Network Flow Analysis. egambit, your defensive cyber-weapon system. You have the players. We have the game.

Similar documents
Endpoint Security - HIPS. egambit, your defensive cyber-weapon system. You have the players. We have the game.

egambit Forensic egambit, your defensive cyber-weapon system. You have the players. We have the game.

egambit Your defensive cyber-weapon system. You have the players. We have the game. TEHTRI-Security

ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.

Network as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats

Cisco IOS Flexible NetFlow Technology

NetFlow Tips and Tricks

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Flow Based Traffic Analysis

NSC E

Cisco Cyber Threat Defense - Visibility and Network Prevention

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Viete, čo robia Vaši užívatelia na sieti? Roman Tuchyňa, CSA

Threat Defense with Full NetFlow

NetFlow Analytics for Splunk

How-To Configure NetFlow v5 & v9 on Cisco Routers

Threat Defense with Full NetFlow

Network Performance Monitoring at Minimal Capex

Securing and Monitoring BYOD Networks using NetFlow

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense

Detecting Threats Via Network Anomalies. Paul Martini Cofounder and CEO iboss Cybersecurity

Plugging Network Security Holes using NetFlow. Loopholes in todays network security solutions and how NetFlow can help

and reporting Slavko Gajin

NetFlow The De Facto Standard for Traffic Analytics

Traffic Analysis With Netflow. The Key to Network Visibility

Cyb T er h Threat D f e ense S l o uti tion Moritz Wenz, Lancope 1

Protecting Critical Infrastructure

Traffic Analysis with Netflow The Key to Network Visibility

WHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT

Networking for Caribbean Development

Extending Network Visibility by Leveraging NetFlow and sflow Technologies

Network/Internet Forensic and Intrusion Log Analysis

Unit 3 Research Project. Eddie S. Jackson. Kaplan University. IT540: Management of Information Security. Kenneth L. Flick, Ph.D.

Analysis of Network Beaconing Activity for Incident Response

BlackRidge Technology Transport Access Control: Overview

SOUTHERN POLYTECHNIC STATE UNIVERSITY. Snort and Wireshark. IT-6873 Lab Manual Exercises. Lucas Varner and Trevor Lewis Fall 2013

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware

Flow Analysis Versus Packet Analysis. What Should You Choose?

DDoS Overview and Incident Response Guide. July 2014

On-Premises DDoS Mitigation for the Enterprise

Enterprise Security Platform for Government

Combating a new generation of cybercriminal with in-depth security monitoring

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

Enabling NetFlow on Virtual Switches ESX Server 3.5

Data Loss Prevention with Platfora Big Data Analytics

Network Service, Systems and Data Communications Monitoring Policy

CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY

Network Security Monitoring

Case Study: Instrumenting a Network for NetFlow Security Visualization Tools

Cisco Prime Virtual Network Analysis Module

plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels

Network Monitoring Tool to Identify Malware Infected Computers

Network Visibility Guide

Network Monitoring as an essential component of IT security

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others

NetFlow: What is it, why and how to use it? Miloš Zeković, ICmyNet Chief Customer Officer Soneco d.o.o.

AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide

Guideline on Firewall

Network Monitoring for Cyber Security

Cheap and efficient anti-ddos solution

Cisco IPS Tuning Overview

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

Netflow Overview. PacNOG 6 Nadi, Fiji

Presenting Mongoose A New Approach to Traffic Capture (patent pending) presented by Ron McLeod and Ashraf Abu Sharekh January 2013

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities

Flow Publisher v1.0 Getting Started Guide. Get started with WhatsUp Flow Publisher.

AlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

Concierge SIEM Reporting Overview

Emerald. Network Collector Version 4.0. Emerald Management Suite IEA Software, Inc.

THE BIG BOOK OF NETWORK FLOWS FOR SECURITY

DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS

RSA Security Analytics

WHAT S ON MY NETWORK? A NETWORK MONITORING AND ANALYSIS TUTORIAL

Cyber Essentials. Test Specification

Unknown threats in Sweden. Study publication August 27, 2014

How to build and use a Honeypot. Ralph Edward Sutton, Jr. DTEC 6873 Section 01

Security Analytics The Beginning of the End(Point)

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

FlowMon. Complete solution for network monitoring and security. INVEA-TECH

Palo Alto Networks. October 6

The Value of Flow Data for Peering Decisions

Cyber Essentials PLUS. Common Test Specification

[state of the internet] / DDoS Reflection Vectors. Threat Advisory: NetBIOS name server, RPC portmap and Sentinel reflection DDoS

Invisible attacks visible in your network. How to see and follow the tracks?

Network Monitoring On Large Networks. Yao Chuan Han (TWCERT/CC)

NetFlow-Lite offers network administrators and engineers the following capabilities:

Enhancing Flow Based Network Monitoring

Transcription:

egambit Network Flow Analysis egambit, your defensive cyber-weapon system. You have the players. We have the game. TEHTRI-Security 2010-2015 www.tehtri-security.com

Network Flow analysis In this document, we will introduce how egambit can help at analyzing network flows: creating live security alerts, and checking post-incident situations with a network time machine engine. Based on egambit version 3.1 September 2015

About network flow analysis - For security reasons, you might sometimes ask yourself questions like who talked to who, when, how, for how long - Hopefully, the NetFlow protocol has tremendous features built for networkers (accounting ), but it can also be used in the IT Security field - NetFlow allows to keep chosen meta data that will be recorded for further analysis thanks to samples made on a regular basis Ø Source IP + Destination IP Ø Source Port + Destination Port Ø Protocol, Timestamp, Size of data

About egambit and NetFlow - egambit can collect the NetFlow datagrams generated by your devices and supporting versions 5, 7 and 9 Ø Routers & Switches: Cisco, Juniper, Nortel Ø Security/FW devices: Cisco ASA, Palo Alto Ø Cloud infrastructures: VMWare ESXi - egambit supports IPv4, IPv6, MPLS, Multicast - egambit can also generates its own NetFlow for you by listening to the traffic caught on dedicated interfaces (mirroring, TAP)

e.g. what are the main services used on a period?

e.g. who were the main talkers? bandwidth usage, exfiltration

e.g. what were the trends? TCP peak at night UDP peak

Live Intrusion Detection - egambit has a live intrusion detection analysis working on any flows caught Ø NetFlow based signatures working on behaviors analysis looking at talkers on the network - Examples Ø Detection of really slow and stealth network scans during hours, and deeply hidden in your network Ø Per customer policies support written to alert when unwanted traffic occurs in specific network area SCADA network with TCP/UDP traffic Webfarm with admin traffic from unusual sources

Live Intrusion Detection Scanning activity automatically detected with NetFlow analysis

Offline Intrusion Analysis time machine on your flows Forensics - egambit allows to conduct network forensic analysis Ø Advanced features through manual research - You can crawl back in the past, like a kind of network time machine on your flows, in order to answer to powerful questions like Ø Who talked to whom, when, how much did they exchanged, what protocols were used, for how long, etc - Example Ø One compromised workstation, controlled by a remote C&C, launched an in-depth scan in your network. With egambit, you will find any dialogs: what was scanned? how big were the exchanges? when did it happened?

Offline Intrusion Analysis time machine on your flows Forensics

Synthesis egambit & Flow Analysis Forensics - Two complementary levels of work Ø Live Intrusion Detection alerts Ø Offline Intrusion Analysis (time machine) - Multiple skills and features added to your security Ø Know your flows and the related trends Ø Improve policies and check compliance Ø Detect unusual and unwanted flows Ø Follow weird behaviors and anomalies Ø Detect hidden scanners, insiders threats Ø Retrieve APT, lateral movements, malwares Ø Increase SOC/CSIRT capacities and speed Ø Ease Forensics and Incident Management

Join us Ready for innovative solutions against cyber threats?

www.tehtri- security.com egambit egambit is a product that can monitor and improve your IT Security against complex threats like cyber-spy or cyber-sabotage activities. This product is realized by the TEHTRI-Security company in FRANCE. It is fully designed and developed near Bordeaux, and Paris as well. Created in 2012, the egambit product has already helped some companies in China, Brazil, USA and Europe against internal and external cyber threats. In 3 years egambit has already caught billions of events related to security issues worldwide, thanks to the tremendous skill and motivation of expert Consultants working on the project with a real Ethical Hacking spirit. 100% of the source code is within TEHTRIS hands, and it was designed with extended security features. egambit is your defensive cyber-weapon system.

egambit Your defensive cyber-weapon system You have the players. We have the game. Let s use egambit in your environment, in order to improve hardening and detection of security issues and incidents.

Follow-up Do not hesitate to contact our team TEHTRI-Security Managed Security Service Provider www.tehtri-security.com egambit Complete defensive weapon system @tehtris www.tehtri-security.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information