Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

0

Share

Download to read offline

Monitoring the Data Center

Download to read offline

learn how to protect the data center from dangerous attacks including advanced malware, APTs, insider threats and DDoS. Leverage your existing network resources to:

• Obtain in-depth visibility into the data center, including virtual systems
• Quickly detect and address anomalies that could signify risks
• Prevent devastating data loss
• Improve incident response, forensics and compliance

For more information visit www.lancope.com

Related Books

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

Monitoring the Data Center

  1. 1. Monitoring the Data Center Matthew McKinley Technical Product Marketing Manager August 22, 2013
  2. 2. • The Datacenter as a blind spot • The major threats: – Malware – DDoS • Example of a Datacenter attack – “itsoknoproblembro” attack toolkit • Bridging the visibility gap with StealthWatch What we’ll cover today
  3. 3. • IPS, NGFW, and AV leave dangerous blind spots in security • Placement of these devices has been: – At the edge – At major intersections in the network – In front of critical assets • Yet so much more in happening in the Data Center – VM to VM communication • A really big blind spot for virtual Data Centers – Device to device communication within the Data Center – Non-network access adds a vector for infection The Data Center as a blind spot
  4. 4. And the survey shows… In your opinion, what are the biggest challenges your organization faces with regard to protecting the IT assets residing in its data centers? Source: ESG Research Brief, Source: Enterprise Strategy Group (ESG) Top Security Challenges of IT Assets Residing in Data Centers, May 2013
  5. 5. • Malware – Non-network access could introduce malware directly into the Data Center, circumventing perimeter defenses – The zero day problem – Evasion of signature-based technologies • DDoS – Data Centers usually are high-bandwidth – Commercial servers are attractive targets – Liability for Data Centers if the attack originates from within The Big Threats to the Data Center
  6. 6. • “itsoknoproblembro” – Terrible name, effective attack – Toolkit • Used for compromising things like commercial CMS – Often located in data centers • Does not make use of botnets – Botnets require many, many hosts – “itsoknoproblembro” does not have to infect as many machines to get the same result • The bandwidth of data centers is a powerful tool Data Center attack example
  7. 7. • The perimeter is only part of the story • Signature-based technologies are critical, but… – They are not the entire solution • The infrastructure can be used for security using NetFlow – Routers, switches, firewalls, proxies, etc. can be used to get security telemetry about what’s happening inside • Behavioral Analysis can discover problems in the “grey area” of security – Spikes in traffic, unusual behavior from a server or a client, scanning – StealthWatch!! The Visibility Gap
  8. 8. • StealthWatch is a behavioral analysis solution that: – Looks for changes in network behavior based on a rolling baseline • StealthWatch adds other security context such as: – User names – Application layer information – Information from edge devices such as firewalls • StealthWatch monitors for: – Behavioral anomalies • e.g. spikes in network traffic, inbound, outbound, and within – Activity with botnets using data from SLIC • StealthWatch Labs Intelligence Center – Internal spread of malware Bridging the Gap
  9. 9. DDoS Detection Bridging the Gap Malware Infection Botnet Monitoring Changes in behavior are crystal clear
  10. 10. • Visual queues to make any problem obvious Visualize the problem
  11. 11. THANK YOU 11© 2013 Lancope, Inc. All rights reserved. Matthew McKinley Technical Product Marketing Manager mmckinley@Lancope.com +1(770)225-6500
  12. 12. Get Engaged with Lancope @Lancope @NetFlowNinjas SubscribeJoin DiscussionDownload @stealth_labs Access StealthWatch Labs Intelligence Center Security Research

learn how to protect the data center from dangerous attacks including advanced malware, APTs, insider threats and DDoS. Leverage your existing network resources to: • Obtain in-depth visibility into the data center, including virtual systems • Quickly detect and address anomalies that could signify risks • Prevent devastating data loss • Improve incident response, forensics and compliance For more information visit www.lancope.com

Views

Total views

4,345

On Slideshare

0

From embeds

0

Number of embeds

3,428

Actions

Downloads

44

Shares

0

Comments

0

Likes

0

×