1 / 26

Boni Bruno, CISSP, CISM, CGEIT Technical Director

Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation. Boni Bruno, CISSP, CISM, CGEIT Technical Director. You Just Suffered a Major Security Breach!. 3 Questions Your IT Staff Better Answer in the First 8 Hours!!.

spiro
Download Presentation

Boni Bruno, CISSP, CISM, CGEIT Technical Director

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Decreasing Incident Response Time______________________________Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT Technical Director

  2. You Just Suffered a Major Security Breach! 3 Questions Your IT Staff Better Answer in the First 8 Hours!! Could Your Current SEM/SIEM Tools Cover You for this Security Breach?

  3. Security Incident Lifecycle Suspect Identify Mitigate Impact Permanent Protection Tools Fixed

  4. Security Incident Lifecycle Unique Event Can lead to repetitive events if not correctly identified…

  5. Security Incident Lifecycle

  6. Security Incident Lifecycle Faster Remediation Minimize Scope of Impact Reduced Frequency ID Root Cause

  7. Security Architecture • Current Security • Infrastructure: • • Firewall • • IDS/IPS • • DLP • End Point Security SIEM(Security Info & Event Mgmt) Events Event / Log Repository Alarm Packet Storage Full Content Repository Search & Analysis pcaps Packet Capture Event-driven “snippets” and/or ALL traffic recorded into a rolling buffer

  8. SIEM Integration via RESTful API

  9. Visibility & recording infrastructure for high-speed networks Endace provides 100% accurate network recording at 1Gbps to 100Gbps!!!

  10. Next-Generation EndaceDAG Overview Designed for data capture applications requiring 100% network data capture Three “Feature Bundles” Low Overhead Zero Loss Capture Hardware Time Stamps Global Clock SynchIn-Band MetadataClassification/filteringLoad Balancing Three ProductConfigurations

  11. Endace Network VisibilityInfrastructure EndaceProbe™ Intelligent Network Recorder EndaceFlow™ NetFlow Generator Appliance (NGA) Endace OpenHosting Platform (ODE) EndaceAccess™ Network Visibility Headend Hosting Platform for Monitoring Applications 8x1GbE or 4x10GbE Ports Up to 16 TB internal storage; Fibre Channel support for SAN High-Speed NetFlow Generation for 10GbE Networks 4x10GbE Ports High Performance Intelligent Network Recording Up to 64 TB storage Mix of 1 and 10GbE ports Network Visibility Headend Allows EndaceProbe INRs/ODE to scale to 40 and 100GbE NetFlow Generator:Generate unsampled netflows from 1GbE/10GbE links EndaceProbe:Provides 100% packet capture on 10Gb Ethernet links Endace ODE:Provide packets for hosted 3rd party applications EndaceAccess:Load-balances 40Gb/100Gb links across multiple INRs

  12. The Endace Probe Solution

  13. Monitoring and Recording Fabrics

  14. 100% Packet Capture means 100% Network Visibility

  15. Can you Pinpoint Microbursts Occurring on your Network?

  16. Can you Identify Applications Running on your Network?

  17. Can you Identify Traffic Changes Over Time?

  18. Can you see Conversations on the Network?

  19. Search through Packets in a Browser!

  20. 100Gbps Packet Capture…

  21. Time Synchronization

  22. NetFlow– The New Way!!!

  23. NetFlow– The New Way!!!

More Related