Cisco Cyber Threat Defense Solution 1.0
|
|
- Johnathan Brooks
- 5 years ago
- Views:
Transcription
1 Cisco Cyber Threat Defense Solution 1.0
2 Contents 1. Introduction to the Cisco Cyber Threat Defense Solution Technical overview of the Cisco Cyber Threat Defense Solution Using the Cisco Cyber Threat Defense Solution to: 1. Detect suspect data loss 2. Identify reconnaissance activity 3. Detect command and control channels 4. Detect internally spreading malware 2
3 We Are All Under Attack Cyber threats impact the security and economic viability of nations and businesses alike Manipulation Theft & Espionage Disruption 3
4 The Impact of Complex Cyber Threats Sophisticated Attacks With Specific High-Stakes Intent 49% of threats are customized for target environment 1 $1T/year private sector revenue loss from cyber espionage 2 5X increase in attacks against US Government 2006 to Compromise Is Not If, but When 59% of organizations believe they have been cyber threat targets 4 46% believe they are still highly vulnerable despite increased prevention investments 5 Customers Investing to Respond 52% invested in network anomaly analysis/detection 6 77% increase investment in security solutions in reaction to cyber threats 7 1 Verizon Data Breach Report; 2 US House Intelligence; 3 Cyber Market Forecast; 4 ESG APT Report; 5 7 ESG 4
5 Key Challenges: Complex Threat Visibility Breached, but How, Where and Who? Often very difficult to find Attacks are hidden by day-to-day operations Context is Critical No single system provides all data to decipher an attack Attacks can span devices, individuals, time, etc. Disparate Data sources Multiple data sources required identity, reputation, vulnerability, device type, etc. Analysts collect and assemble contextual information from a variety of sources 5
6 Leverage the Network for Threat Defense WHAT WHERE WHEN NetFlow Capable WHO HOW Devices Visibility, Context, and Control Internal Network VPN Use NetFlow Data to Extend Visibility to the Access Layer Access Layer Use NetFlow Data to Extend Visibility to the Unite Flow Data With Identity and Application for Context Unite Flow Data With Identity and Application for Context 6
7 Cyber Threat Defense Solution Components Console Other tools/collectors https https FlowReplicator FlowCollector Cisco ISE NetFlow NetFlow FlowSensor Cisco Network FlowSensor VE Users/Devices 7
8 Visibility, Context, Control Control Leverage Cisco Network as enforcement points for increased control such as the remediation or quarantining of the affected host or user Cisco ISE Cisco Network Context Unite NetFlow analysis with identity and application services to provide context Console Visibility Device? User? Events? Posture? Vulnerability AV Patch Use network infrastructure to identify users Cisco ISE Cisco NetFlow Monitor behavior through collecting and analyzing of access layer NetFlow data 8
9 Attack Detection Without Signatures Using Flow-Based Algorithms Inside Lancope High Concern Index indicates a significant number of suspicious events Host Group Host CI CI% Alarms Alerts Desktops ,137, ,712% Ping_Oversized _Packet 9
10 Identify Threats and Assign Attribution Leveraging an integration between Cisco ISE and Lancope Policy Start Active Time Alarm Source Source Host Group Source User Name Target Inside Hosts 8-Feb-2012 Suspect Data Loss Wired Data Bob Multiple Hosts 10
11 Easily Find All Traffic for a Given User Start Active Time End Active Time Host User Name Device Type Host Groups 13-Feb-2012 Current Bob Microsoft- Workstation Catch All Network Access Device SJ-Access ( ) Network Access Interface GigabitEther net1/20 11
12 Take Network Action Take action against offending client via ISE Console Endpoint Protection Services Quarantine or Port Shut 12
13 Contents 1. Introduction to the Cisco Cyber Threat Defense Solution Technical overview of the Cisco Cyber Threat Defense Solution Using the Cisco Cyber Threat Defense Solution to: 1. Detect suspect data loss 2. Identify reconnaissance activity 3. Detect command and control channels 4. Detect internally spreading malware 13
14 Devices Access Distribution Edge Cyber Threat Defense Solution Architecture Branch Campus Catalyst 3750-X Access Point Access Point Catalyst 3560-X Catalyst 4500 Catalyst 3750-X Stack WLC ISR NetFlow Siteto-Site VPN ASA Identity FlowCollector Collect and analyze NetFlow Records Console Correlate and display Flow and Identity Info Catalyst 6500 Catalyst 6500 Cisco ISE Catalyst 4500 Remote Access Cisco TrustSec: Access Control, Profiling and Posture AAA services, profiling and posture assessment Scalable NetFlow Infrastructure NetFlow Capable 14
15 Cyber Threat Defense Solution Components Component Hardware Release Image Type and License Catalyst 3500-X Version ID: 02 Revision 0x03 10GE Service Module 15.0(1)SE Universal and IP Services Catalyst 4500E Series Supervisor 7E IOS-XE SG Universal and IP Base Supervisor 7L-E IOS-XE XO Universal and IP Base Catalyst 6500 Series Supervisor 2T 12.2(50)SY Advanced Enterprise Services ISR G2 Any 15.1(2)T3 Universal and IP Base Adaptive Security Appliance Any Any Identity Services Engine Any 1.1 Any Lancope Console Any 6.2 Any Lancope FlowCollector Any 6.2 Any Lancope FlowSensor Any 6.2 Any Lancope FlowReplicator Any Any 15
16 FlowSensor Architecture Provides NetFlow Visibility in Areas of the Network Without NetFlow Support SPAN or TAP Devices Access L1/L2-Adjacent NetFlow Non-NetFlow Device FlowSensor FlowCollector Must be L1 or L2 Adjacent to the source Adds additional details not found in traditional NetFlow Devices Limited Layer-7 information Latency statistics 16
17 Cyber Threat Defense Components Collects, stores and analyzes NetFlow records from up to 2000 Flow sources at up to 120K Flows/second De-duplication of flow records Real-time traffic analysis FlowCollector Centralized management for multiple FlowCollectors Real-time data correlation, traffic visualization and consolidated reporting Graphical representation of network traffic Collect from up to 25 FlowCollectors for up to 3m Flows per second Cisco ISE Console Provides identity, profiling and context information 17
18 Optional Component: FlowReplicator FlowReplicator FlowCollector NetFlow High-speed UDP Packet Replicator Replicates and redistributes NetFlow, syslog or SNMP traps to various collectors All enterprise devices can have a single standardized NetFlow destination Other Traffic Analysis Software NetFlow Cisco ISE Console 18
19 Contents 1. Introduction to the Cisco Cyber Threat Defense Solution Technical overview of the Cisco Cyber Threat Defense Solution Using the Cisco Cyber Threat Defense Solution to: 1. Detect suspect data loss 2. Identify reconnaissance activity 3. Detect command and control channels 4. Detect internally spreading malware 19
20 Detecting Suspect Data Loss 3. Collection and analysis of NetFlow data FlowCollector Console Cisco ISE 5. Suspect Data Loss Alarm triggered 4. Contextual information added to NetFlow analysis Devices 2. Infrastructure generates a record of the event using NetFlow Internal Network 1. Infected host opens connection and exports data NetFlow Capable 21
21 Detecting Suspect Data Loss Policy Start Active Time Alarm Source Source Host Group Source Username Target Details Inside Hosts 8-Feb Suspect Data Loss Wired Data Bob Multiple Hosts Observed 4.08G bytes. Policy Maximum allows up to 81.92M bytes. 22
22 Identifying Reconnaissance Activity 3. Collection and analysis of NetFlow data FlowCollector Console Cisco ISE 5. Concern index increased Suspicious network scanning activity alarms generated 4. Contextual information added to NetFlow analysis Devices 2. Infrastructure generates records of the activity using NetFlow Internal Network 1. Infected host performs random pings and sweeps in the internal network NetFlow Capable 25
23 Identifying Reconnaissance Activity High Concern Index indicates a significant number of suspicious events Host Group Host CI CI% Alarms Alerts Desktops ,137, ,712% Ping_Oversized _Packet 26
24 Detecting Command and Control 4. Collection and analysis of NetFlow data FlowCollector Console Cisco ISE 6. Concern Index increased Host Lock Violation alarm triggered 5. Contextual information added to NetFlow analysis 2. Commands are sent in return traffic Devices 3. Infrastructure generates a record of the communication using NetFlow Internal Network 1. Infected host opens connection from inside NetFlow Capable 28
25 Detecting Command and Control Alarm indicating communication with known BotNet Controllers IP Address Source user name Policy that triggered alarm Policy Start Active Time Alarms Source Source Host Groups Source User Name Target Target Host Group Inside Hosts Jan 27, 2012 Host Lock Violation Remote VPN Bob ZeusServer.com Zeus BotNet Controllers 29
26 Detecting Internally Spreading Malware 5. Concern index increased Worm propagation Alarm generated 3. Collection and analysis of NetFlow data FlowCollector Console Cisco ISE 4. Contextual information added to NetFlow analysis Initial Infection Devices 2. Infrastructure generates records of the activity using NetFlow Secondary Infection Internal Network 1. Infection propagates throughout the internal network as attacker executes their objective NetFlow Capable 31
27 Detecting Internally Spreading Malware 3. Collection and analysis of NetFlow data FlowCollector Console Cisco ISE 5. Concern index increased Worm propagation Alarm generated 4. Contextual information added to NetFlow analysis Initial Infection Devices 2. Infrastructure generates records of the activity using NetFlow Secondary Infection Internal Network Tertiary Infection 1. Infection propagates throughout the internal network as attacker executes their objective NetFlow Capable 32
28 Detecting Internally Spreading Malware IP Address Alarm indicating this host touched another host which then began exhibiting the same suspicious behavior Suspicious activity that triggered the alarm 33
29 Infection Tracking Tertiary Infection Secondary Infection Initial Infection 34
30 Cisco Cyber Threat Defense Solution Perimeters are being breached Traditional fortified security approaches alone are no longer sufficient The Network takes a lead role in Threat Defense Visibility is provided through NetFlow Context is provided through identity and application services Control points are available in the network For more information: 35
31 Complete Your Online Session Evaluation Give us your feedback and you could win fabulous prizes. Winners announced daily. Receive 20 Passport points for each session evaluation you complete. Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center. Don t forget to activate your Cisco Live Virtual account for access to all session material, communities, and on-demand and live activities throughout the year. Activate your account at the Cisco booth in the World of Solutions or visit 36
32 Final Thoughts Get hands-on experience with the Walk-in Labs located in World of Solutions, booth 1042 Come see demos of many key solutions and products in the main Cisco booth 2924 Visit after the event for updated PDFs, ondemand session videos, networking, and more! Follow Cisco Live! using social media: Facebook: Twitter: LinkedIn Group: 37
33
Detecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0
Detecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0 April 9, 2012 Comments and errata should be directed to: cyber- tm@cisco.com Introduction One of the most common network
More informationDetecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0
Detecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0 April 9, 2012 Introduction One of the earliest indicators of an impending network attack is the presence of network reconnaissance.
More informationAdvanced Threat Defence using NetFlow and ISE
Advanced Threat Defence using NetFlow and ISE Matthew Robertson TME, Cisco David Salter Technical Director, Lancope Abstract Trends such as BYOD and the rise of the Advanced Persistent Threat (APT) are
More informationCyber Threat Defence. Cisco Public BRKSEC Cisco and/or its affiliates. All rights reserved.
Cyber Threat Defence 2 Abstract Trends such as BYOD and the rise of the Advance Persistent Threat (APT) have led to the erosion of the security perimeter of the enterprise. The Cisco Cyber Threat Defence
More informationCisco Cyber Range. Paul Qiu Senior Solutions Architect
Cisco Cyber Range Paul Qiu Senior Solutions Architect Cyber Range Service A platform to experience the intelligent Cyber Security for the real world What I hear, I forget What I see, I remember What I
More informationBusiness Decision Series
Business Decision Series Cisco Catalyst 2960X, 2960XR, 3650 & 3850 Test Results and s September 2018 2018 Miercom and/or its affiliates. All rights reserved. Making Business Dollars and Sense It s the
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationUsing Lancope StealthWatch for Information Security Monitoring
Cisco IT Case Study February 2014 How CSIRT uses StealthWatch Using Lancope StealthWatch for Information Security Monitoring How the Cisco Computer Security Incident Response Team (CSIRT) uses Lancope
More informationMonitoring and Threat Detection
Monitoring and Threat Detection with Netflow Michael Belan Consulting Systems Engineer Cisco GSSO January 2017 AGENDA What is SW? Where does it fit in overall Cisco Security framework? What is SW? What
More informationPervasive Security Accelerator
Pervasive Security Accelerator 2 Agenda Pervasive Security Accelerator Why-Trends & Opportunities Transformational Principles Charter & Goals Architecture Use Case: Engineering Governance & Operating Model
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationCisco Stealthwatch Endpoint License with Cisco AnyConnect NVM
Cisco Stealthwatch Endpoint License with Cisco AnyConnect NVM How to implement the Cisco Stealthwatch Endpoint License with the Cisco AnyConnect Network Visibility Module Table of Contents About This Document...
More informationSeceon s Open Threat Management software
Seceon s Open Threat Management software Seceon s Open Threat Management software (OTM), is a cyber-security advanced threat management platform that visualizes, detects, and eliminates threats in real
More informationATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK INTRODUCTION Attivo Networks has partnered with Cisco Systems to provide advanced real-time inside-the-network
More informationCisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer
Cisco Next Generation Firewall and IPS Dragan Novakovic Security Consulting Systems Engineer Cisco ASA with Firepower services Cisco TALOS - Collective Security Intelligence Enabled Clustering & High Availability
More informationMAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER
MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1 Mobility Cloud Threat Customer centric
More informationCisco Day Hotel Mons Wednesday
Cisco Day 2016 20.4.2016 Hotel Mons Wednesday Three Friends in Security : Identity, Visibility and Enforcement Stop the bad guys immediately György Ács IT Security Consulting Systems Engineer 20 April
More informationUCS Technical Deep Dive: Getting to the Heart of the Matter
UCS Technical Deep Dive: Getting to the Heart of the Matter Session ID Agenda Introductions UCS Architecture, Innovations, Topology Physical Building Blocks Logical Building Blocks Typical Use Cases (Live
More informationThe Internet of Everything is changing Everything
The Internet of Everything is changing Everything Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763 Global Security Sales Organization Changing Business Models Any Device
More informationEncrypted Traffic Analytics
Encrypted Traffic Analytics Introduction The rapid rise in encrypted traffic is changing the threat landscape. As more businesses become digital, a significant number of services and applications are using
More informationCisco Ransomware Defense The Ransomware Threat Is Real
Cisco Ransomware Defense The Ransomware Threat Is Real Seguridad Integrada Abril 2018 Ransomware B Malicious Software Encrypts Critical Data Demands Payment Permanent Data Loss Business Impacts Ramifications
More informationSourcefire Network Security Analytics: Finding the Needle in the Haystack
Sourcefire Network Security Analytics: Finding the Needle in the Haystack Mark Pretty Consulting Systems Engineer #clmel Agenda Introduction The Sourcefire Solution Real-time Analytics On-Demand Analytics
More informationThe Future of Threat Prevention
The Future of Threat Prevention Bricata is the leading developer of Next Generation Intrusion Prevention Systems (NGIPS) technology, providing innovative, disruptive, high-speed, high-performance network
More informationBorderless Networks. Tom Schepers, Director Systems Engineering
Borderless Networks Tom Schepers, Director Systems Engineering Agenda Introducing Enterprise Network Architecture Unified Access Cloud Intelligent Network & Unified Services Enterprise Networks in Action
More informationIBM Proventia Network Anomaly Detection System
Providing enterprise network visibility and internal network protection IBM Proventia Network Anomaly Detection System Enhanced network intelligence and security for enterprise networks IBM Proventia Network
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats Digital Transformation on a Massive Scale 15B Devices Today Attack Surface 500B Devices In 2030 Threat Actors $19T Opportunity Next 10 Years
More informationCisco dan Hotel Crowne Plaza Beograd, Srbija.
Cisco dan 31. 3. 2016. Hotel Crowne Plaza Beograd, Srbija www.ciscoday.com Three Friends in Security : Identity, Visibility and Enforcement Stop the bad guys immediately György Ács IT Security Consulting
More informationData Center/Virtualization and the Cloud: Impact on the Evolution of Training and Certification
Data Center/Virtualization and the Cloud: Impact on the Evolution of Training and Certification BRKCCIE1001 Agenda Challenges and opportunities for an industry in transition Alignment to the larger Cisco
More informationStealthwatch ülevaade + demo ja kasutusvõimalused. Leo Lähteenmäki
Stealthwatch ülevaade + demo ja kasutusvõimalused Leo Lähteenmäki 09:00-9:30 Hommikukohv ja registreerimine 09:30 11:15 Stealthwatch ülevaade + demo ja kasutusvõimalused 11:00 11:15 Kohvipaus 11:15 12:00
More informationAgile Security Solutions
Agile Security Solutions Piotr Linke Security Engineer CISSP CISA CRISC CISM Open Source SNORT 2 Consider these guys All were smart. All had security. All were seriously compromised. 3 The Industrialization
More informationWireless and Network Security Integration Solution Overview
Wireless and Network Security Integration Solution Overview Solution Overview Introduction Enterprise businesses are being transformed to meet the evolving challenges of today's global business economy.
More informationKey Security Measures to Enable Next-Generation Data Center Transformation
Key Security Measures to Enable Next-Generation Data Center Transformation Bill McGee Senior Manager, Security Solutions Cisco Systems, Inc. Agenda Data Center Security Challenges Secure DC Strategies
More informationThreat Defense with Full NetFlow
White Paper Network as a Security Sensor Threat Defense with Full NetFlow Network Security and Netflow Historically IT organizations focused heavily on perimeter network security to protect their networks
More informationOn-Site 911 Notification Using Cisco Unified Communications BRKUCC-2012
On-Site 911 Notification Using Cisco Unified Communications Session Objective This session will illustrate different methods by which an enterprise can enhance the emergency call handling At the end of
More informationNetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.
NetWitness Overview 1 The Current Scenario APT Network Security Today Network-layer / perimeter-based Dependent on signatures, statistical methods, foreknowledge of adversary attacks High failure rate
More informationRadware: Anatomy of an IoT Botnet and Economics of Defense
BRKPAR-4000 Radware: Anatomy of an IoT Botnet and Economics of Defense Eric Grubel Anatomy of an IoT Botnet and Economics of Defense Eric Grubel VP, Business Development January 2018 Theme of Discussion
More informationCisco Prime for Enterprise Innovative Network Management
Cisco Prime for Enterprise Innovative Network Management Session ID 1 Agenda Network Management Challenges Cisco Prime for Enterprise Overview Service-Centric Foundation Common Operational Attributes Benefits
More informationCCNP Voice: Implementing CUCM 8.0 Josh Finke, CCIE#25707
CCNP Voice: Implementing CUCM 8.0 Josh Finke, CCIE#25707 josh.finke@ironbow.com Agenda Session Objectives and Scope CIPT1 Exam Information and Blueprint Overview Study Methodology Exam Topic Headings Sample
More informationA Unified Threat Defense: The Need for Security Convergence
A Unified Threat Defense: The Need for Security Convergence Udom Limmeechokchai, Senior system Engineer Cisco Systems November, 2005 1 Agenda Evolving Network Security Challenges META Group White Paper
More informationCisco ISE pxgrid App 1.0 for IBM QRadar SIEM. Author: John Eppich
Cisco ISE pxgrid App 1.0 for IBM QRadar SIEM Author: John Eppich Table of Contents About This Document... 4 Solution Overview... 5 Technical Details... 6 Cisco ISE pxgrid Installation... 7 Generating the
More informationDeploying Intrusion Prevention Systems
Deploying Intrusion Prevention Systems Gary Halleen Consulting Systems Engineer II Agenda Introductions Introduction to IPS Comparing Cisco IPS Solutions IPS Deployment Considerations Migration from IPS
More informationCisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics
Solution Overview Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics BENEFITS Gain visibility across all network conversations, including east-west and north-south
More informationATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS INTRODUCTION Attivo Networks has partnered with McAfee to detect real-time in-network threats and to automate incident response
More informationSDN Security BRKSEC Alok Mittal Security Business Group, Cisco
SDN Security Alok Mittal Security Business Group, Cisco Security at the Speed of the Network Automating and Accelerating Security Through SDN Countering threats is complex and difficult. Software Defined
More informationManaged Endpoint Defense
DATA SHEET Managed Endpoint Defense Powered by CB Defense Next-gen endpoint threat detection and response DEPLOY AND HARDEN. Rapidly deploy and optimize endpoint prevention with dedicated security experts
More informationUsing Advanced Features on Cisco UCS Dan Hanson, Technical Marketing Manager, Data Center Group
Using Advanced Features on Cisco UCS Dan Hanson, Technical Marketing Manager, Data Center Group 2 UCS Bundled Upgrades Useful for Staging, Labs, and Non Productions This does a very quick fast upgrade
More informationCisco Intrusion Prevention Solutions
Cisco Intrusion Prevention Solutions Proactive Integrated, Collaborative, and Adaptive Network Protection Cisco Intrusion Prevention System (IPS) solutions accurately identify, classify, and stop malicious
More informationNational Cyber Security Operations Center (N-CSOC) Stakeholders' Conference
National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference Benefits to the Stakeholders A Collaborative and Win-Win Strategy Lal Dias Chief Executive Officer Sri Lanka CERT CC Cyber attacks
More informationPerimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN
T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN Perimeter Defenses Enterprises need to take their security strategy beyond stacking up layers of perimeter defenses to building up predictive
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST \ http://www.pass4test.com We offer free update service for one year Exam : 300-208 Title : Implementing Cisco Secure Access Solutions Vendor : Cisco Version : DEMO Get Latest & Valid 300-208
More informationVisibility: The Foundation of your Cybersecurity Infrastructure. Marlin McFate Federal CTO, Riverbed
Visibility: The Foundation of your Cybersecurity Infrastructure Marlin McFate Federal CTO, Riverbed Detection is Only One Part of the Story Planning and Remediation are just as critical 20 18 Hackers Went
More informationCisco Network Admission Control (NAC) Solution
Data Sheet Cisco Network Admission Control (NAC) Solution New: Updated to include the Cisco Secure Network Server (SNS) Cisco Network Admission Control (NAC) solutions allow you to authenticate wired,
More informationSecuring Cisco s Network
Securing Cisco s Network Inside Cisco IT Simon Finn, Solutions Architect, Information Security Oisin MacAlasdair, Member of Technical Staff, Information Technology Agenda Cisco Landscape Trends Changing
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationFeatures. HDX WAN optimization. QoS
May 2013 Citrix CloudBridge Accelerates, controls and optimizes applications to all locations: datacenter, branch offices, public and private clouds and mobile users Citrix CloudBridge provides a unified
More informationSecuring the Empowered Branch with Cisco Network Admission Control. September 2007
Securing the Empowered Branch with Cisco Network Admission Control September 2007 Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. 1 Contents 1 The Cisco Empowered Branch 2 Security Considerations
More informationAutomated Threat Management - in Real Time. Vectra Networks
Automated Threat Management - in Real Time Security investment has traditionally been in two areas Prevention Phase Active Phase Clean-up Phase Initial Infection Key assets found in the wild $$$$ $$$ $$
More informationHow Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity
How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity Why is the NIST framework important? GOH Seow Hiong Executive Director, Global Policy & Government Affairs, Asia Pacific
More informationCyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies
Cyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies lwihl@scalable-networks.com 2 The Need OT security particularly in the
More informationPassit4Sure (50Q) Cisco Advanced Security Architecture for System Engineers
Passit4Sure.500-265 (50Q) Number: 500-265 Passing Score: 800 Time Limit: 120 min File Version: 5.8 Cisco 500-265 Advanced Security Architecture for System Engineers Today is big day for me as I passed
More informationWITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:
SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE Protecting your business assets and sensitive data requires regular vulnerability assessment,
More informationWHITEPAPER ATTIVO NETWORKS DECEPTION TECHNOLOGY FOR MERGERS AND ACQUISITIONS
WHITEPAPER ATTIVO NETWORKS DECEPTION TECHNOLOGY FOR MERGERS AND ACQUISITIONS 1 INTRODUCTION Mergers & Acquisitions (M&A) are undertaken for a variety of strategic reasons that aim for greater synergy,
More informationKlaudia Bakšová System Engineer Cisco Systems. Cisco Clean Access
Klaudia Bakšová System Engineer Cisco Systems Cisco Clean Access Agenda 1. Securing Complexity 2. NAC Appliance Product Overview and In-Depth 3. NAC Appliance Technical Benefits The Challenge of Securing
More informationFIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?
WHAT IS FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT? While firewalls started life simply protecting networks from outside hacks and attacks, the role of the firewall has greatly evolved to take
More informationThreat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN)
Threat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN) JP Vasseur, PhD - Cisco Fellow jpv@cisco.com Maik G. Seewald, CISSP Sr. Technical Lead maseewal@cisco.com June 2016 Cyber
More informationDeep Instinct v2.1 Extension for QRadar
Deep Instinct v2.1 Extension for QRadar This scalable joint solution enables the seamless ingestion of Deep Instinct events into IBM QRadar platform, this results in higher visibility of security breaches
More informationIntegrating Juniper Sky Advanced Threat Prevention (ATP) and ForeScout CounterACT for Infected Host Remediation
Integrating Juniper Sky Advanced Threat Prevention (ATP) and ForeScout CounterACT for Infected Host Remediation Configuration Example March 2018 2018 Juniper Networks, Inc. Juniper Networks, Inc. 1133
More informationIntercloud Fabric. Session ID 18PT. Michael Petersen, CCIE #39836 Systems Engineer, Cisco Danmark
Fabric Session ID 18PT Michael Petersen, CCIE #39836 Systems Engineer, Cisco Danmark Agenda Why Hybrid? What are the Challenges? and Cisco Fabric Solution and Architecture Overview Cisco ONE Summary, Q&A
More informationUDP Director Virtual Edition
UDP Director Virtual Edition (also known as FlowReplicator VE) Installation and Configuration Guide (for StealthWatch System v6.7.0) Installation and Configuration Guide: UDP Director VE v6.7.0 2015 Lancope,
More informationIntegrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries
Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries First united and open ecosystem to support enterprise-wide visibility and rapid response The cybersecurity industry needs a more efficient
More informationOptimizing Security for Situational Awareness
Optimizing Security for Situational Awareness BRIAN KENYON McAfee Session ID: SPO1-106 Session Classification: Intermediate p gg able=network_objects, Operation=Update,Administrator=fwadmin, Machine=cp-mgmt-
More informationForeScout Agentless Visibility and Control
ForeScout Agentless Visibility and Control ForeScout Technologies has pioneered an agentless approach to network security that effectively helps address the challenges of endpoint visibility and control
More informationCIH
mitigating at host level, 23 25 at network level, 25 26 Morris worm, characteristics of, 18 Nimda worm, characteristics of, 20 22 replacement login, example of, 17 signatures. See signatures SQL Slammer
More informationCertKiller q
CertKiller.500-451.28q Number: 500-451 Passing Score: 800 Time Limit: 120 min File Version: 5.3 500-451 Cisco Unified Access Systems Engineer Exam I just passed today with 89%. My sole focus was the VCE.
More informationAdvanced Malware Protection. Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe
Advanced Malware Protection Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe How would you do security differently if you knew you were going to be hacked? Security Challenges Changing
More informationNovetta Cyber Analytics
Know your network. Arm your analysts. Introduction Novetta Cyber Analytics is an advanced network traffic analytics solution that empowers analysts with comprehensive, near real time cyber security visibility
More informationFloCon Netflow Collection and Analysis at a Tier 1 Internet Peering Point. San Diego, CA. Fred Stringer
10 January 2017 FloCon 2017 San Diego, CA Netflow Collection and Analysis at a Tier 1 Internet Peering Point Fred Stringer AT&T Chief Security Organization Systems Engineer/Network Architect AT&T Intellectual
More informationHidden Figures: Securing what you cannot see
Hidden Figures: Securing what you cannot see TK Keanini, Distinguished Engineer Stealthwatch, Advanced Threat Solutions CID-0006 Hello My Name is TK Keanini Keanini (Pronounced Kay-Ah-Nee-Nee) TK: The
More informationTrend Micro Deep Discovery and Custom Defence
Trend Micro Deep Discovery and Custom Defence Protection from Targeted Attacks 23 May 2013 James Walker Snr. EMEA Product Marketing Manager How threats have evolved! Patterns Reputation Heuristics Custom
More informationIntelligent Cybersecurity for the Real World Scott Lovett Vice President, Global Security Sales
Intelligent Cybersecurity for the Real World Scott Lovett Vice President, Global Security Sales The Industrialization of Hacking Sophisticated Attacks, Complex Landscape Hacking Becomes an Industry Phishing,
More informationCisco Cloud Security. How to Protect Business to Support Digital Transformation
Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,
More informationForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.
Real-time Visibility Network Access Control Endpoint Compliance Mobile Security ForeScout CounterACT Continuous Monitoring and Mitigation Rapid Threat Response Benefits Rethink IT Security Security Do
More informationForeScout ControlFabric TM Architecture
ForeScout ControlFabric TM Architecture IMPROVE MULTI-VENDOR SOLUTION EFFECTIVENESS, RESPONSE AND WORKFLOW AUTOMATION THROUGH COLLABORATION WITH INDUSTRY-LEADING TECHNOLOGY PARTNERS. The Challenge 50%
More informationHow to build a multi-layer Security Architecture to detect and remediate threats in real time
How to build a multi-layer Security Architecture to detect and remediate threats in real time Nikos Mourtzinos, CCIE #9763 Cisco Cyber Security Sales Specialist March 2018 Agenda Cisco Strategy Umbrella
More informationHow to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption
How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption Nikos Mourtzinos, CCIE #9763 Cisco Cyber Security Sales Specialist April 2018 New
More informationSynchronized Security
Synchronized Security 2 Endpoint Firewall Synchronized Security Platform and Strategy Admin Manage All Sophos Products Self Service User Customizable Alerts Partner Management of Customer Installations
More informationA New Security Model for the IoE World. Henry Ong SE Manager - ASEAN Cisco Global Security Sales Organization
A New Security Model for the IoE World Henry Ong SE Manager - ASEAN Cisco Global Security Sales Organization Internet of Everything The Internet of Everything brings together people, process, data and
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationAre we breached? Deloitte's Cyber Threat Hunting
Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the
More informationHow-To Threat Centric NAC Cisco AMP for Endpoints in Cloud and Cisco Identity Service Engine (ISE) Integration using STIX Technology
How-To Threat Centric NAC Cisco AMP for Endpoints in Cloud and Cisco Identity Service Engine (ISE) Integration using STIX Technology Author: John Eppich Table of Contents About this Document... 3 Introduction
More informationStop Threats Before They Stop You
Stop Threats Before They Stop You Gain visibility and control as you speed time to containment of infected endpoints Andrew Peters, Sr. Manager, Security Technology Group Agenda Situation System Parts
More informationAMP for Endpoints & Threat Grid
AMP for Endpoints & Threat Grid Response & Prevention Dean De Beer & Eric Hulse BRKSEC-2029 AMP Threat Grid Malware Analysis Engines & Techniques A little background Malware Analysis & Threat Intelligence
More informationVirtual Desktop Infrastructure Mercer University
Virtual Desktop Infrastructure Mercer University Shane Milam Executive Director, Technology Infrastructure 2 The University Faith-based institution of higher learning that seeks to achieve excellence and
More informationRSA Security Analytics
RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Analyze & prioritize alerts across various sources The cornerstone of security
More informationThreat Control and Containment in Intelligent Networks. Philippe Roggeband - Product Manager, Security, Emerging Markets
Threat Control and Containment in Intelligent Networks Philippe Roggeband - proggeba@cisco.com Product Manager, Security, Emerging Markets 1 Agenda Threat Control and Containment Trends in motivation The
More informationSecurity. Risk Management. Compliance.
Richard Nichols Netwitness Operations Director, RSA Security. Risk Management. Compliance. 1 Old World: Static Security Static Attacks Generic, Code-Based Static Infrastructure Physical, IT Controlled
More informationCyberArk Privileged Threat Analytics
CyberArk Privileged Threat Analytics Table of Contents The New Security Battleground: Inside Your Network 3 Privileged account security 3 Collect the right data 4 Detect critical threats 5 Alert on critical
More informationTHE ACCENTURE CYBER DEFENSE SOLUTION
THE ACCENTURE CYBER DEFENSE SOLUTION A MANAGED SERVICE FOR CYBER DEFENSE FROM ACCENTURE AND SPLUNK. YOUR CURRENT APPROACHES TO CYBER DEFENSE COULD BE PUTTING YOU AT RISK Cyber-attacks are increasingly
More informationSIEM Solution Integration With Control Manager
Contents Introduction... 3 Overview... 3 Direct Mode... 4 Bridge Mode... 5 Functional Design... 5 SNMP Trap... 6 Syslog... 6 Log Forwarder Tool... 9 Configure LogForwarder Settings... 10 Trigger Application...
More information