SlideShare a Scribd company logo

2015 Angelbeat_ConvergenceMsg-FINAL

Download as PPTX, PDF
R
Rick Kingsley
1 of 31
The Convergence of Network & Security
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 2 20 Years of Maintaining Current Enterprise IT Initiatives Data center consolidation BYOD and multiple devices Cloud Low total cost of ownership Virtualization Big Data Service assurance 1Gb -> 100Gb Security Application complexity Unified Communications
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 3 Technology Manufacturing Healthcare Insurance Financial services Retail Government Carriers Strong and Diverse Customer Base
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 4 Challengers Leaders Completeness of Vision JDSU/ Network Instruments Ability to Execute Magic Quadrant for Network Performance Monitoring and Diagnostics (NPMD) Gartner Magic Quadrant, March 2015
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 5 2015 State of the Network Survey  Study evaluates • Role of Network teams in Security investigations • UC adoption and challenges • Key application management issues  322 respondents globally
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 6 NETWORK TEAM’S ROLE IN SECURITY
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 7 Is the Network Team involved in Security?  8 in 10 network teams are also involved in security
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 8 Time Spent on Security  One-quarter of network teams spend more than 10 hours per week involved in security issues
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 9 Has this Increased over the Past Year?
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 10 Network Team Roles in Security
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 11 Methods for Identifying Security Issues
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 12 Greatest Challenges Addressing Security
Network Security & Forensics
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 14 Does your Data Center Security look like this to Hackers?
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 15 Or this?
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 16 Types of Security Products  Technologies • Network Based - Requires access to the network data via in-line connection, tap or Mirror ports • Host Based - Local system-specific settings, software calls, local security policy, local log audits, etc… - Must be installed on each machine - Requires OS & SW specific configuration
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 17 Network and Host Based Security Tools • IPS - Intrusion Prevention System - Inspects traffic flowing through a network and can block malicious behavior • IDS - Intrusion Detection System - Similar to IPS but does not block - only logs or alerts on malicious traffic • Firewall - Drops non-compliant traffic based on configured rules • Antivirus/Malware/Spam Software - Provides local protection for server and user platforms Are they enough?
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 18 Recent Security Breaches
© 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 19 http://www.informationisbeautiful.net/visualizations/worlds- biggest-data-breaches-hacks/
A Comprehensive Security System Firewalls Intrusion Prevention Intrusion Detection Packet Forensics - Network Packet Recorder Increasing Level of Prevention Increasing Level of Forensics Visibility
What is a Network Packet Recorder • A technology that records digital communications, no matter what language (protocol) is used between the parties • Combined with analysis software, recorded communications can be investigated to identify what information was exchanged and when
Questions Answered with Network Recorders • Who’s trying to enter/communicate with my resource(s)? • What other resources has this person communicated with? • When did this entity enter/communicate previously? • What Files has this entity tried to access? • Who’s been trying to enter false passwords? • Is an entity trying to deliver a malicious “package” to a device on my network?
Network Forensics – Essential Capabilities • Full packet capture with massive scale and in compliance with digital evidence rules • Retention of data for days or weeks • Fast access to captured data via search and other tools • Packet header analysis, including summarizing and trending the network activity • Packet contents analysis across protocols, including file extraction, session viewing, and L4-7 application analysis. • Compare data with known threat signatures • See all traffic and make inferences about relationships
NETWORK FORENSICS Essential Capabilities
Start Investigation at the time of the Incident
Identify Threats & Reconstruct Events • Identification Processing in Observer o Pattern matching and filtering • SNORT • Custom o Packet Processing • IP Flow tracking • IP Defragmentation • TCP Stream reassembly • HTTP URI Normalization • ARP Inspection • Telnet Normalization o Anomaly Detection o Encryption & Keys
Comparing Packets with Known Signatures Define your own security filters, or import forensic analysis rules from SNORT.org
Forensics Analysis Log – Clear Information
Anomaly Detection & Baselining
Alarm on KPI baseline deviations
Post-Event Intrusion Resolution • Application-Aware Network Tools with DPI can strengthen a Security strategy • Long term capture/storage acts like a 24/7 Video Camera on the Network o Storage that can scale to PB retention levels o Network and Security personnel can efficiently detect and root-out intrusions, malware, and other un-authorized activities within the IT infrastructure. o Reduce Tool sprawl and increase collaboration

Recommended

The Internet of Everything is Here
The Internet of Everything is HereThe Internet of Everything is Here
The Internet of Everything is HereLancope, Inc.
 
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...Micro Focus
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things Wolfgang Kandek
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Lancope, Inc.
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access Er. Ajay Sirsat
 
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...IJCNCJournal
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSFidelis Cybersecurity
 

Recommended

The Internet of Everything is Here
The Internet of Everything is HereThe Internet of Everything is Here
The Internet of Everything is HereLancope, Inc.
 
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...Micro Focus
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things Wolfgang Kandek
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Lancope, Inc.
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access Er. Ajay Sirsat
 
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...IJCNCJournal
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSFidelis Cybersecurity
 
Moving Beyond Zero Trust
Moving Beyond Zero TrustMoving Beyond Zero Trust
Moving Beyond Zero Trustscoopnewsgroup
 
Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Fidelis Cybersecurity
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...YouAttestSlideshare
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPFidelis Cybersecurity
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to PracticeAlgoSec
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model PresentationGowdhaman Jothilingam
 
McAfee Total Protection for Data Loss Prevention (DLP)
McAfee Total Protection for Data Loss Prevention (DLP)McAfee Total Protection for Data Loss Prevention (DLP)
McAfee Total Protection for Data Loss Prevention (DLP)Trustmarque
 
Microsegmentation for enterprise data centers
Microsegmentation for enterprise data centersMicrosegmentation for enterprise data centers
Microsegmentation for enterprise data centersNarendran Vaideeswaran
 
Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Cybersecurity
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019Fidelis Cybersecurity
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...centralohioissa
 
Stopping zero day threats
Stopping zero day threatsStopping zero day threats
Stopping zero day threatsZscaler
 
Forrester no more chewy centers- the zero trust model
Forrester no more chewy centers- the zero trust modelForrester no more chewy centers- the zero trust model
Forrester no more chewy centers- the zero trust modelCristian Garcia G.
 
Internet of things security challenges
Internet of things security challengesInternet of things security challenges
Internet of things security challengesHadi Fadlallah
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?Ahmed Banafa
 
Biznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsBiznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsYusuf Hadiwinata Sutandar
 
Overview of Google’s BeyondCorp Approach to Security
Overview of Google’s BeyondCorp Approach to Security Overview of Google’s BeyondCorp Approach to Security
Overview of Google’s BeyondCorp Approach to SecurityPriyanka Aash
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineeringPeter Wood
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT SystemsSecurity Innovation
 
SIEM-plifying security monitoring: A different approach to security visibility
SIEM-plifying security monitoring: A different approach to security visibilitySIEM-plifying security monitoring: A different approach to security visibility
SIEM-plifying security monitoring: A different approach to security visibilityAlienVault
 
PLNOG14: Firewalls In Modern Data Centers - Piotr Wojciechowski
PLNOG14: Firewalls In Modern Data Centers - Piotr WojciechowskiPLNOG14: Firewalls In Modern Data Centers - Piotr Wojciechowski
PLNOG14: Firewalls In Modern Data Centers - Piotr WojciechowskiPROIDEA
 

More Related Content

What's hot

Moving Beyond Zero Trust
Moving Beyond Zero TrustMoving Beyond Zero Trust
Moving Beyond Zero Trustscoopnewsgroup
 
Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Fidelis Cybersecurity
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...YouAttestSlideshare
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPFidelis Cybersecurity
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to PracticeAlgoSec
 
McAfee Total Protection for Data Loss Prevention (DLP)
McAfee Total Protection for Data Loss Prevention (DLP)McAfee Total Protection for Data Loss Prevention (DLP)
McAfee Total Protection for Data Loss Prevention (DLP)Trustmarque
 
Microsegmentation for enterprise data centers
Microsegmentation for enterprise data centersMicrosegmentation for enterprise data centers
Microsegmentation for enterprise data centersNarendran Vaideeswaran
 
Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Cybersecurity
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...centralohioissa
 
Stopping zero day threats
Stopping zero day threatsStopping zero day threats
Stopping zero day threatsZscaler
 
Forrester no more chewy centers- the zero trust model
Forrester no more chewy centers- the zero trust modelForrester no more chewy centers- the zero trust model
Forrester no more chewy centers- the zero trust modelCristian Garcia G.
 
Internet of things security challenges
Internet of things security challengesInternet of things security challenges
Internet of things security challengesHadi Fadlallah
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?Ahmed Banafa
 
Biznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsBiznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsYusuf Hadiwinata Sutandar
 
Overview of Google’s BeyondCorp Approach to Security
Overview of Google’s BeyondCorp Approach to Security Overview of Google’s BeyondCorp Approach to Security
Overview of Google’s BeyondCorp Approach to SecurityPriyanka Aash
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineeringPeter Wood
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT SystemsSecurity Innovation
 

What's hot (20)

Moving Beyond Zero Trust
Moving Beyond Zero TrustMoving Beyond Zero Trust
Moving Beyond Zero Trust
 
Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLP
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
 
McAfee Total Protection for Data Loss Prevention (DLP)
McAfee Total Protection for Data Loss Prevention (DLP)McAfee Total Protection for Data Loss Prevention (DLP)
McAfee Total Protection for Data Loss Prevention (DLP)
 
Microsegmentation for enterprise data centers
Microsegmentation for enterprise data centersMicrosegmentation for enterprise data centers
Microsegmentation for enterprise data centers
 
Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
 
Stopping zero day threats
Stopping zero day threatsStopping zero day threats
Stopping zero day threats
 
Forrester no more chewy centers- the zero trust model
Forrester no more chewy centers- the zero trust modelForrester no more chewy centers- the zero trust model
Forrester no more chewy centers- the zero trust model
 
Internet of things security challenges
Internet of things security challengesInternet of things security challenges
Internet of things security challenges
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?
 
Biznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsBiznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital Forensics
 
Overview of Google’s BeyondCorp Approach to Security
Overview of Google’s BeyondCorp Approach to Security Overview of Google’s BeyondCorp Approach to Security
Overview of Google’s BeyondCorp Approach to Security
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineering
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT Systems
 

Similar to 2015 Angelbeat_ConvergenceMsg-FINAL

SIEM-plifying security monitoring: A different approach to security visibility
SIEM-plifying security monitoring: A different approach to security visibilitySIEM-plifying security monitoring: A different approach to security visibility
SIEM-plifying security monitoring: A different approach to security visibilityAlienVault
 
PLNOG14: Firewalls In Modern Data Centers - Piotr Wojciechowski
PLNOG14: Firewalls In Modern Data Centers - Piotr WojciechowskiPLNOG14: Firewalls In Modern Data Centers - Piotr Wojciechowski
PLNOG14: Firewalls In Modern Data Centers - Piotr WojciechowskiPROIDEA
 
Identifier Systems Security, Stability and Resiliency by Champika Wijayatunga
Identifier Systems Security, Stability and Resiliency by Champika WijayatungaIdentifier Systems Security, Stability and Resiliency by Champika Wijayatunga
Identifier Systems Security, Stability and Resiliency by Champika WijayatungaMyNOG
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityCryptzone
 
Four keys to securing distributed control systems and the industrial (IoT)
Four keys to securing distributed control systems and the industrial (IoT)Four keys to securing distributed control systems and the industrial (IoT)
Four keys to securing distributed control systems and the industrial (IoT)Real-Time Innovations (RTI)
 
talk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptxtalk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptxTrongMinhHoang1
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective amarukanda
 
Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter Sailaja Tennati
 
Defending the campus juniper nerworks
Defending the campus juniper nerworksDefending the campus juniper nerworks
Defending the campus juniper nerworksBrozaa
 
ISCA Slides - Barun Kumar v1.0
ISCA Slides - Barun Kumar v1.0ISCA Slides - Barun Kumar v1.0
ISCA Slides - Barun Kumar v1.0Barun Kumar
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsEmulex Corporation
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern
 
SeaCat: SDN End-to-End Application Containment
SeaCat: SDN End-to-End Application ContainmentSeaCat: SDN End-to-End Application Containment
SeaCat: SDN End-to-End Application ContainmentUS-Ignite
 
The Evolution of IDS: Why Context is Key
The Evolution of IDS: Why Context is KeyThe Evolution of IDS: Why Context is Key
The Evolution of IDS: Why Context is KeyAlienVault
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New PerspectiveWen-Pai Lu
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information SecurityAhmed Sayed-
 

Similar to 2015 Angelbeat_ConvergenceMsg-FINAL (20)

SIEM-plifying security monitoring: A different approach to security visibility
SIEM-plifying security monitoring: A different approach to security visibilitySIEM-plifying security monitoring: A different approach to security visibility
SIEM-plifying security monitoring: A different approach to security visibility
 
PLNOG14: Firewalls In Modern Data Centers - Piotr Wojciechowski
PLNOG14: Firewalls In Modern Data Centers - Piotr WojciechowskiPLNOG14: Firewalls In Modern Data Centers - Piotr Wojciechowski
PLNOG14: Firewalls In Modern Data Centers - Piotr Wojciechowski
 
Identifier Systems Security, Stability and Resiliency by Champika Wijayatunga
Identifier Systems Security, Stability and Resiliency by Champika WijayatungaIdentifier Systems Security, Stability and Resiliency by Champika Wijayatunga
Identifier Systems Security, Stability and Resiliency by Champika Wijayatunga
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network Security
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Four keys to securing distributed control systems and the industrial (IoT)
Four keys to securing distributed control systems and the industrial (IoT)Four keys to securing distributed control systems and the industrial (IoT)
Four keys to securing distributed control systems and the industrial (IoT)
 
talk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptxtalk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptx
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
 
Securing your Cloud Deployment
Securing your Cloud DeploymentSecuring your Cloud Deployment
Securing your Cloud Deployment
 
Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter
 
Defending the campus juniper nerworks
Defending the campus juniper nerworksDefending the campus juniper nerworks
Defending the campus juniper nerworks
 
ISCA Slides - Barun Kumar v1.0
ISCA Slides - Barun Kumar v1.0ISCA Slides - Barun Kumar v1.0
ISCA Slides - Barun Kumar v1.0
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
 
SeaCat: SDN End-to-End Application Containment
SeaCat: SDN End-to-End Application ContainmentSeaCat: SDN End-to-End Application Containment
SeaCat: SDN End-to-End Application Containment
 
The Evolution of IDS: Why Context is Key
The Evolution of IDS: Why Context is KeyThe Evolution of IDS: Why Context is Key
The Evolution of IDS: Why Context is Key
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information Security
 
Tyler Technology Expo
Tyler Technology ExpoTyler Technology Expo
Tyler Technology Expo
 

2015 Angelbeat_ConvergenceMsg-FINAL

  • 2. © 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 2 20 Years of Maintaining Current Enterprise IT Initiatives Data center consolidation BYOD and multiple devices Cloud Low total cost of ownership Virtualization Big Data Service assurance 1Gb -> 100Gb Security Application complexity Unified Communications
  • 3. © 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 3 Technology Manufacturing Healthcare Insurance Financial services Retail Government Carriers Strong and Diverse Customer Base
  • 4. © 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 4 Challengers Leaders Completeness of Vision JDSU/ Network Instruments Ability to Execute Magic Quadrant for Network Performance Monitoring and Diagnostics (NPMD) Gartner Magic Quadrant, March 2015
  • 5. © 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 5 2015 State of the Network Survey  Study evaluates • Role of Network teams in Security investigations • UC adoption and challenges • Key application management issues  322 respondents globally
  • 6. © 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 6 NETWORK TEAM’S ROLE IN SECURITY
  • 7. © 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 7 Is the Network Team involved in Security?  8 in 10 network teams are also involved in security
  • 8. © 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 8 Time Spent on Security  One-quarter of network teams spend more than 10 hours per week involved in security issues
  • 9. © 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 9 Has this Increased over the Past Year?
  • 10. © 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 10 Network Team Roles in Security
  • 11. © 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 11 Methods for Identifying Security Issues
  • 12. © 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 12 Greatest Challenges Addressing Security
  • 14. © 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 14 Does your Data Center Security look like this to Hackers?
  • 15. © 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 15 Or this?
  • 16. © 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 16 Types of Security Products  Technologies • Network Based - Requires access to the network data via in-line connection, tap or Mirror ports • Host Based - Local system-specific settings, software calls, local security policy, local log audits, etc… - Must be installed on each machine - Requires OS & SW specific configuration
  • 17. © 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 17 Network and Host Based Security Tools • IPS - Intrusion Prevention System - Inspects traffic flowing through a network and can block malicious behavior • IDS - Intrusion Detection System - Similar to IPS but does not block - only logs or alerts on malicious traffic • Firewall - Drops non-compliant traffic based on configured rules • Antivirus/Malware/Spam Software - Provides local protection for server and user platforms Are they enough?
  • 18. © 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 18 Recent Security Breaches
  • 19. © 2014 JDS Uniphase Corporation | JDSU CONFIDENTIAL AND PROPRIETARY INFORMATION 19 http://www.informationisbeautiful.net/visualizations/worlds- biggest-data-breaches-hacks/
  • 20. A Comprehensive Security System Firewalls Intrusion Prevention Intrusion Detection Packet Forensics - Network Packet Recorder Increasing Level of Prevention Increasing Level of Forensics Visibility
  • 21. What is a Network Packet Recorder • A technology that records digital communications, no matter what language (protocol) is used between the parties • Combined with analysis software, recorded communications can be investigated to identify what information was exchanged and when
  • 22. Questions Answered with Network Recorders • Who’s trying to enter/communicate with my resource(s)? • What other resources has this person communicated with? • When did this entity enter/communicate previously? • What Files has this entity tried to access? • Who’s been trying to enter false passwords? • Is an entity trying to deliver a malicious “package” to a device on my network?
  • 23. Network Forensics – Essential Capabilities • Full packet capture with massive scale and in compliance with digital evidence rules • Retention of data for days or weeks • Fast access to captured data via search and other tools • Packet header analysis, including summarizing and trending the network activity • Packet contents analysis across protocols, including file extraction, session viewing, and L4-7 application analysis. • Compare data with known threat signatures • See all traffic and make inferences about relationships
  • 25. Start Investigation at the time of the Incident
  • 26. Identify Threats & Reconstruct Events • Identification Processing in Observer o Pattern matching and filtering • SNORT • Custom o Packet Processing • IP Flow tracking • IP Defragmentation • TCP Stream reassembly • HTTP URI Normalization • ARP Inspection • Telnet Normalization o Anomaly Detection o Encryption & Keys
  • 27. Comparing Packets with Known Signatures Define your own security filters, or import forensic analysis rules from SNORT.org
  • 28. Forensics Analysis Log – Clear Information
  • 29. Anomaly Detection & Baselining
  • 30. Alarm on KPI baseline deviations
  • 31. Post-Event Intrusion Resolution • Application-Aware Network Tools with DPI can strengthen a Security strategy • Long term capture/storage acts like a 24/7 Video Camera on the Network o Storage that can scale to PB retention levels o Network and Security personnel can efficiently detect and root-out intrusions, malware, and other un-authorized activities within the IT infrastructure. o Reduce Tool sprawl and increase collaboration