SlideShare a Scribd company logo

Endpoint Modeling 101 - A New Approach to Endpoint Security

Download as PPTX, PDF
O
Observable Networks

Observable Networks reviews what endpoint modeling is, how it works, why it's important, and how endpoint modeling improves your network security.

Software
1 of 13
Dynamic Endpoint Modeling
What is Endpoint Modeling? • It’s observing all behavior of all of your network endpoints and watching for changes in that behavior; changes that could indicate possible compromise or malicious activity. • It’s rapid identification of compromised equipment thus driving remediation response times to near immediate.
What is Endpoint Modeling? • It’s passive collection of IP traffic information - and not payload - to determine anomalies, thus not affected by encryption or levels of transparency in virus signatures. • It’s utilization of cloud powered compute and remote run algorithms to deliver real-time analysis and alert functionality. • It’s unprecedented visibility. At the core it’s “Baselining” – comparing current & past activity and performance to an historical baseline.
endpoint modeling is profoundly different Role Network Activity Communication Patterns ✔ ✔ ✔ Continuous Validation 4 Compliance✔T:406, TAG 19, EXPLORE, ALERT-3F V:9011, TAG 139, EXPLORE, ALERT-3A T:126, TAG 6D, CONFIRMED ALERT-12
How Does Endpoint Modeling Work? Roles, Profiles, and Algorithms Models include five key dimensions of behavior analysis, each of which is built upon our robust proprietary catalog of device profiles, roles, and security algorithms. • PROFILES - device profiles are network flow-level labels recognized by port, traffic,, destination IP and packet characteristics. Device profile names are given to a behavior associated with a software application or service, such as a streaming media client. • ROLES - device roles are combinations of device profiles that represent more complex network devices. A device role is a high-level category for a connected device, such as a printer, domain controller, or medical imaging server. Devices on enterprise networks typically fulfill one or more device roles. • ALGORITHMS - security algorithms are modeling and anomaly-detection techniques based on statistical, state-based, rule-based, and learning theories that rapidly identify aberrant events, whether known to be normal, new, or potentially malicious. Copyright © Observable Networks, Inc. 5
How Does Endpoint Modeling Work? Assessing Behavior over Time  according to its type?  like similar types?  like it has in the the past?  in a way that breaks rules?  as predicted? How is the device operating: Important: No Deep Packet Inspection No end host agents Copyright © Observable Networks, Inc. 6
Copyright © Observable Networks, Inc. 7 Why Is Endpoint Modeling Important? Key IT Security Shifts No Threat Signatures 1 End-to-End Encryption 2 Device Proliferation 3 MORE Devices • Everything connects to the network • High growth in unmanaged devices • Creating blind spots in security posture HIGHER Specificity of Attacks • Little to no signatures • Social engineered attacks are common • Perimeter defenses are weakening MORE Encryption • Desire for increased security and privacy • Everything will be opaque • Creating vulnerability in existing tools
Copyright © Observable Networks, Inc. 8 Why Is Endpoint Modeling Important? Key IT Security Shifts Complex Networks 4 Inside & Insider Threats 5 Too Many Vectors 6 KNOW yourself • Can’t know all enemies • Can’t know all vulnerabilities • Can know normal to recognize attacks POROUS perimeter • Partner connectivity • Mobile connectivity • 3rd Party hosting and SaaS services Watch everything • Attackers roosting inside • Employees and contractors • Holistic awareness is required
How Does Endpoint Modeling Improve Security? • A continuous, unobstructed understanding of every endpoint's behavior, regardless of its function • Rapid identification of indicators of compromise without dependencies on log file monitoring, deep packet inspection (DPI), or other signature-based methods • Insightful and efficient security actions T:406, TAG 19, EXPLORE, ALERT-3F V:9011, TAG 139, EXPLORE, ALERT-3A T:126, TAG 6D, CONFIRMED ALERT-12 9 With Dynamic Endpoint Modeling, you gain:
All data being unencrypted or the need to be unencrypted A current signature for every new threat An agent installed on all network endpoints Endpoint Modeling has NO legacy dependencies, such as: How Does Endpoint Modeling Improve Security? Copyright © Observable Networks, Inc. 10 endpoint modeling provides a X X X
Copyright © Observable Networks, Inc. 11 ✔ BETTER THREAT DETECTION Real Time/ Near Real Time Post Compromise Summarizing Endpoint Modeling End-to-end encryption Device proliferation Information overload InfoSec staffing challenges Trends & Realities No DPI, meta-data only No endpoint agents Concise, actionable alerts Profoundly aids productivity Endpoint Modeling
you can know more about your network than any adversary Copyright © Observable Networks, Inc. 12
About Observable’s Endpoint Modeling Service observable.net/trial Copyright © Observable Networks, Inc. 13 Dynamic Security Intelligence DEM uses real-time network flow data, automated security analytics, and big-data methods to continuously model all of your network devices. Cloud Platform No specialized hardware to purchase or software agents to deploy, Observable offers Network Security-as-a-Service in the cloud, which greatly simplifies deployment. Managed Service Agility Do you have the people and tools necessary for advanced threat detection? It’s expensive and time consuming to deploy the latest tools, hire the best analysts, and maintain a continuous vigil to ensure the integrity of your systems and data. Software-as-a- Service (SaaS) Subscription Observable simplifies threat detection as a SaaS subscription. Select cost-effective monthly or annual subscriptions, for any size organization. Free 60 Day Trial, Experience the Full Product & Service Sign-up, download and install the service today. In fact you can be building your endpoint’s baseline within hours of initiating your trial. Full support for placement, configuration and alerts.

Recommended

Threat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachThreat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachRahul Neel Mani
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsSirius
 
What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?Priyanka Aash
 
Simplifying Security Management in the Virtual Data Center
Simplifying Security Management in the Virtual Data CenterSimplifying Security Management in the Virtual Data Center
Simplifying Security Management in the Virtual Data CenterAlgoSec
 
IDC Security 2014, Endpoint Security in Depth
IDC Security 2014, Endpoint Security in DepthIDC Security 2014, Endpoint Security in Depth
IDC Security 2014, Endpoint Security in DepthKen Tulegenov
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Designcentralohioissa
 
IT Cyber Security Operations
IT Cyber Security OperationsIT Cyber Security Operations
IT Cyber Security OperationsNapier University
 
Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...
Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...
Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...Resilient Systems
 

Recommended

Threat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachThreat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachRahul Neel Mani
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsSirius
 
What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?Priyanka Aash
 
Simplifying Security Management in the Virtual Data Center
Simplifying Security Management in the Virtual Data CenterSimplifying Security Management in the Virtual Data Center
Simplifying Security Management in the Virtual Data CenterAlgoSec
 
IDC Security 2014, Endpoint Security in Depth
IDC Security 2014, Endpoint Security in DepthIDC Security 2014, Endpoint Security in Depth
IDC Security 2014, Endpoint Security in DepthKen Tulegenov
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Designcentralohioissa
 
IT Cyber Security Operations
IT Cyber Security OperationsIT Cyber Security Operations
IT Cyber Security OperationsNapier University
 
Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...
Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...
Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...Resilient Systems
 
Machine Learning for Threat Detection
Machine Learning for Threat DetectionMachine Learning for Threat Detection
Machine Learning for Threat DetectionNapier University
 
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Adrian Guthrie
 
Cylance Information Security: Compromise Assessment Datasheet
Cylance Information Security: Compromise Assessment DatasheetCylance Information Security: Compromise Assessment Datasheet
Cylance Information Security: Compromise Assessment DatasheetInnovation Network Technologies: InNet
 
Shift Happens: Eliminating the Risks of Network Security Policy Changes
Shift Happens: Eliminating the Risks of Network Security Policy ChangesShift Happens: Eliminating the Risks of Network Security Policy Changes
Shift Happens: Eliminating the Risks of Network Security Policy ChangesAlgoSec
 
Security Ops for large and small companies
Security Ops for large and small companiesSecurity Ops for large and small companies
Security Ops for large and small companiesMona Arkhipova
 
Risks vs real life
Risks vs real lifeRisks vs real life
Risks vs real lifeMona Arkhipova
 
5 benefits of network monitoring
5 benefits of network monitoring5 benefits of network monitoring
5 benefits of network monitoringFlightcase1
 
8 Reasons to Choose Logrhythm
8 Reasons to Choose Logrhythm8 Reasons to Choose Logrhythm
8 Reasons to Choose LogrhythmLogRhythm
 
PPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALPPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALRisi Avila
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...Savvius, Inc
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!centralohioissa
 
Gov & Education Day 2015 - User Behavior Analytics
Gov & Education Day 2015 - User Behavior AnalyticsGov & Education Day 2015 - User Behavior Analytics
Gov & Education Day 2015 - User Behavior AnalyticsSplunk
 
Five SIEM Futures (2012)
Five SIEM Futures (2012)Five SIEM Futures (2012)
Five SIEM Futures (2012)Anton Chuvakin
 
Splunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudySplunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudyAndrew Gerber
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DividePriyanka Aash
 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAlgoSec
 
Leveraging red for defense
Leveraging red for defenseLeveraging red for defense
Leveraging red for defensePriyanka Aash
 
The Rise of the Purple Team
The Rise of the Purple TeamThe Rise of the Purple Team
The Rise of the Purple TeamPriyanka Aash
 
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinAnton Chuvakin
 
Demystifying Security Analytics: Data, Methods, Use Cases
Demystifying Security Analytics: Data, Methods, Use CasesDemystifying Security Analytics: Data, Methods, Use Cases
Demystifying Security Analytics: Data, Methods, Use CasesPriyanka Aash
 
Reveelium Smart Predictive Analytics - Datasheet EN
Reveelium Smart Predictive Analytics - Datasheet ENReveelium Smart Predictive Analytics - Datasheet EN
Reveelium Smart Predictive Analytics - Datasheet ENITrust - Cybersecurity as a Service
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
 

More Related Content

What's hot

Machine Learning for Threat Detection
Machine Learning for Threat DetectionMachine Learning for Threat Detection
Machine Learning for Threat DetectionNapier University
 
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Adrian Guthrie
 
Shift Happens: Eliminating the Risks of Network Security Policy Changes
Shift Happens: Eliminating the Risks of Network Security Policy ChangesShift Happens: Eliminating the Risks of Network Security Policy Changes
Shift Happens: Eliminating the Risks of Network Security Policy ChangesAlgoSec
 
Security Ops for large and small companies
Security Ops for large and small companiesSecurity Ops for large and small companies
Security Ops for large and small companiesMona Arkhipova
 
5 benefits of network monitoring
5 benefits of network monitoring5 benefits of network monitoring
5 benefits of network monitoringFlightcase1
 
8 Reasons to Choose Logrhythm
8 Reasons to Choose Logrhythm8 Reasons to Choose Logrhythm
8 Reasons to Choose LogrhythmLogRhythm
 
PPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALPPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALRisi Avila
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...Savvius, Inc
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!centralohioissa
 
Gov & Education Day 2015 - User Behavior Analytics
Gov & Education Day 2015 - User Behavior AnalyticsGov & Education Day 2015 - User Behavior Analytics
Gov & Education Day 2015 - User Behavior AnalyticsSplunk
 
Five SIEM Futures (2012)
Five SIEM Futures (2012)Five SIEM Futures (2012)
Five SIEM Futures (2012)Anton Chuvakin
 
Splunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudySplunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudyAndrew Gerber
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DividePriyanka Aash
 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAlgoSec
 
Leveraging red for defense
Leveraging red for defenseLeveraging red for defense
Leveraging red for defensePriyanka Aash
 
The Rise of the Purple Team
The Rise of the Purple TeamThe Rise of the Purple Team
The Rise of the Purple TeamPriyanka Aash
 
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinAnton Chuvakin
 
Demystifying Security Analytics: Data, Methods, Use Cases
Demystifying Security Analytics: Data, Methods, Use CasesDemystifying Security Analytics: Data, Methods, Use Cases
Demystifying Security Analytics: Data, Methods, Use CasesPriyanka Aash
 

What's hot (20)

Machine Learning for Threat Detection
Machine Learning for Threat DetectionMachine Learning for Threat Detection
Machine Learning for Threat Detection
 
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response
 
Cylance Information Security: Compromise Assessment Datasheet
Cylance Information Security: Compromise Assessment DatasheetCylance Information Security: Compromise Assessment Datasheet
Cylance Information Security: Compromise Assessment Datasheet
 
Shift Happens: Eliminating the Risks of Network Security Policy Changes
Shift Happens: Eliminating the Risks of Network Security Policy ChangesShift Happens: Eliminating the Risks of Network Security Policy Changes
Shift Happens: Eliminating the Risks of Network Security Policy Changes
 
Security Ops for large and small companies
Security Ops for large and small companiesSecurity Ops for large and small companies
Security Ops for large and small companies
 
Risks vs real life
Risks vs real lifeRisks vs real life
Risks vs real life
 
5 benefits of network monitoring
5 benefits of network monitoring5 benefits of network monitoring
5 benefits of network monitoring
 
8 Reasons to Choose Logrhythm
8 Reasons to Choose Logrhythm8 Reasons to Choose Logrhythm
8 Reasons to Choose Logrhythm
 
PPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALPPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINAL
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!
 
Gov & Education Day 2015 - User Behavior Analytics
Gov & Education Day 2015 - User Behavior AnalyticsGov & Education Day 2015 - User Behavior Analytics
Gov & Education Day 2015 - User Behavior Analytics
 
Five SIEM Futures (2012)
Five SIEM Futures (2012)Five SIEM Futures (2012)
Five SIEM Futures (2012)
 
Splunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudySplunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case Study
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity Divide
 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slides
 
Leveraging red for defense
Leveraging red for defenseLeveraging red for defense
Leveraging red for defense
 
The Rise of the Purple Team
The Rise of the Purple TeamThe Rise of the Purple Team
The Rise of the Purple Team
 
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
 
Demystifying Security Analytics: Data, Methods, Use Cases
Demystifying Security Analytics: Data, Methods, Use CasesDemystifying Security Analytics: Data, Methods, Use Cases
Demystifying Security Analytics: Data, Methods, Use Cases
 

Similar to Endpoint Modeling 101 - A New Approach to Endpoint Security

Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session Splunk
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsAdrian Sanabria
 
Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSmmiznoni
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunk
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protectionxband
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk
 
Preparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity RenaissancePreparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity RenaissanceCloudera, Inc.
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNcentralohioissa
 
Threat Detection Algorithms Make Big Data into Better Data
Threat Detection Algorithms Make Big Data into Better Data Threat Detection Algorithms Make Big Data into Better Data
Threat Detection Algorithms Make Big Data into Better Data Enterprise Management Associates
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsEmulex Corporation
 
Operationalizing Security Intelligence
Operationalizing Security IntelligenceOperationalizing Security Intelligence
Operationalizing Security IntelligenceSplunk
 
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...Splunk
 
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowDefining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowIBM Security
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeLancope, Inc.
 

Similar to Endpoint Modeling 101 - A New Approach to Endpoint Security (20)

Reveelium Smart Predictive Analytics - Datasheet EN
Reveelium Smart Predictive Analytics - Datasheet ENReveelium Smart Predictive Analytics - Datasheet EN
Reveelium Smart Predictive Analytics - Datasheet EN
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session
 
SIEM 1 solution .pptx
SIEM 1 solution .pptxSIEM 1 solution .pptx
SIEM 1 solution .pptx
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These Years
 
Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPS
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for Security
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout Session
 
Preparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity RenaissancePreparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity Renaissance
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
 
Threat Detection Algorithms Make Big Data into Better Data
Threat Detection Algorithms Make Big Data into Better Data Threat Detection Algorithms Make Big Data into Better Data
Threat Detection Algorithms Make Big Data into Better Data
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
 
Operationalizing Security Intelligence
Operationalizing Security IntelligenceOperationalizing Security Intelligence
Operationalizing Security Intelligence
 
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
 
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowDefining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber Crime
 
Sect r35 b
Sect r35 bSect r35 b
Sect r35 b
 

Recently uploaded

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08
 
XpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsXpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsMehedi Hasan Shohan
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfPower Karaoke
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 

Recently uploaded (20)

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
 
XpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsXpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software Solutions
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 

Endpoint Modeling 101 - A New Approach to Endpoint Security

  • 2. What is Endpoint Modeling? • It’s observing all behavior of all of your network endpoints and watching for changes in that behavior; changes that could indicate possible compromise or malicious activity. • It’s rapid identification of compromised equipment thus driving remediation response times to near immediate.
  • 3. What is Endpoint Modeling? • It’s passive collection of IP traffic information - and not payload - to determine anomalies, thus not affected by encryption or levels of transparency in virus signatures. • It’s utilization of cloud powered compute and remote run algorithms to deliver real-time analysis and alert functionality. • It’s unprecedented visibility. At the core it’s “Baselining” – comparing current & past activity and performance to an historical baseline.
  • 4. endpoint modeling is profoundly different Role Network Activity Communication Patterns ✔ ✔ ✔ Continuous Validation 4 Compliance✔T:406, TAG 19, EXPLORE, ALERT-3F V:9011, TAG 139, EXPLORE, ALERT-3A T:126, TAG 6D, CONFIRMED ALERT-12
  • 5. How Does Endpoint Modeling Work? Roles, Profiles, and Algorithms Models include five key dimensions of behavior analysis, each of which is built upon our robust proprietary catalog of device profiles, roles, and security algorithms. • PROFILES - device profiles are network flow-level labels recognized by port, traffic,, destination IP and packet characteristics. Device profile names are given to a behavior associated with a software application or service, such as a streaming media client. • ROLES - device roles are combinations of device profiles that represent more complex network devices. A device role is a high-level category for a connected device, such as a printer, domain controller, or medical imaging server. Devices on enterprise networks typically fulfill one or more device roles. • ALGORITHMS - security algorithms are modeling and anomaly-detection techniques based on statistical, state-based, rule-based, and learning theories that rapidly identify aberrant events, whether known to be normal, new, or potentially malicious. Copyright © Observable Networks, Inc. 5
  • 6. How Does Endpoint Modeling Work? Assessing Behavior over Time  according to its type?  like similar types?  like it has in the the past?  in a way that breaks rules?  as predicted? How is the device operating: Important: No Deep Packet Inspection No end host agents Copyright © Observable Networks, Inc. 6
  • 7. Copyright © Observable Networks, Inc. 7 Why Is Endpoint Modeling Important? Key IT Security Shifts No Threat Signatures 1 End-to-End Encryption 2 Device Proliferation 3 MORE Devices • Everything connects to the network • High growth in unmanaged devices • Creating blind spots in security posture HIGHER Specificity of Attacks • Little to no signatures • Social engineered attacks are common • Perimeter defenses are weakening MORE Encryption • Desire for increased security and privacy • Everything will be opaque • Creating vulnerability in existing tools
  • 8. Copyright © Observable Networks, Inc. 8 Why Is Endpoint Modeling Important? Key IT Security Shifts Complex Networks 4 Inside & Insider Threats 5 Too Many Vectors 6 KNOW yourself • Can’t know all enemies • Can’t know all vulnerabilities • Can know normal to recognize attacks POROUS perimeter • Partner connectivity • Mobile connectivity • 3rd Party hosting and SaaS services Watch everything • Attackers roosting inside • Employees and contractors • Holistic awareness is required
  • 9. How Does Endpoint Modeling Improve Security? • A continuous, unobstructed understanding of every endpoint's behavior, regardless of its function • Rapid identification of indicators of compromise without dependencies on log file monitoring, deep packet inspection (DPI), or other signature-based methods • Insightful and efficient security actions T:406, TAG 19, EXPLORE, ALERT-3F V:9011, TAG 139, EXPLORE, ALERT-3A T:126, TAG 6D, CONFIRMED ALERT-12 9 With Dynamic Endpoint Modeling, you gain:
  • 10. All data being unencrypted or the need to be unencrypted A current signature for every new threat An agent installed on all network endpoints Endpoint Modeling has NO legacy dependencies, such as: How Does Endpoint Modeling Improve Security? Copyright © Observable Networks, Inc. 10 endpoint modeling provides a X X X
  • 11. Copyright © Observable Networks, Inc. 11 ✔ BETTER THREAT DETECTION Real Time/ Near Real Time Post Compromise Summarizing Endpoint Modeling End-to-end encryption Device proliferation Information overload InfoSec staffing challenges Trends & Realities No DPI, meta-data only No endpoint agents Concise, actionable alerts Profoundly aids productivity Endpoint Modeling
  • 12. you can know more about your network than any adversary Copyright © Observable Networks, Inc. 12
  • 13. About Observable’s Endpoint Modeling Service observable.net/trial Copyright © Observable Networks, Inc. 13 Dynamic Security Intelligence DEM uses real-time network flow data, automated security analytics, and big-data methods to continuously model all of your network devices. Cloud Platform No specialized hardware to purchase or software agents to deploy, Observable offers Network Security-as-a-Service in the cloud, which greatly simplifies deployment. Managed Service Agility Do you have the people and tools necessary for advanced threat detection? It’s expensive and time consuming to deploy the latest tools, hire the best analysts, and maintain a continuous vigil to ensure the integrity of your systems and data. Software-as-a- Service (SaaS) Subscription Observable simplifies threat detection as a SaaS subscription. Select cost-effective monthly or annual subscriptions, for any size organization. Free 60 Day Trial, Experience the Full Product & Service Sign-up, download and install the service today. In fact you can be building your endpoint’s baseline within hours of initiating your trial. Full support for placement, configuration and alerts.