NetFlow Stealthwatch Flow Collector NetFlow / NBAR / NSEL Network Devices Collect and analyze Up to 4000 sources Up to 240,000 flows per sec Stealthwatch Management Console Management and reporting Up to 25 FlowCollectors Up to 6 million FPS globally
14 The General Ledger Use Cases Insider Threat Internal User Monitoring Firewall Planning Segmentation Network Operations Network Visualization TrustSec Event Data Security Events Behavioral Analytics Session Data 100% network accountability Client Server Translation Service User Application Traffic Group Mac SGT /tcp Doug http 20M location 00:2b:1f 10 Visibility and Context User Information Interface Information TrustSec Threat Feed Group / NAT/Proxy LAYER 7 Segment Cloud
15 Demo time Stealthwatch for the network engineer
16
17
18
19
20
21
22
23
24
25
26
27
28 High level Solution Overview Context Visibility Flow Sensor End Point ISE Firewall Proxy Flow Sensor Intelligence Host Group and Classification Baselining Algorithms and intelligence Alarming and Reporting Network Packet ISE SIEM / Other Response Mitigation
29 Scaling Visibility: Flow Stitching eth0/1 eth0/2 Unidirectional Flow Records port port 80 Start Time Interface Src IP Src Port Dest IP Dest Port Proto Pkts Sent Bytes Sent 10:20: eth0/ TCP :20: eth0/ TCP Bidirectional Flow Record Conversation flow record Allows easy visualization and analysis Start Time Client IP Client Port Server IP Server Port Proto Client Bytes Client Pkts Server Bytes Server Pkts 10:20: TCP eth0/1 eth0/2 Interfaces
30 Conversational Flow Record Where When Who What Who Highly scalable (enterprise-class) collection High compression => long-term storage Months of data retention More context Security group
31 How could netflow data be useful in security?
32 April 8, 2014: Heartbleed Vulnerability The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by SSL 2014 Lancope, Inc. All rights reserved.
33 Cisco CSIRT Response to Heartbleed Preparation Scanned 1.2M vulnerable servers needed repair Helped develop signatures for Sourcefire and Cisco IDS Deployed signatures to IDS Monitoring and response Discovered 25 attacks: 21 benign, 4 malicious Researched attack via NetFlow analysis to discern normal connections from those that were anomalous and malicious
34 Heartbleed Benign Host
35 Heartbleed Malicious Host
36 Other security use cases Traffic anomaly Denial of service What happened with my customer data?
37 Behavioral Detection Model Detect Behavioral Change Security Events (94 +) Alarm Category Response Addr_Scan Recon Alarm Table Bad_Flag C&C Host Snapshot Beaconing Host Exploitation Bot Infected Host Successful Data Hoarding Syslog/ SIEM Brute Force Login Exfiltration Mitigation Fake Application Policy Violation Flow_Denied DDoS Target ICMP Flood Max Flows Initiated Max Flows Served Suspect Quiet Long Flow Suspect Data Loss SYN Flood UDP Received (+255 custom defined events) As flows are collected, behavioral algorithms are applied to build Security Events. Security Events will add points to an alarm category to allow for easy summarization higher degree of confidence of the type of activity detected:
38 Demo time Stealthwatch for security
39 Stealthwatch Deployment Options Management Console Identity Services ISE Threat Feed License Flow Sensor Non-NetFlow enabled equipment Flow Collector ESX with Flow Sensor VE Legacy Traffic Analysis Software UDP Director NetFlow enabled routers, switches, firewalls
40 Netflow Supported Platforms NetFlow Capable User Switch Router Router Firewall Data Center Switch Catalyst 2K - Flexible Netflow Catalyst 3K - Flexible Netflow Catalyst 3650/ Flexible Netflow Catalyst4500-X - Flexible Netflow Cat4500-E (SUP-8) - Flexible Netflow CAT6000-VS-S2T - Flexible Netflow CAT6880-X - Flexible Netflow CSR 1000v - Flexible Netflow ASA NSEL WLC5520, 5760, 8510, Flexible Netflow UCS VIC 1224/1240/1280/1340/ Flexible Netflow FTD (6.2+) - NSEL WAN NetFlow Exporters 800 Series - Flexible Netflow ISR Flexible Netflow ISR Flexible Netflow ISR Flexible Netflow ISR3845E - Flexible Netflow ISR3925E - Flexible Netflow ISRG2 - Flexible Netflow ISR Flexible Netflow ISR Flexible Netflow ISR Flexible Netflow ISR Flexible Netflow ISR4451-X - Flexible Netflow ASR1K - Flexible Netflow ASR1K-X - Flexible Netflow ASR9K - Netflow v SUP32/MSFC2A - Netflow v SUP720/MSFC3 - Netflow v9 Server Cisco Identity Services Engine N5548P - Sampled Netflow N5596UP - Sampled Netflow N56128P - Sampled Netflow N5624Q - Sampled Netflow N5648Q - Sampled Netflow N5672UP - Sampled Netflow N5696Q - Sampled Netflow N Sampled Netflow N Sampled Netflow N7004-SUP2 - Flexible Netflow N7004-SUP2-NPE - Flexible Netflow N7009-SUP1 - Flexible Netflow N7009-SUP2 - Flexible Netflow N7718-SUP1 - Flexible Netflow N7718-SUP2 - Flexible Netflow N93180YC-EX - Flexible Netflow N93108TC-EX - Flexible Netflow For individual platform features, reference the Cisco Feature Navigator:
41 Meraki MX & Z1 now with NetFlow
42
43 Other sources of telemetry
44 Stealthwatch Proxy License Proxy License Provides Syslog Information Packets HTTP Traffic Visibility TIMESTAMP Analysis continuity User information Management Console Identity Services ISE Threat Feed License ELAPSE TIME SOURCE IP Multi-Vendor Proxy Support SOURCE Port 4567 Cisco WSA DESTINATION IP Bluecoat proxy Squid McAfee Web Gateway SYSLOG Flow Collector DESTINATION PORT 80 BYTES 400 URL USERNAME john
45 Stealthwatch + Packet Analyzer Security Packet Analyzer augments Stealthwatch flow analytics. Enables accelerated incident response based on targeted analysis of packets related to a security alarm or other suspicious activity using a purpose-built Cisco NAM based appliance for robust forensics investigation Security Packet Analyzer Packet Data & Storage Management Console Identity Services ISE Threat Feed License SEC-PA-2400-K9 Flow Collector
46 Cisco AnyConnect Network Visibility Module Enhanced Endpoints Context Collector & Reporting Cisco/Partners Enhance NetFlow records with endpoint/user data with application activity Visibility Auditing Analytics
47 AnyConnect NVM and Stealthwatch nvzflow differs from traditional IPFIX: Records are bi-directional Records produced only at end of flow Records created when client only No packet counts Byte counts are Layer 4 counts IP Address represents local network Stealthwatch Deployment Implications to Stealthwatch: Each endpoint is an exporter End of flow impacts near real-time analysis Lack of packet counts impact multiple algorithms local network address not relevant to enterprise Not all host transactions captured (only client)
48 Introducing the Endpoint Concentrator Global destination for nvzflow records Forward flow records to the Flow Collector nvzflow Stealthwatch Endpoint Concentrator Stealthwatch Flow Collector AnyConnect with Network Visibility Module Appears as a single exporter in the Flow Collector Required in order to collect endpoint flow records Endpoint fields are stitched into flow records
49 Stealthwatch Threat Intelligence License Actionable Threat Intelligence Overview: Team performs feed validation and independent research and analytics Threat Feed Formerly known as SLIC, new behavioral analysis algorithms updated as new threats are discovered; updates performed using the Threat Feed control channel and licensing User Interface Botnet Command & Control Internet Scanning Backscatter (DDoS Victims) Threat research influences continued algorithm development Works with Proxy License Ideally deployed with Flow Sensor(s) Enables alarming within Stealthwatch around: Host interaction with known bad URLs Host interaction with C&C servers Future Plans: Merge with Cisco TALOS for additional threat intelligence context and information
50 Stealthwatch Cloud License Management Console Identity Services ISE Threat Feed License VM Hosts with agent installed Encrypted Tunnel Flow Collector Cloud Concentrator TLS Netflow (IPFIX) Cloud Concentrator Cloud VM Hosts with Agent Running
51 Questions? Monitor Detect CISCO STEALTHWATCH Analyze Respond Extended Network Cloud Branch Data Center Gain unique visibility across your business Simplify segmentation throughout your networks Address threats faster Enable your network to take action Extend visibility and granular access control to your remote branches Prevent the lateral movement of threats Protect your critical information Simplify policy enforcement and data center segmentation Accelerate incidence response in the data center Gain enhanced visibility into the cloud Make the cloud a part of your segmentation strategy Identify threats quickly and take action
Monitoring and Threat Detection
Monitoring and Threat Detection with Netflow Michael Belan Consulting Systems Engineer Cisco GSSO January 2017 AGENDA What is SW? Where does it fit in overall Cisco Security framework? What is SW? What
More informationCisco Day Hotel Mons Wednesday
Cisco Day 2016 20.4.2016 Hotel Mons Wednesday Three Friends in Security : Identity, Visibility and Enforcement Stop the bad guys immediately György Ács IT Security Consulting Systems Engineer 20 April
More informationCisco dan Hotel Crowne Plaza Beograd, Srbija.
Cisco dan 31. 3. 2016. Hotel Crowne Plaza Beograd, Srbija www.ciscoday.com Three Friends in Security : Identity, Visibility and Enforcement Stop the bad guys immediately György Ács IT Security Consulting
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationCisco Stealthwatch Endpoint License with Cisco AnyConnect NVM
Cisco Stealthwatch Endpoint License with Cisco AnyConnect NVM How to implement the Cisco Stealthwatch Endpoint License with the Cisco AnyConnect Network Visibility Module Table of Contents About This Document...
More informationCisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics
Solution Overview Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics BENEFITS Gain visibility across all network conversations, including east-west and north-south
More informationCisco Cloud Security. How to Protect Business to Support Digital Transformation
Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,
More informationCisco Stealthwatch. Internal Alarm IDs 7.0
Cisco Stealthwatch Internal Alarm IDs 7.0 Stealthwatch Internal Alarm IDs Some previously used alarms are now obsolete and no longer listed in this file. 1 Host Lock Violation 5 SYN Flood 6 UDP Flood 7
More informationCisco Cyber Range. Paul Qiu Senior Solutions Architect
Cisco Cyber Range Paul Qiu Senior Solutions Architect Cyber Range Service A platform to experience the intelligent Cyber Security for the real world What I hear, I forget What I see, I remember What I
More informationCyber Threat Defence. Cisco Public BRKSEC Cisco and/or its affiliates. All rights reserved.
Cyber Threat Defence 2 Abstract Trends such as BYOD and the rise of the Advance Persistent Threat (APT) have led to the erosion of the security perimeter of the enterprise. The Cisco Cyber Threat Defence
More informationplixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels
Scrutinizer Competitor Worksheet Scrutinizer Malware Incident Response Scrutinizer is a massively scalable, distributed flow collection system that provides a single interface for all traffic related to
More informationAdvanced Threat Defence using NetFlow and ISE
Advanced Threat Defence using NetFlow and ISE Matthew Robertson TME, Cisco David Salter Technical Director, Lancope Abstract Trends such as BYOD and the rise of the Advanced Persistent Threat (APT) are
More informationCisco Cyber Threat Defense Solution 1.0
Cisco Cyber Threat Defense Solution 1.0 Contents 1. Introduction to the Cisco Cyber Threat Defense Solution 1.0 2. Technical overview of the Cisco Cyber Threat Defense Solution 1.0 3. Using the Cisco Cyber
More informationSubscriber Data Correlation
Subscriber Data Correlation Application of Cisco Stealthwatch to Service Provider mobility environment Introduction With the prevalence of smart mobile devices and the increase of application usage, Service
More informationIntroduction. Learning Network License Introduction
The following provides an introduction to installing the Cisco Stealthwatch Learning Network License (Learning Network License) platform, installing a controller on an ESXi host, and deploying an agent
More informationStealthwatch System v6.9.0 Internal Alarm IDs
Stealthwatch System v6.9.0 Internal Alarm IDs Copyrights and Trademarks 2017 Cisco Systems, Inc. All rights reserved. NOTICE THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE
More informationDetecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0
Detecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0 April 9, 2012 Introduction One of the earliest indicators of an impending network attack is the presence of network reconnaissance.
More informationAutomated Response in Cyber Security SOC with Actionable Threat Intelligence
Automated Response in Cyber Security SOC with Actionable Threat Intelligence while its biggest weakness is lack of visibility: SOCs still can t detect previously unknown threats, which is a consistent
More informationTHE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson
THE RSA NETWITNESS SUITE REINVENT YOUR SIEM Presented by: Walter Abeson 1 Reality Goals GOALS VERSUS REALITY OF SIEM 1.0 Single compliance & security interface Analyze & prioritize alerts across various
More informationSeceon s Open Threat Management software
Seceon s Open Threat Management software Seceon s Open Threat Management software (OTM), is a cyber-security advanced threat management platform that visualizes, detects, and eliminates threats in real
More informationHow to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption
How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption Nikos Mourtzinos, CCIE #9763 Cisco Cyber Security Sales Specialist April 2018 New
More informationSecurity Events and Alarm Categories (for Stealthwatch System v6.9.0)
Security Events and Alarm Categories (for Stealthwatch System v6.9.0) Copyrights and Trademarks 2017 Cisco Systems, Inc. All rights reserved. NOTICE THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS
More informationDetecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0
Detecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0 April 9, 2012 Comments and errata should be directed to: cyber- tm@cisco.com Introduction One of the most common network
More informationHidden Figures: Securing what you cannot see
Hidden Figures: Securing what you cannot see TK Keanini, Distinguished Engineer Stealthwatch, Advanced Threat Solutions CID-0006 Hello My Name is TK Keanini Keanini (Pronounced Kay-Ah-Nee-Nee) TK: The
More informationEncrypted Traffic Analytics
Encrypted Traffic Analytics Introduction The rapid rise in encrypted traffic is changing the threat landscape. As more businesses become digital, a significant number of services and applications are using
More informationCisco Cyber Range. Paul Qiu Senior Solutions Architect June 2016
Cisco Cyber Range Paul Qiu Senior Solutions Architect June 2016 What I hear, I forget What I see, I remember What I do, I understand ~ Confucius Agenda Agenda Cyber Range Highlights Cyber Range Overview
More informationEMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security
EMERGING THREATS & STRATEGIES FOR DEFENSE Paul Fletcher Cyber Security Evangelist @_PaulFletcher Threats by Customer Environment Cloud Environment On Premise Environment 1.96% 0.13% 0.02% application-attack
More informationCognitive Threat Analytics Tech update
Cognitive Threat Analytics Tech update Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting Systems Engineer, Cyber Security, Denmark CTA CTA CTA Cognitive Threat Analytics
More informationSecurity Monitoring with Stealthwatch:
Security Monitoring with Stealthwatch: The Detailed Walkthrough Matthew Robertson, Technical Marketing Engineer BRKSEC-3014 Cisco Spark How Questions? Use Cisco Spark to chat with the speaker after the
More informationNetwork Security Monitoring with Flow Data
Network Security Monitoring with Flow Data IT Monitoring in Enterprises NPMD (Network Performance Monitoring & Diagnostics) SNMP basics Flow data for advanced analysis and troubleshooting Packet capture
More informationCisco Advanced Malware Protection against WannaCry
Cisco Advanced Malware Protection against WannaCry "A false sense of security is worse than a true sense of insecurity" Senad Aruc Consulting Systems Engineer Advanced Threats Group Nils Roald Advanced
More informationStealthwatch and Cognitive Analytics Configuration Guide (for Stealthwatch System v6.10.x)
Stealthwatch and Cognitive Analytics Configuration Guide (for Stealthwatch System v6.10.x) Copyrights and Trademarks 2018 Cisco Systems, Inc. All rights reserved. NOTICE THE SPECIFICATIONS AND INFORMATION
More informationApplied Advanced Network Telemetry: ETA and Beyond
BRKSEC-2809 Applied Advanced Network Telemetry: ETA and Beyond TK Keanini, Principal Engineer Blake Anderson, Technical Leader Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker
More informationCisco Encrypted Traffic Analytics Security Performance Validation
Cisco Encrypted Traffic Analytics Security Performance Validation March 2018 DR180222D Miercom.com www.miercom.com Contents 1.0 Executive Summary... 3 2.0 About the Product Tested... 5 3.0 How We Did It...
More informationDynamic Datacenter Security Solidex, November 2009
Dynamic Datacenter Security Solidex, November 2009 Deep Security: Securing the New Server Cloud Virtualized Physical Servers in the open Servers virtual and in motion Servers under attack 2 11/9/09 2 Dynamic
More informationEnhanced Threat Detection, Investigation, and Response
Enhanced Threat Detection, Investigation, and Response What s new in Cisco Stealthwatch Enterprise Release 6.10.2 Cisco Stealthwatch Enterprise is a comprehensive visibility and security analytics solution
More informationCisco Stealthwatch Endpoint License
Data Sheet Cisco Stealthwatch Endpoint License With the Cisco Stealthwatch Endpoint License you can conduct in-depth, context-rich investigations into endpoints that exhibit suspicious behavior. In our
More informationUsing Lancope StealthWatch for Information Security Monitoring
Cisco IT Case Study February 2014 How CSIRT uses StealthWatch Using Lancope StealthWatch for Information Security Monitoring How the Cisco Computer Security Incident Response Team (CSIRT) uses Lancope
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationRSA Security Analytics
RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Analyze & prioritize alerts across various sources The cornerstone of security
More informationBattle between hackers and machine learning. Alexey Lukatsky Cybersecurity Business Consultant April 03, 2019
Battle between hackers and machine learning Alexey Lukatsky Cybersecurity Business Consultant April 03, 2019 Google: facts and numbers Real Cisco Big Data for Security Training Set Why is Machine Learning
More informationThreat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN)
Threat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN) JP Vasseur, PhD - Cisco Fellow jpv@cisco.com Maik G. Seewald, CISSP Sr. Technical Lead maseewal@cisco.com June 2016 Cyber
More informationCisco Secure Access Control
Cisco Secure Access Control Delivering Deeper Visibility, Centralized Control, and Superior Protection Martin Briand - Security Escalation VSE Global Virtual Engineering Oriol Madriles Soriano Security
More informationCisco Ransomware Defense The Ransomware Threat Is Real
Cisco Ransomware Defense The Ransomware Threat Is Real Seguridad Integrada Abril 2018 Ransomware B Malicious Software Encrypts Critical Data Demands Payment Permanent Data Loss Business Impacts Ramifications
More informationSAFE Architecture Guide. Places in the Network: Secure Campus
SAFE Architecture Guide Places in the Network: Secure Campus January 2018 SAFE Architecture Guide Places in the Network: Secure Campus Contents January 2018 Contents 3 5 8 9 13 15 21 22 25 Overview Business
More informationAby se z toho bezpečnostní správci nezbláznili Cisco security integrace. Milan Habrcetl Cisco CyberSecurity Specialist Mikulov, 5. 9.
Aby se z toho bezpečnostní správci nezbláznili aneb Cisco security integrace Aby se z toho bezpečnostní správci nezbláznili Cisco security integrace Milan Habrcetl Cisco CyberSecurity Specialist Mikulov,
More informationSIEM (Security Information Event Management)
SIEM (Security Information Event Management) Topic: SECURITY and RISK Presenter: Ron Hruby Topics Threat landscape Breaches and hacks Leadership and accountability Evolution of security technology What
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats Digital Transformation on a Massive Scale 15B Devices Today Attack Surface 500B Devices In 2030 Threat Actors $19T Opportunity Next 10 Years
More informationCisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017
Cisco Security Advanced Malware Protection Guillermo González Security Systems Engineer Octubre 2017 The New Security Model Attack Continuum Before During After Before Discover During Detect After Scope
More informationAutomated Threat Management - in Real Time. Vectra Networks
Automated Threat Management - in Real Time Security investment has traditionally been in two areas Prevention Phase Active Phase Clean-up Phase Initial Infection Key assets found in the wild $$$$ $$$ $$
More informationUDP Director Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0)
UDP Director Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0) Installation and Configuration Guide: UDP Director VE v6.9.0 2016 Cisco Systems, Inc. All rights reserved.
More informationFlow Measurement. For IT, Security and IoT/ICS. Pavel Minařík, Chief Technology Officer EMITEC, Swiss Test and Measurement Day 20 th April 2018
Flow Measurement For IT, Security and IoT/ICS Pavel Minařík, Chief Technology Officer EMITEC, Swiss Test and Measurement Day 20 th April 2018 What is Flow Data? Modern method for network monitoring flow
More informationSecuring Your Microsoft Azure Virtual Networks
Securing Your Microsoft Azure Virtual Networks IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationComprehensive datacenter protection
Comprehensive datacenter protection There are several key drivers that are influencing the DDoS Protection market: DDoS attacks are increasing in frequency DDoS attacks are increasing in size DoS attack
More informationYes, You can protect your endpoints! Szilard Csordas, Security Consultant scsordas [at] cisco.com
Yes, You can protect your endpoints! Szilard Csordas, Security Consultant scsordas [at] cisco.com Endpoint Footprint Problem: TOO MANY AGENTS! Anti-Virus/Anti-Spyware agent IPSec/SSLVPN agent Host IPS/FW
More informationImproved C&C Traffic Detection Using Multidimensional Model and Network Timeline Analysis
Improved C&C Traffic Detection Using Multidimensional Model and Elad Menahem Avidan Avraham Modern Threats Are More Sophisticated & Evasive CYBER KILL CHAIN: Infection Phase Post-Infection Recon Weaponization
More informationCisco Exam Questions & Answers
Cisco 648-385 Exam Questions & Answers Number: 648-385 Passing Score: 800 Time Limit: 120 min File Version: 34.4 http://www.gratisexam.com/ Cisco 648-385 Exam Questions & Answers Exam Name: CXFF - Cisco
More informationExamTorrent. Best exam torrent, excellent test torrent, valid exam dumps are here waiting for you
ExamTorrent http://www.examtorrent.com Best exam torrent, excellent test torrent, valid exam dumps are here waiting for you Exam : 400-251 Title : CCIE Security Written Exam (v5.0) Vendor : Cisco Version
More informationNetwork Security: Firewall, VPN, IDS/IPS, SIEM
Security: Firewall, VPN, IDS/IPS, SIEM Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr What is a Firewall? A firewall is hardware, software, or a combination of both that is used to prevent unauthorized
More informationMonitoring and diagnostics of data infrastructure problems in power engineering. Jaroslav Stusak, Sales Director CEE, Flowmon Networks
Monitoring and diagnostics of data infrastructure problems in power engineering Jaroslav Stusak, Sales Director CEE, Flowmon Networks 35,000 kilometers of electric power, which feeds around 740,000 clients...
More informationIt s Flow Time! The Role and Importance of Flow Monitoring in Network Operations and Security
It s Flow Time! The Role and Importance of Flow Monitoring in Network Operations and Security Pavel Minařík, Chief Technology Officer Neutral Peering Days 2018, The Hague Your customers depend on your
More informationOptimizing Security for Situational Awareness
Optimizing Security for Situational Awareness BRIAN KENYON McAfee Session ID: SPO1-106 Session Classification: Intermediate p gg able=network_objects, Operation=Update,Administrator=fwadmin, Machine=cp-mgmt-
More informationGlobal vision. Local knowledge. Cisco Forum Kyiv Country Day Month Year
Global vision. Local knowledge. Cisco Forum Kyiv Country Day Month Year Firepower Next Generation Firewall Subtitle goes here William Young Security Solutions Architect, Global Security Architecture Team
More informationERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016
Abstract The Mirai botnet struck the security industry in three massive attacks that shook traditional DDoS protection paradigms, proving that the Internet of Things (IoT) threat is real and the grounds
More informationData Center Security. Fuat KILIÇ Consulting Systems
Data Center Security Fuat KILIÇ Consulting Systems Engineer @Security Data Center Evolution WHERE ARE YOU NOW? WHERE DO YOU WANT TO BE? Traditional Data Center Virtualized Data Center (VDC) Virtualized
More informationCato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN
Cato Cloud Software-defined and Cloud-based Secure Enterprise Network Solution Brief NETWORK + SECURITY IS SIMPLE AGAIN Legacy WAN and Security Appliances are Incompatible with the Modern Enterprise The
More informationRethinking Security: The Need For A Security Delivery Platform
Rethinking Security: The Need For A Security Delivery Platform Cybercrime In Asia: A Changing Environment & Shifting Focus Asia, more vulnerable to cybercrime because of diversity and breadth of countries
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationStealthwatch Flow Sensor Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0)
Stealthwatch Flow Sensor Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0) Installation and Configuration Guide: Flow Sensor VE v6.9.0 2017 Cisco Systems, Inc. All rights
More informationThreat Defense with Full NetFlow
White Paper Network as a Security Sensor Threat Defense with Full NetFlow Network Security and Netflow Historically IT organizations focused heavily on perimeter network security to protect their networks
More informationWhite Paper. Why IDS Can t Adequately Protect Your IoT Devices
White Paper Why IDS Can t Adequately Protect Your IoT Devices Introduction As a key component in information technology security, Intrusion Detection Systems (IDS) monitor networks for suspicious activity
More informationSecuring Your Amazon Web Services Virtual Networks
Securing Your Amazon Web Services s IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up a workload,
More informationSONICWALL SECURITY HEALTH CHECK PSO 2017
SONICWALL SECURITY HEALTH CHECK PSO 2017 Get help in fully utilizing your investment to protect your network Overview SonicWALL Security Health Check provides a customer with a comprehensive review of
More informationImplementing Cisco Network Security (IINS) 3.0
Implementing Cisco Network Security (IINS) 3.0 COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationForescout. eyeextend for Palo Alto Networks Wildfire. Configuration Guide. Version 2.2
Forescout Version 2.2 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191
More informationHOW TO ANALYZE AND UNDERSTAND YOUR NETWORK
Handbook HOW TO ANALYZE AND UNDERSTAND YOUR NETWORK Part 3: Network Traffic Monitoring or Packet Analysis? by Pavel Minarik, Chief Technology Officer at Flowmon Networks www.flowmon.com In previous two
More informationSecurity Automation. Challenge: Automatizzare le azioni di isolamento e contenimento delle minacce rilevate tramite soluzioni di malware analysis
Security Automation Challenge: Automatizzare le azioni di isolamento e contenimento delle minacce rilevate tramite soluzioni di malware analysis Network Admission Control See Managed Unmanaged Computing
More informationCorrigendum 3. Tender Number: 10/ dated
(A premier Public Sector Bank) Information Technology Division Head Office, Mangalore Corrigendum 3 Tender Number: 10/2016-17 dated 07.09.2016 for Supply, Installation and Maintenance of Distributed Denial
More informationUDP Director Virtual Edition
UDP Director Virtual Edition (also known as FlowReplicator VE) Installation and Configuration Guide (for StealthWatch System v6.7.0) Installation and Configuration Guide: UDP Director VE v6.7.0 2015 Lancope,
More informationPalo Alto Networks PCNSE7 Exam
Volume: 96 Questions Question: 1 Which three function are found on the dataplane of a PA-5050? (Choose three) A. Protocol Decoder B. Dynamic routing C. Management D. Network Processing E. Signature Match
More informationSecurity, Internet Access, and Communication Ports
Security, Internet Access, and Communication Ports The following topics provide information on system security, internet access, and communication ports: Security Requirements Security Requirements, on
More informationHow Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity
How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity Why is the NIST framework important? GOH Seow Hiong Executive Director, Global Policy & Government Affairs, Asia Pacific
More informationStop Threats Before They Stop You
Stop Threats Before They Stop You Gain visibility and control as you speed time to containment of infected endpoints Andrew Peters, Sr. Manager, Security Technology Group Agenda Situation System Parts
More informationSnort: The World s Most Widely Deployed IPS Technology
Technology Brief Snort: The World s Most Widely Deployed IPS Technology Overview Martin Roesch, the founder of Sourcefire and chief security architect at Cisco, created Snort in 1998. Snort is an open-source,
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationSONICWALL SECURITY HEALTH CHECK SERVICE
SonicWall Partner Service Overview SONICWALL SECURITY HEALTH CHECK SERVICE Ensure your SonicWall Investment is fully optimized to protect your network Overview The SonicWall Security Health Check Service
More informationNot your Father s SIEM
Not your Father s SIEM Getting Better Insights & Results Bill Thorn Director, Security Operations Apollo Education Group Agenda Why use a SIEM? What is a SIEM? Benefits of Using a SIEM Considerations Before
More informationCYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta
CYBER ANALYTICS Architecture Overview Technical Brief May 2016 novetta.com 2016, Novetta Novetta Cyber Analytics: Technical Architecture Overview 1 INTRODUCTION 2 CAPTURE AND PROCESS ALL NETWORK TRAFFIC
More informationCisco Network Admission Control (NAC) Solution
Data Sheet Cisco Network Admission Control (NAC) Solution New: Updated to include the Cisco Secure Network Server (SNS) Cisco Network Admission Control (NAC) solutions allow you to authenticate wired,
More informationCisco Advanced Malware Protection. May 2016
Cisco Advanced Malware Protection May 2016 The Reality Organizations Are Under Attack and Malware Is Getting in 95% of large companies targeted by malicious traffic 100% Cybercrime is lucrative, barrier
More informationCheck Point DDoS Protector Introduction
Check Point DDoS Protector Introduction Petr Kadrmas SE Eastern Europe pkadrmas@checkpoint.com Agenda 1 (D)DoS Trends 2 3 4 DDoS Protector Overview Protections in Details Summary 2 (D)DoS Attack Methods
More informationCisco Security Exposed Through the Cyber Kill Chain
Cisco Forschung & Lehre Forum für Mecklenburg Vorpommern Cisco Security Exposed Through the Cyber Kill Chain Rene Straube CSE, Cisco Advanced Threat Solutions January, 2017 The Cisco Security Model BEFORE
More informationSONICWALL SECURITY HEALTH CHECK SERVICE
SonicWall Partner Service Overview SONICWALL SECURITY HEALTH CHECK SERVICE Ensure your SonicWall Investment is fully optimized to protect your network Overview The SonicWall Security Health Check Service
More informationNetwork as a Sensor with Stealthwatch and Stealthwatch Learning Networks for Threat Visibility and Defense Deployment Guide
Cisco Validated design Network as a Sensor with Stealthwatch and Stealthwatch Learning Networks for Threat Visibility and Defense Deployment Guide February 2017 Table of Contents Table of Contents Introduction...
More informationCloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationIncorporating Network Flows in Intrusion Incident Handling and Analysis
Regional Visualization and Analytics Center Incorporating Network Flows in Intrusion Incident Handling and Analysis John Gerth Stanford University gerth@stanford.edu FloCon 2008 1 EE/CS Network Infrastructure
More informationImplementing Cisco Edge Network Security Solutions ( )
Implementing Cisco Edge Network Security Solutions (300-206) Exam Description: The Implementing Cisco Edge Network Security (SENSS) (300-206) exam tests the knowledge of a network security engineer to
More informationCISCO EXAM QUESTIONS & ANSWERS
CISCO 300-206 EXAM QUESTIONS & ANSWERS Number: 300-206 Passing Score: 800 Time Limit: 120 min File Version: 35.2 http://www.gratisexam.com/ Exam Code: 300-206 Exam Name: Implementing Cisco Edge Network
More information