Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presenter(s) Name Company Title Introduction. © 2014 Lancope, Inc. All rights reserved. Your Network is Compromised Do you know where?

Published byBruce Reeves Modified over 8 years ago

Similar presentations

Presentation on theme: "Presenter(s) Name Company Title Introduction. © 2014 Lancope, Inc. All rights reserved. Your Network is Compromised Do you know where?"— Presentation transcript:

1 Presenter(s) Name Company Title Introduction

2 © 2014 Lancope, Inc. All rights reserved. Your Network is Compromised Do you know where?

3 © 2014 Lancope, Inc. All rights reserved. The Perimeter Has Vanished Global trends contribute to a vanishing perimeter Consumerization of IT / BYOD Shift to Cloud Composite Applications and Application Proliferation Global, Distributed Workforce Telecommuting Mobile BYOD Supply Chain / Partners Advanced Authentication Dynamic Onboarding User-Developed Applications Cloud Backup & Recovery Enterprise 15

4 © 2014 Lancope, Inc. All rights reserved. Enterprise How Have Enterprises Tried to Solve this Problem? Strengthen the Perimeter Analytics & Remediation Monitor Content Moving Into and Out of the Enterprise Increase Sophistication of Identity Management Harden the Endpoint 16

5 © 2014 Lancope, Inc. All rights reserved. Today’s Threat Landscape Despite $32 billion spent on conventional tools, threats continue to evade detection… …data breaches continue 17

6 © 2014 Lancope, Inc. All rights reserved. Today top threats still get through 243 days before attackers were discovered 621 Incidents & over 44 million compromised records $3.03M is the avg lost business cost of a breach in the US FW IPS IDS

7 © 2014 Lancope, Inc. All rights reserved. Stop Problems Before They Become Crises 7 credit card data compromised attack identified vulnerability closed attack thwarted early warning attack identified vulnerability closed attack onset Company with StealthWatch Company with Legacy Monitoring Tools ~70% of Incident Response is spent on MTTK “Worm outbreaks impact revenue by up to $250k / hour. StealthWatch pays for itself in 30 minutes.” F500 Media Conglomerate MTTK

8 © 2014 Lancope, Inc. All rights reserved. Continuous Response with Context-Aware Security Detect Monitor Analyze Respond Network is your sensor Operationalized security intelligence Continuous monitoring Detection Analysis Response Multiple stake holders

9 © 2014 Lancope, Inc. All rights reserved. Network 16 Billion NetFlow records daily, stored for 90 days 175TB of daily traffic 250,000 active hosts Problem Need to scalable solution to store more NetFlow for incident look-back Requires enhanced detection capabilities Must be IPv6 capable Solution Retain 90+ days of full NetFlow records Provides unique interface for gaining insight into NetFlow and the information it contains Automatic NetFlow analysis Utilize the StealthWatch feature set: Syslog export of events Host Group-based detection API queries Host Alarms Why Cisco uses StealthWatch Visibility Threat Detection Incident Response Network Diagnostics User Monitoring

10 © 2014 Lancope, Inc. All rights reserved. Network 16,000 switches 10,000 routers Connects over 300,000 users from 600 sites In aggregate, generates 600,000 data flows per second Problem Need to monitor activity within enormously complex, global network Must quickly detect malicious traffic buried within innocuous data Solution Detects broad range of malicious and anomalous traffic Reduces HP’s response time to resolve threats Integrates with Tipping Point and ArcSight Scalable – collects and analyzes global network flow data Cost effective solution Why HP Uses StealthWatch Visibility Threat Detection Incident Response Network Diagnostics User Monitoring

11 © 2014 Lancope, Inc. All rights reserved. Blue Chip Customer Base New Zealand Ministry of Defense Saudi Arabia Ministry of Defense Latvia Ministry of Internal Affairs U.S. EnterpriseHigher EducationHealthcareGovernment International 12

12 © 2014 Lancope, Inc. All rights reserved. Lancope Solution Areas Visibility Context-aware visibility into network, application and user activity BYOD Cloud monitoring IPv6 East-West Traffic monitoring Network segmentation Firewall rule auditing Threat Detection Advanced Persistent Threats Botnet (CnC) Detection Data Exfiltration Network Reconnaissance Insider Threat DDoS Malware Network Behavior Anomaly Detection Cisco Cyber Threat Defense Solution SLIC threat feed Incident Response In-depth, flow- based forensic analysis of suspicious incidents Scalable repository of security information Retrace the step-by-step actions of a potential attacker On-demand packet capture Network Diagnostics Application Awareness Capacity Planning Performance Monitoring Troubleshooting User Monitoring Cisco ISE Monitor privileged access Policy enforcement

13 The Power of StealthWatch System

14 © 2014 Lancope, Inc. All rights reserved. What is Context-Aware Security? The use of situational information (e.g. identity, location, time of day or type of endpoint device) to operationalize security and improve information security decisions. StealthWatch for Context-Aware Security

15 Breaking down the Boundaries © 2014 Lancope, Inc. All rights reserved.

16 Everything must touch the network KNOW every host Know what is NORMAL What else can the network tell me? RECORD every conversation Gain Context-Aware Security Company Network Assess Audit Posture Response With StealthWatch… Context Detect Alert to CHANGE Store for MONTHS © 2014 Lancope, Inc. All rights reserved.

17 Embedded context Username integration – Devices, Ports, MAC, DHCP Application information RTT / SRT Packet loss XFF Header URL information Partial payload capture Web summary for SIEM Active Directory integration NAT table integration Country codes Syslog parsers Scripted mitigation External event association External Threat Intelligence Weblinks for lookup User-defined threat criteria Custom Application configuration IPAM integration (xml import)

18 © 2014 Lancope, Inc. All rights reserved. Eyes and Ears of the Network Drilling into a single flow yields a plethora of information 32

19 © 2014 Lancope, Inc. All rights reserved. StealthWatch Advanced Threat Detection

20 Signature Anomaly Behavior Advanced Detection Methods Signature = Object against blacklist IPS, Antivirus, Content Filter Behavior = Inspect Victim behavior against blacklist Malware Sandbox, NBAD, HIPS, SEIM Anomaly = Inspect Victim behavior against whitelist NBAD, Quantity/Metric based—not Signature based SignatureBehaviorAnomaly Known Exploits BEST GoodLimited 0-day ExploitsLimIted BEST Good Credential AbuseLimited BEST

21 © 2014 Lancope, Inc. All rights reserved. How StealthWatch Analyzes Devices 31

22 © 2014 Lancope, Inc. All rights reserved. StealthWatch Labs Intelligence Center (SLIC) Lancope’s research initiative that tracks emerging threat information from around the world New Behavioral Analysis Algorithms updated as new threats discovered; updates performed using the existing SLIC control channel and licensing Botnet Command & Control Internet scanning Backscatter (DDoS Victims) 26

23 © 2014 Lancope, Inc. All rights reserved.

24 StealthWatch Architecture & Design

25 © 2014 Lancope, Inc. All rights reserved. WAN DATACENTER ACCESS CORE 3560-X Atlanta New York San Jose 3850 Stack(s) Cat4k ASA Internet Cat6k VPC Servers 3925 ISR ASR-1000 Nexus 7000 UCS with Nexus 1000v © 2014 Lancope, Inc. All rights reserved. Network Is Your Sensor Internal Visibility from Edge to Access

26 © 2014 Lancope, Inc. All rights reserved. Primary Architectural Components StealthWatch FlowCollector StealthWatch FlowSensor StealthWatch FlowReplicator StealthWatch IDentity SLIC Threat Feed StealthWatch Management Console Leverages Cisco NetFlow traffic accounting technology or traffic information from sFlow Supports IPFIX Delivers flow-based Response Time Management (RTM) Flow-by-flow visibility, including connection information such as Round Trip Time (RTT), Server Response Time (SRT), Retransmission Ratio (RT%), and advanced URL data Aggregates flow data, syslog and SNMP information in a single, high- speed appliance Forwards information in a single data stream to one or more StealthWatch FlowCollector appliances Automates user identification, streamlines remediation efforts and delivers powerful auditing capabilities for regulatory compliance Agent-less approach enables scalable, cost-effective user tracking and reporting Draws upon global threat intelligence to provide an additional layer of protection from botnets and other sophisticated attacks Correlates suspicious network activity with data on thousands of known C&C servers Manages, coordinates and configures all StealthWatch appliances to correlate security and network intelligence across the enterprise Web user interface: dashboards, tools, analysis, and mitigation 33

27 © 2014 Lancope, Inc. All rights reserved. Massively Scalable StealthWatch Architecture

28 © 2014 Lancope, Inc. All rights reserved. Thank you

Download ppt "Presenter(s) Name Company Title Introduction. © 2014 Lancope, Inc. All rights reserved. Your Network is Compromised Do you know where?"

Similar presentations

© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.

© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.
Security Life Cycle for Advanced Threats

Security Life Cycle for Advanced Threats
The Threat Within September 2004. Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.

The Threat Within September Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.
Stonesoft Roadmap WHAT FEATURES WILL COME IN 2013-2014.

Stonesoft Roadmap WHAT FEATURES WILL COME IN
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Network Instruments Troubleshooting Techniques. What to look for in network monitoring solutions… Key Elements Real Time Statistics Visual Network Traffic.

Network Instruments Troubleshooting Techniques. What to look for in network monitoring solutions… Key Elements Real Time Statistics Visual Network Traffic.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
David Flournoy Bit9 Mid-Atlantic Regional Manager

David Flournoy Bit9 Mid-Atlantic Regional Manager
© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.

© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.
Microsoft Ignite /16/2017 4:54 PM

Microsoft Ignite /16/2017 4:54 PM
NetFlow Analyzer Drilldown to the root-QoS Product Overview.

NetFlow Analyzer Drilldown to the root-QoS Product Overview.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
MIGRATION FROM SCREENOS TO JUNOS based firewall

MIGRATION FROM SCREENOS TO JUNOS based firewall
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.

1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.
© 2007 Property of Lancope. Proprietary and Confidential. Enterprise Situational Awareness and Monitoring through Network Behavior Analysis Mark McDaniel,

© 2007 Property of Lancope. Proprietary and Confidential. Enterprise Situational Awareness and Monitoring through Network Behavior Analysis Mark McDaniel,

Similar presentations

Ads by Google