Incident Response Using Splunk for State and Local Governments
|
|
- Egbert Sullivan
- 8 years ago
- Views:
Transcription
1 Copyright 2013 Splunk Inc. Incident Response Using Splunk for State and Local Governments Bert Hayes Solu=ons Engineer #splunkconf
2 Legal No=ces During the course of this presenta=on, we may make forward- looking statements regarding future events or the expected performance of the company. We cau=on you that such statements reflect our current expecta=ons and es=mates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward- looking statements, please review our filings with the SEC. The forward- looking statements made in this presenta=on are being made as of the =me and date of its live presenta=on. If reviewed aver its live presenta=on, this presenta=on may not contain current or accurate informa=on. We do not assume any obliga=on to update any forward- looking statements we may make. In addi=on, any informa=on about our roadmap outlines our general product direc=on and is subject to change at any =me without no=ce. It is for informa=onal purposes only and shall not, be incorporated into any contract or other commitment. Splunk undertakes no obliga=on either to develop the features or func=onality described or to include any such feature or func=onality in a future release. Splunk, Splunk>, Splunk Storm, Listen to Your Data, SPL and The Engine for Machine Data are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respeccve owners Splunk Inc. All rights reserved. 2
3 Introduc=on
4 About Bert! 15 years experience in Systems Administra=on & Network Security! 10 years experience in IT security for Texas state government Texas Educa=on Agency University of Texas at Aus=n Department of Informa=on Resources Texas Higher Educa=on Coordina=ng Board! 5 years experience using Splunk for IT security 4
5 Agenda! Incident Handling at State.gov! Must- Have Data Sources for Basic Incident Handling! Post- Incident Data Collec=on! Crea=ng a Timeline of File System Meta Data! Did 10e9_SSNs.csv Leak Out?! Sharing with Others 5
6 Incident Handling at State.gov
7 Incident Handling at State.gov! Increased likelihood of storing sensi=ve data! Typically limited resources! Legisla=ve mandates to report security breaches! Internal agency to agency or state to state informa=on sharing 7
8 We discovered, inves=gated and closed an open invita=on to aeackers in less than a few hours. Without Splunk Enterprise, we would not have known the device was compromised for weeks, at best. Kim Munoz IT Manager Nevada DOT 8
9 Splunk has been a tremendous help to the Informa=on Security Office at ERS. We now have the visibility to research malware from the actual point of entry and we can actually see when the user clicks on the malicious link. It s been a great asset in incident response. Victoriano Casas III, MPA CISSP GSLC GSEC Informa=on Security Officer Employee Re=rement System of Texas 9
10 Covering the Bases: Pre- Incident Data Collec=on
11 Pre- Incident Data Collec=on Collect This Now and Always! Firewall logs! HTTP proxy logs! DNS server logs! DHCP server logs! Network flow data! Extra credit for IDS/IPS logs 11
12 Firewall Logs You Keep on Knockin! Sudden increase in outbound DENY events! Sudden increase in inbound DENY events! Unusual des=na=on IPs! Unusual des=na=on ports! Off- Site DNS? 12
13 HTTP Traffic All Your Webs Are Belong to Us! Malicious code used to use Internet Relay Chat (IRC) for Command and Control (C&C) traffic! Modern malware increasingly using HTTP for C&C traffic GET hep:// Data exfiltra=on over HTTP POST hep:// 13
14 14
15 DNS Sever Logs Places Named AVer Numbers! If C&C is not over HTTP, web proxy will not log or block! irc.evil.br! ssl.evil.br! DNS itself as a C&C channel 15
16 DHCP Sever Logs > CA:FE:DE:AD:BE:EF! IP addresses are transient Track an incident by MAC address! Track host s presence on the LAN Disable switch ports! OVen username is presented and requested as hostname! Make sure you re tracking the correct IP based reports over =me 16
17 NetFlow When I Get My Flow, I m Dr. On The Go! Will record Command & Control meta data, regardless of protocol! Will record bytes of data transferred! Use to determine how much data was transferred when, to whom! Correlate against other data sources to determine incident severity 17
18 Post Incident Data Collec=on
19 Data You ll Want AVer an Incident Diving Deeper! Packet capture! RAM dump! Hard drive image! Server logs 19
20 Time Lining File System Meta Data
21 Crea=ng a Timeline of File System Meta Data log2%meline hep://kleinco.com.au/thoughts- events/item/forensic- =meline- splunking 21
22 The Tools The Sleuth Kit Open source digital forensic tools hep:// Wrieen by Brian Carrier hep:// evidence.org/fsfa/ Command line tools hep://wiki.sleuthkit.org/index.php? =tle=tsk_tool_overview Screenshot here Timescanner Front end for log2=meline Wrieen by Kris=nn Gudjonsson 22
23 Crea=ng the Super Timeline 23
24 props.conf 24
25 transforms.conf 25
26 26
27 Did 10e9_SSNs.csv Leak Out?
28 Sensi=ve Data is in Known Loca=on! Searching for post- incident file access is now trivial 28
29 Sensi=ve Data is in Unknown Loca=on! Locate it!! Use SENF! The Sensi=ve Number Finder! heps://senf.security.utexas.edu! It s free! 29
30 30
31 How Severe is the Incident?! Was sensi=ve data accessed?! Correlate file access =mes with network flow, other logs! Evidence that aeack has spread?! Correlate server logs with network flow! No sensi=ve data access? No spread of aeack? BORING REPORT! 31
32 Sharing with Others
33 Sharing with Others! Many state and local governments have Informa=on Sharing and Analysis Centers (ISAC)! Inter- agency informa=on sharing is common! Collect key elements of forensic inves=ga=on into new index Use the collect command! Export key elements of forensic inves=ga=on as raw data 33
34 34
35 35
36 Summary Splunk Enterprise is the Best Tool You Already Have for Incident Handling Begin with established logging and indexing data from network devices and network services Add system forensic =meline and op=onally packet capture analysis post- incident Resul=ng data set can show if and when sensi=ve data was accessed correlated with network ac=vity to determine if data was likely to leak Screenshot here 36
37 Key Takeaway Splunk Enterprise Can Keep Your Name Out of the Papers Incident handling anywhere Incident handling: state & local gov Need to log and monitor network devices and network services Need to determine root cause of incident Need to determine extent of incident Higher likelihood of sensi=ve personal informa=on Need to determine how incident is reported Public en==es leaking sensi=ve data makes BIG HEADLINES More informa=on sharing within and between agencies 37
38 Demo 38
39 Q & A 39
40 Next Steps 1 Download the.conf2013 Mobile App If not iphone, ipad or Android, use the Web App 2 Take the survey & WIN A PASS FOR.CONF2014 Or one of these bags! 3 Check other Security sessions All PPTs are on the Mobile App Recordings will be available aver.conf
41 THANK YOU
Splunk for Networking and SDN
Copyright 2013 Splunk Inc. Splunk for Networking and SDN Stela Udovicic Senior Product Marke?ng Manager, Splunk #splunkconf Legal No?ces During the course of this presenta?on, we may make forward- looking
More informationArchitec;ng Splunk for High Availability and Disaster Recovery
Copyright 2013 Splunk Inc. Architec;ng Splunk for High Availability and Disaster Recovery Dritan Bi;ncka Professional Services #splunkconf Legal No;ces During the course of this presenta;on, we may make
More informationHunk & Elas=c MapReduce: Big Data Analy=cs on AWS
Copyright 2014 Splunk Inc. Hunk & Elas=c MapReduce: Big Data Analy=cs on AWS Dritan Bi=ncka BD Solu=ons Architecture Disclaimer During the course of this presenta=on, we may make forward looking statements
More informationHow To Use Splunk For Android (Windows) With A Mobile App On A Microsoft Tablet (Windows 8) For Free (Windows 7) For A Limited Time (Windows 10) For $99.99) For Two Years (Windows 9
Copyright 2014 Splunk Inc. Splunk for Mobile Intelligence Bill Emme< Director, Solu?ons Marke?ng Panos Papadopoulos Director, Product Management Disclaimer During the course of this presenta?on, we may
More informationStream Deployments in the Real World: Enhance Opera?onal Intelligence Across Applica?on Delivery, IT Ops, Security, and More
Copyright 2015 Splunk Inc. Stream Deployments in the Real World: Enhance Opera?onal Intelligence Across Applica?on Delivery, IT Ops, Security, and More Stela Udovicic Sr. Product Marke?ng Manager Clayton
More informationGain Insight into Your Cloud Usage with the Splunk App for AWS
Copyright 2013 Splunk Inc. Gain Insight into Your Cloud Usage with the Splunk App for AWS Nilesh Khe
More informationArchitec;ng Splunk for High Availability and Disaster Recovery
Copyright 2014 Splunk Inc. Architec;ng Splunk for High Availability and Disaster Recovery Dritan Bi;ncka BD Solu;on Architecture Disclaimer During the course of this presenta;on, we may make forward- looking
More informationMore Comprehensive Digital Intelligence - CorrelaFng Client and Server- side Data
Copyright 2013 Splunk Inc. More Comprehensive Digital Intelligence - CorrelaFng Client and Server- side Data Allan, Mike, Rahul, Sondra #splunkconf About Us! Allan Tomkinson Senior Developer @Lincoln Financial
More informationSplunk Apps for Monitoring Microso< Based Infrastructure
Copyright 2013 Splunk Inc. Splunk Apps for Monitoring Microso< Based Infrastructure Sharad Kylasam Sr. Product Manager Mike Papale So
More informationHow to Leverage Splunk s Security Intelligence PlaKorm for Security OperaNons Environments
Copyright 2013 Splunk Inc. How to Leverage Splunk s Security Intelligence PlaKorm for Security OperaNons Environments Enoch Long Prin Sec Strategist/Client Architect, Splunk(Fed) #splunkconf Legal NoNces
More informationSplunk Enterprise in the Cloud Vision and Roadmap
Copyright 2013 Splunk Inc. Splunk Enterprise in the Cloud Vision and Roadmap Alex Munk PM Cloud #splunkconf Ledio Ago Director of Engineering Cloud Legal NoJces During the course of this presentajon, we
More informationUniversity of Utah WAN Firewall Presenta6on
University of Utah WAN Firewall Presenta6on Raising Awareness of our WAN Firewall Issues This document is for internal University of Utah use only. 4 Key Internet Firewall Ques6ons Who do we serve and
More informationDeployment Best PracHces for Splunk Apps Monitoring MicrosoK- based Infrastructure
Copyright 2013 Splunk Inc. Deployment Best PracHces for Splunk Apps Monitoring MicrosoK- based Infrastructure Sharad Kylasam Sr. Product Manager Jeff Bernt - SDET #splunkconf Legal NoHces During the course
More informationWindows Inputs and MicrosoC Apps Strategy
Copyright 2013 Splunk Inc. Windows Inputs and MicrosoC Apps Strategy Sharad Kylasam Sr. Product Manager #splunkconf Legal NoIces During the course of this presentaion, we may make forward- looking statements
More informationFirewall Firewall August, 2003
Firewall August, 2003 1 Firewall and Access Control This product also serves as an Internet firewall, not only does it provide a natural firewall function (Network Address Translation, NAT), but it also
More informationHosting more than one FortiOS instance on. VLANs. 1. Network topology
Hosting more than one FortiOS instance on a single FortiGate unit using VDOMs and VLANs 1. Network topology Use Virtual domains (VDOMs) to divide the FortiGate unit into two or more virtual instances of
More informationHow to Use Splunk To Detect and Defeat Fraud, TheK And Abuse
Copyright 2015 Splunk Inc. How to Use Splunk To Detect and Defeat Fraud, TheK And Abuse Joe Goldberg Product Marke@ng, Splunk Young Cho Technical Product Marke@ng, Splunk Disclaimer During the course of
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationWorkflow ProducCvity in Splunk Enterprise
Copyright 2013 Splunk Inc. Workflow ProducCvity in Splunk Enterprise Carl Yestrau Sr. So
More informationSophos Ltd. All rights reserved.
Sophos Ltd. All rights reserved. 1 Sophos Approach to Unified Security Integrated Security for Be9er Protec;on James Burchell & Greg Iddon, Sales Engineers UK&I, Technology Services What we re going to
More informationUnified Security, ATP and more
SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users
More informationCSE/ISE 311: Systems Administra5on Network Firewalls
Network Firewalls Don Porter Firewalls: An Essen2al Tool Previous Lectures: Every service on a system visible to the outside world is a poten2al a>ack vector Observa2ons: It is really hard to police every
More informationSavvius Insight Initial Configuration
The configuration utility on Savvius Insight lets you configure device, network, and time settings. Additionally, if you are forwarding your data from Savvius Insight to a Splunk server, You can configure
More informationBENCHMARKING V ISUALIZATION TOOL
Copyright 2014 Splunk Inc. BENCHMARKING V ISUALIZATION TOOL J. Green Computer Scien
More informationChapter 3 Security and Firewall Protection
Chapter 3 Security and Firewall Protection This chapter describes how to use the basic firewall features of the ADSL2+ Modem Router to protect your network. Firewall Settings You can set up the ADSL2+
More informationUsing Splunk to Protect Pa=ent Privacy and Achieve Meaningful Use
Copyright 2014 Splunk Inc. Using Splunk to Protect Pa=ent Privacy and Achieve Meaningful Use Ant Lefebvre ant@midhosp.org Senior Systems Engineer Middlesex Hospital About Middlesex Hospital Complete range
More informationVoIP Security How to prevent eavesdropping on VoIP conversa8ons. Dmitry Dessiatnikov
VoIP Security How to prevent eavesdropping on VoIP conversa8ons Dmitry Dessiatnikov DISCLAIMER All informa8on in this presenta8on is provided for informa8on purposes only and in no event shall Security
More informationAdventures in Bouncerland. Nicholas J. Percoco Sean Schulte Trustwave SpiderLabs
Adventures in Bouncerland Nicholas J. Percoco Sean Schulte Trustwave SpiderLabs Agenda Introduc5ons Our Mo5va5ons What We Knew About Bouncer Research Approach & Process Phase 0 Phase 1 7 Final Test What
More information6.0. Getting Started Guide
6.0 Getting Started Guide Netmon Getting Started Guide 2 Contents Contents... 2 Appliance Installation... 3 IP Address Assignment (Optional)... 3 Logging In For the First Time... 5 Initial Setup... 6 License
More informationCustomer Tips. Configuration and Use of the MeterAssistant Option. for the user. Purpose. Xerox Device Configuration. Xerox Multifunction Devices
Xerox Multifunction Devices Customer Tips June 21, 2006 This document applies to the Xerox products This indicated document in the applies table to below. these For Xerox some products: products, it is
More informationOwner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de
Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de Microsoft Forefront TMG How to use TMG network templates Abstract In this article I will show
More informationSecurity strategies to stay off the Børsen front page
Security strategies to stay off the Børsen front page Steve Durkin, Channel Director for Europe, Q1 Labs, an IBM Company 1 2012 IBM Corporation Given the dynamic nature of the challenge, measuring the
More informationVoIPon www.voipon.co.uk sales@voipon.co.uk Tel: +44 (0)1245 808195 Fax: +44 (0)1245 808299
VoiceGear/3CX Integration Guide Ver.0.1 Page 2 1. OVERVIEW... 3 1.1 SETTING UP 3CX PBX...4 1.2 SETTING UP VOICEGEAR GATEWAY...5 2. VOICEGEAR-3CX SIP INTEGRATION... 6 2.1 3CX CONFIGURATION...7 2.2 VOICEGEAR
More information2010 Carnegie Mellon University. Malware and Malicious Traffic
Malware and Malicious Traffic What We Will Cover Introduction Your Network Fundamentals of networks, flow, and protocols Malicious traffic External Events & Trends Malware Networks in the Broad Working
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationGlobal Partner Management Notice
Global Partner Management Notice Subject: Critical Vulnerabilities Identified to Alert Payment System Participants of Data Compromise Trends Dated: May 4, 2009 Announcement: To support compliance with
More informationHIPAA and Meaningful User Audit Reports Using Splunk
Copyright 2013 Splunk Inc. HIPAA and Meaningful User Audit Reports Using Splunk Ant Lefebvre Senior Systems Engineer, Middlesex Hospital #splunkconf About Middlesex Hospital!! We offer a complete range
More informationNetFlow Analytics for Splunk
NetFlow Analytics for Splunk User Manual Version 3.5.1 September, 2015 Copyright 2012-2015 NetFlow Logic Corporation. All rights reserved. Patents Pending. Contents Introduction... 3 Overview... 3 Installation...
More informationP Principles of Network Forensics P Terms & Log-based Tracing P Application Layer Log Analysis P Lower Layer Log Analysis
Agenda Richard Baskerville P Principles of P Terms & -based Tracing P Application Layer Analysis P Lower Layer Analysis Georgia State University 1 2 Principles Kim, et al (2004) A fuzzy expert system for
More informationMaaS360 Mobile Enterprise Gateway
MaaS360 Mobile Enterprise Gateway Administrator Guide Copyright 2013 Fiberlink Communications Corporation. All rights reserved. Information in this document is subject to change without notice. The software
More informationMaaS360 Mobile Enterprise Gateway
MaaS360 Mobile Enterprise Gateway Administrator Guide Copyright 2014 Fiberlink, an IBM Company. All rights reserved. Information in this document is subject to change without notice. The software described
More informationCentre for the Protection of National Infrastructure Effective Log Management
Centre for the Protection of National Infrastructure Effective Log Management Tom Goldsmith, 2nd April 2014 response@contextis.com Effective Log Management / Contents Contents 1 Executive Summary 5 2 About
More informationEmail/Endpoint Security and More Rondi Jamison
Email/Endpoint Security and More Rondi Jamison Sr. Marke)ng Manager - Enterprise Security Strategy Agenda 1 Why Symantec? 2 Partnership 3 APS2 Packages 4 What s next Copyright 2014 Symantec Corpora)on
More informationWHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform
WHITE PAPER Cloud-Based, Automated Breach Detection The Seculert Platform Table of Contents Introduction 3 Automatic Traffic Log Analysis 4 Elastic Sandbox 5 Botnet Interception 7 Speed and Precision 9
More informationVolume SYSLOG JUNCTION. User s Guide. User s Guide
Volume 1 SYSLOG JUNCTION User s Guide User s Guide SYSLOG JUNCTION USER S GUIDE Introduction I n simple terms, Syslog junction is a log viewer with graphing capabilities. It can receive syslog messages
More informationNetwork/Internet Forensic and Intrusion Log Analysis
Course Introduction Enterprises all over the globe are compromised remotely by malicious hackers each day. Credit card numbers, proprietary information, account usernames and passwords, and a wealth of
More informationNetwork Agent Quick Start
Network Agent Quick Start Topic 50500 Network Agent Quick Start Updated 17-Sep-2013 Applies To: Web Filter, Web Security, Web Security Gateway, and Web Security Gateway Anywhere, v7.7 and 7.8 Websense
More informationOpen Source Security Tool Overview
Open Source Security Tool Overview Presented by Kitch Spicer & Douglas Couch Security Engineers for ITaP 1 Introduction Vulnerability Testing Network Security Passive Network Detection Firewalls Anti-virus/Anti-malware
More informationPalo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats
Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats Executive Summary Palo Alto Networks strategic partnership with Splunk brings the power of our next generation
More information1 You will need the following items to get started:
QUICKSTART GUIDE 1 Getting Started You will need the following items to get started: A desktop or laptop computer Two ethernet cables (one ethernet cable is shipped with the _ Blocker, and you must provide
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Firewall 1 Basic firewall concept Roadmap Filtering firewall Proxy firewall Network Address Translation
More informationAccess the GV-IP Camera through a broadband modem
Access the GV-IP Camera through a broadband modem Applied to All GV-IP Cameras Article ID: GV15-12-03-26 Release Date: 03/26/2012 Introduction The document introduces how to connect your GV-IP Camera to
More informationSecuring the Database Stack
Technical Brief Securing the Database Stack How ScaleArc Benefits the Security Team Introduction Relational databases store some of the world s most valuable information, including financial transactions,
More informationReneaué Railton Sr. Informa2on Security Analyst, Duke Medicine Cyber Defense & Response
Reneaué Railton Sr. Informa2on Security Analyst, Duke Medicine Cyber Defense & Response Incident Response What is the most importance component of an Incident Response Program? Tools? Processes? Governance?
More informationNetworking and the Web
Networking and the Web World- Wide Web Wide use of computers by the general public is directly a7ributable to the crea8on of the World Wide Web Key components of the web Computer Communica8on Networks
More informationArchitecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference
Architecture and Data Flow Overview BlackBerry Enterprise Service 10 721-08877-123 Version: Quick Reference Published: 2013-11-28 SWD-20131128130321045 Contents Key components of BlackBerry Enterprise
More informationDYNAMIC DNS: DATA EXFILTRATION
DYNAMIC DNS: DATA EXFILTRATION RSA Visibility Reconnaissance Weaponization Delivery Exploitation Installation C2 Action WHAT IS DATA EXFILTRATION? One of the most common goals of malicious actors is to
More informationKaseya Fundamentals Workshop DAY THREE. Developed by Kaseya University. Powered by IT Scholars
Kaseya Fundamentals Workshop DAY THREE Developed by Kaseya University Powered by IT Scholars Kaseya Version 6.5 Last updated March, 2014 Day Two Overview Day Two Lab Review Patch Management Configura;on
More informationPasswords are for Chumps
Copyright 2014 Splunk Inc. Passwords are for Chumps David Veuve SE, Splunk Who Am I?! David Veuve Sales Engineer for Major Accounts in Northern California! dveuve@splunk.com! Former Splunk Customer (For
More informationResNet Guide. Information & Learning Services. Here to support your study and research
ResNet Guide Information & Learning Services Here to support your study and research ResNet Quick Start Guide In order to get you on-line and enjoying the service as quickly and as painlessly as possible,
More informationFortKnox Personal Firewall
FortKnox Personal Firewall User Manual Document version 1.4 EN ( 15. 9. 2009 ) Copyright (c) 2007-2009 NETGATE Technologies s.r.o. All rights reserved. This product uses compression library zlib Copyright
More informationUNMASKCONTENT: THE CASE STUDY
DIGITONTO LLC. UNMASKCONTENT: THE CASE STUDY The mystery UnmaskContent.com v1.0 Contents I. CASE 1: Malware Alert... 2 a. Scenario... 2 b. Data Collection... 2 c. Data Aggregation... 3 d. Data Enumeration...
More informationBLOOMBERG ANYWHERE FOR MOBILE CUSTOMERS
BLOOMBERG ANYWHERE FOR MOBILE CUSTOMERS Software & Connectivity Requirements 11 March 2014 Version: 1.03 BLOOMBERG ANYWHERE users have access to their information on a variety of mobile platforms including
More informationNorton Personal Firewall for Macintosh
Norton Personal Firewall for Macintosh Evaluation Guide Firewall Protection for Client Computers Corporate firewalls, while providing an excellent level of security, are not always enough protection for
More informationSoftware and Settings Instructions
SoelTech Automation Inc. Software and Settings Instructions Select the blue disclosure button that is associated with the network name you want to connect the Mobile GDO to (Blue >). It would normally
More informationCisco Catalyst 4948E NetFlow- lite
Cisco Catalyst 4948E NetFlow- lite Applica6on Visibility in Data Center Why Applica+on Visibility in Data Center Efficient Opera+on What applica6ons are consuming bandwidth Who is using them When they
More informationUsing Remote Desktop Software with the LAN-Cell 3
Using Remote Desktop Software with the LAN-Cell 3 Technote LCTN3010 Proxicast, LLC 312 Sunnyfield Drive Suite 200 Glenshaw, PA 15116 1-877-77PROXI 1-877-777-7694 1-412-213-2477 Fax: 1-412-492-9386 E-Mail:
More informationPatching, AlerFng, BYOD and More: Managing Security in the Enterprise with Splunk Enterprise
Copyright 2013 Splunk Inc. Patching, AlerFng, BYOD and More: Managing Security in the Enterprise with Splunk Enterprise Marquis Montgomery, CISSP, SSCP, GSEC Senior Security Architect, CedarCrestone #splunkconf
More informationBlue Coat Security First Steps Solution for Deploying an Explicit Proxy
Blue Coat Security First Steps Solution for Deploying an Explicit Proxy SGOS 6.5 Third Party Copyright Notices 2014 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW,
More informationFirewalls Overview and Best Practices. White Paper
Firewalls Overview and Best Practices White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information use only, does not
More informationBroadband Router ESG-103. User s Guide
Broadband Router ESG-103 User s Guide FCC Warning This equipment has been tested and found to comply with the limits for Class A & Class B digital device, pursuant to Part 15 of the FCC rules. These limits
More informationPresenting Mongoose A New Approach to Traffic Capture (patent pending) presented by Ron McLeod and Ashraf Abu Sharekh January 2013
Presenting Mongoose A New Approach to Traffic Capture (patent pending) presented by Ron McLeod and Ashraf Abu Sharekh January 2013 Outline Genesis - why we built it, where and when did the idea begin Issues
More informationVirtual Managment Appliance Setup Guide
Virtual Managment Appliance Setup Guide 2 Sophos Installing a Virtual Appliance Installing a Virtual Appliance As an alternative to the hardware-based version of the Sophos Web Appliance, you can deploy
More informationBroadband Phone Gateway BPG510 Technical Users Guide
Broadband Phone Gateway BPG510 Technical Users Guide (Firmware version 0.14.1 and later) Revision 1.0 2006, 8x8 Inc. Table of Contents About your Broadband Phone Gateway (BPG510)... 4 Opening the BPG510's
More informationNetwork Security Monitoring
Network Security Monitoring Network Startup Resource Center www.nsrc.org These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)
More informationKevin Hayes, CISSP, CISM MULTIPLY SECURITY EFFECTIVENESS WITH SIEM
Kevin Hayes, CISSP, CISM MULTIPLY SECURITY EFFECTIVENESS WITH SIEM TODAY S AGENDA Describe the need for SIEM Explore different options available for SIEM Demonstrate a few Use Cases Cover some caveats
More informationNetwork Forensics: Log Analysis
Network Forensics: Analysis Richard Baskerville Agenda P Terms & -based Tracing P Application Layer Analysis P Lower Layer Analysis Georgia State University 1 2 Two Important Terms PPromiscuous Mode
More informationARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE
ARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE AGENDA PCI DSS Basics Case Studies of PCI DSS Failure! Common Problems with PCI DSS Compliance
More informationMalicious Network Traffic Analysis
Malicious Network Traffic Analysis Uncover system intrusions by identifying malicious network activity. There are a tremendous amount of network based attacks to be aware of on the internet today and the
More informationthriller INTERNET SECURITY
+ thriller INTERNET SECURITY Saturday, October 31, 2009 1:30 PM 3:00 PM Matthew 28:18-20 Website Ministry + Agenda 2 Scripture (Col 3:12-15) Prayer Internet Security Security Threats Security Protection
More informationChapter 3 LAN Configuration
Chapter 3 LAN Configuration This chapter describes how to configure the advanced LAN features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. This chapter contains the following sections
More informationCYBERCRIMINAL IN BRAZIL SHARES MOBILE CREDIT CARD STORE APP
CYBERCRIMINAL IN BRAZIL SHARES MOBILE CREDIT CARD STORE APP August 2014 RSA agents recently traced a threat actor advertising a mobile credit card store application. The cybercriminal shared the information
More informationDecryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks
Decryption Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
More informationApplication Notes. How to Configure Application Control for the UTM
How to Configure Application Control for the UTM T a b l e o f C o n t e n t s Contents...2 Concepts...3 Components...3 Configuration Steps...4 Configuring Global Mode...4 Configuring Profile Mode...10
More informationUsing Remote Desktop Software with the LAN-Cell
Using Remote Desktop Software with the LAN-Cell Technote LCTN0010 Proxicast, LLC 312 Sunnyfield Drive Suite 200 Glenshaw, PA 15116 1-877-77PROXI 1-877-777-7694 1-412-213-2477 Fax: 1-412-492-9386 E-Mail:
More informationUIP1868P User Interface Guide
UIP1868P User Interface Guide (Firmware version 0.13.4 and later) V1.1 Monday, July 8, 2005 Table of Contents Opening the UIP1868P's Configuration Utility... 3 Connecting to Your Broadband Modem... 4 Setting
More informationThreatSpike Dome: A New Approach To Security Monitoring
ThreatSpike Dome: A New Approach To Security Monitoring 2015 ThreatSpike Labs Limited The problem with SIEM Hacking, insider and advanced persistent threats can be difficult to detect with existing product
More informationLet s talk about assets in QRadar
QRadar Open Mic Webcast #7 January 28, 2015 Let s talk about assets in QRadar Panelists Dwight Spencer Principal Solutions Architect & Co-founder of Q1 Labs Adam Frank Principal Solutions Architect Brad
More informationCSE543 - Computer and Network Security Module: Firewalls
CSE543 - Computer and Network Security Module: Firewalls Professor Trent Jaeger Fall 2010 1 Firewalls A firewall... is a physical barrier inside a building or vehicle, designed to limit the spread of fire,
More informationImplementation of Botcatch for Identifying Bot Infected Hosts
Implementation of Botcatch for Identifying Bot Infected Hosts GRADUATE PROJECT REPORT Submitted to the Faculty of The School of Engineering & Computing Sciences Texas A&M University-Corpus Christi Corpus
More informationWildFire Reporting. WildFire Administrator s Guide 55. Copyright 2007-2015 Palo Alto Networks
WildFire Reporting When malware is discovered on your network, it is important to take quick action to prevent spread of the malware to other systems. To ensure immediate alerts to malware discovered on
More informationA Critical Investigation of Botnet
Global Journal of Computer Science and Technology Network, Web & Security Volume 13 Issue 9 Version 1.0 Year 2013 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals
More informationBest of Breed of an ITIL based IT Monitoring. The System Management strategy of NetEye
Best of Breed of an ITIL based IT Monitoring The System Management strategy of NetEye by Georg Kostner 5/11/2012 1 IT Services and IT Service Management IT Services means provisioning of added value for
More informationMediatrix 4404 Step by Step Configuration Guide June 22, 2011
Mediatrix 4404 Step by Step Configuration Guide June 22, 2011 Proprietary 2011 Media5 Corporation Table of Contents First Steps... 3 Identifying your MAC Address... 3 Identifying your Dynamic IP Address...
More informationProtecting the Infrastructure: Symantec Web Gateway
Protecting the Infrastructure: Symantec Web Gateway 1 Why Symantec for Web Security? Flexibility and Choice Best in class hosted service, appliance, and virtual appliance (upcoming) deployment options
More informationCONTINUOUS MONITORING THE MISSING PIECE TO SECURITY OPERATION (SOC) TODAY
CONTINUOUS MONITORING THE MISSING PIECE TO SECURITY OPERATION (SOC) TODAY MATTHIAS YEO Chief Technology Officer - APAC CISSP, CISA, CISM, PMP 1 OVER REACTING VS UNDER REACTING Reason for the world today
More informationA Guide to New Features in Propalms OneGate 4.0
A Guide to New Features in Propalms OneGate 4.0 Propalms Ltd. Published April 2013 Overview This document covers the new features, enhancements and changes introduced in Propalms OneGate 4.0 Server (previously
More informationCMPT 471 Networking II
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
More informationVirtual Web Appliance Setup Guide
Virtual Web Appliance Setup Guide 2 Sophos Installing a Virtual Appliance Installing a Virtual Appliance This guide describes the procedures for installing a Virtual Web Appliance. If you are installing
More information