Your SlideShare is downloading. ×
Monitoring the Data Center
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Monitoring the Data Center

3,711

Published on

learn how to protect the data center from dangerous attacks including advanced malware, APTs, insider threats and DDoS. Leverage your existing network resources to: …

learn how to protect the data center from dangerous attacks including advanced malware, APTs, insider threats and DDoS. Leverage your existing network resources to:

• Obtain in-depth visibility into the data center, including virtual systems
• Quickly detect and address anomalies that could signify risks
• Prevent devastating data loss
• Improve incident response, forensics and compliance

For more information visit www.lancope.com

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
3,711
On Slideshare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
18
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Monitoring the Data Center Matthew McKinley Technical Product Marketing Manager August 22, 2013
  • 2. • The Datacenter as a blind spot • The major threats: – Malware – DDoS • Example of a Datacenter attack – “itsoknoproblembro” attack toolkit • Bridging the visibility gap with StealthWatch What we’ll cover today
  • 3. • IPS, NGFW, and AV leave dangerous blind spots in security • Placement of these devices has been: – At the edge – At major intersections in the network – In front of critical assets • Yet so much more in happening in the Data Center – VM to VM communication • A really big blind spot for virtual Data Centers – Device to device communication within the Data Center – Non-network access adds a vector for infection The Data Center as a blind spot
  • 4. And the survey shows… In your opinion, what are the biggest challenges your organization faces with regard to protecting the IT assets residing in its data centers? Source: ESG Research Brief, Source: Enterprise Strategy Group (ESG) Top Security Challenges of IT Assets Residing in Data Centers, May 2013
  • 5. • Malware – Non-network access could introduce malware directly into the Data Center, circumventing perimeter defenses – The zero day problem – Evasion of signature-based technologies • DDoS – Data Centers usually are high-bandwidth – Commercial servers are attractive targets – Liability for Data Centers if the attack originates from within The Big Threats to the Data Center
  • 6. • “itsoknoproblembro” – Terrible name, effective attack – Toolkit • Used for compromising things like commercial CMS – Often located in data centers • Does not make use of botnets – Botnets require many, many hosts – “itsoknoproblembro” does not have to infect as many machines to get the same result • The bandwidth of data centers is a powerful tool Data Center attack example
  • 7. • The perimeter is only part of the story • Signature-based technologies are critical, but… – They are not the entire solution • The infrastructure can be used for security using NetFlow – Routers, switches, firewalls, proxies, etc. can be used to get security telemetry about what’s happening inside • Behavioral Analysis can discover problems in the “grey area” of security – Spikes in traffic, unusual behavior from a server or a client, scanning – StealthWatch!! The Visibility Gap
  • 8. • StealthWatch is a behavioral analysis solution that: – Looks for changes in network behavior based on a rolling baseline • StealthWatch adds other security context such as: – User names – Application layer information – Information from edge devices such as firewalls • StealthWatch monitors for: – Behavioral anomalies • e.g. spikes in network traffic, inbound, outbound, and within – Activity with botnets using data from SLIC • StealthWatch Labs Intelligence Center – Internal spread of malware Bridging the Gap
  • 9. DDoS Detection Bridging the Gap Malware Infection Botnet Monitoring Changes in behavior are crystal clear
  • 10. • Visual queues to make any problem obvious Visualize the problem
  • 11. THANK YOU 11© 2013 Lancope, Inc. All rights reserved. Matthew McKinley Technical Product Marketing Manager mmckinley@Lancope.com +1(770)225-6500
  • 12. Get Engaged with Lancope @Lancope @NetFlowNinjas SubscribeJoin DiscussionDownload @stealth_labs Access StealthWatch Labs Intelligence Center Security Research

×