Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Through Network Intelligence www.lancope.com Lancope StealthWatch Technology.

Published byMarylou Crawford Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Through Network Intelligence www.lancope.com Lancope StealthWatch Technology."— Presentation transcript:

1 Security Through Network Intelligence www.lancope.com Lancope StealthWatch Technology

2 About Lancope  3 years focused research in flow-based network and security technologies.  StealthWatch evolved from research conducted by Dr. John Copeland at Georgia Tech  Based in Atlanta, GA  Flagship product: StealthWatch -Real time attacks inside your network (Not signature based) -Mitigation and documentation of real time attacks -Forensic short and long term

3 Why Stealth Watch vs. other technology for your internal Network Easy to deploy 1/3 rd to 1/2 the cost of other solution Shows the performance and risks of your Enterprise NOC and SOC in real time. Not Signature based Not perimeter based Not multilayer steps to get results StealthWatch is Best at: Discovering Prioritizing Mitigating Real time worms, viruses and exploits in your Internal Network StealthWatch gives you Network Optimization and Threat Management for your Enterprise NOC and SOC Why Stealth Watch vs. other technology for your internal Network?

4 t t Internal Attacks on the rise! The trend has been moving away from external to internal security” (Security Analysts) Wall Street Journal June 2005  Internal Breaches: Bandwidth consumption, Policy Violations, Trojans, Zero Day Attacks, Application Misuse and others have caused:  Service and System Interruptions  Data Loss  Intellectual Property Theft  Major loss in Company credibility  Huge Financial Losses  The growth in Internal Attacks in a survey of 600 North American Companies and Western Europe:  2003 up 30%  2004 up 50%  2005 could be up 75%

5 How to protect your environment from Internal attacks? Organizations should establish a trusted behavior baseline for each machine on the network. Look for changes in current foot print behavior. If these procedures are implemented effectively they can detect and protect systems against new malicious code, worms and other Internal Breaches. ( US Secret Service and Gov. Cert May 2005) How to protect your environment from Internal attacks?

6 140+ Existing Customers…

7 - CVE Contains 7819 Vulnerabilities (Feb, 2005) - Most Signature Vendors block on about 150 sigs - That’s 2% - What about the other 98%? Too Many Attack Vectors

8 “Given the widespread use of automated attack tools, attacks against Internet-connected systems have become so commonplace that counts of the number of incidents reported provide little information with regard to assessing the scope and impact of attacks. Therefore, as of 2004, we will no longer publish the number of incidents reported.” - CERT …while discovery-to-exploit window decreases. Attack frequency increases… Signatures Can’t Keep Up

9 NetFlow provides “Mountaintop visibility” “Flows” provide total visibility across a wide network range by collecting data from routers in varying locations. This gives Stealth Watch total supervision over the network and provides an ability to track behavior throughout the network, from start to end.

10 BEHAVIOR RATHER THAN SIGNATURES Analyze Flows… Establish baseline… Alarm on changes in behavior… Number of concurrent flows Packets per sec Bits per second New flows created Number of SYNs sent Time of day Number of SYNs received Rate of connection resets Duration of the flow

11 STEALTHWATCH: BEHAVIOR-BASED FLOW ANALYSIS Cost-effective, extended enterprise-wide protection and control Provides visibility into “most significant” network behaviors Streamline and shorten resolution time Powerful audit, compliance reporting, and forensic capabilities SPAN NetFlow CiscoNative Ethernet ArcSight Guarded SIM/SEM Signatures ISS Snort Etc.

12 INFRASTRUCTURE IPS StealthWatch Automated Mitigation Install Cisco PIX firewall rules Install Checkpoint firewall rules Inject Cisco Null0 route Customizable scripted response

13 Devices VendorsCustomer Checkpoint NG, NGAI, Provider 1 Cisco PIX Cyberguard Lucent Brick Juniper Symantec Enterprise Routers and switches Cisco Extreme Juniper Foundry Flow Analysis Server Firewalls Forensics

14 STM Features Supported Security Devices Devices VendorsCustomer ISS RealSecure, Workgroup Manager Site Protector Cisco Secure IDS v4(RDEP) Enterasys Dragon Snort Symantec Manhunt nCircle IP360 TopLayer Mitigator IPS Netscreen Firewall/IDS Network Associates Intrushield IDS IPS

15 Locations Main Data CentersCustomer How Many Main Data Centers do you manage? How many DC’s would you want to monitor with Stealth Watch? Do you want to have the NOC and SOC monitored? How many remote locations do you have? What kind of connections do you have to those remote locations?

16 (StealthWatch Rack Mountable 1U Appliance) StealthWatch Product Line M250 Designed for fast Ethernet networks M45 Designed for DS3 links or underutilized fast Ethernet connections G1 Designed for networks with speeds up to one gigabit per second. Xe-1000 Midrange StealthWatch NetFlow Collector Xe-500 Entry-level StealthWatch NetFlow Collector Xe-2000 High-end StealthWatch NetFlow Collector. SMC Collects and Manages multiple StealthWatch and StealthWatch Xe appliances.

17 Deployment: How do we collect flows?

18 StealthWatch Xe: Monitor Remote Locations 12 IDP/IPS Sensors Required 1 StealthWatch Xe Required

19 Overcome complex deployments and cost 8 Inline IPS @ $64,995: $519,960 1 Netflow-based Xe-2000: <$50,000 Inline IPS

20 PRE-EXISTING CONDITIONS ARE DETECTED Concern Index

21 FLOW VISUALIZATION

22 StealthWatch Solution StealthWatch is a fast, accurate and cost-effective solution that immediately detects malicious or unauthorized network activity, including new and otherwise unidentifiable threats. As a network-based system, StealthWatch overcomes the cost and complexity of deploying and maintaining signature- or host- based systems. With StealthWatch, organizations can now identify and resolve network exposures, such as new, misconfigured or unauthorized devices and applications. These threats, which include rogue servers and P2P file sharing applications, result in 65% of network risks, according to a Gartner estimate. When unpreventable network events or host infections occur, StealthWatch detects and contains the incident while delivering critical insight that accelerates resolution and minimizes damage.

23 Problems Solved Cost and Complexity Reduced Prioritization and Visibility Across the Entire Network NOC and SOC Reaction Time Detect and Mitigate Zero day attacks Inside your Network Network Security Problems Addressed

24 Next Steps for your Company and Lancope Next Steps for your Company and Lancope NDA Evaluation References

Download ppt "Security Through Network Intelligence www.lancope.com Lancope StealthWatch Technology."

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.

Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.
The Threat Within September 2004. Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.

The Threat Within September Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Nate Olson-Daniel Director of Strategic Development & Principal Engineer The Inevitable Attack.

Nate Olson-Daniel Director of Strategic Development & Principal Engineer The Inevitable Attack.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.

John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.
By Edith Butler Fall 2008. Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.

By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Department Of Computer Engineering

Department Of Computer Engineering
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

Similar presentations

Ads by Google