SlideShare a Scribd company logo

Save Your Network – Protecting Manufacturing Data from Deadly Breaches

Download as PPTX, PDF
Lancope, Inc.
Lancope, Inc.

This document discusses threats faced by manufacturers from cyber attacks and how to protect important intellectual property and sensitive business data, known as "crown jewels". It describes how network behavioral anomaly detection (NBAD) can be used to monitor network traffic and identify anomalies that may indicate insider threats or external attacks. The document outlines how to identify crown jewels, monitor insiders' network activity, ensure proper audit trails are in place, and provides an overview of the Lancope StealthWatch solution for gaining network visibility and security intelligence.

Technology
1 of 42
Charles Herring Consulting Security Architect Manufacturer Threats
© 2014 Lancope, Inc. All rights reserved. Agenda • Problem Description • NBAD Definitions • Protecting “Crown Jewels” • Monitoring Insiders • Audit Trails for Response • StealthWatch Overview
© 2014 Lancope, Inc. All rights reserved. Problem Description
© 2014 Lancope, Inc. All rights reserved. Confirmed Manufacturing Targets Intellectual Property Loss $1M+ each M&A Data Loss $50M+ each
© 2014 Lancope, Inc. All rights reserved. Aggressors Activist Ideology Competitors Money Nation States Geopolitical Insider Diverse
© 2014 Lancope, Inc. All rights reserved. Manufacturing Vulnerabilities Porous Access to Data  Human access to IP  Contractor/Partner collaboration  Geo distribution of teams
© 2014 Lancope, Inc. All rights reserved. Manufacturing Vulnerabilities Diverse systems/networks  Hard to build & monitor scopes  Ultra connectivity with manufacturing devices  Many types of users  Patch/support issues  Lack of device guidance on hardening
© 2014 Lancope, Inc. All rights reserved. NBAD Definitions
© 2014 Lancope, Inc. All rights reserved. What is NBAD • Network Behavioral Anomaly Detection • Data source = Network MetaData (NetFlow) • Probe locations = Core or deeper • Quantity/Metric Centric (not Pattern/Signature Centric) • Sometimes used to refer to NetFlow Security Tools
© 2014 Lancope, Inc. All rights reserved. Network Logging Standards 10 • NetFlow v9 (RFC-3950) • IPFIX (RFC-5101) • Rebranded NetFlow – Jflow – Juniper – Cflowd – Juniper/Alcatel-Lucent – NetStream – 3Com/Huawei – Rflow – Ericsson – AppFlow - Citrix Basic/Common Fields
Signature Anomaly Behavior Advanced Detection Methods Signature = Object against blacklist • IPS, Antivirus, Content Filter Behavior = Inspect Victim behavior against blacklist • Malware Sandbox, NBAD, HIPS, SEIM Anomaly = Inspect Victim behavior against whitelist • NBAD, Quantity/Metric based—not Signature based Signature Behavior Anomaly Known Exploits BEST Good Limited 0-day Exploits Limited BEST Good Credential Abuse Limited Limited BEST
© 2014 Lancope, Inc. All rights reserved. Algorithmic Detection • Based on knowing normal • Dependent on raw NetFlow MetaData (multiple sources) • Does not require understanding of attack • Output is security indices focused on host activity Host Concern Index = 1,150,000 Slow Scanning Activity : Add 325,000 Abnormal connections: Add 425,000 Internal pivot activity: Add 400,000
© 2014 Lancope, Inc. All rights reserved. Crown Jewels
© 2014 Lancope, Inc. All rights reserved. Crown Jewels • Card holder data (PCI) • Patient records (HIPAA) • Trade secrets • Research Information • Competitive information (M&A) • Employee data (PII) • State Secrets • Bio-devices Data that is valuable to attackers
© 2014 Lancope, Inc. All rights reserved. Why do attackers care? Attacker Jewel Motivation Criminals PCI Data $4-$12/card Criminals Patient Records $20-$50/record Activists Anything Shaming State Sponsored Trade Secrets Geopolitical State Sponsored Patient Records ?!?!!!!
© 2014 Lancope, Inc. All rights reserved. WAN DATACENTER ACCESS CORE3560-X Atlanta New York San Jose 3850 Stack(s) Cat4k ASA Internet Cat6k VPC Servers 3925 ISR ASR-1000 Nexus 7000 UCS with Nexus 1000v © 2014 Lancope, Inc. All rights reserved. Where to Look? North, South, EAST AND WEST = Every Communication
© 2014 Lancope, Inc. All rights reserved. By Data Grouping • Find your data • “Pull the thread” with Top Peers/Flow Tables • Host Group Policies with lower tolerance Find your jewels
© 2014 Lancope, Inc. All rights reserved. Data Anomaly Alarms • Suspect Data Hoarding • Target Data Hoarding • Total Traffic • Suspect Data Loss Counting Access
© 2014 Lancope, Inc. All rights reserved. Map the Segmentation • Logical vs. Physical • Map Segmentation Watch the logical roadways
© 2014 Lancope, Inc. All rights reserved. Custom Events • Evolution of HLV • Alert when Segmentation fails • Allows for NOR logic Alert on Zero Tolerance
© 2014 Lancope, Inc. All rights reserved. Monitoring Insiders
© 2014 Lancope, Inc. All rights reserved. What is an Insider? The Person The Credentials The Endpoint
© 2014 Lancope, Inc. All rights reserved. The Insider-Person Threat Person Vulnerability Attack Ideology/ Disgruntlement Recruitment Financial hardship/Greed Bribe/Scam Fear Extortion Loneliness Friendship/Romance Love of Family Kidnapping Self Preservation Physical harm/torture Ego Flattery Boredom Bad decisions
© 2014 Lancope, Inc. All rights reserved. The Insider-Credentials Threat Credentials Vulnerability Attack Cryptographic Weakness Brute force Personal Markers Public Record Dictionary Attack Multi-domain usage SQLi Analog-Digital Conversion Keylogger/Camera Transmission MitM
© 2014 Lancope, Inc. All rights reserved. The Insider-Endpoint Threat Endpoint Vulnerability Attack Decisions Made by Human Malware Open Ports Worm Supply Chain Control-ware (C2) “Walk ups” Credential Abuse
© 2014 Lancope, Inc. All rights reserved. Impossible Statistics • Malware free attacks • Ability to cover tracks • Detailed Knowledge of Detection and Response • Increasing Availability of Tools and Knowledge • Attribution to user (was it malware, credential theft?)
© 2014 Lancope, Inc. All rights reserved. CERT: Common Sense Guide to Prevention and Detection of Insider Threats IT Sabotage Financial Gain Business Advantage % of cases: 45% 44% 14% Employment: Former Current Current Position: Technical Data Entry & Customer Services Technical or Sales Authorized Access? Rarely 75% 88% Used their own credentials? 30% 85% Almost always Compromised an account? 43% 10% Rarely Attack was non-technical: 65% 84% Almost always When: After hours Normal hours Normal hours Where: Remote Local Local IDed due to: Logs Logs Logs
© 2014 Lancope, Inc. All rights reserved. Reducing Insider Vulnerabilities • Background Checks (Financial, Ideological, Criminal) • Better Authentication (Two-factor, Biometrics, Complex Passwords) • Endpoint Hardening (Sandboxing, Policy)
© 2014 Lancope, Inc. All rights reserved. Geographic User Anomaly
© 2014 Lancope, Inc. All rights reserved. Data Hoarding
© 2014 Lancope, Inc. All rights reserved. Data Loss
© 2014 Lancope, Inc. All rights reserved. Increasing Risk to Insider through Audit Trails • Criminals fear evidence • Internal communications rarely monitored/collected • Detection time exceeds data retention
© 2014 Lancope, Inc. All rights reserved. Sources of visibility • Firewall logs – Are you logging everything or just denies? • Internal & Host IPS systems – HIPS potentially has a lot of breadth – Can be expensive to deploy – Signature based • Log Management Solutions/SIEM – Are you collecting everything? – You can only see what gets logged • NetFlow – Lots of breadth, less depth – Lower disk space requirements • Full Packet Capture – Deep but not broad – Expensive – High disk space requirements Tradeoffs: • Record everything vs only bad things • Breadth vs Depth • Time vs Depth • Privacy
© 2014 Lancope, Inc. All rights reserved. DMZ VPN Internal Network Internet NetFlow Packets src and dst ip src and dst port start time end time mac address byte count - more -NetFlow 3G Interne t 3G Interne t NetFlow NetFlow NetFlow Internal Visibility Through NetFlow NetFlow NetFlow Collector 34
© 2014 Lancope, Inc. All rights reserved. User Attribution through Context Awareness
© 2014 Lancope, Inc. All rights reserved. Following the User 36 Sometimes investigations start with user intelligence
© 2014 Lancope, Inc. All rights reserved. StealthWatch Overview
Lancope Overview Alpharetta, GA–Headquarters London, Germany, Dubai $30m raised (last in 2005) • Canaan Partners, HIG, Council Capital • 4+ years profitability Leadership from IBM, ISS, Dell SecureWorks, RSA, Motorola/AirDefense, Gartner, Cisco. TripWire, PolyCom, McKesson • 100 +years combined experience • 250+ employees INVESTORS LOCATIONS TEAM Leading provider of network visibility & security intelligence Founded in 2000 700+ Customers StealthWatch Delivers: StealthWatch System provides context-aware security, enabling organizations to quickly detect a wide range of attacks (e.g. APT, DDoS, malware, insider threat), accelerate incident response, improve forensic investigations and reduce enterprise risk. Complete Network Visibility & Security Intelligence Detect & Resolve Advanced Threats Accelerate Incident Response & Forensic Investigations Reduce Operational & Enterprise Risk © 2014 Lancope, Inc. All rights reserved.
© 2014 Lancope, Inc. All rights reserved. Use NetFlow Data to Extend Visibility to the Access Layer WHO WHAT WHERE WHEN HOW StealthWatch Your Network Is Your Sensor Visibility, Context, and Control Internal Network Identity Routers & Switches Firewall Context Hardware-enabled NetFlow Switch Devices Enrich Flow Data with Identity, Events and Application to Create Context Unify Into a Single Pane of Glass for Detection, Investigation and Reporting
Everything must touch the network KNOW every host Know what is NORMAL What else can the network tell me? RECORD every conversation Gain Context-Aware Security Company Network Assess Audit Posture Response With StealthWatch… Context Detect Alert to CHANGE Store for MONTHS © 2014 Lancope, Inc. All rights reserved.
© 2014 Lancope, Inc. All rights reserved. Lancope Solution Portfolio StealthWatch Management Console StealthWatch FlowReplicator StealthWatch FlowCollector NetFlow, syslog, SNMP NetFlow enabled routers, switches, firewalls StealthWatch FlowSensor vSphere with StealthWatch FlowSensor VE User and Device Information ID1100
© 2014 Lancope, Inc. All rights reserved. Thank you

Recommended

Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Lancope, Inc.
 
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchDetecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchLancope, Inc.
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointLancope, Inc.
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)Lancope, Inc.
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting programBhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting programAPNIC
 
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistMyNOG
 
DNS Measurement Activity on ITB 2010
DNS Measurement Activity on ITB 2010DNS Measurement Activity on ITB 2010
DNS Measurement Activity on ITB 2010Affan Basalamah
 

Recommended

Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Lancope, Inc.
 
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchDetecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchLancope, Inc.
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointLancope, Inc.
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)Lancope, Inc.
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting programBhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting programAPNIC
 
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistMyNOG
 
DNS Measurement Activity on ITB 2010
DNS Measurement Activity on ITB 2010DNS Measurement Activity on ITB 2010
DNS Measurement Activity on ITB 2010Affan Basalamah
 
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesSave Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesLancope, Inc.
 
Solving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecuritySolving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecurityLancope, Inc.
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Lancope, Inc.
 
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...APNIC
 
Infoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolInfoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolJisc
 
Talos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseTalos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseCisco Canada
 
Palo Alto Networks Sponsor Session
Palo Alto Networks Sponsor SessionPalo Alto Networks Sponsor Session
Palo Alto Networks Sponsor SessionSplunk
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation SecurityCisco Canada
 
Minimizing Dwell Time On Networks In IR With Tapio
Minimizing Dwell Time On Networks In IR With TapioMinimizing Dwell Time On Networks In IR With Tapio
Minimizing Dwell Time On Networks In IR With TapioInvincea, Inc.
 
Splunk Webinar: Splunk App for Palo Alto Networks
Splunk Webinar: Splunk App for Palo Alto NetworksSplunk Webinar: Splunk App for Palo Alto Networks
Splunk Webinar: Splunk App for Palo Alto NetworksGeorg Knon
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...Chrysostomos Christofi
 
AWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceAWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceYury Chemerkin
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitShah Sheikh
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)BAKOTECH
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016Matthew Dunwoody
 
conf2015_TLaGatta_CHarris_Splunk_BusinessAnalytics_DeliveringHighLevelAnalytics
conf2015_TLaGatta_CHarris_Splunk_BusinessAnalytics_DeliveringHighLevelAnalyticsconf2015_TLaGatta_CHarris_Splunk_BusinessAnalytics_DeliveringHighLevelAnalytics
conf2015_TLaGatta_CHarris_Splunk_BusinessAnalytics_DeliveringHighLevelAnalyticsTom LaGatta
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
 
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...SWITCHPOINT NV/SA
 
Identifier Systems Security, Stability and Resiliency by Champika Wijayatunga
Identifier Systems Security, Stability and Resiliency by Champika WijayatungaIdentifier Systems Security, Stability and Resiliency by Champika Wijayatunga
Identifier Systems Security, Stability and Resiliency by Champika WijayatungaMyNOG
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Belsoft
 
Big Data for Security
Big Data for SecurityBig Data for Security
Big Data for SecurityMarco Casassa Mont
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 

More Related Content

What's hot

Save Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesSave Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesLancope, Inc.
 
Solving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecuritySolving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecurityLancope, Inc.
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Lancope, Inc.
 
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...APNIC
 
Infoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolInfoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolJisc
 
Talos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseTalos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseCisco Canada
 
Palo Alto Networks Sponsor Session
Palo Alto Networks Sponsor SessionPalo Alto Networks Sponsor Session
Palo Alto Networks Sponsor SessionSplunk
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation SecurityCisco Canada
 
Minimizing Dwell Time On Networks In IR With Tapio
Minimizing Dwell Time On Networks In IR With TapioMinimizing Dwell Time On Networks In IR With Tapio
Minimizing Dwell Time On Networks In IR With TapioInvincea, Inc.
 
Splunk Webinar: Splunk App for Palo Alto Networks
Splunk Webinar: Splunk App for Palo Alto NetworksSplunk Webinar: Splunk App for Palo Alto Networks
Splunk Webinar: Splunk App for Palo Alto NetworksGeorg Knon
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...Chrysostomos Christofi
 
AWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceAWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceYury Chemerkin
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitShah Sheikh
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)BAKOTECH
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016Matthew Dunwoody
 
conf2015_TLaGatta_CHarris_Splunk_BusinessAnalytics_DeliveringHighLevelAnalytics
conf2015_TLaGatta_CHarris_Splunk_BusinessAnalytics_DeliveringHighLevelAnalyticsconf2015_TLaGatta_CHarris_Splunk_BusinessAnalytics_DeliveringHighLevelAnalytics
conf2015_TLaGatta_CHarris_Splunk_BusinessAnalytics_DeliveringHighLevelAnalyticsTom LaGatta
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
 
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...SWITCHPOINT NV/SA
 
Identifier Systems Security, Stability and Resiliency by Champika Wijayatunga
Identifier Systems Security, Stability and Resiliency by Champika WijayatungaIdentifier Systems Security, Stability and Resiliency by Champika Wijayatunga
Identifier Systems Security, Stability and Resiliency by Champika WijayatungaMyNOG
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Belsoft
 

What's hot (20)

Save Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesSave Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly Breaches
 
Solving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecuritySolving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective Security
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
 
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...
 
Infoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolInfoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security tool
 
Talos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseTalos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the Noise
 
Palo Alto Networks Sponsor Session
Palo Alto Networks Sponsor SessionPalo Alto Networks Sponsor Session
Palo Alto Networks Sponsor Session
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
 
Minimizing Dwell Time On Networks In IR With Tapio
Minimizing Dwell Time On Networks In IR With TapioMinimizing Dwell Time On Networks In IR With Tapio
Minimizing Dwell Time On Networks In IR With Tapio
 
Splunk Webinar: Splunk App for Palo Alto Networks
Splunk Webinar: Splunk App for Palo Alto NetworksSplunk Webinar: Splunk App for Palo Alto Networks
Splunk Webinar: Splunk App for Palo Alto Networks
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
 
AWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceAWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the Compliance
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS Summit
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
 
conf2015_TLaGatta_CHarris_Splunk_BusinessAnalytics_DeliveringHighLevelAnalytics
conf2015_TLaGatta_CHarris_Splunk_BusinessAnalytics_DeliveringHighLevelAnalyticsconf2015_TLaGatta_CHarris_Splunk_BusinessAnalytics_DeliveringHighLevelAnalytics
conf2015_TLaGatta_CHarris_Splunk_BusinessAnalytics_DeliveringHighLevelAnalytics
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin Nystrom
 
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...
 
Identifier Systems Security, Stability and Resiliency by Champika Wijayatunga
Identifier Systems Security, Stability and Resiliency by Champika WijayatungaIdentifier Systems Security, Stability and Resiliency by Champika Wijayatunga
Identifier Systems Security, Stability and Resiliency by Champika Wijayatunga
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013
 

Similar to Save Your Network – Protecting Manufacturing Data from Deadly Breaches

Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
Calgary security road show master deck final
Calgary security road show master deck finalCalgary security road show master deck final
Calgary security road show master deck finalScalar Decisions
 
Scalar Security Roadshow - Toronto Stop
Scalar Security Roadshow - Toronto StopScalar Security Roadshow - Toronto Stop
Scalar Security Roadshow - Toronto StopScalar Decisions
 
Vancouver security road show master deck final
Vancouver security road show master deck finalVancouver security road show master deck final
Vancouver security road show master deck finalScalar Decisions
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsEmulex Corporation
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Decisions
 
Protecting the Crown Jewels from Devastating Data Breaches
Protecting the Crown Jewels from Devastating Data BreachesProtecting the Crown Jewels from Devastating Data Breaches
Protecting the Crown Jewels from Devastating Data BreachesLancope, Inc.
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Decisions
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Decisions
 
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...BAKOTECH
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsZivaro Inc
 
Pivotal Data Lake Architecture & its role in security analytics
Pivotal Data Lake Architecture & its role in security analyticsPivotal Data Lake Architecture & its role in security analytics
Pivotal Data Lake Architecture & its role in security analyticsEMC
 
Demo intelligent user experience with oracle mobility for publishing
Demo intelligent user experience with oracle mobility for publishingDemo intelligent user experience with oracle mobility for publishing
Demo intelligent user experience with oracle mobility for publishingVasily Demin
 
The Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemThe Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemLancope, Inc.
 
Big Data for Security - DNS Analytics
Big Data for Security - DNS AnalyticsBig Data for Security - DNS Analytics
Big Data for Security - DNS AnalyticsMarco Casassa Mont
 
Open Source and the Internet of Things
Open Source and the Internet of ThingsOpen Source and the Internet of Things
Open Source and the Internet of ThingsBlack Duck by Synopsys
 
Defending the campus juniper nerworks
Defending the campus juniper nerworksDefending the campus juniper nerworks
Defending the campus juniper nerworksBrozaa
 

Similar to Save Your Network – Protecting Manufacturing Data from Deadly Breaches (20)

Big Data for Security
Big Data for SecurityBig Data for Security
Big Data for Security
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
 
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
 
Calgary security road show master deck final
Calgary security road show master deck finalCalgary security road show master deck final
Calgary security road show master deck final
 
Scalar Security Roadshow - Toronto Stop
Scalar Security Roadshow - Toronto StopScalar Security Roadshow - Toronto Stop
Scalar Security Roadshow - Toronto Stop
 
Vancouver security road show master deck final
Vancouver security road show master deck finalVancouver security road show master deck final
Vancouver security road show master deck final
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa Presentation
 
Protecting the Crown Jewels from Devastating Data Breaches
Protecting the Crown Jewels from Devastating Data BreachesProtecting the Crown Jewels from Devastating Data Breaches
Protecting the Crown Jewels from Devastating Data Breaches
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
 
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
 
Pivotal Data Lake Architecture & its role in security analytics
Pivotal Data Lake Architecture & its role in security analyticsPivotal Data Lake Architecture & its role in security analytics
Pivotal Data Lake Architecture & its role in security analytics
 
Demo intelligent user experience with oracle mobility for publishing
Demo intelligent user experience with oracle mobility for publishingDemo intelligent user experience with oracle mobility for publishing
Demo intelligent user experience with oracle mobility for publishing
 
The Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemThe Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch System
 
Shanghai Breakout: Access Management with Aruba ClearPass
Shanghai Breakout: Access Management with Aruba ClearPassShanghai Breakout: Access Management with Aruba ClearPass
Shanghai Breakout: Access Management with Aruba ClearPass
 
Big Data for Security - DNS Analytics
Big Data for Security - DNS AnalyticsBig Data for Security - DNS Analytics
Big Data for Security - DNS Analytics
 
Open Source and the Internet of Things
Open Source and the Internet of ThingsOpen Source and the Internet of Things
Open Source and the Internet of Things
 
Defending the campus juniper nerworks
Defending the campus juniper nerworksDefending the campus juniper nerworks
Defending the campus juniper nerworks
 

More from Lancope, Inc.

Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlowLancope, Inc.
 
The Internet of Everything is Here
The Internet of Everything is HereThe Internet of Everything is Here
The Internet of Everything is HereLancope, Inc.
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider ThreatLancope, Inc.
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Lancope, Inc.
 
The Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident ResponseThe Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident ResponseLancope, Inc.
 
The Library of Sparta
The Library of SpartaThe Library of Sparta
The Library of SpartaLancope, Inc.
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
 
Looking for the weird webinar 09.24.14
Looking for the weird webinar 09.24.14Looking for the weird webinar 09.24.14
Looking for the weird webinar 09.24.14Lancope, Inc.
 
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowCisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowLancope, Inc.
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeLancope, Inc.
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
 
Reverse Engineering Malware: A look inside Operation Tovar
Reverse Engineering Malware: A look inside Operation TovarReverse Engineering Malware: A look inside Operation Tovar
Reverse Engineering Malware: A look inside Operation TovarLancope, Inc.
 
Needs of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramNeeds of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramLancope, Inc.
 
Data center webinar_v2_1
Data center webinar_v2_1Data center webinar_v2_1
Data center webinar_v2_1Lancope, Inc.
 
What's New in StealthWatch v6.5
What's New in StealthWatch v6.5 What's New in StealthWatch v6.5
What's New in StealthWatch v6.5 Lancope, Inc.
 
Cisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherCisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherLancope, Inc.
 
StealthWatch & Point-of-Sale (POS) Malware
StealthWatch & Point-of-Sale (POS) Malware StealthWatch & Point-of-Sale (POS) Malware
StealthWatch & Point-of-Sale (POS) Malware Lancope, Inc.
 
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Lancope, Inc.
 

More from Lancope, Inc. (19)

Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlow
 
The Internet of Everything is Here
The Internet of Everything is HereThe Internet of Everything is Here
The Internet of Everything is Here
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
 
The Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident ResponseThe Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident Response
 
The Library of Sparta
The Library of SpartaThe Library of Sparta
The Library of Sparta
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
Looking for the weird webinar 09.24.14
Looking for the weird webinar 09.24.14Looking for the weird webinar 09.24.14
Looking for the weird webinar 09.24.14
 
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowCisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber Crime
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
Reverse Engineering Malware: A look inside Operation Tovar
Reverse Engineering Malware: A look inside Operation TovarReverse Engineering Malware: A look inside Operation Tovar
Reverse Engineering Malware: A look inside Operation Tovar
 
Needs of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramNeeds of a Modern Incident Response Program
Needs of a Modern Incident Response Program
 
Data center webinar_v2_1
Data center webinar_v2_1Data center webinar_v2_1
Data center webinar_v2_1
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3
 
What's New in StealthWatch v6.5
What's New in StealthWatch v6.5 What's New in StealthWatch v6.5
What's New in StealthWatch v6.5
 
Cisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherCisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better Together
 
StealthWatch & Point-of-Sale (POS) Malware
StealthWatch & Point-of-Sale (POS) Malware StealthWatch & Point-of-Sale (POS) Malware
StealthWatch & Point-of-Sale (POS) Malware
 
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
 

Recently uploaded

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

Save Your Network – Protecting Manufacturing Data from Deadly Breaches

  • 1. Charles Herring Consulting Security Architect Manufacturer Threats
  • 2. © 2014 Lancope, Inc. All rights reserved. Agenda • Problem Description • NBAD Definitions • Protecting “Crown Jewels” • Monitoring Insiders • Audit Trails for Response • StealthWatch Overview
  • 3. © 2014 Lancope, Inc. All rights reserved. Problem Description
  • 4. © 2014 Lancope, Inc. All rights reserved. Confirmed Manufacturing Targets Intellectual Property Loss $1M+ each M&A Data Loss $50M+ each
  • 5. © 2014 Lancope, Inc. All rights reserved. Aggressors Activist Ideology Competitors Money Nation States Geopolitical Insider Diverse
  • 6. © 2014 Lancope, Inc. All rights reserved. Manufacturing Vulnerabilities Porous Access to Data  Human access to IP  Contractor/Partner collaboration  Geo distribution of teams
  • 7. © 2014 Lancope, Inc. All rights reserved. Manufacturing Vulnerabilities Diverse systems/networks  Hard to build & monitor scopes  Ultra connectivity with manufacturing devices  Many types of users  Patch/support issues  Lack of device guidance on hardening
  • 8. © 2014 Lancope, Inc. All rights reserved. NBAD Definitions
  • 9. © 2014 Lancope, Inc. All rights reserved. What is NBAD • Network Behavioral Anomaly Detection • Data source = Network MetaData (NetFlow) • Probe locations = Core or deeper • Quantity/Metric Centric (not Pattern/Signature Centric) • Sometimes used to refer to NetFlow Security Tools
  • 10. © 2014 Lancope, Inc. All rights reserved. Network Logging Standards 10 • NetFlow v9 (RFC-3950) • IPFIX (RFC-5101) • Rebranded NetFlow – Jflow – Juniper – Cflowd – Juniper/Alcatel-Lucent – NetStream – 3Com/Huawei – Rflow – Ericsson – AppFlow - Citrix Basic/Common Fields
  • 11. Signature Anomaly Behavior Advanced Detection Methods Signature = Object against blacklist • IPS, Antivirus, Content Filter Behavior = Inspect Victim behavior against blacklist • Malware Sandbox, NBAD, HIPS, SEIM Anomaly = Inspect Victim behavior against whitelist • NBAD, Quantity/Metric based—not Signature based Signature Behavior Anomaly Known Exploits BEST Good Limited 0-day Exploits Limited BEST Good Credential Abuse Limited Limited BEST
  • 12. © 2014 Lancope, Inc. All rights reserved. Algorithmic Detection • Based on knowing normal • Dependent on raw NetFlow MetaData (multiple sources) • Does not require understanding of attack • Output is security indices focused on host activity Host Concern Index = 1,150,000 Slow Scanning Activity : Add 325,000 Abnormal connections: Add 425,000 Internal pivot activity: Add 400,000
  • 13. © 2014 Lancope, Inc. All rights reserved. Crown Jewels
  • 14. © 2014 Lancope, Inc. All rights reserved. Crown Jewels • Card holder data (PCI) • Patient records (HIPAA) • Trade secrets • Research Information • Competitive information (M&A) • Employee data (PII) • State Secrets • Bio-devices Data that is valuable to attackers
  • 15. © 2014 Lancope, Inc. All rights reserved. Why do attackers care? Attacker Jewel Motivation Criminals PCI Data $4-$12/card Criminals Patient Records $20-$50/record Activists Anything Shaming State Sponsored Trade Secrets Geopolitical State Sponsored Patient Records ?!?!!!!
  • 16. © 2014 Lancope, Inc. All rights reserved. WAN DATACENTER ACCESS CORE3560-X Atlanta New York San Jose 3850 Stack(s) Cat4k ASA Internet Cat6k VPC Servers 3925 ISR ASR-1000 Nexus 7000 UCS with Nexus 1000v © 2014 Lancope, Inc. All rights reserved. Where to Look? North, South, EAST AND WEST = Every Communication
  • 17. © 2014 Lancope, Inc. All rights reserved. By Data Grouping • Find your data • “Pull the thread” with Top Peers/Flow Tables • Host Group Policies with lower tolerance Find your jewels
  • 18. © 2014 Lancope, Inc. All rights reserved. Data Anomaly Alarms • Suspect Data Hoarding • Target Data Hoarding • Total Traffic • Suspect Data Loss Counting Access
  • 19. © 2014 Lancope, Inc. All rights reserved. Map the Segmentation • Logical vs. Physical • Map Segmentation Watch the logical roadways
  • 20. © 2014 Lancope, Inc. All rights reserved. Custom Events • Evolution of HLV • Alert when Segmentation fails • Allows for NOR logic Alert on Zero Tolerance
  • 21. © 2014 Lancope, Inc. All rights reserved. Monitoring Insiders
  • 22. © 2014 Lancope, Inc. All rights reserved. What is an Insider? The Person The Credentials The Endpoint
  • 23. © 2014 Lancope, Inc. All rights reserved. The Insider-Person Threat Person Vulnerability Attack Ideology/ Disgruntlement Recruitment Financial hardship/Greed Bribe/Scam Fear Extortion Loneliness Friendship/Romance Love of Family Kidnapping Self Preservation Physical harm/torture Ego Flattery Boredom Bad decisions
  • 24. © 2014 Lancope, Inc. All rights reserved. The Insider-Credentials Threat Credentials Vulnerability Attack Cryptographic Weakness Brute force Personal Markers Public Record Dictionary Attack Multi-domain usage SQLi Analog-Digital Conversion Keylogger/Camera Transmission MitM
  • 25. © 2014 Lancope, Inc. All rights reserved. The Insider-Endpoint Threat Endpoint Vulnerability Attack Decisions Made by Human Malware Open Ports Worm Supply Chain Control-ware (C2) “Walk ups” Credential Abuse
  • 26. © 2014 Lancope, Inc. All rights reserved. Impossible Statistics • Malware free attacks • Ability to cover tracks • Detailed Knowledge of Detection and Response • Increasing Availability of Tools and Knowledge • Attribution to user (was it malware, credential theft?)
  • 27. © 2014 Lancope, Inc. All rights reserved. CERT: Common Sense Guide to Prevention and Detection of Insider Threats IT Sabotage Financial Gain Business Advantage % of cases: 45% 44% 14% Employment: Former Current Current Position: Technical Data Entry & Customer Services Technical or Sales Authorized Access? Rarely 75% 88% Used their own credentials? 30% 85% Almost always Compromised an account? 43% 10% Rarely Attack was non-technical: 65% 84% Almost always When: After hours Normal hours Normal hours Where: Remote Local Local IDed due to: Logs Logs Logs
  • 28. © 2014 Lancope, Inc. All rights reserved. Reducing Insider Vulnerabilities • Background Checks (Financial, Ideological, Criminal) • Better Authentication (Two-factor, Biometrics, Complex Passwords) • Endpoint Hardening (Sandboxing, Policy)
  • 29. © 2014 Lancope, Inc. All rights reserved. Geographic User Anomaly
  • 30. © 2014 Lancope, Inc. All rights reserved. Data Hoarding
  • 31. © 2014 Lancope, Inc. All rights reserved. Data Loss
  • 32. © 2014 Lancope, Inc. All rights reserved. Increasing Risk to Insider through Audit Trails • Criminals fear evidence • Internal communications rarely monitored/collected • Detection time exceeds data retention
  • 33. © 2014 Lancope, Inc. All rights reserved. Sources of visibility • Firewall logs – Are you logging everything or just denies? • Internal & Host IPS systems – HIPS potentially has a lot of breadth – Can be expensive to deploy – Signature based • Log Management Solutions/SIEM – Are you collecting everything? – You can only see what gets logged • NetFlow – Lots of breadth, less depth – Lower disk space requirements • Full Packet Capture – Deep but not broad – Expensive – High disk space requirements Tradeoffs: • Record everything vs only bad things • Breadth vs Depth • Time vs Depth • Privacy
  • 34. © 2014 Lancope, Inc. All rights reserved. DMZ VPN Internal Network Internet NetFlow Packets src and dst ip src and dst port start time end time mac address byte count - more -NetFlow 3G Interne t 3G Interne t NetFlow NetFlow NetFlow Internal Visibility Through NetFlow NetFlow NetFlow Collector 34
  • 35. © 2014 Lancope, Inc. All rights reserved. User Attribution through Context Awareness
  • 36. © 2014 Lancope, Inc. All rights reserved. Following the User 36 Sometimes investigations start with user intelligence
  • 37. © 2014 Lancope, Inc. All rights reserved. StealthWatch Overview
  • 38. Lancope Overview Alpharetta, GA–Headquarters London, Germany, Dubai $30m raised (last in 2005) • Canaan Partners, HIG, Council Capital • 4+ years profitability Leadership from IBM, ISS, Dell SecureWorks, RSA, Motorola/AirDefense, Gartner, Cisco. TripWire, PolyCom, McKesson • 100 +years combined experience • 250+ employees INVESTORS LOCATIONS TEAM Leading provider of network visibility & security intelligence Founded in 2000 700+ Customers StealthWatch Delivers: StealthWatch System provides context-aware security, enabling organizations to quickly detect a wide range of attacks (e.g. APT, DDoS, malware, insider threat), accelerate incident response, improve forensic investigations and reduce enterprise risk. Complete Network Visibility & Security Intelligence Detect & Resolve Advanced Threats Accelerate Incident Response & Forensic Investigations Reduce Operational & Enterprise Risk © 2014 Lancope, Inc. All rights reserved.
  • 39. © 2014 Lancope, Inc. All rights reserved. Use NetFlow Data to Extend Visibility to the Access Layer WHO WHAT WHERE WHEN HOW StealthWatch Your Network Is Your Sensor Visibility, Context, and Control Internal Network Identity Routers & Switches Firewall Context Hardware-enabled NetFlow Switch Devices Enrich Flow Data with Identity, Events and Application to Create Context Unify Into a Single Pane of Glass for Detection, Investigation and Reporting
  • 40. Everything must touch the network KNOW every host Know what is NORMAL What else can the network tell me? RECORD every conversation Gain Context-Aware Security Company Network Assess Audit Posture Response With StealthWatch… Context Detect Alert to CHANGE Store for MONTHS © 2014 Lancope, Inc. All rights reserved.
  • 41. © 2014 Lancope, Inc. All rights reserved. Lancope Solution Portfolio StealthWatch Management Console StealthWatch FlowReplicator StealthWatch FlowCollector NetFlow, syslog, SNMP NetFlow enabled routers, switches, firewalls StealthWatch FlowSensor vSphere with StealthWatch FlowSensor VE User and Device Information ID1100
  • 42. © 2014 Lancope, Inc. All rights reserved. Thank you

Editor's Notes

  1. There are three ways Lancope detect things. For Signatures, Lancope augments this with our SLIC Threat Feed. Our StealthWatch Labs group of researchers work with external parties that define and develop URLs and IPs that are known to be bad, that you can put into your system and you can match those against every single conversation in your network, right. So it’s real-time, it’s ubiquitous across your enterprise, its high value. Anomaly detection is our threshold-based alerting, so that when we drop in a system, we are going to create high concern index events on day one based on devices that exceed acceptable thresholds of noise. Within our behavior-based system, you have to have thresholds on both low-end and high-end because the behavior of a host will actually live in between those two areas. But what this means is, for super slow attackers that are doing actually very little traffic, those will alert below a threshold; and for very noisy volumetric-based DDoS attacks that are coming in via UDP floods, those actually become threshold-based alarms as well. The behavior-based alarms come with the fact that we are building this learned baseline overtime. Minimum of seven days to create a baseline, expands out to 30 days, rolls overtime, most heavily weighted on the last couple weeks of activity. It is, this is where we are actually able to detect things like worm activity and worm propagation and beaconing hosts, things like data hoarding and data exfiltration. These are based on conditions, statistical conditions that we’ve learned about you as a user on your network. You the customer have already invested early in signature based technology and it is not like that stuff is no longer effective, it is just that your adversary has advanced and so must you.  Behavior and Anomaly detection methods address the problem of not knowing what you are looking for ahead of time as in your zero-day exploitation.  Behavior based detection contain the threat and observe the behavior with an objective to dynamically build a blacklist – or a list of bad things; Anomaly detection leverages known good behavior or actions either as inherit to the protocols, statistically collected from the traffic, or asserted by the user; this whitelist or list of norms allow the detection to be based not on abnormalities but on the differences that make the difference.
  2. The story of Lancope. We started in 2001 as a behavior-based IDS, founded by Professor Dr. John Copeland at Georgia Tech. And Dr. Copeland spent all his time consuming ATM network traffic, building statistics off that traffic, and then the intellectual property that he patented was the ability to take those statistics and create algorithmic equations that began to tell us when change was occurring in those statistics that deviated to the point where a condition of threat was met. StealthWatch originates from a Georgia Tech professor, who measured statistical change as an indicator of concern related to an algorithm that he had developed within our security market. Lancope launched this behavior-based IDS in 2001, and for the next four years that’s where we established our initial foothold in the market. Lancope quickly grew to a 50 person organization, raised $30 million and we were a hot startup. What we ran into was the fight for SPAN space inside of the network at the time was really starting to get consumed by other technologies like IDS/IPS. As the company evolved, Lancope pioneered a new market with the consumption of telemetry data for security intelligence. When we reference telemetry, Lancope is actually talking about NetFlow data, which is a summarized flow data or telemetry source that comes directly from your Layer-3 routers and switches into our system. By applying our patented algorithms to this flow data, Lancope gives us the ability to give you really broad scalability to see and peer into areas of the network that you cannot affordably get access to today, that tends to be that LAN infrastructure. It tends to be those deep dark quarters of your data center, where you would never go and deploy a physical asset or a probe to get adequate visibility into it. Flow data does a really job of illuminating those pieces of the network.
  3. This is a “day in the life of the operator” slide. It is the “without ISE +SIEM/TD integration” view. This scenario can be described as the “swivel chair problem” (as indicated by the circle arrows around the operator). As this slide builds out talk about how the security analyst is having to swivel his chair to 5 or more different operations screens across different IT systems to collect all the context needed to make sense of a security event that shows up on the SIEM/TD screen at the beginning of this slide. Orange indicates systems that you can get info from but requires looking in a siloed system to get the info. Red indicates info that most IT systems don’t even possess in this use-cases, thus it is crucial information the security analyst just doesn’t have. A key point in this slide is the last one…”how do I mitigate?”. This is a real issue for IT orgs, as mitigation generally means accessing several different systems, CLI-ing into switches, etc. It is manual, cumbersome and, as a result, often just doesn’t get done. So the summary is the last build…have to look across many systems/screens and you’re still missing important contextual data (like device-type) and mitigation is complicated at-best or a non-starter to execute at worst.
  4. And here is where it starts to get fun. The traffic that would be coming from anywhere in the world. It’s going to take multiple hops to get there and it’s going to come from disparate pieces of your organization. What Lancope lives and breathes is the ability to know every single host, record every conversation, understand a posture of the host that’s involved in those conversations, who is the client, who is the server, what is considered normal, and an ability to learn and show signs of deviation and detection related to changes in that host. So the two core components of the StealthWatch product is 1) the detection component, which is the change or the behavioral impact that a host is going through and 2) the ability to store that for long periods of time. Cisco likes to tell you the story about APT1, and their ability to have multiple months worth of flow data that they could go back and run a query against IPs they knew were bad in the past, but were no longer considered bad. APT1 is the example they use. The Chinese hacking group APT1, we were able to, when, when those IPs were posted, they were effectively useless at that point, but Cisco did have the ability to go back and run a query against the previous 100 days to see when and if any of the APT1 hosts had accessed the Cisco internal network. And if they had who did they talk to, how much data did they touch, how did they move, how did they enter, how did they leave? So really, really useful information, especially when you look at the lifecycle of security, and how do we push that information we learn from a past event into the future, so that we can prevent it the next time it occurs. Lancope essentially creates this rich audit repository with detection posture in response of every conversation in your network.