SlideShare a Scribd company logo

O seu DNS está protegido

Cisco do Brasil
Cisco do Brasil

Apresentação de Fenando Zamai, especialista Cisco no Garnter Sec 2016.

Technology
1 of 30
Download to read offline
Fernando Zamai – fzamai@cisco.com Security Consulting Aug, 2016 Ele pode ser seu vetor de ataques. Seu DNS está protegido?
enterprise network Attacker Perimeter (Inbound) Perimeter (Outbound) Research targets 11 C2 Server Spear Phishing (you@acme.com) 2 https://welcome.to.jangle.com/exploit.php Victim clicks link unwittingly3 Bot installed, back door established and receives commands from C2 server 4 Scan LAN for vulnerable hosts to exploit & find privileged users 5 Privileged account found.6 Admin Node Data exfiltrated7 System compromised and data breached.8 Vulnerabilities, Exploits, Malware Hacked Mail Server – acme.com Hacked Web Server – jangle.com Main Vectors
HARD-CODED IP @23.4.24.1 “FAST FLUX” @23.4.24.1 bad.com? @34.4.2.110 @23.4.34.55 @44.6.11.8 @129.3.6.3 DOMAIN GENERATION ALGORITHM bad.com? @34.4.2.11 0 baa.ru? bid.cn @8.2.130.3 @12.3.2.1 @67.44.21.1 Evolution of Command & Control Callbacks
DNS Tunnel DNS Server bad.net 10011001 11100010 11010100 10010010 01001000 DNS Query alknfijuqwelrkmmvclkmzxcladlfmaelrkjalm.bad.net DNS Answer alknfijuqwelrkmmvclkmzxcladlfmaelrkjalm.bad.net = 2.100.4.30 10011001 11100010 11010100 10010010 01001000 http://blog.talosintel.com/2016/06/detecting-dns-data-exfiltration.html Authoritative DNS root com. cisco.com.
INTERNET MALWARE C2/BOTNETS PHISHING AV AV AV AV ROUTER/UTM AV AV ROUTER/UTM SANDBOX PROXY NGFW NETFLOW AV AV AV AV MID LAYER LAST LAYER MID LAYER LAST LAYER MID LAYER FIRST LAYER Where Do You Enforce Security? Perimeter Perimeter Perimeter Endpoint Endpoint CHALLENGES Too Many Alerts via Appliances & AV Wait Until Payloads Reaches Target Too Much Time to Deploy Everywhere BENEFITS Alerts Reduced 2-10x; Improves Your SIEM Traffic & Payloads Never Reach Target Provision Globally in UNDER 30 MINUTES
What We Observe On The Internet
Requests Per Day 80B Countries 160+ Daily Active Users 65M Enterprise Customers 10K Our Perspective Diverse Set of Data
Our View of the Internet providing visibility into global Internet activity (e.g. BGP, AS, Whois, DNS)
We See Where Attacks Are Staged using modern data analysis to surface threat activity in unique ways
Apply statistical models and human intelligence Identify probable malicious sites Ingest millions of data points per second How Our Security Classification Works a.ru b.cn 7.7.1.3 e.net 5.9.0.1 p.com/jpg
PRODUCTS & TECHNOLOGIES UMBRELLA Enforcement Network security service protects any device, anywhere INVESTIGATE Intelligence Threat intelligence about domains & IPs across the Internet
A New Layer of Breach Protection Threat Prevention Not just threat detection Protects On & Off Network Not limited to devices forwarding traffic through on-prem appliances Turn-Key & Custom API-Based Integrations Does not require professional services to setup Block by Domains, IPs & URLs for All Ports Not just ports 80/443 or only IPs Always Up to Date No need for device to VPN back to an on-prem server for updates UMBRELLA Enforcement
A Single, Correlated Source of Information INVESTIGATE WHOIS record data ASN attribution IP geolocation IP reputation scores Domain reputation scores Domain co-occurrences Anomaly detection (DGAs, FFNs) DNS request patterns/geo. distribution Passive DNS database
Investigate ouvidoria@acirpsjriopreto.com.br ACIRP - Associação Comercial e Empresarial de São José do Rio Preto http://www.acirpsjriopreto.com.br/ culturaembrasilia.com php-code Imprimir.php
Suspect Behaviour
Suspect Behaviour
OpenDNS Works With Everything You Use FUTURE-PROOF EXTENSIBILITY ANY NETWORK Routers, Wi-Fi, SDN ANY ENDPOINT VPN, IoE ANY TECHNOLOGY Firewalls, Gateways SECURE APIs OPEN TO EVERYONE SECURITY PROVIDERS FireEye, Cisco, Check Point NETWORK PROVIDERS Meraki, Aruba, Aerohive CUSTOMERS In-house Security Systems
ENDPOINT SECURITY (block by file, behavior) How OpenDNS Complements On-Network Security Stack NETWORK FIREWALL (block by IP, packet) WEB PROXY (block by URL, content) OpenDNS UMBRELLA (block by domain/IP, URL)
Branch Campus Edge Operational Technology Cloud Data Center Endpoint Security Everywhere Cisco’s Strategy
1 2 3 CLOUD SERVICE W/FULL SELF-PROVISIONED TRIAL Point DNS traffic from one office without hardware or software and without network topology changes or device configuration changes ADD OFF-NET COVERAGE & PER-DEVICE VISIBILITY Protect your weakest links and identify which specific devices (or users) are targeted by attacks; self-updating software is required EXTEND PROTECTION & ENRICH DATA VIA APIs Help SOC teams to get more value out of existing investments like FireEye and incident response teams investigate threats faster Get Started in 30 Seconds…Really
O seu DNS está protegido
O seu DNS está protegido

Recommended

Isa
IsaIsa
Isadeshvikas
 
WiFi security
WiFi security WiFi security
WiFi security Ihor Uzhvenko
 
SonicWALL Advanced Features
SonicWALL Advanced FeaturesSonicWALL Advanced Features
SonicWALL Advanced FeaturesDavid Perkins
 
Palo Alto Networks Sponsor Session
Palo Alto Networks Sponsor SessionPalo Alto Networks Sponsor Session
Palo Alto Networks Sponsor SessionSplunk
 
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)Luca Bongiorni
 
Snort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense FirewallSnort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense FirewallHuda Seyam
 
Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?F-Secure Corporation
 
Auditing Archives: The Case of the File Sharing Franchisee
Auditing Archives: The Case of the File Sharing FranchiseeAuditing Archives: The Case of the File Sharing Franchisee
Auditing Archives: The Case of the File Sharing FranchiseeSecurityMetrics
 

Recommended

Isa
IsaIsa
Isadeshvikas
 
WiFi security
WiFi security WiFi security
WiFi security Ihor Uzhvenko
 
SonicWALL Advanced Features
SonicWALL Advanced FeaturesSonicWALL Advanced Features
SonicWALL Advanced FeaturesDavid Perkins
 
Palo Alto Networks Sponsor Session
Palo Alto Networks Sponsor SessionPalo Alto Networks Sponsor Session
Palo Alto Networks Sponsor SessionSplunk
 
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)Luca Bongiorni
 
Snort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense FirewallSnort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense FirewallHuda Seyam
 
Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?F-Secure Corporation
 
Auditing Archives: The Case of the File Sharing Franchisee
Auditing Archives: The Case of the File Sharing FranchiseeAuditing Archives: The Case of the File Sharing Franchisee
Auditing Archives: The Case of the File Sharing FranchiseeSecurityMetrics
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?MenloSecurity
 
Certificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsCertificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsLuca Bongiorni
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionAnant Shrivastava
 
Router hardening project.slide
Router hardening project.slideRouter hardening project.slide
Router hardening project.slideAlya Al Saadi
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationAnant Shrivastava
 
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?AlienVault
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallDetect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallHuda Seyam
 
OWASP Top 10 2017 - New Vulnerabilities
OWASP Top 10 2017 - New VulnerabilitiesOWASP Top 10 2017 - New Vulnerabilities
OWASP Top 10 2017 - New VulnerabilitiesDilum Bandara
 
Defending Servers - Cyber security webinar part 3
Defending Servers - Cyber security webinar part 3Defending Servers - Cyber security webinar part 3
Defending Servers - Cyber security webinar part 3F-Secure Corporation
 
D zone-firewall-datasheet
D zone-firewall-datasheetD zone-firewall-datasheet
D zone-firewall-datasheetLindsay Carreau
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssueIshan Girdhar
 
Cyber security webinar part 1 - Threat Landscape
Cyber security webinar part 1 - Threat LandscapeCyber security webinar part 1 - Threat Landscape
Cyber security webinar part 1 - Threat LandscapeF-Secure Corporation
 
Palo alto networks pcnse6 study guide feb 2015
Palo alto networks pcnse6 study guide feb 2015Palo alto networks pcnse6 study guide feb 2015
Palo alto networks pcnse6 study guide feb 2015Silva_2
 
Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the UnionDavid Perkins
 
Defending Workstations - Cyber security webinar part 2
Defending Workstations - Cyber security webinar part 2Defending Workstations - Cyber security webinar part 2
Defending Workstations - Cyber security webinar part 2F-Secure Corporation
 
Advanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source SecurityAdvanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source SecurityAlienVault
 
Flak+technologies
Flak+technologiesFlak+technologies
Flak+technologiesTatyana Kobets
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitShah Sheikh
 
Security in network
Security in networkSecurity in network
Security in networkDaNang University of Technology
 
Hacking and its Defence
Hacking and its DefenceHacking and its Defence
Hacking and its DefenceGreater Noida Institute Of Technology
 
Web Based Security
Web Based SecurityWeb Based Security
Web Based SecurityJohn Wiley
 

More Related Content

What's hot

A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?MenloSecurity
 
Certificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsCertificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsLuca Bongiorni
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionAnant Shrivastava
 
Router hardening project.slide
Router hardening project.slideRouter hardening project.slide
Router hardening project.slideAlya Al Saadi
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationAnant Shrivastava
 
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?AlienVault
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallDetect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallHuda Seyam
 
OWASP Top 10 2017 - New Vulnerabilities
OWASP Top 10 2017 - New VulnerabilitiesOWASP Top 10 2017 - New Vulnerabilities
OWASP Top 10 2017 - New VulnerabilitiesDilum Bandara
 
Defending Servers - Cyber security webinar part 3
Defending Servers - Cyber security webinar part 3Defending Servers - Cyber security webinar part 3
Defending Servers - Cyber security webinar part 3F-Secure Corporation
 
D zone-firewall-datasheet
D zone-firewall-datasheetD zone-firewall-datasheet
D zone-firewall-datasheetLindsay Carreau
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssueIshan Girdhar
 
Cyber security webinar part 1 - Threat Landscape
Cyber security webinar part 1 - Threat LandscapeCyber security webinar part 1 - Threat Landscape
Cyber security webinar part 1 - Threat LandscapeF-Secure Corporation
 
Palo alto networks pcnse6 study guide feb 2015
Palo alto networks pcnse6 study guide feb 2015Palo alto networks pcnse6 study guide feb 2015
Palo alto networks pcnse6 study guide feb 2015Silva_2
 
Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the UnionDavid Perkins
 
Defending Workstations - Cyber security webinar part 2
Defending Workstations - Cyber security webinar part 2Defending Workstations - Cyber security webinar part 2
Defending Workstations - Cyber security webinar part 2F-Secure Corporation
 
Advanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source SecurityAdvanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source SecurityAlienVault
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitShah Sheikh
 

What's hot (19)

A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
 
Certificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsCertificate Pinning in Mobile Applications
Certificate Pinning in Mobile Applications
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
 
Router hardening project.slide
Router hardening project.slideRouter hardening project.slide
Router hardening project.slide
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web Application
 
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallDetect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
 
OWASP Top 10 2017 - New Vulnerabilities
OWASP Top 10 2017 - New VulnerabilitiesOWASP Top 10 2017 - New Vulnerabilities
OWASP Top 10 2017 - New Vulnerabilities
 
Defending Servers - Cyber security webinar part 3
Defending Servers - Cyber security webinar part 3Defending Servers - Cyber security webinar part 3
Defending Servers - Cyber security webinar part 3
 
D zone-firewall-datasheet
D zone-firewall-datasheetD zone-firewall-datasheet
D zone-firewall-datasheet
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 Issue
 
Cyber security webinar part 1 - Threat Landscape
Cyber security webinar part 1 - Threat LandscapeCyber security webinar part 1 - Threat Landscape
Cyber security webinar part 1 - Threat Landscape
 
Palo alto networks pcnse6 study guide feb 2015
Palo alto networks pcnse6 study guide feb 2015Palo alto networks pcnse6 study guide feb 2015
Palo alto networks pcnse6 study guide feb 2015
 
Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the Union
 
Defending Workstations - Cyber security webinar part 2
Defending Workstations - Cyber security webinar part 2Defending Workstations - Cyber security webinar part 2
Defending Workstations - Cyber security webinar part 2
 
Advanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source SecurityAdvanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source Security
 
Flak+technologies
Flak+technologiesFlak+technologies
Flak+technologies
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS Summit
 

Similar to O seu DNS está protegido

Web Based Security
Web Based SecurityWeb Based Security
Web Based SecurityJohn Wiley
 
Sergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveSergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveDefconRussia
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay aliveqqlan
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikPositive Hack Days
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecuritiesamiable_indian
 
Seucrity in a nutshell
Seucrity in a nutshellSeucrity in a nutshell
Seucrity in a nutshellYahia Kandeel
 
SonicWALL - Skytek - VnPro.pptx
SonicWALL - Skytek - VnPro.pptxSonicWALL - Skytek - VnPro.pptx
SonicWALL - Skytek - VnPro.pptxssuser813dcd
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AlivePositive Hack Days
 
Week Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptxWeek Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptxArjayBalberan1
 
Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHPjikbal
 
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security TestingEthical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security Testingchampubhaiya8
 
Event - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersEvent - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersSomyos U.
 
Security concepts
Security conceptsSecurity concepts
Security conceptsartisriva
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityAbdul Wahid
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemSweta Sharma
 
Cisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attackCisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attackCisco Canada
 

Similar to O seu DNS está protegido (20)

Security in network
Security in networkSecurity in network
Security in network
 
Hacking and its Defence
Hacking and its DefenceHacking and its Defence
Hacking and its Defence
 
Web Based Security
Web Based SecurityWeb Based Security
Web Based Security
 
Sergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveSergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay alive
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay alive
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey Gordeychik
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
 
Windows network security
Windows network securityWindows network security
Windows network security
 
Seucrity in a nutshell
Seucrity in a nutshellSeucrity in a nutshell
Seucrity in a nutshell
 
SonicWALL - Skytek - VnPro.pptx
SonicWALL - Skytek - VnPro.pptxSonicWALL - Skytek - VnPro.pptx
SonicWALL - Skytek - VnPro.pptx
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay Alive
 
Week Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptxWeek Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptx
 
Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHP
 
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security TestingEthical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
 
Event - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersEvent - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security Perimeters
 
Security concepts
Security conceptsSecurity concepts
Security concepts
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Novinky F5
Novinky F5Novinky F5
Novinky F5
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Cisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attackCisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attack
 

More from Cisco do Brasil

Revista Cisco Live ed 25 oficial
Revista Cisco Live ed 25 oficialRevista Cisco Live ed 25 oficial
Revista Cisco Live ed 25 oficialCisco do Brasil
 
Revista Cisco Live Ed 24
Revista Cisco Live Ed 24Revista Cisco Live Ed 24
Revista Cisco Live Ed 24Cisco do Brasil
 
Revista Cisco Live Ed 23
Revista Cisco Live Ed 23Revista Cisco Live Ed 23
Revista Cisco Live Ed 23Cisco do Brasil
 
Revista Cisco Live Ed 22
Revista Cisco Live Ed 22Revista Cisco Live Ed 22
Revista Cisco Live Ed 22Cisco do Brasil
 
Revista Cisco Live Ed 21
Revista Cisco Live Ed 21Revista Cisco Live Ed 21
Revista Cisco Live Ed 21Cisco do Brasil
 
Revista cisco live ed 20
Revista cisco live ed 20Revista cisco live ed 20
Revista cisco live ed 20Cisco do Brasil
 
Cisco Live Magazine ed 19
Cisco Live Magazine ed 19Cisco Live Magazine ed 19
Cisco Live Magazine ed 19Cisco do Brasil
 
Rio 2016 em Números - Cisco
Rio 2016 em Números - CiscoRio 2016 em Números - Cisco
Rio 2016 em Números - CiscoCisco do Brasil
 
Cisco Tetration Analytics
Cisco Tetration AnalyticsCisco Tetration Analytics
Cisco Tetration AnalyticsCisco do Brasil
 
Revista Cisco Live ed 18
Revista Cisco Live ed 18Revista Cisco Live ed 18
Revista Cisco Live ed 18Cisco do Brasil
 
Brazilian Scenario - Trends and Challenges to keep IT investments
Brazilian Scenario - Trends and Challenges to keep IT investmentsBrazilian Scenario - Trends and Challenges to keep IT investments
Brazilian Scenario - Trends and Challenges to keep IT investmentsCisco do Brasil
 
Cloud Computing: a chave para inovar durante a crise
Cloud Computing: a chave para inovar durante a criseCloud Computing: a chave para inovar durante a crise
Cloud Computing: a chave para inovar durante a criseCisco do Brasil
 
Transforme sua rede em um mecanismo de inovação
Transforme sua rede em um mecanismo de inovaçãoTransforme sua rede em um mecanismo de inovação
Transforme sua rede em um mecanismo de inovaçãoCisco do Brasil
 
5 perguntas para ajudar você a escolher uma rede na nuvem ou no local
5 perguntas para ajudar você a escolher uma rede na nuvem ou no local5 perguntas para ajudar você a escolher uma rede na nuvem ou no local
5 perguntas para ajudar você a escolher uma rede na nuvem ou no localCisco do Brasil
 
5 principais maneiras de extrair informações da sua rede
5 principais maneiras de extrair informações da sua rede5 principais maneiras de extrair informações da sua rede
5 principais maneiras de extrair informações da sua redeCisco do Brasil
 
5 motivos para atualizar sua rede
5 motivos para atualizar sua rede5 motivos para atualizar sua rede
5 motivos para atualizar sua redeCisco do Brasil
 
5 formas de simplificar as operações e economizar seu orçamento
5 formas de simplificar as operações e economizar seu orçamento5 formas de simplificar as operações e economizar seu orçamento
5 formas de simplificar as operações e economizar seu orçamentoCisco do Brasil
 
A transformação digital com a internet de todas as coisas
A transformação digital com a internet de todas as coisasA transformação digital com a internet de todas as coisas
A transformação digital com a internet de todas as coisasCisco do Brasil
 
Relatório anual de segurança da Cisco de 2016
Relatório anual de segurança da Cisco de 2016 Relatório anual de segurança da Cisco de 2016
Relatório anual de segurança da Cisco de 2016 Cisco do Brasil
 

More from Cisco do Brasil (20)

Revista Cisco Live ed 25 oficial
Revista Cisco Live ed 25 oficialRevista Cisco Live ed 25 oficial
Revista Cisco Live ed 25 oficial
 
Revista Cisco Live Ed 24
Revista Cisco Live Ed 24Revista Cisco Live Ed 24
Revista Cisco Live Ed 24
 
Revista Cisco Live Ed 23
Revista Cisco Live Ed 23Revista Cisco Live Ed 23
Revista Cisco Live Ed 23
 
Revista Cisco Live Ed 22
Revista Cisco Live Ed 22Revista Cisco Live Ed 22
Revista Cisco Live Ed 22
 
Revista Cisco Live Ed 21
Revista Cisco Live Ed 21Revista Cisco Live Ed 21
Revista Cisco Live Ed 21
 
Revista cisco live ed 20
Revista cisco live ed 20Revista cisco live ed 20
Revista cisco live ed 20
 
Cisco Live Magazine ed 19
Cisco Live Magazine ed 19Cisco Live Magazine ed 19
Cisco Live Magazine ed 19
 
Rio 2016 em Números - Cisco
Rio 2016 em Números - CiscoRio 2016 em Números - Cisco
Rio 2016 em Números - Cisco
 
Cisco Tetration Analytics
Cisco Tetration AnalyticsCisco Tetration Analytics
Cisco Tetration Analytics
 
Revista Cisco Live ed 18
Revista Cisco Live ed 18Revista Cisco Live ed 18
Revista Cisco Live ed 18
 
Brazilian Scenario - Trends and Challenges to keep IT investments
Brazilian Scenario - Trends and Challenges to keep IT investmentsBrazilian Scenario - Trends and Challenges to keep IT investments
Brazilian Scenario - Trends and Challenges to keep IT investments
 
Cloud Computing: a chave para inovar durante a crise
Cloud Computing: a chave para inovar durante a criseCloud Computing: a chave para inovar durante a crise
Cloud Computing: a chave para inovar durante a crise
 
Vença o jogo da rede
Vença o jogo da redeVença o jogo da rede
Vença o jogo da rede
 
Transforme sua rede em um mecanismo de inovação
Transforme sua rede em um mecanismo de inovaçãoTransforme sua rede em um mecanismo de inovação
Transforme sua rede em um mecanismo de inovação
 
5 perguntas para ajudar você a escolher uma rede na nuvem ou no local
5 perguntas para ajudar você a escolher uma rede na nuvem ou no local5 perguntas para ajudar você a escolher uma rede na nuvem ou no local
5 perguntas para ajudar você a escolher uma rede na nuvem ou no local
 
5 principais maneiras de extrair informações da sua rede
5 principais maneiras de extrair informações da sua rede5 principais maneiras de extrair informações da sua rede
5 principais maneiras de extrair informações da sua rede
 
5 motivos para atualizar sua rede
5 motivos para atualizar sua rede5 motivos para atualizar sua rede
5 motivos para atualizar sua rede
 
5 formas de simplificar as operações e economizar seu orçamento
5 formas de simplificar as operações e economizar seu orçamento5 formas de simplificar as operações e economizar seu orçamento
5 formas de simplificar as operações e economizar seu orçamento
 
A transformação digital com a internet de todas as coisas
A transformação digital com a internet de todas as coisasA transformação digital com a internet de todas as coisas
A transformação digital com a internet de todas as coisas
 
Relatório anual de segurança da Cisco de 2016
Relatório anual de segurança da Cisco de 2016 Relatório anual de segurança da Cisco de 2016
Relatório anual de segurança da Cisco de 2016
 

Recently uploaded

SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 

Recently uploaded (20)

SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 

O seu DNS está protegido

  • 1. Fernando Zamai – fzamai@cisco.com Security Consulting Aug, 2016 Ele pode ser seu vetor de ataques. Seu DNS está protegido?
  • 2. enterprise network Attacker Perimeter (Inbound) Perimeter (Outbound) Research targets 11 C2 Server Spear Phishing (you@acme.com) 2 https://welcome.to.jangle.com/exploit.php Victim clicks link unwittingly3 Bot installed, back door established and receives commands from C2 server 4 Scan LAN for vulnerable hosts to exploit & find privileged users 5 Privileged account found.6 Admin Node Data exfiltrated7 System compromised and data breached.8 Vulnerabilities, Exploits, Malware Hacked Mail Server – acme.com Hacked Web Server – jangle.com Main Vectors
  • 3. HARD-CODED IP @23.4.24.1 “FAST FLUX” @23.4.24.1 bad.com? @34.4.2.110 @23.4.34.55 @44.6.11.8 @129.3.6.3 DOMAIN GENERATION ALGORITHM bad.com? @34.4.2.11 0 baa.ru? bid.cn @8.2.130.3 @12.3.2.1 @67.44.21.1 Evolution of Command & Control Callbacks
  • 4. DNS Tunnel DNS Server bad.net 10011001 11100010 11010100 10010010 01001000 DNS Query alknfijuqwelrkmmvclkmzxcladlfmaelrkjalm.bad.net DNS Answer alknfijuqwelrkmmvclkmzxcladlfmaelrkjalm.bad.net = 2.100.4.30 10011001 11100010 11010100 10010010 01001000 http://blog.talosintel.com/2016/06/detecting-dns-data-exfiltration.html Authoritative DNS root com. cisco.com.
  • 5. INTERNET MALWARE C2/BOTNETS PHISHING AV AV AV AV ROUTER/UTM AV AV ROUTER/UTM SANDBOX PROXY NGFW NETFLOW AV AV AV AV MID LAYER LAST LAYER MID LAYER LAST LAYER MID LAYER FIRST LAYER Where Do You Enforce Security? Perimeter Perimeter Perimeter Endpoint Endpoint CHALLENGES Too Many Alerts via Appliances & AV Wait Until Payloads Reaches Target Too Much Time to Deploy Everywhere BENEFITS Alerts Reduced 2-10x; Improves Your SIEM Traffic & Payloads Never Reach Target Provision Globally in UNDER 30 MINUTES
  • 6. What We Observe On The Internet
  • 7. Requests Per Day 80B Countries 160+ Daily Active Users 65M Enterprise Customers 10K Our Perspective Diverse Set of Data
  • 8. Our View of the Internet providing visibility into global Internet activity (e.g. BGP, AS, Whois, DNS)
  • 9. We See Where Attacks Are Staged using modern data analysis to surface threat activity in unique ways
  • 10. Apply statistical models and human intelligence Identify probable malicious sites Ingest millions of data points per second How Our Security Classification Works a.ru b.cn 7.7.1.3 e.net 5.9.0.1 p.com/jpg
  • 11. PRODUCTS & TECHNOLOGIES UMBRELLA Enforcement Network security service protects any device, anywhere INVESTIGATE Intelligence Threat intelligence about domains & IPs across the Internet
  • 12. A New Layer of Breach Protection Threat Prevention Not just threat detection Protects On & Off Network Not limited to devices forwarding traffic through on-prem appliances Turn-Key & Custom API-Based Integrations Does not require professional services to setup Block by Domains, IPs & URLs for All Ports Not just ports 80/443 or only IPs Always Up to Date No need for device to VPN back to an on-prem server for updates UMBRELLA Enforcement
  • 13. A Single, Correlated Source of Information INVESTIGATE WHOIS record data ASN attribution IP geolocation IP reputation scores Domain reputation scores Domain co-occurrences Anomaly detection (DGAs, FFNs) DNS request patterns/geo. distribution Passive DNS database
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20. Investigate ouvidoria@acirpsjriopreto.com.br ACIRP - Associação Comercial e Empresarial de São José do Rio Preto http://www.acirpsjriopreto.com.br/ culturaembrasilia.com php-code Imprimir.php
  • 23.
  • 24.
  • 25. OpenDNS Works With Everything You Use FUTURE-PROOF EXTENSIBILITY ANY NETWORK Routers, Wi-Fi, SDN ANY ENDPOINT VPN, IoE ANY TECHNOLOGY Firewalls, Gateways SECURE APIs OPEN TO EVERYONE SECURITY PROVIDERS FireEye, Cisco, Check Point NETWORK PROVIDERS Meraki, Aruba, Aerohive CUSTOMERS In-house Security Systems
  • 26. ENDPOINT SECURITY (block by file, behavior) How OpenDNS Complements On-Network Security Stack NETWORK FIREWALL (block by IP, packet) WEB PROXY (block by URL, content) OpenDNS UMBRELLA (block by domain/IP, URL)
  • 28. 1 2 3 CLOUD SERVICE W/FULL SELF-PROVISIONED TRIAL Point DNS traffic from one office without hardware or software and without network topology changes or device configuration changes ADD OFF-NET COVERAGE & PER-DEVICE VISIBILITY Protect your weakest links and identify which specific devices (or users) are targeted by attacks; self-updating software is required EXTEND PROTECTION & ENRICH DATA VIA APIs Help SOC teams to get more value out of existing investments like FireEye and incident response teams investigate threats faster Get Started in 30 Seconds…Really