Internet Behavioral Analytics (IBA) using Self Learning Networks. JP Vasseur, PhD, Cisco Fellow BRKSEC-3056
|
|
- Alisha Malone
- 6 years ago
- Views:
Transcription
1
2 Internet Behavioral Analytics (IBA) using Self Learning Networks JP Vasseur, PhD, Cisco Fellow BRKSEC-3056
3 Agenda Why a predictive analytics approach for next generation security? Security Trends Advanced Malware Self Learning Networks (SLN) Internet Behavioral Analytics (IBA) Architectural Overview Anomaly Detection (AD) A slightly deeper Dive into SLN Analytics (Machine Learning Engines) Building Contexts! Conclusion Visualization and Demo
4 Why a predictive analytics approach for next generation security? Multi-layered defense architectures no longer sufficient to prevent breaches caused by advanced malware... No longer a question of if or when but where... Many of the well-known assumptions are no longer true Attacks come from the outside, are deterministic attacks and well understood attacks (Advanced multi-vector,...) Attacks are more and more subtle (Hard to detect...) Signature-based attacks hardly scale facing subtle and mutating attacks (polymorphic malwares,...), Dramatic increase of the number of 0-day attacks,
5 Why a new predictive analytics approach for next generation security? If we agree that... Existing defense layers cannot block attackers Attacks are multi-vector, highly sophisticated, and mutating Internal systems are compromised... What do we do? This what the payment industry has been using for years! => not just avoiding fraud but reducing risk Make Detection much more effective (use of predictive behavioral analytics) Ubiquitous (distributed) Detect and React quickly (towards a next-gen control architecture)
6 Is it simply a big data problem?
7 What is a Self Learning Network (SLN)? Request(s) Arrival Queue Selec on Process PCE Selector Request cancelled if EPR>k*MTR Op onal packing (correlated requests) Es ma on of the EPR Pre-processing pipeline Preemp on 0 Decreasing bw requirement size Preemp on 7 Dynamic priority increase based on EPR and wai ng me x ~( l) in, j Analytics d dx f ( l) j x n j i 1 ( l ) ( l 1) j, i x out, i PCE Scheduler High Priority Low Priority High Priority Low Priority Reroute Reop miza on Advanced Networking Cisco s Self Learning Networks Why learning? The network is truly adaptive thanks to advanced analytics Why a paradigm shift? Move from Trial-and-Error model to a proactive approach using models built using advanced analytics The hard part is not just the analytics but the underlying architecture for self-learning and the how to
8 Network Edge (LAN, WPAN) Private/Public Network Datacenter and cloud SLN Architecture SLN Central Engine (SCA) Controller Orchestration and interaction with remote learning agents (DLA) Advanced Visualization Centralized policy Distributed Learning Agent SLN Architecture VPN, Public Internet DLA DLA Granular data collection with knowledge extraction (Lightweight) analytics and learning Edge Control Architecture (ECA): autonomous embedded control, fast close loop, advanced networking control (police, shaper, recoloring, redirect,...) Application hosted devices (SDN)
9 Self Learning Networks Initial Deployment Scenarios March 14 Internet Behavioral Analytics (IBA) For Security IWAN Path Optimization IoT/IoE Network Behavioral Analytics for detection of 0-day attacks and various network anomalies Auto learn new threats Massively Distributed, Global, real-time protection Cisco Internet Behavioral Analytics Predict network behavior and traffic patterns based on multivariable and timebased modeling Automatically select and optimize network path in real-time, based on Business SLAs Predictive models for large scale networks, enable: High performance High Resiliency
10 Security Trends Advanced Malware
11 (Distributed) Denial-of-Service Attacks Botnet Attacker Botnet Attacker App-Layer Internet C&C Server Reflectors Internet C&C Server Exhaustion Volumetric Volumetric Direct attack: originates from compromised hosts (or directly from attacker) Reflection attack: send spoofed request to vulnerable server, response goes to victim Amplification attack: small request produces large reply small attack B/W required
12 An example... The Internet of Things Technical challenges in IoT networks: Connectivity is inherently unstable Limited bandwidth Constrained nodes Harsh environment Hyper-scale Randomness and unpredictability Other challenges: determinism, etc.... Deployed IoT network, 800 nodes, April 2013 How do we detect anomalies in IoT networks without edge analytics?
13 APIC NMS DoS attack: Signal Jamming in IoE networks Public/Private Cellular (3G) Route r Scenario : An attacker emits an interfering RF signal whenever it detects jammer activity Interference makes the frame impossible to decode (same as in case of a collision) The attacker can switch targets in order to cause routing oscillations WPAN: 3400 nodes????????? Situation as of today Large Scale LLN prone to DoS attacks! No need to obfuscate the whole spectrum: transmitting at a bit rate of less than 1kbps, a jammer can make the reception success rate drop dramatically A low-end IoT node with modified firmware is sufficient for such a DoS attack
14 Evolution of C&C using DGA algorithm Objective: C2 channel used to use a list of hard coded addresses... Objective of DGA (aka Domain Fluxing) based malware: dynamically generate a domain name the attacker would have registered (usually 1h before) => increase resiliency against static reputation defensive systems. DGA algorithms use date, time and seed value to generate and test a list of candidate domains (to check whether a C&C server is available). Most abused Top Level Domain (TLD) are.com,.ru and.com. Damballa performed DNS passive analysis (PushDo Malware): 1,380 domains generated per day (inferred periodicity close to one day!). The malware will generate fake traffic to legitimate web sites in an attempt to mask its command and control communications, with 200 domain names to contact including many universities and Internet Service Providers... In another method of obfuscation, the command and control servers will also respond with a jpeg image with encrypted, embedded malware payloads to hide any additional files it wants to download
15 Evolution of C&C using Peer to Peer network (P2P Network) First version of Zeus based on centralized C&C server (2007), then moved to P2P (called P2P Zeus or Zeus Gameover). Used both for Malware dropping, DDoS,... The overall P2P Zeus network (~ 200K bots) divided in sub-botnet (hard coded by an ID) controlled by individual botnet master: 1) Bots use the P2P network to exchange binaries and configuration, 2) Exchange list of proxy bots where stolen data can be sent and command can be received P2P Zeus makes use of a DGA should the P2P network be disrupted Actual C2 layer... C2 proxy layer: dedicated HTTP server (no bots) communicating with proxybot Periodically a subset of bots are assigned the status of proxybot (botmaster pushing crypto signed announcement) => used to fetch command and drop stolen data Sub-botnets
16 Evolution of C&C: Fast Flux DNS - Single Flux Infected host queries DNS for C&C server FQDN Hardcoded or from Domain Generation Algorithm (DGA) Authoritative DNS for C&C domain is controlled by the botnet master DNS reply has very short TTL (a few minutes) Uses botnet members as C&C relays Cycles very quickly through C&C relay hosts (based on availability, connection quality,...) Greatly reduces possibility of C&C server takedown Rapidly-changing, optimized set of C&C endpoints Still possible to take down the C&C DNS server(s) Root DNS Query: domain botnet.tld Response: ask ns.botnet.tld ( ) Infected Host C&C Relay 1 ( ) Internet Query: cc.botnet.tld Response: Query: cc.botnet.tld Response: C&C Relay 2 ( ) Real C&C Server Botnet Master DNS Server for C&C domain (ns.botnet.tld, )
17 Evolution of C&C: Fast Flux DNS - Double Flux Same as Simple Flux with addition of rapidly changing authoritative DNS for C&C domain Botnet Master updates low-ttl NS entries through permissive DNS registrar Use some botnet members as DNS relays, and others as C&C relays (2 layers) Massively complicates botnet takedown Think of botnet combining Fast Flux double Flux with DGA, and possibly other techniques such as Peer-to-Peer Root DNS Query: domain botnet.tld Response: ask ns.botnet.tld ( ) Infected Host Query: cc.botnet.tld Response: C&C Relay 1 ( ) DNS Relay 1 ( ) Internet C&C Relay 2 ( ) DNS Relay 2 ( ) Real C&C Server Botnet Master Real DNS Server
18 Botnets and Data Ex-Filtration Techniques Size can range from thousands to millions of compromised hosts Botnet can cause DDoS & other malicious traffic (spam,...) to originate from the inside of the corporate network C&C (C2) servers become increasingly evasive Fast Flux Service Networks (FFSN), single or double Flux DGA-based malware (Domain Generation Algorithms) DNS Tunneling Peer-to-Peer (P2P) protocols Anonymized services (Tor) Steganography, potentially combined with Cryptography Social media updates or messages Mixed protocols... Timing Channels Internet C&C Server(s)
19 Self Learning Networks (Internet Behavioral Analytics) Architectural Overview
20 Network Edge (LAN, WPAN) Private/Public Network Datacenter and cloud Controller infrastructure Plugin RESTful HTTP API API To SCA Plugin SLN Architecture (APIC-EM) (DLA) Orchestration and interaction with remote learning agents (DLA) Host- HTTP server (user interface) AD Advanced Visualization CPU-intensive Learning Centralized policy DLA Distributed Learning Agent Abstracted Network Characteristics Receive Network Data (NetFlow, ART, Media Metrics) Network Element (e.g. Cisco Router) e.g. NetFlow Exporter SLN Central Engine (SCA) Northbound API MLM Updates Distributed Learning Component (DLC) Traffic- AD Network Sensing Component (NSC) Grap h-ad Network Data Sources VPN, Public Internet DLA DQoS API Receive Network Data Predictive Control Module (PCM) ABR API Network Control Component (NCC) Alerts, Predictions, Recommended Actions, Trending Data Modify Network x ~( l) Modify in, j Network Behavior DCAC API DLA x Distributed Learning Agent Granular (OnePK) data Behavior collection with knowledge extraction (Lightweight) analytics and learning Autonomous e.g. embedded control, fast close loop, OnePK API Advanced mitigation (police, shaper, recoloring, DLA redirect,...) Application hosted devices (SDN) d dx f ( l) j n j i 1 ( l ) ( l 1) j, i x out, i
21 SLN Architecture: Network Sensing Component Receives Network and Network Element Data from Various Sources on the Local Router NetFlow Data from Appropriate Interfaces to achieve IP address visibility Interface Counters Network Element CPU, Memory, NetFlow Exporter status, other status Processes and Forwards Data to Machine Learning Modules for Analysis Internet NAT Main office
22 Looking at the network under every angle Graph-based modeling (GraphAD) Structural changes and lateral movements Suspicious patterns (exfiltration) App-based modeling (AppAD) Host-based modeling (HostAD) Changes in application behavior Unusual patterns of application usage Suspicious host and user activities Misconfigurations and software bugs
23 Edge Control Architecture Controller Honeypot (forensic Analysis) SCA DSCP Rewrite, CBWFQ Shaping VPN, Public Internet DSCP Rewrite, CBWFQ Divert/Redirect (GRE Tunnel) Volumetric DDoS DLA Control policy DLA hosts record Smart Traffic flagging According to {Severity, Confidence, Anomaly_Score) DNS HTTP applications Traffic segregation & selection Smart Flagging Network-centric control (shaping, policing, divert/redirect)
24 Motivations for Distributed Edge Analytics and Control Data is consumed locally (no impact on WAN bandwidth!) => the amount of data that would have to be sent in the cloud is, in many cases, a non-starter Granularity: allowing for findings anomalies related to granular data => required to detect evasive attacks Visibility: traffic does not systemically transit through the data center Access to data only available locally (e.g. DPI, network states,...) Each DLA builds its own model (no one sixe-fits-all) Local context (from ISE,...) Privacy: a major plus since privacy may be violated if user data is sent to the DC and/or cloud Complementary to other approaches: does not replace FW/IPS, centralized analytics,...
25 Visualization
26 SLN Visualization Why is it Hard? Challenge of extracting the complexity of analytics into data exploitable by NoC and SoC engineers Must be intuitive, rich of multiple levels of information and still not confusing Level-1: High Level Dashboard Visualize state of the network Keep an eye on any change, be warned of anomalies in real-time Level-2: Interactive Map with SLN semantic and tools Replay network activity related to the anomaly Instantly mitigate related flows
27 Control the sensitivity of the system (triggers complex mechanics underneath) Real-time Gauge indicative of the learning state of the system
28
29
30 Visualization
31 Anomaly Detection
32 Internet Behavioral Analytics What is an anomaly? A pattern in data that does not conform to an expected (normal observed/learned) behavior Challenges: One main challenge is that the data often comes without any class labels, that is, the ground truth of which data instances are anomalous and non-anomalous does not exist Define a normal region in a multi-dimensional space is hard (boundaries are generally not precise) Malicious actions try to adapt to look as normal Normal behaviors keep evolving (adaptive models are required) Anomaly differ according to the application Usually lack of labeled data for training and validation models Hard to differentiate noise and actual anomalies p 3 p 2 p 1
33 On mathematical models... Machine Learning: refers to a number of algorithms and models (a subset of Artificial Intelligence) Science Fiction? Not at all! Machine Learning is being used in a number of fields: aircraft, healthcare, predictions of many kinds,... No one size fits all... Usually a combination of algorithms, which used together, provide a very powerful adaptive approach... Learning at the edge of the network (SLN) makes it even harder... Implies on-line learning with limited storage and CPU processing to achieve reactiveness and scalability Number of in-house algorithms developed by Cisco over the past two years for Self Learning Networks
34 NFL Theorem (No Free Lunch) in Machine Learning We have dubbed the associated results NFL theorems because they demonstrate that if an algorithm performs well on a certain class of problems then it necessarily pays for that with degraded performance on the set of all remaining problems. (Wolpert and Macready)
35 Beyond security anomalies... Security threat Detection of known and unknown attacks patterns (no static signatures) leading to modifying the behavior of a host in terms of traffic patterns, graphs structure, etc. Data ex-filtration thanks to a C2 channel, Lateral movements, (Distributed) Denial of Service (DoS) Misbehaving Devices (Non legit) use of (massive) undesirable scanning in the network Software defect (e.g. a switch or router dropping packet because of a corrupted RIB/FIB or the presence, persistent loop by a routing protocol hitting a corner case) Behavioral Changes Introduction of a new networking or enddevice configuration, Deployment of a new application may lead to dramatic behavioral changes Misconfigured devices Configuration change: misconfigured ACL, route redistribution policy, QoS policy maps,...
36 Does the concept of False Positive make any sense?
37 Does the concept of False Positive make any sense? False Positive: anomaly raised by the system that the user considers non anomalous Technically speaking Behavioral Analytics detects abnormal behaviors (non expected/modeled events), which may or may not be of interest What matters... Is to perform proper modeling and learn the events of interest for the user This makes the notion of FP totally subjective! Solutions: Perform proper modeling.. This is the base (still HARD to do but a MUST), Allow for control of system sensitivity Allow for user feed-back in order to determine which profiles of anomalies are of interest
38 A Slightly Deeper Dive into SLN Analytics (Machine Learning Engines)
39 Learning at the edge: processing pipeline Sensing Sensing Sense network dynamics through Netflow, DPI and local network element states. Scoping Establish the likely root cause of the detected deviations. Scoping Features Features Extract measurable characteristics of the network state. Detection Identify relevant deviations from the normal behavior. Detection Modeling Modeling Construct a statistical model of the normal traffic and network dynamics.
40 Feature construction Raw data (Netflow, DPI, local states) Sensing Highdimensional vector Features Features Statistical moments (mean, standard deviation, skewness, percentiles), derivatives and entropy of key metrics such as: Number of flows Traffic volume (in bytes, in packets) Application breakdowns Transport protocol flags DNS queries and requests Number of sources, destinations Source and destination ports
41 GraphAD: Aggregation Communication between hosts in a network can be viewed as a directed graph /24 SENSITIVE REGION JAPAN Graph structure can be used to infer anomalous behaviors not visible at the host-level only: e.g., scanning/malwar e propgation behaviour FRANCE /24 CALIFORNIA NEW YORK GERMANY Detect subtle and unusual patterns in the graph structure, including stealthy and unusual interactions between sensitive countries!
42 GraphAD: Surprising Interactions Traffic Matrix /24 SENSITIVE REGION surprising interaction JAPAN /24 FRANCE NEW YORK unsurprising CALIFORNIA GERMANY interaction Traffic matrix input: probabilistic estimate of interaction frequency Fit a graph model: representation of interactions between graph regions Interaction scoring: based on graph model, measure the surprise of a conversation
43 Host-based Anomaly Detection Features belong to a high-dimensional (hundreds of dimensions) space They are studied jointly with few underlying statistical hypotheses in an efficient way from a computational point of view Features vectors are decomposed into elementary pieces of normal behavior, among a large (> 100) number of possibilities, in the most efficient way possible in terms of required CPU The wider the discrepancy between the observation and the reconstruction, the more anomalous is deemed the observation The system auto-adapt to new normal learned behavior
44 HostAD: Fundamentals HOST WITH MANY NEIGHBORS RECEIVING MANY HTTP FLOWS HOST WITH FEW NEIGHBORS EMITTING FEW HTTP BYTES Behaviors contribute to a set of words (dictionary) Behavioral model (dictionary) HOST MANY FEW DESTINATIONS BYTES HTTP CLIENT MANY SOURCES ICMP FLOWS Behaviors of hosts are observed as a sentence (i.e.sequence of words) Behaviors are evaluated by trying to explain their behavior based on the model HOST WITH FEW NEIGHBORS RECEIVING MANY HTTP FLOWS Hosts whose behavior cannot be explained (i.e., reconstructed) point to an anomaly
45 HostAD: words as high-dimensional vectors Input features 1. Number of flows per source Host-based 2. Number of flows per destination observer 3. Number of unique Network destination IP addresses Element 4. Number of unique source IP addresses 5. Number of unique source ports 6. Number of unique destination ports 7. Entropy of source ports 8. Entropy of destination ports 9. Proportion of HTTP source ports 10. Proportion of HTTP destination ports 11. Proportion of DNS source ports 12. Proportion of DNS destination ports 13. Number of bytes as source 14. Number of bytes as destination 15. Number of DNS requests 16. Number of DNS replies Feature Constructor Dataset (one feature vector per observation of each host) Feature Vector (32 dimensions)
46 Reconstruction error HostAD: Reconstruction Error original Dictionary of 25 words 32-dimensional vectors shown in 3 dimensions reconstruction error = original The dictionary contains the reconstruction most representative vectors of the whole dataset (i.e., that allow for the best reconstruction of all other vectors). error = 24.28
47 AppAD: Principles Individual application dynamics are modeled using sparse autoencoders Normal, usual application dynamics can be accurately reconstructed Abnormal and unusual application dynamics lead to large reconstruction errors, which are the hallmark of anomalies Network Element HTTP traffic DNS traffic ICMP traffic HTTP features DNS features ICMP features HTTP model DNS model ICMP model Input features (per application) 1. Number of active flows 2. Number of flows opened recently 3. Number of bytes scores 4. Number of packets Inactive neurons (sparsity) 5. Number of unique source/destination IP addresses 6. Number of unique source/destination ports input output 7. Number (original) of flows per source (reconstructed) 8. Number features of flows per destination High features 9. Number of flows per dimensionality pair of hosts code 10. Number of new correspondants in the last hour ENCODING DECODING
48 MSE Residuals High-dimensional code AppAD: Reconstruction Error Inactive neurons (sparsity) Sparse Activation Time Reconstruction Error input (original) features ENCODING High dimensionality code output (reconstructed) features DECODING Time
49 What is Deep Learning? Deep Learning denotes a branch of machine learning that tries to model high-level representations of data using models with many layers and a high number of non-linear transformations There exist supervised and unsupervised Deep Learning algorithms The most successful Deep Learning architectures involve Artificial Neural Networks The best performances in recent machine learning challenges (such as the ImageNet Challenge) are achieved by Deep Learning algorithms, in particular by ANN-based Deep Learning architectures
50 On the use of Deep Neural Networks Input Features Detected Pattern Goal: detect subtle, yet generic patterns via a pre-trained Deep Neural Network (DNN) Pre-training is performed using a very large quantity of data that include many different scenarios of attack and background traffic Each model contains hundreds of thousands of neural connections. Deep ANN
51 Building Contexts!
52 Building contexts SLN is not a solution providing cryptic alarms resulting from analytics on Netflow Contexts is built thanks to several components: Internal data feed: Netflow but also (on-the-fly) Deep Packet Inspection (e.g. DNS) External data feeds: User names, location, authentication logs, types of devices (profiling)... Using ISE Address allocation... Using DHCP logs Location tracking Activity... DNS logs Threat intelligence feed (reputation,...) Local on-device analytics with FireAmp (e.g. files trajectory, I/O,...)
53 Moderator: Network context maker Detections typical traits are mapped to network tags Typical network-centric metrics are rebuilt from anomaly traits Knowledge map is build upon ML + Networking expertise Knowledge map involved in building Network-centric anomaly tags Network-centric metrics K-map hand crafted by experts Validated on several real networks Tunable
54 A fully integrated architecture... Building anomaly context WWW URL Filtering (Subscription) Intrusion Prevention (Subscription) Distributed Learning Agent Clustering & High Availability ISE Network Firewall Routing Switching Application Visibility & Control FireSIGHT Analytics & Automation Advanced Malware Protection (Subscription)
55 Conclusion Cisco IBA SLN Central Engine (SCA) Internet Cisco IBA Cisco Value Proposition The network-based data is analyzed locally by a Cisco application (SLN) using advanced and lightweight analytics Disruptive approach for Malware detection using behavioral analytics, heavily relying on dynamic learning, fully auto-adaptive The router can perform mitigation The problem is hard (lightweight, distributed) but only scalable architecture available on the market!
56 Participate in the My Favorite Speaker Contest Promote Your Favorite Speaker and You Could Be a Winner Promote your favorite speaker through Twitter and you could win $200 of Cisco Press products (@CiscoPress) Send a tweet and include Your favorite speaker s Twitter handle <Speaker enter your Twitter handle here> Two hashtags: #CLUS #MyFavoriteSpeaker You can submit an entry for more than one of your favorite speakers Don t forget to View the official rules at
57 Complete Your Online Session Evaluation Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card. Complete your session surveys though the Cisco Live mobile app or your computer on Cisco Live Connect. Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online
58 Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Table Topics Meet the Engineer 1:1 meetings Related sessions
59 Thank you
60
Self Learning Networks An Overview
Self Learning Networks An Overview Alvaro Retana aretana@cisco.com Distinguished Engineer, Cisco Services Slides by JP Vasseur and Jeff Apcar. What Self Learning Networks is About SLN is fundamentally
More informationThreat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN)
Threat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN) JP Vasseur, PhD - Cisco Fellow jpv@cisco.com Maik G. Seewald, CISSP Sr. Technical Lead maseewal@cisco.com June 2016 Cyber
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationResilient WAN and Security for Distributed Networks with Cisco Meraki MX
Resilient WAN and Security for Distributed Networks with Cisco Meraki MX Daghan Altas, Director of Product Management BRKSEC-2900 Agenda Problem Cisco CNG Live network creation demo (45m) Product Brief
More informationIntelligent WAN Sumanth Kakaraparthi Principal Product Manager PSOCRS-2010
Intelligent WAN Sumanth Kakaraparthi Principal Product Manager PSOCRS-2010 Agenda Challenges Architectures Cisco IWAN Proof Points Challenges Application landscape is changing Applications Are Moving to
More informationBasic Concepts in Intrusion Detection
Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification
More informationERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016
Abstract The Mirai botnet struck the security industry in three massive attacks that shook traditional DDoS protection paradigms, proving that the Internet of Things (IoT) threat is real and the grounds
More informationKey Security Measures to Enable Next-Generation Data Center Transformation
Key Security Measures to Enable Next-Generation Data Center Transformation Bill McGee Senior Manager, Security Solutions Cisco Systems, Inc. Agenda Data Center Security Challenges Secure DC Strategies
More informationBeyond Blind Defense: Gaining Insights from Proactive App Sec
Beyond Blind Defense: Gaining Insights from Proactive App Sec Speaker Rami Essaid CEO Distil Networks Blind Defense Means Trusting Half Your Web Traffic 46% of Web Traffic is Bots Source: Distil Networks
More informationDetect Cyber Threats with Securonix Proxy Traffic Analyzer
Detect Cyber Threats with Securonix Proxy Traffic Analyzer Introduction Many organizations encounter an extremely high volume of proxy data on a daily basis. The volume of proxy data can range from 100
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationVirtualized Video Processing: Video Infrastructure Transformation Yoav Schreiber, Product Marketing Manager, Service Provider Video BRKSPV-1112
Toonces LOOK OUT! Virtualized Video Processing: Video Infrastructure Transformation Yoav Schreiber, Product Marketing Manager, Service Provider Video BRKSPV-1112 Agenda Video Industry Evolution and Challenges
More informationTOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS
TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS 1 Introduction Your data and infrastructure are at the heart of your business. Your employees, business partners, and
More informationplixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels
Scrutinizer Competitor Worksheet Scrutinizer Malware Incident Response Scrutinizer is a massively scalable, distributed flow collection system that provides a single interface for all traffic related to
More informationProtecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper
Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges
More informationDMVPN for R&S CCIE Candidates Johnny Bass CCIE #6458
DMVPN for R&S CCIE Candidates Johnny Bass CCIE #6458 BRKCCIE-3003 @CCIE6458 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public About the Presenter Johnny Bass Networking industry since
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationDeploying Intrusion Prevention Systems
Deploying Intrusion Prevention Systems Gary Halleen Consulting Systems Engineer II Agenda Introductions Introduction to IPS Comparing Cisco IPS Solutions IPS Deployment Considerations Migration from IPS
More informationHOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL
HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL CONTENTS EXECUTIVE SUMMARY 1 WEB APPLICATION SECURITY CHALLENGES 2 INSIST ON BEST-IN-CLASS CORE CAPABILITIES 3 HARNESSING ARTIFICIAL INTELLIGENCE
More informationDMVPN for R&S CCIE Candidates
DMVPN for R&S CCIE Candidates Johnny Bass CCIE #6458 BRKCCIE-3003 @CCIE6458 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public About the Presenter Johnny Bass Networking industry since
More informationCisco Cloud Security. How to Protect Business to Support Digital Transformation
Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,
More informationProtect vital DNS assets and identify malware
N2 THREATAVERT Protect vital DNS assets and identify malware Service Providers recognize network security drives brand equity because it directly impacts subscriber satisfaction. Secure networks are also
More informationAnalyzing Flow-based Anomaly Intrusion Detection using Replicator Neural Networks. Carlos García Cordero Sascha Hauke Max Mühlhäuser Mathias Fischer
Analyzing Flow-based Anomaly Intrusion Detection using Replicator Neural Networks Carlos García Cordero Sascha Hauke Max Mühlhäuser Mathias Fischer The Beautiful World of IoT 06.03.2018 garcia@tk.tu-darmstadt.de
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats Digital Transformation on a Massive Scale 15B Devices Today Attack Surface 500B Devices In 2030 Threat Actors $19T Opportunity Next 10 Years
More informationCisco Tetration Analytics
Cisco Tetration Analytics Real-time application visibility and policy management using advanced analytics Yogesh Kaushik, Sr. Director Product Management PSOACI-2100 Agenda Market context Introduction:
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationAMP for Endpoints & Threat Grid
AMP for Endpoints & Threat Grid Response & Prevention Dean De Beer & Eric Hulse BRKSEC-2029 AMP Threat Grid Malware Analysis Engines & Techniques A little background Malware Analysis & Threat Intelligence
More informationCISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1
CISCO BORDERLESS NETWORKS 2009 Cisco Systems, Inc. All rights reserved. 1 Creating New Business Models The Key Change: Putting the Interaction Where the Customer Is Customer Experience/ Innovation Productivity/
More informationSecuring Your Network with Anomaly Detection using Distributed Learning Architecture (Learning Networks)
Securing Your Network with Anomaly Detection using Distributed Learning Architecture (Learning Networks) Alex Honoré, CCIE #19553, Technical Leader, Engineering BRKSEC-3056 Self Learning Networks: A terrific
More informationWHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION. A Novetta Cyber Analytics Brief
WHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION A Novetta Cyber Analytics Brief Why SIEMs with advanced network-traffic analytics is a powerful combination. INTRODUCTION Novetta
More informationSecuring Your Amazon Web Services Virtual Networks
Securing Your Amazon Web Services s IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up a workload,
More informationCisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer
Cisco Next Generation Firewall and IPS Dragan Novakovic Security Consulting Systems Engineer Cisco ASA with Firepower services Cisco TALOS - Collective Security Intelligence Enabled Clustering & High Availability
More informationCYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta
CYBER ANALYTICS Architecture Overview Technical Brief May 2016 novetta.com 2016, Novetta Novetta Cyber Analytics: Technical Architecture Overview 1 INTRODUCTION 2 CAPTURE AND PROCESS ALL NETWORK TRAFFIC
More informationDesigning Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015
Designing Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015 What Could It Cost You? Average of $0.58 a record According to the Verizon
More informationDemystifying Machine Learning
Demystifying Machine Learning Dmitry Figol, WW Enterprise Sales Systems Engineer - Programmability @dmfigol CTHRST-1002 Agenda Machine Learning examples What is Machine Learning Types of Machine Learning
More informationAKAMAI CLOUD SECURITY SOLUTIONS
AKAMAI CLOUD SECURITY SOLUTIONS Whether you sell to customers over the web, operate data centers around the world or in the cloud, or support employees on the road, you rely on the Internet to keep your
More informationVideo-Aware Networking: Automating Networks and Applications to Simplify the Future of Video
Video-Aware Networking: Automating Networks and Applications to Simplify the Future of Video The future of video is in the network We live in a world where more and more video is shifting to IP and mobile.
More informationForensic Network Analysis in the Time of APTs
SharkFest 16 Forensic Network Analysis in the Time of APTs June 16th 2016 Christian Landström Senior IT Security Consultant Airbus Defence and Space CyberSecurity Topics - Overview on security infrastructure
More informationPALANTIR CYBERMESH INTRODUCTION
100 Hamilton Avenue Palo Alto, California 94301 PALANTIR CYBERMESH INTRODUCTION Cyber attacks expose organizations to significant security, regulatory, and reputational risks, including the potential for
More informationA Unified Threat Defense: The Need for Security Convergence
A Unified Threat Defense: The Need for Security Convergence Udom Limmeechokchai, Senior system Engineer Cisco Systems November, 2005 1 Agenda Evolving Network Security Challenges META Group White Paper
More informationARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE
ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE Vectra Cognito HIGHLIGHTS Finds active attackers inside your network Automates security investigations with conclusive
More informationIBM Security Network Protection Solutions
Systems IBM Security IBM Security Network Protection Solutions Pre-emptive protection to keep you Ahead of the Threat Tanmay Shah Product Lead Network Protection Appliances IBM Security Systems 1 IBM Security
More informationRSA Security Analytics
RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Analyze & prioritize alerts across various sources The cornerstone of security
More informationEncrypted Traffic Security (ETS) White Paper
Encrypted Traffic Security (ETS) White Paper The rapid rise in encrypted traffic is changing the security landscape. As more organizations become digital, an increasing number of services and applications
More informationBusiness Strategy Theatre
Business Strategy Theatre Security posture in the age of mobile, social and new threats Steve Pao, GM Security Business 01 May 2014 In the midst of chaos, there is also opportunity. - Sun-Tzu Security:
More informationCisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics
Solution Overview Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics BENEFITS Gain visibility across all network conversations, including east-west and north-south
More informationAnalyzing Huge Data for Suspicious Traffic. Christian Landström, Airbus DS
Analyzing Huge Data for Suspicious Traffic Christian Landström, Airbus DS Topics - Overview on security infrastructure - Strategies for network defense - A look at malicious traffic incl. Demos - How Wireshark
More informationFIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?
WHAT IS FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT? While firewalls started life simply protecting networks from outside hacks and attacks, the role of the firewall has greatly evolved to take
More informationSecuring Your Microsoft Azure Virtual Networks
Securing Your Microsoft Azure Virtual Networks IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up
More informationWhite Paper. Why IDS Can t Adequately Protect Your IoT Devices
White Paper Why IDS Can t Adequately Protect Your IoT Devices Introduction As a key component in information technology security, Intrusion Detection Systems (IDS) monitor networks for suspicious activity
More informationCisco Cyber Threat Defense Solution 1.0
Cisco Cyber Threat Defense Solution 1.0 Contents 1. Introduction to the Cisco Cyber Threat Defense Solution 1.0 2. Technical overview of the Cisco Cyber Threat Defense Solution 1.0 3. Using the Cisco Cyber
More informationThe Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy
The Next Generation Security Platform Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy The Next Generation Enterprise Security Platform Core Value Proposition An Enterprise Security
More informationNovetta Cyber Analytics
Know your network. Arm your analysts. Introduction Novetta Cyber Analytics is an advanced network traffic analytics solution that empowers analysts with comprehensive, near real time cyber security visibility
More informationWEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING
WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING A STRONG PARTNER COMPANY Link11 - longstanding security experience Link11 is a European IT security provider, headquartered in Frankfurt, Germany
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationCisco Ransomware Defense The Ransomware Threat Is Real
Cisco Ransomware Defense The Ransomware Threat Is Real Seguridad Integrada Abril 2018 Ransomware B Malicious Software Encrypts Critical Data Demands Payment Permanent Data Loss Business Impacts Ramifications
More informationProCurve Network Immunity
ProCurve Network Immunity Hans-Jörg Elias Key Account Manager hans-joerg.elias@hp.com 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
More informationConnection Logging. Introduction to Connection Logging
The following topics describe how to configure the Firepower System to log connections made by hosts on your monitored network: Introduction to, page 1 Strategies, page 2 Logging Decryptable Connections
More informationUser and Entity Behavior Analytics
User and Entity Behavior Analytics Shankar Subramaniam Co-Founder, Niara Senior Director of Customer Solutions, HPE Aruba Introspect shasubra@hpe.com THE SECURITY GAP SECURITY SPEND DATA BREACHES 146 days
More informationSecurity Operations & Analytics Services
Security Operations & Analytics Services www.ecominfotech.biz info@ecominfotech.biz Page 1 Key Challenges Average time to detect an attack (Dwell time) hovers around 175 to 210 days as reported by some
More informationWHITE PAPER Hybrid Approach to DDoS Mitigation
WHITE PAPER Hybrid Approach to DDoS Mitigation FIRST LINE OF DEFENSE Executive Summary As organizations consider options for DDoS mitigation, it is important to realize that the optimal solution is a hybrid
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 19: Intrusion Detection Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Intruders Intrusion detection host-based network-based
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationImplementing Cisco Network Security (IINS) 3.0
Implementing Cisco Network Security (IINS) 3.0 COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationCisco APIC Enterprise Module Simplifies Network Operations
Cisco APIC Enterprise Module Simplifies Network Operations October 2015 Prepared by: Zeus Kerravala Cisco APIC Enterprise Module Simplifies Network Operations by Zeus Kerravala October 2015 º º º º º º
More informationSecurity analytics: From data to action Visual and analytical approaches to detecting modern adversaries
Security analytics: From data to action Visual and analytical approaches to detecting modern adversaries Chris Calvert, CISSP, CISM Director of Solutions Innovation Copyright 2013 Hewlett-Packard Development
More informationComprehensive datacenter protection
Comprehensive datacenter protection There are several key drivers that are influencing the DDoS Protection market: DDoS attacks are increasing in frequency DDoS attacks are increasing in size DoS attack
More informationDetecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0
Detecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0 April 9, 2012 Introduction One of the earliest indicators of an impending network attack is the presence of network reconnaissance.
More informationSIEM Solutions from McAfee
SIEM Solutions from McAfee Monitor. Prioritize. Investigate. Respond. Today s security information and event management (SIEM) solutions need to be able to identify and defend against attacks within an
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking
More informationSeceon s Open Threat Management software
Seceon s Open Threat Management software Seceon s Open Threat Management software (OTM), is a cyber-security advanced threat management platform that visualizes, detects, and eliminates threats in real
More informationSDN Security BRKSEC Alok Mittal Security Business Group, Cisco
SDN Security Alok Mittal Security Business Group, Cisco Security at the Speed of the Network Automating and Accelerating Security Through SDN Countering threats is complex and difficult. Software Defined
More informationSourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data
SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.
More informationCCIE Collaboration Lab
CCIE Collaboration Lab Rami Kandah, Technical Leader Scott Hunt, UC Content Engineer James Lehto, UC Content Engineer David Mallory, CTO Learning@Cisco Overview: CCIE Certification Highest regarded IT
More informationThe Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company
The Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company November 12, 2014 Malware s Evolution Why the change? Hacking is profitable! Breaches and Malware are Projected to Cost $491
More informationSOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM
RSA NETWITNESS EVOLVED SIEM OVERVIEW A SIEM is technology originally intended for compliance and log management. Later, as SIEMs became the aggregation points for security alerts, they began to be more
More informationPerimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN
T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN Perimeter Defenses Enterprises need to take their security strategy beyond stacking up layers of perimeter defenses to building up predictive
More informationUse Cases. E-Commerce. Enterprise
Use Cases E-Commerce Enterprise INTRODUCTION This document provides a selection of customer use cases applicable for the e-commerce sector. Each use case describes an individual challenge faced by e-commerce
More informationNETWORK THREATS DEMAN
SELF-DEFENDING NETWORK NETWORK THREATS DEMAN NEW SECURITY: STRATEGIES TECHNOLOGIES Self-Propagating Threats A combination of: self propagating threats Collaborative applications Interconnected environments
More informationKey Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.
Key Technologies for Security Operations 2 Traditional Security Is Not Working 97% of breaches led to compromise within days or less with 72% leading to data exfiltration in the same time Source: Verizon
More informationAnalytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS
Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS Overview Cyberattacks are increasingly getting more frequent, more sophisticated and more widespread than ever
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.
More informationTHE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson
THE RSA NETWITNESS SUITE REINVENT YOUR SIEM Presented by: Walter Abeson 1 Reality Goals GOALS VERSUS REALITY OF SIEM 1.0 Single compliance & security interface Analyze & prioritize alerts across various
More informationThe Bots Are Coming The Bots Are Coming Scott Taylor Director, Solutions Engineering
The Bots Are Coming The Bots Are Coming Scott Taylor Director, Solutions Engineering Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information
More informationSOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD
RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD OVERVIEW Information security has been a major challenge for organizations since the dawn of the
More informationAgile Security Solutions
Agile Security Solutions Piotr Linke Security Engineer CISSP CISA CRISC CISM Open Source SNORT 2 Consider these guys All were smart. All had security. All were seriously compromised. 3 The Industrialization
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and
More informationMonitoring the Device
The system includes dashboards and an Event Viewer that you can use to monitor the device and traffic that is passing through the device. Enable Logging to Obtain Traffic Statistics, page 1 Monitoring
More informationQuestion No: 2 Which identifier is used to describe the application or process that submitted a log message?
Volume: 65 Questions Question No: 1 Which definition of a fork in Linux is true? A. daemon to execute scheduled commands B. parent directory name of a file pathname C. macros for manipulating CPU sets
More informationCisco Firepower NGIPS Tuning and Best Practices
Cisco Firepower NGIPS Tuning and Best Practices John Wise, Security Instructor High Touch Delivery, Cisco Learning Services CTHCRT-2000 Cisco Spark How Questions? Use Cisco Spark to communicate with the
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationStreaming Prevention in Cb Defense. Stop malware and non-malware attacks that bypass machine-learning AV and traditional AV
Streaming Prevention in Cb Defense Stop malware and non-malware attacks that bypass machine-learning AV and traditional AV 2 STREAMING PREVENTION IN Cb DEFENSE OVERVIEW Over the past three years, cyberattackers
More informationCognito Detect is the most powerful way to find and stop cyberattackers in real time
Overview Cognito Detect is the most powerful way to find and stop cyberattackers in real time HIGHLIGHTS Always-learning behavioral models use AI to find hidden and unknown attackers, enable quick, decisive
More informationDATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure
DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure AlienVault USM Anywhere accelerates and centralizes threat detection, incident response,
More informationAPIC-EM / EasyQoS - End to End Orchestration of QoS in Enterprise Networks
APIC-EM / EasyQoS - End to End Orchestration of QoS in Enterprise Networks Saurav Prasad Technical Marketing Engineer CTHNMS-1002 Cisco Spark How Questions? Use Cisco Spark to chat with the speaker after
More informationAugust 14th, 2018 PRESENTED BY:
August 14th, 2018 PRESENTED BY: APPLICATION LAYER ATTACKS 100% 80% 60% 40% 20% 0% DNS is the second most targeted protocol after HTTP. DNS DoS techniques range from: Flooding requests to a given host.
More informationThe New Normal. Unique Challenges When Monitoring Hybrid Cloud Environments
The New Normal Unique Challenges When Monitoring Hybrid Cloud Environments The Evolving Cybersecurity Landscape Every day, the cybersecurity landscape is expanding around us. Each new device connected
More informationArtificial Intelligence Drives the next Generation of Internet Security
Artificial Intelligence Drives the next Generation of Internet Security Sam Lee Regional Director sam.lee@cujo.com Copyright 2017 CUJO LLC, All rights reserved. Artificial Intelligence Leads the Way Copyright
More information