Top 3 Issues and Questions (in Network Monitoring!) Developing a Network Monitoring Architecture! infotex. Dan Hadaway CRISC Managing Partner, infotex

Size: px
Start display at page:

Download "Top 3 Issues and Questions (in Network Monitoring!) Developing a Network Monitoring Architecture! infotex. Dan Hadaway CRISC Managing Partner, infotex"

Transcription

1 Top Three Issues and Questions in Network Monitoring Dan Hadaway and Sean Waugh of Auditors now know why we can t monitor event logs, but guess what, they don t care!! So let s open the hood of the managed security service provider, as Dan defines monitoring strategy. Meanwhile, what should we be asking ourselves as we enhance our processes? What should we be doing to monitor our network, beyond the MSSP? What open source tools are worth the time and what applications are worth the money? Sean will help us create a tactical plan! from the IT Risk Management Training Series Developing a Network Monitoring Architecture! Dan Hadaway CRISC Managing Partner, Sean Waugh CISSP, MCSA Lead Technical Auditor, revised for the OBL 2014 Technology Conference Top 3 Issues and Questions (in Network Monitoring!)

2 Top Three Questions 1. Why Monitor? 2. What should we monitor? 3. How should we monitor? Top Three Issues 1. Team approach to monitoring (Connect technical to non-technical) 2. Outsourcing Vs. In-house Monitoring 3. Documentation of Monitoring Processes Why? Risk Mitigation Team Confidence Compliance

3 Why? Ensure risk mitigation is on track. Ensure critical controls are working. Ensure threats are not exploiting vulnerabilities. Why (not?) Likelihood increases Reputation decreases Unauthorized access Change Management Denial of Service (DoS) Compliance Deficiencies Why monitor our networks?

4 Why Monitor? m..com/hackingteam Think it ll stop soon? Why Monitor m..com/hackingteam m..com/kidsrhackers

5 FireEye Warned Them! FireEye Warned Them! FireEye Warned Them! m..com/pickupthephone

6 Issue #1: Team Approach Network Monitoring must be accompanied by technical and nontechnical controls. Issue #2: Who Monitors? Outsource Security Monitoring Keep Performance Monitoring Inhouse

7 Issue #2: Who Monitors? Outsource Security Monitoring 24x7x365 requires 21 shifts. The bad guys work when you are NOT there. Segregation of Duties Proper training and awareness of latest attack vectors, malware derivations, and stealth methodds. Issue #2: Who Monitors? Keep Performance Monitoring Inhouse - Awareness is 9/10 s of the battle. - Performance / Reliability occurs during normal business hours! - Knowing your network is a deliverable of network monitoring. - Design it to act as a check on your MSSP. Who watches the watcher? The Incident Response Team should be reviewing network monitoring reports regularly to ensure that alerts are properly cleared.

8 What quality control stats? What metrics can management monitor? Who watches the watcher? MSSP Due Diligence Order the FFIEC TSP ROE Order the SSAE-16 SOC2 Report See the insurance certificate! Question them on Awareness Training Policies Actual training or CBT? Social Engineering Tests 3PM Tools for MSSPs my..com/obl promo code: OBLTC2014!

9 Issue #3: Documentation Why documentation? Normal reasons: Establish objectives Clearly define roles. Manage expectations. Ease turnover situations Issue #3: Documentation Why documentation? Unique reasons: We re often in a panic during an incident. We need to declare monitoring as a control in our risk assessments. We need to ensure a multi-disciplinary approach. Legal Risk Mitigation (otherwise put: CYA) Issue # 3: Documentation Before we document, we need to understand what to document. (introducing Sean Waugh!)

10 The what and how of it! Question #2! What should we be monitoring? What to Monitor? Network route & device health Application & system functionality Performance metrics Critical events Malicious activity

11 Network Route & Device Health Who: WAN links (MPLS, Fiber, VPN) Critical servers, routers & firewalls What: Real-time state information Long term uptime trends Application & System Functionality Who: L.O.B. services and applications Customer facing interfaces What: Services running? Data output checks Not just functioning, but properly Performance Metrics Who: Critical network devices & servers New applications and features What: Bandwidth & latency monitoring System resource usage Troubleshooting stability issues

12 Critical Events Who: Authentication failures System errors What: Tracking and follow through Graduated alerts based on severity Malicious Activity Who: Malware infections Social engineering attacks Naughty internal users What: Real-time notifications Automated response Open Source vs Commercial Open Source Zero upfront cost Requires technically knowledgeable IT staff Setup/Implementation can take longer Commercial Higher initial cost Better technical support Sometimes easier setup/configuration

13 Enterprise vs Piecemeal Enterprise All-in-One approach to network monitoring Higher upfront cost and setup time Central management Piecemeal Individual tools for specific purposes Allows slower rollout focused on prioritized concerns No central management interface Will have some overlap between tools Question #3 How? The Tools!! Open-Source Nagios Zabbix Cacti NtopNG Icinga Wireshark Commercial Groundwork MonitorIT OpManager Solarwinds Splunk

14 Nagios Network device and service monitoring Displays current status and historical uptime Sends real-time alerts via and SMS Status changes can also trigger custom scripts Tracks alert acknowledgement by user Can also schedule planned downtime Initial setup can be time consuming Free Also has a commercial version with added features Nagios Nagios

15 Zabbix Availability and performance monitor Track CPU, memory, disk usage Data gathering supports SNMP, custom scripts Custom scripts allow you to gather almost anything Sends real-time alerts via and SMS Tracks alert acknowledgement by user Supports auto-discovery for easy configuration Requires agent install on clients for full features Free Zabbix Zabbix

16 Cacti Network and performance monitor Track CPU, memory, disk usage Show inbound/outbound traffic statistics Including interface errors and dropped packets Data gathering supports SNMP, custom scripts Custom scripts allow you to gather almost anything Initial setup can be time-consuming Free Cacti Cacti

17 NtopNG Web-based bandwidth monitoring tool Displays traffic sorted by protocol Displays traffic sorted by source & destination Persistent statistics for trend analysis Geo-location of hosts Runs on all platforms (*nix, Windows, OSX) Very easy setup and maintenance Free NtopNG NtopNG

18 Icinga https://www.icinga.org/ Network device and service monitoring Actually a fork of Nagios development Basic log file consolidation and processing Send commands to multiple hosts simultaneously Classic and Web 2.0 interfaces Displays current status and historical uptime Sends real-time alerts via and SMS Free Icinga Icinga

19 Wireshark Network protocol analyzer & sniffer Capture and analyze live or recorded traffic Displays raw packet headers and payloads Supports deep inspection of almost all protocols Decryption support for common protocols Multitudes of filtering options Runs on all platforms (*nix, Windows, OSX) Free Wireshark Groundwork Unified monitoring suite Displays current status and historical uptime Track CPU, memory, disk usage Basic log file consolidation and processing Sends real-time alerts via and SMS Status changes can also trigger custom scripts Free for <50 devices Commercial version for additional devices

20 Groundwork MonitorIT Network device and performance monitor Track CPU, memory, disk usage Basic log file consolidation and processing Custom dashboards and reporting options Comprehensive virtual server monitoring Metrics from hypervisor hosts and virtual machines Real-time exception alerts via and SMS Quick setup with pre-configured monitor rules MonitorIT

21 MonitorIT OpManager Unified monitoring suite Availability and performance monitoring Log collection and correlation Comprehensive virtual server monitoring Network bandwidth monitoring Change and configuration management Custom dashboards and reporting options Real-time alerts via and SMS OpManager

22 OpManager Solarwinds Unified monitoring suite Availability and performance monitoring Log collection and correlation Network and firewall change management Network bandwidth monitoring Real-time alerts via and SMS Initial setup can be time consuming Modules are sold seperately Solarwinds

23 Solarwinds Solarwinds Free Tools rwinds_free_tools/ Many free tools available for basic tasks Firewall rules browser Bandwidth monitor Event log consolidator Active Directory permissions analyzer Active Directory administrator tools Network SNMP monitor IP address tracker Splunk Data consolidation and correlation engine Collects logs and performance metrics Supports collecting output from custom scripts Advanced search of live and historical data Custom dashboards and reporting Time and transaction based correlation Sends real-time alerts via , SMS, SNMP Initial setup can be time consuming Free for <500Mb/day otherwise commercial

24 Splunk What and How Summary! Take time to evaluate available options Try demos and free tools Solicit input from colleagues and vendors Focus on business and regulatory needs Comprehensive suite vs. Individual tools Support availability Ease of setup Licensing costs Documentation!!! my..com/obl promo code: OBLTC2014!

25 Access Management Risk Management Incident Response Awareness IT Governance Asset Management Technical Security Standards Business Continuity Vendor Management Access Management Risk Management Incident Response Awareness IT Governance Asset Management Technical Security Standards Business Continuity Vendor Management Typical Incident Response Program

26 What you ll find.... Incident Response Program Incident Response Policy Incident Response Plan Procedures Intrusion Detection Procedure Performance Monitoring Procedure Change Control Procedure Network/Server Build Configuration Standards Tools Talking Points, Letter Templates FIL , Decision Trees What you ll find Thank you Questions?? Contact us! Sean Waugh CISSP, MCSA (800) ext. 801 Dan Hadaway CRISC, CISA, CISM (800) ext. 810

Tk20 Network Infrastructure

Tk20 Network Infrastructure Tk20 Network Infrastructure Tk20 Network Infrastructure Table of Contents Overview... 4 Physical Layout... 4 Air Conditioning:... 4 Backup Power:... 4 Personnel Security:... 4 Fire Prevention and Suppression:...

More information

mbits Network Operations Centrec

mbits Network Operations Centrec mbits Network Operations Centrec The mbits Network Operations Centre (NOC) is co-located and fully operationally integrated with the mbits Service Desk. The NOC is staffed by fulltime mbits employees,

More information

SolarWinds Certified Professional. Exam Preparation Guide

SolarWinds Certified Professional. Exam Preparation Guide SolarWinds Certified Professional Exam Preparation Guide Introduction The SolarWinds Certified Professional (SCP) exam is designed to test your knowledge of general networking management topics and how

More information

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture

More information

Network Management and Monitoring Software

Network Management and Monitoring Software Page 1 of 7 Network Management and Monitoring Software Many products on the market today provide analytical information to those who are responsible for the management of networked systems or what the

More information

Information Technology Policy

Information Technology Policy Information Technology Policy Security Information and Event Management Policy ITP Number Effective Date ITP-SEC021 October 10, 2006 Category Supersedes Recommended Policy Contact Scheduled Review RA-ITCentral@pa.gov

More information

Network Monitoring Comparison

Network Monitoring Comparison Network Monitoring Comparison vs Network Monitoring is essential for every network administrator. It determines how effective your IT team is at solving problems or even completely eliminating them. Even

More information

Mobile security and your EMR. Presented by: Shawn Tester & Allen Cornwall

Mobile security and your EMR. Presented by: Shawn Tester & Allen Cornwall Mobile security and your EMR Presented by: Shawn Tester & Allen Cornwall Date: October 14, 2011 Overview General Security Challenges & best practices Mobile EMR interfaces - EMR Access - Today & Future

More information

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security SIEM Optimization 101 ReliaQuest E-Book Fully Integrated and Optimized IT Security Introduction SIEM solutions are effective security measures that mitigate security breaches and increase the awareness

More information

Splunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF

Splunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF Splunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF Businesses around the world have adopted the information security standard ISO 27002 as part of their overall risk

More information

A SURVEY ON AUTOMATED SERVER MONITORING

A SURVEY ON AUTOMATED SERVER MONITORING A SURVEY ON AUTOMATED SERVER MONITORING S.Priscilla Florence Persis B.Tech IT III year SNS College of Engineering,Coimbatore. priscillapersis@gmail.com Abstract This paper covers the automatic way of server

More information

Ovation Security Center Data Sheet

Ovation Security Center Data Sheet Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations

More information

Minder Network Performance Monitoring

Minder Network Performance Monitoring Minder Network Performance Monitoring Monitor everything about your Network performance Discover, visualize and monitor your complete IT Infrastructure in less than an hour. Mindarray s Minder is a powerful

More information

WhatsUp Gold vs. Orion

WhatsUp Gold vs. Orion Gold vs. Building the network management solution that will work for you is very easy with the Gold family just mix-and-match the Gold plug-ins that you need (WhatsVirtual, WhatsConnected, Flow Monitor,

More information

Proactive Network Performance Monitoring

Proactive Network Performance Monitoring Proactive Network Performance Monitoring No other tool is as flexible and robust as Goliath Performance Monitor We have been using Goliath Performance Monitor for many years. We have looked at other tools

More information

SOUTHERN POLYTECHNIC STATE UNIVERSITY. Snort and Wireshark. IT-6873 Lab Manual Exercises. Lucas Varner and Trevor Lewis Fall 2013

SOUTHERN POLYTECHNIC STATE UNIVERSITY. Snort and Wireshark. IT-6873 Lab Manual Exercises. Lucas Varner and Trevor Lewis Fall 2013 SOUTHERN POLYTECHNIC STATE UNIVERSITY Snort and Wireshark IT-6873 Lab Manual Exercises Lucas Varner and Trevor Lewis Fall 2013 This document contains instruction manuals for using the tools Wireshark and

More information

SolarWinds Network Performance Monitor powerful network fault & availabilty management

SolarWinds Network Performance Monitor powerful network fault & availabilty management SolarWinds Network Performance Monitor powerful network fault & availabilty management Fully Functional for 30 Days SolarWinds Network Performance Monitor (NPM) is powerful and affordable network monitoring

More information

Clavister InSight TM. Protecting Values

Clavister InSight TM. Protecting Values Clavister InSight TM Clavister SSP Security Services Platform firewall VPN termination intrusion prevention anti-virus anti-spam content filtering traffic shaping authentication Protecting Values & Enterprise-wide

More information

Advantages of Managed Security Services

Advantages of Managed Security Services Advantages of Managed Security Services Cloud services via MPLS networks for high security at low cost Get Started Now: 877.611.6342 to learn more. www.megapath.com Executive Summary Protecting Your Network

More information

Kevin Hayes, CISSP, CISM MULTIPLY SECURITY EFFECTIVENESS WITH SIEM

Kevin Hayes, CISSP, CISM MULTIPLY SECURITY EFFECTIVENESS WITH SIEM Kevin Hayes, CISSP, CISM MULTIPLY SECURITY EFFECTIVENESS WITH SIEM TODAY S AGENDA Describe the need for SIEM Explore different options available for SIEM Demonstrate a few Use Cases Cover some caveats

More information

Server Monitoring: Centralize and Win

Server Monitoring: Centralize and Win Server Monitoring: Centralize and Win Table of Contents Introduction 2 Event & Performance Management 2 Troubleshooting 3 Health Reporting & Notification 3 Security Posture & Compliance Fulfillment 4 TNT

More information

Fight the Noise with SIEM

Fight the Noise with SIEM Fight the Noise with SIEM An Incident Response System Classified: Public An Indiana Bankers Association Preferred Service Provider! elmdemo.infotex.com Managed Security Services by infotex! Page 2 Incident

More information

Vulnerability Management

Vulnerability Management Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other

More information

McAfee Network Security Platform Administration Course

McAfee Network Security Platform Administration Course McAfee Network Security Platform Administration Course Intel Security Education Services Administration Course The McAfee Network Security Platform Administration course from McAfee Education Services

More information

Unified network traffic monitoring for physical and VMware environments

Unified network traffic monitoring for physical and VMware environments Unified network traffic monitoring for physical and VMware environments Applications and servers hosted in a virtual environment have the same network monitoring requirements as applications and servers

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations have been hacked in the past two

More information

Don t let your SIeM become your Nightmare!

Don t let your SIeM become your Nightmare! Don t let your SIeM become your Nightmare! Herwig Köck, Thomas Bleier What is SIEM? Combining Security Components Intrusion Detection Endpoint Security Service Logs Asset Management Packets Protocols IP-Adresses

More information

PART D NETWORK SERVICES

PART D NETWORK SERVICES CONTENTS 1 ABOUT THIS PART... 2 2 PUBLIC NETWORK... 2 Internet... 2 3 PRIVATE NETWORK... 3 Global WAN services... 3 4 SECURITY SERVICES... 3 Firewall... 4 Intrusion Prevention (Network)... 5 SSL/IPSEC

More information

Network Monitoring. Lance Rea. Davis & Gilbert LLP lrea@dglaw.com

Network Monitoring. Lance Rea. Davis & Gilbert LLP lrea@dglaw.com Network Monitoring Presented by: Lance Rea CIO Davis & Gilbert LLP lrea@dglaw.com A Little Background info D&G 100+ Attorney firm in Midtown Manhattan Full Service firm specializing in Media and Advertising

More information

Virtual Patching: a Proven Cost Savings Strategy

Virtual Patching: a Proven Cost Savings Strategy Virtual Patching: a Proven Cost Savings Strategy An Ogren Group Special Report December 2011 Executive Summary Security executives, pushing the limits of traditional labor-intensive IT patch processes

More information

McAfee Next Generation Firewall (NGFW) Administration Course

McAfee Next Generation Firewall (NGFW) Administration Course McAfee Product Education McAfee Next Generation Firewall (NGFW) Administration Course The McAfee NGFW Administration course from Education Services provides attendees with hands-on training on the design,

More information

On-Premises DDoS Mitigation for the Enterprise

On-Premises DDoS Mitigation for the Enterprise On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has

More information

Edge Configuration Series Reporting Overview

Edge Configuration Series Reporting Overview Reporting Edge Configuration Series Reporting Overview The Reporting portion of the Edge appliance provides a number of enhanced network monitoring and reporting capabilities. WAN Reporting Provides detailed

More information

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with

More information

SOLARWINDS NETWORK PERFORMANCE MONITOR

SOLARWINDS NETWORK PERFORMANCE MONITOR DATASHEET SOLARWINDS NETWORK PERFORMANCE MONITOR Fault, Availability, Performance, and Deep Packet Inspection SolarWinds Network Performance Monitor (NPM) is powerful and affordable network monitoring

More information

Chapter 9 Firewalls and Intrusion Prevention Systems

Chapter 9 Firewalls and Intrusion Prevention Systems Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish

More information

Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)

Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed) Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed) 01.1 Purpose

More information

The SIEM Evaluator s Guide

The SIEM Evaluator s Guide Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,

More information

Unified Threat Management, Managed Security, and the Cloud Services Model

Unified Threat Management, Managed Security, and the Cloud Services Model Unified Threat Management, Managed Security, and the Cloud Services Model Kurtis E. Minder CISSP Global Account Manager - Service Provider Group Fortinet, Inc. Introduction Kurtis E. Minder, Technical

More information

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary

More information

White Paper. The Ten Features Your Web Application Monitoring Software Must Have. Executive Summary

White Paper. The Ten Features Your Web Application Monitoring Software Must Have. Executive Summary White Paper The Ten Features Your Web Application Monitoring Software Must Have Executive Summary It s hard to find an important business application that doesn t have a web-based version available and

More information

Free Network Monitoring Software for Small Networks

Free Network Monitoring Software for Small Networks Free Network Monitoring Software for Small Networks > WHITEPAPER Introduction Networks are becoming critical components of business success - irrespective of whether you are small or BIG. When network

More information

When Recognition Matters THE COMPARISON OF PROGRAMS FOR NETWORK MONITORING. www.pecb.com

When Recognition Matters THE COMPARISON OF PROGRAMS FOR NETWORK MONITORING. www.pecb.com When Recognition Matters THE COMPARISON OF PROGRAMS FOR NETWORK MONITORING www.pecb.com Imagine a working environment comprised of a number of switches, routers, some terminals and file servers. Network

More information

AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide

AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide AlienVault Unified Security Management (USM) 4.x-5.x Deployment Planning Guide USM 4.x-5.x Deployment Planning Guide, rev. 1 Copyright AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,

More information

G DATA TechPaper #0275. G DATA Network Monitoring

G DATA TechPaper #0275. G DATA Network Monitoring G DATA TechPaper #0275 G DATA Network Monitoring G DATA Software AG Application Development May 2016 Contents Introduction... 3 1. The benefits of network monitoring... 3 1.1. Availability... 3 1.2. Migration

More information

Cisco Remote Management Services for Security

Cisco Remote Management Services for Security Cisco Remote Management Services for Security Innovation: Many Take Advantage of It, Some Strive for It, Cisco Delivers It. Cisco Remote Management Services (RMS) for Security provide around the clock

More information

Firewalls Overview and Best Practices. White Paper

Firewalls Overview and Best Practices. White Paper Firewalls Overview and Best Practices White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information use only, does not

More information

Monitoring System Status

Monitoring System Status CHAPTER 14 This chapter describes how to monitor the health and activities of the system. It covers these topics: About Logged Information, page 14-121 Event Logging, page 14-122 Monitoring Performance,

More information

Network Monitoring Tools for Monitoring MPLS Links using PRTG Network Monitor Tool

Network Monitoring Tools for Monitoring MPLS Links using PRTG Network Monitor Tool Network Monitoring Tools for Monitoring MPLS Links using PRTG Network Monitor Tool S Suruthi Department of Banking Technology Pondicherry University Pondicherry Project Guide: Dr. N.P. Dhavale DGM, INFINET

More information

Providing Secure IT Management & Partnering Solution for Bendigo South East College

Providing Secure IT Management & Partnering Solution for Bendigo South East College Providing Secure IT Management & Partnering Solution for Bendigo South East College Why did Bendigo South East College engage alltasksit & DELL? BSEC is in the midst of school population growth in 2015,

More information

Virtual Patching: a Compelling Cost Savings Strategy

Virtual Patching: a Compelling Cost Savings Strategy Virtual Patching: a Compelling Cost Savings Strategy An Ogren Group Special Report November 2010 Executive Summary IT patch processes are at a critical crossroads. Exploits appear in the wild only a day

More information

New possibilities in latest OfficeScan and OfficeScan plug-in architecture

New possibilities in latest OfficeScan and OfficeScan plug-in architecture New possibilities in latest OfficeScan and OfficeScan plug-in architecture Märt Erik AS Stallion Agenda New in OfficeScan 10.5 OfficeScan plug-ins» More Active Directory support» New automated client grouping

More information

Introduction of Intrusion Detection Systems

Introduction of Intrusion Detection Systems Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:

More information

Looking Ahead The Path to Moving Security into the Cloud

Looking Ahead The Path to Moving Security into the Cloud Looking Ahead The Path to Moving Security into the Cloud Gerhard Eschelbeck Sophos Session ID: SPO2-107 Session Classification: Intermediate Agenda The Changing Threat Landscape Evolution of Application

More information

whitepaper Network Traffic Analysis Using Cisco NetFlow Taking the Guesswork Out of Network Performance Management

whitepaper Network Traffic Analysis Using Cisco NetFlow Taking the Guesswork Out of Network Performance Management whitepaper Network Traffic Analysis Using Cisco NetFlow Taking the Guesswork Out of Network Performance Management Taking the Guesswork Out of Network Performance Management EXECUTIVE SUMMARY Many enterprise

More information

Best Practices for Log File Management (Compliance, Security, Troubleshooting)

Best Practices for Log File Management (Compliance, Security, Troubleshooting) Log Management: Best Practices for Security and Compliance The Essentials Series Best Practices for Log File Management (Compliance, Security, Troubleshooting) sponsored by Introduction to Realtime Publishers

More information

Sourcefire Defense Center TM

Sourcefire Defense Center TM Sourcefire TM Sourcefire Capabilities Store up to 100,000,000 security & host events, including packet data Centralized policy & sensor management Centralized audit logging of configuration & security

More information

Company & Solution Profile

Company & Solution Profile Company & Solution Profile About Us NMSWorks Software Limited is an information technology company specializing in developing Carrier grade Integrated Network Management Solutions for the emerging convergent

More information

Study of Network Performance Monitoring Tools-SNMP

Study of Network Performance Monitoring Tools-SNMP 310 Study of Network Performance Monitoring Tools-SNMP Mr. G.S. Nagaraja, Ranjana R.Chittal, Kamod Kumar Summary Computer networks have influenced the software industry by providing enormous resources

More information

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports Building a Security Operation Center Agenda: Auditing Your Network Environment Selecting Effective Security

More information

Secure networks are crucial for IT systems and their

Secure networks are crucial for IT systems and their ISSA The Global Voice of Information Security Network Security Architecture By Mariusz Stawowski ISSA member, Poland Chapter Secure networks are crucial for IT systems and their proper operation. Essential

More information

Network Monitoring. Sebastian Büttrich, sebastian@less.dk NSRC / IT University of Copenhagen Last edit: February 2012, ICTP Trieste

Network Monitoring. Sebastian Büttrich, sebastian@less.dk NSRC / IT University of Copenhagen Last edit: February 2012, ICTP Trieste Network Monitoring Sebastian Büttrich, sebastian@less.dk NSRC / IT University of Copenhagen Last edit: February 2012, ICTP Trieste http://creativecommons.org/licenses/by-nc-sa/3.0/ Agenda What is network

More information

Data Center Security in a World Without Perimeters

Data Center Security in a World Without Perimeters www.iss.net Data Center Security in a World Without Perimeters September 19, 2006 Dave McGinnis Director of MSS Architecture Agenda Securing the Data Center What threats are we facing? What are the risks?

More information

An overwhelming majority of IaaS clouds leverage virtualization for their foundation.

An overwhelming majority of IaaS clouds leverage virtualization for their foundation. 1 2 3 An overwhelming majority of IaaS clouds leverage virtualization for their foundation. 4 With the use of virtualization comes the use of a hypervisor. Normally, the hypervisor simply provisions resources

More information

Ovation Security Center Data Sheet

Ovation Security Center Data Sheet Features Scans for vulnerabilities Discovers assets Deploys security patches easily Allows only white-listed applications in workstations to run Provides virus protection for Ovation Windows stations Aggregates,

More information

Chapter 8 Monitoring and Logging

Chapter 8 Monitoring and Logging Chapter 8 Monitoring and Logging This chapter describes the SSL VPN Concentrator status information, logging, alerting and reporting features. It describes: SSL VPN Concentrator Status Active Users Event

More information

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323

More information

10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection. September 2011

10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection. September 2011 10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection September 2011 10 Potential Risks Facing Your IT Department: Multi-layered Security & Network Protection 2 It s

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

More information

Enterprise Cloud Manager

Enterprise Cloud Manager Enterprise Cloud Manager Network Management & Application Platform Global Leader in 4G LTE Network Solutions DEPLOY & MANAGE THE INTELLIGENT NETWORK Rapidly deploy and dynamically manage networks at geographically

More information

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA Emerging Network Security Threats and what they mean for internal auditors December 11, 2013 John Gagne, CISSP, CISA 0 Objectives Emerging Risks Distributed Denial of Service (DDoS) Attacks Social Engineering

More information

SP Monitor. nfx One gives MSPs the agility and power they need to confidently grow their security services business. NFX FOR MSP SOLUTION BRIEF

SP Monitor. nfx One gives MSPs the agility and power they need to confidently grow their security services business. NFX FOR MSP SOLUTION BRIEF NFX FOR MSP SOLUTION BRIEF SP Monitor Jump Start Security-as-a-Service Designed to give you everything you need to get started immediately providing security-as-a service, SP Monitor is a real-time event

More information

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.

More information

SolarWinds Network Performance Monitor

SolarWinds Network Performance Monitor SolarWinds Network Performance Monitor powerful network fault & availabilty management Fully Functional for 30 Days SolarWinds Network Performance Monitor (NPM) makes it easy to quickly detect, diagnose,

More information

Sorting out SIEM strategy Five step guide to full security information visibility and controlled threat management

Sorting out SIEM strategy Five step guide to full security information visibility and controlled threat management Sorting out SIEM strategy Five step guide to full security information visibility and controlled threat management This guide will show you how a properly implemented and managed SIEM solution can solve

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

www.obrela.com Swordfish

www.obrela.com Swordfish Swordfish Web Application Firewall Web Application Security as a Service Swordfish Web Application Security provides an innovative model to help businesses protect their brand and online information, incorporating

More information

RAVEN, Network Security and Health for the Enterprise

RAVEN, Network Security and Health for the Enterprise RAVEN, Network Security and Health for the Enterprise The Promia RAVEN is a hardened Security Information and Event Management (SIEM) solution further providing network health, and interactive visualizations

More information

TECH TIPS 4 STEPS TO FORECAST AND PLAN YOUR NETWORK CAPACITY NEEDS

TECH TIPS 4 STEPS TO FORECAST AND PLAN YOUR NETWORK CAPACITY NEEDS 4 STEPS TO FORECAST AND PLAN YOUR NETWORK CAPACITY NEEDS Using SolarWinds Network Performance Monitor One of the most likely causes of network slowdowns is excessive capacity utilization. Network engineers

More information

CLOUD GUARD UNIFIED ENTERPRISE

CLOUD GUARD UNIFIED ENTERPRISE Unified Security Anywhere CLOUD SECURITY CLOUD GUARD UNIFIED ENTERPRISE CLOUD SECURITY UNIFIED CLOUD SECURITY Cloudy with a 90% Chance of Attacks How secure is your cloud computing environment? If you

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

NitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring

NitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring NitroView Unified Security and Compliance Unmatched Speed and Scale Application Data Monitoring Database Monitoring Log Management Content Aware SIEM TM IPS Today s security challenges demand a new approach

More information

Information Technology Solutions

Information Technology Solutions Managed Services Information Technology Solutions A TBG Security Professional Services Offering LET TBG MANAGE YOUR INFRASTRUCTURE WITH CONFIDENCE: TBG S INTEGRATED IT AUTOMATION FRAMEWORK PROVIDES: Computer

More information

WildFire Reporting. WildFire Administrator s Guide 55. Copyright 2007-2015 Palo Alto Networks

WildFire Reporting. WildFire Administrator s Guide 55. Copyright 2007-2015 Palo Alto Networks WildFire Reporting When malware is discovered on your network, it is important to take quick action to prevent spread of the malware to other systems. To ensure immediate alerts to malware discovered on

More information

QRadar SIEM and FireEye MPS Integration

QRadar SIEM and FireEye MPS Integration QRadar SIEM and FireEye MPS Integration March 2014 1 IBM QRadar Security Intelligence Platform Providing actionable intelligence INTELLIGENT Correlation, analysis and massive data reduction AUTOMATED Driving

More information

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks Business white paper Missioncritical defense Creating a coordinated response to application security attacks Table of contents 3 Your business is under persistent attack 4 Respond to those attacks seamlessly

More information

WHITEPAPER. PHD Virtual Monitor: Unmatched Value. of your finances. Unmatched Value for Your Virtual World WWW.PHDVIRTUAL.COM

WHITEPAPER. PHD Virtual Monitor: Unmatched Value. of your finances. Unmatched Value for Your Virtual World WWW.PHDVIRTUAL.COM WHITEPAPER PHD Virtual Monitor: Taking control of your finances. Unmatched Value Unmatched Value for Your Virtual World WWW.PHDVIRTUAL.COM PHD Virtual Monitor: Unmatched Value PHD Virtual Monitor VMTurbo

More information

Secure Software Programming and Vulnerability Analysis

Secure Software Programming and Vulnerability Analysis Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Operations and Denial of Service Secure Software Programming 2 Overview

More information

Security Toolsets for ISP Defense

Security Toolsets for ISP Defense Security Toolsets for ISP Defense Backbone Practices Authored by Timothy A Battles (AT&T IP Network Security) What s our goal? To provide protection against anomalous traffic for our network and it s customers.

More information

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015 NEXPOSE ENTERPRISE METASPLOIT PRO Effective Vulnerability Management and validation March 2015 KEY SECURITY CHALLENGES Common Challenges Organizations Experience Key Security Challenges Visibility gaps

More information

Lecture 02b Cloud Computing II

Lecture 02b Cloud Computing II Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,

More information

FISMA / NIST 800-53 REVISION 3 COMPLIANCE

FISMA / NIST 800-53 REVISION 3 COMPLIANCE Mandated by the Federal Information Security Management Act (FISMA) of 2002, the National Institute of Standards and Technology (NIST) created special publication 800-53 to provide guidelines on security

More information

Driving Company Security is Challenging. Centralized Management Makes it Simple.

Driving Company Security is Challenging. Centralized Management Makes it Simple. Driving Company Security is Challenging. Centralized Management Makes it Simple. Overview - P3 Security Threats, Downtime and High Costs - P3 Threats to Company Security and Profitability - P4 A Revolutionary

More information

Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.

Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds. ENTERPRISE MONITORING & LIFECYCLE MANAGEMENT Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid

More information

IBM Advanced Threat Protection Solution

IBM Advanced Threat Protection Solution IBM Advanced Threat Protection Solution Fabio Panada IBM Security Tech Sales Leader 1 Advanced Threats is one of today s key mega-trends Advanced Threats Sophisticated, targeted attacks designed to gain

More information

Why an Intelligent WAN Solution is Essential for Mission Critical Networks

Why an Intelligent WAN Solution is Essential for Mission Critical Networks Why an Intelligent WAN Solution is Essential for Mission Critical Networks White Paper Series WP100135 Charles Tucker Director of Marketing June 1, 2006 Abstract: Reliable Internet connectivity is now

More information

Signal Customized Helpdesk Course

Signal Customized Helpdesk Course Signal Customized Helpdesk Course This course is a combination of modules taken from two Microsoft Courses: 50311A and 50331A. It is geared toward staff who handle helpdesk calls and troubleshoot end user

More information

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint?

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Why? Focused on Managed Intrusion Security Superior-Architected Hardened Technology Security

More information

PacketTrap One Resource for Managed Services

PacketTrap One Resource for Managed Services Remote Monitoring Software for Managed Services Providers PacketTrap RMM provides a cost-effective way for you to offer enterprise-class server, application, and network management to your customers. It

More information