© 2012 Gigamon. All rights reserved. The Dynamic World of Threat Detection, Containment & Response 1.

Slides:



Advertisements
Similar presentations
Cloud Communications Ecosystem Panel Alan Bugos, Vice President of Technology October 15th, 2013.
Advertisements

Polycom Unified Collaboration for IBM Lotus Sametime and IBM Lotus Notes January 2010.
1/17/20141 Leveraging Cloudbursting To Drive Down IT Costs Eric Burgener Senior Vice President, Product Marketing March 9, 2010.
Chapter 14 Intranets & Extranets. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Introduction Technical Infrastructure Planning an Intranet.
Ethernet Switch Features Important to EtherNet/IP
1 An Update on Multihoming in IPv6 Report on IETF Activity IPv6 Technical SIG 1 Sept 2004 APNIC18, Nadi, Fiji Geoff Huston.
Network Monitoring System In CSTNET Long Chun China Science & Technology Network.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Geneva, Switzerland, 17 October 2011 ITU Workshop on Service Delivery Platforms (SDP) for Telecommunication Ecosystems: from todays realities to requirements.
0 - 0.
Addition Facts
Visibility Fabrics for Measurement, Management and Security.
1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
Scalable Parallel Intrusion Detection Fahad Zafar Advising Faculty: Dr. John Dorband and Dr. Yaacov Yeesha 1 University of Maryland Baltimore County.
Chapter 1: Introduction to Scaling Networks
Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.
1 Effective, secure and reliable hosted security and continuity solution.
Barracuda Link Balancer Link Reliability and Bandwidth Optimization.
Heng Pan , Hongtao Guan, Junjie Liu (ICT, CAS)
1. 2 August Recommendation 9.1 of the Strategic Information Technology Advisory Committee (SITAC) report initiated the effort to create an Administrative.
Copyright © Chang Gung University. Permission required for reproduction or display. On Femto Deployment Architecture and Macrocell Offloading Benefits.
© Blue Coat Systems, Inc All Rights Reserved. APTs Are Not a New Type of Malware 1 Source: BC Labs Report: Advanced Persistent Threats.
Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)
Past Tense Probe. Past Tense Probe Past Tense Probe – Practice 1.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBCMSN BCMSN Module 1 Lesson 1 Network Requirements.
Addition 1’s to 20.
Test B, 100 Subtraction Facts
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 2.
Traversing symmetric NAT with predictable port allocation function SIN 2014 Dušan Klinec, Vashek Matyáš Faculty of Informatics, Masaryk University.
Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.
MIGRATION FROM SCREENOS TO JUNOS based firewall
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.
It’s What You Can’t See That Will Sink You
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
Department Of Computer Engineering
1 Integrating a Network IDS into an Open Source Cloud Computing Environment 1st International Workshop on Security and Performance in Emerging Distributed.
©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.
Introduction to Cloud Computing
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
TRANSFORMING IT.  The cloud is a group of servers.  A user interacts with the cloud without worrying about how it is implemented. Cloud computing describes.
Version 4.0. Objectives Describe how networks impact our daily lives. Describe the role of data networking in the human network. Identify the key components.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partners only. Do not distribute. C
Virtual Private Ad Hoc Networking Jeroen Hoebeke, Gerry Holderbeke, Ingrid Moerman, Bard Dhoedt and Piet Demeester 2006 July 15, 2009.
Chapter 5: Implementing Intrusion Prevention
1 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED. Cognitive Security: Security Analytics and Autonomics for Virtualized Networks Lalita Jagadeesan.
Network security Product Group 2 McAfee Network Security Platform.
7.5 Intrusion Detection Systems Network Security / G.Steffen1.
Net Optics Confidential and Proprietary 1 Bypass Switches Intelligent Access and Monitoring Architecture Solutions.
Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor.
Internet of Things. IoT Novel paradigm – Rapidly gaining ground in the wireless scenario Basic idea – Pervasive presence around us a variety of things.
IS3220 Information Technology Infrastructure Security
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Simple, End-to-End Performance Management Application Performance.
CloudMAC: Moving MAC frames processing of the Sink to Cloud.
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Juniper Security Threat Response Manager (STRM)
Introduction to Mobile-Cloud Computing. What is Mobile Cloud Computing? an infrastructure where both the data storage and processing happen outside of.
IXIA + FIREEYE SECURITY BATTLECARD
Deployment Planning Services
Design Decisions / Lessons Learned
Protecting your mobile devices away from virus by a cloud-based approach Wei Wu.
Proprietary & Confidential
Introduction to Cloud Computing
Network Packet Broker Market
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Chapter 3 VLANs Chaffee County Academy
Security Delivery Platform for the Micro-segmented Data Center
Presentation transcript:

© 2012 Gigamon. All rights reserved. The Dynamic World of Threat Detection, Containment & Response 1

© 2012 Gigamon. All rights reserved. Devices IT owned Data Contained Opportunities and Challenges The World of IT continues to evolve 2 Dynamic Infrastructure Static Management and Security Tools Network Fixed Mobile Servers Physical Applications In house Virtual User owned Cloud Limitless

© 2012 Gigamon. All rights reserved. Devices IT owned Data Contained Opportunities and Challenges The World of IT continues to evolve 3 Dynamic Infrastructure Static Management and Security Tools Network Fixed Mobile Servers Physical Applications In house Virtual User owned Cloud Limitless

© 2012 Gigamon. All rights reserved. Visibility: The Enabler for Security Anatomy of an Attack 4 Window of Exposure The Golden Hour Attack identified Alert & notification Early stage containment Damage & scale assessment Infrastructure wide response Second-wave detection Assessing the infrastructure Identifying targets Pilot probe attack Intrusion commences Cloaking starts Anomaly detected Information extraction Cloning & go mobile Cloaking complete Data extraction or manipulation Security established Elimination Attack commences

© 2012 Gigamon. All rights reserved. Two Architectures; Two Approaches Wall and Watch 5 Watch – out of bandWall – in band Limit the opportunities Block the known attacks Monitor traffic profiles Alert to anomalies Broad-scale monitoring Signature behavior Leverage multiple measures The front-line against the unknown Limitations Single point of failure Potential bottleneck Dependent upon Maintenance windows Risk of over-subscription Famine or Feast: SPAN or TAP Increasing tooling demand & expanding network scale Limitations Highly available architecture Line-rate performance Infrequent configuration changes Requirements Powerful filtering capability Multi-point triangulation The more pervasive, the greater the value Requirements

© 2012 Gigamon. All rights reserved. Two Architectures; Two Approaches Wall and Watch 6 Watch – out of bandWall – in band Highly available architecture Line-rate performance Infrequent configuration changes Requirements Powerful filtering capability Multi-point triangulation The more pervasive the greater the value Requirements Single point of failure Potential bottleneck Dependent upon Maintenance windows Limitations Risk of over-subscription Famine or Feast: SPAN or TAP Increasing tooling demand & expanding network scale Limitations

© 2012 Gigamon. All rights reserved. Two Architectures; Two Approaches Wall and Watch 7 Watch – out of bandWall – in band Single point of failure Potential bottleneck Dependent upon Maintenance windows Limitations Risk of over-subscription Famine or Feast: SPAN or TAP Increasing tooling demand & expanding network scale Limitations

© 2012 Gigamon. All rights reserved. Networks were Static and Simple 8 TOOLS Application Performance Security Network Management

© 2012 Gigamon. All rights reserved. Networks are Dynamic and Complex 9 TOOLS Application Performance Security Network Management

© 2012 Gigamon. All rights reserved. Application Performance Network Management Security TOOLS Networks demand a New Approach 10 CENTRALIZED TOOLS Application Performance Network Management Security

© 2012 Gigamon. All rights reserved. Packet Modification, Manipulation and Transformation GigaSMART The Fabric Intelligence 11 Dynamic power to control traffic selection Packet Identification, Filtering and Forwarding ToolsNetwork Flow Mapping Physical Virtual Application Performance Network Management Security Deduplication ABACCABACB ABC Packet Slicing A B C Time Stamp A B C

© 2012 Gigamon. All rights reserved. The Benefits of Visibility Fabric 12 Visibility Fabric Pervasive Simple Cost Effective Centralized Scalable Legacy Approach Limited Visibility Static Expensive Distributed Constrained

© 2012 Gigamon. All rights reserved. Tools Network Network ManagementApplication MonitoringSecurity Enabling Best-of-Breed Selections 13 The Middleware with Any Network, and Any Tool

© 2012 Gigamon. All rights reserved. The Advantages of Gigamon – GigaBPS Traffic offload – Application-aware traffic profile 14

© 2012 Gigamon. All rights reserved. The Demand is Clear 15 Independent Survey Results from December 2011

© 2012 Gigamon. All rights reserved. Wall – in band Visibility Fabric Addressing the Limitations 16 Single point of failure Potential bottleneck Dependent upon Maintenance windows Limitations Watch – out of band Risk of over-subscription Famine or Feast: SPAN or TAP Increasing tooling demand & expanding network scale Limitations Heartbeat monitoring Intelligent traffic distribution Establishes a Dynamic DMZ enabling rapid response Flow Mapping filtering Selective traffic forwarding Scalability to serve some of the largest networks on the planet

© 2012 Gigamon. All rights reserved. Thank you 17

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.