SlideShare ist ein Scribd-Unternehmen logo

Symantec Webinar | Security Analytics Breached! Next Generation Network Forensics for the Cloud

Symantec
Symantec

An online gaming company experienced a potential network breach but lacked the tools to investigate what happened. Network forensics tools are needed to quickly detect breaches, determine scope and source, and speed response times. Security analytics provides integrated network monitoring, packet capture, and threat intelligence to give full visibility into network activity and reconstruct evidence for focused incident response. It reduces uncertainty and delays compared to using fragmented, log-based tools lacking rich network data and context.

Technologie
1 von 33
Downloaden Sie, um offline zu lesen
Breached! Next Generation Network Forensics for the Cloud Dennis Carpio Sr. DirectorBusiness Development; Ixia Karl Vogel World Wide Solution Architect,NetworkForensics & Malware Analysis; Symantec
The Need for Network (and Cloud) Forensics
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Online Gaming Company in Chaos The Need for Network Forensics – Painful Story 3 Had no way to confirm or deny… Concerns about brand and reputational impact… People and big $ thrown at the problem… Informed we may be the victim of a breach “Why can’t you prove if this happened or not”… Urgent, high-priority project spun up…
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY The “Average” Enterprise 4 Cannot Quickly Detect or Accurately Assess Impact of an Incident TODAY’S REALITY RESOLUTION INCIDENT IDENTIFIED TIME TO DETECTION 197DAYS TIME TO RESPONSE 69 DAYS IBM2018 DataBreachStudy (conducted by Ponemon) BREACH • Damage occurring for over six months before detection • …and is not resolved for over two months after identified Average Breach Cost - $3.86M
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Complete Answers for Focused Resolution Security Analytics 5 Security Analytics – System of Record Security Analytics doesn’t disrupt the Networking/IT department Records all traffic – 24/7 lossless packet capture (header and payload) – Days/weeks/months Massive Intelligence – Enriches with Symantec and 3rd party threat and reputation data Reconstructs All Evidence – Artifacts, flows, files, and activity in human-readable form At a minimum, organizations should capture 30 days’ of packet data. 60 days’ worth is even better.”
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Incident Response Challenges What Net Ops Requires: “Don’t complicateour network and don’t slow it down!” Incident Response Challenge: “Existing tools leave information holes, an incomplete picture, and difficulty in determining the incident source and scope – increasing my time-to-resolution.” Working with a fragmented toolset increases workload and delays resolution Log and event- based investigations lack depth of data to quickly find source/scope Inability to recreate exact evidence leads to uncertainty and extended exposure Limited correlation betweendata, security intel and activity leads to undetected breaches 6
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Incident Response Challenges 7 Working with a fragmented toolset increases workload and delays resolution
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Insufficient for effective investigations Issue: Fragmented Tools and Limited Data 8 Incident Response Firewall saysit’s web traffic – from Gmail3 Firewall Proxy says URL was suspicious5 Proxy Endpointsays it was unknown7 Endpoint DLP says nothingwas leaked4 DLP Now capture a simple PCAP – Reactive – Too late8 Simple PCAP SIEM says this shouldbe investigated2 SIEM Uncertainty • Multiple disjointed stepsand productInterfaces • No smooth integrated workflow • No actualevidence and questions go unanswered • Time-consuming and costly IPS says no network threat6 IPS Sandbox sends alert – Malicious file!1 Sandbox
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 1. Alert fromSIEMor other tool – Pivot into Security Analytics Alerts Dashboard (Open API) Smooth workflow and resolution Security Analytics – Deliver Integrated IR 9 Incident Response with Security Analytics 1 2 3 4 5 6 Open Security Analytics API Ticketing EDR SOAR Integrated Alerting Integrated Workflow Sandbox Firewall Endpoint 3rd party SIEM 2. Narrowed scope of investigation, eliminating noise – malicious file fromsandboxresults (CustomizableReports/Dashboard) 3. Determine reputation of file and the site sourcing the file (focused threat intel reports) 4. Trace rootcause and produceall associated artifacts – Web pages, files, executables, etc. (extractions & Root Cause Explorer) 5. Dive deeper/wider and see related activity (replay traffic, packet analyzer, geolocation, customreports) 6. With full source/scoperesolve with surgical precision 1 2 3 4 5 6
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Incident Response Challenges 10 Working with a fragmented toolset increases workload and delays resolution Log and event- based investigations lack depth of data to quickly find source/scope
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Unable to quickly investigate and identify source of breach Issue: Log & Event-based Tools Lack Depth 11 Basic Packet Capture Difficult to acquire and manage data from multiple sources No event reconstruction Can’t regenerate human-readable files No context of what happened before, during and after alert Full packet capture has been costly and reactive –it’s too late Simple capture is slow – can’t keepup with 10Gb+ Networks Difficult to navigate – linear searchof TBs of data Lacks enrichment using available threat intel
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Global Intelligence Network PEScanner,jSUNPACK, Geolocation…more Symantec Content Analysis 24/7 enriched recording of all traffic Full Packet Capture = Deep Investigations 12 Data Capture, Enrichment, Retention Ensure you capture the breachbefore youknow youwere breached – 24/7 full packet recording Indexedandenriched packets improve search performance – massive reputationandthreat intel Retainwhat youneedfor long-term,retrospective analysis – Days,weeks, months of metadata and packet retention Replay specific trafficto support required workflow – specify timeframe,combine segments, throttle “Security Analytics gives us the abilityto lookat historical records…Nowwe can analyze what happened 15 minutes ago or 15 days ago…what led to a security alert,and what happened.”
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Incident Response Challenges 13 Working with a fragmented toolset increases workload and delays resolution Log and event- based investigations lack depth of data to quickly find source/scope Inability to recreate exact evidence leads to uncertainty and extended exposure
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Difficult to visualize actual artifacts– email, texts,html pages, PDF or .exe Creating timeline of network and file activity is a difficult and time-consuming Hard to answer “what happened, how, when, what was impacted?” Packet analysis requires special skills – It isn’t intuitive Evidence gathering is difficult and time-consuming Issue: Lack of Evidence Means Uncertainty 14 ?? Where’s the evidence.”
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Real Evidence for Laser-focused Response Paint a Clear Picture of Any Attack 15 Evidence Discovery and Delivery Deliver human-readable evidence: Images Multimedia, Office,PDF, DLL,EXE,HTML, Java, FTP, email and more Know where yourtraffic is comingfrom - Identify traffic andvolume on mapand filterand alert ontraffic to suspect countries SEE what’s crossingyour network – View and analyze all images and audio files Save time finding the source – chaintogether HTTPreferrers .EXE .EXE You’ve made manyof the more time-consumingtasks as simple as pushinga button.”
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Incident Response Challenges 16 Working with a fragmented toolset increases workload and delays resolution Log and event- based investigations lack depth of data to quickly find source/scope Inability to recreate exact evidence leads to uncertainty and extended exposure Limited correlation betweendata, security intel and activity leads to undetected breaches
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY I need to now before negative effects Issue: Incident Response Isn’t Proactive 17 Recon Weaponization Delivery Exploitation Installation Command & Control Exfiltration Unknown files are either malicious or safe Sandboxingis manual and often too late to make a ruling I don’t know what unique threats are targeting my network? Without knowing“normal”activity,finding“abnormal” activityand targeted attacks is difficult – Too much noise I need proactive alerts to stop threats early in the “kill chain”? At the proactiveIR maturity level, unknown data(web pages, PDFs, email attachments, etc.)are also automaticallyinvestigated.
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Reduce effort and respond faster Proactive Detection and Incident Response 18 Proactive Incident Response Customize Alerts Dashboardandreports to prioritize response Leverage Anomaly Detection: Establisha baseline of normal Observe and identify anomalies Automate additional analysis basedon indicators – alert,export to PCAP, send to sandbox, etc. Use Sandboxingto turn “unknown” files into knownsafe ormalicious 100’s of Pre-built Indicators Customize Your Own Know Abnormal … Find Evil Organizations need to understand their environmentand what constitutes normaland abnormal behavior”
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Security Analytics – Architecture SA sits passively off the network. InOCIandAWSuses IXIA CloudLens to duplicate packets andsendcopies to SA Captures all network traffic(packet header/payload) Taps GIN andoutside threat intelligence to enrichpacket data Unknownfiles sent to Content Analysis/3rd party to Sandbox Alerts fromSAorother tools may trigger aninvestigation Incident response teamfinds source/scope ofattack,resolves Execute& Isolate SA CA GIN + 3rd Party Reputation SEP/ATP Virtual TAP 19
Ixia Network Visibility 20
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY End-to-End Monitoring Fabric (Data Center/Cloud/Edge) Intelligent Visibility Everywhere 21 Packet Capture Threat Intelligence Data Reconstruction Compliance Incident Response Data Center Cloud Edge SDN Industrial SecurityAnalytics NetworkVisibility • Powerful packetcapture,comprehensive forensicsrecording • Threat intelligence anddata enrichment • Acceleratedincidentresponse,deepinvestigation • Monitoring fabricfor data collectionand distribution • L2/7 filtering,advancedfeaturesforoptimizedconsumption • Real-time networktrafficintelligence andinsight
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Offload Advanced Capabilities Security Monitoring Optimized by Ixia 22 Use features simultaneously,without packet loss! NetStack • 3 Stages of Filtering • Dynamic Filter Compiler • VLAN Tagging • Aggregation • Replication • Load Balancing PacketStack • Deduplication • Header Stripping • Protocol Trimming • Timestamping • Data Masking • NetFlow • GRE Tunneling • Burst Protection AppStack • Application Filtering • Optional RegEx filtering • Geolocation & Tagging • IxFlow • Data Masking+ • PCAP • Real-time Dashboard CloudLens • Data Collection • Auto Scaling • Filtering • Aggregation • Replication
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY LeveragingIxia VisionOne NetworkPacket Brokersand NetworkTaps Deploying Security Analytics in the Data Center SSLv Security Analytics IDS Tool NPMTool Network Packet Broker Improvedetection capabilities into hidden threats: • Ixia collects trafficfrom multiple networksources,then aggregates and filters to the right monitoringtool • SSLv decrypts trafficto efficientlyspeed detection • Ixia can service chain in-line and out-of-band tools and forwards decrypted trafficto the tools that need to see it Encrypted Decrypted
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Leveraging Ixia CloudLens Deploying Security Analytics in the Cloud Public Cloud Private Cloud& Virtual Machines Security Analytics SecurityAnalytics Detect and respond to threats in publicand private cloud environments: • Install lightweight sensors within customer’s security constructs,inheriting privacyand compliance • Intelligent filtering • Containerizedor agent based options • Collect anypacket from any cloud
Case Studies
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Core banking financial database Authenticationover unencryptedprotocols “sa” user account used for internal maintenance Financial Database 26
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Government Agency – Asset Server 27
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Payment Card Terminals 28
Security Analytics Live Demonstration
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Symantec Security Analytics SEE ALL. KNOW MORE. RESPOND FASTER. THE SECURITY CAMERA & DVR FOR YOUR NETWORK Turning Complexity into Context DPI classification of over 2,800 applications and thousands of meta attributes On the wire, real-time visibility and analysis of data exfiltration & infiltration Security Context – including reputation, user and social personas, artifacts The ‘Black Box’ for incident response, forensics, root cause and impact analysis Records, classifies and indexes all packets and flows on high-speed networks Providing real-time analysis and full visibility of everything going in and out of your network 30
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY More on Security Analytics • Check out Security Analytics • Sample Risk & Visibility Report • Register for an ATA go.symantec.com/ata go.symantec.com/security-analytics
Questions ? Dennis Carpio Sr. DirectorBusiness Development; Ixia Karl Vogel World Wide Solution Architect,NetworkForensics & Malware Analysis; Symantec
Thank You!

Empfohlen

Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...centralohioissa
 
Symantec Data Loss Prevention- From Adoption to Maturity
Symantec Data Loss Prevention- From Adoption to MaturitySymantec Data Loss Prevention- From Adoption to Maturity
Symantec Data Loss Prevention- From Adoption to MaturitySymantec
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNcentralohioissa
 
Source Code Security the Symantec Way
Source Code Security the Symantec WaySource Code Security the Symantec Way
Source Code Security the Symantec WaySymantec
 
Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.Ricardo Resnik
 
Damballa automated breach defense june 2014
Damballa automated breach defense june 2014Damballa automated breach defense june 2014
Damballa automated breach defense june 2014Ricardo Resnik
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!centralohioissa
 
16231
1623116231
16231James Grant
 

Empfohlen

Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...centralohioissa
 
Symantec Data Loss Prevention- From Adoption to Maturity
Symantec Data Loss Prevention- From Adoption to MaturitySymantec Data Loss Prevention- From Adoption to Maturity
Symantec Data Loss Prevention- From Adoption to MaturitySymantec
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNcentralohioissa
 
Source Code Security the Symantec Way
Source Code Security the Symantec WaySource Code Security the Symantec Way
Source Code Security the Symantec WaySymantec
 
Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.Ricardo Resnik
 
Damballa automated breach defense june 2014
Damballa automated breach defense june 2014Damballa automated breach defense june 2014
Damballa automated breach defense june 2014Ricardo Resnik
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!centralohioissa
 
16231
1623116231
16231James Grant
 
The 2018 Threatscape
The 2018 ThreatscapeThe 2018 Threatscape
The 2018 ThreatscapePeter Wood
 
What We Learned as the First and Best Customer of Symantec ATP
What We Learned as the First and Best Customer of Symantec ATPWhat We Learned as the First and Best Customer of Symantec ATP
What We Learned as the First and Best Customer of Symantec ATPSymantec
 
Info Sec2007 End Point Final
Info Sec2007 End Point FinalInfo Sec2007 End Point Final
Info Sec2007 End Point FinalBen Rothke
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructureAnton Chuvakin
 
ISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryKevin Landale
 
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
Hexis Cyber Solutions: Rules of Engagement for Cyber Security AutomationHexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automationbarbara bogue
 
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardHow to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardEnergySec
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterSpanning Cloud Apps
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesLiberteks
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceEnergySec
 
Building Human Intelligence – Pun Intended
Building Human Intelligence – Pun IntendedBuilding Human Intelligence – Pun Intended
Building Human Intelligence – Pun IntendedEnergySec
 
GBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesGBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesKristin Helgeson
 
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...centralohioissa
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyVeriato
 
Achieving Compliance Through Security
Achieving Compliance Through SecurityAchieving Compliance Through Security
Achieving Compliance Through SecurityEnergySec
 
Prevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability ScannerPrevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability ScannerGFI Software
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...Kaspersky
 
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAPNIC
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk
 

Weitere ähnliche Inhalte

Was ist angesagt?

The 2018 Threatscape
The 2018 ThreatscapeThe 2018 Threatscape
The 2018 ThreatscapePeter Wood
 
What We Learned as the First and Best Customer of Symantec ATP
What We Learned as the First and Best Customer of Symantec ATPWhat We Learned as the First and Best Customer of Symantec ATP
What We Learned as the First and Best Customer of Symantec ATPSymantec
 
Info Sec2007 End Point Final
Info Sec2007 End Point FinalInfo Sec2007 End Point Final
Info Sec2007 End Point FinalBen Rothke
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructureAnton Chuvakin
 
ISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryKevin Landale
 
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
Hexis Cyber Solutions: Rules of Engagement for Cyber Security AutomationHexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automationbarbara bogue
 
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardHow to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardEnergySec
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterSpanning Cloud Apps
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesLiberteks
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceEnergySec
 
Building Human Intelligence – Pun Intended
Building Human Intelligence – Pun IntendedBuilding Human Intelligence – Pun Intended
Building Human Intelligence – Pun IntendedEnergySec
 
GBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesGBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesKristin Helgeson
 
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...centralohioissa
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyVeriato
 
Achieving Compliance Through Security
Achieving Compliance Through SecurityAchieving Compliance Through Security
Achieving Compliance Through SecurityEnergySec
 
Prevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability ScannerPrevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability ScannerGFI Software
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...Kaspersky
 
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAPNIC
 

Was ist angesagt? (19)

The 2018 Threatscape
The 2018 ThreatscapeThe 2018 Threatscape
The 2018 Threatscape
 
What We Learned as the First and Best Customer of Symantec ATP
What We Learned as the First and Best Customer of Symantec ATPWhat We Learned as the First and Best Customer of Symantec ATP
What We Learned as the First and Best Customer of Symantec ATP
 
Info Sec2007 End Point Final
Info Sec2007 End Point FinalInfo Sec2007 End Point Final
Info Sec2007 End Point Final
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructure
 
ISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryISM and its impact on Government Project Delivery
ISM and its impact on Government Project Delivery
 
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
Hexis Cyber Solutions: Rules of Engagement for Cyber Security AutomationHexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
 
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardHow to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware Disaster
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for Dummies
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
 
Building Human Intelligence – Pun Intended
Building Human Intelligence – Pun IntendedBuilding Human Intelligence – Pun Intended
Building Human Intelligence – Pun Intended
 
GBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesGBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headaches
 
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your Company
 
Achieving Compliance Through Security
Achieving Compliance Through SecurityAchieving Compliance Through Security
Achieving Compliance Through Security
 
Prevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability ScannerPrevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability Scanner
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
 
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security Checklist
 

Ähnlich wie Symantec Webinar | Security Analytics Breached! Next Generation Network Forensics for the Cloud

Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunk
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec
 
THE ESSENTIAL ELEMENT OF YOUR SECURITY
THE ESSENTIAL ELEMENT OF YOUR SECURITYTHE ESSENTIAL ELEMENT OF YOUR SECURITY
THE ESSENTIAL ELEMENT OF YOUR SECURITYETDAofficialRegist
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardEMC
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...Savvius, Inc
 
Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsCisco Canada
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations♟Sergej Epp
 
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptxLogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptxCNSHacking
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTSimone Onofri
 
Managing Network Security Monitoring at Large Scale with Puppet - PuppetConf ...
Managing Network Security Monitoring at Large Scale with Puppet - PuppetConf ...Managing Network Security Monitoring at Large Scale with Puppet - PuppetConf ...
Managing Network Security Monitoring at Large Scale with Puppet - PuppetConf ...Puppet
 
Symantec Portfolio - Sales Play
Symantec Portfolio - Sales PlaySymantec Portfolio - Sales Play
Symantec Portfolio - Sales PlayIftikhar Ali Iqbal
 
What's behind a cyber attack
What's behind a cyber attackWhat's behind a cyber attack
What's behind a cyber attackAndreanne Clarke
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
The Future of Software Security Assurance
The Future of Software Security AssuranceThe Future of Software Security Assurance
The Future of Software Security AssuranceRafal Los
 

Ähnlich wie Symantec Webinar | Security Analytics Breached! Next Generation Network Forensics for the Cloud (20)

Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout Session
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for Security
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
 
THE ESSENTIAL ELEMENT OF YOUR SECURITY
THE ESSENTIAL ELEMENT OF YOUR SECURITYTHE ESSENTIAL ELEMENT OF YOUR SECURITY
THE ESSENTIAL ELEMENT OF YOUR SECURITY
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber Resilience
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path Forward
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
 
Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced Threats
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations
 
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptxLogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
 
Managing Network Security Monitoring at Large Scale with Puppet - PuppetConf ...
Managing Network Security Monitoring at Large Scale with Puppet - PuppetConf ...Managing Network Security Monitoring at Large Scale with Puppet - PuppetConf ...
Managing Network Security Monitoring at Large Scale with Puppet - PuppetConf ...
 
Symantec Portfolio - Sales Play
Symantec Portfolio - Sales PlaySymantec Portfolio - Sales Play
Symantec Portfolio - Sales Play
 
What's behind a cyber attack
What's behind a cyber attackWhat's behind a cyber attack
What's behind a cyber attack
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
 
The Future of Software Security Assurance
The Future of Software Security AssuranceThe Future of Software Security Assurance
The Future of Software Security Assurance
 

Mehr von Symantec

Symantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec
 
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec
 
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec
 
Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec
 
GDPR Breach Notification Demystifying What the Regulators Want
GDPR Breach Notification Demystifying What the Regulators WantGDPR Breach Notification Demystifying What the Regulators Want
GDPR Breach Notification Demystifying What the Regulators WantSymantec
 
Symantec Internet Security Threat Report (ISTR) 23 Webinar
Symantec Internet Security Threat Report (ISTR) 23 WebinarSymantec Internet Security Threat Report (ISTR) 23 Webinar
Symantec Internet Security Threat Report (ISTR) 23 WebinarSymantec
 
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec
 

Mehr von Symantec (20)

Symantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of Broadcom
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
 
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
 
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own IT
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security Webinar
 
Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat Report
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat Report
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB Projects
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year On
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
 
GDPR Breach Notification Demystifying What the Regulators Want
GDPR Breach Notification Demystifying What the Regulators WantGDPR Breach Notification Demystifying What the Regulators Want
GDPR Breach Notification Demystifying What the Regulators Want
 
Symantec Internet Security Threat Report (ISTR) 23 Webinar
Symantec Internet Security Threat Report (ISTR) 23 WebinarSymantec Internet Security Threat Report (ISTR) 23 Webinar
Symantec Internet Security Threat Report (ISTR) 23 Webinar
 
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
 

Kürzlich hochgeladen

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 

Kürzlich hochgeladen (20)

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 

Symantec Webinar | Security Analytics Breached! Next Generation Network Forensics for the Cloud

  • 1. Breached! Next Generation Network Forensics for the Cloud Dennis Carpio Sr. DirectorBusiness Development; Ixia Karl Vogel World Wide Solution Architect,NetworkForensics & Malware Analysis; Symantec
  • 2. The Need for Network (and Cloud) Forensics
  • 3. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Online Gaming Company in Chaos The Need for Network Forensics – Painful Story 3 Had no way to confirm or deny… Concerns about brand and reputational impact… People and big $ thrown at the problem… Informed we may be the victim of a breach “Why can’t you prove if this happened or not”… Urgent, high-priority project spun up…
  • 4. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY The “Average” Enterprise 4 Cannot Quickly Detect or Accurately Assess Impact of an Incident TODAY’S REALITY RESOLUTION INCIDENT IDENTIFIED TIME TO DETECTION 197DAYS TIME TO RESPONSE 69 DAYS IBM2018 DataBreachStudy (conducted by Ponemon) BREACH • Damage occurring for over six months before detection • …and is not resolved for over two months after identified Average Breach Cost - $3.86M
  • 5. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Complete Answers for Focused Resolution Security Analytics 5 Security Analytics – System of Record Security Analytics doesn’t disrupt the Networking/IT department Records all traffic – 24/7 lossless packet capture (header and payload) – Days/weeks/months Massive Intelligence – Enriches with Symantec and 3rd party threat and reputation data Reconstructs All Evidence – Artifacts, flows, files, and activity in human-readable form At a minimum, organizations should capture 30 days’ of packet data. 60 days’ worth is even better.”
  • 6. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Incident Response Challenges What Net Ops Requires: “Don’t complicateour network and don’t slow it down!” Incident Response Challenge: “Existing tools leave information holes, an incomplete picture, and difficulty in determining the incident source and scope – increasing my time-to-resolution.” Working with a fragmented toolset increases workload and delays resolution Log and event- based investigations lack depth of data to quickly find source/scope Inability to recreate exact evidence leads to uncertainty and extended exposure Limited correlation betweendata, security intel and activity leads to undetected breaches 6
  • 7. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Incident Response Challenges 7 Working with a fragmented toolset increases workload and delays resolution
  • 8. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Insufficient for effective investigations Issue: Fragmented Tools and Limited Data 8 Incident Response Firewall saysit’s web traffic – from Gmail3 Firewall Proxy says URL was suspicious5 Proxy Endpointsays it was unknown7 Endpoint DLP says nothingwas leaked4 DLP Now capture a simple PCAP – Reactive – Too late8 Simple PCAP SIEM says this shouldbe investigated2 SIEM Uncertainty • Multiple disjointed stepsand productInterfaces • No smooth integrated workflow • No actualevidence and questions go unanswered • Time-consuming and costly IPS says no network threat6 IPS Sandbox sends alert – Malicious file!1 Sandbox
  • 9. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 1. Alert fromSIEMor other tool – Pivot into Security Analytics Alerts Dashboard (Open API) Smooth workflow and resolution Security Analytics – Deliver Integrated IR 9 Incident Response with Security Analytics 1 2 3 4 5 6 Open Security Analytics API Ticketing EDR SOAR Integrated Alerting Integrated Workflow Sandbox Firewall Endpoint 3rd party SIEM 2. Narrowed scope of investigation, eliminating noise – malicious file fromsandboxresults (CustomizableReports/Dashboard) 3. Determine reputation of file and the site sourcing the file (focused threat intel reports) 4. Trace rootcause and produceall associated artifacts – Web pages, files, executables, etc. (extractions & Root Cause Explorer) 5. Dive deeper/wider and see related activity (replay traffic, packet analyzer, geolocation, customreports) 6. With full source/scoperesolve with surgical precision 1 2 3 4 5 6
  • 10. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Incident Response Challenges 10 Working with a fragmented toolset increases workload and delays resolution Log and event- based investigations lack depth of data to quickly find source/scope
  • 11. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Unable to quickly investigate and identify source of breach Issue: Log & Event-based Tools Lack Depth 11 Basic Packet Capture Difficult to acquire and manage data from multiple sources No event reconstruction Can’t regenerate human-readable files No context of what happened before, during and after alert Full packet capture has been costly and reactive –it’s too late Simple capture is slow – can’t keepup with 10Gb+ Networks Difficult to navigate – linear searchof TBs of data Lacks enrichment using available threat intel
  • 12. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Global Intelligence Network PEScanner,jSUNPACK, Geolocation…more Symantec Content Analysis 24/7 enriched recording of all traffic Full Packet Capture = Deep Investigations 12 Data Capture, Enrichment, Retention Ensure you capture the breachbefore youknow youwere breached – 24/7 full packet recording Indexedandenriched packets improve search performance – massive reputationandthreat intel Retainwhat youneedfor long-term,retrospective analysis – Days,weeks, months of metadata and packet retention Replay specific trafficto support required workflow – specify timeframe,combine segments, throttle “Security Analytics gives us the abilityto lookat historical records…Nowwe can analyze what happened 15 minutes ago or 15 days ago…what led to a security alert,and what happened.”
  • 13. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Incident Response Challenges 13 Working with a fragmented toolset increases workload and delays resolution Log and event- based investigations lack depth of data to quickly find source/scope Inability to recreate exact evidence leads to uncertainty and extended exposure
  • 14. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Difficult to visualize actual artifacts– email, texts,html pages, PDF or .exe Creating timeline of network and file activity is a difficult and time-consuming Hard to answer “what happened, how, when, what was impacted?” Packet analysis requires special skills – It isn’t intuitive Evidence gathering is difficult and time-consuming Issue: Lack of Evidence Means Uncertainty 14 ?? Where’s the evidence.”
  • 15. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Real Evidence for Laser-focused Response Paint a Clear Picture of Any Attack 15 Evidence Discovery and Delivery Deliver human-readable evidence: Images Multimedia, Office,PDF, DLL,EXE,HTML, Java, FTP, email and more Know where yourtraffic is comingfrom - Identify traffic andvolume on mapand filterand alert ontraffic to suspect countries SEE what’s crossingyour network – View and analyze all images and audio files Save time finding the source – chaintogether HTTPreferrers .EXE .EXE You’ve made manyof the more time-consumingtasks as simple as pushinga button.”
  • 16. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Incident Response Challenges 16 Working with a fragmented toolset increases workload and delays resolution Log and event- based investigations lack depth of data to quickly find source/scope Inability to recreate exact evidence leads to uncertainty and extended exposure Limited correlation betweendata, security intel and activity leads to undetected breaches
  • 17. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY I need to now before negative effects Issue: Incident Response Isn’t Proactive 17 Recon Weaponization Delivery Exploitation Installation Command & Control Exfiltration Unknown files are either malicious or safe Sandboxingis manual and often too late to make a ruling I don’t know what unique threats are targeting my network? Without knowing“normal”activity,finding“abnormal” activityand targeted attacks is difficult – Too much noise I need proactive alerts to stop threats early in the “kill chain”? At the proactiveIR maturity level, unknown data(web pages, PDFs, email attachments, etc.)are also automaticallyinvestigated.
  • 18. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Reduce effort and respond faster Proactive Detection and Incident Response 18 Proactive Incident Response Customize Alerts Dashboardandreports to prioritize response Leverage Anomaly Detection: Establisha baseline of normal Observe and identify anomalies Automate additional analysis basedon indicators – alert,export to PCAP, send to sandbox, etc. Use Sandboxingto turn “unknown” files into knownsafe ormalicious 100’s of Pre-built Indicators Customize Your Own Know Abnormal … Find Evil Organizations need to understand their environmentand what constitutes normaland abnormal behavior”
  • 19. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Security Analytics – Architecture SA sits passively off the network. InOCIandAWSuses IXIA CloudLens to duplicate packets andsendcopies to SA Captures all network traffic(packet header/payload) Taps GIN andoutside threat intelligence to enrichpacket data Unknownfiles sent to Content Analysis/3rd party to Sandbox Alerts fromSAorother tools may trigger aninvestigation Incident response teamfinds source/scope ofattack,resolves Execute& Isolate SA CA GIN + 3rd Party Reputation SEP/ATP Virtual TAP 19
  • 21. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY End-to-End Monitoring Fabric (Data Center/Cloud/Edge) Intelligent Visibility Everywhere 21 Packet Capture Threat Intelligence Data Reconstruction Compliance Incident Response Data Center Cloud Edge SDN Industrial SecurityAnalytics NetworkVisibility • Powerful packetcapture,comprehensive forensicsrecording • Threat intelligence anddata enrichment • Acceleratedincidentresponse,deepinvestigation • Monitoring fabricfor data collectionand distribution • L2/7 filtering,advancedfeaturesforoptimizedconsumption • Real-time networktrafficintelligence andinsight
  • 22. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Offload Advanced Capabilities Security Monitoring Optimized by Ixia 22 Use features simultaneously,without packet loss! NetStack • 3 Stages of Filtering • Dynamic Filter Compiler • VLAN Tagging • Aggregation • Replication • Load Balancing PacketStack • Deduplication • Header Stripping • Protocol Trimming • Timestamping • Data Masking • NetFlow • GRE Tunneling • Burst Protection AppStack • Application Filtering • Optional RegEx filtering • Geolocation & Tagging • IxFlow • Data Masking+ • PCAP • Real-time Dashboard CloudLens • Data Collection • Auto Scaling • Filtering • Aggregation • Replication
  • 23. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY LeveragingIxia VisionOne NetworkPacket Brokersand NetworkTaps Deploying Security Analytics in the Data Center SSLv Security Analytics IDS Tool NPMTool Network Packet Broker Improvedetection capabilities into hidden threats: • Ixia collects trafficfrom multiple networksources,then aggregates and filters to the right monitoringtool • SSLv decrypts trafficto efficientlyspeed detection • Ixia can service chain in-line and out-of-band tools and forwards decrypted trafficto the tools that need to see it Encrypted Decrypted
  • 24. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Leveraging Ixia CloudLens Deploying Security Analytics in the Cloud Public Cloud Private Cloud& Virtual Machines Security Analytics SecurityAnalytics Detect and respond to threats in publicand private cloud environments: • Install lightweight sensors within customer’s security constructs,inheriting privacyand compliance • Intelligent filtering • Containerizedor agent based options • Collect anypacket from any cloud
  • 26. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Core banking financial database Authenticationover unencryptedprotocols “sa” user account used for internal maintenance Financial Database 26
  • 27. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Government Agency – Asset Server 27
  • 28. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Payment Card Terminals 28
  • 30. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Symantec Security Analytics SEE ALL. KNOW MORE. RESPOND FASTER. THE SECURITY CAMERA & DVR FOR YOUR NETWORK Turning Complexity into Context DPI classification of over 2,800 applications and thousands of meta attributes On the wire, real-time visibility and analysis of data exfiltration & infiltration Security Context – including reputation, user and social personas, artifacts The ‘Black Box’ for incident response, forensics, root cause and impact analysis Records, classifies and indexes all packets and flows on high-speed networks Providing real-time analysis and full visibility of everything going in and out of your network 30
  • 31. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY More on Security Analytics • Check out Security Analytics • Sample Risk & Visibility Report • Register for an ATA go.symantec.com/ata go.symantec.com/security-analytics
  • 32. Questions ? Dennis Carpio Sr. DirectorBusiness Development; Ixia Karl Vogel World Wide Solution Architect,NetworkForensics & Malware Analysis; Symantec