Observer Platform Network Security Forensics. Agenda Introduction o Today’s security challenges o Observer Platform network forensics benefits Five Steps.

Slides:

Advertisements

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

Advertisements

The Threat Within September Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

Network Instruments Troubleshooting Techniques. What to look for in network monitoring solutions… Key Elements Real Time Statistics Visual Network Traffic.

AMI & Grid Data Analytics & Analysis Management Platform Page  1 What does this platform offer? Our tool is a next generation grid management software.

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Managed Security Monitoring. 2 ©2015 EarthLink. All rights reserved. Today’s top IT concerns — sound familiar? Source: IT Security Risks 2014: A Business.

The Most Analytical and Comprehensive Defense Network in a Box.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

Boost your network security with NETASQ Vulnerability Manager.

Microsoft Ignite /16/2017 4:54 PM

(Geneva, Switzerland, September 2014)

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

Bureau of Workers’ Comp PA Training for Health & Safety (PATHS)

John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.

California Common Operating Picture (Cal COP) for Public Safety

© 2009 IBM Corporation Delivering Quality Service with IBM Service Management April 13 th, 2009.

An Introduction to AlarmInsight

® IBM Software Group © IBM Corporation IBM Information Server Understand - Information Analyzer.

1© Copyright 2012 EMC Corporation. All rights reserved. Getting Ahead of Advanced Threats Advanced Security Solutions for Trusted IT Chezki Gil – Territory.

Thursday, January 23, :00 am – 11:30 am. Agenda  Cyber Security Center of Excellence  Project Phase  Implementation  Next Steps 2.

EEye Digital Security    On the Frontline of the Threat Landscape: Simple configuration goes a long way.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.

1 Managed Premises Firewall. 2 Typical Business IT Security Challenges How do I protect all my locations from malicious intruders and malware? How can.

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partners only. Do not distribute. C

Computer Forensics in Practice Armed Forces of the Slovak Republic mjr. Ing. Albert VAJÁNYI 1Lt. Ing. Boris ZEMEK (c) May 2005.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.

$3.5M The average cost of a data breach to a company 243 The average number of days that attackers reside within a victim’s network before detection 76%

Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.

1 Making Networks Smarter. Trends Everything is moving to the network –Telephony –Video –Web services (and further.

© 2013 IBM Corporation CMO and CIO: Friends with digital benefits iStrategy – May 15, 2013 Surjit Chana CMO, IBM

Knowing What You Missed Forensic Techniques for Investigating Network Traffic.

The Real Deal With SIM/SEM The Promise of Security Information / Event Management Scott Sidel Sr. Security Manager Computer Sciences Corp.

APM for Security Forensics ENHANCING IT SECURITY WITH POST-EVENT INTRUSION RESOLUTION Lakshya Labs.

Marin Frankovic Datacenter TSP

BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

Role Of Network IDS in Network Perimeter Defense.

ARAMA TECH D A T A P R O T E C T I O N P R O F E S S I O N A L S VISION & STRATEGY.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

Cisco Consulting Services for Application-Centric Cloud Your Company Needs Fast IT Cisco Application-Centric Cloud Can Help.

Rapid Detection & Incident Response What, Why and How March 2016 Ft Gordon.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Simple, End-to-End Performance Management Application Performance.

ECAT 4.1 – Rule Your Endpoints What’s New Customer Overview.

Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.

Security Log Visualization with a Correlation Engine: Chris Kubecka Security-evangelist.eu All are welcome in the House of Bytes English Language Presentation.

Department of Defense Voluntary Protection Programs Center of Excellence Development, Validation, Implementation and Enhancement for a Voluntary Protection.

Barracuda Networks. Safe Public Cloud Transitions Why Barracuda? The Challenge When organizations move workloads to the public cloud, data protection.

Despite of spending high on digital information security, organizations still remain exposed to external threats. However, data center providers are helping.

IXIA + FIREEYE SECURITY BATTLECARD

NPM and Security Forensics Mark Cromley Solutions Engineer Viavi Solutions, Inc.

Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.

Comprehensive Security and Compliance at an Affordable Price.

Building A Security Program From The Ground Up

Real-time protection for web sites and web apps against ATTACKS

Cyber Security: State of the Nation

Active Cyber Security, OnDemand

Skyhigh Enables Enterprises to Use Productivity Tools of Microsoft Office 365 While Meeting Their Security, Compliance & Governance Requirements Partner.

How to Operationalize Big Data Security Analytics

11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Panda Adaptive Defense Platform and Services

Windows 10 Enterprise subscriptions in CSP – Messaging Summary

Increase and Improve your PC management with Windows Intune

Overview UA has formed is forming a Security Operations Center (SOC) with Students supporting Tier 1 Activities. The SOC provides benefits to the University.

AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.

Presentation transcript:

Observer Platform Network Security Forensics

Agenda Introduction o Today’s security challenges o Observer Platform network forensics benefits Five Steps to Threat Resolution Real-world customer example o Jack Henry & Associates Investigating the packets demonstration o #1 – Identify a DDos o #2 – Botnet detection Key Take-aways

Security Challenges IT threats continue to escalate in frequency, type, and malice o Security perimeter breaches (must be) assumed a given o “Inside jobs” are also on the rise Negative financial and stakeholder implications are increasing o Revenue, profitability, and customer relations o Long-term business survivability at risk Damage control and remediation urgency growing o What has been compromised? o How do we validate “all clear”? Take-Away: Organizations need a retrospective, network- centric method to backstop other security measures and identify and clean compromised IT assets

Security Challenges – A Reality Today for the Network Team Network Instruments 2015 State of the Network highlights: o 85% are involved with security investigations o Engaged in multiple facets of security 65% implementing preventative measures 58% investigating attacks 50% validating security tool configurations o 50% indicated correlating security issues with network performance to be their top challenge o 44% cited the inability to replay anomalous security issues Hacking and malware cause nearly 1/3 of all data loss events* * VERIS Community DatabaseVERIS Community Database

Our Benefits Leverage Observer Platform performance monitoring functionality to bolster existing IT security measures o “ Two-for-one” deal (NPMD + security) GigaStor offers back-in-time peace of mind o The “gold standard” in packet capture ensures every packet is captured  No network conversations are missed Apex provides high-level views into possible errant behavior o Baseline graphs are a powerful means to visualize unusually activity Analyzer includes deep packet awareness Integrated SNORT rule support for known malware Sophisticated post-event filtering and pre-packet processing to quickly detect zero-day or other suspicious activity Advanced alarming to alert on targeted conditions

Real-Time and Back-in-Time - Complement

Riverbed & NetScout Don't offer Snort rule support Cannot match our storage capacity Drop packets as utilization rates increase NetScout does offer Cyber Investigator o Dedicated hardened solution

OBSERVER PLATFORM SECURITY FORENSICS Five Steps to Threat Resolution

# 1 - Capture Everything on Your Network Monitor from the core to the edge Never miss a single packet

# 2 – Detect /Alert on Suspicious / Anomalous Behavior

# 3 – Turn Back the Clock Using GigaStor back-in-time functionality Start Investigation at the time of the possible incident

Leverage GigaStor forensics # 4 – Identify Security Threats

Leverage GigaStor forensics # 4 – Identify Security Threats

Perform packet pre-processing to eliminate common obfuscation techniques # 4 – Identify Security Threats

Then apply advanced Analyzer filtering for zero-day events or Snort rules for known threats # 4 – Identify Security Threats

The result: A comprehensive identification of detected threats within the time window specified

# 5 – View Illicit Behavior In/Out of the Network Rebuild conversations to witness the event unfold just like sports “instant replay”

# 5 – View Illicit Behavior In/Out of the Network Rebuild conversations to witness the event unfold just like sports “instant replay”

# 5 – View Illicit Behavior In/Out of the Network Reconstruct HTTP streams to see exactly what was requested and received…

# 5 – View Illicit Behavior In/Out of the Network …even if encrypted when the private key is available

# 5 – View Illicit Behavior In/Out of the Network Reconstruct inside jobs where valuable IP may be at risk via extrusion Remediate / perform damage control as required to assess compromised assets

CUSTOMER EXAMPLE JACK HENRY & ASSOCIATES

About Jack Henry & Associates (JHA) S&P 400 company with $1.2 Billion revenue (FY2014) Support 11,300 financial service customers o Electronic payment solutions o Financial processing services o Business process automation Three primary brands o Jack Henry Banking, Symitar, and ProfitStars

JHA – Protecting Critical Customer Data Already using Observer Platform to monitor network and app performance Ongoing targeted attacks on IT resources GigaStor to the rescue o Fortified existing security efforts by validating attempted breach into data center not successful Having all the packets critical

Solving the Customer’s Challenge Late night call from the VP of Network Ops. o Oversees the security team Significant expansion of GigaStor deployments o Now an integral part of ongoing security detection and remediation o Save every packet across seven DCs for two weeks GigaStor data-at-rest adds more peace-of-mind

Business Outcome – Additional Sales Current (new) sales: o Observer Expert Consoles o Qty.2 – 10 Gb GigaStor-Expandable – 96 TB Redundant on-shelf for rapid deployment if failure o Qty.2 – 10 Gb GigaStor-Expandable – 288 TB o Qty.1 – 10 Gb GigaStor – Expandable – 576 TB o Four years of maintenance Future sales upside: o Qty.2 – 10 Gb GigaStor-Expandable – 288 TB o Qty.1 – 10 Gb GigaStor-Expandable – 96 TB o Qty.1 – 10 Gb GigaStor-Upgradeable – 16 TB

INVESTIGATING IN THE PACKETS

Key Takeaways The number and severity of the IT security breaches continues to escalate Network teams are playing an increasingly larger role in security investigations, preventive measures, and damage control Having all the packets are critical for detecting breaches, identifying compromised assets, and validating cleanup

Key Takeaways Observer Platform offers tremendous value to network teams and security organizations to optimize IT resource health and performance o GigaStor data-at-rest adds even more value GigaStor (easily) beats NetScout and Riverbed in high-speed packet capture, capacity, and integrated security functionality

QUESTIONS?

OPTIONAL SLIDES

Is the Network Team involved in Security? 8 in 10 network teams also involved in security Source: State of the Network 2015State of the Network 2015

Time Spent on Security One-quarter of network teams spend more than 10 hours per week involved in security issues Source: State of the Network 2015State of the Network 2015

Has this Increased over the Past Year? Source: State of the Network 2015State of the Network 2015

Network Team Roles in Security Source: State of the Network 2015State of the Network 2015

Greatest Challenges Addressing Security Source: State of the Network 2015State of the Network 2015