“There is nothing more important than our customers” Network Anomaly Behavioral Detection Dragon Securtiy Command Console – DSCC Zdeněk Pala ECIE certified.

Slides:



Advertisements
Similar presentations
Intrusion Detection System(IDS) Overview Manglers Gopal Paliwal Gopal Paliwal Roshni Zawar Roshni Zawar SenthilRaja Velu SenthilRaja Velu Sreevathsa Sathyanarayana.
Advertisements

Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.
Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 10 Performance Tuning.
Motorola Mobility Services Platform (MSP3.2) Control Edition Optimizing use of your mobile assets Daphanie Wallace June 2008 Enterprise Mobility Solutions.
Insider Access Behavior Team May 06 Brandon Reher Jake Gionet Steven Bromley Jon McKee Advisor Client Dr. Tom DanielsThe Boeing Company Contact Dr. Nick.
Cyber Security Discussion Craig D’Abreo – VP Security Operations.
Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
Traffic Engineering With Traditional IP Routing Protocols
EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.
Host Intrusion Prevention Systems & Beyond
Performance Management (Best Practices) REF: Document ID
Design and Implementation of SIP-aware DDoS Attack Detection System.
Intrusion Detection Systems CS391. Overview  Define the types of Intrusion Detection Systems (IDS).  Set up an IDS.  Manage an IDS.  Understand intrusion.
Lecture 11 Intrusion Detection (cont)
10-Conducting Security Audits. Privilege Auditing Person’s access level over an object – User should be given minimal amount of privilege necessary to.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.
Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
Did You Hear That Alarm? The impacts of hitting the information security snooze button.
MCTS Guide to Microsoft Windows 7
Intrusion Prevention System. Module Objectives By the end of this module, participants will be able to: Use the FortiGate Intrusion Prevention System.
CSC 386 – Computer Security Scott Heggen. Agenda Security Management.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 11: Monitoring Server Performance.
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
Real Time Monitors, Inc. Switch Expert™. 2 Switch Expert™ Overview Switch Expert ™ (SE) currently deployed at 80% percent of the INSIGHT-100.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
Computer Forensics in Practice Armed Forces of the Slovak Republic mjr. Ing. Albert VAJÁNYI 1Lt. Ing. Boris ZEMEK (c) May 2005.
Distributed IDS The implementation of a Distributed Intrusion Detection System over a medium scale open network where the focus is availability of services.
CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.
Detection Unknown Worms Using Randomness Check Computer and Communication Security Lab. Dept. of Computer Science and Engineering KOREA University Hyundo.
Botnet behavior and detection October RONOG Silviu Sofronie – a Head of Forensics.
1 Impact of IT Monoculture on Behavioral End Host Intrusion Detection Dhiman Barman, UC Riverside/Juniper Jaideep Chandrashekar, Intel Research Nina Taft,
1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.
Monitoring Windows Server 2012
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Computer Network Forensics Lecture 6 – Intrusion Detection © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering,
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Module 8: Managing Terminal Services. Overview Use and manage Terminal Services RemoteApp programs Use and manage Terminal Services Gateway Optimize and.
1 Implementing Monitoring and Reporting. 2 Why Should Implement Monitoring? One of the biggest complaints we hear about firewall products from almost.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 11: Monitoring Server Performance.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
Intrusion Detection System (IDS) Basics LTJG Lemuel S. Lawrence Presentation for IS Sept 2004.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
1 OFF SYMB - 12/7/2015 Firewalls Basics. 2 OFF SYMB - 12/7/2015 Overview Why we have firewalls What a firewall does Why is the firewall configured the.
Cryptography and Network Security Sixth Edition by William Stallings.
Copyright © 2007 Heathkit Company, Inc. All Rights Reserved PC Fundamentals Presentation 14 – Windows Security.
Role Of Network IDS in Network Perimeter Defense.
© Copyright 2014 TONE SOFTWARE CORPORATION. Confidential and Proprietary. All rights reserved. ® Operator Training – Release Introduction ReliaTel.
1 Chapter Overview Monitoring Access to Shared Folders Creating and Sharing Local and Remote Folders Monitoring Network Users Using Offline Folders and.
© 2006, iPolicy Networks, Inc. All rights reserved. Security Technology Correlation Proneet Biswas Sr. Security Architect iPolicy Networks
Palindrome Technologies all rights reserved © 2016 – PG: Palindrome Technologies all rights reserved © 2016 – PG: 1 Peter Thermos President & CTO Tel:
Intrusion Detection and Prevention Systems By Colton Delman COSC 454 Information Assurance Management.
Security Methods and Practice CET4884
Intrusion Detection Systems Dj Gerena. What is an Intrusion Detection System Hardware and/or software Attempts to detect Intrusions Heuristics /Statistics.
HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,
IDS/IPS Intrusion Detection System/ Intrusion Prevention System.
Basics of Intrusion Detection
* Essential Network Security Book Slides.
Intrusion Detection system
Presentation transcript:

“There is nothing more important than our customers” Network Anomaly Behavioral Detection Dragon Securtiy Command Console – DSCC Zdeněk Pala ECIE certified engineer ECI certified instructor

© 2007 Enterasys Networks, Inc. All rights reserved. 2 DSCC – overview

© 2007 Enterasys Networks, Inc. All rights reserved. 3 Building the Magnitude Credibility: How credible is the evidence. Credibility of the witnesses, if multiple witnesses report same attack, credibility of overall offenses in increased Severity: How much of a threat is the attacker, network, offense …..to my enterprise. Affected by object weights, asset values, category (type) of attacks, actual vulnerability of targets, and number of targets Relevance: Based on the weight of Networks and Assets, how relevant is this offense or violation to you. Is it occurring in areas of the network that are not as important to you.

© 2007 Enterasys Networks, Inc. All rights reserved. 4 Network Behavior Anomaly Detection (NBAD) Works with flow data Constantly monitors traffic to detect changes in network traffic flows Optimal for detection of Day-Zero attacks Can be adjusted to customers special needs 4

© 2007 Enterasys Networks, Inc. All rights reserved. 5 NBAD methods Behavior sentries ­Checks for volume changes in behavior that occurs in regular seasonal patterns ­If a behavior change occurs, an alarm will be generated ­Behavioral sentries can be deployed in environments with consistent or repetive amounts of traffic ­Example: Typically a mail server communicates with 100 hosts in the night, suddenly it starts communicating with 1000 hosts instead Anomaly sentries ­Checks for activity changes of the entities inside a view ­Detects new or unknown traffic or changes in the amount of time an object is active ­If an anomaly is detected, an alarm will be generated ­Behavioral sentry -> volume based ­Anomaly sentry -> activity based (% changes) ­Example: A monitored host inside a network would start to communicate all the time with an external network instead of 16% of its time 5

© 2007 Enterasys Networks, Inc. All rights reserved. 6 Threshold sentries ­Monitors traffic and objects that exceeds a configured threshold ­Useful for monitoring utilized bandwith or number of clients connected to a server ­Example: Create an alert if more than 100 connections are established with a certain server in the network Security/policy sentries ­Monitors traffic inside a view for policy violations at network or application level ­Monitors for violations of usage policies ­If any traffic is detected, that meets the sentry criteria, an alarm will be generated ­The security/policy sentry is a derivate of the threshold sentry but with a threshold of one ­Example: A user attempts to make a SSH connection to a server, which he is not entitled to do Custom sentries 6 On Off NBAD methods

© 2007 Enterasys Networks, Inc. All rights reserved. 7 Questions?

“There is nothing more important than our customers”