SlideShare a Scribd company logo

Save Your Network – Protecting Manufacturing Data from Deadly Breaches

Download as PPTX, PDF
Lancope, Inc.
Lancope, Inc.

This document discusses threats faced by manufacturers from cyber attacks and how to protect important intellectual property and sensitive business data, known as "crown jewels". It describes how network behavioral anomaly detection (NBAD) can be used to monitor network traffic and identify anomalies that may indicate insider threats or external attacks. The document outlines how to identify crown jewels, monitor insiders' network activity, ensure proper audit trails are in place, and provides an overview of the Lancope StealthWatch solution for gaining network visibility and security intelligence.

1 of 42
Charles Herring Consulting Security Architect Manufacturer Threats
© 2014 Lancope, Inc. All rights reserved. Agenda • Problem Description • NBAD Definitions • Protecting “Crown Jewels” • Monitoring Insiders • Audit Trails for Response • StealthWatch Overview
© 2014 Lancope, Inc. All rights reserved. Problem Description
© 2014 Lancope, Inc. All rights reserved. Confirmed Manufacturing Targets Intellectual Property Loss $1M+ each M&A Data Loss $50M+ each
© 2014 Lancope, Inc. All rights reserved. Aggressors Activist Ideology Competitors Money Nation States Geopolitical Insider Diverse
© 2014 Lancope, Inc. All rights reserved. Manufacturing Vulnerabilities Porous Access to Data  Human access to IP  Contractor/Partner collaboration  Geo distribution of teams
© 2014 Lancope, Inc. All rights reserved. Manufacturing Vulnerabilities Diverse systems/networks  Hard to build & monitor scopes  Ultra connectivity with manufacturing devices  Many types of users  Patch/support issues  Lack of device guidance on hardening
© 2014 Lancope, Inc. All rights reserved. NBAD Definitions
© 2014 Lancope, Inc. All rights reserved. What is NBAD • Network Behavioral Anomaly Detection • Data source = Network MetaData (NetFlow) • Probe locations = Core or deeper • Quantity/Metric Centric (not Pattern/Signature Centric) • Sometimes used to refer to NetFlow Security Tools
© 2014 Lancope, Inc. All rights reserved. Network Logging Standards 10 • NetFlow v9 (RFC-3950) • IPFIX (RFC-5101) • Rebranded NetFlow – Jflow – Juniper – Cflowd – Juniper/Alcatel-Lucent – NetStream – 3Com/Huawei – Rflow – Ericsson – AppFlow - Citrix Basic/Common Fields
Signature Anomaly Behavior Advanced Detection Methods Signature = Object against blacklist • IPS, Antivirus, Content Filter Behavior = Inspect Victim behavior against blacklist • Malware Sandbox, NBAD, HIPS, SEIM Anomaly = Inspect Victim behavior against whitelist • NBAD, Quantity/Metric based—not Signature based Signature Behavior Anomaly Known Exploits BEST Good Limited 0-day Exploits Limited BEST Good Credential Abuse Limited Limited BEST
© 2014 Lancope, Inc. All rights reserved. Algorithmic Detection • Based on knowing normal • Dependent on raw NetFlow MetaData (multiple sources) • Does not require understanding of attack • Output is security indices focused on host activity Host Concern Index = 1,150,000 Slow Scanning Activity : Add 325,000 Abnormal connections: Add 425,000 Internal pivot activity: Add 400,000
© 2014 Lancope, Inc. All rights reserved. Crown Jewels
© 2014 Lancope, Inc. All rights reserved. Crown Jewels • Card holder data (PCI) • Patient records (HIPAA) • Trade secrets • Research Information • Competitive information (M&A) • Employee data (PII) • State Secrets • Bio-devices Data that is valuable to attackers
© 2014 Lancope, Inc. All rights reserved. Why do attackers care? Attacker Jewel Motivation Criminals PCI Data $4-$12/card Criminals Patient Records $20-$50/record Activists Anything Shaming State Sponsored Trade Secrets Geopolitical State Sponsored Patient Records ?!?!!!!
© 2014 Lancope, Inc. All rights reserved. WAN DATACENTER ACCESS CORE3560-X Atlanta New York San Jose 3850 Stack(s) Cat4k ASA Internet Cat6k VPC Servers 3925 ISR ASR-1000 Nexus 7000 UCS with Nexus 1000v © 2014 Lancope, Inc. All rights reserved. Where to Look? North, South, EAST AND WEST = Every Communication
© 2014 Lancope, Inc. All rights reserved. By Data Grouping • Find your data • “Pull the thread” with Top Peers/Flow Tables • Host Group Policies with lower tolerance Find your jewels
© 2014 Lancope, Inc. All rights reserved. Data Anomaly Alarms • Suspect Data Hoarding • Target Data Hoarding • Total Traffic • Suspect Data Loss Counting Access
© 2014 Lancope, Inc. All rights reserved. Map the Segmentation • Logical vs. Physical • Map Segmentation Watch the logical roadways
© 2014 Lancope, Inc. All rights reserved. Custom Events • Evolution of HLV • Alert when Segmentation fails • Allows for NOR logic Alert on Zero Tolerance
© 2014 Lancope, Inc. All rights reserved. Monitoring Insiders
© 2014 Lancope, Inc. All rights reserved. What is an Insider? The Person The Credentials The Endpoint
© 2014 Lancope, Inc. All rights reserved. The Insider-Person Threat Person Vulnerability Attack Ideology/ Disgruntlement Recruitment Financial hardship/Greed Bribe/Scam Fear Extortion Loneliness Friendship/Romance Love of Family Kidnapping Self Preservation Physical harm/torture Ego Flattery Boredom Bad decisions
© 2014 Lancope, Inc. All rights reserved. The Insider-Credentials Threat Credentials Vulnerability Attack Cryptographic Weakness Brute force Personal Markers Public Record Dictionary Attack Multi-domain usage SQLi Analog-Digital Conversion Keylogger/Camera Transmission MitM
© 2014 Lancope, Inc. All rights reserved. The Insider-Endpoint Threat Endpoint Vulnerability Attack Decisions Made by Human Malware Open Ports Worm Supply Chain Control-ware (C2) “Walk ups” Credential Abuse
© 2014 Lancope, Inc. All rights reserved. Impossible Statistics • Malware free attacks • Ability to cover tracks • Detailed Knowledge of Detection and Response • Increasing Availability of Tools and Knowledge • Attribution to user (was it malware, credential theft?)
© 2014 Lancope, Inc. All rights reserved. CERT: Common Sense Guide to Prevention and Detection of Insider Threats IT Sabotage Financial Gain Business Advantage % of cases: 45% 44% 14% Employment: Former Current Current Position: Technical Data Entry & Customer Services Technical or Sales Authorized Access? Rarely 75% 88% Used their own credentials? 30% 85% Almost always Compromised an account? 43% 10% Rarely Attack was non-technical: 65% 84% Almost always When: After hours Normal hours Normal hours Where: Remote Local Local IDed due to: Logs Logs Logs
© 2014 Lancope, Inc. All rights reserved. Reducing Insider Vulnerabilities • Background Checks (Financial, Ideological, Criminal) • Better Authentication (Two-factor, Biometrics, Complex Passwords) • Endpoint Hardening (Sandboxing, Policy)
© 2014 Lancope, Inc. All rights reserved. Geographic User Anomaly
© 2014 Lancope, Inc. All rights reserved. Data Hoarding
© 2014 Lancope, Inc. All rights reserved. Data Loss
© 2014 Lancope, Inc. All rights reserved. Increasing Risk to Insider through Audit Trails • Criminals fear evidence • Internal communications rarely monitored/collected • Detection time exceeds data retention
© 2014 Lancope, Inc. All rights reserved. Sources of visibility • Firewall logs – Are you logging everything or just denies? • Internal & Host IPS systems – HIPS potentially has a lot of breadth – Can be expensive to deploy – Signature based • Log Management Solutions/SIEM – Are you collecting everything? – You can only see what gets logged • NetFlow – Lots of breadth, less depth – Lower disk space requirements • Full Packet Capture – Deep but not broad – Expensive – High disk space requirements Tradeoffs: • Record everything vs only bad things • Breadth vs Depth • Time vs Depth • Privacy
© 2014 Lancope, Inc. All rights reserved. DMZ VPN Internal Network Internet NetFlow Packets src and dst ip src and dst port start time end time mac address byte count - more -NetFlow 3G Interne t 3G Interne t NetFlow NetFlow NetFlow Internal Visibility Through NetFlow NetFlow NetFlow Collector 34
© 2014 Lancope, Inc. All rights reserved. User Attribution through Context Awareness
© 2014 Lancope, Inc. All rights reserved. Following the User 36 Sometimes investigations start with user intelligence
© 2014 Lancope, Inc. All rights reserved. StealthWatch Overview
Lancope Overview Alpharetta, GA–Headquarters London, Germany, Dubai $30m raised (last in 2005) • Canaan Partners, HIG, Council Capital • 4+ years profitability Leadership from IBM, ISS, Dell SecureWorks, RSA, Motorola/AirDefense, Gartner, Cisco. TripWire, PolyCom, McKesson • 100 +years combined experience • 250+ employees INVESTORS LOCATIONS TEAM Leading provider of network visibility & security intelligence Founded in 2000 700+ Customers StealthWatch Delivers: StealthWatch System provides context-aware security, enabling organizations to quickly detect a wide range of attacks (e.g. APT, DDoS, malware, insider threat), accelerate incident response, improve forensic investigations and reduce enterprise risk. Complete Network Visibility & Security Intelligence Detect & Resolve Advanced Threats Accelerate Incident Response & Forensic Investigations Reduce Operational & Enterprise Risk © 2014 Lancope, Inc. All rights reserved.
© 2014 Lancope, Inc. All rights reserved. Use NetFlow Data to Extend Visibility to the Access Layer WHO WHAT WHERE WHEN HOW StealthWatch Your Network Is Your Sensor Visibility, Context, and Control Internal Network Identity Routers & Switches Firewall Context Hardware-enabled NetFlow Switch Devices Enrich Flow Data with Identity, Events and Application to Create Context Unify Into a Single Pane of Glass for Detection, Investigation and Reporting
Everything must touch the network KNOW every host Know what is NORMAL What else can the network tell me? RECORD every conversation Gain Context-Aware Security Company Network Assess Audit Posture Response With StealthWatch… Context Detect Alert to CHANGE Store for MONTHS © 2014 Lancope, Inc. All rights reserved.
© 2014 Lancope, Inc. All rights reserved. Lancope Solution Portfolio StealthWatch Management Console StealthWatch FlowReplicator StealthWatch FlowCollector NetFlow, syslog, SNMP NetFlow enabled routers, switches, firewalls StealthWatch FlowSensor vSphere with StealthWatch FlowSensor VE User and Device Information ID1100
© 2014 Lancope, Inc. All rights reserved. Thank you

Recommended

Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Insider threats webinar 01.28.15
Insider threats webinar 01.28.15
Lancope, Inc.
 
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchDetecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
Lancope, Inc.
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the Endpoint
Lancope, Inc.
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
Lancope, Inc.
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
 
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting programBhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
APNIC
 
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security Checklist
MyNOG
 
DNS Measurement Activity on ITB 2010
DNS Measurement Activity on ITB 2010DNS Measurement Activity on ITB 2010
DNS Measurement Activity on ITB 2010
Affan Basalamah
 

Recommended

Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Insider threats webinar 01.28.15
Insider threats webinar 01.28.15
Lancope, Inc.
 
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchDetecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
Lancope, Inc.
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the Endpoint
Lancope, Inc.
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
Lancope, Inc.
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
 
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting programBhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
APNIC
 
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security Checklist
MyNOG
 
DNS Measurement Activity on ITB 2010
DNS Measurement Activity on ITB 2010DNS Measurement Activity on ITB 2010
DNS Measurement Activity on ITB 2010
Affan Basalamah
 
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesSave Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Lancope, Inc.
 
Solving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecuritySolving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective Security
Lancope, Inc.
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
Lancope, Inc.
 
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...
APNIC
 
Infoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolInfoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security tool
Jisc
 
Talos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseTalos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the Noise
Cisco Canada
 
Palo Alto Networks Sponsor Session
Palo Alto Networks Sponsor SessionPalo Alto Networks Sponsor Session
Palo Alto Networks Sponsor Session
Splunk
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
Cisco Canada
 
Minimizing Dwell Time On Networks In IR With Tapio
Minimizing Dwell Time On Networks In IR With TapioMinimizing Dwell Time On Networks In IR With Tapio
Minimizing Dwell Time On Networks In IR With Tapio
Invincea, Inc.
 
Splunk Webinar: Splunk App for Palo Alto Networks
Splunk Webinar: Splunk App for Palo Alto NetworksSplunk Webinar: Splunk App for Palo Alto Networks
Splunk Webinar: Splunk App for Palo Alto Networks
Georg Knon
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
Chrysostomos Christofi
 
AWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceAWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the Compliance
Yury Chemerkin
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS Summit
Shah Sheikh
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
BAKOTECH
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
Matthew Dunwoody
 
conf2015_TLaGatta_CHarris_Splunk_BusinessAnalytics_DeliveringHighLevelAnalytics
conf2015_TLaGatta_CHarris_Splunk_BusinessAnalytics_DeliveringHighLevelAnalyticsconf2015_TLaGatta_CHarris_Splunk_BusinessAnalytics_DeliveringHighLevelAnalytics
conf2015_TLaGatta_CHarris_Splunk_BusinessAnalytics_DeliveringHighLevelAnalytics
Tom LaGatta
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin Nystrom
PROIDEA
 
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...
SWITCHPOINT NV/SA
 
Identifier Systems Security, Stability and Resiliency by Champika Wijayatunga
Identifier Systems Security, Stability and Resiliency by Champika WijayatungaIdentifier Systems Security, Stability and Resiliency by Champika Wijayatunga
Identifier Systems Security, Stability and Resiliency by Champika Wijayatunga
MyNOG
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013
Belsoft
 
Big Data for Security
Big Data for SecurityBig Data for Security
Big Data for Security
Marco Casassa Mont
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
 

More Related Content

What's hot

Save Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesSave Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Lancope, Inc.
 
Solving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecuritySolving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective Security
Lancope, Inc.
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
Lancope, Inc.
 
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...
APNIC
 
Infoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolInfoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security tool
Jisc
 
Talos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseTalos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the Noise
Cisco Canada
 
Palo Alto Networks Sponsor Session
Palo Alto Networks Sponsor SessionPalo Alto Networks Sponsor Session
Palo Alto Networks Sponsor Session
Splunk
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
Cisco Canada
 
Minimizing Dwell Time On Networks In IR With Tapio
Minimizing Dwell Time On Networks In IR With TapioMinimizing Dwell Time On Networks In IR With Tapio
Minimizing Dwell Time On Networks In IR With Tapio
Invincea, Inc.
 
Splunk Webinar: Splunk App for Palo Alto Networks
Splunk Webinar: Splunk App for Palo Alto NetworksSplunk Webinar: Splunk App for Palo Alto Networks
Splunk Webinar: Splunk App for Palo Alto Networks
Georg Knon
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
Chrysostomos Christofi
 
AWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceAWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the Compliance
Yury Chemerkin
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS Summit
Shah Sheikh
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
BAKOTECH
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
Matthew Dunwoody
 
conf2015_TLaGatta_CHarris_Splunk_BusinessAnalytics_DeliveringHighLevelAnalytics
conf2015_TLaGatta_CHarris_Splunk_BusinessAnalytics_DeliveringHighLevelAnalyticsconf2015_TLaGatta_CHarris_Splunk_BusinessAnalytics_DeliveringHighLevelAnalytics
conf2015_TLaGatta_CHarris_Splunk_BusinessAnalytics_DeliveringHighLevelAnalytics
Tom LaGatta
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin Nystrom
PROIDEA
 
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...
SWITCHPOINT NV/SA
 
Identifier Systems Security, Stability and Resiliency by Champika Wijayatunga
Identifier Systems Security, Stability and Resiliency by Champika WijayatungaIdentifier Systems Security, Stability and Resiliency by Champika Wijayatunga
Identifier Systems Security, Stability and Resiliency by Champika Wijayatunga
MyNOG
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013
Belsoft
 

What's hot (20)

Save Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesSave Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly Breaches
 
Solving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecuritySolving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective Security
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
 
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...
 
Infoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolInfoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security tool
 
Talos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseTalos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the Noise
 
Palo Alto Networks Sponsor Session
Palo Alto Networks Sponsor SessionPalo Alto Networks Sponsor Session
Palo Alto Networks Sponsor Session
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
 
Minimizing Dwell Time On Networks In IR With Tapio
Minimizing Dwell Time On Networks In IR With TapioMinimizing Dwell Time On Networks In IR With Tapio
Minimizing Dwell Time On Networks In IR With Tapio
 
Splunk Webinar: Splunk App for Palo Alto Networks
Splunk Webinar: Splunk App for Palo Alto NetworksSplunk Webinar: Splunk App for Palo Alto Networks
Splunk Webinar: Splunk App for Palo Alto Networks
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
 
AWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceAWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the Compliance
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS Summit
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
 
conf2015_TLaGatta_CHarris_Splunk_BusinessAnalytics_DeliveringHighLevelAnalytics
conf2015_TLaGatta_CHarris_Splunk_BusinessAnalytics_DeliveringHighLevelAnalyticsconf2015_TLaGatta_CHarris_Splunk_BusinessAnalytics_DeliveringHighLevelAnalytics
conf2015_TLaGatta_CHarris_Splunk_BusinessAnalytics_DeliveringHighLevelAnalytics
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin Nystrom
 
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...
 
Identifier Systems Security, Stability and Resiliency by Champika Wijayatunga
Identifier Systems Security, Stability and Resiliency by Champika WijayatungaIdentifier Systems Security, Stability and Resiliency by Champika Wijayatunga
Identifier Systems Security, Stability and Resiliency by Champika Wijayatunga
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013
 

Similar to Save Your Network – Protecting Manufacturing Data from Deadly Breaches

Big Data for Security
Big Data for SecurityBig Data for Security
Big Data for Security
Marco Casassa Mont
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
 
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
Government Technology and Services Coalition
 
Calgary security road show master deck final
Calgary security road show master deck finalCalgary security road show master deck final
Calgary security road show master deck final
Scalar Decisions
 
Scalar Security Roadshow - Toronto Stop
Scalar Security Roadshow - Toronto StopScalar Security Roadshow - Toronto Stop
Scalar Security Roadshow - Toronto Stop
Scalar Decisions
 
Vancouver security road show master deck final
Vancouver security road show master deck finalVancouver security road show master deck final
Vancouver security road show master deck final
Scalar Decisions
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Emulex Corporation
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa Presentation
Scalar Decisions
 
Protecting the Crown Jewels from Devastating Data Breaches
Protecting the Crown Jewels from Devastating Data BreachesProtecting the Crown Jewels from Devastating Data Breaches
Protecting the Crown Jewels from Devastating Data Breaches
Lancope, Inc.
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
Scalar Decisions
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
Scalar Decisions
 
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
BAKOTECH
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Zivaro Inc
 
Pivotal Data Lake Architecture & its role in security analytics
Pivotal Data Lake Architecture & its role in security analyticsPivotal Data Lake Architecture & its role in security analytics
Pivotal Data Lake Architecture & its role in security analytics
EMC
 
Demo intelligent user experience with oracle mobility for publishing
Demo intelligent user experience with oracle mobility for publishingDemo intelligent user experience with oracle mobility for publishing
Demo intelligent user experience with oracle mobility for publishing
Vasily Demin
 
The Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemThe Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch System
Lancope, Inc.
 
Shanghai Breakout: Access Management with Aruba ClearPass
Shanghai Breakout: Access Management with Aruba ClearPassShanghai Breakout: Access Management with Aruba ClearPass
Shanghai Breakout: Access Management with Aruba ClearPass
Aruba, a Hewlett Packard Enterprise company
 
Big Data for Security - DNS Analytics
Big Data for Security - DNS AnalyticsBig Data for Security - DNS Analytics
Big Data for Security - DNS Analytics
Marco Casassa Mont
 
Open Source and the Internet of Things
Open Source and the Internet of ThingsOpen Source and the Internet of Things
Open Source and the Internet of Things
Black Duck by Synopsys
 
Defending the campus juniper nerworks
Defending the campus juniper nerworksDefending the campus juniper nerworks
Defending the campus juniper nerworks
Brozaa
 

Similar to Save Your Network – Protecting Manufacturing Data from Deadly Breaches (20)

Big Data for Security
Big Data for SecurityBig Data for Security
Big Data for Security
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
 
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
 
Calgary security road show master deck final
Calgary security road show master deck finalCalgary security road show master deck final
Calgary security road show master deck final
 
Scalar Security Roadshow - Toronto Stop
Scalar Security Roadshow - Toronto StopScalar Security Roadshow - Toronto Stop
Scalar Security Roadshow - Toronto Stop
 
Vancouver security road show master deck final
Vancouver security road show master deck finalVancouver security road show master deck final
Vancouver security road show master deck final
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa Presentation
 
Protecting the Crown Jewels from Devastating Data Breaches
Protecting the Crown Jewels from Devastating Data BreachesProtecting the Crown Jewels from Devastating Data Breaches
Protecting the Crown Jewels from Devastating Data Breaches
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
 
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
 
Pivotal Data Lake Architecture & its role in security analytics
Pivotal Data Lake Architecture & its role in security analyticsPivotal Data Lake Architecture & its role in security analytics
Pivotal Data Lake Architecture & its role in security analytics
 
Demo intelligent user experience with oracle mobility for publishing
Demo intelligent user experience with oracle mobility for publishingDemo intelligent user experience with oracle mobility for publishing
Demo intelligent user experience with oracle mobility for publishing
 
The Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemThe Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch System
 
Shanghai Breakout: Access Management with Aruba ClearPass
Shanghai Breakout: Access Management with Aruba ClearPassShanghai Breakout: Access Management with Aruba ClearPass
Shanghai Breakout: Access Management with Aruba ClearPass
 
Big Data for Security - DNS Analytics
Big Data for Security - DNS AnalyticsBig Data for Security - DNS Analytics
Big Data for Security - DNS Analytics
 
Open Source and the Internet of Things
Open Source and the Internet of ThingsOpen Source and the Internet of Things
Open Source and the Internet of Things
 
Defending the campus juniper nerworks
Defending the campus juniper nerworksDefending the campus juniper nerworks
Defending the campus juniper nerworks
 

More from Lancope, Inc.

Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlow
Lancope, Inc.
 
The Internet of Everything is Here
The Internet of Everything is HereThe Internet of Everything is Here
The Internet of Everything is Here
Lancope, Inc.
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
Lancope, Inc.
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Lancope, Inc.
 
The Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident ResponseThe Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident Response
Lancope, Inc.
 
The Library of Sparta
The Library of SpartaThe Library of Sparta
The Library of Sparta
Lancope, Inc.
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
Lancope, Inc.
 
Looking for the weird webinar 09.24.14
Looking for the weird webinar 09.24.14Looking for the weird webinar 09.24.14
Looking for the weird webinar 09.24.14
Lancope, Inc.
 
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowCisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
Lancope, Inc.
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber Crime
Lancope, Inc.
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
Lancope, Inc.
 
Reverse Engineering Malware: A look inside Operation Tovar
Reverse Engineering Malware: A look inside Operation TovarReverse Engineering Malware: A look inside Operation Tovar
Reverse Engineering Malware: A look inside Operation Tovar
Lancope, Inc.
 
Needs of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramNeeds of a Modern Incident Response Program
Needs of a Modern Incident Response Program
Lancope, Inc.
 
Data center webinar_v2_1
Data center webinar_v2_1Data center webinar_v2_1
Data center webinar_v2_1
Lancope, Inc.
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3
Lancope, Inc.
 
What's New in StealthWatch v6.5
What's New in StealthWatch v6.5 What's New in StealthWatch v6.5
What's New in StealthWatch v6.5
Lancope, Inc.
 
Cisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherCisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better Together
Lancope, Inc.
 
StealthWatch & Point-of-Sale (POS) Malware
StealthWatch & Point-of-Sale (POS) Malware StealthWatch & Point-of-Sale (POS) Malware
StealthWatch & Point-of-Sale (POS) Malware
Lancope, Inc.
 
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Lancope, Inc.
 

More from Lancope, Inc. (19)

Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlow
 
The Internet of Everything is Here
The Internet of Everything is HereThe Internet of Everything is Here
The Internet of Everything is Here
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
 
The Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident ResponseThe Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident Response
 
The Library of Sparta
The Library of SpartaThe Library of Sparta
The Library of Sparta
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
Looking for the weird webinar 09.24.14
Looking for the weird webinar 09.24.14Looking for the weird webinar 09.24.14
Looking for the weird webinar 09.24.14
 
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowCisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber Crime
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
Reverse Engineering Malware: A look inside Operation Tovar
Reverse Engineering Malware: A look inside Operation TovarReverse Engineering Malware: A look inside Operation Tovar
Reverse Engineering Malware: A look inside Operation Tovar
 
Needs of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramNeeds of a Modern Incident Response Program
Needs of a Modern Incident Response Program
 
Data center webinar_v2_1
Data center webinar_v2_1Data center webinar_v2_1
Data center webinar_v2_1
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3
 
What's New in StealthWatch v6.5
What's New in StealthWatch v6.5 What's New in StealthWatch v6.5
What's New in StealthWatch v6.5
 
Cisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherCisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better Together
 
StealthWatch & Point-of-Sale (POS) Malware
StealthWatch & Point-of-Sale (POS) Malware StealthWatch & Point-of-Sale (POS) Malware
StealthWatch & Point-of-Sale (POS) Malware
 
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
 

Recently uploaded

Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Wask
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Operating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptxOperating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptx
Pravash Chandra Das
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
alexjohnson7307
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
Shinana2
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfNunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
flufftailshop
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 

Recently uploaded (20)

Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Operating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptxOperating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptx
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfNunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 

Save Your Network – Protecting Manufacturing Data from Deadly Breaches

  • 1. Charles Herring Consulting Security Architect Manufacturer Threats
  • 2. © 2014 Lancope, Inc. All rights reserved. Agenda • Problem Description • NBAD Definitions • Protecting “Crown Jewels” • Monitoring Insiders • Audit Trails for Response • StealthWatch Overview
  • 3. © 2014 Lancope, Inc. All rights reserved. Problem Description
  • 4. © 2014 Lancope, Inc. All rights reserved. Confirmed Manufacturing Targets Intellectual Property Loss $1M+ each M&A Data Loss $50M+ each
  • 5. © 2014 Lancope, Inc. All rights reserved. Aggressors Activist Ideology Competitors Money Nation States Geopolitical Insider Diverse
  • 6. © 2014 Lancope, Inc. All rights reserved. Manufacturing Vulnerabilities Porous Access to Data  Human access to IP  Contractor/Partner collaboration  Geo distribution of teams
  • 7. © 2014 Lancope, Inc. All rights reserved. Manufacturing Vulnerabilities Diverse systems/networks  Hard to build & monitor scopes  Ultra connectivity with manufacturing devices  Many types of users  Patch/support issues  Lack of device guidance on hardening
  • 8. © 2014 Lancope, Inc. All rights reserved. NBAD Definitions
  • 9. © 2014 Lancope, Inc. All rights reserved. What is NBAD • Network Behavioral Anomaly Detection • Data source = Network MetaData (NetFlow) • Probe locations = Core or deeper • Quantity/Metric Centric (not Pattern/Signature Centric) • Sometimes used to refer to NetFlow Security Tools
  • 10. © 2014 Lancope, Inc. All rights reserved. Network Logging Standards 10 • NetFlow v9 (RFC-3950) • IPFIX (RFC-5101) • Rebranded NetFlow – Jflow – Juniper – Cflowd – Juniper/Alcatel-Lucent – NetStream – 3Com/Huawei – Rflow – Ericsson – AppFlow - Citrix Basic/Common Fields
  • 11. Signature Anomaly Behavior Advanced Detection Methods Signature = Object against blacklist • IPS, Antivirus, Content Filter Behavior = Inspect Victim behavior against blacklist • Malware Sandbox, NBAD, HIPS, SEIM Anomaly = Inspect Victim behavior against whitelist • NBAD, Quantity/Metric based—not Signature based Signature Behavior Anomaly Known Exploits BEST Good Limited 0-day Exploits Limited BEST Good Credential Abuse Limited Limited BEST
  • 12. © 2014 Lancope, Inc. All rights reserved. Algorithmic Detection • Based on knowing normal • Dependent on raw NetFlow MetaData (multiple sources) • Does not require understanding of attack • Output is security indices focused on host activity Host Concern Index = 1,150,000 Slow Scanning Activity : Add 325,000 Abnormal connections: Add 425,000 Internal pivot activity: Add 400,000
  • 13. © 2014 Lancope, Inc. All rights reserved. Crown Jewels
  • 14. © 2014 Lancope, Inc. All rights reserved. Crown Jewels • Card holder data (PCI) • Patient records (HIPAA) • Trade secrets • Research Information • Competitive information (M&A) • Employee data (PII) • State Secrets • Bio-devices Data that is valuable to attackers
  • 15. © 2014 Lancope, Inc. All rights reserved. Why do attackers care? Attacker Jewel Motivation Criminals PCI Data $4-$12/card Criminals Patient Records $20-$50/record Activists Anything Shaming State Sponsored Trade Secrets Geopolitical State Sponsored Patient Records ?!?!!!!
  • 16. © 2014 Lancope, Inc. All rights reserved. WAN DATACENTER ACCESS CORE3560-X Atlanta New York San Jose 3850 Stack(s) Cat4k ASA Internet Cat6k VPC Servers 3925 ISR ASR-1000 Nexus 7000 UCS with Nexus 1000v © 2014 Lancope, Inc. All rights reserved. Where to Look? North, South, EAST AND WEST = Every Communication
  • 17. © 2014 Lancope, Inc. All rights reserved. By Data Grouping • Find your data • “Pull the thread” with Top Peers/Flow Tables • Host Group Policies with lower tolerance Find your jewels
  • 18. © 2014 Lancope, Inc. All rights reserved. Data Anomaly Alarms • Suspect Data Hoarding • Target Data Hoarding • Total Traffic • Suspect Data Loss Counting Access
  • 19. © 2014 Lancope, Inc. All rights reserved. Map the Segmentation • Logical vs. Physical • Map Segmentation Watch the logical roadways
  • 20. © 2014 Lancope, Inc. All rights reserved. Custom Events • Evolution of HLV • Alert when Segmentation fails • Allows for NOR logic Alert on Zero Tolerance
  • 21. © 2014 Lancope, Inc. All rights reserved. Monitoring Insiders
  • 22. © 2014 Lancope, Inc. All rights reserved. What is an Insider? The Person The Credentials The Endpoint
  • 23. © 2014 Lancope, Inc. All rights reserved. The Insider-Person Threat Person Vulnerability Attack Ideology/ Disgruntlement Recruitment Financial hardship/Greed Bribe/Scam Fear Extortion Loneliness Friendship/Romance Love of Family Kidnapping Self Preservation Physical harm/torture Ego Flattery Boredom Bad decisions
  • 24. © 2014 Lancope, Inc. All rights reserved. The Insider-Credentials Threat Credentials Vulnerability Attack Cryptographic Weakness Brute force Personal Markers Public Record Dictionary Attack Multi-domain usage SQLi Analog-Digital Conversion Keylogger/Camera Transmission MitM
  • 25. © 2014 Lancope, Inc. All rights reserved. The Insider-Endpoint Threat Endpoint Vulnerability Attack Decisions Made by Human Malware Open Ports Worm Supply Chain Control-ware (C2) “Walk ups” Credential Abuse
  • 26. © 2014 Lancope, Inc. All rights reserved. Impossible Statistics • Malware free attacks • Ability to cover tracks • Detailed Knowledge of Detection and Response • Increasing Availability of Tools and Knowledge • Attribution to user (was it malware, credential theft?)
  • 27. © 2014 Lancope, Inc. All rights reserved. CERT: Common Sense Guide to Prevention and Detection of Insider Threats IT Sabotage Financial Gain Business Advantage % of cases: 45% 44% 14% Employment: Former Current Current Position: Technical Data Entry & Customer Services Technical or Sales Authorized Access? Rarely 75% 88% Used their own credentials? 30% 85% Almost always Compromised an account? 43% 10% Rarely Attack was non-technical: 65% 84% Almost always When: After hours Normal hours Normal hours Where: Remote Local Local IDed due to: Logs Logs Logs
  • 28. © 2014 Lancope, Inc. All rights reserved. Reducing Insider Vulnerabilities • Background Checks (Financial, Ideological, Criminal) • Better Authentication (Two-factor, Biometrics, Complex Passwords) • Endpoint Hardening (Sandboxing, Policy)
  • 29. © 2014 Lancope, Inc. All rights reserved. Geographic User Anomaly
  • 30. © 2014 Lancope, Inc. All rights reserved. Data Hoarding
  • 31. © 2014 Lancope, Inc. All rights reserved. Data Loss
  • 32. © 2014 Lancope, Inc. All rights reserved. Increasing Risk to Insider through Audit Trails • Criminals fear evidence • Internal communications rarely monitored/collected • Detection time exceeds data retention
  • 33. © 2014 Lancope, Inc. All rights reserved. Sources of visibility • Firewall logs – Are you logging everything or just denies? • Internal & Host IPS systems – HIPS potentially has a lot of breadth – Can be expensive to deploy – Signature based • Log Management Solutions/SIEM – Are you collecting everything? – You can only see what gets logged • NetFlow – Lots of breadth, less depth – Lower disk space requirements • Full Packet Capture – Deep but not broad – Expensive – High disk space requirements Tradeoffs: • Record everything vs only bad things • Breadth vs Depth • Time vs Depth • Privacy
  • 34. © 2014 Lancope, Inc. All rights reserved. DMZ VPN Internal Network Internet NetFlow Packets src and dst ip src and dst port start time end time mac address byte count - more -NetFlow 3G Interne t 3G Interne t NetFlow NetFlow NetFlow Internal Visibility Through NetFlow NetFlow NetFlow Collector 34
  • 35. © 2014 Lancope, Inc. All rights reserved. User Attribution through Context Awareness
  • 36. © 2014 Lancope, Inc. All rights reserved. Following the User 36 Sometimes investigations start with user intelligence
  • 37. © 2014 Lancope, Inc. All rights reserved. StealthWatch Overview
  • 38. Lancope Overview Alpharetta, GA–Headquarters London, Germany, Dubai $30m raised (last in 2005) • Canaan Partners, HIG, Council Capital • 4+ years profitability Leadership from IBM, ISS, Dell SecureWorks, RSA, Motorola/AirDefense, Gartner, Cisco. TripWire, PolyCom, McKesson • 100 +years combined experience • 250+ employees INVESTORS LOCATIONS TEAM Leading provider of network visibility & security intelligence Founded in 2000 700+ Customers StealthWatch Delivers: StealthWatch System provides context-aware security, enabling organizations to quickly detect a wide range of attacks (e.g. APT, DDoS, malware, insider threat), accelerate incident response, improve forensic investigations and reduce enterprise risk. Complete Network Visibility & Security Intelligence Detect & Resolve Advanced Threats Accelerate Incident Response & Forensic Investigations Reduce Operational & Enterprise Risk © 2014 Lancope, Inc. All rights reserved.
  • 39. © 2014 Lancope, Inc. All rights reserved. Use NetFlow Data to Extend Visibility to the Access Layer WHO WHAT WHERE WHEN HOW StealthWatch Your Network Is Your Sensor Visibility, Context, and Control Internal Network Identity Routers & Switches Firewall Context Hardware-enabled NetFlow Switch Devices Enrich Flow Data with Identity, Events and Application to Create Context Unify Into a Single Pane of Glass for Detection, Investigation and Reporting
  • 40. Everything must touch the network KNOW every host Know what is NORMAL What else can the network tell me? RECORD every conversation Gain Context-Aware Security Company Network Assess Audit Posture Response With StealthWatch… Context Detect Alert to CHANGE Store for MONTHS © 2014 Lancope, Inc. All rights reserved.
  • 41. © 2014 Lancope, Inc. All rights reserved. Lancope Solution Portfolio StealthWatch Management Console StealthWatch FlowReplicator StealthWatch FlowCollector NetFlow, syslog, SNMP NetFlow enabled routers, switches, firewalls StealthWatch FlowSensor vSphere with StealthWatch FlowSensor VE User and Device Information ID1100
  • 42. © 2014 Lancope, Inc. All rights reserved. Thank you

Editor's Notes

  1. There are three ways Lancope detect things. For Signatures, Lancope augments this with our SLIC Threat Feed. Our StealthWatch Labs group of researchers work with external parties that define and develop URLs and IPs that are known to be bad, that you can put into your system and you can match those against every single conversation in your network, right. So it’s real-time, it’s ubiquitous across your enterprise, its high value. Anomaly detection is our threshold-based alerting, so that when we drop in a system, we are going to create high concern index events on day one based on devices that exceed acceptable thresholds of noise. Within our behavior-based system, you have to have thresholds on both low-end and high-end because the behavior of a host will actually live in between those two areas. But what this means is, for super slow attackers that are doing actually very little traffic, those will alert below a threshold; and for very noisy volumetric-based DDoS attacks that are coming in via UDP floods, those actually become threshold-based alarms as well. The behavior-based alarms come with the fact that we are building this learned baseline overtime. Minimum of seven days to create a baseline, expands out to 30 days, rolls overtime, most heavily weighted on the last couple weeks of activity. It is, this is where we are actually able to detect things like worm activity and worm propagation and beaconing hosts, things like data hoarding and data exfiltration. These are based on conditions, statistical conditions that we’ve learned about you as a user on your network. You the customer have already invested early in signature based technology and it is not like that stuff is no longer effective, it is just that your adversary has advanced and so must you.  Behavior and Anomaly detection methods address the problem of not knowing what you are looking for ahead of time as in your zero-day exploitation.  Behavior based detection contain the threat and observe the behavior with an objective to dynamically build a blacklist – or a list of bad things; Anomaly detection leverages known good behavior or actions either as inherit to the protocols, statistically collected from the traffic, or asserted by the user; this whitelist or list of norms allow the detection to be based not on abnormalities but on the differences that make the difference.
  2. The story of Lancope. We started in 2001 as a behavior-based IDS, founded by Professor Dr. John Copeland at Georgia Tech. And Dr. Copeland spent all his time consuming ATM network traffic, building statistics off that traffic, and then the intellectual property that he patented was the ability to take those statistics and create algorithmic equations that began to tell us when change was occurring in those statistics that deviated to the point where a condition of threat was met. StealthWatch originates from a Georgia Tech professor, who measured statistical change as an indicator of concern related to an algorithm that he had developed within our security market. Lancope launched this behavior-based IDS in 2001, and for the next four years that’s where we established our initial foothold in the market. Lancope quickly grew to a 50 person organization, raised $30 million and we were a hot startup. What we ran into was the fight for SPAN space inside of the network at the time was really starting to get consumed by other technologies like IDS/IPS. As the company evolved, Lancope pioneered a new market with the consumption of telemetry data for security intelligence. When we reference telemetry, Lancope is actually talking about NetFlow data, which is a summarized flow data or telemetry source that comes directly from your Layer-3 routers and switches into our system. By applying our patented algorithms to this flow data, Lancope gives us the ability to give you really broad scalability to see and peer into areas of the network that you cannot affordably get access to today, that tends to be that LAN infrastructure. It tends to be those deep dark quarters of your data center, where you would never go and deploy a physical asset or a probe to get adequate visibility into it. Flow data does a really job of illuminating those pieces of the network.
  3. This is a “day in the life of the operator” slide. It is the “without ISE +SIEM/TD integration” view. This scenario can be described as the “swivel chair problem” (as indicated by the circle arrows around the operator). As this slide builds out talk about how the security analyst is having to swivel his chair to 5 or more different operations screens across different IT systems to collect all the context needed to make sense of a security event that shows up on the SIEM/TD screen at the beginning of this slide. Orange indicates systems that you can get info from but requires looking in a siloed system to get the info. Red indicates info that most IT systems don’t even possess in this use-cases, thus it is crucial information the security analyst just doesn’t have. A key point in this slide is the last one…”how do I mitigate?”. This is a real issue for IT orgs, as mitigation generally means accessing several different systems, CLI-ing into switches, etc. It is manual, cumbersome and, as a result, often just doesn’t get done. So the summary is the last build…have to look across many systems/screens and you’re still missing important contextual data (like device-type) and mitigation is complicated at-best or a non-starter to execute at worst.
  4. And here is where it starts to get fun. The traffic that would be coming from anywhere in the world. It’s going to take multiple hops to get there and it’s going to come from disparate pieces of your organization. What Lancope lives and breathes is the ability to know every single host, record every conversation, understand a posture of the host that’s involved in those conversations, who is the client, who is the server, what is considered normal, and an ability to learn and show signs of deviation and detection related to changes in that host. So the two core components of the StealthWatch product is 1) the detection component, which is the change or the behavioral impact that a host is going through and 2) the ability to store that for long periods of time. Cisco likes to tell you the story about APT1, and their ability to have multiple months worth of flow data that they could go back and run a query against IPs they knew were bad in the past, but were no longer considered bad. APT1 is the example they use. The Chinese hacking group APT1, we were able to, when, when those IPs were posted, they were effectively useless at that point, but Cisco did have the ability to go back and run a query against the previous 100 days to see when and if any of the APT1 hosts had accessed the Cisco internal network. And if they had who did they talk to, how much data did they touch, how did they move, how did they enter, how did they leave? So really, really useful information, especially when you look at the lifecycle of security, and how do we push that information we learn from a past event into the future, so that we can prevent it the next time it occurs. Lancope essentially creates this rich audit repository with detection posture in response of every conversation in your network.