0
Monitoring the
Data Center
Matthew McKinley
Technical Product Marketing
Manager
August 22, 2013
• The Datacenter as a blind spot
• The major threats:
– Malware
– DDoS
• Example of a Datacenter attack
– “itsoknoproblemb...
• IPS, NGFW, and AV leave dangerous
blind spots in security
• Placement of these devices has been:
– At the edge
– At majo...
And the survey shows…
In your opinion, what are the biggest challenges your organization
faces with regard to protecting t...
• Malware
– Non-network access could introduce malware
directly into the Data Center, circumventing
perimeter defenses
– T...
• “itsoknoproblembro”
– Terrible name, effective attack
– Toolkit
• Used for compromising things like
commercial CMS
– Oft...
• The perimeter is only part of the story
• Signature-based technologies are critical, but…
– They are not the entire solu...
• StealthWatch is a behavioral analysis solution that:
– Looks for changes in network behavior based on a rolling
baseline...
DDoS Detection
Bridging the Gap
Malware Infection
Botnet Monitoring
Changes in behavior
are crystal clear
• Visual queues to make any problem obvious
Visualize the problem
THANK
YOU
11© 2013 Lancope, Inc. All rights reserved.
Matthew McKinley
Technical Product Marketing Manager
mmckinley@Lanco...
Get Engaged with Lancope
@Lancope
@NetFlowNinjas
SubscribeJoin DiscussionDownload
@stealth_labs
Access
StealthWatch
Labs I...
Upcoming SlideShare
Loading in...5
×

Monitoring the Data Center

3,753

Published on

learn how to protect the data center from dangerous attacks including advanced malware, APTs, insider threats and DDoS. Leverage your existing network resources to:

• Obtain in-depth visibility into the data center, including virtual systems
• Quickly detect and address anomalies that could signify risks
• Prevent devastating data loss
• Improve incident response, forensics and compliance

For more information visit www.lancope.com

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
3,753
On Slideshare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
20
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Monitoring the Data Center"

  1. 1. Monitoring the Data Center Matthew McKinley Technical Product Marketing Manager August 22, 2013
  2. 2. • The Datacenter as a blind spot • The major threats: – Malware – DDoS • Example of a Datacenter attack – “itsoknoproblembro” attack toolkit • Bridging the visibility gap with StealthWatch What we’ll cover today
  3. 3. • IPS, NGFW, and AV leave dangerous blind spots in security • Placement of these devices has been: – At the edge – At major intersections in the network – In front of critical assets • Yet so much more in happening in the Data Center – VM to VM communication • A really big blind spot for virtual Data Centers – Device to device communication within the Data Center – Non-network access adds a vector for infection The Data Center as a blind spot
  4. 4. And the survey shows… In your opinion, what are the biggest challenges your organization faces with regard to protecting the IT assets residing in its data centers? Source: ESG Research Brief, Source: Enterprise Strategy Group (ESG) Top Security Challenges of IT Assets Residing in Data Centers, May 2013
  5. 5. • Malware – Non-network access could introduce malware directly into the Data Center, circumventing perimeter defenses – The zero day problem – Evasion of signature-based technologies • DDoS – Data Centers usually are high-bandwidth – Commercial servers are attractive targets – Liability for Data Centers if the attack originates from within The Big Threats to the Data Center
  6. 6. • “itsoknoproblembro” – Terrible name, effective attack – Toolkit • Used for compromising things like commercial CMS – Often located in data centers • Does not make use of botnets – Botnets require many, many hosts – “itsoknoproblembro” does not have to infect as many machines to get the same result • The bandwidth of data centers is a powerful tool Data Center attack example
  7. 7. • The perimeter is only part of the story • Signature-based technologies are critical, but… – They are not the entire solution • The infrastructure can be used for security using NetFlow – Routers, switches, firewalls, proxies, etc. can be used to get security telemetry about what’s happening inside • Behavioral Analysis can discover problems in the “grey area” of security – Spikes in traffic, unusual behavior from a server or a client, scanning – StealthWatch!! The Visibility Gap
  8. 8. • StealthWatch is a behavioral analysis solution that: – Looks for changes in network behavior based on a rolling baseline • StealthWatch adds other security context such as: – User names – Application layer information – Information from edge devices such as firewalls • StealthWatch monitors for: – Behavioral anomalies • e.g. spikes in network traffic, inbound, outbound, and within – Activity with botnets using data from SLIC • StealthWatch Labs Intelligence Center – Internal spread of malware Bridging the Gap
  9. 9. DDoS Detection Bridging the Gap Malware Infection Botnet Monitoring Changes in behavior are crystal clear
  10. 10. • Visual queues to make any problem obvious Visualize the problem
  11. 11. THANK YOU 11© 2013 Lancope, Inc. All rights reserved. Matthew McKinley Technical Product Marketing Manager mmckinley@Lancope.com +1(770)225-6500
  12. 12. Get Engaged with Lancope @Lancope @NetFlowNinjas SubscribeJoin DiscussionDownload @stealth_labs Access StealthWatch Labs Intelligence Center Security Research
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×