INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS
|
|
- George Goodman
- 8 years ago
- Views:
Transcription
1 WHITE PAPER INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS Network administrators and security teams can gain valuable insight into network health in real-time by capturing, aggregating and analyzing session flow details from around the network. 3Com s Intelligent Management Center (IMC) centralized network platform provides the intelligent collection, analysis and reporting services that maximize the insight that can be gleaned from flow data to circumvent issues, ensure quality of service (QoS) and expedite remediation. Introduction: What is a flow and what does it show? Networking equipment, including switches, routers and firewalls, are designed to handle enormous amounts of information in individual IP packets. While network infrastructure components can process these packets very efficiently, most network administrators and security teams are easily overwhelmed by trying to sort out what is really going on in their network by understanding packet-level details. For real network status, a much more useful way of correlating and analyzing network traffic events is to look at traffic flows, rather than at packet-level details. A network flow is essentially an entire session between a particular client and host (or any two network nodes) for a particular service or application, using a particular protocol, over an extended period of time. More specifically, a flow is defined as a series of packets between two systems that have virtually identical packet headers: IP source and destination addresses, source and destination ports, protocol, interface, and type of service. Flow data is commonly produced by routers, Layer 3 switches, and many other devices. In fact, the data is already being produced by your network the challenge is collecting, aggregating and analyzing flow data so it can become a valuable asset for your network management efforts. The H3C Intelligent Management Center (IMC) plays a pivotal role in making this a reality. Since a flow represents a particular network conversation consisting of potentially many thousands of packets, a network admin can look at flow statistics and frequently get more insight into what is happening in the network without being overwhelmed with a seemingly infinite amount of data. If a particular flow or a series of flows looks abnormal, the admin can drill down into the packet details as needed, with the flow data providing a mechanism for focusing a more detailed analysis towards suspicious areas. Typically, however, flow data can provide much more insight into network health status and operations in a much more intuitive fashion that can expedite remediation efforts. By correlating port and protocol statistics for individual sessions, flow data can also provide visibility to application activity to detect compliance breaches and implement QoS policies in the network.
2 2 INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS Figure- IMC can graphically display enterprisewide traffic statistics and analysis to quickly identify anomalies, suspicious behavior and security breaches based on data provided from the SecBlade NetStream module. Comparing NetFlow, sflow and NetStream data The flow data produced by networks generally comes in one of three common formats: NetFlow, sflow and NetStream. Standardization around these formats makes it possible for routers and switches to send their flow data to a wide variety of collectors and analysis tools, and to be combined with flows in multi-vendor networks for wider analysis. Flow data has now become an important part of network scalability and performance, particularly in busy router cores and edge devices that handle a large number of concurrent, short-duration flows. NetFlow is the oldest of the flow formats. It originally served as a caching algorithm in network devices, which helped optimize network efficiency. Since this data was already being collected, it made sense to eventually export it for analysis and reporting purposes, which could be done without much additional overhead to the network device. NetFlow has spawned various iterations it is now up to version 9 as well as similar formats that have been optimized for different purposes and processing. sflow was created as a standard in 2001 for high-speed networks based on sampled data rates, rather than 100 percent packet capture. Because it was developed exclusively as a monitoring technology, rather than NetFlow s initial design as a caching technology, sflow tends to be more scalable and can provide more detailed statistics on all layers L2-7 throughout the network. As a result, it has gained wide acceptance from network vendors. NetStream, a flow format created by 3Com for its H3C enterprise networking products, includes additional flow details and is compatible with NetFlow analysis tools. IMC, as the collection and analysis engine, can handle flow data in all of these formats from a wide range of devices from many manufacturers in order to provide network-wide visibility. Additionally, a new IETF standard based on the latest version of NetFlow and called IPFIX (IP Flow Information export) is emerging. IPFIX enables custom fields to be included in the flow format data, making the protocol flexible enough to accommodate future improvements, such as information that could facilitate measurement, accounting or billing of network usage. IPFIX and the most recent versions of NetStream and NetFlow are also suitable for IPv6 and other advanced protocols.
3 3 INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS Managing the Collection and Aggregation of Flow Data in Large Networks The number of flow types, differences between vendors, and the selection of a particular format shouldn t be a concern to enterprises, as long as they choose an aggregation and analysis system that can bring the information together from a wide range of network devices. IMC, for example, as the control center for enterprise-wide flow data, can collect and analyze all of the commercially available flow formats, including NetFlow, sflow, NetStream and IPFIX. As previously mentioned, these formats are similar, and reflect mainly specifics in the router and/or switch and what type of data they generate. Individual network devices are less flexible in what they produce in order to reduce overhead in generating flow data but IMC can collect and merge all of the commonly produced formats. The analysis process begins with the flow data generation in the network device. At this point, all of the individual packet information is already assembled into flows. As the flows expire in the network, they are exported to a collector along with the pertinent statistics for each flow. Each router or switch determines if an individual data packet should create a new flow or be added to an existing flow. These network devices use various algorithms to expire the flows based on timing and how they are terminated. Not all switches and routers can generate flows. If a particular network node requires flow analysis but doesn t generate flow data, it is possible to add network flow probes in-line with the network device, or more likely to collect the same data off a span port. In the case of select 3Com/H3C network devices, customers can add a NetStream monitoring module to the chassis; this serves to both generate flow data and collect data. Offloading flow tasks onto the module s separate processor can also improve device performance. Figure- IMC can graphically display enterprise-wide traffic statistics and analysis to quickly identify anomalies, suspicious behavior and security breaches based on data provided from the SecBlade NetStream module.
4 4 INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS Mining Flow Data to Detect Security Breaches Most network administrators rely on some combination of firewalls, IPS systems, spam filters or anti-virus system to detect and block security breaches. Flow data serves as an excellent complement to these systems, especially against zero-day attacks and many sophisticated worms and botnets. Flow analysis can also provide an additional means of protection to detect firewalls that are poorly configured and passing unintended traffic. Flow analyzers can provide such valuable insight to administrators because they are looking at data that has already been correlated. Firewalls and IPS systems are analyzing individual packets and enforcing security policies, but flow data can detect anomalies over longer periods of time. Behavioral anomalies indicative of worm propagation, denial of service (DoS) attacks and the like may only be detected over an extended period by analyzing many flows, not individual packets. Flow data is particularly useful for detecting worm propagation. Since we know that worm-infected systems attempt to spread to other hosts through specific ports on other hosts, and that they have virtually no prior knowledge of the networks they are on, they have to perform broad network scans looking for vulnerabilities that they are capable of exploiting. These blind scans tend to generate legitimate packets for service requests, but generate a high number of abnormally terminated flows indicative of the worm s random probes. The worm will send a SYN packet to attempt to find an appropriate host, and many hosts will reply with RST/ACK to acknowledge the request but deny the inappropriate connection. A flow analyzer showing a higher than normal percentage of flows terminating in this manner or an increasing number of particularly short-lived flows from a particular host could be the telltale sign that the host has been infected. If this is a zero-day threat for which anti-malware signatures have not been released, it may be unlikely that the IPS or antivirus system would detect this attack early enough to prevent infection. Among other attributes, the flow data should also be able to correlate quickly, exactly what ports this abnormal pattern was specific to, providing highly relevant information to analyze and diagnose the threat vectors, better diagnose infection and shore up other vulnerable systems in the future. Flow information can quickly identify spam, including spam generated internally by bot-infected hosts that could leave an organization blacklisted or worse. Acceleration in the rate of SMTP traffic from an unlikely host, or at an abnormal hour of the day, could signal a compromised host or at least pinpoint where further analysis would be warranted. Admittedly, with flow analysis, you lose the ability to perform deep packet inspection to look for tell-tale signatures of infection. Yet, this is exactly why flow data is an excellent complement to IPS systems such as Tipping Point, which blocks in real-time the threats it identifies. Flow data will highlight the network abnormalities that only expose themselves over extended periods of time when correlated with a high degree of traffic from many devices around the network.
5 5 INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS Detecting Applications and Ensuring Quality of Service with Flow Data Management and implementation of network QoS policies have become increasingly important and is one of the most challenging tasks for network architects. QoS can ensure sufficient bandwidth for high-priority application traffic, or guaranteed service levels for customers and applications that share a common network. Again, flow data analysis can greatly simplify policy design and validation. Since a flow is characterized by a single application between hosts, it is the optimum level of granularity at which to analyze network traffic and begin assigning policies. Among the information captured in the flow data are the port number and the protocol used for the flow session; this information can usually be mapped to a specific application being used in the transaction between hosts. The first step toward ensuring QoS policies is to understand the applications that are currently running on the network and establishing a baseline profile. IMC can certainly help with this traffic profiling, as well as assign discovered applications to policy groups. Enterprises may wish to assign highest priority for precious bandwidth to VoIP applications, missioncritical database applications or data center applications. Conversely, your QoS policy could reduce priority for video, Web traffic or peer-to-peer (P2P) applications as needed. By analyzing flow data in IMC, you can establish exactly how prevalent these applications are, where they are consuming bandwidth in the network and where policy adjustments are most required. IMC can also help verify QoS is implemented properly in the network. Since each router has to make its own decision about QoS, inconsistent router configurations can lead to unintended consequences. IMC can help ensure the desired QoS policies are deployed consistently through each hop of the network. Figure IMC gives tremendous insight into application usage on the network; this can be used to detect policy violations and make QoS decisions. In this chart, the amount of traffic for each of the identified applications is displayed in tabular form sorted by application as well as by graphical display of bandwidth usage compared to overall network traffic. In this case, the majority of the traffic is http (Web) application use.
6 6 INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS Improve Compliance and Network Health from the IMC Console Analyzing flow data, even though packet level details have already been greatly correlated and simplified, can still be a tedious and puzzling task. Much less so with IMC. IMC enables administrators to create customized reports, analytical queries, define data views and quickly highlight where anomalous behavior is originating. The first task IMC performs is to create a baseline of normal behavior that can be used to identify anomalous flow behavior in many areas future traffic flows that deviate from this normal pattern can be flagged to generate alarms. IMC analysis of flow data also provides deeper insight into application usage patterns, since we are correlating flows based on port numbers, protocols used and service types. This can not only identify potential policy breaches and inappropriate uses of the network, but it can also be used to improve QoS or reconfigure the network to accommodate current traffic patterns. IMC typically displays the following information graphically: Top 50 sessions (flows) by source: Which hosts are generating the most sessions? Top 50 sessions by destination: Which hosts are the destinations of the most sessions? Bandwidth consumption for each application: Which applications are consuming the most bandwidth and the highest number of session flows on the network? Top applications by host: Which applications are generating the most session flows and traffic on each host? Session trends by host over time: How are flow trends changing over time across the network or at a single node compared with baseline statistics?
7 7 INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS Conclusion Flow data is created by many network switches and routers, and can be used to your advantage to optimize your network s performance. Collecting and aggregating flow information can also lead to tremendous insight into network status and security trends. Although there are a number of flow formats and emerging standards, the key is to select a flow analysis tool that can collect information from the widest range of network devices and correlate information from a large heterogeneous environment. IMC is an ideal tool to capture and correlate all of your network s flow information to gain maximum visibility to network issues. The intuitive graphical interface and simple, but informative, reports quickly identify security issues that security appliances may have missed. IMC also provides statistics on application use to identify compliance issues, assist in capacity planning, as well as to help set and adhere to QoS policies.
8 8 INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS Visit for more information about H3C enterprise solutions. 3Com Corporation, Corporate Headquarters, 350 Campus Drive, Marlborough, MA Com is publicly traded on NASDAQ under the symbol COMS. Copyright Com Corporation. All rights reserved. Comware, H3C, the H3C logo and SecPath are in various countries worldwide registered trademarks of 3Com Corporation or H3C Technologies Co., Ltd.. Intelligent Resilient Framework is a trademark of 3Com Corporation. All other company and product names may be trademarks of their respective companies. While every effort is made to ensure the information given is accurate, neither 3Com Corporation nor H3C Technologies Co., Ltd accepts liability for any errors or mistakes which may arise. All specifications are subject to change without notice /10
Gaining Operational Efficiencies with the Enterasys S-Series
Gaining Operational Efficiencies with the Enterasys S-Series Hi-Fidelity NetFlow There is nothing more important than our customers. Gaining Operational Efficiencies with the Enterasys S-Series Introduction
More informationApplication Security Backgrounder
Essential Intrusion Prevention System (IPS) & DoS Protection Knowledge for IT Managers October 2006 North America Radware Inc. 575 Corporate Dr., Lobby 1 Mahwah, NJ 07430 Tel: (888) 234-5763 International
More informationNetFlow Tips and Tricks
NetFlow Tips and Tricks Introduction... 2 NetFlow and other Flow Technologies... 2 NetFlow Tips and Tricks... 4 Tech Tip 1: Troubleshooting Network Issues... 4 Tech Tip 2: Network Anomaly Detection...
More informationNetwork Performance + Security Monitoring
Network Performance + Security Monitoring Gain actionable insight through flow-based security and network performance monitoring across physical and virtual environments. Uncover the root cause of performance
More informationCisco IOS Flexible NetFlow Technology
Cisco IOS Flexible NetFlow Technology Last Updated: December 2008 The Challenge: The ability to characterize IP traffic and understand the origin, the traffic destination, the time of day, the application
More informationOverview of NetFlow NetFlow and ITSG-33 Existing Monitoring Tools Network Monitoring and Visibility Challenges Technology of the future Q&A
Overview of NetFlow NetFlow and ITSG-33 Existing Monitoring Tools Network Monitoring and Visibility Challenges Technology of the future Q&A What is NetFlow? Network protocol originally developed by Cisco
More informationViete, čo robia Vaši užívatelia na sieti? Roman Tuchyňa, CSA
Viete, čo robia Vaši užívatelia na sieti? Roman Tuchyňa, CSA What is ReporterAnalyzer? ReporterAnalyzer gives network professionals insight into how application traffic is impacting network performance.
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationNetwork Instruments white paper
Network Instruments white paper EXTENDING NETWORK VISIBILITY BY LEVERAGING NETFLOW AND SFLOW TECHNOLOGIES This paper shows how a network analyzer that can leverage and sflow technologies can provide extended
More informationQRadar Security Intelligence Platform Appliances
DATASHEET Total Security Intelligence An IBM Company QRadar Security Intelligence Platform Appliances QRadar Security Intelligence Platform appliances combine typically disparate network and security management
More informationPlugging Network Security Holes using NetFlow. Loopholes in todays network security solutions and how NetFlow can help
Plugging Network Security Holes using NetFlow Loopholes in todays network security solutions and how NetFlow can help About ManageEngine Network Servers & Applications Desktop ServiceDesk Windows Infrastructure
More informationFlow Based Traffic Analysis
Flow based Traffic Analysis Muraleedharan N C-DAC Bangalore Electronics City murali@ncb.ernet.in Challenges in Packet level traffic Analysis Network traffic grows in volume and complexity Capture and decode
More informationScalable Extraction, Aggregation, and Response to Network Intelligence
Scalable Extraction, Aggregation, and Response to Network Intelligence Agenda Explain the two major limitations of using Netflow for Network Monitoring Scalability and Visibility How to resolve these issues
More informationFirst Line of Defense
First Line of Defense SecureWatch ANALYTICS FIRST LINE OF DEFENSE OVERVIEW KEY BENEFITS Comprehensive Visibility Gain comprehensive visibility into DDoS attacks and cyber-threats with easily accessible
More informationIBM Security QRadar QFlow Collector appliances for security intelligence
IBM Software January 2013 IBM Security QRadar QFlow Collector appliances for security intelligence Advanced solutions for the analysis of network flow data 2 IBM Security QRadar QFlow Collector appliances
More informationExtending Network Visibility by Leveraging NetFlow and sflow Technologies
Extending Network Visibility by Leveraging and sflow Technologies This paper shows how a network analyzer that can leverage and sflow technologies can provide extended visibility into enterprise networks
More informationExtending Network Visibility by Leveraging NetFlow and sflow Technologies
Extending Network Visibility by Leveraging and sflow Technologies This paper shows how a network analyzer that can leverage and sflow technologies can provide extended visibility into enterprise networks
More informationplixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels
Scrutinizer Competitor Worksheet Scrutinizer Malware Incident Response Scrutinizer is a massively scalable, distributed flow collection system that provides a single interface for all traffic related to
More informationExtreme Networks Security Analytics G2 Risk Manager
DATA SHEET Extreme Networks Security Analytics G2 Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance HIGHLIGHTS Visualize current and potential
More informationRSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst
ESG Lab Review RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst Abstract: This ESG Lab review documents
More informationSTEALTHWATCH MANAGEMENT CONSOLE
STEALTHWATCH MANAGEMENT CONSOLE The System by Lancope is a leading solution for network visibility and security intelligence across physical and virtual environments. With the System, network operations
More informationIBM QRadar Security Intelligence Platform appliances
IBM QRadar Security Intelligence Platform Comprehensive, state-of-the-art solutions providing next-generation security intelligence Highlights Get integrated log management, security information and event
More informationCISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY
CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY CISCO INFORMATION TECHNOLOGY SEPTEMBER 2004 1 Overview Challenge To troubleshoot capacity and quality problems and to understand
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More informationInternet Security Systems
Internet Security Systems Monitoring the network to enhance visibility, integrity and preemtive protection ISS Company Background World s leading independent IT security provider World leader in security
More informationThe Value of QRadar QFlow and QRadar VFlow for Security Intelligence
BROCHURE The Value of QRadar QFlow and QRadar VFlow for Security Intelligence As the security threats facing organizations have grown exponentially, the need for greater visibility into network activity
More informationEnterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: Large organizations have spent millions of dollars on security
More informationTake the NetFlow Challenge!
TM Scrutinizer NetFlow and sflow Analysis Scrutinizer is a NetFlow and sflow analyzer that provides another layer of cyber threat detection and incredibly detailed network utilization information about
More informationBridging the gap between COTS tool alerting and raw data analysis
Article Bridging the gap between COTS tool alerting and raw data analysis An article on how the use of metadata in cybersecurity solutions raises the situational awareness of network activity, leading
More informationHP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide
HP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide Abstract This guide contains comprehensive information for network administrators, engineers, and operators working with
More informationDeploying Firewalls Throughout Your Organization
Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense
More informationBest Practices for NetFlow/IPFIX Analysis and Reporting
WHITEPAPER Best Practices for NetFlow/IPFIX Analysis and Reporting IT managers and network administrators are constantly making decisions affecting critical business activity on the network. Management
More informationFlow Analysis Versus Packet Analysis. What Should You Choose?
Flow Analysis Versus Packet Analysis. What Should You Choose? www.netfort.com Flow analysis can help to determine traffic statistics overall, but it falls short when you need to analyse a specific conversation
More informationUnified network traffic monitoring for physical and VMware environments
Unified network traffic monitoring for physical and VMware environments Applications and servers hosted in a virtual environment have the same network monitoring requirements as applications and servers
More informationRadware s Attack Mitigation Solution On-line Business Protection
Radware s Attack Mitigation Solution On-line Business Protection Table of Contents Attack Mitigation Layers of Defense... 3 Network-Based DDoS Protections... 3 Application Based DoS/DDoS Protection...
More informationWHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems
WHITE PAPER FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems Abstract: Denial of Service (DoS) attacks have been a part of the internet landscape for
More informationLOG INTELLIGENCE FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF uugiven today s environment of sophisticated security threats, big data security intelligence solutions and regulatory compliance demands, the need for a log intelligence solution has become
More informationIBM Security Network Protection
IBM Software Data sheet IBM Security Network Protection Highlights Delivers superior zero-day threat protection and security intelligence powered by IBM X- Force Provides critical insight and visibility
More informationOn-Premises DDoS Mitigation for the Enterprise
On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has
More informationExtreme Networks Security Analytics G2 Vulnerability Manager
DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering
More informationIBM Security QRadar Risk Manager
IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Visualize current and potential network traffic patterns
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationCisco NetFlow Generation Appliance (NGA) 3140
Q&A Cisco NetFlow Generation Appliance (NGA) 3140 General Overview Q. What is Cisco NetFlow Generation Appliance (NGA) 3140? A. Cisco NetFlow Generation Appliance 3140 is purpose-built, high-performance
More informationwhitepaper Network Traffic Analysis Using Cisco NetFlow Taking the Guesswork Out of Network Performance Management
whitepaper Network Traffic Analysis Using Cisco NetFlow Taking the Guesswork Out of Network Performance Management Taking the Guesswork Out of Network Performance Management EXECUTIVE SUMMARY Many enterprise
More informationThe Cisco ASA 5500 as a Superior Firewall Solution
The Cisco ASA 5500 as a Superior Firewall Solution The Cisco ASA 5500 Series Adaptive Security Appliance provides leading-edge firewall capabilities and expands to support other security services. Firewalls
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationDDoS Protection Technology White Paper
DDoS Protection Technology White Paper Keywords: DDoS attack, DDoS protection, traffic learning, threshold adjustment, detection and protection Abstract: This white paper describes the classification of
More informationContent-ID. Content-ID URLS THREATS DATA
Content-ID DATA CC # SSN Files THREATS Vulnerability Exploits Viruses Spyware Content-ID URLS Web Filtering Content-ID combines a real-time threat prevention engine with a comprehensive URL database and
More informationContent-ID. Content-ID enables customers to apply policies to inspect and control content traversing the network.
Content-ID Content-ID enables customers to apply policies to inspect and control content traversing the network. Malware & Vulnerability Research 0-day Malware and Exploits from WildFire Industry Collaboration
More informationProtecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper
Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges
More informationNSC 93-2213-E-110-045
NSC93-2213-E-110-045 2004 8 1 2005 731 94 830 Introduction 1 Nowadays the Internet has become an important part of people s daily life. People receive emails, surf the web sites, and chat with friends
More informationProduct Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity
NIP IDS Product Overview The Network Intelligent Police (NIP) Intrusion Detection System (IDS) is a new generation of session-based intelligent network IDS developed by Huaweisymantec. Deployed in key
More informationFinding Network Security Breaches Using LiveAction Software to detect and analyze security issues in your network
LiveAction Application Note Finding Network Security Breaches Using LiveAction Software to detect and analyze security issues in your network September 2012 http://www.liveaction.com Table of Contents
More informationNetwork as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats
Network as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats Dragan Novaković Consulting Systems Engineer Security November 2015. New Networks Mean New Security Challenges
More informationIntelligent. Data Sheet
Cisco IPS Software Product Overview Cisco IPS Software is the industry s leading network-based intrusion prevention software. It provides intelligent, precise, and flexible protection for your business
More informationIntroduction. The Inherent Unpredictability of IP Networks # $# #
Introduction " $ % & ' The Inherent Unpredictability of IP Networks A major reason that IP became the de facto worldwide standard for data communications networks is its automated resiliency based on intelligent
More informationSELECTING THE RIGHT HOST INTRUSION PREVENTION SYSTEM:
SELECTING THE RIGHT HOST INTRUSION PREVENTION SYSTEM: 12 Key Questions to Ask Executive Summary Host Intrusion Prevention Systems (HIPS) complement perimeter defenses, and play a vital role in protecting
More informationSecuring and Monitoring BYOD Networks using NetFlow
Securing and Monitoring BYOD Networks using NetFlow How NetFlow can help with Security Analysis, Application Detection and Traffic Monitoring Don Thomas Jacob Technical Marketing Engineer ManageEngine
More informationExtreme Security Threat Protection G2 - Intrusion Prevention Integrated security, visibility, and control for next- generation network protection
DATA SHEET Extreme Security Threat Protection G2 - Intrusion Prevention Integrated security, visibility, and control for next- generation network protection HIGHLIGHTS Delivers superior zero-day threat
More information10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network
10 Key Things Your Firewall Should Do When voice joins applications and data on your network Table of Contents Making the Move to 3 10 Key Things 1 Security is More Than Physical 4 2 Priority Means Clarity
More informationNetwork Instruments white paper
Network Instruments white paper USING A NETWORK ANALYZER AS A SECURITY TOOL Network Analyzers are designed to watch the network, identify issues and alert administrators of problem scenarios. These features
More informationMonitoring Service Delivery in an MPLS Environment
Monitoring Service Delivery in an MPLS Environment A growing number of enterprises depend on (or are considering) MPLS-based routing to guarantee high-bandwidth capacity for the real-time applications
More informationFirst Line of Defense
First Line of Defense SecureWatch ANALYTICS FIRST LINE OF DEFENSE OVERVIEW KEY BENEFITS Comprehensive Visibility Powerful web-based security analytics portal with easy-to-read security dashboards Proactive
More informationNetwork Security Forensics
Network Security Forensics As hacking and security threats grow in complexity and organizations face stringent requirements to document access to private data on the network, organizations require a new
More informationData Sheet. DPtech Anti-DDoS Series. Overview
Data Sheet DPtech Anti-DDoS Series DPtech Anti-DDoS Series Overview DoS (Denial of Service) leverage various service requests to exhaust victims system resources, causing the victim to deny service to
More informationTraffic Monitoring using sflow
Making the Network Visible www.sflow.org Traffic Monitoring using sflow With the ever-increasing reliance on network services for business critical applications, the smallest change in network usage can
More informationIBM QRadar Security Intelligence April 2013
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
More informationAgenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka
Taxonomy of Botnet Threats Trend Micro Inc. Presented by Tushar Ranka Agenda Summary Background Taxonomy Attacking Behavior Command & Control Rallying Mechanisms Communication Protocols Evasion Techniques
More informationEnhancing Flow Based Network Monitoring
Enhancing Flow Based Network Monitoring Flow-based technologies such as NetFlow, sflow, J-Flow, and IPFIX are increasingly popular tools used by network operators. The tools leverage the capabilities embedded
More informationMonitoring applications to increase security in 40G and 100G networks
Monitoring applications to increase security in 40G and 100G networks Cyber Security and Today s Communication Technologies TPEB workshop, 30.1.2014 Petr Kastovsky kastovsky@invea.com Company Introduction
More informationRadware s Behavioral Server Cracking Protection
Radware s Behavioral Server Cracking Protection A DefensePro Whitepaper By Renaud Bidou Senior Security Specialist,Radware October 2007 www.radware.com Page - 2 - Table of Contents Abstract...3 Information
More informationIBM Security QRadar Risk Manager
IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Collect network security device configuration data to
More informationVirus Protection Across The Enterprise
White Paper Virus Protection Across The Enterprise How Firewall, VPN and /Content Security Work Together Juan Pablo Pereira Sr. Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda Avenue
More informationActive Visibility for Multi-Tiered Security // Solutions Overview
Introduction Cyber threats are becoming ever more sophisticated and prevalent. Traditional security approaches such as firewalls and anti-virus protection are not equipped to mitigate and manage modern
More information1. Thwart attacks on your network.
An IDPS can secure your enterprise, track regulatory compliance, enforce security policies and save money. 10 Reasons to Deploy an Intrusion Detection and Prevention System Intrusion Detection Systems
More informationComparison of Firewall, Intrusion Prevention and Antivirus Technologies
White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda
More informationIBM SECURITY QRADAR INCIDENT FORENSICS
IBM SECURITY QRADAR INCIDENT FORENSICS DELIVERING CLARITY TO CYBER SECURITY INVESTIGATIONS Gyenese Péter Channel Sales Leader, CEE IBM Security Systems 12014 IBM Corporation Harsh realities for many enterprise
More informationSonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity
SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria
More informationBenefits. Product Overview. There is nothing more important than our customers. DATASHEET
DATASHEET Security Information & Event Manager (SIEM) Compliance through Security Information and Event Management, Log Management, and Network Behavioral Analysis Product Overview Delivers fast, accurate
More informationSecure Cloud-Ready Data Centers Juniper Networks
Secure Cloud-Ready Data Centers Juniper Networks JUNIPER SECURITY LEADERSHIP A $1B BUSINESS Market Leadership Data Center with High- End Firewall #1 at 42% Secure Mobility with SSL VPN #1 at 25% Security
More informationICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.
ICND2 NetFlow Question 1 What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring B. Network Planning C. Security Analysis D. Accounting/Billing Answer: A C D NetFlow
More informationNetwork Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík
Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík {celeda velan jirsik}@ics.muni.cz Part I Introduction P. Čeleda et al. Network Security Monitoring and Behavior
More informationRedefine Network Visibility in the Data Center with the Cisco NetFlow Generation Appliance
White Paper Redefine Network Visibility in the Data Center with the Cisco NetFlow Generation Appliance What You Will Learn Modern data centers power businesses through a new generation of applications,
More informationFirst Line of Defense to Protect Critical Infrastructure
RFI SUBMISSION First Line of Defense to Protect Critical Infrastructure Developing a Framework to Improve Critical Infrastructure Cybersecurity Response to NIST Docket # 130208119-3119-01 Document # 2013-044B
More informationThe Critical Importance of Three Dimensional Protection (3DP) in an Intrusion Prevention System
The Critical Importance of Three Dimensional Protection (3DP) in an Intrusion Prevention System Top Layer Networks, Inc. Enterprises without a sound intrusion prevention strategy across the three threat
More informationBenefits. Product Overview. There is nothing more important than our customers. DATASHEET
DATASHEET Security Information & Event Manager (SIEM) Compliance through Security Information and Event Management, Log Management, and Network Behavioral Analysis Product Overview Delivers fast, accurate
More informationBeyond Monitoring Root-Cause Analysis
WHITE PAPER With the introduction of NetFlow and similar flow-based technologies, solutions based on flow-based data have become the most popular methods of network monitoring. While effective, flow-based
More informationCisco Cyber Threat Defense - Visibility and Network Prevention
White Paper Advanced Threat Detection: Gain Network Visibility and Stop Malware What You Will Learn The Cisco Cyber Threat Defense (CTD) solution brings visibility to all the points of your extended network,
More informationScrutinizer. Application traffic analytics, visualization and reporting tool
Scrutinizer Application traffic analytics, visualization and reporting tool Computer networking is an integral focal point of virtually every business. Unfortunately the ability to understand and identify
More informationIntro to Firewalls. Summary
Topic 3: Lesson 2 Intro to Firewalls Summary Basic questions What is a firewall? What can a firewall do? What is packet filtering? What is proxying? What is stateful packet filtering? Compare network layer
More informationA Review of Anomaly Detection Techniques in Network Intrusion Detection System
A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In
More informationWhen it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs
White Paper Meeting PCI Data Security Standards with Juniper Networks SECURE ANALYTICS When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs Copyright 2013, Juniper Networks,
More informationApplication Visibility and Monitoring >
White Paper Application Visibility and Monitoring > An integrated approach to application delivery Application performance drives business performance Every business today depends on secure, reliable information
More informationHow Network Transparency Affects Application Acceleration Deployment
How Network Transparency Affects Application Acceleration Deployment By John Bartlett and Peter Sevcik July 2007 Acceleration deployments should be simple. Vendors have worked hard to make the acceleration
More informationNext-Generation Firewalls: Critical to SMB Network Security
Next-Generation Firewalls: Critical to SMB Network Security Next-Generation Firewalls provide dramatic improvements in protection versus traditional firewalls, particularly in dealing with today s more
More informationSTEALTHWATCH MANAGEMENT CONSOLE
System STEALTHWATCH MANAGEMENT CONSOLE The System by Lancope is a leading solution for network visibility and security intelligence across physical and virtual environments. With the System, network operations
More informationWildFire. Preparing for Modern Network Attacks
WildFire WildFire automatically protects your networks from new and customized malware across a wide range of applications, including malware hidden within SSL-encrypted traffic. WildFire easily extends
More informationOpen Source Software for Cyber Operations:
W H I T E P A P E R Open Source Software for Cyber Operations: Delivering Network Security, Flexibility and Interoperability Introduction For the last decade, the use of open source software (OSS) in corporate
More informationHow Cisco IT Protects Against Distributed Denial of Service Attacks
How Cisco IT Protects Against Distributed Denial of Service Attacks Cisco Guard provides added layer of protection for server properties with high business value. Cisco IT Case Study / < Security and VPN
More information