SlideShare ist ein Scribd-Unternehmen logo

Network Forensics for Splunk, an Emulex presentation

Als PPTX, PDF herunterladen
Emulex Corporation
Emulex Corporation

These slides were recently presented at a partner event held by Marquest Ltd.

Technologie
1 von 25
Network Forensics for Splunkers Matt Walmsley, EMEA Marketing Tom Jones, Sales Engineer Emulex, Endace Division
Today’s Topics Time to Resolution Splunk Connector 2 Network Recording Q&A Emulex Confidential - © 2013 Emulex Corporation
The Networking Wheel of Life! APM NPM IPS / IDS Firewall WAN Op QoS 3 Recording & Forensics Analysis & Intervention Emulex Confidential - © 2013 Emulex Corporation
# Events Time is… Money / Safety / Advantage / Reputation • Reduce Slow To Fix Items • Identify Root Cause & Fix Savings Time to Resolution
The 3 E of Great Interventions Skills & Knowledge Experience & Context Evidence Understanding • Efficient • Economic • Effective Decision Making Intervention 5 Emulex Confidential - © 2013 Emulex Corporation
Collecting Evidence - Recording Evolution Interesting Vs. Important 6 Specialised Vs. Generalised Emulex Confidential - © 2013 Emulex Corporation
Intelligent Network Recording Generalised Enterprise Banking & Trading National Security Specialised 7 Emulex Confidential - © 2013 Emulex Corporation
Endace – The Packet Capture Experts World leader in network recording 10+ years selling security solutions to global clients – Govt, Traders, Telco & Enterprise Reputation for accuracy, scalability & performance A division of Emulex 8 Emulex Confidential - © 2013 Emulex Corporation
Intelligent Network Recording - Use Cases Application Performance Management Custom Security Operations Legal Intercept Network Infrastructure Operations Audit & Compliance 9 Emulex Confidential - © 2013 Emulex Corporation
Intelligent Network Recording - Deployment Intelligent Network Recorder “Probe” Network Traffic Analysis App • High Speed, High Fidelity Packet Capture Appliance • Packet Processing and Indexing • Storage and Retrieval • Traffic Profiling & Visualisation • Packet Analysis • Integration with other networking tools 10 Emulex Confidential - © 2013 Emulex Corporation
Endace Network Recording - Infrastructure EndaceProbe™ INR EndaceAccess™ Endace Open Hosting Platform(ODE) High Performance Intelligent Network Recording Network Visibility Headend Hosting Platform for Monitoring Apps Up to 64 TB storage Mix of 1 and 10GbE ports Allows EndaceProbe INRs/ODE to scale to 40 and 100GbE 8x1GbE or 4x10GbE Ports Up to 16 TB internal storage; FC support for SAN 11 Emulex Confidential - © 2013 Emulex Corporation Endace NetFlow Generator High-Speed NetFlow Generation for 10GbE Networks 4x10GbE Ports
How Much Network Visibility Do You Need? High Definition – Endace Vision • See microbursts • Know exactly what data has been compromised • Identify issues impacting services and security application performance Low Definition • 12 Emulex Confidential - © 2013 Emulex Corporation The visibility most solutions provide
EndaceVision - Actionable Insight Bandwidth Over Time TCP/IP Conversations Traffic over time 13 Traffic breakdown and analysis Top Talkers Workflow Emulex Confidential - © 2013 Emulex Corporation
EndaceVision - Integrated and Open APM NPM IDS HFT EndaceFusion EndaceProbe Integration with “best of breed” solutions – API and hypervisor – All tools share data from same secure location in datacenter – Automated workflow, “pivot to packets” speeds up issue resolution Lower Investment While Increasing ROI – Reduce device count – Plan and train staff on the tools that fit customer situation best 14 Emulex Confidential - © 2013 Emulex Corporation
Endace Solution - Key Features • Market Leading Performance • 100% High fidelity packet capture • 10/100/1G/10G/40G/100GbE • 64TB on board storage • FC SAN offload • Multi-unit “Sledging” • Distributed Recording Fabric • Multiple EndaceProbe INRs, single recording fabric • Traffic search and visualisation • Diverse, concurrent multiple uses • Open and Flexible Integration • Endace dock hypervisor • RESTfull API • Endace Fusion solution ecosystem 15 Emulex Confidential - © 2013 Emulex Corporation
Splunk & Endace – Macro and Micro Log lines are a summary or interpretation of an event Packets are the ground truth from which these are derived Fusion connector links the two with a single click Endace’s depth complements Splunk’s breadth 16 Emulex Confidential - © 2013 Emulex Corporation
Feeding and Enabling Splunk EndaceProbe INR Generated Logs and Netflow Events 17 Splunk Generated Enquiries Emulex Confidential - © 2013 Emulex Corporation
Optimising Event Management Workflow Event Occurrence 18 Splunk Alert Click to Traffic Search Request Emulex Confidential - © 2013 Emulex Corporation Packet drill down and inspection Traffic Analysis and Visualisation
Example Case – Finance / Trading Solution Context • Network performance is critical to $ services • Latency and outage intolerant • Multiple management tools Solution • Integrated network monitoring and security for a low latency 10GbE network Products • Splunk! • EndaceProbe™ INR • Endace Fusion Connector for Splunk • EndaceVision™ 19 Key Benefits • Greater insight into critical network issues • Reduce time-to-resolution (TTR) • Lower operational expenditures (OPEX) Emulex Confidential - © 2013 Emulex Corporation
Real World Feedback “While consolidating network monitoring and security tools was the primary need for the EndaceProbe INR, it was put to work even before the official deployment. the pilot and immediately discovered a security breach that had gone undetected with their existing tools, providing an immediate return on investment for the EndaceProbe INR 7000.” “The EndaceProbe INR has been 100% reliable for us and we are impressed with its robust capabilities. We use it extensively and, coupled with the Fusion Connector for Splunk, are extremely happy with the results.” Global Head of Networks 20 Emulex Confidential - © 2013 Emulex Corporation
Endace Helps You Enable the “3 E” Understand macro and micro situation Reduce Time to Resolution Efficient Economic Effective Stop Recurrent Events 21 Reduce slow / hard to fix items Fix Route Cause Emulex Confidential - © 2013 Emulex Corporation
Which Means You Get… Less stress, improved results Uninterrupted weekends and evenings Happy family, boss and stakeholders 22 Emulex Confidential - © 2013 Emulex Corporation
Resources & Info www.emulex.com Video 23 Solution Brief Blog www.marquest.com Emulex Confidential - © 2013 Emulex Corporation Splunk Connector App Testing Brief
Questions? Thank you for your attention
25 Emulex Confidential - © 2013 Emulex Corporation

Empfohlen

Cisco Phy Sec Overview Netversant
Cisco Phy Sec Overview NetversantCisco Phy Sec Overview Netversant
Cisco Phy Sec Overview NetversantJayCase
 
SecurActive - Technical Workshop - Network Analyser & Application Performance...
SecurActive - Technical Workshop - Network Analyser & Application Performance...SecurActive - Technical Workshop - Network Analyser & Application Performance...
SecurActive - Technical Workshop - Network Analyser & Application Performance...rlafargue
 
Lehigh Carbon NG911 / E911 Review
Lehigh Carbon NG911 / E911 ReviewLehigh Carbon NG911 / E911 Review
Lehigh Carbon NG911 / E911 ReviewMark Fletcher, ENP
 
Industrial Wireless Security (Japanese)
Industrial Wireless Security (Japanese)Industrial Wireless Security (Japanese)
Industrial Wireless Security (Japanese)Digital Bond
 
A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
A Profile of the Backoff PoS Malware that Hit 1000+ Retail BusinessesA Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
A Profile of the Backoff PoS Malware that Hit 1000+ Retail BusinessesLastline, Inc.
 
Airheads dallas 2011 wireless security
Airheads dallas 2011 wireless securityAirheads dallas 2011 wireless security
Airheads dallas 2011 wireless securityAruba, a Hewlett Packard Enterprise company
 
2012 ah emea advanced mobility design
2012 ah emea advanced mobility design2012 ah emea advanced mobility design
2012 ah emea advanced mobility designAruba, a Hewlett Packard Enterprise company
 
FlexiWAN Webinar - The Role of Open Source in Your SD-WAN Strategy
FlexiWAN Webinar - The Role of Open Source in Your SD-WAN StrategyFlexiWAN Webinar - The Role of Open Source in Your SD-WAN Strategy
FlexiWAN Webinar - The Role of Open Source in Your SD-WAN StrategyAmir Zmora
 

Empfohlen

Cisco Phy Sec Overview Netversant
Cisco Phy Sec Overview NetversantCisco Phy Sec Overview Netversant
Cisco Phy Sec Overview NetversantJayCase
 
SecurActive - Technical Workshop - Network Analyser & Application Performance...
SecurActive - Technical Workshop - Network Analyser & Application Performance...SecurActive - Technical Workshop - Network Analyser & Application Performance...
SecurActive - Technical Workshop - Network Analyser & Application Performance...rlafargue
 
Lehigh Carbon NG911 / E911 Review
Lehigh Carbon NG911 / E911 ReviewLehigh Carbon NG911 / E911 Review
Lehigh Carbon NG911 / E911 ReviewMark Fletcher, ENP
 
Industrial Wireless Security (Japanese)
Industrial Wireless Security (Japanese)Industrial Wireless Security (Japanese)
Industrial Wireless Security (Japanese)Digital Bond
 
A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
A Profile of the Backoff PoS Malware that Hit 1000+ Retail BusinessesA Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
A Profile of the Backoff PoS Malware that Hit 1000+ Retail BusinessesLastline, Inc.
 
Airheads dallas 2011 wireless security
Airheads dallas 2011 wireless securityAirheads dallas 2011 wireless security
Airheads dallas 2011 wireless securityAruba, a Hewlett Packard Enterprise company
 
2012 ah emea advanced mobility design
2012 ah emea advanced mobility design2012 ah emea advanced mobility design
2012 ah emea advanced mobility designAruba, a Hewlett Packard Enterprise company
 
FlexiWAN Webinar - The Role of Open Source in Your SD-WAN Strategy
FlexiWAN Webinar - The Role of Open Source in Your SD-WAN StrategyFlexiWAN Webinar - The Role of Open Source in Your SD-WAN Strategy
FlexiWAN Webinar - The Role of Open Source in Your SD-WAN StrategyAmir Zmora
 
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Digital Bond
 
What is NetOps? | NetOps Transformation
What is NetOps? | NetOps TransformationWhat is NetOps? | NetOps Transformation
What is NetOps? | NetOps TransformationAppViewX
 
Deploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving InfrastructuresDeploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving InfrastructuresSBWebinars
 
TFI2014 Session I - State of SDN - Recep Ozdag
TFI2014 Session I - State of SDN - Recep OzdagTFI2014 Session I - State of SDN - Recep Ozdag
TFI2014 Session I - State of SDN - Recep OzdagColorado Internet Society (CO ISOC)
 
ThousandEyes at Zendesk
ThousandEyes at ZendeskThousandEyes at Zendesk
ThousandEyes at ZendeskThousandEyes
 
Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Cisco Canada
 
Tech Support in the Modern Age
Tech Support in the Modern AgeTech Support in the Modern Age
Tech Support in the Modern AgeLisa Menestrina
 
SQX Solution Day 2013 Q2 - Milestone Update
SQX Solution Day 2013 Q2 - Milestone UpdateSQX Solution Day 2013 Q2 - Milestone Update
SQX Solution Day 2013 Q2 - Milestone UpdateAlex Kwan
 
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...Nur Shiqim Chok
 
EMEA ENTERPRISE IT SOLUTIONS AND SECURITY SERVICES PROFILE.PDF
EMEA ENTERPRISE IT SOLUTIONS AND SECURITY SERVICES PROFILE.PDFEMEA ENTERPRISE IT SOLUTIONS AND SECURITY SERVICES PROFILE.PDF
EMEA ENTERPRISE IT SOLUTIONS AND SECURITY SERVICES PROFILE.PDFFaleh M.
 
Aruba wireless and clear pass 6 integration guide v1 1.3
Aruba wireless and clear pass 6 integration guide v1 1.3Aruba wireless and clear pass 6 integration guide v1 1.3
Aruba wireless and clear pass 6 integration guide v1 1.3Aruba, a Hewlett Packard Enterprise company
 
Pawel glowacki going_multi_tier
Pawel glowacki going_multi_tierPawel glowacki going_multi_tier
Pawel glowacki going_multi_tierEmbarcadero Technologies
 
Deliver Compelling Video Experiences at Scale
Deliver Compelling Video Experiences at ScaleDeliver Compelling Video Experiences at Scale
Deliver Compelling Video Experiences at ScaleRebekah Rodriguez
 
Step Into Security Webinar - Improving Physical Security on Your Campus
Step Into Security Webinar - Improving Physical Security on Your Campus Step Into Security Webinar - Improving Physical Security on Your Campus
Step Into Security Webinar - Improving Physical Security on Your Campus Keith Harris
 
RES - Lilbert Jones-1
RES - Lilbert Jones-1RES - Lilbert Jones-1
RES - Lilbert Jones-1Ann Chirinko, MS, CPRW
 
How Enterprises will Benefit from SDN
How Enterprises will Benefit from SDN How Enterprises will Benefit from SDN
How Enterprises will Benefit from SDN Shashi Kiran
 
2012 ah apj deploying byod
2012 ah apj deploying byod2012 ah apj deploying byod
2012 ah apj deploying byodAruba, a Hewlett Packard Enterprise company
 
Cloud or Not to Cloud, That is the Question!
Cloud or Not to Cloud, That is the Question!Cloud or Not to Cloud, That is the Question!
Cloud or Not to Cloud, That is the Question!Cisco Service Provider
 
Evolving the WAN for the Cloud, using SD-WAN & NFV
Evolving the WAN for the Cloud, using SD-WAN & NFV Evolving the WAN for the Cloud, using SD-WAN & NFV
Evolving the WAN for the Cloud, using SD-WAN & NFV Digital Transformation EXPO Event Series
 
Network Analysis Tips & Tricks with Omnipeek
Network Analysis Tips & Tricks with OmnipeekNetwork Analysis Tips & Tricks with Omnipeek
Network Analysis Tips & Tricks with OmnipeekSavvius, Inc
 
Hq pixton nte rm
Hq pixton nte rmHq pixton nte rm
Hq pixton nte rmMadalena Buscarioli
 
SplunkLive! Analytics with Splunk Enterprise
SplunkLive! Analytics with Splunk EnterpriseSplunkLive! Analytics with Splunk Enterprise
SplunkLive! Analytics with Splunk EnterpriseSplunk
 

Weitere ähnliche Inhalte

Was ist angesagt?

Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Digital Bond
 
What is NetOps? | NetOps Transformation
What is NetOps? | NetOps TransformationWhat is NetOps? | NetOps Transformation
What is NetOps? | NetOps TransformationAppViewX
 
Deploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving InfrastructuresDeploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving InfrastructuresSBWebinars
 
ThousandEyes at Zendesk
ThousandEyes at ZendeskThousandEyes at Zendesk
ThousandEyes at ZendeskThousandEyes
 
Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Cisco Canada
 
Tech Support in the Modern Age
Tech Support in the Modern AgeTech Support in the Modern Age
Tech Support in the Modern AgeLisa Menestrina
 
SQX Solution Day 2013 Q2 - Milestone Update
SQX Solution Day 2013 Q2 - Milestone UpdateSQX Solution Day 2013 Q2 - Milestone Update
SQX Solution Day 2013 Q2 - Milestone UpdateAlex Kwan
 
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...Nur Shiqim Chok
 
EMEA ENTERPRISE IT SOLUTIONS AND SECURITY SERVICES PROFILE.PDF
EMEA ENTERPRISE IT SOLUTIONS AND SECURITY SERVICES PROFILE.PDFEMEA ENTERPRISE IT SOLUTIONS AND SECURITY SERVICES PROFILE.PDF
EMEA ENTERPRISE IT SOLUTIONS AND SECURITY SERVICES PROFILE.PDFFaleh M.
 
Deliver Compelling Video Experiences at Scale
Deliver Compelling Video Experiences at ScaleDeliver Compelling Video Experiences at Scale
Deliver Compelling Video Experiences at ScaleRebekah Rodriguez
 
Step Into Security Webinar - Improving Physical Security on Your Campus
Step Into Security Webinar - Improving Physical Security on Your Campus Step Into Security Webinar - Improving Physical Security on Your Campus
Step Into Security Webinar - Improving Physical Security on Your Campus Keith Harris
 
How Enterprises will Benefit from SDN
How Enterprises will Benefit from SDN How Enterprises will Benefit from SDN
How Enterprises will Benefit from SDN Shashi Kiran
 
Cloud or Not to Cloud, That is the Question!
Cloud or Not to Cloud, That is the Question!Cloud or Not to Cloud, That is the Question!
Cloud or Not to Cloud, That is the Question!Cisco Service Provider
 
Network Analysis Tips & Tricks with Omnipeek
Network Analysis Tips & Tricks with OmnipeekNetwork Analysis Tips & Tricks with Omnipeek
Network Analysis Tips & Tricks with OmnipeekSavvius, Inc
 

Was ist angesagt? (20)

Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
 
What is NetOps? | NetOps Transformation
What is NetOps? | NetOps TransformationWhat is NetOps? | NetOps Transformation
What is NetOps? | NetOps Transformation
 
Deploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving InfrastructuresDeploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving Infrastructures
 
TFI2014 Session I - State of SDN - Recep Ozdag
TFI2014 Session I - State of SDN - Recep OzdagTFI2014 Session I - State of SDN - Recep Ozdag
TFI2014 Session I - State of SDN - Recep Ozdag
 
ThousandEyes at Zendesk
ThousandEyes at ZendeskThousandEyes at Zendesk
ThousandEyes at Zendesk
 
Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles
 
Tech Support in the Modern Age
Tech Support in the Modern AgeTech Support in the Modern Age
Tech Support in the Modern Age
 
SQX Solution Day 2013 Q2 - Milestone Update
SQX Solution Day 2013 Q2 - Milestone UpdateSQX Solution Day 2013 Q2 - Milestone Update
SQX Solution Day 2013 Q2 - Milestone Update
 
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
 
EMEA ENTERPRISE IT SOLUTIONS AND SECURITY SERVICES PROFILE.PDF
EMEA ENTERPRISE IT SOLUTIONS AND SECURITY SERVICES PROFILE.PDFEMEA ENTERPRISE IT SOLUTIONS AND SECURITY SERVICES PROFILE.PDF
EMEA ENTERPRISE IT SOLUTIONS AND SECURITY SERVICES PROFILE.PDF
 
Aruba wireless and clear pass 6 integration guide v1 1.3
Aruba wireless and clear pass 6 integration guide v1 1.3Aruba wireless and clear pass 6 integration guide v1 1.3
Aruba wireless and clear pass 6 integration guide v1 1.3
 
Pawel glowacki going_multi_tier
Pawel glowacki going_multi_tierPawel glowacki going_multi_tier
Pawel glowacki going_multi_tier
 
Deliver Compelling Video Experiences at Scale
Deliver Compelling Video Experiences at ScaleDeliver Compelling Video Experiences at Scale
Deliver Compelling Video Experiences at Scale
 
Step Into Security Webinar - Improving Physical Security on Your Campus
Step Into Security Webinar - Improving Physical Security on Your Campus Step Into Security Webinar - Improving Physical Security on Your Campus
Step Into Security Webinar - Improving Physical Security on Your Campus
 
RES - Lilbert Jones-1
RES - Lilbert Jones-1RES - Lilbert Jones-1
RES - Lilbert Jones-1
 
How Enterprises will Benefit from SDN
How Enterprises will Benefit from SDN How Enterprises will Benefit from SDN
How Enterprises will Benefit from SDN
 
2012 ah apj deploying byod
2012 ah apj deploying byod2012 ah apj deploying byod
2012 ah apj deploying byod
 
Cloud or Not to Cloud, That is the Question!
Cloud or Not to Cloud, That is the Question!Cloud or Not to Cloud, That is the Question!
Cloud or Not to Cloud, That is the Question!
 
Evolving the WAN for the Cloud, using SD-WAN & NFV
Evolving the WAN for the Cloud, using SD-WAN & NFV Evolving the WAN for the Cloud, using SD-WAN & NFV
Evolving the WAN for the Cloud, using SD-WAN & NFV
 
Network Analysis Tips & Tricks with Omnipeek
Network Analysis Tips & Tricks with OmnipeekNetwork Analysis Tips & Tricks with Omnipeek
Network Analysis Tips & Tricks with Omnipeek
 

Andere mochten auch

SplunkLive! Analytics with Splunk Enterprise
SplunkLive! Analytics with Splunk EnterpriseSplunkLive! Analytics with Splunk Enterprise
SplunkLive! Analytics with Splunk EnterpriseSplunk
 
AWS Summit Auckland - Sponsor Presentation - Splunk
AWS Summit Auckland - Sponsor Presentation - SplunkAWS Summit Auckland - Sponsor Presentation - Splunk
AWS Summit Auckland - Sponsor Presentation - SplunkAmazon Web Services
 
SplunkLive! München 2016 - Splunk für Security
SplunkLive! München 2016 - Splunk für SecuritySplunkLive! München 2016 - Splunk für Security
SplunkLive! München 2016 - Splunk für SecuritySplunk
 
SplunkLive! Hamburg 2016 - Use Case Otto
SplunkLive! Hamburg 2016 - Use Case OttoSplunkLive! Hamburg 2016 - Use Case Otto
SplunkLive! Hamburg 2016 - Use Case OttoSplunk
 
SplunkLive! München 2016 - Splunk @ Datev
SplunkLive! München 2016 - Splunk @ DatevSplunkLive! München 2016 - Splunk @ Datev
SplunkLive! München 2016 - Splunk @ DatevSplunk
 
Splunk sales presentation
Splunk sales presentationSplunk sales presentation
Splunk sales presentationjpelletier123
 
Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per... Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per...Splunk
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk OverviewSplunk
 

Andere mochten auch (9)

Hq pixton nte rm
Hq pixton nte rmHq pixton nte rm
Hq pixton nte rm
 
SplunkLive! Analytics with Splunk Enterprise
SplunkLive! Analytics with Splunk EnterpriseSplunkLive! Analytics with Splunk Enterprise
SplunkLive! Analytics with Splunk Enterprise
 
AWS Summit Auckland - Sponsor Presentation - Splunk
AWS Summit Auckland - Sponsor Presentation - SplunkAWS Summit Auckland - Sponsor Presentation - Splunk
AWS Summit Auckland - Sponsor Presentation - Splunk
 
SplunkLive! München 2016 - Splunk für Security
SplunkLive! München 2016 - Splunk für SecuritySplunkLive! München 2016 - Splunk für Security
SplunkLive! München 2016 - Splunk für Security
 
SplunkLive! Hamburg 2016 - Use Case Otto
SplunkLive! Hamburg 2016 - Use Case OttoSplunkLive! Hamburg 2016 - Use Case Otto
SplunkLive! Hamburg 2016 - Use Case Otto
 
SplunkLive! München 2016 - Splunk @ Datev
SplunkLive! München 2016 - Splunk @ DatevSplunkLive! München 2016 - Splunk @ Datev
SplunkLive! München 2016 - Splunk @ Datev
 
Splunk sales presentation
Splunk sales presentationSplunk sales presentation
Splunk sales presentation
 
Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per... Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per...
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
 

Ähnlich wie Network Forensics for Splunk, an Emulex presentation

Introducing Endace Packets - EndaceVision™ with Protocol Decodes
Introducing Endace Packets - EndaceVision™ with Protocol DecodesIntroducing Endace Packets - EndaceVision™ with Protocol Decodes
Introducing Endace Packets - EndaceVision™ with Protocol DecodesEmulex Corporation
 
An Introduction to the Emulex Network Xceleration Solution – FastStack™ Sniff...
An Introduction to the Emulex Network Xceleration Solution – FastStack™ Sniff...An Introduction to the Emulex Network Xceleration Solution – FastStack™ Sniff...
An Introduction to the Emulex Network Xceleration Solution – FastStack™ Sniff...Emulex Corporation
 
Using Network Recording and Search to Improve IT Service Delivery
Using Network Recording and Search to Improve IT Service DeliveryUsing Network Recording and Search to Improve IT Service Delivery
Using Network Recording and Search to Improve IT Service DeliveryEmulex Corporation
 
Integrating and Optimizing Suricata with FastStack™ Sniffer10G™
Integrating and Optimizing Suricata with FastStack™ Sniffer10G™Integrating and Optimizing Suricata with FastStack™ Sniffer10G™
Integrating and Optimizing Suricata with FastStack™ Sniffer10G™Emulex Corporation
 
Scaling small cell deployment - Why current tools are inadequate
Scaling small cell deployment - Why current tools are inadequateScaling small cell deployment - Why current tools are inadequate
Scaling small cell deployment - Why current tools are inadequateDavid Chambers
 
EMC isilon for -media-and-entertainment-sales-deck
EMC isilon for -media-and-entertainment-sales-deckEMC isilon for -media-and-entertainment-sales-deck
EMC isilon for -media-and-entertainment-sales-decksolarisyougood
 
How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...Community Protection Forum
 
Using NetFlow to Improve Network Visibility and Application Performance
Using NetFlow to Improve Network Visibility and Application PerformanceUsing NetFlow to Improve Network Visibility and Application Performance
Using NetFlow to Improve Network Visibility and Application PerformanceEmulex Corporation
 
Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2Srinivasa Addepalli
 
SplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomSplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomSplunk
 
Cross Domain Cyber Situational Awareness in a Multi Cloud, Multi-Network Fede...
Cross Domain Cyber Situational Awareness in a Multi Cloud, Multi-Network Fede...Cross Domain Cyber Situational Awareness in a Multi Cloud, Multi-Network Fede...
Cross Domain Cyber Situational Awareness in a Multi Cloud, Multi-Network Fede...SolarWinds
 
SplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomSplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomGeorg Knon
 
SplunkLive! Wien 2016 - Use Case Swisscom
SplunkLive! Wien 2016 - Use Case SwisscomSplunkLive! Wien 2016 - Use Case Swisscom
SplunkLive! Wien 2016 - Use Case SwisscomSplunk
 
stackArmor - Security MicroSummit - McAfee
stackArmor - Security MicroSummit - McAfeestackArmor - Security MicroSummit - McAfee
stackArmor - Security MicroSummit - McAfeeGaurav "GP" Pal
 
Oracle ExaLogic Overview
Oracle ExaLogic OverviewOracle ExaLogic Overview
Oracle ExaLogic OverviewPeter Doolan
 
Seize the Cloud - Proven Tactics From a Successful Service Provider
Seize the Cloud - Proven Tactics From a Successful Service ProviderSeize the Cloud - Proven Tactics From a Successful Service Provider
Seize the Cloud - Proven Tactics From a Successful Service ProviderCA Nimsoft
 
VMworld 2013: Network Function Virtualization in the Cloud: Case for Enterpri...
VMworld 2013: Network Function Virtualization in the Cloud: Case for Enterpri...VMworld 2013: Network Function Virtualization in the Cloud: Case for Enterpri...
VMworld 2013: Network Function Virtualization in the Cloud: Case for Enterpri...VMworld
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...TheAnfieldGroup
 
Netpod - The Merging of NPM & APM
Netpod - The Merging of NPM & APMNetpod - The Merging of NPM & APM
Netpod - The Merging of NPM & APMBoni Bruno
 

Ähnlich wie Network Forensics for Splunk, an Emulex presentation (20)

Introducing Endace Packets - EndaceVision™ with Protocol Decodes
Introducing Endace Packets - EndaceVision™ with Protocol DecodesIntroducing Endace Packets - EndaceVision™ with Protocol Decodes
Introducing Endace Packets - EndaceVision™ with Protocol Decodes
 
An Introduction to the Emulex Network Xceleration Solution – FastStack™ Sniff...
An Introduction to the Emulex Network Xceleration Solution – FastStack™ Sniff...An Introduction to the Emulex Network Xceleration Solution – FastStack™ Sniff...
An Introduction to the Emulex Network Xceleration Solution – FastStack™ Sniff...
 
Using Network Recording and Search to Improve IT Service Delivery
Using Network Recording and Search to Improve IT Service DeliveryUsing Network Recording and Search to Improve IT Service Delivery
Using Network Recording and Search to Improve IT Service Delivery
 
Integrating and Optimizing Suricata with FastStack™ Sniffer10G™
Integrating and Optimizing Suricata with FastStack™ Sniffer10G™Integrating and Optimizing Suricata with FastStack™ Sniffer10G™
Integrating and Optimizing Suricata with FastStack™ Sniffer10G™
 
Scaling small cell deployment - Why current tools are inadequate
Scaling small cell deployment - Why current tools are inadequateScaling small cell deployment - Why current tools are inadequate
Scaling small cell deployment - Why current tools are inadequate
 
EMC isilon for -media-and-entertainment-sales-deck
EMC isilon for -media-and-entertainment-sales-deckEMC isilon for -media-and-entertainment-sales-deck
EMC isilon for -media-and-entertainment-sales-deck
 
How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...
 
Using NetFlow to Improve Network Visibility and Application Performance
Using NetFlow to Improve Network Visibility and Application PerformanceUsing NetFlow to Improve Network Visibility and Application Performance
Using NetFlow to Improve Network Visibility and Application Performance
 
Emerging IoT in the Energy Sector
Emerging IoT in the Energy SectorEmerging IoT in the Energy Sector
Emerging IoT in the Energy Sector
 
Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2
 
SplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomSplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case Swisscom
 
Cross Domain Cyber Situational Awareness in a Multi Cloud, Multi-Network Fede...
Cross Domain Cyber Situational Awareness in a Multi Cloud, Multi-Network Fede...Cross Domain Cyber Situational Awareness in a Multi Cloud, Multi-Network Fede...
Cross Domain Cyber Situational Awareness in a Multi Cloud, Multi-Network Fede...
 
SplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomSplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case Swisscom
 
SplunkLive! Wien 2016 - Use Case Swisscom
SplunkLive! Wien 2016 - Use Case SwisscomSplunkLive! Wien 2016 - Use Case Swisscom
SplunkLive! Wien 2016 - Use Case Swisscom
 
stackArmor - Security MicroSummit - McAfee
stackArmor - Security MicroSummit - McAfeestackArmor - Security MicroSummit - McAfee
stackArmor - Security MicroSummit - McAfee
 
Oracle ExaLogic Overview
Oracle ExaLogic OverviewOracle ExaLogic Overview
Oracle ExaLogic Overview
 
Seize the Cloud - Proven Tactics From a Successful Service Provider
Seize the Cloud - Proven Tactics From a Successful Service ProviderSeize the Cloud - Proven Tactics From a Successful Service Provider
Seize the Cloud - Proven Tactics From a Successful Service Provider
 
VMworld 2013: Network Function Virtualization in the Cloud: Case for Enterpri...
VMworld 2013: Network Function Virtualization in the Cloud: Case for Enterpri...VMworld 2013: Network Function Virtualization in the Cloud: Case for Enterpri...
VMworld 2013: Network Function Virtualization in the Cloud: Case for Enterpri...
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
 
Netpod - The Merging of NPM & APM
Netpod - The Merging of NPM & APMNetpod - The Merging of NPM & APM
Netpod - The Merging of NPM & APM
 

Mehr von Emulex Corporation

Acronym Soup – NFV, SDN, OVN and VNF
Acronym Soup – NFV, SDN, OVN and VNFAcronym Soup – NFV, SDN, OVN and VNF
Acronym Soup – NFV, SDN, OVN and VNFEmulex Corporation
 
Improving Incident Response: Building a More Efficient IT Infrastructure
Improving Incident Response: Building a More Efficient IT InfrastructureImproving Incident Response: Building a More Efficient IT Infrastructure
Improving Incident Response: Building a More Efficient IT InfrastructureEmulex Corporation
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsEmulex Corporation
 
Linked in Twitter Facebook Google+ Email Embed Share Flash Across Virtualized...
Linked in Twitter Facebook Google+ Email Embed Share Flash Across Virtualized...Linked in Twitter Facebook Google+ Email Embed Share Flash Across Virtualized...
Linked in Twitter Facebook Google+ Email Embed Share Flash Across Virtualized...Emulex Corporation
 
Tap DANZing - Arista Networks Redefining the Cost of Accessing Network Traffic
Tap DANZing - Arista Networks Redefining the Cost of Accessing Network TrafficTap DANZing - Arista Networks Redefining the Cost of Accessing Network Traffic
Tap DANZing - Arista Networks Redefining the Cost of Accessing Network TrafficEmulex Corporation
 
First Look Webcast: OneCore Storage SDK 3.6 Roll-out and Walkthrough
First Look Webcast: OneCore Storage SDK 3.6 Roll-out and WalkthroughFirst Look Webcast: OneCore Storage SDK 3.6 Roll-out and Walkthrough
First Look Webcast: OneCore Storage SDK 3.6 Roll-out and WalkthroughEmulex Corporation
 
Why I/O is Strategic for Convergence - with 451 Research
Why I/O is Strategic for Convergence - with 451 ResearchWhy I/O is Strategic for Convergence - with 451 Research
Why I/O is Strategic for Convergence - with 451 ResearchEmulex Corporation
 
Emulex and the Evaluator Group Present Why I/O is Strategic for Big Data
Emulex and the Evaluator Group Present Why I/O is Strategic for Big Data Emulex and the Evaluator Group Present Why I/O is Strategic for Big Data
Emulex and the Evaluator Group Present Why I/O is Strategic for Big Data Emulex Corporation
 
Emulex and IDC Present Why I/O is Strategic for the Cloud
Emulex and IDC Present Why I/O is Strategic for the Cloud Emulex and IDC Present Why I/O is Strategic for the Cloud
Emulex and IDC Present Why I/O is Strategic for the Cloud Emulex Corporation
 
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...Emulex Corporation
 
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...Emulex Corporation
 
Emulex and Enterprise Strategy Group Present Why I/O is Strategic for Virtual...
Emulex and Enterprise Strategy Group Present Why I/O is Strategic for Virtual...Emulex and Enterprise Strategy Group Present Why I/O is Strategic for Virtual...
Emulex and Enterprise Strategy Group Present Why I/O is Strategic for Virtual...Emulex Corporation
 
Introducing OneCommand Vision 3.0, I/O management that gives your application...
Introducing OneCommand Vision 3.0, I/O management that gives your application...Introducing OneCommand Vision 3.0, I/O management that gives your application...
Introducing OneCommand Vision 3.0, I/O management that gives your application...Emulex Corporation
 
Emulex Presents Why I/O is Strategic Global Survey Results
Emulex Presents Why I/O is Strategic Global Survey ResultsEmulex Presents Why I/O is Strategic Global Survey Results
Emulex Presents Why I/O is Strategic Global Survey ResultsEmulex Corporation
 
Optimizing Performance of your Oracle Database using 8Gb Fibre Channel
Optimizing Performance of your Oracle Database using 8Gb Fibre ChannelOptimizing Performance of your Oracle Database using 8Gb Fibre Channel
Optimizing Performance of your Oracle Database using 8Gb Fibre ChannelEmulex Corporation
 
How to Increase Performance and Virtualization Efficiency with Emulex 16Gb FC...
How to Increase Performance and Virtualization Efficiency with Emulex 16Gb FC...How to Increase Performance and Virtualization Efficiency with Emulex 16Gb FC...
How to Increase Performance and Virtualization Efficiency with Emulex 16Gb FC...Emulex Corporation
 
Maximize Server Refresh Revenue with Emulex 8GB Fibre Channel and the Emulex ...
Maximize Server Refresh Revenue with Emulex 8GB Fibre Channel and the Emulex ...Maximize Server Refresh Revenue with Emulex 8GB Fibre Channel and the Emulex ...
Maximize Server Refresh Revenue with Emulex 8GB Fibre Channel and the Emulex ...Emulex Corporation
 
Everything you wanted to know about cabling but were afraid to ask
Everything you wanted to know about cabling but were afraid to askEverything you wanted to know about cabling but were afraid to ask
Everything you wanted to know about cabling but were afraid to askEmulex Corporation
 

Mehr von Emulex Corporation (20)

Acronym Soup – NFV, SDN, OVN and VNF
Acronym Soup – NFV, SDN, OVN and VNFAcronym Soup – NFV, SDN, OVN and VNF
Acronym Soup – NFV, SDN, OVN and VNF
 
Improving Incident Response: Building a More Efficient IT Infrastructure
Improving Incident Response: Building a More Efficient IT InfrastructureImproving Incident Response: Building a More Efficient IT Infrastructure
Improving Incident Response: Building a More Efficient IT Infrastructure
 
SC Magazine eSymposium: SIEM
SC Magazine eSymposium: SIEMSC Magazine eSymposium: SIEM
SC Magazine eSymposium: SIEM
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
 
The Great IT Migration
The Great IT MigrationThe Great IT Migration
The Great IT Migration
 
Linked in Twitter Facebook Google+ Email Embed Share Flash Across Virtualized...
Linked in Twitter Facebook Google+ Email Embed Share Flash Across Virtualized...Linked in Twitter Facebook Google+ Email Embed Share Flash Across Virtualized...
Linked in Twitter Facebook Google+ Email Embed Share Flash Across Virtualized...
 
Tap DANZing - Arista Networks Redefining the Cost of Accessing Network Traffic
Tap DANZing - Arista Networks Redefining the Cost of Accessing Network TrafficTap DANZing - Arista Networks Redefining the Cost of Accessing Network Traffic
Tap DANZing - Arista Networks Redefining the Cost of Accessing Network Traffic
 
First Look Webcast: OneCore Storage SDK 3.6 Roll-out and Walkthrough
First Look Webcast: OneCore Storage SDK 3.6 Roll-out and WalkthroughFirst Look Webcast: OneCore Storage SDK 3.6 Roll-out and Walkthrough
First Look Webcast: OneCore Storage SDK 3.6 Roll-out and Walkthrough
 
Why I/O is Strategic for Convergence - with 451 Research
Why I/O is Strategic for Convergence - with 451 ResearchWhy I/O is Strategic for Convergence - with 451 Research
Why I/O is Strategic for Convergence - with 451 Research
 
Emulex and the Evaluator Group Present Why I/O is Strategic for Big Data
Emulex and the Evaluator Group Present Why I/O is Strategic for Big Data Emulex and the Evaluator Group Present Why I/O is Strategic for Big Data
Emulex and the Evaluator Group Present Why I/O is Strategic for Big Data
 
Emulex and IDC Present Why I/O is Strategic for the Cloud
Emulex and IDC Present Why I/O is Strategic for the Cloud Emulex and IDC Present Why I/O is Strategic for the Cloud
Emulex and IDC Present Why I/O is Strategic for the Cloud
 
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
 
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
 
Emulex and Enterprise Strategy Group Present Why I/O is Strategic for Virtual...
Emulex and Enterprise Strategy Group Present Why I/O is Strategic for Virtual...Emulex and Enterprise Strategy Group Present Why I/O is Strategic for Virtual...
Emulex and Enterprise Strategy Group Present Why I/O is Strategic for Virtual...
 
Introducing OneCommand Vision 3.0, I/O management that gives your application...
Introducing OneCommand Vision 3.0, I/O management that gives your application...Introducing OneCommand Vision 3.0, I/O management that gives your application...
Introducing OneCommand Vision 3.0, I/O management that gives your application...
 
Emulex Presents Why I/O is Strategic Global Survey Results
Emulex Presents Why I/O is Strategic Global Survey ResultsEmulex Presents Why I/O is Strategic Global Survey Results
Emulex Presents Why I/O is Strategic Global Survey Results
 
Optimizing Performance of your Oracle Database using 8Gb Fibre Channel
Optimizing Performance of your Oracle Database using 8Gb Fibre ChannelOptimizing Performance of your Oracle Database using 8Gb Fibre Channel
Optimizing Performance of your Oracle Database using 8Gb Fibre Channel
 
How to Increase Performance and Virtualization Efficiency with Emulex 16Gb FC...
How to Increase Performance and Virtualization Efficiency with Emulex 16Gb FC...How to Increase Performance and Virtualization Efficiency with Emulex 16Gb FC...
How to Increase Performance and Virtualization Efficiency with Emulex 16Gb FC...
 
Maximize Server Refresh Revenue with Emulex 8GB Fibre Channel and the Emulex ...
Maximize Server Refresh Revenue with Emulex 8GB Fibre Channel and the Emulex ...Maximize Server Refresh Revenue with Emulex 8GB Fibre Channel and the Emulex ...
Maximize Server Refresh Revenue with Emulex 8GB Fibre Channel and the Emulex ...
 
Everything you wanted to know about cabling but were afraid to ask
Everything you wanted to know about cabling but were afraid to askEverything you wanted to know about cabling but were afraid to ask
Everything you wanted to know about cabling but were afraid to ask
 

Kürzlich hochgeladen

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 

Kürzlich hochgeladen (20)

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 

Network Forensics for Splunk, an Emulex presentation

  • 1. Network Forensics for Splunkers Matt Walmsley, EMEA Marketing Tom Jones, Sales Engineer Emulex, Endace Division
  • 3. The Networking Wheel of Life! APM NPM IPS / IDS Firewall WAN Op QoS 3 Recording & Forensics Analysis & Intervention Emulex Confidential - © 2013 Emulex Corporation
  • 4. # Events Time is… Money / Safety / Advantage / Reputation • Reduce Slow To Fix Items • Identify Root Cause & Fix Savings Time to Resolution
  • 5. The 3 E of Great Interventions Skills & Knowledge Experience & Context Evidence Understanding • Efficient • Economic • Effective Decision Making Intervention 5 Emulex Confidential - © 2013 Emulex Corporation
  • 6. Collecting Evidence - Recording Evolution Interesting Vs. Important 6 Specialised Vs. Generalised Emulex Confidential - © 2013 Emulex Corporation
  • 7. Intelligent Network Recording Generalised Enterprise Banking & Trading National Security Specialised 7 Emulex Confidential - © 2013 Emulex Corporation
  • 8. Endace – The Packet Capture Experts World leader in network recording 10+ years selling security solutions to global clients – Govt, Traders, Telco & Enterprise Reputation for accuracy, scalability & performance A division of Emulex 8 Emulex Confidential - © 2013 Emulex Corporation
  • 9. Intelligent Network Recording - Use Cases Application Performance Management Custom Security Operations Legal Intercept Network Infrastructure Operations Audit & Compliance 9 Emulex Confidential - © 2013 Emulex Corporation
  • 10. Intelligent Network Recording - Deployment Intelligent Network Recorder “Probe” Network Traffic Analysis App • High Speed, High Fidelity Packet Capture Appliance • Packet Processing and Indexing • Storage and Retrieval • Traffic Profiling & Visualisation • Packet Analysis • Integration with other networking tools 10 Emulex Confidential - © 2013 Emulex Corporation
  • 11. Endace Network Recording - Infrastructure EndaceProbe™ INR EndaceAccess™ Endace Open Hosting Platform(ODE) High Performance Intelligent Network Recording Network Visibility Headend Hosting Platform for Monitoring Apps Up to 64 TB storage Mix of 1 and 10GbE ports Allows EndaceProbe INRs/ODE to scale to 40 and 100GbE 8x1GbE or 4x10GbE Ports Up to 16 TB internal storage; FC support for SAN 11 Emulex Confidential - © 2013 Emulex Corporation Endace NetFlow Generator High-Speed NetFlow Generation for 10GbE Networks 4x10GbE Ports
  • 12. How Much Network Visibility Do You Need? High Definition – Endace Vision • See microbursts • Know exactly what data has been compromised • Identify issues impacting services and security application performance Low Definition • 12 Emulex Confidential - © 2013 Emulex Corporation The visibility most solutions provide
  • 13. EndaceVision - Actionable Insight Bandwidth Over Time TCP/IP Conversations Traffic over time 13 Traffic breakdown and analysis Top Talkers Workflow Emulex Confidential - © 2013 Emulex Corporation
  • 14. EndaceVision - Integrated and Open APM NPM IDS HFT EndaceFusion EndaceProbe Integration with “best of breed” solutions – API and hypervisor – All tools share data from same secure location in datacenter – Automated workflow, “pivot to packets” speeds up issue resolution Lower Investment While Increasing ROI – Reduce device count – Plan and train staff on the tools that fit customer situation best 14 Emulex Confidential - © 2013 Emulex Corporation
  • 15. Endace Solution - Key Features • Market Leading Performance • 100% High fidelity packet capture • 10/100/1G/10G/40G/100GbE • 64TB on board storage • FC SAN offload • Multi-unit “Sledging” • Distributed Recording Fabric • Multiple EndaceProbe INRs, single recording fabric • Traffic search and visualisation • Diverse, concurrent multiple uses • Open and Flexible Integration • Endace dock hypervisor • RESTfull API • Endace Fusion solution ecosystem 15 Emulex Confidential - © 2013 Emulex Corporation
  • 16. Splunk & Endace – Macro and Micro Log lines are a summary or interpretation of an event Packets are the ground truth from which these are derived Fusion connector links the two with a single click Endace’s depth complements Splunk’s breadth 16 Emulex Confidential - © 2013 Emulex Corporation
  • 17. Feeding and Enabling Splunk EndaceProbe INR Generated Logs and Netflow Events 17 Splunk Generated Enquiries Emulex Confidential - © 2013 Emulex Corporation
  • 18. Optimising Event Management Workflow Event Occurrence 18 Splunk Alert Click to Traffic Search Request Emulex Confidential - © 2013 Emulex Corporation Packet drill down and inspection Traffic Analysis and Visualisation
  • 19. Example Case – Finance / Trading Solution Context • Network performance is critical to $ services • Latency and outage intolerant • Multiple management tools Solution • Integrated network monitoring and security for a low latency 10GbE network Products • Splunk! • EndaceProbe™ INR • Endace Fusion Connector for Splunk • EndaceVision™ 19 Key Benefits • Greater insight into critical network issues • Reduce time-to-resolution (TTR) • Lower operational expenditures (OPEX) Emulex Confidential - © 2013 Emulex Corporation
  • 20. Real World Feedback “While consolidating network monitoring and security tools was the primary need for the EndaceProbe INR, it was put to work even before the official deployment. the pilot and immediately discovered a security breach that had gone undetected with their existing tools, providing an immediate return on investment for the EndaceProbe INR 7000.” “The EndaceProbe INR has been 100% reliable for us and we are impressed with its robust capabilities. We use it extensively and, coupled with the Fusion Connector for Splunk, are extremely happy with the results.” Global Head of Networks 20 Emulex Confidential - © 2013 Emulex Corporation
  • 21. Endace Helps You Enable the “3 E” Understand macro and micro situation Reduce Time to Resolution Efficient Economic Effective Stop Recurrent Events 21 Reduce slow / hard to fix items Fix Route Cause Emulex Confidential - © 2013 Emulex Corporation
  • 22. Which Means You Get… Less stress, improved results Uninterrupted weekends and evenings Happy family, boss and stakeholders 22 Emulex Confidential - © 2013 Emulex Corporation
  • 23. Resources & Info www.emulex.com Video 23 Solution Brief Blog www.marquest.com Emulex Confidential - © 2013 Emulex Corporation Splunk Connector App Testing Brief
  • 24. Questions? Thank you for your attention
  • 25. 25 Emulex Confidential - © 2013 Emulex Corporation

Hinweis der Redaktion

  1. The Endace product line consists of three hardware products (EndaceProbe INR, Endace NGA, EndaceODE) that provide network traffic capture capabilities. The EndaceAccess product allows for recording of 40GbE and 100GbE network traffic by breaking up the network stream across multiple INRs. EndaceVision is a software tool that provides visibility and visualization of network traffic that has been captured and recorded by the Endace hardware products. These products are powered by our Endace DAG card technology, which we also sell to large government and telecom customers.We also integrate with a variety of tools. These include:EndaceProbe Intelligent Packet Recorder: Integrates through RESTful API with Splunk and Compuware today.Endace Netflow Generator Appliance (NGA): Integrates with SevOne and Arbor Networks NetOps analysis tools, and with Lancope security analysis tool.Roughly 20% of the Endace product line’s overall revenue comes from DAG card sales. These sales are generally to large government security agencies and to telecom carriers. Of the non-DAG card revenue, the vast bulk of it (~70%) comes from the EndaceProbe INR. The Endace NGA is a new product that represented 10% of our total revenue last quarter, which we expect to grow over time.
  2. Complete and accurate network visibility is critical to today’s enterprises. This chart (from the EndaceVision tool) graphically demonstrates the difference in visibility between low-res (sampling) network recorders and high-res (100% capture) network recorders from Emulex. Here you can see that the low-res tool did not provide the user with visibility into microbursts that were occurring that were at or near full network bandwidth. Without that visibility, it would be impossible to identify which applications and/or users were causing these microbursts, which could adversely impact the performance of critical applications.
  3. One of the biggest differentiators for our visualization tools comes from our partnership with a variety of best-in-breed network packet broker (NPB), Network Performance Management (NPM), Application Performance Management (APM), and Security Event Management (SEM) tool vendors. We have names these partnerships the Endace Fusion Alliance. The Endace Fusion Alliance enables customers to build NPM/APM/SEM suites that meet their exact needs, and is in contrast to integrated tools, which force customers to buy tools that they may or may not need. The benefit to customers of this best-in-breed approach is lower CapEx (less tools and recording hardware to buy) and lower OpEx (less training, quicker time to resolution of network issues). This also provides channel partners with additional opportunities to integrate custom suites of tools together for customers, increasing their “share of wallet”.
  4. So what does all this mean?It means that you get to make quicker decisions about how to respond to events, and to have confidence in those decisions.You get to deal with those annoying recurring events.You save your company loads of money by reducing the area under the curve and you get to be a hero.