SlideShare ist ein Scribd-Unternehmen logo

HP Protects Massive, Global Network with StealthWatch

Lancope, Inc.
Lancope, Inc.

Learn how HP relies on StealthWatch, along with its own HP Vertica solution, to: -improve network visibility and security across its enormously complex, global network -obtain in-depth information that enables its security teams to act more quickly and minimize potential damage -quickly detect anomalous activity, such as, DDoS, malware and network misuse

Technologie
1 von 17
Downloaden Sie, um offline zu lesen
Hewlett-Packard Improves Visibility & Security with Lancope StealthWatch Jim O’Shea Network Security Architect, HP jim.oshea@hp.com
HP Security Team • “We Say NO” (as customers see us) • We really provide VALUABLE “advise” • We would like to watch and further evaluate what we “advised on” • StealthWatch provides the opportunity to see real traffic view. • We chase Shiny objects • StealthWatch provides areas of focused interest (which have been intelligently correlated to guide our views) ©2013 Lancope , Inc. All Rights Reserved.
AGENDA • • • • • • • • Solution Strategy Solution Vision Solution Components Solution Overview StealthWatch Use Cases Flow Gathering & Redistribution Overview Integration Recommendations for Solution ©2013 Lancope , Inc. All Rights Reserved.
HP STRATEGY & SCOPE DECISIONS (Why we needed Lancope StealthWatch) • Fill the Visibility GAP • Provide Internal Monitoring and Visibility without extensive instrumentation • Provide Botnet and other Malware Detection • Provide Anomaly detection • Take Advantage of Already Collected Flow to Form a “Security View” • Already collected and used • Multiple tools in use • Ability to collect once and use multiple times • Assist in Analysis • Assist in Detection of data loss • Assist in DDoS recognition • Provide anomaly detection and visibility to sudden changes in the network ©2013 Lancope , Inc. All Rights Reserved. • Integrate • Augment and integrate with TippingPoint (IPS) and ArcSight (SIEM) and existing tools • Assist and Improve Understanding • Monitor FW policy of environments • Understand Applications • Core Requirements • Centralized management • Scalability • IPv6 ready • Help establish partnerships with – Network team, Application teams, Storage etc.
HP Solution Vision: Integrate, Augment, Automate Executive Reporting Tipping Point IPS Green = significant use Yellow = emerging Red = not , but planned RepDV sFlow Events SOC/SIEM ArcSight Intelligence Feeds SLIC v9 / IPFIX Network devices NetFlow Flow Records (API) StealthWatch Events sFlow HP Network ©2013 Lancope , Inc. All Rights Reserved. HPOV NOC/Ticketing System
StealthWatch – A Complete, Integrated Family of Products • Complete Network Visibility • Comprehensive Security Monitoring • FW Policy Monitoring • Network Troubleshooting and Usage Reporting • Mitigation and Notification • Forensics and Reporting ©2013 Lancope , Inc. All Rights Reserved.
HP Solution Components StealthWatch FlowReplicators • • • UDP port replication service. Listen on ANY specified UDP port and send to 1 or more backend devices on the same or new port Allows collect once, analyze as much as desired Allows a reduced number of destinations for simpler configuration standards StealthWatch FlowCollectors • • NetFlow collector to analyze NETFLOW SFLOW collector to analyze sFLOW SLIC feed • • Lancope research security feed to assist in staying current with Command & Control and other malicious IP address Has URL granularity potential – (IPFiX future ability for us) effective if using FlowSensor StealthWatch Management Console • • • User interface Queries collectors for data to performs analytics Report and event configuration and actions ArcSight • Receives Specified configured events for further action and correlation ©2013 Lancope , Inc. All Rights Reserved.
HP Solution Overview & Review StealthWatch + other tools • Deploy FLOW Replicator hardware focused on region. – 1 IP address for standardization of configurations. • Data is distributed as needed to new and legacy tools – Boundary Router IP spoofing must be considered if crossing compartment boundaries. • • • • • Detection of usage anomalies & utilization increases (D/DoS solution integration) Detection of Mal-Flows (worms/ C&C/ suspected data leakage) Understand application environments Integrates with ArcSight (SIEM) Allows growth ©2013 Lancope , Inc. All Rights Reserved. PROS 1. 2. 3. 4. 5. 6. 7. Simpler configurations Global Capability Able to add flows easily to devices Keep the current tool in use Collect once, reuse multiple times Understands IPv6 addressing (D)DoS solution integration opportunity CONS 1. Requires Replicator to be managed outside Console 2. Potential Tool overlap (no forced legacy tool removal)
Records Every Host-to-Host “Conversation”  Unique flow-based design fills gaps left by other network and security technologies  Integrates network security and optimization  Provides broader range of coverage and capabilities:  Behavioral-based monitoring and anomaly detection  Application awareness  User-level data capture  Automatic security issue prioritization  Real-time tracking and graphic display of grouped virtual host performance by business unit, function, etc.  Customizable, real-time displays of network intelligence  Reduce cost and complexity of deploying and managing probes ©2013 Lancope , Inc. All Rights Reserved.
HP Security Monitoring Use Cases  Botnet and other malware detection  Anomaly detection  Traffic policy enforcement  Firewall auditing  Insider abuse  Data loss prevention  DDoS indications  Use of WORM/SCAN catcher environment ©2013 Lancope , Inc. All Rights Reserved.
HP Monitoring – Anomalies Are Easily Visible  Ability to group IP ranges into a GROUP  Anomaly Detection  Data Loss Prevention  Potential DDoS ©2013 Lancope , Inc. All Rights Reserved.
Your Infrastructure Provides the Source... Internet Atlanta NetFlow NetFlow NetFlow San Jose NetFlow NetFlow NetFlow WAN NetFlow NetFlow New York DMZ NetFlow NetFlow NetFlow NetFlow Datacenter NetFlow Access NetFlow NetFlow NetFlow ©2013 Lancope , Inc. All Rights Reserved.
Flow Gathering & reDistribution – 1 IP concept (per collection area) High 600,000 FPS Steady 450,000 FPS ©2013 Lancope , Inc. All Rights Reserved.
HP: StealthWatch POC Results Objective Internal Network Security Monitoring and Visibility - All WAN sites + Egress + DC entry { emerging internal DC /IPS} Detect Network Anomalies and Fill Visibility Gaps - No additional site instrumentation / learns & informs Improved Incident Response and Forensics - Supplies detailed information (what/when/where/how) Identify Peer to Peer Networking - Some wanted/ some not Detect unauthorized communications and application access to the Internet (including Botnet, Command and Control, Malware) Enforce Network Security Policies - Emerging capability in our deployment Firewall Rule Auditing - Emerging use case deployment (what is really flowing & where) Integrate With Existing HP Security Applications ©2013 Lancope , Inc. All Rights Reserved. StealthWatch
StealthWatch POC – Technical Integration  Integration with ArcSight – Correlation based on Events we send – Ability to CONFIGURE the PORT we want to send Events on (not always UDP 514) – Ability to send to MULTIPLE ArcSight instances • Not every event is a Security event  Integration with HP asset management database – Ability to “right click” on a Source or Destination and ‘auto-populate’ a send to internal and external locations ( links to Internal Asset management system to find owner)  Integration with Tipping Point event correlation – Currently correlated in ArcSight vision is to pass information to Quarantine capability – Remains work in progress  Integration with HP Networking wireless controllers – Ability to “Quarantine a misbehaving wireless user” – Future capability & use ©2013 Lancope , Inc. All Rights Reserved.
Lancope Recommendations • Products inventory based on HP networks’ 600,000 FPS – Qty. 2 StealthWatch Management Console 2000 Series (redundant configuration) • Management appliance and reporting console for all StealthWatch components – Qty. 6 Netflow Collector 4000 (supports up to 120,000 FPS per appliance) • Collects, analyzes and stores Netflow data from HP Network – Qty. 3 Sflow Collector 2000 (supports up to 60,000 FPS per appliance) • Collects, analyzes and stores sflow data from HP Network • Supports up to 60,000 Flow Per Second per appliance – Qty. 3 FlowReplicator • Controls traffic flow of Netflow/Sflow from Routers/Switches to FlowCollectors • Can also be used to replicate Syslog and SNMP traps • Qty. 600 flow collection and analysis licenses • Software license for 600,000 FPS • 1 Year Maintenance • Software/hardware support and updates • Phone support ©2013 Lancope , Inc. All Rights Reserved.
Thank You For more information, download the HP Case Study “HP improves its network security with an HP Vertica and Lancope solution” or contact sales@lancope.com Jim O’Shea Network Security Architect, HP jim.oshea@hp.com

Empfohlen

Wipro Customer Presentation
Wipro Customer PresentationWipro Customer Presentation
Wipro Customer PresentationSplunk
 
Bypassing nac solutions and mitigations
Bypassing nac solutions and mitigationsBypassing nac solutions and mitigations
Bypassing nac solutions and mitigationsSuraj Khetani
 
Splunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk App for Stream for Enhanced Operational Intelligence from Wire DataSplunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk App for Stream for Enhanced Operational Intelligence from Wire DataSplunk
 
What’s New: Splunk App for Stream and Splunk MINT
What’s New: Splunk App for Stream and Splunk MINTWhat’s New: Splunk App for Stream and Splunk MINT
What’s New: Splunk App for Stream and Splunk MINTSplunk
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for StreamSplunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
Splunk Webinar: Splunk App for Palo Alto Networks
Splunk Webinar: Splunk App for Palo Alto NetworksSplunk Webinar: Splunk App for Palo Alto Networks
Splunk Webinar: Splunk App for Palo Alto NetworksGeorg Knon
 
Data Onboarding
Data Onboarding Data Onboarding
Data Onboarding Splunk
 

Empfohlen

Wipro Customer Presentation
Wipro Customer PresentationWipro Customer Presentation
Wipro Customer PresentationSplunk
 
Bypassing nac solutions and mitigations
Bypassing nac solutions and mitigationsBypassing nac solutions and mitigations
Bypassing nac solutions and mitigationsSuraj Khetani
 
Splunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk App for Stream for Enhanced Operational Intelligence from Wire DataSplunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk App for Stream for Enhanced Operational Intelligence from Wire DataSplunk
 
What’s New: Splunk App for Stream and Splunk MINT
What’s New: Splunk App for Stream and Splunk MINTWhat’s New: Splunk App for Stream and Splunk MINT
What’s New: Splunk App for Stream and Splunk MINTSplunk
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for StreamSplunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
Splunk Webinar: Splunk App for Palo Alto Networks
Splunk Webinar: Splunk App for Palo Alto NetworksSplunk Webinar: Splunk App for Palo Alto Networks
Splunk Webinar: Splunk App for Palo Alto NetworksGeorg Knon
 
Data Onboarding
Data Onboarding Data Onboarding
Data Onboarding Splunk
 
Halo Installfest Slides
Halo Installfest SlidesHalo Installfest Slides
Halo Installfest SlidesCloudPassage
 
SplunkLive! Amsterdam 2015 - Web Framework & 3rd Party Visualization
SplunkLive! Amsterdam 2015 - Web Framework & 3rd Party VisualizationSplunkLive! Amsterdam 2015 - Web Framework & 3rd Party Visualization
SplunkLive! Amsterdam 2015 - Web Framework & 3rd Party VisualizationSplunk
 
Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1PROIDEA
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private NetworkGreater Noida Institute Of Technology
 
Vp ns
Vp nsVp ns
Vp nsAyano Midakso
 
Apache Spot
Apache SpotApache Spot
Apache SpotAustin Leahy
 
QCon London 2015 - Wrangling Data at the IOT Rodeo
QCon London 2015 - Wrangling Data at the IOT RodeoQCon London 2015 - Wrangling Data at the IOT Rodeo
QCon London 2015 - Wrangling Data at the IOT RodeoDamien Dallimore
 
CNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsCNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsSam Bowne
 
You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011Scott Carlson
 
Defcon 22-gregory-pickett-abusing-software-defined-networks
Defcon 22-gregory-pickett-abusing-software-defined-networksDefcon 22-gregory-pickett-abusing-software-defined-networks
Defcon 22-gregory-pickett-abusing-software-defined-networksPriyanka Aash
 
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogic
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogicWebinar: Improve Splunk Analytics and Automate Processes with SnapLogic
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogicSnapLogic
 
Visibility into 40G/100G Networks for Real-time and Post Capture Analysis and...
Visibility into 40G/100G Networks for Real-time and Post Capture Analysis and...Visibility into 40G/100G Networks for Real-time and Post Capture Analysis and...
Visibility into 40G/100G Networks for Real-time and Post Capture Analysis and...Savvius, Inc
 
Q radar architecture deep dive
Q radar architecture deep diveQ radar architecture deep dive
Q radar architecture deep diveKamal Mouline
 
Migrating from Akamai to Incapsula: What You Need to Know
Migrating from Akamai to Incapsula: What You Need to KnowMigrating from Akamai to Incapsula: What You Need to Know
Migrating from Akamai to Incapsula: What You Need to KnowImperva Incapsula
 
PayPal Customer Presentation
PayPal Customer PresentationPayPal Customer Presentation
PayPal Customer PresentationSplunk
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout SessionSplunk
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Bangladesh Network Operators Group
 
Bb push sapra
Bb push sapraBb push sapra
Bb push sapraRavingTiger
 
Splunk for Developers
Splunk for DevelopersSplunk for Developers
Splunk for DevelopersSplunk
 
Getting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallGetting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallAruba, a Hewlett Packard Enterprise company
 
Cisco Stealtwatch
Cisco StealtwatchCisco Stealtwatch
Cisco StealtwatchRayudu Babu
 
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowCisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowLancope, Inc.
 

Weitere ähnliche Inhalte

Was ist angesagt?

Halo Installfest Slides
Halo Installfest SlidesHalo Installfest Slides
Halo Installfest SlidesCloudPassage
 
SplunkLive! Amsterdam 2015 - Web Framework & 3rd Party Visualization
SplunkLive! Amsterdam 2015 - Web Framework & 3rd Party VisualizationSplunkLive! Amsterdam 2015 - Web Framework & 3rd Party Visualization
SplunkLive! Amsterdam 2015 - Web Framework & 3rd Party VisualizationSplunk
 
Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1PROIDEA
 
QCon London 2015 - Wrangling Data at the IOT Rodeo
QCon London 2015 - Wrangling Data at the IOT RodeoQCon London 2015 - Wrangling Data at the IOT Rodeo
QCon London 2015 - Wrangling Data at the IOT RodeoDamien Dallimore
 
CNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsCNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsSam Bowne
 
You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011Scott Carlson
 
Defcon 22-gregory-pickett-abusing-software-defined-networks
Defcon 22-gregory-pickett-abusing-software-defined-networksDefcon 22-gregory-pickett-abusing-software-defined-networks
Defcon 22-gregory-pickett-abusing-software-defined-networksPriyanka Aash
 
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogic
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogicWebinar: Improve Splunk Analytics and Automate Processes with SnapLogic
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogicSnapLogic
 
Visibility into 40G/100G Networks for Real-time and Post Capture Analysis and...
Visibility into 40G/100G Networks for Real-time and Post Capture Analysis and...Visibility into 40G/100G Networks for Real-time and Post Capture Analysis and...
Visibility into 40G/100G Networks for Real-time and Post Capture Analysis and...Savvius, Inc
 
Q radar architecture deep dive
Q radar architecture deep diveQ radar architecture deep dive
Q radar architecture deep diveKamal Mouline
 
Migrating from Akamai to Incapsula: What You Need to Know
Migrating from Akamai to Incapsula: What You Need to KnowMigrating from Akamai to Incapsula: What You Need to Know
Migrating from Akamai to Incapsula: What You Need to KnowImperva Incapsula
 
PayPal Customer Presentation
PayPal Customer PresentationPayPal Customer Presentation
PayPal Customer PresentationSplunk
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout SessionSplunk
 
Splunk for Developers
Splunk for DevelopersSplunk for Developers
Splunk for DevelopersSplunk
 

Was ist angesagt? (20)

Halo Installfest Slides
Halo Installfest SlidesHalo Installfest Slides
Halo Installfest Slides
 
SplunkLive! Amsterdam 2015 - Web Framework & 3rd Party Visualization
SplunkLive! Amsterdam 2015 - Web Framework & 3rd Party VisualizationSplunkLive! Amsterdam 2015 - Web Framework & 3rd Party Visualization
SplunkLive! Amsterdam 2015 - Web Framework & 3rd Party Visualization
 
Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
Vp ns
Vp nsVp ns
Vp ns
 
Apache Spot
Apache SpotApache Spot
Apache Spot
 
QCon London 2015 - Wrangling Data at the IOT Rodeo
QCon London 2015 - Wrangling Data at the IOT RodeoQCon London 2015 - Wrangling Data at the IOT Rodeo
QCon London 2015 - Wrangling Data at the IOT Rodeo
 
CNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsCNIT 50: 9. NSM Operations
CNIT 50: 9. NSM Operations
 
You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011
 
Defcon 22-gregory-pickett-abusing-software-defined-networks
Defcon 22-gregory-pickett-abusing-software-defined-networksDefcon 22-gregory-pickett-abusing-software-defined-networks
Defcon 22-gregory-pickett-abusing-software-defined-networks
 
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogic
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogicWebinar: Improve Splunk Analytics and Automate Processes with SnapLogic
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogic
 
Visibility into 40G/100G Networks for Real-time and Post Capture Analysis and...
Visibility into 40G/100G Networks for Real-time and Post Capture Analysis and...Visibility into 40G/100G Networks for Real-time and Post Capture Analysis and...
Visibility into 40G/100G Networks for Real-time and Post Capture Analysis and...
 
Q radar architecture deep dive
Q radar architecture deep diveQ radar architecture deep dive
Q radar architecture deep dive
 
Migrating from Akamai to Incapsula: What You Need to Know
Migrating from Akamai to Incapsula: What You Need to KnowMigrating from Akamai to Incapsula: What You Need to Know
Migrating from Akamai to Incapsula: What You Need to Know
 
PayPal Customer Presentation
PayPal Customer PresentationPayPal Customer Presentation
PayPal Customer Presentation
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout Session
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
Bb push sapra
Bb push sapraBb push sapra
Bb push sapra
 
Splunk for Developers
Splunk for DevelopersSplunk for Developers
Splunk for Developers
 
Getting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallGetting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewall
 

Ähnlich wie HP Protects Massive, Global Network with StealthWatch

Cisco Stealtwatch
Cisco StealtwatchCisco Stealtwatch
Cisco StealtwatchRayudu Babu
 
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowCisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowLancope, Inc.
 
The Network Knows—Avi Freedman, CEO & Co-Founder of Kentik
The Network Knows—Avi Freedman, CEO & Co-Founder of Kentik The Network Knows—Avi Freedman, CEO & Co-Founder of Kentik
The Network Knows—Avi Freedman, CEO & Co-Founder of Kentik Outlyer
 
Presentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion seguraPresentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion seguraRogerChaucaZea
 
network-management Web base.ppt
network-management Web base.pptnetwork-management Web base.ppt
network-management Web base.pptAssadLeo1
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeLancope, Inc.
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...Chrysostomos Christofi
 
Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1Joel W. King
 
Łukasz Romaszewski on Internet of Things Raspberry Pi and Java Embedded JavaC...
Łukasz Romaszewski on Internet of Things Raspberry Pi and Java Embedded JavaC...Łukasz Romaszewski on Internet of Things Raspberry Pi and Java Embedded JavaC...
Łukasz Romaszewski on Internet of Things Raspberry Pi and Java Embedded JavaC...Tomek Borek
 
Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2Srinivasa Addepalli
 
Trusted Analytics as a Service (BDT209) | AWS re:Invent 2013
Trusted Analytics as a Service (BDT209) | AWS re:Invent 2013Trusted Analytics as a Service (BDT209) | AWS re:Invent 2013
Trusted Analytics as a Service (BDT209) | AWS re:Invent 2013Amazon Web Services
 
Big Data Day LA 2016/ Big Data Track - Building scalable enterprise data flow...
Big Data Day LA 2016/ Big Data Track - Building scalable enterprise data flow...Big Data Day LA 2016/ Big Data Track - Building scalable enterprise data flow...
Big Data Day LA 2016/ Big Data Track - Building scalable enterprise data flow...Data Con LA
 
CIS Controls - Windows Built-In and Open Source Tools to The Rescue
CIS Controls - Windows Built-In and Open Source Tools to The RescueCIS Controls - Windows Built-In and Open Source Tools to The Rescue
CIS Controls - Windows Built-In and Open Source Tools to The RescueBashar Shamma
 
Lesson_08_Continuous_Monitoring.pdf
Lesson_08_Continuous_Monitoring.pdfLesson_08_Continuous_Monitoring.pdf
Lesson_08_Continuous_Monitoring.pdfMinh Quân Đoàn
 
IT Network Asset Discovery & Inventory
IT Network Asset Discovery & InventoryIT Network Asset Discovery & Inventory
IT Network Asset Discovery & Inventoryikirmer
 
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...Splunk
 
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Puppet
 
Introduction to NBL
Introduction to NBLIntroduction to NBL
Introduction to NBLFei Ji Siao
 

Ähnlich wie HP Protects Massive, Global Network with StealthWatch (20)

Cisco Stealtwatch
Cisco StealtwatchCisco Stealtwatch
Cisco Stealtwatch
 
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowCisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
 
The Network Knows—Avi Freedman, CEO & Co-Founder of Kentik
The Network Knows—Avi Freedman, CEO & Co-Founder of Kentik The Network Knows—Avi Freedman, CEO & Co-Founder of Kentik
The Network Knows—Avi Freedman, CEO & Co-Founder of Kentik
 
Presentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion seguraPresentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion segura
 
network-management Web base.ppt
network-management Web base.pptnetwork-management Web base.ppt
network-management Web base.ppt
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber Crime
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
 
Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1
 
Łukasz Romaszewski on Internet of Things Raspberry Pi and Java Embedded JavaC...
Łukasz Romaszewski on Internet of Things Raspberry Pi and Java Embedded JavaC...Łukasz Romaszewski on Internet of Things Raspberry Pi and Java Embedded JavaC...
Łukasz Romaszewski on Internet of Things Raspberry Pi and Java Embedded JavaC...
 
Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2
 
Trusted Analytics as a Service (BDT209) | AWS re:Invent 2013
Trusted Analytics as a Service (BDT209) | AWS re:Invent 2013Trusted Analytics as a Service (BDT209) | AWS re:Invent 2013
Trusted Analytics as a Service (BDT209) | AWS re:Invent 2013
 
Big Data Day LA 2016/ Big Data Track - Building scalable enterprise data flow...
Big Data Day LA 2016/ Big Data Track - Building scalable enterprise data flow...Big Data Day LA 2016/ Big Data Track - Building scalable enterprise data flow...
Big Data Day LA 2016/ Big Data Track - Building scalable enterprise data flow...
 
VPN
VPNVPN
VPN
 
Vp ns
Vp nsVp ns
Vp ns
 
CIS Controls - Windows Built-In and Open Source Tools to The Rescue
CIS Controls - Windows Built-In and Open Source Tools to The RescueCIS Controls - Windows Built-In and Open Source Tools to The Rescue
CIS Controls - Windows Built-In and Open Source Tools to The Rescue
 
Lesson_08_Continuous_Monitoring.pdf
Lesson_08_Continuous_Monitoring.pdfLesson_08_Continuous_Monitoring.pdf
Lesson_08_Continuous_Monitoring.pdf
 
IT Network Asset Discovery & Inventory
IT Network Asset Discovery & InventoryIT Network Asset Discovery & Inventory
IT Network Asset Discovery & Inventory
 
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
 
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
 
Introduction to NBL
Introduction to NBLIntroduction to NBL
Introduction to NBL
 

Mehr von Lancope, Inc.

Solving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecuritySolving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecurityLancope, Inc.
 
Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlowLancope, Inc.
 
The Internet of Everything is Here
The Internet of Everything is HereThe Internet of Everything is Here
The Internet of Everything is HereLancope, Inc.
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider ThreatLancope, Inc.
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Lancope, Inc.
 
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchDetecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchLancope, Inc.
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)Lancope, Inc.
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointLancope, Inc.
 
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly BreachesSave Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly BreachesLancope, Inc.
 
The Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident ResponseThe Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident ResponseLancope, Inc.
 
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesSave Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesLancope, Inc.
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Lancope, Inc.
 
Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Lancope, Inc.
 
Protecting the Crown Jewels from Devastating Data Breaches
Protecting the Crown Jewels from Devastating Data BreachesProtecting the Crown Jewels from Devastating Data Breaches
Protecting the Crown Jewels from Devastating Data BreachesLancope, Inc.
 
The Library of Sparta
The Library of SpartaThe Library of Sparta
The Library of SpartaLancope, Inc.
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
 
Looking for the weird webinar 09.24.14
Looking for the weird webinar 09.24.14Looking for the weird webinar 09.24.14
Looking for the weird webinar 09.24.14Lancope, Inc.
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
 

Mehr von Lancope, Inc. (20)

Solving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecuritySolving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective Security
 
Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlow
 
The Internet of Everything is Here
The Internet of Everything is HereThe Internet of Everything is Here
The Internet of Everything is Here
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
 
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchDetecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the Endpoint
 
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly BreachesSave Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
 
The Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident ResponseThe Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident Response
 
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesSave Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly Breaches
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
 
Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Insider threats webinar 01.28.15
Insider threats webinar 01.28.15
 
Protecting the Crown Jewels from Devastating Data Breaches
Protecting the Crown Jewels from Devastating Data BreachesProtecting the Crown Jewels from Devastating Data Breaches
Protecting the Crown Jewels from Devastating Data Breaches
 
The Library of Sparta
The Library of SpartaThe Library of Sparta
The Library of Sparta
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
Looking for the weird webinar 09.24.14
Looking for the weird webinar 09.24.14Looking for the weird webinar 09.24.14
Looking for the weird webinar 09.24.14
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 

Kürzlich hochgeladen

Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 

Kürzlich hochgeladen (20)

Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 

HP Protects Massive, Global Network with StealthWatch

  • 1. Hewlett-Packard Improves Visibility & Security with Lancope StealthWatch Jim O’Shea Network Security Architect, HP jim.oshea@hp.com
  • 2. HP Security Team • “We Say NO” (as customers see us) • We really provide VALUABLE “advise” • We would like to watch and further evaluate what we “advised on” • StealthWatch provides the opportunity to see real traffic view. • We chase Shiny objects • StealthWatch provides areas of focused interest (which have been intelligently correlated to guide our views) ©2013 Lancope , Inc. All Rights Reserved.
  • 3. AGENDA • • • • • • • • Solution Strategy Solution Vision Solution Components Solution Overview StealthWatch Use Cases Flow Gathering & Redistribution Overview Integration Recommendations for Solution ©2013 Lancope , Inc. All Rights Reserved.
  • 4. HP STRATEGY & SCOPE DECISIONS (Why we needed Lancope StealthWatch) • Fill the Visibility GAP • Provide Internal Monitoring and Visibility without extensive instrumentation • Provide Botnet and other Malware Detection • Provide Anomaly detection • Take Advantage of Already Collected Flow to Form a “Security View” • Already collected and used • Multiple tools in use • Ability to collect once and use multiple times • Assist in Analysis • Assist in Detection of data loss • Assist in DDoS recognition • Provide anomaly detection and visibility to sudden changes in the network ©2013 Lancope , Inc. All Rights Reserved. • Integrate • Augment and integrate with TippingPoint (IPS) and ArcSight (SIEM) and existing tools • Assist and Improve Understanding • Monitor FW policy of environments • Understand Applications • Core Requirements • Centralized management • Scalability • IPv6 ready • Help establish partnerships with – Network team, Application teams, Storage etc.
  • 5. HP Solution Vision: Integrate, Augment, Automate Executive Reporting Tipping Point IPS Green = significant use Yellow = emerging Red = not , but planned RepDV sFlow Events SOC/SIEM ArcSight Intelligence Feeds SLIC v9 / IPFIX Network devices NetFlow Flow Records (API) StealthWatch Events sFlow HP Network ©2013 Lancope , Inc. All Rights Reserved. HPOV NOC/Ticketing System
  • 6. StealthWatch – A Complete, Integrated Family of Products • Complete Network Visibility • Comprehensive Security Monitoring • FW Policy Monitoring • Network Troubleshooting and Usage Reporting • Mitigation and Notification • Forensics and Reporting ©2013 Lancope , Inc. All Rights Reserved.
  • 7. HP Solution Components StealthWatch FlowReplicators • • • UDP port replication service. Listen on ANY specified UDP port and send to 1 or more backend devices on the same or new port Allows collect once, analyze as much as desired Allows a reduced number of destinations for simpler configuration standards StealthWatch FlowCollectors • • NetFlow collector to analyze NETFLOW SFLOW collector to analyze sFLOW SLIC feed • • Lancope research security feed to assist in staying current with Command & Control and other malicious IP address Has URL granularity potential – (IPFiX future ability for us) effective if using FlowSensor StealthWatch Management Console • • • User interface Queries collectors for data to performs analytics Report and event configuration and actions ArcSight • Receives Specified configured events for further action and correlation ©2013 Lancope , Inc. All Rights Reserved.
  • 8. HP Solution Overview & Review StealthWatch + other tools • Deploy FLOW Replicator hardware focused on region. – 1 IP address for standardization of configurations. • Data is distributed as needed to new and legacy tools – Boundary Router IP spoofing must be considered if crossing compartment boundaries. • • • • • Detection of usage anomalies & utilization increases (D/DoS solution integration) Detection of Mal-Flows (worms/ C&C/ suspected data leakage) Understand application environments Integrates with ArcSight (SIEM) Allows growth ©2013 Lancope , Inc. All Rights Reserved. PROS 1. 2. 3. 4. 5. 6. 7. Simpler configurations Global Capability Able to add flows easily to devices Keep the current tool in use Collect once, reuse multiple times Understands IPv6 addressing (D)DoS solution integration opportunity CONS 1. Requires Replicator to be managed outside Console 2. Potential Tool overlap (no forced legacy tool removal)
  • 9. Records Every Host-to-Host “Conversation”  Unique flow-based design fills gaps left by other network and security technologies  Integrates network security and optimization  Provides broader range of coverage and capabilities:  Behavioral-based monitoring and anomaly detection  Application awareness  User-level data capture  Automatic security issue prioritization  Real-time tracking and graphic display of grouped virtual host performance by business unit, function, etc.  Customizable, real-time displays of network intelligence  Reduce cost and complexity of deploying and managing probes ©2013 Lancope , Inc. All Rights Reserved.
  • 10. HP Security Monitoring Use Cases  Botnet and other malware detection  Anomaly detection  Traffic policy enforcement  Firewall auditing  Insider abuse  Data loss prevention  DDoS indications  Use of WORM/SCAN catcher environment ©2013 Lancope , Inc. All Rights Reserved.
  • 11. HP Monitoring – Anomalies Are Easily Visible  Ability to group IP ranges into a GROUP  Anomaly Detection  Data Loss Prevention  Potential DDoS ©2013 Lancope , Inc. All Rights Reserved.
  • 12. Your Infrastructure Provides the Source... Internet Atlanta NetFlow NetFlow NetFlow San Jose NetFlow NetFlow NetFlow WAN NetFlow NetFlow New York DMZ NetFlow NetFlow NetFlow NetFlow Datacenter NetFlow Access NetFlow NetFlow NetFlow ©2013 Lancope , Inc. All Rights Reserved.
  • 13. Flow Gathering & reDistribution – 1 IP concept (per collection area) High 600,000 FPS Steady 450,000 FPS ©2013 Lancope , Inc. All Rights Reserved.
  • 14. HP: StealthWatch POC Results Objective Internal Network Security Monitoring and Visibility - All WAN sites + Egress + DC entry { emerging internal DC /IPS} Detect Network Anomalies and Fill Visibility Gaps - No additional site instrumentation / learns & informs Improved Incident Response and Forensics - Supplies detailed information (what/when/where/how) Identify Peer to Peer Networking - Some wanted/ some not Detect unauthorized communications and application access to the Internet (including Botnet, Command and Control, Malware) Enforce Network Security Policies - Emerging capability in our deployment Firewall Rule Auditing - Emerging use case deployment (what is really flowing & where) Integrate With Existing HP Security Applications ©2013 Lancope , Inc. All Rights Reserved. StealthWatch
  • 15. StealthWatch POC – Technical Integration  Integration with ArcSight – Correlation based on Events we send – Ability to CONFIGURE the PORT we want to send Events on (not always UDP 514) – Ability to send to MULTIPLE ArcSight instances • Not every event is a Security event  Integration with HP asset management database – Ability to “right click” on a Source or Destination and ‘auto-populate’ a send to internal and external locations ( links to Internal Asset management system to find owner)  Integration with Tipping Point event correlation – Currently correlated in ArcSight vision is to pass information to Quarantine capability – Remains work in progress  Integration with HP Networking wireless controllers – Ability to “Quarantine a misbehaving wireless user” – Future capability & use ©2013 Lancope , Inc. All Rights Reserved.
  • 16. Lancope Recommendations • Products inventory based on HP networks’ 600,000 FPS – Qty. 2 StealthWatch Management Console 2000 Series (redundant configuration) • Management appliance and reporting console for all StealthWatch components – Qty. 6 Netflow Collector 4000 (supports up to 120,000 FPS per appliance) • Collects, analyzes and stores Netflow data from HP Network – Qty. 3 Sflow Collector 2000 (supports up to 60,000 FPS per appliance) • Collects, analyzes and stores sflow data from HP Network • Supports up to 60,000 Flow Per Second per appliance – Qty. 3 FlowReplicator • Controls traffic flow of Netflow/Sflow from Routers/Switches to FlowCollectors • Can also be used to replicate Syslog and SNMP traps • Qty. 600 flow collection and analysis licenses • Software license for 600,000 FPS • 1 Year Maintenance • Software/hardware support and updates • Phone support ©2013 Lancope , Inc. All Rights Reserved.
  • 17. Thank You For more information, download the HP Case Study “HP improves its network security with an HP Vertica and Lancope solution” or contact sales@lancope.com Jim O’Shea Network Security Architect, HP jim.oshea@hp.com