Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 9/14/2010 Cloud Network Defense Tom Byrnes Founder & CEO 760.542.1550 x4242 Cloud Network Defense.

Published byOsborne Dorsey Modified over 9 years ago

Similar presentations

Presentation on theme: "1 9/14/2010 Cloud Network Defense Tom Byrnes Founder & CEO 760.542.1550 x4242 Cloud Network Defense."— Presentation transcript:

1 1 9/14/2010 Cloud Network Defense Tom Byrnes Founder & CEO 760.542.1550 x4242 tomb@threatstop.com www.threatstop.com Cloud Network Defense

2 2 9/14/2010 Cloud Network Defense Network Forensics  RANUM: “the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents.”

3 3 9/14/2010 Cloud Network Defense The “Fire”Wall

4 4 9/14/2010 Cloud Network Defense Issues:  Time to detection.  Preservation and non repudiation of record.  Certainty of Actor.  Volume of data.  Often long after event.  Often not admissible in court (rw storage, chain of custody).  What machine had that IP AT THAT TIME?  Who was logged on?  Most irrelevant, alerts, etc.

5 5 9/14/2010 Cloud Network Defense Threat List Management Sensors Users Firewall Standard DNS Lists Updated Every 2 Hours For Real Time Protection

6 6 9/14/2010 Cloud Network Defense Filter, correlate, alert, in real time. The best event is one that didn’t happen. Block, alert, remediate. At the very least, alert. “We make your firewall better.” Source IPDestination IPDestination PortNumber of Attacks F00.42.151.18291.213.121.1766400972 F00.42.151.18288.198.88.1236400951 F00.42.151.10564.136.44.2120480599 F00.1.152.228207.46.179.24720480546 F00.42.6.28.12.43.25220480444 F00.42.151.18291.213.121.17620480344 F00.42.151.18291.213.121.17647873342 F00.42.151.40207.46.179.24720480310 F00.1.152.16366.150.14.11320480297 F00.42.151.664.236.85.14520480294 F00.42.151.168207.46.179.24747873282 F00.88.151.172208.89.13.13347873282 F00.88.151.17064.236.85.14520480280 F00.42.6.62174.129.239.3420480277 F00.42.151.129205.188.165.18520480221 F00.1.152.97207.46.179.24720480202 F00.42.152.1564.95.73.1320480188 F00.51.151.75216.223.0.20820480178 F00.42.152.788.12.43.25220480170 F00.88.151.20364.94.107.2220480154 F00.42.1.40168.75.65.9220480154 F00.77.151.16364.154.87.10820480153 F00.42.151.3064.236.85.14520480153 F00.1.151.10364.236.85.14520480152 F00.77.151.172.21.81.13320480148 F00.42.151.672.21.81.13320480147 F00.88.151.8566.54.16.4220480146 F00.88.153.5464.154.87.10820480139 F00.42.152.2964.236.85.14520480132 F00.1.152.15209.97.50.8020480129 F00.42.151.4207.46.179.24720480127 F00.42.151.13566.235.143.12120480125 F00.42.6.272.32.154.6220480125 F00.58.155.464.236.85.14520480115 F00.1.152.5266.150.117.3420480114 F00.1.151.102207.46.179.24720480114 F00.42.151.6209.97.50.8020480114 F00.42.151.16766.235.143.12120480110

7 7 9/14/2010 Cloud Network Defense How it works

8 8 9/14/2010 Cloud Network Defense Public tool

9 9 9/14/2010 Cloud Network Defense Tom Byrnes Founder & CEO 760.542.1550 x4242 tomb@threatstop.com www.threatstop.com Cloud Network Defense

Download ppt "1 9/14/2010 Cloud Network Defense Tom Byrnes Founder & CEO 760.542.1550 x4242 Cloud Network Defense."

Similar presentations

Marc Grégoire, DRDC Ottawa Luc Beaudoin, Bologik Inc.

Marc Grégoire, DRDC Ottawa Luc Beaudoin, Bologik Inc.
Security Life Cycle for Advanced Threats

Security Life Cycle for Advanced Threats
Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT.

Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Guide to Computer Forensics and Investigations1 Network Forensics Overview Network forensics –Systematic tracking of incoming and outgoing traffic To ascertain.

Guide to Computer Forensics and Investigations1 Network Forensics Overview Network forensics –Systematic tracking of incoming and outgoing traffic To ascertain.
Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.

Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
We’ve got what it takes to take what you got! NETWORK FORENSICS.

We’ve got what it takes to take what you got! NETWORK FORENSICS.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
CSCD 434 Spring 2011 Lecture 1 Course Overview. Contact Information Instructor Carol Taylor 315 CEB Phone: 509-359-6908 Office.

CSCD 434 Spring 2011 Lecture 1 Course Overview. Contact Information Instructor Carol Taylor 315 CEB Phone: Office.
© 2012 Solera Networks. Contains confidential, proprietary, and trade secret information of Solera Networks. Any use of this work without express written.

© 2012 Solera Networks. Contains confidential, proprietary, and trade secret information of Solera Networks. Any use of this work without express written.
Security Guidelines and Management

Security Guidelines and Management
COEN 252 Computer Forensics

COEN 252 Computer Forensics
Network Forensics: When conventional forensic analysis is not enough Manuel Humberto Santander Peláez GIAC GCFA Gold, GNET Silver, GCIA Gold.

Network Forensics: When conventional forensic analysis is not enough Manuel Humberto Santander Peláez GIAC GCFA Gold, GNET Silver, GCIA Gold.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
What is FORENSICS? Why do we need Network Forensics?

What is FORENSICS? Why do we need Network Forensics?

Similar presentations

Ads by Google