The Power of Lossless Packet Capture & Real-time Netflow SANS Tool Talk Boni Bruno, CISSP, CISM, CGEIT Technical Director.

Slides:



Advertisements
Similar presentations
Network Systems Sales LLC
Advertisements

Stonesoft Roadmap WHAT FEATURES WILL COME IN
Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT.
A new Network Concept for transporting and storing digital video…………
MUNIS Platform Migration Project WELCOME. Agenda Introductions Tyler Cloud Overview Munis New Features Questions.
SHARKFEST '09 | Stanford University | June 15–18, 2009 Now and Then, How and When? June 16 th, 2009 Stephen Donnelly Technologist | Endace Technology SHARKFEST.
The Most Analytical and Comprehensive Defense Network in a Box.
© 2014 VMware Inc. All rights reserved. BlazeMeter Load Testing Solution with vCloud Air High-level Overview Jan 2015.
1 Emulex Confidential - © 2013 Emulex Corporation Emulex Network Visibility Products (NVP) Customer Success Stories Overview Emulex Corporation October,
SHARKFEST ‘10 | Stanford University | June 14–17, 2010 The Shark Distributed Monitoring System: Distributing Wireshark Deep Packet Analysis to LAN/WAN.
© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.
© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE Holistic View of the Enterprise Business Development Operations.
CON Software-Defined Networking in a Hybrid, Open Data Center Krishna Srinivasan Senior Principal Product Strategy Manager Oracle Virtual Networking.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Napatech Acceleration Platform Powered by Dell. 2 Dell - Restricted - Confidential Accelerate Performance and Time-to-Market On October 21 st Napatech.
Click to edit Master title style Unified MSP Platform for Remote Infrastructure Monitoring & Management.
Developing PANDORA Mark Corbould Director, IT Business Systems.
© 2012 Solera Networks. Contains confidential, proprietary, and trade secret information of Solera Networks. Any use of this work without express written.
Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
SANS Technology Institute - Candidate for Master of Science Degree Implementing and Automating Critical Control 19: Secure Network Engineering for Next.
Windows 2000 Security Policies & Practices: How to build your plan Mandy Andress, CISSP President ArcSec Technologies.
The Most Analytical and Comprehensive Defense Network in a Box.
© 2006 Avaya Inc. All rights reserved. Avaya Services Michael Dundon Business Development Manager.
COEN 252 Computer Forensics Collecting Network-based Evidence.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
Intorduction to Lumentis
Module 4: Planning, Optimizing, and Troubleshooting DHCP
INTERNATIONAL NETWORKS At Indiana University Hans Addleman TransPAC Engineer, International Networks University Information Technology Services Indiana.
UNM RESEARCH NETWORKS Steve Perry CCNP, CCDP, CCNP-V, CCNP-S, CCNP-SP, CCAI, CMNA, CNSS 4013 Director of Networks.
Securing and Monitoring 10GbE WAN Links Steven Carter Center for Computational Sciences Oak Ridge National Laboratory.
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
Test, Visibility and Control The Vendors Network Instruments –Leaders in Application Performance –High Speed Forensic Capture –Network & Application.
Chapter 5: Implementing Intrusion Prevention
The Real Deal With SIM/SEM The Promise of Security Information / Event Management Scott Sidel Sr. Security Manager Computer Sciences Corp.
Net Optics Confidential and Proprietary 1 Bypass Switches Intelligent Access and Monitoring Architecture Solutions.
Windows Azure Virtual Machines Anton Boyko. A Continuous Offering From Private to Public Cloud.
IT Priorities Minimize CAPEX Maximize employee productivity Grow the business Add new compute resources real- time to support growth Meet compliance requirements.
BUSINESS USER MONITORING OBSERVEIT 5.8. Firewall IDS IAM SIEM Business Users IT Users USERS ARE GATEWAYS OF RISK Contractors Systems AppsData.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.
Overview SessionVista™ Enterprise is the first integrated network monitoring and control appliance that combines application layer firewall capabilities.
SCIENCE_DMZ NETWORKS STEVE PERRY, DIRECTOR OF NETWORKS UNM PIYASAT NILKAEW, DIRECTOR OF NETWORKS NMSU.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Simple, End-to-End Performance Management Application Performance.
Why SIEM – Why Security Intelligence??
FireEye NX In line Solution
1 Copyright © 2013 Tap DANZing with Arista Networks Redefining the Cost of the Access Layer.
MAXPRO NVR HONEYWELL - CONFIDENTIAL File Number MAXPRO NVR 2.5 HON Cameras Support – HDZ PTZ, ONVIF cameras (equivalent ONVIF models to current.
IXIA + FIREEYE SECURITY BATTLECARD
Integrated ALM with Cross-Tool Reporting Kovair Marketing Kovair Software Copyright ©
DISA Cyclops Program.
IoT Security Part 2, The Malware
Security Virtualization
Critical Security Controls
IOT Critical Impact on DC Design
Sebastian Solbach Consulting Member of Technical Staff
Network Packet Brokers
Bring new levels of visibility to your datacenter with Cisco Tetration
Northwestern Lab for Internet and Security Technology (LIST) Yan Chen Department of Computer Science Northwestern University.
Security in Virtualized Environments
Upgrading to Microsoft SQL Server 2014
2018 Amazon AWS DevOps Engineer Professional Dumps - DumpsProfessor
I have many checklists: how do I get started with cyber security?
Wavestore Integrates… OptaSense Acoustic Fibre & PIDS
CompTIA Security+ Study Guide (SY0-501)
Wavestore Integrates…
Station Management System
Security Delivery Platform for the Micro-segmented Data Center
STATEL an easy way to transfer data
Presentation transcript:

The Power of Lossless Packet Capture & Real-time Netflow SANS Tool Talk Boni Bruno, CISSP, CISM, CGEIT Technical Director

2 Copyright © 2013 You Just Suffered a Major Security Breach! What Happened?! Who Was Affected?! When Will It Be Fixed?! 3 Questions Your IT Staff Better Answer in the First 8 Hours!! Could Your Current SEM/SIEM Tools Cover You for this Security Breach?

Visibility & recording infrastructure for high- speed networks Endace provides 100% accurate network recording at 1Gbps to 100Gbps!!!

4 Copyright © 2013 Next-Generation EndaceDAG Overview Designed for data capture applications requiring 100% network data capture Three “Feature Bundles” Three Product Configurations Low Overhead Zero Loss Capture Hardware Time Stamps Global Clock Synch In-Band Metadata Classification/filtering Load Balancing

5 Copyright © 2013 Endace Network Visibility Infrastructure Network Visibility Headend Allows EndaceProbe INRs/ODE to scale to 40 and 100GbE EndaceAccess™ Network Visibility Headend Endace Open Hosting Platform (ODE ) High Performance Intelligent Network Recording Up to 64 TB storage Mix of 1 and 10GbE ports EndaceProbe™ Intelligent Network Recorder EndaceFlow™ NetFlow Generator Appliance (NGA) Hosting Platform for Monitoring Applications 8x1GbE or 4x10GbE Ports Up to 16 TB internal storage; Fibre Channel support for SAN High-Speed NetFlow Generation for 10GbE Networks 4x10GbE Ports EndaceProbe: Provides 100% packet capture on 10Gb Ethernet links NetFlow Generator: Generate unsampled netflows from 1GbE/10GbE links EndaceAccess: Load-balances 40Gb/100Gb links across multiple INRs Endace ODE: Provide packets for hosted 3 rd party applications

6 Copyright © 2013 The Endace Probe Solution

7 Copyright © 2013 Monitoring and Recording Fabrics

8 Copyright © % Packet Capture means 100% Network Visibility

9 Copyright © 2013 Can you Pinpoint Microbursts Occurring on your Network?

10 Copyright © 2013 Can you Identify Applications Running on your Network?

11 Copyright © 2013 Can you Identify Traffic Changes Over Time?

12 Copyright © 2013 Can you see Conversations on the Network?

13 Copyright © 2013 See Packets in a Browser!

14 Copyright © Gbps Packet Capture…

15 Copyright © 2013 Time Synchronization

16 Copyright © 2013 Security Architecture Full Content Repository Current Security Infrastructure: Firewall IDS/IPS DLP End Point Security Events pcaps Event-driven “snippets” and/or ALL traffic recorded into a rolling buffer Alarm Search & Analysis Event / Log Repository Packet Storage SIEM (Security Info & Event Mgmt) Packet Capture

17 Copyright © 2013 SIEM Integration via RESTful API

19 Copyright © 2013 Netflow – The New Way!!!

20 Copyright © 2013 Netflow – The New Way!!!

21 Copyright © 2013 Suspect Identify Mitigate Impact Tools Fixed Permanent Protection Security Incident Lifecycle

22 Copyright © 2013 Security Incident Lifecycle Unique EventCan lead to repetitive events if not correctly identified…

23 Copyright © 2013 Security Incident Lifecycle

24 Copyright © 2013 Security Incident Lifecycle Reduced Frequency Minimize Scope of Impact Faster Remediation ID Root Cause

25 Copyright © 2013

26 Copyright © 2013

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.