Monitoring the Data Center


Published on

learn how to protect the data center from dangerous attacks including advanced malware, APTs, insider threats and DDoS. Leverage your existing network resources to:

• Obtain in-depth visibility into the data center, including virtual systems
• Quickly detect and address anomalies that could signify risks
• Prevent devastating data loss
• Improve incident response, forensics and compliance

For more information visit

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Monitoring the Data Center

  1. 1. Monitoring the Data Center Matthew McKinley Technical Product Marketing Manager August 22, 2013
  2. 2. • The Datacenter as a blind spot • The major threats: – Malware – DDoS • Example of a Datacenter attack – “itsoknoproblembro” attack toolkit • Bridging the visibility gap with StealthWatch What we’ll cover today
  3. 3. • IPS, NGFW, and AV leave dangerous blind spots in security • Placement of these devices has been: – At the edge – At major intersections in the network – In front of critical assets • Yet so much more in happening in the Data Center – VM to VM communication • A really big blind spot for virtual Data Centers – Device to device communication within the Data Center – Non-network access adds a vector for infection The Data Center as a blind spot
  4. 4. And the survey shows… In your opinion, what are the biggest challenges your organization faces with regard to protecting the IT assets residing in its data centers? Source: ESG Research Brief, Source: Enterprise Strategy Group (ESG) Top Security Challenges of IT Assets Residing in Data Centers, May 2013
  5. 5. • Malware – Non-network access could introduce malware directly into the Data Center, circumventing perimeter defenses – The zero day problem – Evasion of signature-based technologies • DDoS – Data Centers usually are high-bandwidth – Commercial servers are attractive targets – Liability for Data Centers if the attack originates from within The Big Threats to the Data Center
  6. 6. • “itsoknoproblembro” – Terrible name, effective attack – Toolkit • Used for compromising things like commercial CMS – Often located in data centers • Does not make use of botnets – Botnets require many, many hosts – “itsoknoproblembro” does not have to infect as many machines to get the same result • The bandwidth of data centers is a powerful tool Data Center attack example
  7. 7. • The perimeter is only part of the story • Signature-based technologies are critical, but… – They are not the entire solution • The infrastructure can be used for security using NetFlow – Routers, switches, firewalls, proxies, etc. can be used to get security telemetry about what’s happening inside • Behavioral Analysis can discover problems in the “grey area” of security – Spikes in traffic, unusual behavior from a server or a client, scanning – StealthWatch!! The Visibility Gap
  8. 8. • StealthWatch is a behavioral analysis solution that: – Looks for changes in network behavior based on a rolling baseline • StealthWatch adds other security context such as: – User names – Application layer information – Information from edge devices such as firewalls • StealthWatch monitors for: – Behavioral anomalies • e.g. spikes in network traffic, inbound, outbound, and within – Activity with botnets using data from SLIC • StealthWatch Labs Intelligence Center – Internal spread of malware Bridging the Gap
  9. 9. DDoS Detection Bridging the Gap Malware Infection Botnet Monitoring Changes in behavior are crystal clear
  10. 10. • Visual queues to make any problem obvious Visualize the problem
  11. 11. THANK YOU 11© 2013 Lancope, Inc. All rights reserved. Matthew McKinley Technical Product Marketing Manager +1(770)225-6500
  12. 12. Get Engaged with Lancope @Lancope @NetFlowNinjas SubscribeJoin DiscussionDownload @stealth_labs Access StealthWatch Labs Intelligence Center Security Research