Presentation is loading. Please wait.

Presentation is loading. Please wait.

“There is nothing more important than our customers” Network Anomaly Behavioral Detection Dragon Securtiy Command Console – DSCC Zdeněk Pala ECIE certified.

Published byBrook Farmer Modified over 9 years ago

Similar presentations

Presentation on theme: "“There is nothing more important than our customers” Network Anomaly Behavioral Detection Dragon Securtiy Command Console – DSCC Zdeněk Pala ECIE certified."— Presentation transcript:

1 “There is nothing more important than our customers” Network Anomaly Behavioral Detection Dragon Securtiy Command Console – DSCC Zdeněk Pala ECIE certified engineer ECI certified instructor

2 © 2007 Enterasys Networks, Inc. All rights reserved. 2 DSCC – overview

3 © 2007 Enterasys Networks, Inc. All rights reserved. 3 Building the Magnitude Credibility: How credible is the evidence. Credibility of the witnesses, if multiple witnesses report same attack, credibility of overall offenses in increased Severity: How much of a threat is the attacker, network, offense …..to my enterprise. Affected by object weights, asset values, category (type) of attacks, actual vulnerability of targets, and number of targets Relevance: Based on the weight of Networks and Assets, how relevant is this offense or violation to you. Is it occurring in areas of the network that are not as important to you.

4 © 2007 Enterasys Networks, Inc. All rights reserved. 4 Network Behavior Anomaly Detection (NBAD) Works with flow data Constantly monitors traffic to detect changes in network traffic flows Optimal for detection of Day-Zero attacks Can be adjusted to customers special needs 4

5 © 2007 Enterasys Networks, Inc. All rights reserved. 5 NBAD methods Behavior sentries ­Checks for volume changes in behavior that occurs in regular seasonal patterns ­If a behavior change occurs, an alarm will be generated ­Behavioral sentries can be deployed in environments with consistent or repetive amounts of traffic ­Example: Typically a mail server communicates with 100 hosts in the night, suddenly it starts communicating with 1000 hosts instead Anomaly sentries ­Checks for activity changes of the entities inside a view ­Detects new or unknown traffic or changes in the amount of time an object is active ­If an anomaly is detected, an alarm will be generated ­Behavioral sentry -> volume based ­Anomaly sentry -> activity based (% changes) ­Example: A monitored host inside a network would start to communicate all the time with an external network instead of 16% of its time 5

6 © 2007 Enterasys Networks, Inc. All rights reserved. 6 Threshold sentries ­Monitors traffic and objects that exceeds a configured threshold ­Useful for monitoring utilized bandwith or number of clients connected to a server ­Example: Create an alert if more than 100 connections are established with a certain server in the network Security/policy sentries ­Monitors traffic inside a view for policy violations at network or application level ­Monitors for violations of usage policies ­If any traffic is detected, that meets the sentry criteria, an alarm will be generated ­The security/policy sentry is a derivate of the threshold sentry but with a threshold of one ­Example: A user attempts to make a SSH connection to a server, which he is not entitled to do Custom sentries 6 On Off NBAD methods

7 © 2007 Enterasys Networks, Inc. All rights reserved. 7 Questions?

8 “There is nothing more important than our customers”

Download ppt "“There is nothing more important than our customers” Network Anomaly Behavioral Detection Dragon Securtiy Command Console – DSCC Zdeněk Pala ECIE certified."

Similar presentations

Intrusion Detection System(IDS) Overview Manglers Gopal Paliwal Gopal Paliwal Roshni Zawar Roshni Zawar SenthilRaja Velu SenthilRaja Velu Sreevathsa Sathyanarayana.

Intrusion Detection System(IDS) Overview Manglers Gopal Paliwal Gopal Paliwal Roshni Zawar Roshni Zawar SenthilRaja Velu SenthilRaja Velu Sreevathsa Sathyanarayana.
Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.

Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.
Honeypot 서울과학기술대학교 Jeilyn Molina 121336101. Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 10 Performance Tuning.

MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 10 Performance Tuning.
Motorola Mobility Services Platform (MSP3.2) Control Edition Optimizing use of your mobile assets Daphanie Wallace June 2008 Enterprise Mobility Solutions.

Motorola Mobility Services Platform (MSP3.2) Control Edition Optimizing use of your mobile assets Daphanie Wallace June 2008 Enterprise Mobility Solutions.
Insider Access Behavior Team May 06 Brandon Reher Jake Gionet Steven Bromley Jon McKee Advisor Client Dr. Tom DanielsThe Boeing Company Contact Dr. Nick.

Insider Access Behavior Team May 06 Brandon Reher Jake Gionet Steven Bromley Jon McKee Advisor Client Dr. Tom DanielsThe Boeing Company Contact Dr. Nick.
Cyber Security Discussion Craig D’Abreo – VP Security Operations.

Cyber Security Discussion Craig D’Abreo – VP Security Operations.
Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.

Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
Traffic Engineering With Traditional IP Routing Protocols

Traffic Engineering With Traditional IP Routing Protocols
EECS 598-2 Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
By Edith Butler Fall 2008. Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.

By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.
Host Intrusion Prevention Systems & Beyond

Host Intrusion Prevention Systems & Beyond
Performance Management (Best Practices) REF:www.cisco.com Document ID 15115.

Performance Management (Best Practices) REF: Document ID

Similar presentations

Ads by Google