SlideShare une entreprise Scribd logo

SC Magazine eSymposium: SIEM

Emulex Corporation
Emulex Corporation

Deploying and managing security information and event management systems can tax the brain and budget. However, if done right, they can be a huge benefit to the overall security stance of an organization, providing insight into what's happening on the entire network and enabling security teams to focus on the most pressing priorities to make sure their organizations' infrastructures are safe and sound from attacks. We explore the many challenges and their remedies.

Technologie
1  sur  15
Télécharger pour lire hors ligne
What? Who? When? How network visualization can help you answer the difficult questions that arise from security breaches 2013 Emulex Corporation
You Just Suffered A Major Security Breach… Three questions that the IT staff will be asked in the first 8 hours: What Happened? Who Was Affected? When Will It Be Fixed? Could your current SEM/SEIM tools (or any of your tools) provide the answers if you were breached today? What Happened? Maybe… Who Was Affected? Possibly… When Will It Be Fixed? Probably not… 2 2013 Emulex Corporation
How Bad Is The Problem Today? July 2013 Gartner report: DDoS attacks are increasing in frequency and size. The number of attacks has increased by more than 20% in the last year, and attack throughput has reached 160 Gbps.1 More than 70 percent of operating data centers reported DDoS attacks this year (up dramatically from under a half last year). 2 More than a third experienced attacks that exceeded total available Internet connectivity, nearly double last year. 3 About 10 percent saw more than 100 attacks per month. 4 1 – “Leverage Your Network Design to Mitigate DDoS Attacks”, Gartner Report G00253330, 2013 2, 3, 4, Graph: Worldwide Infrastructure Security Report, Volume IX”, Arbor Networks, 2014 3 2013 Emulex Corporation
Like it or Not … Your prevention and detection tools will fail Network visibility tools provide a vital safety net against failure With history, you can understand and minimize the damage Think like you‟ve already been breached 4 2013 Emulex Corporation
Some Actual Customer Quotes “We live in triage mode. It takes too long to investigate the events we know about today. We‟re exposed.” “We‟re never quite sure if what we‟re looking at is real or not. It‟s paralyzing us. We‟re too scared to act.” “When it goes wrong, and it does go wrong, it‟s a PR train wreck and we need a way to contain the problem.” 5 2013 Emulex Corporation “There are known knowns; there are things we know that we know. There are known unknowns; that is to say, there are things that we now know we don't know. But there are also unknown unknowns – there are things we do not know we don‟t know.”
The Problem Is Not People or Tools - It is Data Security tools have made great strides in their ability to identify issues and threats – Use of “big data” analytics to identify unusual behaviors – Baselines, profiling also help BUT most critical breaches are “unknown unknowns” – – – – The tools are often being encountered for the first time The breachers are typically difficult/impossible to find “Guesswork” is nearly unavoidable Response times are measured in days, not hours How do we speed up the process? – The key is having the right data, and all of it – Network visibility tools that capture, record, and search network traffic can help by providing context and facts for breach analysis 6 2013 Emulex Corporation
Network “Alerting” Stack SIM/SEM/SEIM Core network infrastructure DDoS Detection Tools IDS NMS AA-NPM APM SNMP Alerts NetFlow Data LAN SN Firewalls (prevention) Core routers and switches (connectivity) SNMP and NetFlow don‟t provide enough data to diagnose critical breaches (“unknown unknowns”) 7 2013 Emulex Corporation
Network Visibility Stack SIM/SEM/SEIM Core network infrastructure DDoS Detection Tools IDS NMS AA-NPM APM Unsampled Packets + SNMP Alerts, NetFlows EndaceProbe Intelligent Network Recorders Network Packet Brokers (aggregation) Firewalls (prevention) Core routers and switches (connectivity) SNMP and NetFlow don‟t provide enough data to diagnose critical breaches (“unknown unknowns”) Network visibility tools add unsampled packets to the picture – 100% visibility of what occurred, and who was affected 8 2013 Emulex Corporation
Introducing Endace Part of Emulex product portfolio World leader in packet capture and network recording 10+ year history selling recording solutions to top tier customers – Government, HFT, telco & enterprise Global reputation for accuracy, scalability and performance 9 2013 Emulex Corporation
Intelligent Network Recorders 100% accurate traffic recording – 10 Gbps, scalable to 100 Gbps 64TB = 3 days storage at typical load – Options for longer duration Integrated network traffic search engine – Layer 7 awareness & alarming RESTful API for workflow integration Deployed at Internet gateways 10 2013 Emulex Corporation
Typical Network Visibility Fabric Deployments SecOps deployment monitoring both sides of the DMZ; record attacks, ID compromised data NetOps deployment monitoring north-south traffic; ID inbound/ outbound application issues NetOps deployment monitoring east-west traffic; ID internal application performance issues 11 2013 Emulex Corporation
Streamlining the Analyst Workflow Start with a SIM-generated security event Right click and „zoom-in‟ to the relevant traffic Instant clarity – is it real? Immediate productivity gains – Move out of triage mode 12 2013 Emulex Corporation
Our Approach to NPM/APM/SEM – Best of Breed APM App NPM App IDS App HFT App EndaceVision Network Search Engine with Fusion Connectors Endace Capture Appliance 10/40/100GbE Our approach enables tailored best-of-breed solutions – All tools share data from same secure location in datacenter – Automated workflow, “pivot to packets” speeds up issue resolution Lower investment while Increasing ROI – Only buy what you need – Plan and train staff on the tools that fit your situation best 13 2013 Emulex Corporation
Conclusions: The Business Value of Network Visibility Know Your Risks: Understand exactly what data was compromised in a breach so that effective remedial actions can be taken Unambiguous Forensics Trail: Have all of the data around an attack Ensure Corrective Actions Are Effective: Ability to “replay” attacks to verify that corrective actions have addressed the security issue Avoid Future Network Uptime Issues: Enable post-incident root cause analysis SecOps CapEx/OpEx Savings: Streamline toolsets to address your specific needs and to simplify NetOps/SecOps workflow ELIMINATE GUESSWORK ! 14 2013 Emulex Corporation
15 2013 Emulex Corporation

Recommandé

Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...centralohioissa
 
ISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryKevin Landale
 
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire
 
SolarWinds IT Security Survey - February 2013
SolarWinds IT Security Survey - February 2013SolarWinds IT Security Survey - February 2013
SolarWinds IT Security Survey - February 2013SolarWinds
 
Cybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already KnowCybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already Knowjxyz
 
Why Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum SecurityWhy Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum SecurityPriyanka Aash
 
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...North Texas Chapter of the ISSA
 

Recommandé

Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...centralohioissa
 
ISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryKevin Landale
 
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire
 
SolarWinds IT Security Survey - February 2013
SolarWinds IT Security Survey - February 2013SolarWinds IT Security Survey - February 2013
SolarWinds IT Security Survey - February 2013SolarWinds
 
Cybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already KnowCybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already Knowjxyz
 
Why Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum SecurityWhy Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum SecurityPriyanka Aash
 
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...North Texas Chapter of the ISSA
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Resilient Systems
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyEnergySec
 
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasBlack Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasTripwire
 
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseEnergySec
 
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNorth Texas Chapter of the ISSA
 
Cylance Protect-Next-Generation Antivirus-Overview
Cylance Protect-Next-Generation Antivirus-OverviewCylance Protect-Next-Generation Antivirus-Overview
Cylance Protect-Next-Generation Antivirus-OverviewInnovation Network Technologies: InNet
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNorth Texas Chapter of the ISSA
 
Proactive Measures to Mitigate Insider Threat
Proactive Measures to Mitigate Insider ThreatProactive Measures to Mitigate Insider Threat
Proactive Measures to Mitigate Insider ThreatPriyanka Aash
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And SecurityConstantine Karbaliotis
 
SOC 3.0: strategic threat intelligence May 2016
SOC 3.0: strategic threat intelligence May 2016SOC 3.0: strategic threat intelligence May 2016
SOC 3.0: strategic threat intelligence May 2016Sarah Bark
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsIBM Security
 
Info Sec2007 End Point Final
Info Sec2007 End Point FinalInfo Sec2007 End Point Final
Info Sec2007 End Point FinalBen Rothke
 
Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title) Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title) Coastal Pet Products, Inc.
 
IT security
IT securityIT security
IT securitySteven Aiello
 
APT & What we can do TODAY
APT & What we can do TODAYAPT & What we can do TODAY
APT & What we can do TODAYJames Ryan, CSyP, EA, PMP
 
Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain BGA Cyber Security
 
ComResource Agency Solutions
ComResource Agency SolutionsComResource Agency Solutions
ComResource Agency SolutionsAnthony Dials
 
Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergySec
 
Cyber Security for Digital-Era
Cyber Security for Digital-EraCyber Security for Digital-Era
Cyber Security for Digital-EraJK Tech
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityDaniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityEnergySec
 
vip_day_2._1130_cloud
vip_day_2._1130_cloudvip_day_2._1130_cloud
vip_day_2._1130_cloudNicholas Chia
 
The Top Ten Insider Threats And How To Prevent Them
The Top Ten Insider Threats And How To Prevent ThemThe Top Ten Insider Threats And How To Prevent Them
The Top Ten Insider Threats And How To Prevent ThemEnterprise Technology Management (ETM)
 

Contenu connexe

Tendances

Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Resilient Systems
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyEnergySec
 
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasBlack Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasTripwire
 
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseEnergySec
 
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNorth Texas Chapter of the ISSA
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNorth Texas Chapter of the ISSA
 
Proactive Measures to Mitigate Insider Threat
Proactive Measures to Mitigate Insider ThreatProactive Measures to Mitigate Insider Threat
Proactive Measures to Mitigate Insider ThreatPriyanka Aash
 
SOC 3.0: strategic threat intelligence May 2016
SOC 3.0: strategic threat intelligence May 2016SOC 3.0: strategic threat intelligence May 2016
SOC 3.0: strategic threat intelligence May 2016Sarah Bark
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsIBM Security
 
Info Sec2007 End Point Final
Info Sec2007 End Point FinalInfo Sec2007 End Point Final
Info Sec2007 End Point FinalBen Rothke
 
Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title) Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title) Coastal Pet Products, Inc.
 
Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain BGA Cyber Security
 
ComResource Agency Solutions
ComResource Agency SolutionsComResource Agency Solutions
ComResource Agency SolutionsAnthony Dials
 
Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergySec
 
Cyber Security for Digital-Era
Cyber Security for Digital-EraCyber Security for Digital-Era
Cyber Security for Digital-EraJK Tech
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityDaniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityEnergySec
 

Tendances (20)

Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, Anecdotally
 
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasBlack Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
 
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
 
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
 
Cylance Protect-Next-Generation Antivirus-Overview
Cylance Protect-Next-Generation Antivirus-OverviewCylance Protect-Next-Generation Antivirus-Overview
Cylance Protect-Next-Generation Antivirus-Overview
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
 
Proactive Measures to Mitigate Insider Threat
Proactive Measures to Mitigate Insider ThreatProactive Measures to Mitigate Insider Threat
Proactive Measures to Mitigate Insider Threat
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
 
SOC 3.0: strategic threat intelligence May 2016
SOC 3.0: strategic threat intelligence May 2016SOC 3.0: strategic threat intelligence May 2016
SOC 3.0: strategic threat intelligence May 2016
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
 
Info Sec2007 End Point Final
Info Sec2007 End Point FinalInfo Sec2007 End Point Final
Info Sec2007 End Point Final
 
Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title) Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title)
 
IT security
IT securityIT security
IT security
 
APT & What we can do TODAY
APT & What we can do TODAYAPT & What we can do TODAY
APT & What we can do TODAY
 
Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain
 
ComResource Agency Solutions
ComResource Agency SolutionsComResource Agency Solutions
ComResource Agency Solutions
 
Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber Resiliency
 
Cyber Security for Digital-Era
Cyber Security for Digital-EraCyber Security for Digital-Era
Cyber Security for Digital-Era
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityDaniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
 

Similaire à SC Magazine eSymposium: SIEM

vip_day_2._1130_cloud
vip_day_2._1130_cloudvip_day_2._1130_cloud
vip_day_2._1130_cloudNicholas Chia
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructureAnton Chuvakin
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
 
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAPNIC
 
Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...Barry Greene
 
Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network Security
Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network SecurityWhitepaper- User Behavior-Based Anomaly Detection for Cyber Network Security
Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network SecurityHappiest Minds Technologies
 
Damballa automated breach defense june 2014
Damballa automated breach defense june 2014Damballa automated breach defense june 2014
Damballa automated breach defense june 2014Ricardo Resnik
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsFrederic Roy-Gobeil, CPA, CGA, M.Tax.
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
Cyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David BundoCyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David Bundohdbundo
 
Using Network Recording and Search to Improve IT Service Delivery
Using Network Recording and Search to Improve IT Service DeliveryUsing Network Recording and Search to Improve IT Service Delivery
Using Network Recording and Search to Improve IT Service DeliveryEmulex Corporation
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationKen Flott
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security WebinarAVEVA
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with aiBurhan Ahmed
 

Similaire à SC Magazine eSymposium: SIEM (20)

vip_day_2._1130_cloud
vip_day_2._1130_cloudvip_day_2._1130_cloud
vip_day_2._1130_cloud
 
The Top Ten Insider Threats And How To Prevent Them
The Top Ten Insider Threats And How To Prevent ThemThe Top Ten Insider Threats And How To Prevent Them
The Top Ten Insider Threats And How To Prevent Them
 
Big Data Dectives
Big Data DectivesBig Data Dectives
Big Data Dectives
 
Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AI
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructure
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
 
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security Checklist
 
Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...
 
Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network Security
Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network SecurityWhitepaper- User Behavior-Based Anomaly Detection for Cyber Network Security
Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network Security
 
Damballa automated breach defense june 2014
Damballa automated breach defense june 2014Damballa automated breach defense june 2014
Damballa automated breach defense june 2014
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of Things
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
 
Cyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David BundoCyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David Bundo
 
Using Network Recording and Search to Improve IT Service Delivery
Using Network Recording and Search to Improve IT Service DeliveryUsing Network Recording and Search to Improve IT Service Delivery
Using Network Recording and Search to Improve IT Service Delivery
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security Webinar
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with ai
 

Plus de Emulex Corporation

Acronym Soup – NFV, SDN, OVN and VNF
Acronym Soup – NFV, SDN, OVN and VNFAcronym Soup – NFV, SDN, OVN and VNF
Acronym Soup – NFV, SDN, OVN and VNFEmulex Corporation
 
Improving Incident Response: Building a More Efficient IT Infrastructure
Improving Incident Response: Building a More Efficient IT InfrastructureImproving Incident Response: Building a More Efficient IT Infrastructure
Improving Incident Response: Building a More Efficient IT InfrastructureEmulex Corporation
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsEmulex Corporation
 
Network Forensics for Splunk, an Emulex presentation
Network Forensics for Splunk, an Emulex presentationNetwork Forensics for Splunk, an Emulex presentation
Network Forensics for Splunk, an Emulex presentationEmulex Corporation
 
Using NetFlow to Improve Network Visibility and Application Performance
Using NetFlow to Improve Network Visibility and Application PerformanceUsing NetFlow to Improve Network Visibility and Application Performance
Using NetFlow to Improve Network Visibility and Application PerformanceEmulex Corporation
 
Introducing Endace Packets - EndaceVision™ with Protocol Decodes
Introducing Endace Packets - EndaceVision™ with Protocol DecodesIntroducing Endace Packets - EndaceVision™ with Protocol Decodes
Introducing Endace Packets - EndaceVision™ with Protocol DecodesEmulex Corporation
 
Linked in Twitter Facebook Google+ Email Embed Share Flash Across Virtualized...
Linked in Twitter Facebook Google+ Email Embed Share Flash Across Virtualized...Linked in Twitter Facebook Google+ Email Embed Share Flash Across Virtualized...
Linked in Twitter Facebook Google+ Email Embed Share Flash Across Virtualized...Emulex Corporation
 
Tap DANZing - Arista Networks Redefining the Cost of Accessing Network Traffic
Tap DANZing - Arista Networks Redefining the Cost of Accessing Network TrafficTap DANZing - Arista Networks Redefining the Cost of Accessing Network Traffic
Tap DANZing - Arista Networks Redefining the Cost of Accessing Network TrafficEmulex Corporation
 
First Look Webcast: OneCore Storage SDK 3.6 Roll-out and Walkthrough
First Look Webcast: OneCore Storage SDK 3.6 Roll-out and WalkthroughFirst Look Webcast: OneCore Storage SDK 3.6 Roll-out and Walkthrough
First Look Webcast: OneCore Storage SDK 3.6 Roll-out and WalkthroughEmulex Corporation
 
Why I/O is Strategic for Convergence - with 451 Research
Why I/O is Strategic for Convergence - with 451 ResearchWhy I/O is Strategic for Convergence - with 451 Research
Why I/O is Strategic for Convergence - with 451 ResearchEmulex Corporation
 
Emulex and the Evaluator Group Present Why I/O is Strategic for Big Data
Emulex and the Evaluator Group Present Why I/O is Strategic for Big Data Emulex and the Evaluator Group Present Why I/O is Strategic for Big Data
Emulex and the Evaluator Group Present Why I/O is Strategic for Big Data Emulex Corporation
 
Emulex and IDC Present Why I/O is Strategic for the Cloud
Emulex and IDC Present Why I/O is Strategic for the Cloud Emulex and IDC Present Why I/O is Strategic for the Cloud
Emulex and IDC Present Why I/O is Strategic for the Cloud Emulex Corporation
 
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...Emulex Corporation
 
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...Emulex Corporation
 
Emulex and Enterprise Strategy Group Present Why I/O is Strategic for Virtual...
Emulex and Enterprise Strategy Group Present Why I/O is Strategic for Virtual...Emulex and Enterprise Strategy Group Present Why I/O is Strategic for Virtual...
Emulex and Enterprise Strategy Group Present Why I/O is Strategic for Virtual...Emulex Corporation
 
Introducing OneCommand Vision 3.0, I/O management that gives your application...
Introducing OneCommand Vision 3.0, I/O management that gives your application...Introducing OneCommand Vision 3.0, I/O management that gives your application...
Introducing OneCommand Vision 3.0, I/O management that gives your application...Emulex Corporation
 
Emulex Presents Why I/O is Strategic Global Survey Results
Emulex Presents Why I/O is Strategic Global Survey ResultsEmulex Presents Why I/O is Strategic Global Survey Results
Emulex Presents Why I/O is Strategic Global Survey ResultsEmulex Corporation
 
Integrating and Optimizing Suricata with FastStack™ Sniffer10G™
Integrating and Optimizing Suricata with FastStack™ Sniffer10G™Integrating and Optimizing Suricata with FastStack™ Sniffer10G™
Integrating and Optimizing Suricata with FastStack™ Sniffer10G™Emulex Corporation
 
Optimizing Performance of your Oracle Database using 8Gb Fibre Channel
Optimizing Performance of your Oracle Database using 8Gb Fibre ChannelOptimizing Performance of your Oracle Database using 8Gb Fibre Channel
Optimizing Performance of your Oracle Database using 8Gb Fibre ChannelEmulex Corporation
 

Plus de Emulex Corporation (20)

Acronym Soup – NFV, SDN, OVN and VNF
Acronym Soup – NFV, SDN, OVN and VNFAcronym Soup – NFV, SDN, OVN and VNF
Acronym Soup – NFV, SDN, OVN and VNF
 
Improving Incident Response: Building a More Efficient IT Infrastructure
Improving Incident Response: Building a More Efficient IT InfrastructureImproving Incident Response: Building a More Efficient IT Infrastructure
Improving Incident Response: Building a More Efficient IT Infrastructure
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
 
Network Forensics for Splunk, an Emulex presentation
Network Forensics for Splunk, an Emulex presentationNetwork Forensics for Splunk, an Emulex presentation
Network Forensics for Splunk, an Emulex presentation
 
Using NetFlow to Improve Network Visibility and Application Performance
Using NetFlow to Improve Network Visibility and Application PerformanceUsing NetFlow to Improve Network Visibility and Application Performance
Using NetFlow to Improve Network Visibility and Application Performance
 
The Great IT Migration
The Great IT MigrationThe Great IT Migration
The Great IT Migration
 
Introducing Endace Packets - EndaceVision™ with Protocol Decodes
Introducing Endace Packets - EndaceVision™ with Protocol DecodesIntroducing Endace Packets - EndaceVision™ with Protocol Decodes
Introducing Endace Packets - EndaceVision™ with Protocol Decodes
 
Linked in Twitter Facebook Google+ Email Embed Share Flash Across Virtualized...
Linked in Twitter Facebook Google+ Email Embed Share Flash Across Virtualized...Linked in Twitter Facebook Google+ Email Embed Share Flash Across Virtualized...
Linked in Twitter Facebook Google+ Email Embed Share Flash Across Virtualized...
 
Tap DANZing - Arista Networks Redefining the Cost of Accessing Network Traffic
Tap DANZing - Arista Networks Redefining the Cost of Accessing Network TrafficTap DANZing - Arista Networks Redefining the Cost of Accessing Network Traffic
Tap DANZing - Arista Networks Redefining the Cost of Accessing Network Traffic
 
First Look Webcast: OneCore Storage SDK 3.6 Roll-out and Walkthrough
First Look Webcast: OneCore Storage SDK 3.6 Roll-out and WalkthroughFirst Look Webcast: OneCore Storage SDK 3.6 Roll-out and Walkthrough
First Look Webcast: OneCore Storage SDK 3.6 Roll-out and Walkthrough
 
Why I/O is Strategic for Convergence - with 451 Research
Why I/O is Strategic for Convergence - with 451 ResearchWhy I/O is Strategic for Convergence - with 451 Research
Why I/O is Strategic for Convergence - with 451 Research
 
Emulex and the Evaluator Group Present Why I/O is Strategic for Big Data
Emulex and the Evaluator Group Present Why I/O is Strategic for Big Data Emulex and the Evaluator Group Present Why I/O is Strategic for Big Data
Emulex and the Evaluator Group Present Why I/O is Strategic for Big Data
 
Emulex and IDC Present Why I/O is Strategic for the Cloud
Emulex and IDC Present Why I/O is Strategic for the Cloud Emulex and IDC Present Why I/O is Strategic for the Cloud
Emulex and IDC Present Why I/O is Strategic for the Cloud
 
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
 
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
 
Emulex and Enterprise Strategy Group Present Why I/O is Strategic for Virtual...
Emulex and Enterprise Strategy Group Present Why I/O is Strategic for Virtual...Emulex and Enterprise Strategy Group Present Why I/O is Strategic for Virtual...
Emulex and Enterprise Strategy Group Present Why I/O is Strategic for Virtual...
 
Introducing OneCommand Vision 3.0, I/O management that gives your application...
Introducing OneCommand Vision 3.0, I/O management that gives your application...Introducing OneCommand Vision 3.0, I/O management that gives your application...
Introducing OneCommand Vision 3.0, I/O management that gives your application...
 
Emulex Presents Why I/O is Strategic Global Survey Results
Emulex Presents Why I/O is Strategic Global Survey ResultsEmulex Presents Why I/O is Strategic Global Survey Results
Emulex Presents Why I/O is Strategic Global Survey Results
 
Integrating and Optimizing Suricata with FastStack™ Sniffer10G™
Integrating and Optimizing Suricata with FastStack™ Sniffer10G™Integrating and Optimizing Suricata with FastStack™ Sniffer10G™
Integrating and Optimizing Suricata with FastStack™ Sniffer10G™
 
Optimizing Performance of your Oracle Database using 8Gb Fibre Channel
Optimizing Performance of your Oracle Database using 8Gb Fibre ChannelOptimizing Performance of your Oracle Database using 8Gb Fibre Channel
Optimizing Performance of your Oracle Database using 8Gb Fibre Channel
 

Dernier

Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 

Dernier (20)

Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 

SC Magazine eSymposium: SIEM

  • 1. What? Who? When? How network visualization can help you answer the difficult questions that arise from security breaches 2013 Emulex Corporation
  • 2. You Just Suffered A Major Security Breach… Three questions that the IT staff will be asked in the first 8 hours: What Happened? Who Was Affected? When Will It Be Fixed? Could your current SEM/SEIM tools (or any of your tools) provide the answers if you were breached today? What Happened? Maybe… Who Was Affected? Possibly… When Will It Be Fixed? Probably not… 2 2013 Emulex Corporation
  • 3. How Bad Is The Problem Today? July 2013 Gartner report: DDoS attacks are increasing in frequency and size. The number of attacks has increased by more than 20% in the last year, and attack throughput has reached 160 Gbps.1 More than 70 percent of operating data centers reported DDoS attacks this year (up dramatically from under a half last year). 2 More than a third experienced attacks that exceeded total available Internet connectivity, nearly double last year. 3 About 10 percent saw more than 100 attacks per month. 4 1 – “Leverage Your Network Design to Mitigate DDoS Attacks”, Gartner Report G00253330, 2013 2, 3, 4, Graph: Worldwide Infrastructure Security Report, Volume IX”, Arbor Networks, 2014 3 2013 Emulex Corporation
  • 4. Like it or Not … Your prevention and detection tools will fail Network visibility tools provide a vital safety net against failure With history, you can understand and minimize the damage Think like you‟ve already been breached 4 2013 Emulex Corporation
  • 5. Some Actual Customer Quotes “We live in triage mode. It takes too long to investigate the events we know about today. We‟re exposed.” “We‟re never quite sure if what we‟re looking at is real or not. It‟s paralyzing us. We‟re too scared to act.” “When it goes wrong, and it does go wrong, it‟s a PR train wreck and we need a way to contain the problem.” 5 2013 Emulex Corporation “There are known knowns; there are things we know that we know. There are known unknowns; that is to say, there are things that we now know we don't know. But there are also unknown unknowns – there are things we do not know we don‟t know.”
  • 6. The Problem Is Not People or Tools - It is Data Security tools have made great strides in their ability to identify issues and threats – Use of “big data” analytics to identify unusual behaviors – Baselines, profiling also help BUT most critical breaches are “unknown unknowns” – – – – The tools are often being encountered for the first time The breachers are typically difficult/impossible to find “Guesswork” is nearly unavoidable Response times are measured in days, not hours How do we speed up the process? – The key is having the right data, and all of it – Network visibility tools that capture, record, and search network traffic can help by providing context and facts for breach analysis 6 2013 Emulex Corporation
  • 7. Network “Alerting” Stack SIM/SEM/SEIM Core network infrastructure DDoS Detection Tools IDS NMS AA-NPM APM SNMP Alerts NetFlow Data LAN SN Firewalls (prevention) Core routers and switches (connectivity) SNMP and NetFlow don‟t provide enough data to diagnose critical breaches (“unknown unknowns”) 7 2013 Emulex Corporation
  • 8. Network Visibility Stack SIM/SEM/SEIM Core network infrastructure DDoS Detection Tools IDS NMS AA-NPM APM Unsampled Packets + SNMP Alerts, NetFlows EndaceProbe Intelligent Network Recorders Network Packet Brokers (aggregation) Firewalls (prevention) Core routers and switches (connectivity) SNMP and NetFlow don‟t provide enough data to diagnose critical breaches (“unknown unknowns”) Network visibility tools add unsampled packets to the picture – 100% visibility of what occurred, and who was affected 8 2013 Emulex Corporation
  • 9. Introducing Endace Part of Emulex product portfolio World leader in packet capture and network recording 10+ year history selling recording solutions to top tier customers – Government, HFT, telco & enterprise Global reputation for accuracy, scalability and performance 9 2013 Emulex Corporation
  • 10. Intelligent Network Recorders 100% accurate traffic recording – 10 Gbps, scalable to 100 Gbps 64TB = 3 days storage at typical load – Options for longer duration Integrated network traffic search engine – Layer 7 awareness & alarming RESTful API for workflow integration Deployed at Internet gateways 10 2013 Emulex Corporation
  • 11. Typical Network Visibility Fabric Deployments SecOps deployment monitoring both sides of the DMZ; record attacks, ID compromised data NetOps deployment monitoring north-south traffic; ID inbound/ outbound application issues NetOps deployment monitoring east-west traffic; ID internal application performance issues 11 2013 Emulex Corporation
  • 12. Streamlining the Analyst Workflow Start with a SIM-generated security event Right click and „zoom-in‟ to the relevant traffic Instant clarity – is it real? Immediate productivity gains – Move out of triage mode 12 2013 Emulex Corporation
  • 13. Our Approach to NPM/APM/SEM – Best of Breed APM App NPM App IDS App HFT App EndaceVision Network Search Engine with Fusion Connectors Endace Capture Appliance 10/40/100GbE Our approach enables tailored best-of-breed solutions – All tools share data from same secure location in datacenter – Automated workflow, “pivot to packets” speeds up issue resolution Lower investment while Increasing ROI – Only buy what you need – Plan and train staff on the tools that fit your situation best 13 2013 Emulex Corporation
  • 14. Conclusions: The Business Value of Network Visibility Know Your Risks: Understand exactly what data was compromised in a breach so that effective remedial actions can be taken Unambiguous Forensics Trail: Have all of the data around an attack Ensure Corrective Actions Are Effective: Ability to “replay” attacks to verify that corrective actions have addressed the security issue Avoid Future Network Uptime Issues: Enable post-incident root cause analysis SecOps CapEx/OpEx Savings: Streamline toolsets to address your specific needs and to simplify NetOps/SecOps workflow ELIMINATE GUESSWORK ! 14 2013 Emulex Corporation

Notes de l'éditeur

  1. Sissor
  2. This chart shows the three places where network visibility tools are typically deployed:SecOps typically deploys network visibility tools on either side of the enterprise firewall. This provides visibility into what is hitting the network, what is getting into the enterprise, and what is going out of the enterprise.One NetOps typical deployment is at the core or aggregation level of the network. This provides visibility for north-south traffic, and is critical for content delivery and e-commerce scenarios. The other typical NetOps deployment is at the top-of-rack for critical servers, given visibility into east-west traffic.All three of these can be combined through a Network Packet Broker (NPB) infrastructure to provide flexible visibility into critical points of the network without requiring dedicated probes or netflow generators.
  3. EndaceVision gives traffic level view of an event based on a 5 tuple filter (time, IP address etc)Traffic level view required for validation (is it a false postive?) enabling them to be sure before they actHelps make informed decisions about actions and activities.
  4. One of the biggest differentiators for our visualization tools comes from our partnership with a variety of best-in-breed network packet broker (NPB), Network Performance Management (NPM), Application Performance Management (APM), and Security Event Management (SEM) tool vendors. We have names these partnerships the Endace Fusion Alliance. The Endace Fusion Alliance enables customers to build NPM/APM/SEM suites that meet their exact needs, and is in contrast to integrated tools, which force customers to buy tools that they may or may not need. The benefit to customers of this best-in-breed approach is lower CapEx (less tools and recording hardware to buy) and lower OpEx (less training, quicker time to resolution of network issues). This also provides channel partners with additional opportunities to integrate custom suites of tools together for customers, increasing their “share of wallet”.