SlideShare a Scribd company logo

Endpoint Modeling 101 - A New Approach to Endpoint Security

Download as PPTX, PDF
O
Observable Networks

Observable Networks reviews what endpoint modeling is, how it works, why it's important, and how endpoint modeling improves your network security.

Software
1 of 13
Dynamic Endpoint Modeling
What is Endpoint Modeling? • It’s observing all behavior of all of your network endpoints and watching for changes in that behavior; changes that could indicate possible compromise or malicious activity. • It’s rapid identification of compromised equipment thus driving remediation response times to near immediate.
What is Endpoint Modeling? • It’s passive collection of IP traffic information - and not payload - to determine anomalies, thus not affected by encryption or levels of transparency in virus signatures. • It’s utilization of cloud powered compute and remote run algorithms to deliver real-time analysis and alert functionality. • It’s unprecedented visibility. At the core it’s “Baselining” – comparing current & past activity and performance to an historical baseline.
endpoint modeling is profoundly different Role Network Activity Communication Patterns ✔ ✔ ✔ Continuous Validation 4 Compliance✔T:406, TAG 19, EXPLORE, ALERT-3F V:9011, TAG 139, EXPLORE, ALERT-3A T:126, TAG 6D, CONFIRMED ALERT-12
How Does Endpoint Modeling Work? Roles, Profiles, and Algorithms Models include five key dimensions of behavior analysis, each of which is built upon our robust proprietary catalog of device profiles, roles, and security algorithms. • PROFILES - device profiles are network flow-level labels recognized by port, traffic,, destination IP and packet characteristics. Device profile names are given to a behavior associated with a software application or service, such as a streaming media client. • ROLES - device roles are combinations of device profiles that represent more complex network devices. A device role is a high-level category for a connected device, such as a printer, domain controller, or medical imaging server. Devices on enterprise networks typically fulfill one or more device roles. • ALGORITHMS - security algorithms are modeling and anomaly-detection techniques based on statistical, state-based, rule-based, and learning theories that rapidly identify aberrant events, whether known to be normal, new, or potentially malicious. Copyright © Observable Networks, Inc. 5
How Does Endpoint Modeling Work? Assessing Behavior over Time  according to its type?  like similar types?  like it has in the the past?  in a way that breaks rules?  as predicted? How is the device operating: Important: No Deep Packet Inspection No end host agents Copyright © Observable Networks, Inc. 6
Copyright © Observable Networks, Inc. 7 Why Is Endpoint Modeling Important? Key IT Security Shifts No Threat Signatures 1 End-to-End Encryption 2 Device Proliferation 3 MORE Devices • Everything connects to the network • High growth in unmanaged devices • Creating blind spots in security posture HIGHER Specificity of Attacks • Little to no signatures • Social engineered attacks are common • Perimeter defenses are weakening MORE Encryption • Desire for increased security and privacy • Everything will be opaque • Creating vulnerability in existing tools
Copyright © Observable Networks, Inc. 8 Why Is Endpoint Modeling Important? Key IT Security Shifts Complex Networks 4 Inside & Insider Threats 5 Too Many Vectors 6 KNOW yourself • Can’t know all enemies • Can’t know all vulnerabilities • Can know normal to recognize attacks POROUS perimeter • Partner connectivity • Mobile connectivity • 3rd Party hosting and SaaS services Watch everything • Attackers roosting inside • Employees and contractors • Holistic awareness is required
How Does Endpoint Modeling Improve Security? • A continuous, unobstructed understanding of every endpoint's behavior, regardless of its function • Rapid identification of indicators of compromise without dependencies on log file monitoring, deep packet inspection (DPI), or other signature-based methods • Insightful and efficient security actions T:406, TAG 19, EXPLORE, ALERT-3F V:9011, TAG 139, EXPLORE, ALERT-3A T:126, TAG 6D, CONFIRMED ALERT-12 9 With Dynamic Endpoint Modeling, you gain:
All data being unencrypted or the need to be unencrypted A current signature for every new threat An agent installed on all network endpoints Endpoint Modeling has NO legacy dependencies, such as: How Does Endpoint Modeling Improve Security? Copyright © Observable Networks, Inc. 10 endpoint modeling provides a X X X
Copyright © Observable Networks, Inc. 11 ✔ BETTER THREAT DETECTION Real Time/ Near Real Time Post Compromise Summarizing Endpoint Modeling End-to-end encryption Device proliferation Information overload InfoSec staffing challenges Trends & Realities No DPI, meta-data only No endpoint agents Concise, actionable alerts Profoundly aids productivity Endpoint Modeling
you can know more about your network than any adversary Copyright © Observable Networks, Inc. 12
About Observable’s Endpoint Modeling Service observable.net/trial Copyright © Observable Networks, Inc. 13 Dynamic Security Intelligence DEM uses real-time network flow data, automated security analytics, and big-data methods to continuously model all of your network devices. Cloud Platform No specialized hardware to purchase or software agents to deploy, Observable offers Network Security-as-a-Service in the cloud, which greatly simplifies deployment. Managed Service Agility Do you have the people and tools necessary for advanced threat detection? It’s expensive and time consuming to deploy the latest tools, hire the best analysts, and maintain a continuous vigil to ensure the integrity of your systems and data. Software-as-a- Service (SaaS) Subscription Observable simplifies threat detection as a SaaS subscription. Select cost-effective monthly or annual subscriptions, for any size organization. Free 60 Day Trial, Experience the Full Product & Service Sign-up, download and install the service today. In fact you can be building your endpoint’s baseline within hours of initiating your trial. Full support for placement, configuration and alerts.

Recommended

Threat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachThreat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachRahul Neel Mani
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsSirius
 
What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?Priyanka Aash
 
Simplifying Security Management in the Virtual Data Center
Simplifying Security Management in the Virtual Data CenterSimplifying Security Management in the Virtual Data Center
Simplifying Security Management in the Virtual Data CenterAlgoSec
 
IDC Security 2014, Endpoint Security in Depth
IDC Security 2014, Endpoint Security in DepthIDC Security 2014, Endpoint Security in Depth
IDC Security 2014, Endpoint Security in DepthKen Tulegenov
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Designcentralohioissa
 
IT Cyber Security Operations
IT Cyber Security OperationsIT Cyber Security Operations
IT Cyber Security OperationsNapier University
 
Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...
Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...
Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...Resilient Systems
 

Recommended

Threat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachThreat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachRahul Neel Mani
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsSirius
 
What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?Priyanka Aash
 
Simplifying Security Management in the Virtual Data Center
Simplifying Security Management in the Virtual Data CenterSimplifying Security Management in the Virtual Data Center
Simplifying Security Management in the Virtual Data CenterAlgoSec
 
IDC Security 2014, Endpoint Security in Depth
IDC Security 2014, Endpoint Security in DepthIDC Security 2014, Endpoint Security in Depth
IDC Security 2014, Endpoint Security in DepthKen Tulegenov
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Designcentralohioissa
 
IT Cyber Security Operations
IT Cyber Security OperationsIT Cyber Security Operations
IT Cyber Security OperationsNapier University
 
Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...
Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...
Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...Resilient Systems
 
Machine Learning for Threat Detection
Machine Learning for Threat DetectionMachine Learning for Threat Detection
Machine Learning for Threat DetectionNapier University
 
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Adrian Guthrie
 
Cylance Information Security: Compromise Assessment Datasheet
Cylance Information Security: Compromise Assessment DatasheetCylance Information Security: Compromise Assessment Datasheet
Cylance Information Security: Compromise Assessment DatasheetInnovation Network Technologies: InNet
 
Shift Happens: Eliminating the Risks of Network Security Policy Changes
Shift Happens: Eliminating the Risks of Network Security Policy ChangesShift Happens: Eliminating the Risks of Network Security Policy Changes
Shift Happens: Eliminating the Risks of Network Security Policy ChangesAlgoSec
 
Security Ops for large and small companies
Security Ops for large and small companiesSecurity Ops for large and small companies
Security Ops for large and small companiesMona Arkhipova
 
Risks vs real life
Risks vs real lifeRisks vs real life
Risks vs real lifeMona Arkhipova
 
5 benefits of network monitoring
5 benefits of network monitoring5 benefits of network monitoring
5 benefits of network monitoringFlightcase1
 
8 Reasons to Choose Logrhythm
8 Reasons to Choose Logrhythm8 Reasons to Choose Logrhythm
8 Reasons to Choose LogrhythmLogRhythm
 
PPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALPPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALRisi Avila
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...Savvius, Inc
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!centralohioissa
 
Gov & Education Day 2015 - User Behavior Analytics
Gov & Education Day 2015 - User Behavior AnalyticsGov & Education Day 2015 - User Behavior Analytics
Gov & Education Day 2015 - User Behavior AnalyticsSplunk
 
Five SIEM Futures (2012)
Five SIEM Futures (2012)Five SIEM Futures (2012)
Five SIEM Futures (2012)Anton Chuvakin
 
Splunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudySplunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudyAndrew Gerber
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DividePriyanka Aash
 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAlgoSec
 
Leveraging red for defense
Leveraging red for defenseLeveraging red for defense
Leveraging red for defensePriyanka Aash
 
The Rise of the Purple Team
The Rise of the Purple TeamThe Rise of the Purple Team
The Rise of the Purple TeamPriyanka Aash
 
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinAnton Chuvakin
 
Demystifying Security Analytics: Data, Methods, Use Cases
Demystifying Security Analytics: Data, Methods, Use CasesDemystifying Security Analytics: Data, Methods, Use Cases
Demystifying Security Analytics: Data, Methods, Use CasesPriyanka Aash
 
Reveelium Smart Predictive Analytics - Datasheet EN
Reveelium Smart Predictive Analytics - Datasheet ENReveelium Smart Predictive Analytics - Datasheet EN
Reveelium Smart Predictive Analytics - Datasheet ENITrust - Cybersecurity as a Service
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
 

More Related Content

What's hot

Machine Learning for Threat Detection
Machine Learning for Threat DetectionMachine Learning for Threat Detection
Machine Learning for Threat DetectionNapier University
 
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Adrian Guthrie
 
Shift Happens: Eliminating the Risks of Network Security Policy Changes
Shift Happens: Eliminating the Risks of Network Security Policy ChangesShift Happens: Eliminating the Risks of Network Security Policy Changes
Shift Happens: Eliminating the Risks of Network Security Policy ChangesAlgoSec
 
Security Ops for large and small companies
Security Ops for large and small companiesSecurity Ops for large and small companies
Security Ops for large and small companiesMona Arkhipova
 
5 benefits of network monitoring
5 benefits of network monitoring5 benefits of network monitoring
5 benefits of network monitoringFlightcase1
 
8 Reasons to Choose Logrhythm
8 Reasons to Choose Logrhythm8 Reasons to Choose Logrhythm
8 Reasons to Choose LogrhythmLogRhythm
 
PPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALPPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALRisi Avila
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...Savvius, Inc
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!centralohioissa
 
Gov & Education Day 2015 - User Behavior Analytics
Gov & Education Day 2015 - User Behavior AnalyticsGov & Education Day 2015 - User Behavior Analytics
Gov & Education Day 2015 - User Behavior AnalyticsSplunk
 
Five SIEM Futures (2012)
Five SIEM Futures (2012)Five SIEM Futures (2012)
Five SIEM Futures (2012)Anton Chuvakin
 
Splunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudySplunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudyAndrew Gerber
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DividePriyanka Aash
 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAlgoSec
 
Leveraging red for defense
Leveraging red for defenseLeveraging red for defense
Leveraging red for defensePriyanka Aash
 
The Rise of the Purple Team
The Rise of the Purple TeamThe Rise of the Purple Team
The Rise of the Purple TeamPriyanka Aash
 
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinAnton Chuvakin
 
Demystifying Security Analytics: Data, Methods, Use Cases
Demystifying Security Analytics: Data, Methods, Use CasesDemystifying Security Analytics: Data, Methods, Use Cases
Demystifying Security Analytics: Data, Methods, Use CasesPriyanka Aash
 

What's hot (20)

Machine Learning for Threat Detection
Machine Learning for Threat DetectionMachine Learning for Threat Detection
Machine Learning for Threat Detection
 
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response
 
Cylance Information Security: Compromise Assessment Datasheet
Cylance Information Security: Compromise Assessment DatasheetCylance Information Security: Compromise Assessment Datasheet
Cylance Information Security: Compromise Assessment Datasheet
 
Shift Happens: Eliminating the Risks of Network Security Policy Changes
Shift Happens: Eliminating the Risks of Network Security Policy ChangesShift Happens: Eliminating the Risks of Network Security Policy Changes
Shift Happens: Eliminating the Risks of Network Security Policy Changes
 
Security Ops for large and small companies
Security Ops for large and small companiesSecurity Ops for large and small companies
Security Ops for large and small companies
 
Risks vs real life
Risks vs real lifeRisks vs real life
Risks vs real life
 
5 benefits of network monitoring
5 benefits of network monitoring5 benefits of network monitoring
5 benefits of network monitoring
 
8 Reasons to Choose Logrhythm
8 Reasons to Choose Logrhythm8 Reasons to Choose Logrhythm
8 Reasons to Choose Logrhythm
 
PPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALPPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINAL
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!
 
Gov & Education Day 2015 - User Behavior Analytics
Gov & Education Day 2015 - User Behavior AnalyticsGov & Education Day 2015 - User Behavior Analytics
Gov & Education Day 2015 - User Behavior Analytics
 
Five SIEM Futures (2012)
Five SIEM Futures (2012)Five SIEM Futures (2012)
Five SIEM Futures (2012)
 
Splunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudySplunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case Study
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity Divide
 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slides
 
Leveraging red for defense
Leveraging red for defenseLeveraging red for defense
Leveraging red for defense
 
The Rise of the Purple Team
The Rise of the Purple TeamThe Rise of the Purple Team
The Rise of the Purple Team
 
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
 
Demystifying Security Analytics: Data, Methods, Use Cases
Demystifying Security Analytics: Data, Methods, Use CasesDemystifying Security Analytics: Data, Methods, Use Cases
Demystifying Security Analytics: Data, Methods, Use Cases
 

Similar to Endpoint Modeling 101 - A New Approach to Endpoint Security

Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session Splunk
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsAdrian Sanabria
 
Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSmmiznoni
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunk
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protectionxband
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk
 
Preparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity RenaissancePreparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity RenaissanceCloudera, Inc.
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNcentralohioissa
 
Threat Detection Algorithms Make Big Data into Better Data
Threat Detection Algorithms Make Big Data into Better Data Threat Detection Algorithms Make Big Data into Better Data
Threat Detection Algorithms Make Big Data into Better Data Enterprise Management Associates
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsEmulex Corporation
 
Operationalizing Security Intelligence
Operationalizing Security IntelligenceOperationalizing Security Intelligence
Operationalizing Security IntelligenceSplunk
 
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...Splunk
 
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowDefining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowIBM Security
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeLancope, Inc.
 

Similar to Endpoint Modeling 101 - A New Approach to Endpoint Security (20)

Reveelium Smart Predictive Analytics - Datasheet EN
Reveelium Smart Predictive Analytics - Datasheet ENReveelium Smart Predictive Analytics - Datasheet EN
Reveelium Smart Predictive Analytics - Datasheet EN
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session
 
SIEM 1 solution .pptx
SIEM 1 solution .pptxSIEM 1 solution .pptx
SIEM 1 solution .pptx
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These Years
 
Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPS
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for Security
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout Session
 
Preparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity RenaissancePreparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity Renaissance
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
 
Threat Detection Algorithms Make Big Data into Better Data
Threat Detection Algorithms Make Big Data into Better Data Threat Detection Algorithms Make Big Data into Better Data
Threat Detection Algorithms Make Big Data into Better Data
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
 
Operationalizing Security Intelligence
Operationalizing Security IntelligenceOperationalizing Security Intelligence
Operationalizing Security Intelligence
 
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
 
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowDefining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber Crime
 
Sect r35 b
Sect r35 bSect r35 b
Sect r35 b
 

Recently uploaded

UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxAndreas Kunz
 
SoftTeco - Software Development Company Profile
SoftTeco - Software Development Company ProfileSoftTeco - Software Development Company Profile
SoftTeco - Software Development Company Profileakrivarotava
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfDrew Moseley
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
 
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxThe Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxRTS corp
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identityteam-WIBU
 
What’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesWhat’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesVictoriaMetrics
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogueitservices996
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdfEnhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdfRTS corp
 
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesAmazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesKrzysztofKkol1
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLionel Briand
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingShane Coughlan
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsChristian Birchler
 
eSoftTools IMAP Backup Software and migration tools
eSoftTools IMAP Backup Software and migration toolseSoftTools IMAP Backup Software and migration tools
eSoftTools IMAP Backup Software and migration toolsosttopstonverter
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...confluent
 
Effectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryErrorEffectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryErrorTier1 app
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringHironori Washizaki
 
Patterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencePatterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencessuser9e7c64
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsSafe Software
 

Recently uploaded (20)

UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
 
SoftTeco - Software Development Company Profile
SoftTeco - Software Development Company ProfileSoftTeco - Software Development Company Profile
SoftTeco - Software Development Company Profile
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdf
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
 
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxThe Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
 
What’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesWhat’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 Updates
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogue
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdfEnhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
 
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesAmazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and Repair
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
 
eSoftTools IMAP Backup Software and migration tools
eSoftTools IMAP Backup Software and migration toolseSoftTools IMAP Backup Software and migration tools
eSoftTools IMAP Backup Software and migration tools
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
 
Effectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryErrorEffectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryError
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their Engineering
 
Patterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencePatterns for automating API delivery. API conference
Patterns for automating API delivery. API conference
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data Streams
 

Endpoint Modeling 101 - A New Approach to Endpoint Security

  • 2. What is Endpoint Modeling? • It’s observing all behavior of all of your network endpoints and watching for changes in that behavior; changes that could indicate possible compromise or malicious activity. • It’s rapid identification of compromised equipment thus driving remediation response times to near immediate.
  • 3. What is Endpoint Modeling? • It’s passive collection of IP traffic information - and not payload - to determine anomalies, thus not affected by encryption or levels of transparency in virus signatures. • It’s utilization of cloud powered compute and remote run algorithms to deliver real-time analysis and alert functionality. • It’s unprecedented visibility. At the core it’s “Baselining” – comparing current & past activity and performance to an historical baseline.
  • 4. endpoint modeling is profoundly different Role Network Activity Communication Patterns ✔ ✔ ✔ Continuous Validation 4 Compliance✔T:406, TAG 19, EXPLORE, ALERT-3F V:9011, TAG 139, EXPLORE, ALERT-3A T:126, TAG 6D, CONFIRMED ALERT-12
  • 5. How Does Endpoint Modeling Work? Roles, Profiles, and Algorithms Models include five key dimensions of behavior analysis, each of which is built upon our robust proprietary catalog of device profiles, roles, and security algorithms. • PROFILES - device profiles are network flow-level labels recognized by port, traffic,, destination IP and packet characteristics. Device profile names are given to a behavior associated with a software application or service, such as a streaming media client. • ROLES - device roles are combinations of device profiles that represent more complex network devices. A device role is a high-level category for a connected device, such as a printer, domain controller, or medical imaging server. Devices on enterprise networks typically fulfill one or more device roles. • ALGORITHMS - security algorithms are modeling and anomaly-detection techniques based on statistical, state-based, rule-based, and learning theories that rapidly identify aberrant events, whether known to be normal, new, or potentially malicious. Copyright © Observable Networks, Inc. 5
  • 6. How Does Endpoint Modeling Work? Assessing Behavior over Time  according to its type?  like similar types?  like it has in the the past?  in a way that breaks rules?  as predicted? How is the device operating: Important: No Deep Packet Inspection No end host agents Copyright © Observable Networks, Inc. 6
  • 7. Copyright © Observable Networks, Inc. 7 Why Is Endpoint Modeling Important? Key IT Security Shifts No Threat Signatures 1 End-to-End Encryption 2 Device Proliferation 3 MORE Devices • Everything connects to the network • High growth in unmanaged devices • Creating blind spots in security posture HIGHER Specificity of Attacks • Little to no signatures • Social engineered attacks are common • Perimeter defenses are weakening MORE Encryption • Desire for increased security and privacy • Everything will be opaque • Creating vulnerability in existing tools
  • 8. Copyright © Observable Networks, Inc. 8 Why Is Endpoint Modeling Important? Key IT Security Shifts Complex Networks 4 Inside & Insider Threats 5 Too Many Vectors 6 KNOW yourself • Can’t know all enemies • Can’t know all vulnerabilities • Can know normal to recognize attacks POROUS perimeter • Partner connectivity • Mobile connectivity • 3rd Party hosting and SaaS services Watch everything • Attackers roosting inside • Employees and contractors • Holistic awareness is required
  • 9. How Does Endpoint Modeling Improve Security? • A continuous, unobstructed understanding of every endpoint's behavior, regardless of its function • Rapid identification of indicators of compromise without dependencies on log file monitoring, deep packet inspection (DPI), or other signature-based methods • Insightful and efficient security actions T:406, TAG 19, EXPLORE, ALERT-3F V:9011, TAG 139, EXPLORE, ALERT-3A T:126, TAG 6D, CONFIRMED ALERT-12 9 With Dynamic Endpoint Modeling, you gain:
  • 10. All data being unencrypted or the need to be unencrypted A current signature for every new threat An agent installed on all network endpoints Endpoint Modeling has NO legacy dependencies, such as: How Does Endpoint Modeling Improve Security? Copyright © Observable Networks, Inc. 10 endpoint modeling provides a X X X
  • 11. Copyright © Observable Networks, Inc. 11 ✔ BETTER THREAT DETECTION Real Time/ Near Real Time Post Compromise Summarizing Endpoint Modeling End-to-end encryption Device proliferation Information overload InfoSec staffing challenges Trends & Realities No DPI, meta-data only No endpoint agents Concise, actionable alerts Profoundly aids productivity Endpoint Modeling
  • 12. you can know more about your network than any adversary Copyright © Observable Networks, Inc. 12
  • 13. About Observable’s Endpoint Modeling Service observable.net/trial Copyright © Observable Networks, Inc. 13 Dynamic Security Intelligence DEM uses real-time network flow data, automated security analytics, and big-data methods to continuously model all of your network devices. Cloud Platform No specialized hardware to purchase or software agents to deploy, Observable offers Network Security-as-a-Service in the cloud, which greatly simplifies deployment. Managed Service Agility Do you have the people and tools necessary for advanced threat detection? It’s expensive and time consuming to deploy the latest tools, hire the best analysts, and maintain a continuous vigil to ensure the integrity of your systems and data. Software-as-a- Service (SaaS) Subscription Observable simplifies threat detection as a SaaS subscription. Select cost-effective monthly or annual subscriptions, for any size organization. Free 60 Day Trial, Experience the Full Product & Service Sign-up, download and install the service today. In fact you can be building your endpoint’s baseline within hours of initiating your trial. Full support for placement, configuration and alerts.