Joshua Beeman University Information Security Officer October 17, 2011
|
|
- Julianna Parrish
- 8 years ago
- Views:
Transcription
1 Joshua Beeman University Information Security Officer October 17,
2 June, NPTF Security Presentation on FY 12 InfoSec goals: Two Factor Authentication Levels of Assurance Shibboleth InCommon Network Intrusion Detection Systems 2
3 June, NPTF IDS plan described in June was: Recommended a Border IDS solution and develop the associated project plan Representatives from ISC N&T and Information Security evaluate possible border/core IDS vendor solutions and associated network enhancements or modifications Recommend specific border/core product in written report that includes plan for implementation (including funding requirements). 3
4 Review of IDS Benefits A network intrusion detection system is a critical part of the risk assessment and incident response process. An IDS would enable passive monitoring of campus traffic for the purpose of identifying, reporting and alerting on network based attacks and/or policy violations (i.e., bad traffic) Depending on the implementation, monitoring would include the ability to observe attacks originating from within the organization, as well as from the outside. Would result in better visibility and metrics on quantity of attacks, number of compromised systems, and types of attacks. 4
5 IDS Benefits (continued) Ability to better leverage threat data from trusted sources and peers in support of automated alerting Better reporting should reduce compromises (which should reduce risk and cost) The critical nature of this project and significance for minimizing risk has prompted preliminary review of vendors and services. 5
6 IDS Strategy Strategy is being informed by: Peer review and discussion Product Research (including Gartner) Vendor presentations Product evaluation and testing 6
7 Peer Benchmarking Organization Columbia Dartmouth Yale Brown Using an IDS? Y Y Y Y (local only) If yes, what product and how is it deployed? (at the edge, at the core, selectively on specific subnets or networks, etc) The PAIRS system was developed at Columbia University. It is an anomalybased intrusion detection system. PAIRS operates by processing all NETFLOW data generated at the borders of the University network. This data represents all traffic going into or leaving the University. Tipping Point (signature-based IPS) & Stealth Watch (anomaly IPS), as well as Snort for custom signatures. Snort IDS used for monitoring traffic at the perimeter of campus network. Stealth Watch (Anomaly IPS) used "throughout the network" (presumably this means on local network segments) Currently "targeted" use only: Snort IDS in front of critical assets and subnets. Expanding its use. Are you using any other network based security tools that you feel like mentioning (filtering, firewall, IPS, etc.)? * GULP - GULP was also developed at Columbia University. Used to process all authenticated log information. It correlates with DHCP to tie authenticated logins to campus systmes to an individual computer system. * Blocking netbios, 1443, 1444 * Port anostic bandwidth limits * Noted firewalls are in use, but details not provided Investigating next-generation firewalls (NGFW): They are in the process of installing a Palo Alto layer 7 firewall that also has some IPS capability. "We recently did an eval of a number of products as our Tipping Point and Stealthwatch devices were up for renewal this year. We ended up keeping them both and purchasing the Palo Alto in addition." * Router filters (light filtering) on Yale's Internet routers * internal (data center, departmental) network firewalls, * WebSense web proxy server for "secure" managed workstations. * Blocking netbios and cisco ports * Recently redesigned network using Virtual Routing and Forwarding (VRF), a method of network segregation, and built several security zones. * Investigating Palo Alto (NGFW) * Noted firewalls are in use, but details not provided * Router Access Control Lists at the perimeter. * Juniper Netscreen firewalls at the core. * RSA envision for log collection and analysis. Tippingpoint IPS is sitting in "front" of Snort. "Tried using Tippingpoint IPS as an IDS, and quickly discovered that would not work." Princeton Y McAfee Intrushield (IPS) Snort at the perimeter Duke Y Snort in-between VRF's Harvard Y No details provided No details provided MIT Y No details provided * Currently evaluating firewall solutions Cornell Y No details provided No details provided Virginia Tech Penn Y Snort IDS at border (Previously had ISS Preventia, but dissatisfied). Y (local only Some schools and centers deploying locally. Using Argus as one of the data aggregation tools. Also have access to NetFlow. Purchasing FireEye ("malware protection" system) to install at the border in monitor mode. Currently evaluating StoneSoft for additional border protectio, again in monitor-only mode. Developing segregated network for devices hosting sensitive data (e.g., PII) * Arbor used for capturing campus NetFlow data. * Juniper firewalls individually deployed and managed at the local (building and subnet) level, not at core. 7
8 Product Review Arbor an in-place network monitoring tool that could be expanded to include more IDS like features. SourceFire a commercial solution based on the popular open-source Snort tool. TippingPoint an Intrusion Prevention System (IPS) capable of running in monitor mode 8
9 Arbor PeakFlow SP with TMS (Threat Management System) detects and mitigates threats leveraging our existing Peakflow collectors. Peakflow X is a distributed controller-collector system. It has deep packet inspection and built-in network behavioral analysis for real-time threat identification. 9
10 Arbor Comments/Details: Emphasis placed on preserving availability (e.g., monitoring and prevention of ddos attacks) Tools and data for networking operations as much as information security ISC has prior experience with tool and vendor Some limitations exist in console API being investigated 10
11 SourceFire The Sourcefire 3D System is based on the opensource Snort intrusion detection engine, but is provided as a commercially supported solution. It includes the ability to manage and correlate data from multiple sensors in a single location. 11
12 SourceFire Comments/Details: Powerful signature scripting capabilities in use by many peers, allowing for custom signatures and leveraging peer tools and feeds. The Snort engine is an industry leader for IDS. Central management console, extensibility, additional processing and correlation features, all highly desirable. 12
13 TippingPoint TippingPoint s solutions are designed to provide inline, signature-based, protection from network-based attacks. However, they can be run in monitor-only mode. As more features are added they may be evolving into UTM solutions. Now an HP company. 13
14 TippingPoint Comments/Details: Going with an IPS solution could provide us a leg up if we wanted to implement automated prevention down the road. TippingPoint is an industry leader in this space. Evidence (from the vendor and a peer) seems to indicate that this solution is best deployed in line, increasing complexity and posing risks to network availability. It is not yet clear what impact purchase by HP will have on product. 14
15 Architecture Border versus Core: 4 x 10 Gig at border providing visibility into traffic coming in and out of Penn 10 x 10 Gig (and possibly 100 Gig) at core providing visibility into traffic within Penn 15
16 Looking Ahead Other items on the roadmap: Central logging service Evaluation of Next Generation Firewall (NGFW) and/or UTM solutions. Security Information and Event Management (SIEM) and event correlation Tools and strategies for IPv6 related malware and attacks. 16
17 Final Meeting November 7 (Rate setting) We are doing the complete lines of business analysis to determine what Central Infrastructure Bundle cost would be for baseline and known growth services (NGP, Internet, etc.) FY 12 request was for $5,205,607 from the schools and centers Other monies are received by our full rate customers (ResNet, GreekNet, UPHS, Wistar, etc.) 17
18 November 7 (Rate setting) Determine new initiatives for FY 13 and associated costs Full campus wireless Will seek central funding and not additional Central Service Fee monies, since issue appears to be in public areas-inside and out and administrative and shared buildings Funding model impact-decision delayed until FY 14 Likely 100% headcount model option 18
19 November 7 (Rate setting) Determine new initiatives for FY 13 and associated costs Enhancements to Guest Wireless Network IDS Shibboleth integration work 19
Michael Palladino June 20, 2011
Michael Palladino June 20, 2011 1 Upcoming Meetings July 11 August 15 September 19 October 17 November 7 (Final Rate Setting) All meetings in 337A from 1:30-3:00pm 2 Agenda Two-factor authentication report
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationIntrusion Detection and Intrusion Prevention. Ed Sale VP of Security Pivot Group, LLC
Intrusion Detection and Intrusion Prevention Ed Sale VP of Security Pivot Group, LLC Presentation Goals Describe IDS and IPS Why They Are Important Deployment and Use Major Players The IT Security Camera
More informationJoshua Beeman June 18, 2012
Joshua Beeman June 18, 2012 July 16 August 13 September 17 October 8 October 29 (Final Rate Setting) 2 Security initiatives Prior projects (FY 11 & FY 12) Current initiatives (FY 13) Trends and strategy
More informationGuideline on Firewall
CMSGu2014-02 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Firewall National Computer Board Mauritius Version 1.0 June
More informationKevin Hayes, CISSP, CISM MULTIPLY SECURITY EFFECTIVENESS WITH SIEM
Kevin Hayes, CISSP, CISM MULTIPLY SECURITY EFFECTIVENESS WITH SIEM TODAY S AGENDA Describe the need for SIEM Explore different options available for SIEM Demonstrate a few Use Cases Cover some caveats
More informationEffective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention
Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention Your Security Challenges Defending the Dynamic Network! Dynamic threats 䕬 䕬 䕬 䕬 Many threats
More informationIBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer
IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationJUNOS DDoS SECURE. Advanced DDoS Mitigation Technology
JUNOS DDoS SECURE Advanced DDoS Mitigation Technology Biography Nguyen Tien Duc ntduc@juniper.net, +84 903344505 Consulting Engineer- Viet Nam CISSP # 346725 CISA # 623462 2 Copyright 2013 Juniper Networks,
More informationNext Generation IPS and Reputation Services
Next Generation IPS and Reputation Services Richard Stiennon Chief Research Analyst IT-Harvest 2011 IT-Harvest 1 IPS and Reputation Services REPUTATION IS REQUIRED FOR EFFECTIVE IPS Reputation has become
More informationIntrusion Detection and Prevention System (IDPS) Technology- Network Behavior Analysis System (NBAS)
ISCA Journal of Engineering Sciences ISCA J. Engineering Sci. Intrusion Detection and Prevention System (IDPS) Technology- Network Behavior Analysis System (NBAS) Abstract Tiwari Nitin, Solanki Rajdeep
More informationArchitecture Overview
Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and
More informationNetwork Security Monitoring: Looking Beyond the Network
1 Network Security Monitoring: Looking Beyond the Network Ian R. J. Burke: GCIH, GCFA, EC/SA, CEH, LPT iburke@headwallsecurity.com iburke@middlebury.edu February 8, 2011 2 Abstract Network security monitoring
More informationBridging the gap between COTS tool alerting and raw data analysis
Article Bridging the gap between COTS tool alerting and raw data analysis An article on how the use of metadata in cybersecurity solutions raises the situational awareness of network activity, leading
More informationHow To Manage Sourcefire From A Command Console
Sourcefire TM Sourcefire Capabilities Store up to 100,000,000 security & host events, including packet data Centralized policy & sensor management Centralized audit logging of configuration & security
More informationDMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch
DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)
More informationPassive Logging. Intrusion Detection System (IDS): Software that automates this process
Passive Logging Intrusion Detection: Monitor events, analyze for signs of incidents Look for violations or imminent violations of security policies accepted use policies standard security practices Intrusion
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationRAVEN, Network Security and Health for the Enterprise
RAVEN, Network Security and Health for the Enterprise The Promia RAVEN is a hardened Security Information and Event Management (SIEM) solution further providing network health, and interactive visualizations
More informationNetwork as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats
Network as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats Dragan Novaković Consulting Systems Engineer Security November 2015. New Networks Mean New Security Challenges
More informationCompany Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.
Company Co. Inc. LLC Multiple Minds, Singular Results LAN Domain Network Security Best Practices An integrated approach to securing Company Co. Inc. LLC s network Written and Approved By: Geoff Lacy, Tim
More informationHow To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)
McAfee Security: Intrusion Prevention System REV: 0.1.1 (July 2011) 1 Contents 1. McAfee Network Security Platform...3 2. McAfee Host Intrusion Prevention for Server...4 2.1 Network IPS...4 2.2 Workload
More informationMcAfee Network Security Platform
McAfee Network Security Platform Next Generation Network Security Youssef AGHARMINE, Network Security, McAfee Network is THE Security Battleground Who is behind the data breaches? 81% some form of hacking
More informationAchieving PCI-Compliance through Cyberoam
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
More informationInformation Technology Policy
Information Technology Policy Security Information and Event Management Policy ITP Number Effective Date ITP-SEC021 October 10, 2006 Category Supersedes Recommended Policy Contact Scheduled Review RA-ITCentral@pa.gov
More informationBlind as a Bat? Supporting Packet Decryption for Security Scanning
Sponsored by VSS Monitoring Blind as a Bat? Supporting Packet Decryption for Security Scanning November 2012 A SANS Whitepaper Written by: Dave Shackleford Options for SSL Inspection Page 2 Implementing
More informationRadware s Smart IDS Management. FireProof and Intrusion Detection Systems. Deployment and ROI. North America. International. www.radware.
Radware s Smart IDS Management FireProof and Intrusion Detection Systems Deployment and ROI North America Radware Inc. 575 Corporate Dr. Suite 205 Mahwah, NJ 07430 Tel 888 234 5763 International Radware
More informationSourceFireNext-Generation IPS
D Ů V Ě Ř U J T E S I L N Ý M SourceFireNext-Generation IPS Petr Salač CCNP Security, CCNP, CICSP, CCSI #33835 petr.salac@alefnula.com Our Customers Biggest Security Challenges Maintaining security posture
More informationSplunk: Using Big Data for Cybersecurity
Next Session Begins at 14:40 Splunk: Using Big Data for Cybersecurity Joe Goldberg Splunk Splunk: Using Big Data for Cybersecurity Joseph Goldberg Splunk Advanced Threats in the Headlines Cyber Criminals
More informationService Description DDoS Mitigation Service
Service Description DDoS Mitigation Service Interoute, Walbrook Building, 195 Marsh Wall, London, E14 9SG, UK Tel: +800 4683 7681 Email: info@interoute.com Contents Contents 1 Introduction...3 2 An Overview...3
More informationSymantec Security Information Manager Version 4.7
Version 4.7 Agenda What are the challenges? What is Security Information Manager? How does Security Information Manager work? Why? 2 Security Management Challenges 3 Managing IT Security PREVENT INFORM
More informationEnabling Security Operations with RSA envision. August, 2009
Enabling Security Operations with RSA envision August, 2009 Agenda What is security operations? How does RSA envision help with security operations? How does RSA envision fit with other EMC products? If
More informationINTRUSION DETECTION SYSTEMS and Network Security
INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS
More informationCaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security
CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security 1 Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
More informationHow To Protect Your Virtual Infrastructure From Attack From A Cyber Threat
VMware Integrated Partner Solutions for Networking and Security VMware Integrated Partner Solutions for Security and Compliance VMware vcloud Networking and Security is the leading networking and security
More informationBraindumps.700-295.50.QA
Braindumps.700-295.50.QA Number: 700-295 Passing Score: 800 Time Limit: 120 min File Version: 6.0 http://www.gratisexam.com/ Comprehensive, easy and to the point study material made it possible for me
More informationHow To Make A Network Safer With Stealthwatch
Netzwerkkonzept Informationsveranstaltung am 03.07.2007 Im Bristol Hotel Mainz Thema: Ideen zum Netzwerkdesign - Switching -WLAN - Security - VoIP Datum: 03.07.2007, Seite: 1 Network Behaviour Analysis
More informationSecuring and Monitoring BYOD Networks using NetFlow
Securing and Monitoring BYOD Networks using NetFlow How NetFlow can help with Security Analysis, Application Detection and Traffic Monitoring Don Thomas Jacob Technical Marketing Engineer ManageEngine
More informationIDS : Intrusion Detection System the Survey of Information Security
IDS : Intrusion Detection System the Survey of Information Security Sheetal Thakare 1, Pankaj Ingle 2, Dr. B.B. Meshram 3 1,2 Computer Technology Department, VJTI, Matunga,Mumbai 3 Head Of Computer TechnologyDepartment,
More informationPROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES
PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
More informationNetwork Security Monitoring
Network Security Coleman Kane Coleman.Kane@ge.com September 24, 2014 Cyber Defense Overview Network Security 1 / 23 Passive Passive 2 Alert Alert Passive monitoring analyzes traffic with the intention
More informationHow To Connect Log Files To A Log File On A Network With A Network Device (Network) On A Computer Or Network (Network Or Network) On Your Network (For A Network)
SIEM FOR BEGINNERS EVERYTHING YOU WANTED TO KNOW ABOUT LOG MANAGEMENT BUT WERE AFRAID TO ASK www.alienvault.com A Rose By Any Other Name SLM/LMS, SIM, SEM, SEC, SIEM Although the industry has settled on
More informationUsing SIEM for Real- Time Threat Detection
Using SIEM for Real- Time Threat Detection Presentation to ISSA Baltimore See and secure what matters Joe Magee CTO and Co-Founder March, 27 2013 About us Vigilant helps clients build and operate dynamic,
More informationHow To Sell Security Products To A Network Security Company
Market Segment Definitions Author Joshua Mittler Overview In addition to product testing, NSS Labs quantitatively evaluates market size for each of the product categories tested. NSS provides metrics that
More informationCritical Security Controls
Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security
More informationPravail 2.0 Technical Overview. Exclusive Networks
Pravail 2.0 Technical Overview Exclusive Networks Pravail Features and Benefits Arbor Pravail APS is the a CPE-based security appliance focused on stopping availability threats Arbor Pravail APS Arbor
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationCHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
: INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS 1 FIVE KEY RECOMMENDATIONS During 2014, NTT Group supported response efforts for a variety of incidents. Review of these engagements revealed some observations
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network
More informationDDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION
DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION Stephen Gates Chief Security Evangelist Corero Network Security Session ID: SEC-W04 Session Classification: Intermediate Recent Headlines Are Denial of
More informationSecurely Yours LLC Top Security Topics for 2013. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com
Securely Yours LLC Top Security Topics for 2013 Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps
More informationMetric Matters. Dain Perkins, CISSP Dain.Perkins@gmail.com
Metric Matters Dain Perkins, CISSP Dain.Perkins@gmail.com My Perspective Information security metrics do not show us how we need to improve our defenses Image: http://abcnews.go.com/sports/2014-fifa-world-cup-us-goalie-tim-howard/story?id=24400295
More informationA host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
More informationRunning head: Next Generation Firewalls 1
Running head: Next Generation Firewalls 1 Next Generation Firewalls Rob Cavana East Carolina University ICTN 4040 Enterprise Information Security Dr Phil Lunsford and Mrs. Constance Boahn April 13 th 2015
More informationRequirements When Considering a Next- Generation Firewall
White Paper Requirements When Considering a Next- Generation Firewall What You Will Learn The checklist provided in this document details six must-have capabilities to look for when evaluating a nextgeneration
More informationCisco Remote Management Services for Security
Cisco Remote Management Services for Security Innovation: Many Take Advantage of It, Some Strive for It, Cisco Delivers It. Cisco Remote Management Services (RMS) for Security provide around the clock
More informationNitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring
NitroView Unified Security and Compliance Unmatched Speed and Scale Application Data Monitoring Database Monitoring Log Management Content Aware SIEM TM IPS Today s security challenges demand a new approach
More informationModular Network Security. Tyler Carter, McAfee Network Security
Modular Network Security Tyler Carter, McAfee Network Security Surviving Today s IT Challenges DDos BOTS PCI SOX / J-SOX Data Exfiltration Shady RAT Malware Microsoft Patches Web Attacks No Single Solution
More informationNGFWs will be most effective when working in conjunction with other layers of security controls.
Research Publication Date: 12 October 2009 ID Number: G00171540 Defining the Next-Generation Firewall John Pescatore, Greg Young Firewalls need to evolve to be more proactive in blocking new threats, such
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationEoin Thornton Senior Security Architect Zinopy Security Ltd.
RSA envision: Transform your Security Operations A Technical overview & demo of RSA envision The Information Log Management Platform for Security and Compliance Success Eoin Thornton Senior Security Architect
More informationSTEALTHWATCH MANAGEMENT CONSOLE
STEALTHWATCH MANAGEMENT CONSOLE The System by Lancope is a leading solution for network visibility and security intelligence across physical and virtual environments. With the System, network operations
More informationUsing Palo Alto Networks to Protect the Datacenter
Using Palo Alto Networks to Protect the Datacenter July 2009 Palo Alto Networks 232 East Java Dr. Sunnyvale, CA 94089 Sales 866.207.0077 www.paloaltonetworks.com Table of Contents Introduction... 3 Granular
More informationSmarter Security for Smarter Local Government. Craig Sargent, Solutions Specialist
Smarter Security for Smarter Local Government Craig Sargent, Solutions Specialist SUMMARY 1 Trustwave and SpiderLabs 2 Penetration Testing 3 Web Application Firewall (WAF) 4 Security Information & Event
More informationOpen Source Software for Cyber Operations:
W H I T E P A P E R Open Source Software for Cyber Operations: Delivering Network Security, Flexibility and Interoperability Introduction For the last decade, the use of open source software (OSS) in corporate
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationA Network Design Primer
Network Design Recommendations Recommendations for s to take into account when doing network design to help create a more easily defendable and manageable network K-20 Network Engineering 6/30/15 Network
More informationBUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports
BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports Building a Security Operation Center Agenda: Auditing Your Network Environment Selecting Effective Security
More informationSecure Cloud-Ready Data Centers Juniper Networks
Secure Cloud-Ready Data Centers Juniper Networks JUNIPER SECURITY LEADERSHIP A $1B BUSINESS Market Leadership Data Center with High- End Firewall #1 at 42% Secure Mobility with SSL VPN #1 at 25% Security
More informationIntrusion Detection Systems
Intrusion Detection Systems Advanced Computer Networks 2007 Reinhard Wallner reinhard.wallner@student.tugraz.at Outline Introduction Types of IDS How works an IDS Attacks to IDS Intrusion Prevention Systems
More informationFive Steps For Securing The Data Center: Why Traditional Security May Not Work
White Paper Five Steps For Securing The Data Center: Why Traditional Security May Not Work What You Will Learn Data center administrators face a significant challenge: They need to secure the data center
More informationResponse to Questions CML 15-018 Managed Information Security
Response to Questions CML 15-018 Managed Information Security 1. What are the most critical aspects that need to be provided for this RFP, in light of the comment that multiple awards might be provided?
More informationSecuring data centres: How we are positioned as your ISP provider to prevent online attacks.
Securing data centres: How we are positioned as your ISP provider to prevent online attacks. Executive Summary In today s technologically-demanding world, an organisation that experiences any internet
More informationNETWORK SECURITY (W/LAB) Course Syllabus
6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 NETWORK SECURITY (W/LAB) Course Syllabus Course Number: NTWK-0008 OHLAP Credit: Yes OCAS Code: 8131 Course Length: 130 Hours Career Cluster: Information
More informationNetwork Immunity Solution. Technical White paper. ProCurve Networking
ProCurve Networking Network Immunity Solution Technical White paper Introduction... 2 Current Security Threats... 2 Solutions for Internal Threat Protection... 2 Network Immunity Solution: What It Is and
More informationREVOLUTIONIZE THE WAY YOU VIEW YOUR NETWORK GAIN A UNIFIED VIEW OF SECURITY AND NETWORK OPERATIONS ACROSS PHYSICAL AND VIRTUAL NETWORKS
REVOLUTIONIZE THE WAY YOU VIEW YOUR NETWORK GAIN A UNIFIED VIEW OF SECURITY AND NETWORK OPERATIONS ACROSS PHYSICAL AND VIRTUAL NETWORKS STEALTHWATCH BY LANCOPE Lancope expertly provides flow-based visibility
More informationAssuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices
The Payment Card Industry (PCI) Data Security Standard (DSS) provides an actionable framework for developing a robust payment card data security process. The Payment Application Data Security Standard
More informationEffective Use of Security Event Correlation
Effective Use of Security Event Correlation Mark G. Clancy Chief Information Security Officer The Depository Trust & Clearing Corporation DTCC Non-Confidential (White) About DTCC DTCC provides custody
More informationAbout the Authors. Tom Hogue, Security Solutions Manager, Security Business Group, Cisco
Secure Data Center for Enterprise Threat Management with Passive Mode NextGen IPS Implementation Guide Last Updated: September 16, 2014 About the Authors About the Authors Tom Hogue, Security Solutions
More informationSolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements
SolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements SolarWinds Security Information Management in the Payment Card
More informationJK0 015 CompTIA E2C Security+ (2008 Edition) Exam
JK0 015 CompTIA E2C Security+ (2008 Edition) Exam Version 4.1 QUESTION NO: 1 Which of the following devices would be used to gain access to a secure network without affecting network connectivity? A. Router
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationSecurity Coordination with IF-MAP
Security Coordination with IF-MAP Matt Webster, Lumeta 28 Sept 2010 Copyright 2010 Trusted Computing Group Agenda Threat Landscape and Federal Networks Recap of TNC Explanation of IF-MAP What is IF-MAP?
More informationWHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT
WHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT WHAT S INSIDE: 1. GENERAL INFORMATION 1 2. EXECUTIVE SUMMARY 1 3. BACKGROUND 2 4. QUESTIONS FOR CONSIDERATION
More informationCISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY
CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY CISCO INFORMATION TECHNOLOGY SEPTEMBER 2004 1 Overview Challenge To troubleshoot capacity and quality problems and to understand
More informationPalo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats
Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats Executive Summary Palo Alto Networks strategic partnership with Splunk brings the power of our next generation
More informationWhatWorks in Detecting and Blocking Advanced Threats:
WhatWorks in Detecting and Blocking Advanced Threats: A Real Case Study at a Large Research Organization with WhatWorks is a user-to-user program in which security managers who have implemented effective
More informationSolutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance
White Paper Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance Troy Herrera Sr. Field Solutions Manager Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA
More informationGame changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE
Game changing Technology für Ihre Kunden Thomas Bürgis System Engineering Manager CEE Threats have evolved traditional firewalls & IPS have not Protection centered around ports & protocols Expensive to
More informationLumeta IPsonar. Active Network Discovery, Mapping and Leak Detection for Large Distributed, Highly Complex & Sensitive Enterprise Networks
IPsonar provides visibility into every IP asset, host, node, and connection on the network, performing an active probe and mapping everything that's on the network, resulting in a comprehensive view of
More informationThe Evolution of Information Security at Wayne State University
The Evolution of Information Security at Wayne State University Nathan W. Labadie ab0781@wayne.edu Sr. Systems Security Specialist Wayne State University A Bit of Background Covers mid-2000 to present.
More informationCS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
More informationEXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY
EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY Dean Frye Sourcefire Session ID: SEC-W05 Session Classification: Intermediate Industrialisation of Threat Factories Goal: Glory,
More informationHOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT
HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT The frequency and sophistication of Distributed Denial of Service attacks (DDoS) on the Internet are rapidly increasing. Most of the earliest
More informationHow Cisco IT Protects Against Distributed Denial of Service Attacks
How Cisco IT Protects Against Distributed Denial of Service Attacks Cisco Guard provides added layer of protection for server properties with high business value. Cisco IT Case Study / < Security and VPN
More information