Maximize Network Visibility with NetFlow Technology. Adam Powers Chief Technology Officer Lancope

Similar documents
Trisul Network Analytics - Traffic Analyzer

Cisco Stealthwatch Endpoint License

Behavior-Based IDS: StealthWatch Overview and Deployment Methodology

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Maximizing IT Security with Configuration Management WHITE PAPER

CCISO Blueprint v1. EC-Council

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

NCIRC Security Tools NIAPC Submission Summary Juniper IDP 200

Deliver Office 365 Without Compromise Ensure successful deployment and ongoing manageability of Office 365 and other SaaS apps

Cato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Cisco Cyber Range. Paul Qiu Senior Solutions Architect June 2016

It s Flow Time! The Role and Importance of Flow Monitoring in Network Operations and Security

The Windstream Enterprise Advantage for Healthcare

Secure Extensible Network. Solution and Technology Introduction

The Need In today s fast-paced world, the growing demand to support a variety of applications across the data center and help ensure the compliance an

Cisco Adaptive Wireless Intrusion Prevention System: Protecting Information in Motion

ALIENVAULT USM FOR AWS SOLUTION GUIDE

Enhanced Threat Detection, Investigation, and Response

Deliver Office 365 Without Compromise

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

Nebraska CERT Conference

University of Pittsburgh Security Assessment Questionnaire (v1.7)

TrustSec (NaaS / NaaE)

STEELCENTRAL NETPLANNER

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

SIEM: Five Requirements that Solve the Bigger Business Issues

SecureVue. SecureVue

Network Planning & Engineering

MULTINATIONAL BANKING CORPORATION INVESTS IN ROUTE ANALYTICS TO AVOID OUTAGES

VANGUARD POLICY MANAGERTM

ProCurve Network Immunity

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Infrastructure Blind Spots Continue to Fuel Personal Data Breaches. Sanjay Raja Lumeta Corporation Lumeta Corporation

AirMagnet Enterprise DATASHEET

FlowMon ADS implementation case study

Cisco Group Encrypted Transport VPN

How can we gain the insights and control we need to optimize the performance of applications running on our network?

POLICY MANAGER VANGUARD POLICY MANAGER (AUDIT/COMPLIANCE)

SD-WAN Transform Your Agency

AirMagnet Enterprise DATA SHEETS PRINT

Monitoring and Threat Detection

Compare Security Analytics Solutions

locuz.com SOC Services

Symantec Client Security. Integrated protection for network and remote clients.

securing your network perimeter with SIEM

Exam: : VPN/Security. Ver :

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

SONICWALL GLOBAL MANAGEMENT SYSTEM

Snort: The World s Most Widely Deployed IPS Technology

Wireless and Network Security Integration Solution Overview

Riverbed. Rapidly troubleshoot critical application and network issues using real-time infrastructure visualization and monitoring.

Cisco ISR G2 Management Overview

HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL

SYMANTEC DATA CENTER SECURITY

SECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /

SentryWire Next generation packet capture and network security.

SentryWire Next generation packet capture and network security.

Detecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0

Reinvent Your 2013 Security Management Strategy

Cisco Secure Access Control

SONICWALL GLOBAL MANAGEMENT SYSTEM Comprehensive security management, monitoring, reporting and analytics

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

AKAMAI CLOUD SECURITY SOLUTIONS

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

VANGUARD Policy Manager TM

Future-ready security for small and mid-size enterprises

Motorola AirDefense Retail Solutions Wireless Security Solutions For Retail

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

SECURITY & PRIVACY DOCUMENTATION

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

Unlocking the Power of the Cloud

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

NetDefend Firewall UTM Services

Introducing CloudGenix Clarity

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

Cisco Self Defending Network

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Questions to Add to Your Network Access Control Request for Proposal

Application Performance Troubleshooting

Cisco BioMed NAC Solution for Healthcare: Flexible, Cost-Effective Provisioning for Identified Networked Biomedical Devices

Cato Cloud. Global SD-WAN with Built-in Network Security. Solution Brief. Cato Cloud Solution Brief. The Future of SD-WAN. Today.

Database Auditing and Forensics for Privacy Compliance: Challenges and Approaches. Bob Bradley Tizor Systems, Inc. December 2004

The ehealth Traffic Accountant Reporting Application

SOLARWINDS PARTNER SALES CARDS

Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches

Internal Audit Report DATA CENTER LOGICAL SECURITY

McAfee Public Cloud Server Security Suite

Cloud Security Myths Paul Mazzucco, Chief Security Officer

Cisco Network Admission Control (NAC) Solution

Business Continuity An Integral Part of Risk Management At Constellation Energy

PROFESSIONAL SERVICES (Solution Brief)

SECURITY PRACTICES OVERVIEW

Cisco Stealthwatch Endpoint License with Cisco AnyConnect NVM

Continuous protection to reduce risk and maintain production availability

Free Download BitDefender Client Security 1 Year 50 PCs softwares download ]

Transcription:

Maximize Network Visibility with NetFlow Technology Adam Powers Chief Technology Officer Lancope

Agenda What is NetFlow h Introduction to NetFlow h NetFlow Examples NetFlow in Action h Network Operations User Case h Security Operations User Case h PCI Compliance and Auditing User Case A Glimpse into the Power of NetFlow h 10+ G Ethernet Environments h Virtual Environments h MPLS and Multi-point VPNs

What is NetFlow? Internet NetFlow Packets NetFlow Fields src and dst IP src and dst port start time end time packet count byte count... StealthWatch Flow Collector

NetFlow vs. Traditional SNMP Monitoring Traditional SNMP NetFlow Reporting

Flow-based Visibility and Drill-down

NetFlow for the Network Team NetFlow Packet flow1 flow2... StealthWatch Flow Collector Network Team Interface utilization Billing and chargeback QOS monitoring BGP ASN monitoring MPLS visibility Application troubleshooting Compliance and Auditing PCI Compliance HIPAA Compliance SCADA Security Sarbanes-Oxley Security Team File sharing Malware outbreak detection Network acceptable use Flow forensics Data loss prevention

NetFlow in Action : Network Operations OldCastle APG Leading North American manufacturer of concrete masonry, lawn, garden and paving products and a regional leader in clay brick 206 Operating locations 7000+ employees Problem No way to visualize who or what was causing network slowdowns Internal IT staff using multiple tools in attempts to troubleshoot incidents

NetFlow in Action : Network Operations Solution Combining Cisco NetFlow and Lancope s StealthWatch System for visibility into the who, what, when and where of network traffic Business Results Determine the root cause of network slowdowns in real-time Detect bandwidth and network user violations and tie user identity to rogue activity Unified view of network and security operations h All regional network managers, helpdesk and network/security engineers at Oldcastle APG use StealthWatch to pinpoint the traffic and users associated with network and security issues and expedite problem resolution Gains detailed network performance analysis for capacity planning, helping Oldcastle APG forecast bandwidth upgrades Also helps quickly discover and diffuse virus infections

NetFlow in Action : Network Operations Tony Jaroszewski, Network/Security Engineer for OldCastle APG StealthWatch enables our support team to make strategic decisions about network and security management based on a unified view of network, security and user information across the enterprise. Not only does it provide network performance monitoring to ensure our applications run optimally, StealthWatch also identifies internal and external threats through behavior-based algorithms.

NetFlow Compliance and Auditing NetFlow Packet flow1 flow2... StealthWatch Flow Collector Network Team Interface utilization Billing and chargeback QOS monitoring BGP ASN monitoring MPLS visibility Application troubleshooting Compliance and Auditing PCI Compliance HIPAA Compliance SCADA Security Sarbanes-Oxley Security Team File sharing Malware outbreak detection Network acceptable use Flow forensics Data loss prevention

NetFlow in Action : PCI Compliance NetFlow facilitates compliance with PCI DSS Requirements: Verifies actual network communications (1.1.2) Monitors services and ports in use (1.1.5) Determines when accounts are active and what they did during this activity (8.5.6) Audits access to anything on the network and tying activity to an individual user, including administrative accounts (10.1)

NetFlow in Action : PCI Compliance AirTran Airways Fortune 1000 company Geographically dispersed network across the continental US Problem Required improved security and network management across the enterprise in accordance with Payment Card Industry (PCI) requirements Wanted greater network visibility and behavioral intrusion detection Ability to monitor a geographically dispersed network

NetFlow in Action : PCI Compliance Solution StealthWatch identifies who does what when, and provides data to enforce accountability Business Result Immediately upon deployment, StealthWatch provided continuous network monitoring to help AirTran demonstrate network-wide PCI by: Supplying real-time visibility and awareness of network and host-based behaviors, increasing accountability for introducing network security risks as well as jeopardizing network availability, and tracking, measuring and prioritizing network and host-based risk. Quickly identify and resolve issues related to network behavior or malicious events Monitors WAN activity and performance

NetFlow in Action: PCI Compliance Michelle Stewart, Manager of Data Security, AirTran Airways StealthWatch performed so well during our evaluation that we did not pursue trials with any other NBA products. During testing, StealthWatch demonstrated the ability to detect unauthorized remote access, worm activity and root cause analysis of increases in WAN activity. All of these functions have aided our efforts to demonstrate compliance with the PCI Data Security Standard.

NetFlow for the Security Team NetFlow Packet flow1 flow2... StealthWatch Flow Collector Network Team Interface utilization Billing and chargeback QOS monitoring BGP ASN monitoring MPLS visibility Application troubleshooting Compliance and Auditing PCI Compliance HIPAA Compliance SCADA Security Sarbanes-Oxley Security Team File sharing Malware outbreak detection Network acceptable use Flow forensics Data loss prevention

NetFlow in Action : Security Operations Aurora HealthCare Network Overview Largest private employer in Wisconsin over 27,000 employees 14 Hospitals Over 150 Clinics 200 + Pharmacies Challenge Monitor a widely dispersed network without deploying administratively problematic and financially burdensome individual sensors throughout the network Needed complete visibility of the network from the internal network to the clinics at the edge Monitor for zero-day attacks, viruses, Trojans, etc. Support for HIPAA Compliance

NetFlow in Action : Security Operations Solution Combining NetFlow & StealthWatch System Business Results 100% visibility from core to network edge Reduced time and resources allocated to network security issues Streamlined the remediation process and reduced incident investigation by more than half HIPAA auditing support

NetFlow in Action : Security Operations Dan Lukas, Lead Security Architect : Aurora HealthCare [I can] easily drill down into a clinic s network activity; address bandwidth issues; identify and remediate misconfigured devices; delve into switch levels to pinpoint and mitigate threats. With its ability to locate distributed sniffers, StealthWatch eliminates the need to purchase troubleshooting hardware for significant cost-savings."

Visibility Lost Due to Emerging Tech Emerging network technologies are outpacing traditional network monitoring techniques such as SNMP and SPAN/tap-based technology... 10G Ethernet is so fast few probe technologies can keep up and those that can are too expensive MPLS and multi-point VPNs create a meshed WAN that s expensive to monitor adequately Virtualization hides whole network segments from the network manager s view, making VM2VM communication problems difficult to troubleshoot These issues result in an inability to react to network problems because of a basic lack of.

10G+ Ethernet 10G Ethernet is so fast few probe technologies can keep up and those that can are too expensive traditional Ethernet sensor Where to plug in?

NetFlow in a 10G+ Ethernet Environment 10G Ethernet is so fast few probe technologies can keep up and those that can are extremely expensive StealthWatch Flow Collector

Virtualization Virtualization hides whole network segments from the network manager s view, making VM2VM communication problems difficult to troubleshoot physical network VM1 VM2 VM3 virtual machines VM2VM traditional Ethernet probe physical machine virtual switches

NetFlow in the Virtual Environment VM VM VM virtual machines NF 9 VM2VM virtual switches VM Server StealthWatch Flow Collector *** Cisco Nexus 1000v also supports NetFlow ***

MPLS and Multi-point VPNs MPLS and multi-point VPNs create a meshed WAN that s expensive to monitor adequately traditional Ethernet sensor

MPLS and Multi-point VPNs Fully meshed connectivity circumvents network monitoring deployed at the hub location

MPLS and Multi-point VPNs Full visibility requires a probe at each location throughout the WAN

NetFlow Collection in the WAN Deploy a StealthWatch NetFlow collector at a central location and enable NetFlow at each remote site StealthWatch Flow Collector NetFlow Packet NetFlow Packet

Quick Recap: Network Operations Fully integrated view of network usage, performance, host integrity and user behavior Diagnose Network congestion and provide root cause analysis of the problem causing response time delays Visibility and Metrics for WAN Optimization Real-time and Historical data to facilitate network performance monitoring, capacity planning and resource management Monitor Quality of Service on a per-hop basis throughout the Network

Quick Recap: Security Operations Quickly pinpoint zero-day and unknown threats that bypass perimeter security Identify policy violations, unauthorized activity/applications, misconfigured hosts, and other rogue devices Faster Incident Resolution & detailed Forensic data Detection of DoS/DDoS attacks, Worms, Viruses and Botnets Track and Audit network behavior and access by Individual Hosts

Quick Recap: PCI Compliance and Auditing NetFlow Solutions supply organizations with the means to: Continuously but passively monitoring host behaviors looking for deviations from normal processes Tie individual users to internal network performance problems Tie individual users to the introduction of security risks inside the internal network Implement appropriate Network Controls and Policies Provide for Internal Audit and Risk Assessment

Thank You Adam Powers Chief Technology Officer Lancope

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback