Cisco CSIRT uses NetFlow to collect 16 billion flows from Cisco’s 175TB of traffic observed daily. The data is used to monitor, investigate, and contain incidents using 3 key playbook “plays” each day.
Two leaders from Cisco's Computer Security Incident Response Team (CSIRT) will review a real cyber incident and the resulting investigation leveraging NetFlow collected via the StealthWatch System.
Participants will learn how to use NetFlow and the StealthWatch System to:
Investigate top use cases: C&C discovery, data loss and DOS attacks
Gain contextual awareness of network activity
Accelerate incident response
Minimize costly outages and downtime from threats
Protect the evolving network infrastructure
Provide forensic evidence to prosecute adversaries