We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byJoe Boor
Modified about 1 year ago
Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT Technical Director
2 Copyright © 2014 You Just Suffered a Major Security Breach! What Happened?! Who Was Affected?! When Will It Be Fixed?! 3 Questions Your IT Staff Better Answer in the First 8 Hours!! Could Your Current SEM/SIEM Tools Cover You for this Security Breach?
3 Copyright © 2014 Suspect Identify Mitigate Impact Tools Fixed Permanent Protection Security Incident Lifecycle
4 Copyright © 2014 Security Incident Lifecycle Unique EventCan lead to repetitive events if not correctly identified…
5 Copyright © 2014 Security Incident Lifecycle
6 Copyright © 2014 Security Incident Lifecycle Reduced Frequency Minimize Scope of Impact Faster Remediation ID Root Cause
7 Copyright © 2014 Security Architecture Full Content Repository Current Security Infrastructure: Firewall IDS/IPS DLP End Point Security Events pcaps Event-driven “snippets” and/or ALL traffic recorded into a rolling buffer Alarm Search & Analysis Event / Log Repository Packet Storage SIEM (Security Info & Event Mgmt) Packet Capture
8 Copyright © 2014 SIEM Integration via RESTful API
Visibility & recording infrastructure for high- speed networks Endace provides 100% accurate network recording at 1Gbps to 100Gbps!!!
10 Copyright © 2014 Next-Generation EndaceDAG Overview Designed for data capture applications requiring 100% network data capture Three “Feature Bundles” Three Product Configurations Low Overhead Zero Loss Capture Hardware Time Stamps Global Clock Synch In-Band Metadata Classification/filtering Load Balancing
11 Copyright © 2014 Endace Network Visibility Infrastructure Network Visibility Headend Allows EndaceProbe INRs/ODE to scale to 40 and 100GbE EndaceAccess™ Network Visibility Headend Endace Open Hosting Platform (ODE ) High Performance Intelligent Network Recording Up to 64 TB storage Mix of 1 and 10GbE ports EndaceProbe™ Intelligent Network Recorder EndaceFlow™ NetFlow Generator Appliance (NGA) Hosting Platform for Monitoring Applications 8x1GbE or 4x10GbE Ports Up to 16 TB internal storage; Fibre Channel support for SAN High-Speed NetFlow Generation for 10GbE Networks 4x10GbE Ports EndaceProbe: Provides 100% packet capture on 10Gb Ethernet links NetFlow Generator: Generate unsampled netflows from 1GbE/10GbE links EndaceAccess: Load-balances 40Gb/100Gb links across multiple INRs Endace ODE: Provide packets for hosted 3 rd party applications
12 Copyright © 2014 The Endace Probe Solution
13 Copyright © 2014 Monitoring and Recording Fabrics
14 Copyright © % Packet Capture means 100% Network Visibility
15 Copyright © 2014 Can you Pinpoint Microbursts Occurring on your Network?
16 Copyright © 2014 Can you Identify Applications Running on your Network?
17 Copyright © 2014 Can you Identify Traffic Changes Over Time?
18 Copyright © 2014 Can you see Conversations on the Network?
19 Copyright © 2014 Search through Packets in a Browser!
20 Copyright © Gbps Packet Capture…
21 Copyright © 2014 Time Synchronization
23 Copyright © 2013 NetFlow – The New Way!!!
24 Copyright © 2013 NetFlow – The New Way!!!
25 Copyright © 2013
26 Copyright © 2013
Network Systems Sales LLC Value-Added Reseller Started in 2006 Focus: Offer deliverable, supported software and hardware-based technologies to solve business.
Adding Value to Your e-business with IBM Tivoli Performance & Availability Solutions Manage Your Technology Master Your Business Customer Name Speaker.
Whats New in vSphere 5.0? Dan Wofford Staff Systems Engineer - VMware.
Enhancing Asset Lifecycle Management Through Better Routine and Complex Maintenance Practices Louay Zeaiter
Professional TELECOM solutions Corporate Presentation – Jan 2012.
Service Recovery & Availability Robert Dickerson June 2010.
1 Building an efficient Branch Infrastructure using Windows Server.
Draft – Preliminary Work Product Click to edit Master text styles Second level Third level Fourth level Fifth level Telstra Enterprise and Government [Insert.
© 2007 DataCore Software Corp DataCore Announces SANsymphony 6.0 Enterprise Edition.
© 2011 VMware Inc. All rights reserved VMware Sales Byte Net New Customer Improve Business Continuity and Disaster Recovery (BCDR) with Managed Virtualization.
StorSimple Řešení hybridního úložiště Matouš Rokos Infrastructure Consultant Mainstram Technologies.
The Storage Networking Company I N R A N G E T e c h n o l o g I e s C o r p o r a t I o n 1 Effective Strategies for SAN Performance Monitoring David.
HP0-815 HP Advanced SAN Architecture Visit: Pass4sureofficial.com.
CA Infrastructure Management Solving IT’s Most Complex Problems.
Network Security Workshop BUSAN 2003 Saravanan Kulanthaivelu
Internet Exchange Points (IXPs) Scalable Infrastructure Workshop.
Performance Center 11.0 What’s New September 2010.
Copyright © 2005 SOA Software, Inc. All Rights Reserved. Specifications Subject to Change Without Notice. Overcoming the SOA Network Fallacy Roberto Medrano.
Adapting Incident Response to Meet the Threat Jeff Schilling Director, Global Incident Response and Digital Forensics SecureWorks.
High availability and Disaster Recovery in a Multi-Site Virtual Environment using virtualization Henk Den Baes Technology Advisor Microsoft BeLux.
1 Services. 2 Agenda Overview –Managing the Transitions of The Networked Learning Environment Blackboard Consulting –Who We Are and What We Do Blackboard.
IBM Software Group Tivoli Software from IBM Storage Resource Management Webcast Tele-Rep Training Manual Prepared by: Wunderman Customer Dialogue Group.
1 EMC CONFIDENTIALPARTNER USE ONLY EMC Solutions Overview Building the next generation data centre Chris Ralston EMC Field Technical Consultant.
Copyright Hub Software Engineering Ltd 2010All rights reserved Hub Document Manager Product Overview.
1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
Information Driven Value Chain Steve Gwizdala Value Chain Planning – Solutions Specialist.
1 © Copyright 2009 EMC Corporation. All rights reserved. Manage Your Risk with Business Continuity and Disaster Recovery EMC RecoverPoint Network-Based.
© 2016 SlidePlayer.com Inc. All rights reserved.