Presentation is loading. Please wait.

Presentation is loading. Please wait.

Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT.

Published byJoe Boor Modified over 9 years ago

Similar presentations

Presentation on theme: "Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT."— Presentation transcript:

1 Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT Technical Director

2 2 Copyright © 2014 You Just Suffered a Major Security Breach! What Happened?! Who Was Affected?! When Will It Be Fixed?! 3 Questions Your IT Staff Better Answer in the First 8 Hours!! Could Your Current SEM/SIEM Tools Cover You for this Security Breach?

3 3 Copyright © 2014 Suspect Identify Mitigate Impact Tools Fixed Permanent Protection Security Incident Lifecycle

4 4 Copyright © 2014 Security Incident Lifecycle Unique EventCan lead to repetitive events if not correctly identified…

5 5 Copyright © 2014 Security Incident Lifecycle

6 6 Copyright © 2014 Security Incident Lifecycle Reduced Frequency Minimize Scope of Impact Faster Remediation ID Root Cause

7 7 Copyright © 2014 Security Architecture Full Content Repository Current Security Infrastructure: Firewall IDS/IPS DLP End Point Security Events pcaps Event-driven “snippets” and/or ALL traffic recorded into a rolling buffer Alarm Search & Analysis Event / Log Repository Packet Storage SIEM (Security Info & Event Mgmt) Packet Capture

8 8 Copyright © 2014 SIEM Integration via RESTful API

9 Visibility & recording infrastructure for high- speed networks Endace provides 100% accurate network recording at 1Gbps to 100Gbps!!!

10 10 Copyright © 2014 Next-Generation EndaceDAG Overview Designed for data capture applications requiring 100% network data capture Three “Feature Bundles” Three Product Configurations Low Overhead Zero Loss Capture Hardware Time Stamps Global Clock Synch In-Band Metadata Classification/filtering Load Balancing

11 11 Copyright © 2014 Endace Network Visibility Infrastructure Network Visibility Headend Allows EndaceProbe INRs/ODE to scale to 40 and 100GbE EndaceAccess™ Network Visibility Headend Endace Open Hosting Platform (ODE ) High Performance Intelligent Network Recording Up to 64 TB storage Mix of 1 and 10GbE ports EndaceProbe™ Intelligent Network Recorder EndaceFlow™ NetFlow Generator Appliance (NGA) Hosting Platform for Monitoring Applications 8x1GbE or 4x10GbE Ports Up to 16 TB internal storage; Fibre Channel support for SAN High-Speed NetFlow Generation for 10GbE Networks 4x10GbE Ports EndaceProbe: Provides 100% packet capture on 10Gb Ethernet links NetFlow Generator: Generate unsampled netflows from 1GbE/10GbE links EndaceAccess: Load-balances 40Gb/100Gb links across multiple INRs Endace ODE: Provide packets for hosted 3 rd party applications

12 12 Copyright © 2014 The Endace Probe Solution

13 13 Copyright © 2014 Monitoring and Recording Fabrics

14 14 Copyright © 2014 100% Packet Capture means 100% Network Visibility

15 15 Copyright © 2014 Can you Pinpoint Microbursts Occurring on your Network?

16 16 Copyright © 2014 Can you Identify Applications Running on your Network?

17 17 Copyright © 2014 Can you Identify Traffic Changes Over Time?

18 18 Copyright © 2014 Can you see Conversations on the Network?

19 19 Copyright © 2014 Search through Packets in a Browser!

20 20 Copyright © 2014 100Gbps Packet Capture…

21 21 Copyright © 2014 Time Synchronization

22

23 23 Copyright © 2013 NetFlow – The New Way!!!

24 24 Copyright © 2013 NetFlow – The New Way!!!

25 25 Copyright © 2013

26 26 Copyright © 2013

Download ppt "Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT."

Similar presentations

Network Systems Sales LLC

Network Systems Sales LLC
Complete Event Log Viewing, Monitoring and Management.

Complete Event Log Viewing, Monitoring and Management.
Copyright Hub Software Engineering Ltd 2010All rights reserved Hub Document Manager Product Overview.

Copyright Hub Software Engineering Ltd 2010All rights reserved Hub Document Manager Product Overview.
Business Solutions Network Security Solutions Gateway Security

Business Solutions Network Security Solutions Gateway Security
LeadManager™- Internet Marketing Lead Management Solution May, 2009.

LeadManager™- Internet Marketing Lead Management Solution May, 2009.
Stonesoft Roadmap WHAT FEATURES WILL COME IN 2013-2014.

Stonesoft Roadmap WHAT FEATURES WILL COME IN
A new Network Concept for transporting and storing digital video…………

A new Network Concept for transporting and storing digital video…………
MUNIS Platform Migration Project WELCOME. Agenda Introductions Tyler Cloud Overview Munis New Features Questions.

MUNIS Platform Migration Project WELCOME. Agenda Introductions Tyler Cloud Overview Munis New Features Questions.
Complete Event Log Viewing, Monitoring and Management.

Complete Event Log Viewing, Monitoring and Management.
SHARKFEST '09 | Stanford University | June 15–18, 2009 Now and Then, How and When? June 16 th, 2009 Stephen Donnelly Technologist | Endace Technology SHARKFEST.

SHARKFEST '09 | Stanford University | June 15–18, 2009 Now and Then, How and When? June 16 th, 2009 Stephen Donnelly Technologist | Endace Technology SHARKFEST.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
© 2014 VMware Inc. All rights reserved. BlazeMeter Load Testing Solution with vCloud Air High-level Overview Jan 2015.

© 2014 VMware Inc. All rights reserved. BlazeMeter Load Testing Solution with vCloud Air High-level Overview Jan 2015.
1 Emulex Confidential - © 2013 Emulex Corporation Emulex Network Visibility Products (NVP) Customer Success Stories Overview Emulex Corporation October,

1 Emulex Confidential - © 2013 Emulex Corporation Emulex Network Visibility Products (NVP) Customer Success Stories Overview Emulex Corporation October,
SHARKFEST ‘10 | Stanford University | June 14–17, 2010 The Shark Distributed Monitoring System: Distributing Wireshark Deep Packet Analysis to LAN/WAN.

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 The Shark Distributed Monitoring System: Distributing Wireshark Deep Packet Analysis to LAN/WAN.
© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE www.visible.com Holistic View of the Enterprise Business Development Operations.

© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE Holistic View of the Enterprise Business Development Operations.
NetFlow Analyzer Drilldown to the root-QoS Product Overview.

NetFlow Analyzer Drilldown to the root-QoS Product Overview.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Developing PANDORA Mark Corbould Director, IT Business Systems.

Developing PANDORA Mark Corbould Director, IT Business Systems.
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
The Power of Lossless Packet Capture & Real-time Netflow SANS Tool Talk Boni Bruno, CISSP, CISM, CGEIT Technical Director.

The Power of Lossless Packet Capture & Real-time Netflow SANS Tool Talk Boni Bruno, CISSP, CISM, CGEIT Technical Director.

Similar presentations

Ads by Google