The document discusses threat intelligence and information sharing. It begins with an overview of the current state of cyber security, including statistics on data breaches and attack vectors from recent reports. It then defines threat intelligence as indicators of compromise combined with relevant threat activity, vetted to provide actionable intelligence. The document examines standards and methods for sharing threat intelligence, including CybOX, STIX and TAXII for structured sharing, as well as tab-separated values. It emphasizes the importance of the security community learning from each other through information sharing.
This document introduces python-stix, an open-source Python library for working with STIX (Structured Threat Information Expression) documents. It allows users to easily generate and parse STIX XML by mapping STIX objects to Python objects. The document provides examples of using python-stix to create a STIX package, add indicators and related objects, load and access data from an existing STIX file, and dereference relationships between objects.
This document provides an overview of the Trusted Automated eXchange of Indicator Information (TAXII) framework. TAXII standardizes the exchange of cyber threat information and supports various sharing models. It defines services like Discovery, Collection Management, Inbox, and Poll that allow entities to exchange information. TAXII is implemented through open source projects and specifications that define XML messaging and HTTP protocol bindings. The document provides examples of how TAXII could be used to facilitate information sharing between a source/producer and subscribers/consumers.
The document discusses STIX (Structured Threat Information Expression), a language for characterizing and communicating cyber threat information. STIX was developed to support use cases like analyzing cyber threats, specifying indicator patterns, and sharing threat information. It provides a common mechanism for addressing structured cyber threat data to improve consistency, efficiency, and situational awareness. STIX represents cyber threat details like observables, indicators, incidents, tactics, techniques and procedures (TTPs), exploit targets, and campaigns.
An experience is a personal and emotional event we remember. Every experience is established based upon pre-determined expectations we conceive and create in our minds. It’s personal, and therefore, remains a moving and evolving target in every scenario. When our experience concludes and the moment has passed, the outcome remains in our memory. Think about what makes you happy when connecting with your own device and then think about what makes you really upset when things are hard, complicated, and slow. If the user has a bad experience in anyone of these areas (simple, fast, and smart), they are likely to leave, share their negative experience, and potentially never return. Users might forget facts or details about their computing environment but they find it difficult to forgot the feeling behind a bad network experience. When something goes wrong with the network or an application, do you always get the blame?
So what can Ultra Low, consistent latency deliver? Low latency is a requirement for intensive, time critical applications. Latency is measure on a port-to-port basis, that once a frame is received on a ingress port how long does it take the frame to go through the internal switching infrastructure and leave an ingress port. The Summit X670 Top of Rack switch supports latency of around 800-900usec while the Black Diamond chassis, BDX8, can switch frames in a little as 3usec. We’re big believers in the value of disaggregation – of breaking down traditional data center technologies into their core components so we can build new systems that are more flexible, more scalable, and more efficient. This approach has guided Facebook from the beginning, as we’ve grown and expanded our infrastructure to connect more than 1.28 billion people around the world.
Flatter networks. Traditional data center networks have a minimum of three tiers: top of rack (ToR), aggregation and core. Often, there is more than one aggregation tier, meaning the data center could have three or more network tiers. When network traffic is primarily best effort, this is sufficient. But as more mission-critical, real-time traffic flows into the data center, it becomes critical that organizations move to two-tier networks.
An increase in east-west traffic flows. Legacy data center networks are designed for traffic to flow from the edge of the network into the core and then back to the edge in a north-south direction. Today, however, factors such as workforce mobility, Hadoop, big data and other applications are driving east-west traffic flows from server to server.
Virtualization of other IT assets. Historically, compute resources such as processor, memory and storage were resident in the server itself. Over time, more and more of these resources are being put into “pools” that can be accessed on demand. In this case, the data center network becomes a “fabric” that acts as the backplane for the virtualized data center.
If the number of spine switches were to be merely doubled, the effect of a single switch failure is halved. With 8 spine switches, the effect of a single switch failure only causes a 12% reduction in available bandwidth. So, in modern data centers, people build networks with anywhere from 4 to 32 spine switches. With a leaf-spine network, every server on the network is exactly the same distance away from all other servers – three port hops, to be precise. The benefit of this architecture is that you can just add more spines and leaves as you expand the cluster and you don't have to do any recabling. Intuition Systems will also get more predictable latency between the nodes.
As a trend, disaggregation seems to be most useful for very large companies like Facebook and Google, or cloud providers. The technology does not necessarily have significant implications for small or medium sized businesses. Historically, however, technology has a way of trickling down from the pioneering phases of existing only within large companies with tremendous resources, to becoming more standardized across the board.
XoS Performance - Separation between control and forwarding planes - The "SDN Classic" model, as illustrated by this graphic from the Open Networking Foundation, offers many potential benefits:
In the forwarding plane all switching, and feature implementation such as deep packet inspection , QoS scheduling, MAC learning and filtering, etc are performed in dedicated ASIC hardware
Wire speed performance across entire product line (Backplane resources, packet /frame forwarding rate, Bits per second throughput) Local switching on all line cards at no additional cost ,increasing throughput and reducing latency. Dedicated stacking interfaces, and stacking over fiber.
Low latency with Exceptional QoS
We build networks to deliver on today’s Experience Economy. Extreme Networks combines high performance wired and wireless hardware with a software-defined architecture that makes it simple, fast and smart for the user to connect with their device of choice. We provide a comprehensive portfolio, including Campus Mobility and Data Center solutions, which allow our customers to deliver a positive and consistent experience to each and every user in their environment. As SDN excitement grew, the term software-defined was adopted by marketers and applied liberally to all kinds of products and technologies: software-defined storage, software-defined security, software-defined data center.
What technologies allow me to do this today?
Key Features: Loop free load balancing, density, L2 overlays
VXLAN fabric in EXOS / EOS
MLAG: L2 Leaf/Spine with two spine members
VPLS: L2 Leaf/Spine for HPC deployments
SPB-V: S/K-Series for small enterprise data center
Evolution ExtremeFabric: fully automated
Why VxLAN? It’s a really easy L2 over L3 transport
MLAG technology Leaf/Spine Fabric
MLAG is a special case of Leaf/Spine with only two spine members and everything on L2 (We kill the spanning tree and maintain state between the spines) – We’ve been leading in MLAG for a while
VPLS technology Leaf/Spine Fabric
We have successfully built VPLS mesh Leaf/Spine networks for HPC deployments
Key Features: Loop free load balancing, density, L2 overlays
We need more scale!
21.x / 22.x bring some interesting new features that fix this
NEW with 21.1: The Scalable Layer 2 Fabric with VxLAN Technology
VXLAN – Overlay on routing for efficient load balancing and reachability
OSPF extensions massively simplify deployment
The Layer 2 traffic tunnels over any Layer 3 network
Can be used in any topology, but highest performance is Leaf/Spine
Removes the limitation on transit overlay in the spine
Easy setup, small configuration
X670-G2 and X770, S and K, and will be available on X870 at launch
Scale to 2592 10G ports (X670-G2-72, 1:1), 512 40G (X770, 1:1)
Available on EOS and EXOS NOW
NEW with EXOS 22.x and EOS 8.81: Future Fabric Technology
Tamas K Lengyel gave a presentation on stealthy malware analysis using a hypervisor. He discussed how malware uses various techniques to detect sandboxes and analysis tools. Using a hypervisor for monitoring provides greater visibility but malware can still detect virtualization. Various techniques were presented for improving stealth, such as using memory sharing, emulating system properties, and stalling analysis through syscall spamming. Overall, an arms race exists between analysis tools becoming more stealthy and malware improving detection techniques.
This document discusses internet architecture and network security. It covers various services an organization may offer like mail, web, and FTP servers. It also discusses internal and external access to systems, including through virtual private networks (VPNs). The document outlines firewall configuration and types, including packet filtering and application layer firewalls. It describes network address translation (NAT) and private IP addresses. Finally, it discusses user VPNs and site VPNs, benefits and issues with user VPNs, and managing user VPN access.
This document introduces python-stix, an open-source Python library for working with STIX (Structured Threat Information Expression) documents. It allows users to easily generate and parse STIX XML by mapping STIX objects to Python objects. The document provides examples of using python-stix to create a STIX package, add indicators and related objects, load and access data from an existing STIX file, and dereference relationships between objects.
This document provides an overview of the Trusted Automated eXchange of Indicator Information (TAXII) framework. TAXII standardizes the exchange of cyber threat information and supports various sharing models. It defines services like Discovery, Collection Management, Inbox, and Poll that allow entities to exchange information. TAXII is implemented through open source projects and specifications that define XML messaging and HTTP protocol bindings. The document provides examples of how TAXII could be used to facilitate information sharing between a source/producer and subscribers/consumers.
The document discusses STIX (Structured Threat Information Expression), a language for characterizing and communicating cyber threat information. STIX was developed to support use cases like analyzing cyber threats, specifying indicator patterns, and sharing threat information. It provides a common mechanism for addressing structured cyber threat data to improve consistency, efficiency, and situational awareness. STIX represents cyber threat details like observables, indicators, incidents, tactics, techniques and procedures (TTPs), exploit targets, and campaigns.
An experience is a personal and emotional event we remember. Every experience is established based upon pre-determined expectations we conceive and create in our minds. It’s personal, and therefore, remains a moving and evolving target in every scenario. When our experience concludes and the moment has passed, the outcome remains in our memory. Think about what makes you happy when connecting with your own device and then think about what makes you really upset when things are hard, complicated, and slow. If the user has a bad experience in anyone of these areas (simple, fast, and smart), they are likely to leave, share their negative experience, and potentially never return. Users might forget facts or details about their computing environment but they find it difficult to forgot the feeling behind a bad network experience. When something goes wrong with the network or an application, do you always get the blame?
So what can Ultra Low, consistent latency deliver? Low latency is a requirement for intensive, time critical applications. Latency is measure on a port-to-port basis, that once a frame is received on a ingress port how long does it take the frame to go through the internal switching infrastructure and leave an ingress port. The Summit X670 Top of Rack switch supports latency of around 800-900usec while the Black Diamond chassis, BDX8, can switch frames in a little as 3usec. We’re big believers in the value of disaggregation – of breaking down traditional data center technologies into their core components so we can build new systems that are more flexible, more scalable, and more efficient. This approach has guided Facebook from the beginning, as we’ve grown and expanded our infrastructure to connect more than 1.28 billion people around the world.
Flatter networks. Traditional data center networks have a minimum of three tiers: top of rack (ToR), aggregation and core. Often, there is more than one aggregation tier, meaning the data center could have three or more network tiers. When network traffic is primarily best effort, this is sufficient. But as more mission-critical, real-time traffic flows into the data center, it becomes critical that organizations move to two-tier networks.
An increase in east-west traffic flows. Legacy data center networks are designed for traffic to flow from the edge of the network into the core and then back to the edge in a north-south direction. Today, however, factors such as workforce mobility, Hadoop, big data and other applications are driving east-west traffic flows from server to server.
Virtualization of other IT assets. Historically, compute resources such as processor, memory and storage were resident in the server itself. Over time, more and more of these resources are being put into “pools” that can be accessed on demand. In this case, the data center network becomes a “fabric” that acts as the backplane for the virtualized data center.
If the number of spine switches were to be merely doubled, the effect of a single switch failure is halved. With 8 spine switches, the effect of a single switch failure only causes a 12% reduction in available bandwidth. So, in modern data centers, people build networks with anywhere from 4 to 32 spine switches. With a leaf-spine network, every server on the network is exactly the same distance away from all other servers – three port hops, to be precise. The benefit of this architecture is that you can just add more spines and leaves as you expand the cluster and you don't have to do any recabling. Intuition Systems will also get more predictable latency between the nodes.
As a trend, disaggregation seems to be most useful for very large companies like Facebook and Google, or cloud providers. The technology does not necessarily have significant implications for small or medium sized businesses. Historically, however, technology has a way of trickling down from the pioneering phases of existing only within large companies with tremendous resources, to becoming more standardized across the board.
XoS Performance - Separation between control and forwarding planes - The "SDN Classic" model, as illustrated by this graphic from the Open Networking Foundation, offers many potential benefits:
In the forwarding plane all switching, and feature implementation such as deep packet inspection , QoS scheduling, MAC learning and filtering, etc are performed in dedicated ASIC hardware
Wire speed performance across entire product line (Backplane resources, packet /frame forwarding rate, Bits per second throughput) Local switching on all line cards at no additional cost ,increasing throughput and reducing latency. Dedicated stacking interfaces, and stacking over fiber.
Low latency with Exceptional QoS
We build networks to deliver on today’s Experience Economy. Extreme Networks combines high performance wired and wireless hardware with a software-defined architecture that makes it simple, fast and smart for the user to connect with their device of choice. We provide a comprehensive portfolio, including Campus Mobility and Data Center solutions, which allow our customers to deliver a positive and consistent experience to each and every user in their environment. As SDN excitement grew, the term software-defined was adopted by marketers and applied liberally to all kinds of products and technologies: software-defined storage, software-defined security, software-defined data center.
What technologies allow me to do this today?
Key Features: Loop free load balancing, density, L2 overlays
VXLAN fabric in EXOS / EOS
MLAG: L2 Leaf/Spine with two spine members
VPLS: L2 Leaf/Spine for HPC deployments
SPB-V: S/K-Series for small enterprise data center
Evolution ExtremeFabric: fully automated
Why VxLAN? It’s a really easy L2 over L3 transport
MLAG technology Leaf/Spine Fabric
MLAG is a special case of Leaf/Spine with only two spine members and everything on L2 (We kill the spanning tree and maintain state between the spines) – We’ve been leading in MLAG for a while
VPLS technology Leaf/Spine Fabric
We have successfully built VPLS mesh Leaf/Spine networks for HPC deployments
Key Features: Loop free load balancing, density, L2 overlays
We need more scale!
21.x / 22.x bring some interesting new features that fix this
NEW with 21.1: The Scalable Layer 2 Fabric with VxLAN Technology
VXLAN – Overlay on routing for efficient load balancing and reachability
OSPF extensions massively simplify deployment
The Layer 2 traffic tunnels over any Layer 3 network
Can be used in any topology, but highest performance is Leaf/Spine
Removes the limitation on transit overlay in the spine
Easy setup, small configuration
X670-G2 and X770, S and K, and will be available on X870 at launch
Scale to 2592 10G ports (X670-G2-72, 1:1), 512 40G (X770, 1:1)
Available on EOS and EXOS NOW
NEW with EXOS 22.x and EOS 8.81: Future Fabric Technology
Tamas K Lengyel gave a presentation on stealthy malware analysis using a hypervisor. He discussed how malware uses various techniques to detect sandboxes and analysis tools. Using a hypervisor for monitoring provides greater visibility but malware can still detect virtualization. Various techniques were presented for improving stealth, such as using memory sharing, emulating system properties, and stalling analysis through syscall spamming. Overall, an arms race exists between analysis tools becoming more stealthy and malware improving detection techniques.
This document discusses internet architecture and network security. It covers various services an organization may offer like mail, web, and FTP servers. It also discusses internal and external access to systems, including through virtual private networks (VPNs). The document outlines firewall configuration and types, including packet filtering and application layer firewalls. It describes network address translation (NAT) and private IP addresses. Finally, it discusses user VPNs and site VPNs, benefits and issues with user VPNs, and managing user VPN access.
Getting Started with Big Data and SplunkTom Chavez
A beginner's introduction to the topic of Big Data, where you find it, how to get it into Splunk, and how to search it and get insights once it is this. Take an investigative journey through my mailbox as I seek to find out which messages could be deleted to make the biggest impact on reducing its footprint before my privileges are cut off!
This document provides details about the SentiXchange project, which aims to perform sentiment analysis on Twitter feeds. It outlines the requirements, user interface design rules, data mining principles and algorithms to be used, including Naive Bayes classification, maximum entropy modeling, and support vector machines. The architecture involves interacting with the Twitter APIs to search and stream tweets, analyze sentiment, and display results through a web interface. Historical analysis of keywords and creation of a sentiment index are also described.
Course delivered at the Directory of Social Change - www.dsc.org.uk -
Aims: To give participants a basic overview of the different community building tools online (aka Social Networking Sites) and other essential skills to successful online community fundraising.
For: Fundraisers who have little or no experience with using websites like Facebook, LinkedIn, Twitter, Flickr and YouTube for fundraising.
Filtering From the Firehose: Real Time Social Media StreamingCloud Elements
All Things Cloud Developer Meetup.
Filtering From the Firehose: Real Time Social Media Streaming with Jim Moffitt from Gnip. Gnip is the world's largest and most trusted provider of social data.
Learn about collecting and filtering social media data with streaming APIs. Jim will cover best practices, use case examples and live demos of filtering data from Twitter.
Conservation Department-Inventory ControlRandy Brown
We receive a call from a local state Department of Conservation in charge of creating and enforcing regulations for outdoor activities within the state of Missouri such as hunting and fishing with an area of approximately one million acres for conservation and public use.
Thrive: Timely Health Indicators Using Remote Sensing & Innovation for the Vi...US-Ignite
The document discusses the health impacts of PM2.5 particulate matter and the need for improved air quality monitoring and health analytics. It then summarizes the THRIVE program which uses remote sensing, big data, and machine learning to provide real-time air quality estimates and predictive health analytics. The program integrates data from satellite imagery, meteorological models, sensor networks, medical records and other sources to help inform medical decisions and improve patient outcomes.
The document summarizes activities at NECST Lab in 2019. It describes various events including NECSTCamp for training, Hack@NECST for hacking events, a research line fair, talks and seminars, social events like pizza and NECSTmas, an internship program, and courses on both technical and soft skills topics. The lab has multiple research lines focused on areas like computer architecture, system security, smart technologies, and more. It involves professors, students, researchers, and collaborations with industry partners.
20110222 behesty monitoring and measuring biodiversityagosti
This document discusses various topics related to monitoring and measuring biodiversity on a global scale. It mentions several key organizations and initiatives, including the Earth Summit, IPBES, NCBI, GBIF, TDWG, and Darwin Core, that are involved with assessing global biodiversity patterns and developing standards for exchanging biodiversity data. The document emphasizes that monitoring biodiversity as a comparative science requires access to data, use of identification aids, metadata standards, networks to share information, and applying data to understand changes over space and time.
We receive a call from a local state Department of Conservation in charge of creating and enforcing regulations for outdoor activities within the state of Missouri such as hunting and fishing with an area of approximately one million acres for conservation and public use.
An overview of the technology options for adding speech to web applications. It covers the HTML5 Speech Input API for speech recognition, using the Audio tag with 3rd party APIs for text-to-speech, and an overview of WebRTC application possibilities.
Presented at the Atlanta Ruby Users Group meeting on November 13, 2013.
Fingerprint Biometrics - The link between the analog and digital you - IDEXIDEX ASA
The document discusses IDEX's financial results for Q4 2012 and outlook for 2013. It summarizes that IDEX signed a memorandum of understanding with a Chinese partner in Q4 2012 and expects a deal with an OEM partner. The biometrics market is positioned for strong growth driven by increasing smartphone, tablet, and Internet of Things adoption. IDEX is well positioned in the market with a strong patent portfolio in capacitive fingerprint sensing.
An introduction to the Internet of Things for people interested in getting a first glance of this fascinating field of the future.
We cover the following subjects:
- defining the internet of things
- its architecture
- reasons why consumers and companies should care
- Lots of Examples
- How to prototype IoT devices
- Challenges for IoT endeavor
- The Opportunities that lay in this field
- Good books on IoT
This is a updated version of last year's IoT presentation we gave.
Turning search upside down with powerful open source search softwareCharlie Hull
Turning Search Upside Down - how Flax works with media monitoring companies to build powerful and scalable 'inverted search' systems, applying hundreds of thousands of stored queries to millions of documents in real time. Features Apache Lucene/Solr as a replacement for Autonomy IDOL and our Luwak library as a replacement for Autonomy Verity.
More Related Content
Similar to SANS_Minneapolis_2015_ThreatIntelligence_NeighborhoodWatchForYourNetworks
Getting Started with Big Data and SplunkTom Chavez
A beginner's introduction to the topic of Big Data, where you find it, how to get it into Splunk, and how to search it and get insights once it is this. Take an investigative journey through my mailbox as I seek to find out which messages could be deleted to make the biggest impact on reducing its footprint before my privileges are cut off!
This document provides details about the SentiXchange project, which aims to perform sentiment analysis on Twitter feeds. It outlines the requirements, user interface design rules, data mining principles and algorithms to be used, including Naive Bayes classification, maximum entropy modeling, and support vector machines. The architecture involves interacting with the Twitter APIs to search and stream tweets, analyze sentiment, and display results through a web interface. Historical analysis of keywords and creation of a sentiment index are also described.
Course delivered at the Directory of Social Change - www.dsc.org.uk -
Aims: To give participants a basic overview of the different community building tools online (aka Social Networking Sites) and other essential skills to successful online community fundraising.
For: Fundraisers who have little or no experience with using websites like Facebook, LinkedIn, Twitter, Flickr and YouTube for fundraising.
Filtering From the Firehose: Real Time Social Media StreamingCloud Elements
All Things Cloud Developer Meetup.
Filtering From the Firehose: Real Time Social Media Streaming with Jim Moffitt from Gnip. Gnip is the world's largest and most trusted provider of social data.
Learn about collecting and filtering social media data with streaming APIs. Jim will cover best practices, use case examples and live demos of filtering data from Twitter.
Conservation Department-Inventory ControlRandy Brown
We receive a call from a local state Department of Conservation in charge of creating and enforcing regulations for outdoor activities within the state of Missouri such as hunting and fishing with an area of approximately one million acres for conservation and public use.
Thrive: Timely Health Indicators Using Remote Sensing & Innovation for the Vi...US-Ignite
The document discusses the health impacts of PM2.5 particulate matter and the need for improved air quality monitoring and health analytics. It then summarizes the THRIVE program which uses remote sensing, big data, and machine learning to provide real-time air quality estimates and predictive health analytics. The program integrates data from satellite imagery, meteorological models, sensor networks, medical records and other sources to help inform medical decisions and improve patient outcomes.
The document summarizes activities at NECST Lab in 2019. It describes various events including NECSTCamp for training, Hack@NECST for hacking events, a research line fair, talks and seminars, social events like pizza and NECSTmas, an internship program, and courses on both technical and soft skills topics. The lab has multiple research lines focused on areas like computer architecture, system security, smart technologies, and more. It involves professors, students, researchers, and collaborations with industry partners.
20110222 behesty monitoring and measuring biodiversityagosti
This document discusses various topics related to monitoring and measuring biodiversity on a global scale. It mentions several key organizations and initiatives, including the Earth Summit, IPBES, NCBI, GBIF, TDWG, and Darwin Core, that are involved with assessing global biodiversity patterns and developing standards for exchanging biodiversity data. The document emphasizes that monitoring biodiversity as a comparative science requires access to data, use of identification aids, metadata standards, networks to share information, and applying data to understand changes over space and time.
We receive a call from a local state Department of Conservation in charge of creating and enforcing regulations for outdoor activities within the state of Missouri such as hunting and fishing with an area of approximately one million acres for conservation and public use.
An overview of the technology options for adding speech to web applications. It covers the HTML5 Speech Input API for speech recognition, using the Audio tag with 3rd party APIs for text-to-speech, and an overview of WebRTC application possibilities.
Presented at the Atlanta Ruby Users Group meeting on November 13, 2013.
Fingerprint Biometrics - The link between the analog and digital you - IDEXIDEX ASA
The document discusses IDEX's financial results for Q4 2012 and outlook for 2013. It summarizes that IDEX signed a memorandum of understanding with a Chinese partner in Q4 2012 and expects a deal with an OEM partner. The biometrics market is positioned for strong growth driven by increasing smartphone, tablet, and Internet of Things adoption. IDEX is well positioned in the market with a strong patent portfolio in capacitive fingerprint sensing.
An introduction to the Internet of Things for people interested in getting a first glance of this fascinating field of the future.
We cover the following subjects:
- defining the internet of things
- its architecture
- reasons why consumers and companies should care
- Lots of Examples
- How to prototype IoT devices
- Challenges for IoT endeavor
- The Opportunities that lay in this field
- Good books on IoT
This is a updated version of last year's IoT presentation we gave.
Turning search upside down with powerful open source search softwareCharlie Hull
Turning Search Upside Down - how Flax works with media monitoring companies to build powerful and scalable 'inverted search' systems, applying hundreds of thousands of stored queries to millions of documents in real time. Features Apache Lucene/Solr as a replacement for Autonomy IDOL and our Luwak library as a replacement for Autonomy Verity.
Similar to SANS_Minneapolis_2015_ThreatIntelligence_NeighborhoodWatchForYourNetworks (17)