1 / 26

The Power of Lossless Packet Capture & Real-time Netflow SANS Tool Talk

The Power of Lossless Packet Capture & Real-time Netflow SANS Tool Talk. Boni Bruno, CISSP, CISM, CGEIT Technical Director. You Just Suffered a Major Security Breach!. 3 Questions Your IT Staff Better Answer in the First 8 Hours!!.

carver
Download Presentation

The Power of Lossless Packet Capture & Real-time Netflow SANS Tool Talk

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Power of Lossless Packet Capture & Real-time NetflowSANS Tool Talk Boni Bruno, CISSP, CISM, CGEIT Technical Director

  2. You Just Suffered a Major Security Breach! 3 Questions Your IT Staff Better Answer in the First 8 Hours!! Could Your Current SEM/SIEM Tools Cover You for this Security Breach?

  3. Visibility & recording infrastructure for high-speed networks Endace provides 100% accurate network recording at 1Gbps to 100Gbps!!!

  4. Next-Generation EndaceDAG Overview Designed for data capture applications requiring 100% network data capture Three “Feature Bundles” Low Overhead Zero Loss Capture Hardware Time Stamps Global Clock SynchIn-Band MetadataClassification/filteringLoad Balancing Three ProductConfigurations

  5. Endace Network VisibilityInfrastructure EndaceProbe™ Intelligent Network Recorder EndaceFlow™ NetFlow Generator Appliance (NGA) Endace OpenHosting Platform (ODE) EndaceAccess™ Network Visibility Headend Hosting Platform for Monitoring Applications 8x1GbE or 4x10GbE Ports Up to 16 TB internal storage; Fibre Channel support for SAN High-Speed NetFlow Generation for 10GbE Networks 4x10GbE Ports High Performance Intelligent Network Recording Up to 64 TB storage Mix of 1 and 10GbE ports Network Visibility Headend Allows EndaceProbe INRs/ODE to scale to 40 and 100GbE NetFlow Generator:Generate unsampled netflows from 1GbE/10GbE links EndaceProbe:Provides 100% packet capture on 10Gb Ethernet links Endace ODE:Provide packets for hosted 3rd party applications EndaceAccess:Load-balances 40Gb/100Gb links across multiple INRs

  6. The Endace Probe Solution

  7. Monitoring and Recording Fabrics

  8. 100% Packet Capture means 100% Network Visibility

  9. Can you Pinpoint Microbursts Occurring on your Network?

  10. Can you Identify Applications Running on your Network?

  11. Can you Identify Traffic Changes Over Time?

  12. Can you see Conversations on the Network?

  13. See Packets in a Browser!

  14. 100Gbps Packet Capture…

  15. Time Synchronization

  16. Security Architecture • Current Security • Infrastructure: • • Firewall • • IDS/IPS • • DLP • End Point Security SIEM(Security Info & Event Mgmt) Events Event / Log Repository Alarm Packet Storage Full Content Repository Search & Analysis pcaps Packet Capture Event-driven “snippets” and/or ALL traffic recorded into a rolling buffer

  17. SIEM Integration via RESTful API

  18. Netflow – The New Way!!!

  19. Netflow – The New Way!!!

  20. Security Incident Lifecycle Suspect Identify Mitigate Impact Permanent Protection Tools Fixed

  21. Security Incident Lifecycle Unique Event Can lead to repetitive events if not correctly identified…

  22. Security Incident Lifecycle

  23. Security Incident Lifecycle Faster Remediation Minimize Scope of Impact Reduced Frequency ID Root Cause

More Related