Stealthwatch ülevaade + demo ja kasutusvõimalused. Leo Lähteenmäki

Size: px
Start display at page:

Download "Stealthwatch ülevaade + demo ja kasutusvõimalused. Leo Lähteenmäki"

Transcription

1 Stealthwatch ülevaade + demo ja kasutusvõimalused Leo Lähteenmäki

2 09:00-9:30 Hommikukohv ja registreerimine 09:30 11:15 Stealthwatch ülevaade + demo ja kasutusvõimalused 11:00 11:15 Kohvipaus 11:15 12:00 Cisco pilvepõhised turvalahendused koos demode ja kasutusvõimalustega: Cisco Umbrella/OpenDNS features for web content inspection Next generation malware protection for endpoint and Securing cloud based assets with Cloudlock 12:00 13:00 Lõunasöök Taevas 22. korruse restoranis

3 Overview Stealthwatch for network engineer demo Stealthwatch in security Demo Deployment details

4

5

6

7 Traditional network security model Perimeter security Intranet Big Bad Internet Antivirus

8 US-CERT Recommendations Organizations can no longer rely on perimeter devices to protect the network from cyber intrusions There has never been a greater need to improve network infrastructure security Alert TA16-250A, September 2016 Harden Network Devices Apply software updates/patches Restrict physical access Robust password and encryption policies Validate Integrity of Hardware and Software Buy from Authorized channel; Avoid grey market Inspect for hardware tampering Verify the software has not been modified Implement Supply Chain security

9 Secure digital businesses demand increased visibility KNOW every host RECORD every conversation Understand what is NORMAL Be alerted to CHANGE Respond to THREATS quickly HQ Branch Network Cloud Users Data Center Admin Roaming Users

10 Network Telemetry Telemetry: an automated communications process by which measurements and other data are collected at remote or inaccessible points and transmitted to receiving equipment for monitoring. Talos Endpoint Agent Access Switch Distribution/Core Switch Firewall Proxy Identity Network Devices Isolated knowledge based on function and location AD & DNS Global Intelligence

11 What Is Stealthwatch? Monitor Detect CISCO STEALTHWATCH Analyze Respond Extended Network Cloud Branch Data Center Gain unique visibility across your business Simplify segmentation throughout your networks Address threats faster Enable your network to take action Extend visibility and granular access control to your remote branches Prevent the lateral movement of threats Protect your critical information Simplify policy enforcement and data center segmentation Accelerate incidence response in the data center Gain enhanced visibility into the cloud Make the cloud a part of your segmentation strategy Identify threats quickly and take action

12 Visibility Through Netflow Netflow Provides Flow Information Packets A trace of every conversation in your network SOURCE ADDRESS DESTINATION ADDRESS An ability to collect records everywhere in your network (switch, router, or firewall) Network usage measurements An ability to find north-south as well as east-west communication Lightweight visibility compared to Switched Port Analyzer (SPAN)- based traffic analysis Switches Routers SOURCE PORT DESTINATION PORT 443 INTERFACE Gi0/0/0 IP TOS 0x00 IP PROTOCOL 6 NEXT HOP TCP FLAGS 0x1A SOURCE SGT 100 Indications of compromise (IOC) Security group information Internet : : APPLICATION NAME NBAR SECURE-HTTP URL, AppID,.

13 Stealthwatch System Overview Non-NetFlow-Capable Device SPAN Stealthwatch Flow Sensor Generate NetFlow Stealthwatch Flow Collector NetFlow / NBAR / NSEL Network Devices Collect and analyze Up to 4000 sources Up to 240,000 flows per sec Stealthwatch Management Console Management and reporting Up to 25 FlowCollectors Up to 6 million FPS globally

14 The General Ledger Use Cases Insider Threat Internal User Monitoring Firewall Planning Segmentation Network Operations Network Visualization TrustSec Event Data Security Events Behavioral Analytics Session Data 100% network accountability Client Server Translation Service User Application Traffic Group Mac SGT /tcp Doug http 20M location 00:2b:1f 10 Visibility and Context User Information Interface Information TrustSec Threat Feed Group / NAT/Proxy LAYER 7 Segment Cloud

15 Demo time Stealthwatch for the network engineer

16

17

18

19

20

21

22

23

24

25

26

27

28 High level Solution Overview Context Visibility Flow Sensor End Point ISE Firewall Proxy Flow Sensor Intelligence Host Group and Classification Baselining Algorithms and intelligence Alarming and Reporting Network Packet ISE SIEM / Other Response Mitigation

29 Scaling Visibility: Flow Stitching eth0/1 eth0/2 Unidirectional Flow Records port port 80 Start Time Interface Src IP Src Port Dest IP Dest Port Proto Pkts Sent Bytes Sent 10:20: eth0/ TCP :20: eth0/ TCP Bidirectional Flow Record Conversation flow record Allows easy visualization and analysis Start Time Client IP Client Port Server IP Server Port Proto Client Bytes Client Pkts Server Bytes Server Pkts 10:20: TCP eth0/1 eth0/2 Interfaces

30 Conversational Flow Record Where When Who What Who Highly scalable (enterprise-class) collection High compression => long-term storage Months of data retention More context Security group

31 How could netflow data be useful in security?

32 April 8, 2014: Heartbleed Vulnerability The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by SSL 2014 Lancope, Inc. All rights reserved.

33 Cisco CSIRT Response to Heartbleed Preparation Scanned 1.2M vulnerable servers needed repair Helped develop signatures for Sourcefire and Cisco IDS Deployed signatures to IDS Monitoring and response Discovered 25 attacks: 21 benign, 4 malicious Researched attack via NetFlow analysis to discern normal connections from those that were anomalous and malicious

34 Heartbleed Benign Host

35 Heartbleed Malicious Host

36 Other security use cases Traffic anomaly Denial of service What happened with my customer data?

37 Behavioral Detection Model Detect Behavioral Change Security Events (94 +) Alarm Category Response Addr_Scan Recon Alarm Table Bad_Flag C&C Host Snapshot Beaconing Host Exploitation Bot Infected Host Successful Data Hoarding Syslog/ SIEM Brute Force Login Exfiltration Mitigation Fake Application Policy Violation Flow_Denied DDoS Target ICMP Flood Max Flows Initiated Max Flows Served Suspect Quiet Long Flow Suspect Data Loss SYN Flood UDP Received (+255 custom defined events) As flows are collected, behavioral algorithms are applied to build Security Events. Security Events will add points to an alarm category to allow for easy summarization higher degree of confidence of the type of activity detected:

38 Demo time Stealthwatch for security

39 Stealthwatch Deployment Options Management Console Identity Services ISE Threat Feed License Flow Sensor Non-NetFlow enabled equipment Flow Collector ESX with Flow Sensor VE Legacy Traffic Analysis Software UDP Director NetFlow enabled routers, switches, firewalls

40 Netflow Supported Platforms NetFlow Capable User Switch Router Router Firewall Data Center Switch Catalyst 2K - Flexible Netflow Catalyst 3K - Flexible Netflow Catalyst 3650/ Flexible Netflow Catalyst4500-X - Flexible Netflow Cat4500-E (SUP-8) - Flexible Netflow CAT6000-VS-S2T - Flexible Netflow CAT6880-X - Flexible Netflow CSR 1000v - Flexible Netflow ASA NSEL WLC5520, 5760, 8510, Flexible Netflow UCS VIC 1224/1240/1280/1340/ Flexible Netflow FTD (6.2+) - NSEL WAN NetFlow Exporters 800 Series - Flexible Netflow ISR Flexible Netflow ISR Flexible Netflow ISR Flexible Netflow ISR3845E - Flexible Netflow ISR3925E - Flexible Netflow ISRG2 - Flexible Netflow ISR Flexible Netflow ISR Flexible Netflow ISR Flexible Netflow ISR Flexible Netflow ISR4451-X - Flexible Netflow ASR1K - Flexible Netflow ASR1K-X - Flexible Netflow ASR9K - Netflow v SUP32/MSFC2A - Netflow v SUP720/MSFC3 - Netflow v9 Server Cisco Identity Services Engine N5548P - Sampled Netflow N5596UP - Sampled Netflow N56128P - Sampled Netflow N5624Q - Sampled Netflow N5648Q - Sampled Netflow N5672UP - Sampled Netflow N5696Q - Sampled Netflow N Sampled Netflow N Sampled Netflow N7004-SUP2 - Flexible Netflow N7004-SUP2-NPE - Flexible Netflow N7009-SUP1 - Flexible Netflow N7009-SUP2 - Flexible Netflow N7718-SUP1 - Flexible Netflow N7718-SUP2 - Flexible Netflow N93180YC-EX - Flexible Netflow N93108TC-EX - Flexible Netflow For individual platform features, reference the Cisco Feature Navigator:

41 Meraki MX & Z1 now with NetFlow

42

43 Other sources of telemetry

44 Stealthwatch Proxy License Proxy License Provides Syslog Information Packets HTTP Traffic Visibility TIMESTAMP Analysis continuity User information Management Console Identity Services ISE Threat Feed License ELAPSE TIME SOURCE IP Multi-Vendor Proxy Support SOURCE Port 4567 Cisco WSA DESTINATION IP Bluecoat proxy Squid McAfee Web Gateway SYSLOG Flow Collector DESTINATION PORT 80 BYTES 400 URL USERNAME john

45 Stealthwatch + Packet Analyzer Security Packet Analyzer augments Stealthwatch flow analytics. Enables accelerated incident response based on targeted analysis of packets related to a security alarm or other suspicious activity using a purpose-built Cisco NAM based appliance for robust forensics investigation Security Packet Analyzer Packet Data & Storage Management Console Identity Services ISE Threat Feed License SEC-PA-2400-K9 Flow Collector

46 Cisco AnyConnect Network Visibility Module Enhanced Endpoints Context Collector & Reporting Cisco/Partners Enhance NetFlow records with endpoint/user data with application activity Visibility Auditing Analytics

47 AnyConnect NVM and Stealthwatch nvzflow differs from traditional IPFIX: Records are bi-directional Records produced only at end of flow Records created when client only No packet counts Byte counts are Layer 4 counts IP Address represents local network Stealthwatch Deployment Implications to Stealthwatch: Each endpoint is an exporter End of flow impacts near real-time analysis Lack of packet counts impact multiple algorithms local network address not relevant to enterprise Not all host transactions captured (only client)

48 Introducing the Endpoint Concentrator Global destination for nvzflow records Forward flow records to the Flow Collector nvzflow Stealthwatch Endpoint Concentrator Stealthwatch Flow Collector AnyConnect with Network Visibility Module Appears as a single exporter in the Flow Collector Required in order to collect endpoint flow records Endpoint fields are stitched into flow records

49 Stealthwatch Threat Intelligence License Actionable Threat Intelligence Overview: Team performs feed validation and independent research and analytics Threat Feed Formerly known as SLIC, new behavioral analysis algorithms updated as new threats are discovered; updates performed using the Threat Feed control channel and licensing User Interface Botnet Command & Control Internet Scanning Backscatter (DDoS Victims) Threat research influences continued algorithm development Works with Proxy License Ideally deployed with Flow Sensor(s) Enables alarming within Stealthwatch around: Host interaction with known bad URLs Host interaction with C&C servers Future Plans: Merge with Cisco TALOS for additional threat intelligence context and information

50 Stealthwatch Cloud License Management Console Identity Services ISE Threat Feed License VM Hosts with agent installed Encrypted Tunnel Flow Collector Cloud Concentrator TLS Netflow (IPFIX) Cloud Concentrator Cloud VM Hosts with Agent Running

51 Questions? Monitor Detect CISCO STEALTHWATCH Analyze Respond Extended Network Cloud Branch Data Center Gain unique visibility across your business Simplify segmentation throughout your networks Address threats faster Enable your network to take action Extend visibility and granular access control to your remote branches Prevent the lateral movement of threats Protect your critical information Simplify policy enforcement and data center segmentation Accelerate incidence response in the data center Gain enhanced visibility into the cloud Make the cloud a part of your segmentation strategy Identify threats quickly and take action

Monitoring and Threat Detection

Monitoring and Threat Detection Monitoring and Threat Detection with Netflow Michael Belan Consulting Systems Engineer Cisco GSSO January 2017 AGENDA What is SW? Where does it fit in overall Cisco Security framework? What is SW? What

More information

Cisco Day Hotel Mons Wednesday

Cisco Day Hotel Mons Wednesday Cisco Day 2016 20.4.2016 Hotel Mons Wednesday Three Friends in Security : Identity, Visibility and Enforcement Stop the bad guys immediately György Ács IT Security Consulting Systems Engineer 20 April

More information

Cisco dan Hotel Crowne Plaza Beograd, Srbija.

Cisco dan Hotel Crowne Plaza Beograd, Srbija. Cisco dan 31. 3. 2016. Hotel Crowne Plaza Beograd, Srbija www.ciscoday.com Three Friends in Security : Identity, Visibility and Enforcement Stop the bad guys immediately György Ács IT Security Consulting

More information

Compare Security Analytics Solutions

Compare Security Analytics Solutions Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch

More information

Cisco Stealthwatch Endpoint License with Cisco AnyConnect NVM

Cisco Stealthwatch Endpoint License with Cisco AnyConnect NVM Cisco Stealthwatch Endpoint License with Cisco AnyConnect NVM How to implement the Cisco Stealthwatch Endpoint License with the Cisco AnyConnect Network Visibility Module Table of Contents About This Document...

More information

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics Solution Overview Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics BENEFITS Gain visibility across all network conversations, including east-west and north-south

More information

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Cisco Cloud Security. How to Protect Business to Support Digital Transformation Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,

More information

Cisco Stealthwatch. Internal Alarm IDs 7.0

Cisco Stealthwatch. Internal Alarm IDs 7.0 Cisco Stealthwatch Internal Alarm IDs 7.0 Stealthwatch Internal Alarm IDs Some previously used alarms are now obsolete and no longer listed in this file. 1 Host Lock Violation 5 SYN Flood 6 UDP Flood 7

More information

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

Cisco Cyber Range. Paul Qiu Senior Solutions Architect Cisco Cyber Range Paul Qiu Senior Solutions Architect Cyber Range Service A platform to experience the intelligent Cyber Security for the real world What I hear, I forget What I see, I remember What I

More information

Cyber Threat Defence. Cisco Public BRKSEC Cisco and/or its affiliates. All rights reserved.

Cyber Threat Defence. Cisco Public BRKSEC Cisco and/or its affiliates. All rights reserved. Cyber Threat Defence 2 Abstract Trends such as BYOD and the rise of the Advance Persistent Threat (APT) have led to the erosion of the security perimeter of the enterprise. The Cisco Cyber Threat Defence

More information

plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels

plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels Scrutinizer Competitor Worksheet Scrutinizer Malware Incident Response Scrutinizer is a massively scalable, distributed flow collection system that provides a single interface for all traffic related to

More information

Advanced Threat Defence using NetFlow and ISE

Advanced Threat Defence using NetFlow and ISE Advanced Threat Defence using NetFlow and ISE Matthew Robertson TME, Cisco David Salter Technical Director, Lancope Abstract Trends such as BYOD and the rise of the Advanced Persistent Threat (APT) are

More information

Cisco Cyber Threat Defense Solution 1.0

Cisco Cyber Threat Defense Solution 1.0 Cisco Cyber Threat Defense Solution 1.0 Contents 1. Introduction to the Cisco Cyber Threat Defense Solution 1.0 2. Technical overview of the Cisco Cyber Threat Defense Solution 1.0 3. Using the Cisco Cyber

More information

Subscriber Data Correlation

Subscriber Data Correlation Subscriber Data Correlation Application of Cisco Stealthwatch to Service Provider mobility environment Introduction With the prevalence of smart mobile devices and the increase of application usage, Service

More information

Introduction. Learning Network License Introduction

Introduction. Learning Network License Introduction The following provides an introduction to installing the Cisco Stealthwatch Learning Network License (Learning Network License) platform, installing a controller on an ESXi host, and deploying an agent

More information

Stealthwatch System v6.9.0 Internal Alarm IDs

Stealthwatch System v6.9.0 Internal Alarm IDs Stealthwatch System v6.9.0 Internal Alarm IDs Copyrights and Trademarks 2017 Cisco Systems, Inc. All rights reserved. NOTICE THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE

More information

Detecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0

Detecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0 Detecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0 April 9, 2012 Introduction One of the earliest indicators of an impending network attack is the presence of network reconnaissance.

More information

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

Automated Response in Cyber Security SOC with Actionable Threat Intelligence Automated Response in Cyber Security SOC with Actionable Threat Intelligence while its biggest weakness is lack of visibility: SOCs still can t detect previously unknown threats, which is a consistent

More information

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson THE RSA NETWITNESS SUITE REINVENT YOUR SIEM Presented by: Walter Abeson 1 Reality Goals GOALS VERSUS REALITY OF SIEM 1.0 Single compliance & security interface Analyze & prioritize alerts across various

More information

Seceon s Open Threat Management software

Seceon s Open Threat Management software Seceon s Open Threat Management software Seceon s Open Threat Management software (OTM), is a cyber-security advanced threat management platform that visualizes, detects, and eliminates threats in real

More information

How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption

How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption Nikos Mourtzinos, CCIE #9763 Cisco Cyber Security Sales Specialist April 2018 New

More information

Security Events and Alarm Categories (for Stealthwatch System v6.9.0)

Security Events and Alarm Categories (for Stealthwatch System v6.9.0) Security Events and Alarm Categories (for Stealthwatch System v6.9.0) Copyrights and Trademarks 2017 Cisco Systems, Inc. All rights reserved. NOTICE THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS

More information

Detecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0

Detecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0 Detecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0 April 9, 2012 Comments and errata should be directed to: cyber- tm@cisco.com Introduction One of the most common network

More information

Hidden Figures: Securing what you cannot see

Hidden Figures: Securing what you cannot see Hidden Figures: Securing what you cannot see TK Keanini, Distinguished Engineer Stealthwatch, Advanced Threat Solutions CID-0006 Hello My Name is TK Keanini Keanini (Pronounced Kay-Ah-Nee-Nee) TK: The

More information

Encrypted Traffic Analytics

Encrypted Traffic Analytics Encrypted Traffic Analytics Introduction The rapid rise in encrypted traffic is changing the threat landscape. As more businesses become digital, a significant number of services and applications are using

More information

Cisco Cyber Range. Paul Qiu Senior Solutions Architect June 2016

Cisco Cyber Range. Paul Qiu Senior Solutions Architect June 2016 Cisco Cyber Range Paul Qiu Senior Solutions Architect June 2016 What I hear, I forget What I see, I remember What I do, I understand ~ Confucius Agenda Agenda Cyber Range Highlights Cyber Range Overview

More information

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security EMERGING THREATS & STRATEGIES FOR DEFENSE Paul Fletcher Cyber Security Evangelist @_PaulFletcher Threats by Customer Environment Cloud Environment On Premise Environment 1.96% 0.13% 0.02% application-attack

More information

Cognitive Threat Analytics Tech update

Cognitive Threat Analytics Tech update Cognitive Threat Analytics Tech update Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting Systems Engineer, Cyber Security, Denmark CTA CTA CTA Cognitive Threat Analytics

More information

Security Monitoring with Stealthwatch:

Security Monitoring with Stealthwatch: Security Monitoring with Stealthwatch: The Detailed Walkthrough Matthew Robertson, Technical Marketing Engineer BRKSEC-3014 Cisco Spark How Questions? Use Cisco Spark to chat with the speaker after the

More information

Network Security Monitoring with Flow Data

Network Security Monitoring with Flow Data Network Security Monitoring with Flow Data IT Monitoring in Enterprises NPMD (Network Performance Monitoring & Diagnostics) SNMP basics Flow data for advanced analysis and troubleshooting Packet capture

More information

Cisco Advanced Malware Protection against WannaCry

Cisco Advanced Malware Protection against WannaCry Cisco Advanced Malware Protection against WannaCry "A false sense of security is worse than a true sense of insecurity" Senad Aruc Consulting Systems Engineer Advanced Threats Group Nils Roald Advanced

More information

Stealthwatch and Cognitive Analytics Configuration Guide (for Stealthwatch System v6.10.x)

Stealthwatch and Cognitive Analytics Configuration Guide (for Stealthwatch System v6.10.x) Stealthwatch and Cognitive Analytics Configuration Guide (for Stealthwatch System v6.10.x) Copyrights and Trademarks 2018 Cisco Systems, Inc. All rights reserved. NOTICE THE SPECIFICATIONS AND INFORMATION

More information

Applied Advanced Network Telemetry: ETA and Beyond

Applied Advanced Network Telemetry: ETA and Beyond BRKSEC-2809 Applied Advanced Network Telemetry: ETA and Beyond TK Keanini, Principal Engineer Blake Anderson, Technical Leader Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker

More information

Cisco Encrypted Traffic Analytics Security Performance Validation

Cisco Encrypted Traffic Analytics Security Performance Validation Cisco Encrypted Traffic Analytics Security Performance Validation March 2018 DR180222D Miercom.com www.miercom.com Contents 1.0 Executive Summary... 3 2.0 About the Product Tested... 5 3.0 How We Did It...

More information

Dynamic Datacenter Security Solidex, November 2009

Dynamic Datacenter Security Solidex, November 2009 Dynamic Datacenter Security Solidex, November 2009 Deep Security: Securing the New Server Cloud Virtualized Physical Servers in the open Servers virtual and in motion Servers under attack 2 11/9/09 2 Dynamic

More information

Enhanced Threat Detection, Investigation, and Response

Enhanced Threat Detection, Investigation, and Response Enhanced Threat Detection, Investigation, and Response What s new in Cisco Stealthwatch Enterprise Release 6.10.2 Cisco Stealthwatch Enterprise is a comprehensive visibility and security analytics solution

More information

Cisco Stealthwatch Endpoint License

Cisco Stealthwatch Endpoint License Data Sheet Cisco Stealthwatch Endpoint License With the Cisco Stealthwatch Endpoint License you can conduct in-depth, context-rich investigations into endpoints that exhibit suspicious behavior. In our

More information

Using Lancope StealthWatch for Information Security Monitoring

Using Lancope StealthWatch for Information Security Monitoring Cisco IT Case Study February 2014 How CSIRT uses StealthWatch Using Lancope StealthWatch for Information Security Monitoring How the Cisco Computer Security Incident Response Team (CSIRT) uses Lancope

More information

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Cisco Firepower NGFW. Anticipate, block, and respond to threats Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid

More information

RSA Security Analytics

RSA Security Analytics RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Analyze & prioritize alerts across various sources The cornerstone of security

More information

Battle between hackers and machine learning. Alexey Lukatsky Cybersecurity Business Consultant April 03, 2019

Battle between hackers and machine learning. Alexey Lukatsky Cybersecurity Business Consultant April 03, 2019 Battle between hackers and machine learning Alexey Lukatsky Cybersecurity Business Consultant April 03, 2019 Google: facts and numbers Real Cisco Big Data for Security Training Set Why is Machine Learning

More information

Threat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN)

Threat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN) Threat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN) JP Vasseur, PhD - Cisco Fellow jpv@cisco.com Maik G. Seewald, CISSP Sr. Technical Lead maseewal@cisco.com June 2016 Cyber

More information

Cisco Secure Access Control

Cisco Secure Access Control Cisco Secure Access Control Delivering Deeper Visibility, Centralized Control, and Superior Protection Martin Briand - Security Escalation VSE Global Virtual Engineering Oriol Madriles Soriano Security

More information

Cisco Ransomware Defense The Ransomware Threat Is Real

Cisco Ransomware Defense The Ransomware Threat Is Real Cisco Ransomware Defense The Ransomware Threat Is Real Seguridad Integrada Abril 2018 Ransomware B Malicious Software Encrypts Critical Data Demands Payment Permanent Data Loss Business Impacts Ramifications

More information

SAFE Architecture Guide. Places in the Network: Secure Campus

SAFE Architecture Guide. Places in the Network: Secure Campus SAFE Architecture Guide Places in the Network: Secure Campus January 2018 SAFE Architecture Guide Places in the Network: Secure Campus Contents January 2018 Contents 3 5 8 9 13 15 21 22 25 Overview Business

More information

Aby se z toho bezpečnostní správci nezbláznili Cisco security integrace. Milan Habrcetl Cisco CyberSecurity Specialist Mikulov, 5. 9.

Aby se z toho bezpečnostní správci nezbláznili Cisco security integrace. Milan Habrcetl Cisco CyberSecurity Specialist Mikulov, 5. 9. Aby se z toho bezpečnostní správci nezbláznili aneb Cisco security integrace Aby se z toho bezpečnostní správci nezbláznili Cisco security integrace Milan Habrcetl Cisco CyberSecurity Specialist Mikulov,

More information

SIEM (Security Information Event Management)

SIEM (Security Information Event Management) SIEM (Security Information Event Management) Topic: SECURITY and RISK Presenter: Ron Hruby Topics Threat landscape Breaches and hacks Leadership and accountability Evolution of security technology What

More information

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches

More information

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Cisco Firepower NGFW. Anticipate, block, and respond to threats Cisco Firepower NGFW Anticipate, block, and respond to threats Digital Transformation on a Massive Scale 15B Devices Today Attack Surface 500B Devices In 2030 Threat Actors $19T Opportunity Next 10 Years

More information

Cisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017

Cisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017 Cisco Security Advanced Malware Protection Guillermo González Security Systems Engineer Octubre 2017 The New Security Model Attack Continuum Before During After Before Discover During Detect After Scope

More information

Automated Threat Management - in Real Time. Vectra Networks

Automated Threat Management - in Real Time. Vectra Networks Automated Threat Management - in Real Time Security investment has traditionally been in two areas Prevention Phase Active Phase Clean-up Phase Initial Infection Key assets found in the wild $$$$ $$$ $$

More information

UDP Director Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0)

UDP Director Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0) UDP Director Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0) Installation and Configuration Guide: UDP Director VE v6.9.0 2016 Cisco Systems, Inc. All rights reserved.

More information

Flow Measurement. For IT, Security and IoT/ICS. Pavel Minařík, Chief Technology Officer EMITEC, Swiss Test and Measurement Day 20 th April 2018

Flow Measurement. For IT, Security and IoT/ICS. Pavel Minařík, Chief Technology Officer EMITEC, Swiss Test and Measurement Day 20 th April 2018 Flow Measurement For IT, Security and IoT/ICS Pavel Minařík, Chief Technology Officer EMITEC, Swiss Test and Measurement Day 20 th April 2018 What is Flow Data? Modern method for network monitoring flow

More information

Securing Your Microsoft Azure Virtual Networks

Securing Your Microsoft Azure Virtual Networks Securing Your Microsoft Azure Virtual Networks IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up

More information

Intelligent and Secure Network

Intelligent and Secure Network Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence

More information

Comprehensive datacenter protection

Comprehensive datacenter protection Comprehensive datacenter protection There are several key drivers that are influencing the DDoS Protection market: DDoS attacks are increasing in frequency DDoS attacks are increasing in size DoS attack

More information

Yes, You can protect your endpoints! Szilard Csordas, Security Consultant scsordas [at] cisco.com

Yes, You can protect your endpoints! Szilard Csordas, Security Consultant scsordas [at] cisco.com Yes, You can protect your endpoints! Szilard Csordas, Security Consultant scsordas [at] cisco.com Endpoint Footprint Problem: TOO MANY AGENTS! Anti-Virus/Anti-Spyware agent IPSec/SSLVPN agent Host IPS/FW

More information

Improved C&C Traffic Detection Using Multidimensional Model and Network Timeline Analysis

Improved C&C Traffic Detection Using Multidimensional Model and Network Timeline Analysis Improved C&C Traffic Detection Using Multidimensional Model and Elad Menahem Avidan Avraham Modern Threats Are More Sophisticated & Evasive CYBER KILL CHAIN: Infection Phase Post-Infection Recon Weaponization

More information

Cisco Exam Questions & Answers

Cisco Exam Questions & Answers Cisco 648-385 Exam Questions & Answers Number: 648-385 Passing Score: 800 Time Limit: 120 min File Version: 34.4 http://www.gratisexam.com/ Cisco 648-385 Exam Questions & Answers Exam Name: CXFF - Cisco

More information

ExamTorrent. Best exam torrent, excellent test torrent, valid exam dumps are here waiting for you

ExamTorrent.   Best exam torrent, excellent test torrent, valid exam dumps are here waiting for you ExamTorrent http://www.examtorrent.com Best exam torrent, excellent test torrent, valid exam dumps are here waiting for you Exam : 400-251 Title : CCIE Security Written Exam (v5.0) Vendor : Cisco Version

More information

Network Security: Firewall, VPN, IDS/IPS, SIEM

Network Security: Firewall, VPN, IDS/IPS, SIEM Security: Firewall, VPN, IDS/IPS, SIEM Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr What is a Firewall? A firewall is hardware, software, or a combination of both that is used to prevent unauthorized

More information

Monitoring and diagnostics of data infrastructure problems in power engineering. Jaroslav Stusak, Sales Director CEE, Flowmon Networks

Monitoring and diagnostics of data infrastructure problems in power engineering. Jaroslav Stusak, Sales Director CEE, Flowmon Networks Monitoring and diagnostics of data infrastructure problems in power engineering Jaroslav Stusak, Sales Director CEE, Flowmon Networks 35,000 kilometers of electric power, which feeds around 740,000 clients...

More information

It s Flow Time! The Role and Importance of Flow Monitoring in Network Operations and Security

It s Flow Time! The Role and Importance of Flow Monitoring in Network Operations and Security It s Flow Time! The Role and Importance of Flow Monitoring in Network Operations and Security Pavel Minařík, Chief Technology Officer Neutral Peering Days 2018, The Hague Your customers depend on your

More information

Optimizing Security for Situational Awareness

Optimizing Security for Situational Awareness Optimizing Security for Situational Awareness BRIAN KENYON McAfee Session ID: SPO1-106 Session Classification: Intermediate p gg able=network_objects, Operation=Update,Administrator=fwadmin, Machine=cp-mgmt-

More information

Global vision. Local knowledge. Cisco Forum Kyiv Country Day Month Year

Global vision. Local knowledge. Cisco Forum Kyiv Country Day Month Year Global vision. Local knowledge. Cisco Forum Kyiv Country Day Month Year Firepower Next Generation Firewall Subtitle goes here William Young Security Solutions Architect, Global Security Architecture Team

More information

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016 Abstract The Mirai botnet struck the security industry in three massive attacks that shook traditional DDoS protection paradigms, proving that the Internet of Things (IoT) threat is real and the grounds

More information

Data Center Security. Fuat KILIÇ Consulting Systems

Data Center Security. Fuat KILIÇ Consulting Systems Data Center Security Fuat KILIÇ Consulting Systems Engineer @Security Data Center Evolution WHERE ARE YOU NOW? WHERE DO YOU WANT TO BE? Traditional Data Center Virtualized Data Center (VDC) Virtualized

More information

Cato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN

Cato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN Cato Cloud Software-defined and Cloud-based Secure Enterprise Network Solution Brief NETWORK + SECURITY IS SIMPLE AGAIN Legacy WAN and Security Appliances are Incompatible with the Modern Enterprise The

More information

Rethinking Security: The Need For A Security Delivery Platform

Rethinking Security: The Need For A Security Delivery Platform Rethinking Security: The Need For A Security Delivery Platform Cybercrime In Asia: A Changing Environment & Shifting Focus Asia, more vulnerable to cybercrime because of diversity and breadth of countries

More information

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security

More information

Stealthwatch Flow Sensor Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0)

Stealthwatch Flow Sensor Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0) Stealthwatch Flow Sensor Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0) Installation and Configuration Guide: Flow Sensor VE v6.9.0 2017 Cisco Systems, Inc. All rights

More information

Threat Defense with Full NetFlow

Threat Defense with Full NetFlow White Paper Network as a Security Sensor Threat Defense with Full NetFlow Network Security and Netflow Historically IT organizations focused heavily on perimeter network security to protect their networks

More information

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

White Paper. Why IDS Can t Adequately Protect Your IoT Devices White Paper Why IDS Can t Adequately Protect Your IoT Devices Introduction As a key component in information technology security, Intrusion Detection Systems (IDS) monitor networks for suspicious activity

More information

Securing Your Amazon Web Services Virtual Networks

Securing Your Amazon Web Services Virtual Networks Securing Your Amazon Web Services s IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up a workload,

More information

SONICWALL SECURITY HEALTH CHECK PSO 2017

SONICWALL SECURITY HEALTH CHECK PSO 2017 SONICWALL SECURITY HEALTH CHECK PSO 2017 Get help in fully utilizing your investment to protect your network Overview SonicWALL Security Health Check provides a customer with a comprehensive review of

More information

Implementing Cisco Network Security (IINS) 3.0

Implementing Cisco Network Security (IINS) 3.0 Implementing Cisco Network Security (IINS) 3.0 COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using

More information

Forescout. eyeextend for Palo Alto Networks Wildfire. Configuration Guide. Version 2.2

Forescout. eyeextend for Palo Alto Networks Wildfire. Configuration Guide. Version 2.2 Forescout Version 2.2 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191

More information

HOW TO ANALYZE AND UNDERSTAND YOUR NETWORK

HOW TO ANALYZE AND UNDERSTAND YOUR NETWORK Handbook HOW TO ANALYZE AND UNDERSTAND YOUR NETWORK Part 3: Network Traffic Monitoring or Packet Analysis? by Pavel Minarik, Chief Technology Officer at Flowmon Networks www.flowmon.com In previous two

More information

Security Automation. Challenge: Automatizzare le azioni di isolamento e contenimento delle minacce rilevate tramite soluzioni di malware analysis

Security Automation. Challenge: Automatizzare le azioni di isolamento e contenimento delle minacce rilevate tramite soluzioni di malware analysis Security Automation Challenge: Automatizzare le azioni di isolamento e contenimento delle minacce rilevate tramite soluzioni di malware analysis Network Admission Control See Managed Unmanaged Computing

More information

Corrigendum 3. Tender Number: 10/ dated

Corrigendum 3. Tender Number: 10/ dated (A premier Public Sector Bank) Information Technology Division Head Office, Mangalore Corrigendum 3 Tender Number: 10/2016-17 dated 07.09.2016 for Supply, Installation and Maintenance of Distributed Denial

More information

UDP Director Virtual Edition

UDP Director Virtual Edition UDP Director Virtual Edition (also known as FlowReplicator VE) Installation and Configuration Guide (for StealthWatch System v6.7.0) Installation and Configuration Guide: UDP Director VE v6.7.0 2015 Lancope,

More information

Palo Alto Networks PCNSE7 Exam

Palo Alto Networks PCNSE7 Exam Volume: 96 Questions Question: 1 Which three function are found on the dataplane of a PA-5050? (Choose three) A. Protocol Decoder B. Dynamic routing C. Management D. Network Processing E. Signature Match

More information

Security, Internet Access, and Communication Ports

Security, Internet Access, and Communication Ports Security, Internet Access, and Communication Ports The following topics provide information on system security, internet access, and communication ports: Security Requirements Security Requirements, on

More information

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity Why is the NIST framework important? GOH Seow Hiong Executive Director, Global Policy & Government Affairs, Asia Pacific

More information

Stop Threats Before They Stop You

Stop Threats Before They Stop You Stop Threats Before They Stop You Gain visibility and control as you speed time to containment of infected endpoints Andrew Peters, Sr. Manager, Security Technology Group Agenda Situation System Parts

More information

Snort: The World s Most Widely Deployed IPS Technology

Snort: The World s Most Widely Deployed IPS Technology Technology Brief Snort: The World s Most Widely Deployed IPS Technology Overview Martin Roesch, the founder of Sourcefire and chief security architect at Cisco, created Snort in 1998. Snort is an open-source,

More information

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security

More information

SONICWALL SECURITY HEALTH CHECK SERVICE

SONICWALL SECURITY HEALTH CHECK SERVICE SonicWall Partner Service Overview SONICWALL SECURITY HEALTH CHECK SERVICE Ensure your SonicWall Investment is fully optimized to protect your network Overview The SonicWall Security Health Check Service

More information

Not your Father s SIEM

Not your Father s SIEM Not your Father s SIEM Getting Better Insights & Results Bill Thorn Director, Security Operations Apollo Education Group Agenda Why use a SIEM? What is a SIEM? Benefits of Using a SIEM Considerations Before

More information

CYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta

CYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta CYBER ANALYTICS Architecture Overview Technical Brief May 2016 novetta.com 2016, Novetta Novetta Cyber Analytics: Technical Architecture Overview 1 INTRODUCTION 2 CAPTURE AND PROCESS ALL NETWORK TRAFFIC

More information

Cisco Network Admission Control (NAC) Solution

Cisco Network Admission Control (NAC) Solution Data Sheet Cisco Network Admission Control (NAC) Solution New: Updated to include the Cisco Secure Network Server (SNS) Cisco Network Admission Control (NAC) solutions allow you to authenticate wired,

More information

Cisco Advanced Malware Protection. May 2016

Cisco Advanced Malware Protection. May 2016 Cisco Advanced Malware Protection May 2016 The Reality Organizations Are Under Attack and Malware Is Getting in 95% of large companies targeted by malicious traffic 100% Cybercrime is lucrative, barrier

More information

Check Point DDoS Protector Introduction

Check Point DDoS Protector Introduction Check Point DDoS Protector Introduction Petr Kadrmas SE Eastern Europe pkadrmas@checkpoint.com Agenda 1 (D)DoS Trends 2 3 4 DDoS Protector Overview Protections in Details Summary 2 (D)DoS Attack Methods

More information

Cisco Security Exposed Through the Cyber Kill Chain

Cisco Security Exposed Through the Cyber Kill Chain Cisco Forschung & Lehre Forum für Mecklenburg Vorpommern Cisco Security Exposed Through the Cyber Kill Chain Rene Straube CSE, Cisco Advanced Threat Solutions January, 2017 The Cisco Security Model BEFORE

More information

SONICWALL SECURITY HEALTH CHECK SERVICE

SONICWALL SECURITY HEALTH CHECK SERVICE SonicWall Partner Service Overview SONICWALL SECURITY HEALTH CHECK SERVICE Ensure your SonicWall Investment is fully optimized to protect your network Overview The SonicWall Security Health Check Service

More information

Network as a Sensor with Stealthwatch and Stealthwatch Learning Networks for Threat Visibility and Defense Deployment Guide

Network as a Sensor with Stealthwatch and Stealthwatch Learning Networks for Threat Visibility and Defense Deployment Guide Cisco Validated design Network as a Sensor with Stealthwatch and Stealthwatch Learning Networks for Threat Visibility and Defense Deployment Guide February 2017 Table of Contents Table of Contents Introduction...

More information

CloudSOC and Security.cloud for Microsoft Office 365

CloudSOC and  Security.cloud for Microsoft Office 365 Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed

More information

Incorporating Network Flows in Intrusion Incident Handling and Analysis

Incorporating Network Flows in Intrusion Incident Handling and Analysis Regional Visualization and Analytics Center Incorporating Network Flows in Intrusion Incident Handling and Analysis John Gerth Stanford University gerth@stanford.edu FloCon 2008 1 EE/CS Network Infrastructure

More information

Implementing Cisco Edge Network Security Solutions ( )

Implementing Cisco Edge Network Security Solutions ( ) Implementing Cisco Edge Network Security Solutions (300-206) Exam Description: The Implementing Cisco Edge Network Security (SENSS) (300-206) exam tests the knowledge of a network security engineer to

More information

CISCO EXAM QUESTIONS & ANSWERS

CISCO EXAM QUESTIONS & ANSWERS CISCO 300-206 EXAM QUESTIONS & ANSWERS Number: 300-206 Passing Score: 800 Time Limit: 120 min File Version: 35.2 http://www.gratisexam.com/ Exam Code: 300-206 Exam Name: Implementing Cisco Edge Network

More information