Presentation is loading. Please wait.

Presentation is loading. Please wait.

Observer Platform Network Security Forensics. Agenda Introduction o Today’s security challenges o Observer Platform network forensics benefits Five Steps.

Published byEdward Kristian Terry Modified over 9 years ago

Similar presentations

Presentation on theme: "Observer Platform Network Security Forensics. Agenda Introduction o Today’s security challenges o Observer Platform network forensics benefits Five Steps."— Presentation transcript:

1 Observer Platform Network Security Forensics

2 Agenda Introduction o Today’s security challenges o Observer Platform network forensics benefits Five Steps to Threat Resolution Real-world customer example o Jack Henry & Associates Investigating the packets demonstration o #1 – Identify a DDos o #2 – Botnet detection Key Take-aways

3 Security Challenges IT threats continue to escalate in frequency, type, and malice o Security perimeter breaches (must be) assumed a given o “Inside jobs” are also on the rise Negative financial and stakeholder implications are increasing o Revenue, profitability, and customer relations o Long-term business survivability at risk Damage control and remediation urgency growing o What has been compromised? o How do we validate “all clear”? Take-Away: Organizations need a retrospective, network- centric method to backstop other security measures and identify and clean compromised IT assets

4 Security Challenges – A Reality Today for the Network Team Network Instruments 2015 State of the Network highlights: o 85% are involved with security investigations o Engaged in multiple facets of security 65% implementing preventative measures 58% investigating attacks 50% validating security tool configurations o 50% indicated correlating security issues with network performance to be their top challenge o 44% cited the inability to replay anomalous security issues Hacking and malware cause nearly 1/3 of all data loss events* * VERIS Community DatabaseVERIS Community Database

5 Our Benefits Leverage Observer Platform performance monitoring functionality to bolster existing IT security measures o “ Two-for-one” deal (NPMD + security) GigaStor offers back-in-time peace of mind o The “gold standard” in packet capture ensures every packet is captured  No network conversations are missed Apex provides high-level views into possible errant behavior o Baseline graphs are a powerful means to visualize unusually activity Analyzer includes deep packet awareness Integrated SNORT rule support for known malware Sophisticated post-event filtering and pre-packet processing to quickly detect zero-day or other suspicious activity Advanced alarming to alert on targeted conditions

6 Real-Time and Back-in-Time - Complement

7 Riverbed & NetScout Don't offer Snort rule support Cannot match our storage capacity Drop packets as utilization rates increase NetScout does offer Cyber Investigator o Dedicated hardened solution

8 OBSERVER PLATFORM SECURITY FORENSICS Five Steps to Threat Resolution

9 # 1 - Capture Everything on Your Network Monitor from the core to the edge Never miss a single packet

10 # 2 – Detect /Alert on Suspicious / Anomalous Behavior

11 # 3 – Turn Back the Clock Using GigaStor back-in-time functionality Start Investigation at the time of the possible incident

12 Leverage GigaStor forensics # 4 – Identify Security Threats

13 Leverage GigaStor forensics # 4 – Identify Security Threats

14 Perform packet pre-processing to eliminate common obfuscation techniques # 4 – Identify Security Threats

15 Then apply advanced Analyzer filtering for zero-day events or Snort rules for known threats # 4 – Identify Security Threats

16 The result: A comprehensive identification of detected threats within the time window specified

17 # 5 – View Illicit Behavior In/Out of the Network Rebuild conversations to witness the event unfold just like sports “instant replay”

18 # 5 – View Illicit Behavior In/Out of the Network Rebuild conversations to witness the event unfold just like sports “instant replay”

19 # 5 – View Illicit Behavior In/Out of the Network Reconstruct HTTP streams to see exactly what was requested and received…

20 # 5 – View Illicit Behavior In/Out of the Network …even if encrypted when the private key is available

21 # 5 – View Illicit Behavior In/Out of the Network Reconstruct inside jobs where valuable IP may be at risk via extrusion Remediate / perform damage control as required to assess compromised assets

22 CUSTOMER EXAMPLE JACK HENRY & ASSOCIATES

23 About Jack Henry & Associates (JHA) S&P 400 company with $1.2 Billion revenue (FY2014) Support 11,300 financial service customers o Electronic payment solutions o Financial processing services o Business process automation Three primary brands o Jack Henry Banking, Symitar, and ProfitStars

24 JHA – Protecting Critical Customer Data Already using Observer Platform to monitor network and app performance Ongoing targeted attacks on IT resources GigaStor to the rescue o Fortified existing security efforts by validating attempted breach into data center not successful Having all the packets critical

25 Solving the Customer’s Challenge Late night call from the VP of Network Ops. o Oversees the security team Significant expansion of GigaStor deployments o Now an integral part of ongoing security detection and remediation o Save every packet across seven DCs for two weeks GigaStor data-at-rest adds more peace-of-mind

26 Business Outcome – Additional Sales Current (new) sales: o Observer Expert Consoles o Qty.2 – 10 Gb GigaStor-Expandable – 96 TB Redundant on-shelf for rapid deployment if failure o Qty.2 – 10 Gb GigaStor-Expandable – 288 TB o Qty.1 – 10 Gb GigaStor – Expandable – 576 TB o Four years of maintenance Future sales upside: o Qty.2 – 10 Gb GigaStor-Expandable – 288 TB o Qty.1 – 10 Gb GigaStor-Expandable – 96 TB o Qty.1 – 10 Gb GigaStor-Upgradeable – 16 TB

27 INVESTIGATING IN THE PACKETS

28 Key Takeaways The number and severity of the IT security breaches continues to escalate Network teams are playing an increasingly larger role in security investigations, preventive measures, and damage control Having all the packets are critical for detecting breaches, identifying compromised assets, and validating cleanup

29 Key Takeaways Observer Platform offers tremendous value to network teams and security organizations to optimize IT resource health and performance o GigaStor data-at-rest adds even more value GigaStor (easily) beats NetScout and Riverbed in high-speed packet capture, capacity, and integrated security functionality

30 QUESTIONS?

31 OPTIONAL SLIDES

32 Is the Network Team involved in Security? 8 in 10 network teams also involved in security Source: State of the Network 2015State of the Network 2015

33 Time Spent on Security One-quarter of network teams spend more than 10 hours per week involved in security issues Source: State of the Network 2015State of the Network 2015

34 Has this Increased over the Past Year? Source: State of the Network 2015State of the Network 2015

35 Network Team Roles in Security Source: State of the Network 2015State of the Network 2015

36 Greatest Challenges Addressing Security Source: State of the Network 2015State of the Network 2015

Download ppt "Observer Platform Network Security Forensics. Agenda Introduction o Today’s security challenges o Observer Platform network forensics benefits Five Steps."

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
The Threat Within September 2004. Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.

The Threat Within September Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Network Instruments Troubleshooting Techniques. What to look for in network monitoring solutions… Key Elements Real Time Statistics Visual Network Traffic.

Network Instruments Troubleshooting Techniques. What to look for in network monitoring solutions… Key Elements Real Time Statistics Visual Network Traffic.
AMI & Grid Data Analytics & Analysis Management Platform Page  1 What does this platform offer? Our tool is a next generation grid management software.

AMI & Grid Data Analytics & Analysis Management Platform Page  1 What does this platform offer? Our tool is a next generation grid management software.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Managed Security Monitoring. 2 ©2015 EarthLink. All rights reserved. Today’s top IT concerns — sound familiar? Source: IT Security Risks 2014: A Business.

Managed Security Monitoring. 2 ©2015 EarthLink. All rights reserved. Today’s top IT concerns — sound familiar? Source: IT Security Risks 2014: A Business.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
Boost your network security with NETASQ Vulnerability Manager.

Boost your network security with NETASQ Vulnerability Manager.
Microsoft Ignite /16/2017 4:54 PM

Microsoft Ignite /16/2017 4:54 PM
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Bureau of Workers’ Comp PA Training for Health & Safety (PATHS)

Bureau of Workers’ Comp PA Training for Health & Safety (PATHS)
John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.

John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.

VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
California Common Operating Picture (Cal COP) for Public Safety

California Common Operating Picture (Cal COP) for Public Safety
© 2009 IBM Corporation Delivering Quality Service with IBM Service Management April 13 th, 2009.

© 2009 IBM Corporation Delivering Quality Service with IBM Service Management April 13 th, 2009.

Similar presentations

Ads by Google