We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byJoe Boor
Modified about 1 year ago
Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT Technical Director
2 Copyright © 2014 You Just Suffered a Major Security Breach! What Happened?! Who Was Affected?! When Will It Be Fixed?! 3 Questions Your IT Staff Better Answer in the First 8 Hours!! Could Your Current SEM/SIEM Tools Cover You for this Security Breach?
3 Copyright © 2014 Suspect Identify Mitigate Impact Tools Fixed Permanent Protection Security Incident Lifecycle
4 Copyright © 2014 Security Incident Lifecycle Unique EventCan lead to repetitive events if not correctly identified…
5 Copyright © 2014 Security Incident Lifecycle
6 Copyright © 2014 Security Incident Lifecycle Reduced Frequency Minimize Scope of Impact Faster Remediation ID Root Cause
7 Copyright © 2014 Security Architecture Full Content Repository Current Security Infrastructure: Firewall IDS/IPS DLP End Point Security Events pcaps Event-driven “snippets” and/or ALL traffic recorded into a rolling buffer Alarm Search & Analysis Event / Log Repository Packet Storage SIEM (Security Info & Event Mgmt) Packet Capture
8 Copyright © 2014 SIEM Integration via RESTful API
Visibility & recording infrastructure for high- speed networks Endace provides 100% accurate network recording at 1Gbps to 100Gbps!!!
10 Copyright © 2014 Next-Generation EndaceDAG Overview Designed for data capture applications requiring 100% network data capture Three “Feature Bundles” Three Product Configurations Low Overhead Zero Loss Capture Hardware Time Stamps Global Clock Synch In-Band Metadata Classification/filtering Load Balancing
11 Copyright © 2014 Endace Network Visibility Infrastructure Network Visibility Headend Allows EndaceProbe INRs/ODE to scale to 40 and 100GbE EndaceAccess™ Network Visibility Headend Endace Open Hosting Platform (ODE ) High Performance Intelligent Network Recording Up to 64 TB storage Mix of 1 and 10GbE ports EndaceProbe™ Intelligent Network Recorder EndaceFlow™ NetFlow Generator Appliance (NGA) Hosting Platform for Monitoring Applications 8x1GbE or 4x10GbE Ports Up to 16 TB internal storage; Fibre Channel support for SAN High-Speed NetFlow Generation for 10GbE Networks 4x10GbE Ports EndaceProbe: Provides 100% packet capture on 10Gb Ethernet links NetFlow Generator: Generate unsampled netflows from 1GbE/10GbE links EndaceAccess: Load-balances 40Gb/100Gb links across multiple INRs Endace ODE: Provide packets for hosted 3 rd party applications
12 Copyright © 2014 The Endace Probe Solution
13 Copyright © 2014 Monitoring and Recording Fabrics
14 Copyright © 2014 100% Packet Capture means 100% Network Visibility
15 Copyright © 2014 Can you Pinpoint Microbursts Occurring on your Network?
16 Copyright © 2014 Can you Identify Applications Running on your Network?
17 Copyright © 2014 Can you Identify Traffic Changes Over Time?
18 Copyright © 2014 Can you see Conversations on the Network?
19 Copyright © 2014 Search through Packets in a Browser!
20 Copyright © 2014 100Gbps Packet Capture…
21 Copyright © 2014 Time Synchronization
23 Copyright © 2013 NetFlow – The New Way!!!
24 Copyright © 2013 NetFlow – The New Way!!!
25 Copyright © 2013
26 Copyright © 2013
The Power of Lossless Packet Capture & Real-time Netflow SANS Tool Talk Boni Bruno, CISSP, CISM, CGEIT Technical Director.
1 Emulex Confidential - © 2013 Emulex Corporation Emulex Network Visibility Products (NVP) Customer Success Stories Overview Emulex Corporation October,
1 Copyright © 2013 Tap DANZing with Arista Networks Redefining the Cost of the Access Layer.
Stonesoft Roadmap WHAT FEATURES WILL COME IN
Overview SessionVista™ Enterprise is the first integrated network monitoring and control appliance that combines application layer firewall capabilities.
COEN 252 Computer Forensics Collecting Network-based Evidence.
Net Optics Confidential and Proprietary 1 Bypass Switches Intelligent Access and Monitoring Architecture Solutions.
Securing and Monitoring 10GbE WAN Links Steven Carter Center for Computational Sciences Oak Ridge National Laboratory.
SCIENCE_DMZ NETWORKS STEVE PERRY, DIRECTOR OF NETWORKS UNM PIYASAT NILKAEW, DIRECTOR OF NETWORKS NMSU.
Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Network Systems Sales LLC Value-Added Reseller Started in 2006 Focus: Offer deliverable, supported software and hardware-based technologies to solve business.
SHARKFEST ‘10 | Stanford University | June 14–17, 2010 The Shark Distributed Monitoring System: Distributing Wireshark Deep Packet Analysis to LAN/WAN.
Why SIEM – Why Security Intelligence?? Sponsored by: Presented by: Curtis Johnson LogRhythm Sales Engineer.
SHARKFEST '09 | Stanford University | June 15–18, 2009 Now and Then, How and When? June 16 th, 2009 Stephen Donnelly Technologist | Endace Technology SHARKFEST.
INTERNATIONAL NETWORKS At Indiana University Hans Addleman TransPAC Engineer, International Networks University Information Technology Services Indiana.
A new Network Concept for transporting and storing digital video…………
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
UNM RESEARCH NETWORKS Steve Perry CCNP, CCDP, CCNP-V, CCNP-S, CCNP-SP, CCAI, CMNA, CNSS 4013 Director of Networks.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Simple, End-to-End Performance Management Application Performance.
MUNIS Platform Migration Project WELCOME. Agenda Introductions Tyler Cloud Overview Munis New Features Questions.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
The Most Analytical and Comprehensive Defense Network in a Box.
The Real Deal With SIM/SEM The Promise of Security Information / Event Management Scott Sidel Sr. Security Manager Computer Sciences Corp.
Juniper Networks CONFIDENTIAL 1 MIGRATION FROM SCREENOS TO JUNOS BASED FIREWALL PRESENTER NAME JULY 2014.
Test, Visibility and Control The Vendors Network Instruments –Leaders in Application Performance –High Speed Forensic Capture –Network & Application.
© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 2 Network Security Basics.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Developing PANDORA Mark Corbould Director, IT Business Systems.
© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE Holistic View of the Enterprise Business Development Operations.
Complete VM Mobility Across the Datacenter Server Virtualization Hyper-V 2012 Live Migrate VM and Storage to Clusters Live Migrate VM and Storage Between.
SANS Technology Institute - Candidate for Master of Science Degree Implementing and Automating Critical Control 19: Secure Network Engineering for Next.
Business Solutions Network Security Solutions Gateway Security Endpoint Security ZoneDefence Joint Security Network Access Protection End-to-End Security.
TCP TRAFFIC CHARACTERISTICS— DEEP BUFFER SWITCH STEVE PERRY, DIRECTOR OF NETWORKS UNM PIYASAT NILKAEW, DIRECTOR OF NETWORKS NMSU.
CCNA Security v2.0 Chapter 5: Implementing Intrusion Prevention.
IXIA + FIREEYE SECURITY BATTLECARD SCALABLE HIGH AVAILABILITY PROTECTION FROM CYBER ATTACKS WHY COMBINE IXIA & FIREEYE? FireEye NX, FX, PX and EX appliances.
© 2006 Avaya Inc. All rights reserved. Avaya Services Michael Dundon Business Development Manager.
Windows 2000 Security Policies & Practices: How to build your plan Mandy Andress, CISSP President ArcSec Technologies.
1 9/14/2010 Cloud Network Defense Tom Byrnes Founder & CEO x4242 Cloud Network Defense.
LeadManager™- Internet Marketing Lead Management Solution May, 2009.
By Zaheen Sherwani Intorduction to Lumentis & DWDM Technology.
Remedy, a BMC Software company Change Management Maximize Speed and Minimize Risk in the Change Process.
1© Copyright 2012 EMC Corporation. All rights reserved. Getting Ahead of Advanced Threats Advanced Security Solutions for Trusted IT Chezki Gil – Territory.
VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.
IT Priorities Minimize CAPEX Maximize employee productivity Grow the business Add new compute resources real- time to support growth Meet compliance requirements.
© 2017 SlidePlayer.com Inc. All rights reserved.