Cisco, Sourcefire and Lancope - Better Together
•
6 likes•10,710 views
Technology overview for Sourcefire FireSIGHT and Lancope StealthWatch including: • Core features and functionality • Market positioning and differentiators • Technology integration for effective incident response
Report
Share
Report
Share
Download to read offline
Recommended
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT uses NetFlow to collect 16 billion flows from Cisco’s 175TB of traffic observed daily. The data is used to monitor, investigate, and contain incidents using 3 key playbook “plays” each day.
Two leaders from Cisco's Computer Security Incident Response Team (CSIRT) will review a real cyber incident and the resulting investigation leveraging NetFlow collected via the StealthWatch System.
Participants will learn how to use NetFlow and the StealthWatch System to:
Investigate top use cases: C&C discovery, data loss and DOS attacks
Gain contextual awareness of network activity
Accelerate incident response
Minimize costly outages and downtime from threats
Protect the evolving network infrastructure
Provide forensic evidence to prosecute adversaries
Using Your Network as a Sensor for Enhanced Visibility and Security
Driven by the mobility, cloud computing, and Internet of Everything megatrends and fueled by increasingly sophisticated cybercriminals, today’s information landscape is more dynamic and more vulnerable than ever before.
Join Cisco and Lancope for a complimentary webinar to learn how you can implement a comprehensive, network-enabled approach to cybersecurity.
During the webinar we will discuss:
Using the Network as a Security Sensor with Lancope’s StealthWatch System and Flexible NetFlow and to obtain visibility at scale, monitor network activity efficiently, discover security incidents quickly, and help achieve compliance.
Using the Network as a Security Enforcer with Cisco TrustSec to ensure policy-based access control and network segmentation for containment of the network attacks, assist compliance and reduce risks of data-breaches.
What's New in StealthWatch v6.5
StealthWatch 6.5 is a significant release of the StealthWatch network monitoring software that features new security and flow analysis capabilities. It introduces an operational network and security intelligence dashboard for faster threat investigation. The release also includes user-defined threat criteria for more collaborative threat defense, an enhanced quick view of flow data, and integration with Palo Alto Networks firewalls for added context. StealthWatch Labs security updates provide detection of suspect and target data hoarding.
The Network as a Sensor, Cisco and Lancope
Your network holds the key to defending your organization. The Cisco switches, routers, and wireless solutions you deploy can complement and empower your security systems. Cisco provides a broad portfolio of capabilities to improve your defenses across the entire attack continuum. This presentation outlines how you can use your network as a sensor to protect your data, your customers, and your reputation.
Register to Watch Webcast: http://cs.co/9003CRsH
Join the Conversation: http://cs.co/9008CRt6
Lancope and-cisco-asa-for-advanced-security
By collecting and analyzing data from Cisco ASA with Lancope’s StealthWatch System, organizations can:
• Increase visibility and security context at the network edge
• Consume and stitch together NAT data to more accurately pinpoint the source of issues such as MPAA/RIAA copyright infringements
• Audit firewall rules through flow analysis
• Achieve better performance and scalability for network and security monitoring
• Save vast amounts of time and money spent correlating data points from various sources
• More confidently demonstrate compliance with regulations such as PCI
Sourcefire Webinar - NEW GENERATION IPS
Preview delle ultime novità di prodotto Sourcefire IPS Entriamo in dettaglio delle novità di prodotto annunciate da Sourcefire nell\’ultimo mese, incluso:
New 3D8000 Series Sensors with FirePOWER
New Defense Center Models
New IPSx Solution
Presentación - Cisco ASA with FirePOWER Services
En la medida que más empresas mueven sus modelos de negocio hacia la movilidad, la nube e Internet de las cosas, sus soluciones de seguridad deben ser más dinámicas y escalables. Sin embargo, hasta la fecha, la mayoría de las soluciones de seguridad no han seguido el ritmo de cambio y no han podido adaptarse a las nuevas amenazas y ataques. Hoy, las soluciones de seguridad están basadas en un modelo binario de “bien vs mal”, el cual carece de la visibilidad necesaria para entender el contexto. El 16 de septiembre, Cisco dio a conocer su más reciente paso en esta dirección.
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
Today’s advanced threats and targeted attacks necessitate the collection, analysis and use of threat intelligence for effective cyber security. What was once the realm of government organizations is now something that all organizations should be focusing on, but few know where to start.
Join Gavin Reid, Lancope’s Vice President of Threat Intelligence, for a complimentary webinar to learn the ins and outs of threat intelligence and best practices for incorporating it into your security strategy. Topics covered will include:
What threat intelligence is
Best practices for developing a threat intelligence function
Common pitfalls to avoid when setting up a threat intelligence practice
How threat intelligence fits into the other components of an enterprise security strategy
Recommended
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT uses NetFlow to collect 16 billion flows from Cisco’s 175TB of traffic observed daily. The data is used to monitor, investigate, and contain incidents using 3 key playbook “plays” each day.
Two leaders from Cisco's Computer Security Incident Response Team (CSIRT) will review a real cyber incident and the resulting investigation leveraging NetFlow collected via the StealthWatch System.
Participants will learn how to use NetFlow and the StealthWatch System to:
Investigate top use cases: C&C discovery, data loss and DOS attacks
Gain contextual awareness of network activity
Accelerate incident response
Minimize costly outages and downtime from threats
Protect the evolving network infrastructure
Provide forensic evidence to prosecute adversaries
Using Your Network as a Sensor for Enhanced Visibility and Security
Driven by the mobility, cloud computing, and Internet of Everything megatrends and fueled by increasingly sophisticated cybercriminals, today’s information landscape is more dynamic and more vulnerable than ever before.
Join Cisco and Lancope for a complimentary webinar to learn how you can implement a comprehensive, network-enabled approach to cybersecurity.
During the webinar we will discuss:
Using the Network as a Security Sensor with Lancope’s StealthWatch System and Flexible NetFlow and to obtain visibility at scale, monitor network activity efficiently, discover security incidents quickly, and help achieve compliance.
Using the Network as a Security Enforcer with Cisco TrustSec to ensure policy-based access control and network segmentation for containment of the network attacks, assist compliance and reduce risks of data-breaches.
What's New in StealthWatch v6.5
StealthWatch 6.5 is a significant release of the StealthWatch network monitoring software that features new security and flow analysis capabilities. It introduces an operational network and security intelligence dashboard for faster threat investigation. The release also includes user-defined threat criteria for more collaborative threat defense, an enhanced quick view of flow data, and integration with Palo Alto Networks firewalls for added context. StealthWatch Labs security updates provide detection of suspect and target data hoarding.
The Network as a Sensor, Cisco and Lancope
Your network holds the key to defending your organization. The Cisco switches, routers, and wireless solutions you deploy can complement and empower your security systems. Cisco provides a broad portfolio of capabilities to improve your defenses across the entire attack continuum. This presentation outlines how you can use your network as a sensor to protect your data, your customers, and your reputation.
Register to Watch Webcast: http://cs.co/9003CRsH
Join the Conversation: http://cs.co/9008CRt6
Lancope and-cisco-asa-for-advanced-security
By collecting and analyzing data from Cisco ASA with Lancope’s StealthWatch System, organizations can:
• Increase visibility and security context at the network edge
• Consume and stitch together NAT data to more accurately pinpoint the source of issues such as MPAA/RIAA copyright infringements
• Audit firewall rules through flow analysis
• Achieve better performance and scalability for network and security monitoring
• Save vast amounts of time and money spent correlating data points from various sources
• More confidently demonstrate compliance with regulations such as PCI
Sourcefire Webinar - NEW GENERATION IPS
Preview delle ultime novità di prodotto Sourcefire IPS Entriamo in dettaglio delle novità di prodotto annunciate da Sourcefire nell\’ultimo mese, incluso:
New 3D8000 Series Sensors with FirePOWER
New Defense Center Models
New IPSx Solution
Presentación - Cisco ASA with FirePOWER Services
En la medida que más empresas mueven sus modelos de negocio hacia la movilidad, la nube e Internet de las cosas, sus soluciones de seguridad deben ser más dinámicas y escalables. Sin embargo, hasta la fecha, la mayoría de las soluciones de seguridad no han seguido el ritmo de cambio y no han podido adaptarse a las nuevas amenazas y ataques. Hoy, las soluciones de seguridad están basadas en un modelo binario de “bien vs mal”, el cual carece de la visibilidad necesaria para entender el contexto. El 16 de septiembre, Cisco dio a conocer su más reciente paso en esta dirección.
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
Today’s advanced threats and targeted attacks necessitate the collection, analysis and use of threat intelligence for effective cyber security. What was once the realm of government organizations is now something that all organizations should be focusing on, but few know where to start.
Join Gavin Reid, Lancope’s Vice President of Threat Intelligence, for a complimentary webinar to learn the ins and outs of threat intelligence and best practices for incorporating it into your security strategy. Topics covered will include:
What threat intelligence is
Best practices for developing a threat intelligence function
Common pitfalls to avoid when setting up a threat intelligence practice
How threat intelligence fits into the other components of an enterprise security strategy
FireSIGHT Management Center (FMC) slides
The FireSIGHT Management Center (FMC) provides concise summaries of security events in 3 sentences or less by leveraging extensive network, endpoint, application and threat intelligence data. It improves security operations by reducing the number of tools needed to understand events, shortening the time to scoping and containment. The FMC also automates the correlation of critical events to identify indicators of compromise and focus security teams on remediation.
Solving the Visibility Gap for Effective Security
Network visibility is a vital component of an effective security strategy, but many organizations lack the ability to identify threat activity in their environment. At Cisco, we have assessed the networks of thousands of organizations, and in nearly every instance, we discovered undocumented hosts, risky user behavior, or malicious activity.
Whether it is rogue servers, unauthorized connections, or ongoing data breaches, we’ve harnessed the power of network visibility to identify a variety of suspicious and malicious activity. Now let us share our knowledge with you.
Join Jeff Moncrief, Systems Engineering Manager at Cisco, to learn:
- The reality of how vulnerable enterprise networks are from endpoint to edge
- The security benefits of end-to-end network visibility
- Common problems solved with network visibility
- Stories of real-life threats hidden on networks we’ve assessed
- How to turn your network into a security sensor to gain critical visibility and threat detection capabilities
ASA Firepower NGFW Update and Deployment Scenarios
This session will focus on typical deployment scenarios for the Adaptive Security Appliance family running FirePower Services. Also, a feature overview and comparison of the ASA with Firepower services and the new Firepower Threat Defense (FTD) image will be included with updates on the new Firepower hardware platform. Deployment use cases will include Internet Edge, various segmentation scenarios, and VPN. A configuration walk-through and accepted best practices will be covered. This session is designed for existing ASA customers and targets the security and network engineer. They will learn the benefit of a FirePower NGFW in network edge and Internet use cases
TechWiseTV Workshop: OpenDNS and AnyConnect
Join this in-depth look and detailed demonstration of the OpenDNS Umbrella integration with AnyConnect and how it really can stop most threats before they become serious problems, protecting users anywhere they go, even when the VPN is off.
Watch the workshop replay: http://bit.ly/2bPT1ax
Watch the Video: http://bit.ly/2c60obv
Sasa milic, cisco advanced malware protection
Cisco Advanced Malware Protection uses a combination of techniques including signatures, machine learning, dynamic analysis, and behavioral analytics to both prevent known threats and detect previously unknown threats retrospectively. It provides security for networks, endpoints, and mobile devices through a cloud-based platform that shares threat intelligence between Cisco and its customers.
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...Chrysostomos Christofi
The document provides an overview and agenda for a presentation on Sourcefire threat detection products. The presentation covers the next generation security model focusing on detection, blocking and defending against attacks. It then discusses specific Sourcefire products including the FireSIGHT management center and features. The presentation concludes with an overview of Sourcefire hardware and deployment options when integrating with Cisco ASA products to provide integrated threat defense.Cisco ASA con fire power services
The document introduces Cisco's ASA with FirePOWER Services, which combines Cisco's ASA firewall with Sourcefire's next-generation IPS. It provides superior threat protection through features like advanced malware protection, security intelligence, and application visibility and control. It offers unprecedented network visibility. The integrated threat defense addresses the entire attack continuum to reduce cost and complexity compared to legacy next-generation firewalls.
Cisco amp for meraki
The document summarizes Cisco Advanced Malware Protection (AMP) for Meraki MX, which provides comprehensive security and advanced threat protection across networks. It gives organizations visibility into threats across multiple locations, simplifies security management with a cloud-based platform, and helps quickly detect, analyze and remediate breaches. Key benefits include reduced time to detection of threats, continuous file monitoring, retrospective alerting, advanced malware analysis, and simplified security management from one central location.
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 tarihinde gerçekleştirilen Kurumsal SOME Yönetimi Ve Proaktif Güvenlik Çözümleri Etkinliği'ne ait sunumlardır.
CCNP Security-Firewall
This document contains slides from a Cisco presentation on firewall certification. It discusses the CCNP Security Firewall v2.0 exam, including exam details, recommended reading, and high-level topics covered. It also provides an overview of Cisco firewall technology including the Adaptive Security Appliance and its features. Configuration topics like licensing, interfaces, NAT, routing, inspection policies and transparent mode are briefly outlined.
Cisco Security Architecture
This presentations highlights the Cisco Security Architecture. For more information Cisco's security products and solutions please visit our website here: http://www.cisco.com/web/CA/products/vpn.html
Cisco ASA Firepower
The document discusses the configuration and setup of the Cisco ASA Firepower module. It provides the following key points:
1. The ASA Firepower module adds next-generation firewall services like IPS, application control, URL filtering, and malware protection. It can be configured in single or multiple context mode, and inline or transparent mode.
2. The module is configured using the separate Firesight Management Center application, either on an external appliance or virtual machine. Basic CLI configuration is also available directly on the ASA.
3. Setup involves installing the module software and image on the ASA, then building and configuring the Firesight Management Center to register and manage the module. Traffic policies on
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
The document discusses Cisco Stealthwatch and its capabilities for network visibility and security. Stealthwatch collects network flow data from switches, routers, firewalls, and other devices using technologies like NetFlow. It analyzes the flows to provide visibility into network traffic, detect threats, and enable incident response. It also discusses encrypted traffic analysis capabilities that can analyze encrypted flows by examining packet lengths, times, and byte distributions without decrypting the actual content.
Meraki powered services bell
Cisco Meraki offers a complete cloud-managed IT solution including wireless, switching, security, mobility management, and communications products. All products are centrally managed through a web-based dashboard for ease of deployment and management. Meraki provides these solutions to over 60 service providers globally to offer turnkey managed services for small and medium businesses as well as bespoke enterprise solutions. Key benefits of Meraki for service providers include simplified deployment, differentiated service offerings, and increased profit margins.
SonicWALL Advanced Features
In this breakout session Cerdant's top engineers, Jeremiah Johnson and Jason Palm displayed how to get the most out of your SonicWALL device by utilizing advanced features like Capture ATP and DPI-SSL.
Hillstone-Corporate-Overview-EN-V3.0
Hillstone Networks provides intelligent firewall solutions that use behavioral intelligence to detect threats. They have over 10,000 customers globally across various industries. Their intelligent firewalls can detect both known and unknown threats through abnormal behavior detection in minutes rather than months. This allows them to find modern attacks that evade traditional signature-based defenses. They offer solutions for both enterprises and data centers to provide perimeter security as well as internal micro-segmentation of virtual machines in private and public clouds.
Cisco asa fire power services
This document discusses Cisco ASA FirePOWER Services and Next-Generation Firewalls. It defines Next-Generation Firewalls as integrated platforms combining traditional firewalls with additional filtering functions like application firewalls, IPS, web filtering, antivirus inspection, and identity management integration. It describes the features of Cisco ASA 5500-X series firewalls with FirePOWER Services modules, including application control, identity control, security intelligence, IPS, URL filtering, advanced malware protection, file blocking, and SSL decryption. It provides examples of how traffic is analyzed and how the Cisco ASA integrates with the FirePOWER module.
Advanced threat security - Cyber Security For The Real World
Cisco delivers intelligent cybersecurity for the real world, providing one of the industry's most comprehensive advanced threat protection portfolio of solutions and services that are integrated, pervasive, continuous and open.
Cisco's threat-centric approach to security reduces complexity, while providing unmatched visibility, continuous control and advanced threat protection across the entire attack continuum, allowing customers to act smarter and more quickly -- before, during, and after an attack.
More information on security here: http://bit.ly/1paUnZV
VIPER Labs - VOIP Security - SANS Summit
The document discusses penetration testing of VoIP networks. It describes a VoIP security research lab that investigates attack vectors against VoIP systems. When conducting internal VoIP assessments, the objectives are to understand the call requirements, VLAN configuration, and gain access to the voice VLAN to test for vulnerabilities. Sniffing tools can reveal the voice VLAN ID and credentials. VLAN hopping poses a risk if an attacker can access the voice VLAN from their PC. A case study found an attacker was able to hop VLANs in a hotel network and potentially monitor other guests' phone calls due to poor network segmentation. Proper firewalling of voice networks and limiting remote access to voice VLANs are important lessons learned.
Building Up Network Security: Intrusion Prevention and Sourcefire
Network security specialist Catherine Paquetl fills you in on advanced threat protection that integrates real-time contextual awareness, intelligent security automation and superior performance with industry-leading network intrusion prevention, Sourcefire.
ABOUT THE PRESENTER
Catherine Paquet, CCSI, CCNP Security, CCNP Routing and Switching, is a network security specialist. She began her internetworking career as a LAN manager, then MAN manager, and eventually became a nationwide WAN manager with the Department of National Defence. Paquet lectures around the world on security topics, including firewalls, VPNs, intrusion prevention, identity systems, email and Web security, and router and switch security. During her spare time, she authors Cisco Press books, and she volunteers as a network security analyst to nonprofit organizations. Paquet attended the Royal Military College Saint-Jean (Canada) and holds an MBA in Management Information Systems (MIS) from York University.
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ISE and TrustSec
Recent breaches have demonstrated that insider threats and determined attackers are effectively able to operate on the network interior where they can wreak havoc on an organization. As a result, it has become necessary to implement security policies inside the network. This webinar describes a data intelligence-driven approach to dynamically segmenting the network to control threats and protect the enterprise through the use of NetFlow and Lancope’s StealthWatch® System in combination with Cisco ISE and TrustSec.
This webinar will cover:
• design and deployment scenarios
• use cases
• best practices
• configuration examples
• forward-leaning vision
The primary takeaway of this webinar is a methodology for leveraging StealthWatch to drive segmentation policies and control threats on the network interior.
Network Security and Visibility through NetFlow
With the rise of disruptive forces such as cloud computing and mobile technology, the enterprise network has become larger and more complex than ever before. Meanwhile, sophisticated cyber-attackers are taking advantage of the expanded attack surface to gain access to internal networks and steal sensitive data.
Perimeter security is no longer enough to keep threat actors out, and organizations need to be able to detect and mitigate threats operating inside the network. NetFlow, a context-rich and common source of network traffic metadata, can be utilized for heightened visibility to identify attackers and accelerate incident response.
Join Richard Laval to discuss the security applications of NetFlow using StealthWatch. This session will cover:
- An overview of NetFlow, what it is, how it works, and how it benefits security
- Design, deployment, and operational best practices for NetFlow security monitoring
- How to best utilize NetFlow and identity services for security telemetry
- How to investigate and identify threats using statistical analysis of NetFlow telemetry
More Related Content
What's hot
FireSIGHT Management Center (FMC) slides
The FireSIGHT Management Center (FMC) provides concise summaries of security events in 3 sentences or less by leveraging extensive network, endpoint, application and threat intelligence data. It improves security operations by reducing the number of tools needed to understand events, shortening the time to scoping and containment. The FMC also automates the correlation of critical events to identify indicators of compromise and focus security teams on remediation.
Solving the Visibility Gap for Effective Security
Network visibility is a vital component of an effective security strategy, but many organizations lack the ability to identify threat activity in their environment. At Cisco, we have assessed the networks of thousands of organizations, and in nearly every instance, we discovered undocumented hosts, risky user behavior, or malicious activity.
Whether it is rogue servers, unauthorized connections, or ongoing data breaches, we’ve harnessed the power of network visibility to identify a variety of suspicious and malicious activity. Now let us share our knowledge with you.
Join Jeff Moncrief, Systems Engineering Manager at Cisco, to learn:
- The reality of how vulnerable enterprise networks are from endpoint to edge
- The security benefits of end-to-end network visibility
- Common problems solved with network visibility
- Stories of real-life threats hidden on networks we’ve assessed
- How to turn your network into a security sensor to gain critical visibility and threat detection capabilities
ASA Firepower NGFW Update and Deployment Scenarios
This session will focus on typical deployment scenarios for the Adaptive Security Appliance family running FirePower Services. Also, a feature overview and comparison of the ASA with Firepower services and the new Firepower Threat Defense (FTD) image will be included with updates on the new Firepower hardware platform. Deployment use cases will include Internet Edge, various segmentation scenarios, and VPN. A configuration walk-through and accepted best practices will be covered. This session is designed for existing ASA customers and targets the security and network engineer. They will learn the benefit of a FirePower NGFW in network edge and Internet use cases
TechWiseTV Workshop: OpenDNS and AnyConnect
Join this in-depth look and detailed demonstration of the OpenDNS Umbrella integration with AnyConnect and how it really can stop most threats before they become serious problems, protecting users anywhere they go, even when the VPN is off.
Watch the workshop replay: http://bit.ly/2bPT1ax
Watch the Video: http://bit.ly/2c60obv
Sasa milic, cisco advanced malware protection
Cisco Advanced Malware Protection uses a combination of techniques including signatures, machine learning, dynamic analysis, and behavioral analytics to both prevent known threats and detect previously unknown threats retrospectively. It provides security for networks, endpoints, and mobile devices through a cloud-based platform that shares threat intelligence between Cisco and its customers.
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...Chrysostomos Christofi
The document provides an overview and agenda for a presentation on Sourcefire threat detection products. The presentation covers the next generation security model focusing on detection, blocking and defending against attacks. It then discusses specific Sourcefire products including the FireSIGHT management center and features. The presentation concludes with an overview of Sourcefire hardware and deployment options when integrating with Cisco ASA products to provide integrated threat defense.Cisco ASA con fire power services
The document introduces Cisco's ASA with FirePOWER Services, which combines Cisco's ASA firewall with Sourcefire's next-generation IPS. It provides superior threat protection through features like advanced malware protection, security intelligence, and application visibility and control. It offers unprecedented network visibility. The integrated threat defense addresses the entire attack continuum to reduce cost and complexity compared to legacy next-generation firewalls.
Cisco amp for meraki
The document summarizes Cisco Advanced Malware Protection (AMP) for Meraki MX, which provides comprehensive security and advanced threat protection across networks. It gives organizations visibility into threats across multiple locations, simplifies security management with a cloud-based platform, and helps quickly detect, analyze and remediate breaches. Key benefits include reduced time to detection of threats, continuous file monitoring, retrospective alerting, advanced malware analysis, and simplified security management from one central location.
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 tarihinde gerçekleştirilen Kurumsal SOME Yönetimi Ve Proaktif Güvenlik Çözümleri Etkinliği'ne ait sunumlardır.
CCNP Security-Firewall
This document contains slides from a Cisco presentation on firewall certification. It discusses the CCNP Security Firewall v2.0 exam, including exam details, recommended reading, and high-level topics covered. It also provides an overview of Cisco firewall technology including the Adaptive Security Appliance and its features. Configuration topics like licensing, interfaces, NAT, routing, inspection policies and transparent mode are briefly outlined.
Cisco Security Architecture
This presentations highlights the Cisco Security Architecture. For more information Cisco's security products and solutions please visit our website here: http://www.cisco.com/web/CA/products/vpn.html
Cisco ASA Firepower
The document discusses the configuration and setup of the Cisco ASA Firepower module. It provides the following key points:
1. The ASA Firepower module adds next-generation firewall services like IPS, application control, URL filtering, and malware protection. It can be configured in single or multiple context mode, and inline or transparent mode.
2. The module is configured using the separate Firesight Management Center application, either on an external appliance or virtual machine. Basic CLI configuration is also available directly on the ASA.
3. Setup involves installing the module software and image on the ASA, then building and configuring the Firesight Management Center to register and manage the module. Traffic policies on
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
The document discusses Cisco Stealthwatch and its capabilities for network visibility and security. Stealthwatch collects network flow data from switches, routers, firewalls, and other devices using technologies like NetFlow. It analyzes the flows to provide visibility into network traffic, detect threats, and enable incident response. It also discusses encrypted traffic analysis capabilities that can analyze encrypted flows by examining packet lengths, times, and byte distributions without decrypting the actual content.
Meraki powered services bell
Cisco Meraki offers a complete cloud-managed IT solution including wireless, switching, security, mobility management, and communications products. All products are centrally managed through a web-based dashboard for ease of deployment and management. Meraki provides these solutions to over 60 service providers globally to offer turnkey managed services for small and medium businesses as well as bespoke enterprise solutions. Key benefits of Meraki for service providers include simplified deployment, differentiated service offerings, and increased profit margins.
SonicWALL Advanced Features
In this breakout session Cerdant's top engineers, Jeremiah Johnson and Jason Palm displayed how to get the most out of your SonicWALL device by utilizing advanced features like Capture ATP and DPI-SSL.
Hillstone-Corporate-Overview-EN-V3.0
Hillstone Networks provides intelligent firewall solutions that use behavioral intelligence to detect threats. They have over 10,000 customers globally across various industries. Their intelligent firewalls can detect both known and unknown threats through abnormal behavior detection in minutes rather than months. This allows them to find modern attacks that evade traditional signature-based defenses. They offer solutions for both enterprises and data centers to provide perimeter security as well as internal micro-segmentation of virtual machines in private and public clouds.
Cisco asa fire power services
This document discusses Cisco ASA FirePOWER Services and Next-Generation Firewalls. It defines Next-Generation Firewalls as integrated platforms combining traditional firewalls with additional filtering functions like application firewalls, IPS, web filtering, antivirus inspection, and identity management integration. It describes the features of Cisco ASA 5500-X series firewalls with FirePOWER Services modules, including application control, identity control, security intelligence, IPS, URL filtering, advanced malware protection, file blocking, and SSL decryption. It provides examples of how traffic is analyzed and how the Cisco ASA integrates with the FirePOWER module.
Advanced threat security - Cyber Security For The Real World
Cisco delivers intelligent cybersecurity for the real world, providing one of the industry's most comprehensive advanced threat protection portfolio of solutions and services that are integrated, pervasive, continuous and open.
Cisco's threat-centric approach to security reduces complexity, while providing unmatched visibility, continuous control and advanced threat protection across the entire attack continuum, allowing customers to act smarter and more quickly -- before, during, and after an attack.
More information on security here: http://bit.ly/1paUnZV
VIPER Labs - VOIP Security - SANS Summit
The document discusses penetration testing of VoIP networks. It describes a VoIP security research lab that investigates attack vectors against VoIP systems. When conducting internal VoIP assessments, the objectives are to understand the call requirements, VLAN configuration, and gain access to the voice VLAN to test for vulnerabilities. Sniffing tools can reveal the voice VLAN ID and credentials. VLAN hopping poses a risk if an attacker can access the voice VLAN from their PC. A case study found an attacker was able to hop VLANs in a hotel network and potentially monitor other guests' phone calls due to poor network segmentation. Proper firewalling of voice networks and limiting remote access to voice VLANs are important lessons learned.
Building Up Network Security: Intrusion Prevention and Sourcefire
Network security specialist Catherine Paquetl fills you in on advanced threat protection that integrates real-time contextual awareness, intelligent security automation and superior performance with industry-leading network intrusion prevention, Sourcefire.
ABOUT THE PRESENTER
Catherine Paquet, CCSI, CCNP Security, CCNP Routing and Switching, is a network security specialist. She began her internetworking career as a LAN manager, then MAN manager, and eventually became a nationwide WAN manager with the Department of National Defence. Paquet lectures around the world on security topics, including firewalls, VPNs, intrusion prevention, identity systems, email and Web security, and router and switch security. During her spare time, she authors Cisco Press books, and she volunteers as a network security analyst to nonprofit organizations. Paquet attended the Royal Military College Saint-Jean (Canada) and holds an MBA in Management Information Systems (MIS) from York University.
What's hot (20)
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment Scenarios
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Advanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real World
Building Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and Sourcefire
Viewers also liked
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ISE and TrustSec
Recent breaches have demonstrated that insider threats and determined attackers are effectively able to operate on the network interior where they can wreak havoc on an organization. As a result, it has become necessary to implement security policies inside the network. This webinar describes a data intelligence-driven approach to dynamically segmenting the network to control threats and protect the enterprise through the use of NetFlow and Lancope’s StealthWatch® System in combination with Cisco ISE and TrustSec.
This webinar will cover:
• design and deployment scenarios
• use cases
• best practices
• configuration examples
• forward-leaning vision
The primary takeaway of this webinar is a methodology for leveraging StealthWatch to drive segmentation policies and control threats on the network interior.
Network Security and Visibility through NetFlow
With the rise of disruptive forces such as cloud computing and mobile technology, the enterprise network has become larger and more complex than ever before. Meanwhile, sophisticated cyber-attackers are taking advantage of the expanded attack surface to gain access to internal networks and steal sensitive data.
Perimeter security is no longer enough to keep threat actors out, and organizations need to be able to detect and mitigate threats operating inside the network. NetFlow, a context-rich and common source of network traffic metadata, can be utilized for heightened visibility to identify attackers and accelerate incident response.
Join Richard Laval to discuss the security applications of NetFlow using StealthWatch. This session will cover:
- An overview of NetFlow, what it is, how it works, and how it benefits security
- Design, deployment, and operational best practices for NetFlow security monitoring
- How to best utilize NetFlow and identity services for security telemetry
- How to investigate and identify threats using statistical analysis of NetFlow telemetry
Joseph Mann
Joseph Allen Mann is an IT security professional with over 22 years of experience managing secure IT operations and building teams. He currently works as a Senior Security Administrator for Progressive Waste Solutions, where his responsibilities include managing 3500 users, implementing security policies and tools like Cisco ACS and Sophos, and conducting security assessments. Previously he has held roles as CEO of his own IT services company, an IT security specialist, and owner/operator of several small businesses. He has multiple security certifications including CISSP, CSM, and several Cisco certifications.
iPS corporate brochure
This document discusses iPS, a company that provides HR and crewing solutions to powerful industries like dredging, maritime, offshore, tunneling, oil & gas. iPS has a thorough understanding of these industries and the urgent need they have for qualified people. iPS has built a large database over 20 years and uses its worldwide network and industry insights to quickly find the optimal candidates. The company prioritizes selecting passionate people who are a good fit and will be successful on the job. With over 80 staff members globally, iPS can reliably meet clients' recruiting and personnel needs anywhere in the world.
TechWiseTV Workshop: Cisco Stealthwatch and ISE
Replay the live event: http://cs.co/90008z2Ar
Learn how your existing Cisco network can help you to know exactly who is doing what on the network with end-to-end visibility, differentiate anomalies from normal behavior with contextual threat intelligence and stop threats and mitigate risk with one-click containment of users and devices.
It’s time for the network to protect itself. Please make time for this important workshop.
Resources:
Watch the Cisco Stealthwatch and ISE full episode: http://cs.co/90008z24M
Network as a Sensor-Enforcer on CCO:
http://www.cisco.com/c/en/us/solutions/enterprise-networks/enterprise-network-security/net-sensor.html
Cisco ISE Community
http://cs.co/ise-community
TechWiseTV Workshop: Cisco ONE
Check out the workshops found at http://www.cisco.com/go/techwisetv You can catch the live/recorded show (either one...) http://cs.co/9003BPeKH
SDN in the Enterprise: APIC Enterprise Module
The document discusses Cisco's Application Policy Infrastructure Controller Enterprise Module (APIC-EM). It provides:
1) An overview of the APIC-EM architecture, which includes Cisco and third party applications, a network information database, policy infrastructure, and automation interfaces to simplify network management and expose network intelligence.
2) Examples of APIC-EM applications like path visualization, policy analysis, EasyQoS, Intelligent WAN, and Network Plug and Play that provide simplified management of networks, applications, and policies through an intuitive user interface and programming interfaces.
3) Details on how APIC-EM can integrate with Cisco Call Manager to dynamically insert and remove access control lists for voice and video calls to prioritize that traffic
Архитектура защиты внутренней сети
В данной сессии мы рассмотрим комплексную систему защиты внутренней сети организации от актуальных угроз. Разберем как можно выявлять инциденты безопасности с помощью интеллектуальной сети Cisco. Узнаем как с помощью сети можно эффективно останавливать внутренние и внешние атаки. Рассмотрим реализацию на решениях Cisco следующих сценариев: выявления зараженных хостов, их изоляцию и карантин, контроль трафика между рабочими станциями, перенаправление трафика для расследования инцидентов. В ходе презентации будут рассмотрены новые возможности для защиты сетей решений Cisco: Lancope StealthWatch и Identity Services Engine, а также архитектуры Cisco TrustSec.
TechWiseTV Workshop: APIC-EM
Hope you did not miss our deep dive: Cisco APIC-EM: IT Speed and Simplicity Through Automation
Ronnie Ray walked through Cisco's purpose-built enterprise controller. Purpose build to help you move to software-defined networking (SDN) that works both on existing networks and on new infrastructure.
Watch and Listen to the workshop replay at cs.co/6017Bl8Kb
(check out the Digital Network Architecture episodes Part 1 and 2 at http://www.techwisetv.com)
You will learn how Cisco engineers created the world’s best network automation controller, which provides enterprise resiliency and scale, an open and extensible platform, and a full suite of policy-driven SDN applications.
You’ll learn about multiple time-saving apps that cover the complete network service lifecycle and drive policy enforcement consistently across the enterprise to make sure of zero-touch infrastructure deployment, quality of experience, and rapid troubleshooting.
Moving to software-driven networking is the future. Join us and find out how to start your journey today.
Introduction to Intrusion detection and prevention system for network
In this research work an Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) will be implemented to detect and prevent critical networks infrastructure from cyber-attacks. To strengthen network security and improve the network's active defense intrusion detection capabilities, this project will consist of intrusion detection system using honey token based encrypted pointers and intrusion prevention system which based on the mixed interactive honeypot. The Intrusion Detection System (IDS) is based on the novel approach of Honey Token based Encrypted Pointers.
Combating Insider Threats – Protecting Your Agency from the Inside Out
When Edward Snowden leaked classified information to the mainstream media, it brought the dangers posed by insider threats to the forefront of public consciousness, and not without reason. Today’s agencies are drowning in fears surrounding sophisticated cyber-attacks but perhaps the most concerning type of attack out there – the insider threat. According to Forrester, abuse by malicious insiders makes up 25% of data breaches. Learn about the best practices and technologies you should be implementing now to avoid becoming the next victim of a high-profile attack.
- Become aware of the different types of insider threats, including their motives and methods of attack
- Understand why conventional security tools like firewalls, antivirus and IDS/IPS are powerless in the face of the insider threat
- Gain clarity on the various technologies, policies and best practices that should be put in place to help detect and thwart insider threats
- Discover how network logs, particularly NetFlow, can be used to cost-effectively monitor for suspicious insider behaviors that could indicate an attack
- Know about emerging attack methods such as muleware that could further escalate insider threats in the coming years
Cisco umbrella overview
This document summarizes a presentation about Cisco Umbrella, a cloud-based security platform. The summary includes:
1) Cisco Umbrella protects organizations from internet threats by resolving domain names and inspecting web traffic before connections are made. It uses intelligence from billions of requests to identify malicious destinations and prevent both user and malware-initiated connections.
2) Cisco Umbrella provides visibility into all network activity, anywhere, and integrates with existing security tools. It can deploy protection to an entire global organization within minutes through DNS configuration.
3) The presentation cites case studies of customers seeing a 4-5 fold decrease in alerts, 70% reduction in virus tickets, and thousands saved in ransomware
Open Source Enterprise Security Solutions
Free and Open Source Software has supernumerary security tools/applications can help improve the security stance of the modern enterprise. Learn how nearly every security problem has an many FOSS (Free and Open Source Software) solutions that can help.
Intrusion detection and prevention system
This presentation describes how to implement Network based Intrusion Detection System (SNORT) in the network. Detecting and analyzing alerts generated and blocking the Attacker using Access Control List.
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE) is a next-generation identity and access control policy platform that enables enterprises to enforce compliance, enhance infrastructure security, and streamline service operations. It determines whether users are accessing the network on authorized devices, establishes user identity and context, and assigns services based on user attributes. ISE provides comprehensive secure access, increases productivity, and reduces operations costs through centralized policy control, visibility, automated provisioning, and guest access management.
Hacking & its types
This document provides an overview of hacking, including its history, definitions, types, famous hackers, reasons for hacking, and advice on security and ethics. Hacking emerged in the 1960s at MIT and refers to attempting to gain unauthorized access to computer systems. It describes hackers as those who exploit weaknesses in computers. Different types of hacking are outlined such as website, network, password, and computer hacking. Advice is given around using strong unique passwords, backing up data, and contacting authorities if hacked. Both advantages like security testing and disadvantages like privacy harm are discussed.
The Future Of Work & The Work Of The Future
What Happens When Robots And Machines Learn On Their Own?
This slide deck is an introduction to exponential technologies for an audience of designers and developers of workforce training materials.
The Blended Learning And Technologies Forum (BLAT Forum) is a quarterly event in Auckland, New Zealand that welcomes practitioners, designers and developers of blended learning instructional deliverables across different industries of the New Zealand economy.
Viewers also liked (17)
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Introduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for network
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
Similar to Cisco, Sourcefire and Lancope - Better Together
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
Cisco offers next generation security solutions to protect networks from advanced threats. Their offerings include the FireSIGHT management platform for continuous monitoring and visibility across the network. Key products discussed are the Sourcefire Next Generation IPS which provides context awareness, application control and advanced malware protection. Cisco has also made several security acquisitions to enhance their capabilities in areas like email/web security, behavioral analytics, and threat intelligence.
Cisco Connect Halifax 2018 Anatomy of attack
The document discusses Cisco's solutions for securing access to the internet and usage of cloud applications. It begins with an overview of how cyber attacks have evolved over time, from initial reconnaissance to widescale expansion. It then covers Cisco's Umbrella and Cloudlock products, explaining how Umbrella provides visibility and protection from internet threats by blocking connections to malicious destinations. Cloudlock is described as securing usage of cloud apps and protecting cloud accounts from compromise. The document emphasizes how the two solutions work in a complementary manner to provide comprehensive security across network, cloud, and internet activity.
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
This document discusses Cisco's next generation security strategy and solutions. It outlines Cisco's approach of integrating products to provide unified visibility, advanced threat protection, and consistent control across networks, endpoints, cloud, and mobile environments. It highlights key Cisco security technologies like FirePOWER, Advanced Malware Protection (AMP), and Identity Services Engine (ISE) and how they work together to provide defense, detection, and remediation against evolving threats.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Simon Wong and Chris Cram, Scalar security experts, discuss how Palo Alto Networks technology disrupts the entire malware kill chain. Attendees will also gain insight on flexible deployment options to better serve their mobile users, and how to get the most out of their Palo Alto Networks deployment.
Security and-visibility
Digitization and increased mobility have complicated network visibility and security. Threats are more numerous, complex, and use encryption to evade detection. Cisco Stealthwatch provides holistic security through network-based visibility and analytics. It transforms networks into security sensors to see all traffic, contain threats, and detect encrypted threats. Advanced machine learning and behavioral modeling detect anomalies and threats without relying on endpoint agents. Stealthwatch integrates with Cisco Identity Services Engine to rapidly quarantine infected hosts.
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approach
The document discusses the importance of integrating security solutions to create an effective security architecture. It outlines how Cisco has integrated its portfolio of security products through sharing threat intelligence, event information, and policy across firewalls, web security, email security, endpoint security, and other solutions. This level of integration helps speed threat detection and response times by automating processes and providing contextual awareness across the network.
Cisco Live Cancun PR Session
This document discusses the evolution of cyber threats from viruses in the 1990s to advanced persistent threats today. It notes that 100% of companies connect to domains hosting malicious files or services, 54% of breaches go undiscovered for months, and 60% of data is stolen within hours. The document advocates for a holistic approach to cybersecurity called the Global Security Sales Organization that covers the entire attack continuum from before, during, and after attacks. This includes visibility across the network, endpoints, mobile devices, virtual systems, and cloud to detect, block, and defend against threats.
Two for Attack: Web and Email Content Protection
Session: Two for Attack: Web and Email Content Protection
Presenter: Steve Gindi, Director Advanced Threat Security
Date: October 6, 2015
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Dave Asprey, VP of Cloud Security at Trend Micro, presented on encryption techniques for securing data and applications in public clouds. He outlined 16 pieces of advice, including encrypting network traffic, files systems, and data in shared storage. Only allow decryption keys to enter the cloud during decryption. Minimize the number of services per virtual machine instance and only open necessary ports. Use host-based intrusion detection and system hardening tools.
Ids & ips
This document provides an overview of the features and capabilities of FortiGate IPS (Intrusion Prevention System), including over 7,000 signatures, DOS protection, deployment options, sensor functions, FortiGuard security services, performance metrics, packet logging, user quarantine, advanced NGIPS features, and DOS sensors. It also includes contact information for an Italian company specialized in Fortinet solutions.
CONFidence2015: Real World Threat Hunting - Martin Nystrom
Real World Threat Hunting
Security threats have grown from network annoyances to attacks on sensitive infrastructure; penetrating network perimeters, moving laterally within networks, breaching new device types, and cloaking movements. This presentation will share techniques utilized by Cisco to detect and investigate sophisticated, embedded threats.
The speaker, who has conducted monitoring and investigations on customer networks, will review recent real attacks observed on customer networks, from discovery to remediation, and provide lessons learned. These interactive case examples will highlight how to identify these threats using security intelligence, expert staff, and the Cisco OpenSOC platform.
Examples of attacks and illustrations:
* Sophisticated phishing attacks targeted at customer environments.
* Breaches and data exfiltration resulting from the high-profile HeartBleed and Shellshock vulnerabilities.
* Sophisticated malware targeting financial institutions with the goal of data theft.
* Use of full packet capture to identify data exfiltration.
Next Generation Security
The document discusses next generation security and the Cisco FireSIGHT solution. It describes how hacking has become more sophisticated over time and now poses serious threats. Cisco FireSIGHT provides comprehensive visibility, advanced malware protection, and context-aware next generation intrusion prevention and firewall capabilities to address modern security challenges. The solution leverages collective security intelligence from Cisco's world-class security research organization.
Cisco Content Security
The document discusses Cisco's content security solutions for web and email, focusing on advanced malware protection. It describes the evolving threat landscape including targeted attacks and advanced malware. Cisco content security addresses challenges like data loss, malware infections and visibility. Cisco Content Security with AMP provides threat protection before, during and after attacks using reputation filtering, file sandboxing, threat analytics and defense across the attack continuum. It is powered by Cisco's collective security intelligence from billions of requests and samples analyzed daily.
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
The rapid adoption of cloud services and application migration has brought several challenges to network admins and security professionals, and it has made real-time visibility of the network an even more crucial priority. In this session, learn how Cisco Stealthwatch Cloud helps you leverage data you inherently create with AWS and within your network to prevent compute theft and orphaned compute, secure weak or incomplete access control lists (ACL), and enforce security policies beyond the traditional firewall while maintaining regulatory compliance by extending visibility across your entire network. This presentation is brought to you by AWS partner, Cisco Systems, Inc.
Day4
Network security is important to protect systems from attacks. Firewalls act as the first line of defense, blocking unauthorized incoming and outgoing network traffic based on security rules. Different types of firewalls operate at different layers of the OSI model and provide varying levels of security. No single security measure can guarantee protection, so a defense-in-depth approach using firewalls along with other tools like intrusion detection systems is recommended.
Anatomy of an Attack
The document discusses an anatomy of a cyber attack and Cisco's cloud security solutions. It begins with an overview of the stages of a typical cyber attack from initial reconnaissance through wide-scale expansion. It then provides examples of Locky and Wannacry ransomware attacks and how Cisco Umbrella and Cloudlock can help prevent them. The document concludes by explaining how Cisco Umbrella provides secure internet access and Cisco Cloudlock provides visibility and control over cloud applications, users, accounts, and data.
Cisco amp for networks
Cisco Advanced Malware Protection for Networks provides network-based advanced malware protection that goes beyond point-in-time detection. It detects, blocks, tracks, and contains malware threats across multiple threat vectors within a single system. It also provides visibility and control to protect organizations against highly sophisticated, targeted, zero-day, and persistent advanced malware threats. Some key capabilities include continuous analysis of files and traffic, retrospective security to look back in time after an attack, correlation of security events into coordinated attacks, tracking malware spread and communications, and containing malware outbreaks.
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
Rapid adoption of cloud services and application migration brings several challenges to network administrators and security professionals, making real-time visibility of the network even more of a priority. In this session, learn how Cisco Stealthwatch Cloud helps you leverage data that you inherently create with AWS within your network to prevent compute theft and orphaned compute, secure weak or incomplete access control lists (ACL), and enforce security policies beyond the traditional firewall while maintaining regulatory compliance by extending visibility across your entire network. This presentation is brought to you by AWS partner, Cisco Systems Inc.
Security Delivery Platform: Best practices
Security Delivery Platform: Best practices
The traditional Security model was one that operated under simple assumptions. Those assumptions led to deployment models which in todays’ world of cyber security have been proven to be quite vulnerable and inadequate to growing amount and diversity of threats.
A Security Delivery Platform addresses the above considerations and provides a powerful solution for deploying a diverse set of security solutions, as well as scaling each security solution beyond traditional deployments. Such platform delivers visibility into the lateral movement of malware, accelerate the detection of ex-filtration activity, and could significantly reduce the overhead, complexity and costs associated with such security deployments.
In today’s world of industrialized and well-organized cyber threats, it is no longer sufficient to focus on the security applications exclusively. Focusing on how those solutions get deployed together and how they get consistent access to relevant data is a critical piece of the solution. A Security Delivery Platform in this sense is a foundational building block of any cyber security strategy.
[CLASS 2014] Palestra Técnica - Delfin Rodillas
Título da Palestra: Defendendo sistemas de controle industrial contra ameaças cibernéticas com segurança de próxima geração
Similar to Cisco, Sourcefire and Lancope - Better Together (20)
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approach
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approach
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin Nystrom
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
More from Lancope, Inc.
The Internet of Everything is Here
The idea of a more connected world is an exciting prospect. The proliferation of Internet-enabled cars, appliances, medical devices, thermostats, and so on has already changed the way we live and will only continue grow. Unfortunately, these devices are expanding an already large attack surface, and cybercriminals are eager to exploit them.
If we do not prepare for this influx of new, specialized devices on our networks, the Internet of Things (IoT) will leave gaping holes in our cybersecurity practices. But securing these many devices is a daunting task for even the bravest security professional.
Join Keith Wilson of Cisco Security for a webinar to discuss the security challenges related to IoT. Topics covered include:
-Why IoT devices can be difficult to secure
-Industries already affected by this trend such as health care, manufacturing, financial services and retail
-The various approaches to securing these devices
-How you can best keep IoT devices from becoming a security liability
Combating Insider Threats – Protecting Your Agency from the Inside Out
Whether they realize it or not, all enterprises have valuable data to protect. Credit card information, trade secrets, and patient data, for example, are all prime targets for cyber criminals.
You can reduce risk to your sensitive data through the use of compliance/segmentation monitoring. But what happens when malicious insiders or external attackers bypass these controls?
Join Lancope’s Consulting Security Architect, Charles Herring, to learn how network behavioral anomaly detection (NBAD) and deep visibility through NetFlow can be used to quickly alert administrators to these violations. Discover how to detect anomalies such as data hoarding and data loss to more effectively safeguard your crown jewels.
5 Signs you have an Insider Threat
While the current threat landscape is full of sophisticated and well-resourced adversaries, one of the most dangerous is the insider because they already have access to the sensitive data on your network.
According to a report from Forrester Research, nearly half of technology decision makers who experienced a data breach in the year studied reported that an internal incident was the source of their compromise.
Since firewalls and perimeter defenses are largely incapable of addressing insider threats, organizations must turn to internal network monitoring and analytics to identify threats based on their behavior.
Join us for a free webinar on the Five Signs You Have an Insider Threat to learn what to look for to protect your organization from this challenging attack type. The webinar will cover topics including:
- Insider threat prevalence
- Major signs of insider threat activity
- How to detect these signs
- How to identify an insider threat before they impact your organization
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
A common theme in data breach investigations is the deficit between the time it takes an attacker to compromise a system and the time it takes for the defender to detect the attack. In many cases, victim organizations do not know they have been breached for weeks or months after the initial compromise, while attackers can gain access in a matter of minutes or hours.
The StealthWatch® System can drastically reduce the time to identify threats, giving security personnel a window of opportunity to mitigate an attack before valuable data is lost. This webinar will cover how StealthWatch quickly detects a variety of malicious activity, using threat information from the Verizon 2015 Data Breach Investigations Report as a backdrop.
Participants will learn how StealthWatch can quickly detect:
- Crimeware
- Insider threats
- Point-of-sale (POS) intrusions
- Cyber-espionage
Extending Network Visibility: Down to the Endpoint
In today’s world of constantly evolving security threats and attack vectors, organizations need to be vigilant about monitoring their network infrastructure. The network perimeter and security infrastructure is often challenged with the adoption of mobile devices, cloud, and BYOD policies. The need for visibility into endpoint activity has become more important than ever.
Join Josh Applebaum (Ziften), Matthew Frederickson, (Council Rock School District) and Peter Johnson (Lancope) for a complimentary webinar to learn how you can achieve real-time network visibility and intelligence for improved incident response.
Discover how you can:
- Achieve additional visibility and context to network activity
- Enhance your existing security investments (NetFlow, Firewall, SIEM, threat intelligence)
- Improve incident response by obtaining real-time and historical endpoint data
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
This document discusses threats faced by manufacturers from cyber attacks and how to protect important intellectual property and sensitive business data, known as "crown jewels". It describes how network behavioral anomaly detection (NBAD) can be used to monitor network traffic and identify anomalies that may indicate insider threats or external attacks. The document outlines how to identify crown jewels, monitor insiders' network activity, ensure proper audit trails are in place, and provides an overview of the Lancope StealthWatch solution for gaining network visibility and security intelligence.
The Seven Deadly Sins of Incident Response
According to a recent study from Cisco, organizations show high levels of confidence in their security policies; but when it comes to their ability to scope and contain compromises, their confidence drops significantly.
Such statistics demonstrate that organizations continue to struggle with incident response.
Join Lancope’s security researcher, Brandon Tansey, and 451 Research’s senior analyst, Javvad Malik, to learn how to avoid The Seven Deadly Sins of Incident Response, and what you can do to improve your organization’s security posture.
Sins include:
- Lack of visibility/not understanding your environment
- Inability to separate the signal from the noise
- Modeling use cases on defenses, not attackers
Save Your Network – Protecting Healthcare Data from Deadly Breaches
As recent events have proven, healthcare organizations are especially vulnerable to cyber-attacks due to the amount of valuable data they maintain. With advanced attacks becoming so ubiquitous, how can healthcare organizations protect patient data and avoid becoming the next high-profile victim in the headlines?
The answer lies in network visibility. Healthcare providers and others are invited to join this complimentary webinar to learn how to:
-Cost-effectively transform their network into a sensor grid for detecting sophisticated attacks
-Quickly uncover suspicious behaviors associated with zero-day attacks, APTs, insider threats and other risks that frequently evade conventional defenses
-Protect their reputation by thwarting attacks before they lead to devastating data loss
Insider threats webinar 01.28.15
The document discusses insider threats and methods for detecting and preventing them. It defines an insider as a person with credentials and access to an organization's endpoints. It describes how insiders may be motivated to carry out attacks due to factors like ideology, financial hardship, or extortion. It also outlines threats posed when insiders' credentials are compromised or misused. The document recommends techniques like background checks, multifactor authentication, endpoint hardening, and anomaly detection methods to reduce insider vulnerabilities. It emphasizes the importance of network visibility and audit trails for timely detection of insider threats.
Protecting the Crown Jewels from Devastating Data Breaches
Whether they realize it or not, all enterprises have valuable data to protect. Credit card information, trade secrets, and patient data, for example, are all prime targets for cyber criminals.
You can reduce risk to your sensitive data through the use of compliance/segmentation monitoring. But what happens when malicious insiders or external attackers bypass these controls?
Join Lancope’s Consulting Security Architect, Charles Herring, to learn how network behavioral anomaly detection (NBAD) and deep visibility through NetFlow can be used to quickly alert administrators to these violations. Discover how to detect anomalies such as data hoarding and data loss to more effectively safeguard your crown jewels.
The Library of Sparta
On today's increasingly militarized Internet, companies, non-profits, activists, and individual hackers are forced to melee with nation-state class adversaries. Just as one should never bring a knife to a gunfight, a network defender should not rely on tired maxims such as “perimeter defense” and “defense in depth”. Today’s adversaries are well past that. This webinar provides:
- Key insights into what we call the Library of Sparta - the collective written expertise codified into military doctrine. Hidden in plain sight, vast free libraries contain the time-tested wisdom of combat at the tactical, operational, and strategic levels.
- Better understanding on how adversaries will target your organization, and it will help you to employ military processes and strategies in your defensive operations.
- Provide you with new approaches and examples about how to translate and employ doctrinal concepts in your current operations.
SCADA Security: The Five Stages of Cyber Grief
Every time a new information technology finds its way into production, it seems as though we end up repeating the same process – security vulnerabilities will be discovered and disclosed in that technology, and users and vendors will deny that the risks are significant. Only after major attacks occur do we really start to see efforts to address the inherent risks in a systematic way.
We’re falling into this exact same trap again with Industrial Control and SCADA systems, but in this case the problem is worse, because the inherent nature of control systems prevents us from applying many of the strategies that have been used to protect other kinds of computer networks.
Join Lancope’s Director of Security Research, Tom Cross, for a look at the five stages of grief that organizations seem to pass through as they come to terms with security risks, and how far we’ve come regarding Industrial Control Systems.
Hear about:
The state of Control Systems security vulnerabilities
Attack activity that is prompting a change in perspective
The unique, long-term challenges associated with protecting SCADA networks
How anomaly detection can play a key role in protecting SCADA systems now
Looking for the weird webinar 09.24.14
Signature detection of attacks requires an understanding of what is “bad” traffic. Unfortunately, advanced attackers are crafting innovative and persistent attacks that create a new brand of “bad” that has no signature. Today’s organizations must instead embrace more forward-thinking security measures such as behavioral analysis in order to identify threats that bypass conventional defenses.
Join this complimentary webinar to learn how real-world breaches over the last couple of years were detected by looking at traffic deviating from normal patterns via metadata/NetFlow analysis.
Discover how:
- Sophisticated attackers are bypassing conventional, signature-based security solutions
- NetFlow analysis can detect both known and unknown threats by identifying anomalous behaviors that could signify an attack
- Leveraging flow data can significantly improve threat detection, incident response and network forensics
Protecting Financial Networks from Cyber Crime
Financial services organizations are prime targets for cyber criminals. They must take extreme care to protect customer data, while also ensuring high levels of network availability to allow for 24/7 access to critical financial information. Additionally, industry consolidation has created large, heterogeneous network environments within large financial institutions, making it difficult to ensure that networks have the necessary visibility and protection to prevent a devastating security breach. By leveraging NetFlow from existing network infrastructure, financial services organizations can achieve comprehensive visibility across even the largest, most complex networks. The ability to quickly detect a wide range of potentially malicious activity helps prevent damaging data breaches and network disruptions. Attend this informational webinar, conducted by Lancope’s Director of Security Research, Tom Cross, to learn: How NetFlow can help quickly uncover both internal and external threats How pervasive network insight can accelerate incident response and forensic investigations How to substantially decrease enterprise risks
SCADA Security: The Five Stages of Cyber Grief
The document summarizes the five stages of grief experienced by organizations when they realize their critical infrastructure systems are connected to the internet and vulnerable to cyber attacks: denial, anger, bargaining, depression, and acceptance. It provides examples to illustrate why each stage occurs, such as discoveries of thousands of exposed SCADA and ICS devices online using tools like SHODAN, high-profile attacks like Stuxnet targeting critical infrastructure systems, and challenges of keeping outdated systems patched against emerging threats. The document argues organizations must ultimately accept the interconnected nature of systems and find new ways to design and manage critical infrastructure that are more secure and resilient to cyber attacks.
Reverse Engineering Malware: A look inside Operation Tovar
Join us as we step through the reverse engineering of CryptoLocker, identifying important functionality and weaknesses. We'll demonstrate how we were able to use this information to help protect our customers months ago, the weaknesses that the Department of Justice took advantage of, and how you can do the same for other types of malware down the line.
Needs of a Modern Incident Response Program
The document discusses the needs of a modern incident response program. It notes that attackers have the advantage of asymmetry, as defenders must protect all vulnerabilities while attackers only need to find one. It argues that incident response programs need to move towards continuous monitoring and detection across all stages of an attack's kill chain, from reconnaissance to data exfiltration. This would allow defenders to detect and respond to threats earlier in the attack process.
Data center webinar_v2_1
The document discusses securing data centers from cyber threats. It describes how attacks have evolved from manual to mechanized to sophisticated human-led attacks. It advocates employing segmentation, threat defense and visibility measures like firewalls, IDS/IPS, and NetFlow. The Cisco Cyber Threat Defense solution places these tools at the access, aggregation and core layers, including the ASA firewall, Nexus switches, and StealthWatch for network monitoring and analytics. This provides visibility into network traffic across physical and virtual infrastructure to detect threats and policy violations.
Insider threat v3
This document discusses insider threats and strategies for detecting and preventing them. It outlines that while most breaches are caused by external attackers, insiders still cause significant damage in some cases. It describes the different types of insider threats and notes that prevention and detection require logs of network activity as well as a multidisciplinary approach. Specific tools like StealthWatch can provide network visibility and user identity integration to help identify suspicious insider behavior like data exfiltration or hoarding.
The Critical Security Controls and the StealthWatch System
This document summarizes an expert webcast on the Critical Security Controls and the StealthWatch system. John Pescatore from SANS discussed the Critical Security Controls and how they help prioritize security efforts. Charles Herring from Lancope then discussed how the StealthWatch system provides network visibility through NetFlow monitoring and can help implement several of the Critical Security Controls through boundary defense, threat detection, incident response, and secure network engineering capabilities. The webcast concluded with a question and answer session.
More from Lancope, Inc. (20)
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the Endpoint
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Protecting the Crown Jewels from Devastating Data Breaches
Protecting the Crown Jewels from Devastating Data Breaches
Reverse Engineering Malware: A look inside Operation Tovar
Reverse Engineering Malware: A look inside Operation Tovar
The Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch System
Recently uploaded
National Security Agency - NSA mobile device best practices
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Video Streaming: Then, Now, and in the Future
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Join us to introduce Milvus Lite, a vector database that can run on notebooks and laptops, share the same API with Milvus, and integrate with every popular GenAI framework. This webinar is perfect for developers seeking easy-to-use, well-integrated vector databases for their GenAI apps.
20240609 QFM020 Irresponsible AI Reading List May 2024
Everything I found interesting about the irresponsible use of machine intelligence in May 2024
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Removing Uninteresting Bytes in Software Fuzzing
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
20240607 QFM018 Elixir Reading List May 2024
Everything I found interesting about the Elixir programming ecosystem in May 2024
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
“I’m still / I’m still / Chaining from the Block”
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
Essentials of Automations: The Art of Triggers and Actions in FME
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations20240605 QFM017 Machine Intelligence Reading List May 2024
Everything I found interesting about machines behaving intelligently during May 2024
UiPath Test Automation using UiPath Test Suite series, part 5
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
TrustArc Webinar - 2024 Global Privacy Survey
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Climate Impact of Software Testing at Nordic Testing Days
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Recently uploaded (20)
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Cisco, Sourcefire and Lancope - Better Together
- 1. Cisco, Sourcefire and Lancope – Better Together David Salter Technical Director, Lancope Inc. 26th February 2014 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
- 2. The Problem is © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
- 3. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
- 4. Attack Continuum BEFORE AFTER Control Enforce Harden Network DURING Detect Block Defend Scope Contain Remediate Endpoint Mobile Point in time © 2013 Cisco and/or its affiliates. All rights reserved. Virtual Cloud Continuous Cisco Confidential 4
- 5. Attack Continuum BEFORE DURING AFTER Control Enforce Harden Detect Block Defend Scope Contain Remediate Firewall Patch Mgmt IPS IDS AMD App Control Vuln Mgmt Anti-Virus FPC Log Mgmt VPN IAM/NAC Email/Web Forensics SIEM Visibility and Context © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
- 6. Attack Continuum BEFORE DURING AFTER Control Enforce Harden Detect Block Defend Scope Contain Remediate Firewall VPN NGFW UTM NAC + Identity Services NGIPS Advanced Malware Protection Web Security Email Security Lancope StealthWatch System Visibility and Context © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
- 7. Attack Continuum • BREADTH BEFORE • Monitor and profile network Control traffic and application data for up Enforce Harden to 25M+ hosts • Monitor policy • Provide intelligence to improve defenses • Identify precursors to an attack (example: reconnaissance) • DEPTH • Host map and risk profile up to 300K hosts • Identify application and services (over 2000) • Identify Operating Systems • Leverage network awareness as a component of NGIPS • help tune policy Visibility and Context © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
- 8. Attack Continuum • NETWORK FOCUS DURING • Leverages Cisco infrastructure Detect for detection Block Defend • Detection using behavioral profiles & statistical modeling • Detect attacks that do not violate policy (low and slow attacks, data loss) • Detect ongoing attacks (DDoS) • HOST/APPLICATION FOCUS • Network probes and host agents • DPI & rules engine (Snort) to alert/block vulnerabilities • Detect/block known bad files for specific host platforms • Leverage sandboxing to identify known bad file activity Visibility and Context © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
- 9. Attack Continuum • Track infection spread through AFTER the network Scope • Create a forensic trail of network Contain Remediate activities • Investigate activities post mortem • Reconstruct attack timeline • Provide file interaction history • Detect and remediate known bad files • Limits the proliferation of known bad files Visibility and Context © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
- 10. Feature Sourcefire FireSIGHT Lancope StealthWatch Data Source Enriched metadata generated by dedicated sensors, creates detailed network host map NetFlow/IPFIX from Cisco router, switches and firewalls, StealthWatch FlowSensor, and other flow sources Storage 500M events and 500M flow summaries, usually weeks of data or less Up to 4TB of storage per collector, usually many months or more. Many FlowCollectors attached to a single Management Console Event Rate Up to 10,000 events per second, based on appliance model 120,000+ flows per second per FlowCollector appliance. Scalability Based on Defense Center event database max Horizontal, support queries across multiple FlowCollectors Scalability of data sources Single Defense Center can support over 100 sensors, one database Up to 50,000 sources (routers / switches / firewalls) © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
- 11. Sourcefire FireAMP Lancope StealthWatch Detection of threats using file analysis Detection of threats using traffic analysis File analysis is not 100 percent effective but those that Detect malware created to evade file analysis or are detected are quarantined. packet inspection. Remediation is performed leveraging other technologies (firewall, IPS, traffic scrubber, host quarantine, etc) ‘Retrospective’ detection can alert to older malware when new intelligence is added to the cloud User activity recorded and available for both real time and historic analysis of suspect hosts spanning months/years. Client support depends on platform. Network inspection requires a distributed deployment of FirePOWER devices. Monitors all host activity regardless of machine type, recording transactions for analysis. FireAMP shows machines infected chronologically, StealthWatch has extensive history of all network how the file moved and proliferated but does not show communication made by infected hosts to determine flow information, the potential exposure © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
- 12. Attack Continuum BEFORE DURING AFTER Control Enforce Harden Detect Block Defend Scope Contain Remediate Firewall VPN NGFW UTM NAC + Identity Services NGIPS Advanced Malware Protection Web Security Network Behavior Analysis Email Security Lancope StealthWatch System Visibility and Context © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
- 13. An Architectural Approach • Pervasive visibility across the attack continuum • Focus on threats in addition to policy • Provide holistic view into all host-to-host communication • Reduce complexity, increase capabilities • A platform strategy addressing a broad range of attack vectors – everywhere the threat manifests • Enabled by world-class research & open source © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
- 14. Thank you.