with NetFlow Technology Adam Powers Chief Technology Officer apowers@lancope.com

Similar documents
Maximize Network Visibility with NetFlow Technology. Andy Wilson Senior Systems Engineer Lancope

Network Performance + Security Monitoring

ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.

REVOLUTIONIZE THE WAY YOU VIEW YOUR NETWORK GAIN A UNIFIED VIEW OF SECURITY AND NETWORK OPERATIONS ACROSS PHYSICAL AND VIRTUAL NETWORKS

STEALTHWATCH MANAGEMENT CONSOLE

Cisco IOS Flexible NetFlow Technology

Network Visibility Guide

CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY

Traffic Analysis With Netflow. The Key to Network Visibility

Traffic Analysis with Netflow The Key to Network Visibility

STEALTHWATCH MANAGEMENT CONSOLE

Cisco Cyber Threat Defense - Visibility and Network Prevention

Gaining Operational Efficiencies with the Enterasys S-Series

Wireless Network Analysis. Complete Network Monitoring and Analysis for a/b/g/n

How to Get NetFlow from Cisco 3750s. Joe Buchanan System Engineer Manager

Observer Analyzer Provides In-Depth Management

Overview of NetFlow NetFlow and ITSG-33 Existing Monitoring Tools Network Monitoring and Visibility Challenges Technology of the future Q&A

whitepaper Network Traffic Analysis Using Cisco NetFlow Taking the Guesswork Out of Network Performance Management

Plugging Network Security Holes using NetFlow. Loopholes in todays network security solutions and how NetFlow can help

Best Practices for NetFlow/IPFIX Analysis and Reporting

Love at Second Sight. Written by Drew Robb

INTRUSION DETECTION SYSTEMS and Network Security

NetFlow Tips and Tricks

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

Network Management and Monitoring Software

Cisco ISR Web Security with Cisco ScanSafe

Introduction. The Inherent Unpredictability of IP Networks # $# #

Network as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline

Uncover security risks on your enterprise network

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Network Management. 8.1 Centralized Monitoring, Reporting, and Troubleshooting Monitoring Challenges and Solutions CHAPTER

Modular Network Security. Tyler Carter, McAfee Network Security

and InMon Traffic Sentinel

Best Practices for Securing IP Telephony

Beyond Monitoring Root-Cause Analysis

Real-Time Traffic Engineering Management With Route Analytics

Avaya Diagnostic Server

The Value of QRadar QFlow and QRadar VFlow for Security Intelligence

Intro to NSX. Network Virtualization VMware Inc. All rights reserved.

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

White Paper: Application and network performance alignment to IT best practices

RAVEN, Network Security and Health for the Enterprise

OneSight Voice Quality Assurance

How To Understand The Importance Of Network Forensics

Cisco Network Analysis Module Software 4.0

Unified network traffic monitoring for physical and VMware environments

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

Observer Reporting Server Sample Executive Reports

SLA para aplicaciones en redes WAN. Alvaro Cayo Urrutia

The Business Case for Security Information Management

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why Sorting Solutions? Why ProtectPoint?

The Next Generation Network:

HUNTING ATTACKERS WITH NETWORK AUDIT TRAILS

Observer Probe Family

Traffic Monitoring using sflow

Secure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco

CA Spectrum r Overview. agility made possible

Application Performance Management

PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data

Network Management for Common Topologies How best to use LiveAction for managing WAN and campus networks

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD

Best Practices for Outdoor Wireless Security

Open Source Software for Cyber Operations:

NetFlow: What is it, why and how to use it? Miloš Zeković, ICmyNet Chief Customer Officer Soneco d.o.o.

How To Manage Security On A Networked Computer System

Viete, čo robia Vaši užívatelia na sieti? Roman Tuchyňa, CSA

Cisco Cyber Threat Defense Solution: Delivering Visibility into Stealthy, Advanced Network Threats

Network Security Forensics

Current IBAT Endorsed Services

Enhancing Network Monitoring with Route Analytics

Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)

Mapping to NIST and Exceeding the Standard with StealthWatch

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

Cyb T er h Threat D f e ense S l o uti tion Moritz Wenz, Lancope 1

Wireless Services. The Top Questions to Help You Choose the Right Wireless Solution for Your Business.

Network Performance Monitoring at Minimal Capex

IBM Security QRadar SIEM Product Overview

Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud

The Ecosystem of Computer Networks. Ripe 46 Amsterdam, The Netherlands

White Paper. How to Effectively Provide Safe and Productive Web. Environment for Today's Businesses

Check Point: Sandblast Zero-Day protection

Avaya Diagnostic Server

1. Thwart attacks on your network.

Deploying Firewalls Throughout Your Organization

Network Instruments white paper

Closing Wireless Loopholes for PCI Compliance and Security

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

How Traditional Firewalls Fail Today s Networks And Why Next-Generation Firewalls Will Prevail

Best Practices for Building a Security Operations Center

Transcription:

Maximize Network Visibility with NetFlow Technology Adam Powers Chief Technology Officer apowers@lancope.com www.lancope.com com

Agenda What is NetFlow h Introduction to NetFlow h NetFlow Examples NtFl NetFlow in Action Ati h Network Operations User Case h Security Operations User Case h PCI Compliance and Auditing User Case A Glimpse into the Power of NetFlow h 10+ G Ethernet Environments h Virtual Environments h MPLS and Multi-point VPNs

What is NetFlow? Internet NetFlow Packets NetFlow Fields src and dst IP src and dst port start time end time packet count byte count... StealthWatch Flow Collector

NetFlow vs. Traditional SNMP Monitoring Traditional SNMP NetFlow Reporting

Flow-based Visibility and Drill-down

NetFlow for the Network Team NetFlow Packet flow1 flow2... StealthWatch Flow Collector Network Team Interface utilization Billing and chargeback QOS monitoring BGP ASN monitoring MPLS visibility Application troubleshooting Compliance and Auditing PCI Compliance HIPAA Compliance SCADA Security Sarbanes-Oxley Security Team File sharing Malware outbreak detection Network acceptable use Flow forensics Data loss prevention

NetFlow in Action : Network Operations OldCastle APG Leading North American manufacturer of concrete masonry, lawn, garden and paving products and a regional leader in clay brick 206 Operating locations 7000+ employees Problem No way to visualize who or what ht was causing network slowdowns Internal IT staff using multiple tools in attempts to troubleshoot incidents

NetFlow in Action : Network Operations Solution Combining Cisco NetFlow and Lancope s StealthWatch System for visibility into the who, what, when and where of network traffic Business Results Determine the root cause of network slowdowns in real-time Detect bandwidth and network user violations and tie user identity to rogue activity Unified view of network and security operations h All regional network managers, helpdesk and network/security engineers at Oldcastle APG use StealthWatch to pinpoint the traffic and users associated with network and security issues and expedite problem resolution Gains detailed network performance analysis for capacity planning, helping Oldcastle APG forecast bandwidth upgrades Also helps quickly discover and diffuse virus infections

NetFlow in Action : Network Operations Tony Jaroszewski, Network/Security Engineer for OldCastle APG StealthWatch enables our support team to make strategic decisions about network and security management based on a unified view of network, security and user information across the enterprise. Not only does it provide network performance monitoring to ensure our applications run optimally, StealthWatch also identifies internal and external threats through behavior-based based algorithms.

NetFlow Compliance and Auditing NetFlow Packet flow1 flow2... StealthWatch Flow Collector Network Team Interface utilization Billing and chargeback QOS monitoring BGP ASN monitoring MPLS visibility Application troubleshooting Compliance and Auditing PCI Compliance HIPAA Compliance SCADA Security Sarbanes-Oxley Security Team File sharing Malware outbreak detection Network acceptable use Flow forensics Data loss prevention

NetFlow in Action : PCI Compliance NetFlow facilitates t compliance with PCI DSS Requirements: Verifies actual network communications (1.1.2) Monitors services and ports in use (1.1.5) Determines when accounts are active and what they did during this activity (8.5.6) Audits access to anything on the network and tying activity to an individual user, including administrative accounts (10.1)

NetFlow in Action : PCI Compliance AirTran Airways Fortune 1000 company Geographically dispersed network across the continental US Problem Required improved security and network management across the enterprise in accordance with Payment Card Industry (PCI) requirements Wanted greater network visibility and behavioral intrusion detection Ability to monitor a geographically dispersed network

NetFlow in Action : PCI Compliance Solution StealthWatch identifies who does what when, and provides data to enforce accountability Business Result Immediately upon deployment, StealthWatch provided continuous network monitoring to help AirTran demonstrate network-wide PCI by: Supplying real-time visibility ibilit and awareness of network and host-based behaviors, increasing accountability for introducing network security risks as well as jeopardizing network availability, and tracking, measuring and prioritizing network and host-based risk. Quickly identify and resolve issues related to network behavior or malicious events Monitors WAN activity and performance

NetFlow in Action: PCI Compliance Michelle Stewart, Manager of Data Security, AirTran Airways StealthWatch performed so well during our evaluation that we did not pursue trials with any other NBA products. During testing, StealthWatch t atc demonstrated the ability to detect unauthorized remote access, worm activity and root cause analysis of increases in WAN activity. All of these functions have aided our efforts to demonstrate compliance with the PCI Data Security Standard.

NetFlow for the Security Team NetFlow Packet flow1 flow2... StealthWatch Flow Collector Network Team Interface utilization Billing and chargeback QOS monitoring BGP ASN monitoring MPLS visibility Application troubleshooting Compliance and Auditing PCI Compliance HIPAA Compliance SCADA Security Sarbanes-Oxley Security Team File sharing Malware outbreak detection Network acceptable use Flow forensics Data loss prevention

NetFlow in Action : Security Operations Aurora HealthCare Network Overview Largest private employer in Wisconsin over 27,000 employees 14 Hospitals Over 150 Clinics 200 + Pharmacies Challenge Monitor a widely dispersed network without deploying administratively problematic and financially burdensome individual sensors throughout the network Needed complete visibility of the network from the internal network to the clinics at the edge Monitor for zero-day attacks, viruses, Trojans, etc. Support for HIPAA Compliance

NetFlow in Action : Security Operations Solution Combining NetFlow & StealthWatch System Business Results 100% visibility from core to network edge Reduced time and resources allocated to network security issues Streamlined the remediation process and reduced incident investigation by more than half HIPAA auditing support

NetFlow in Action : Security Operations Dan Lukas, Lead Security Architect : Aurora HealthCare [I can] easily drill down into a clinic s network activity; address bandwidth issues; identify and remediate misconfigured devices; delve into switch levels to pinpoint and mitigate threats. With its ability to locate distributed sniffers, StealthWatch eliminates the need to purchase troubleshooting hardware for significant cost-savings."

Visibility Lost Due to Emerging Tech Emerging network technologies are outpacing traditional network monitoring techniques such as SNMP and SPAN/tap-based technology... 10G Ethernet is so fast few probe technologies can keep up and those that can are too expensive MPLS and multi-point VPNs create a meshed WAN that s expensive to monitor adequately Virtualization hides whole network segments from the network manager s view, making VM2VM communication problems difficult to troubleshoot These issues result in an inability to react to network problems because of a basic lack of.

10G+ Ethernet 10G Ethernet is so fast few probe technologies can keep up and those that can are too expensive traditional Ethernet sensor Where to plug in?

NetFlow in a 10G+ Ethernet Environment 10G Ethernet is so fast few probe technologies can keep up and those that can are extremely expensive StealthWatch Flow Collector

Virtualization Virtualization hides whole network segments from the network manager s view, making VM2VM communication problems difficult to troubleshoot physical network VM1 VM2 VM3 virtual machines VM2VM traditional Ethernet probe physical machine virtual switches

NetFlow in the Virtual Environment VM VM VM virtual machines NF 9 VM2VM virtual switches VM Server StealthWatch Flow Collector *** Cisco Nexus 1000v also supports NetFlow ***

MPLS and Multi-point VPNs MPLS and multi-point VPNs create a meshed WAN that s expensive to monitor adequately traditional Ethernet sensor

MPLS and Multi-point VPNs Fully meshed connectivity circumvents network monitoring deployed at the hub location

MPLS and Multi-point VPNs Full visibility requires a probe at each location throughout the WAN

NetFlow Collection in the WAN Deploy a StealthWatch NetFlow collector at a central location and enable NetFlow at each remote site StealthWatch Flow Collector NetFlow Packet NetFlow Packet

Quick Recap: Network Operations Fully integrated view of network usage, performance, host integrity and user behavior Diagnose Network congestion and provide root cause analysis of the problem causing response time delays Visibility and Metrics for WAN Optimization Real-time and Historical data to facilitate network performance monitoring, capacity planning and resource management Monitor Quality of Service on a per-hop basis throughout the Network

Quick Recap: Security Operations Quickly pinpoint zero-day and unknown threats that bypass perimeter security Identify policy violations, unauthorized activity/applications, misconfigured hosts, and other rogue devices Faster Incident Resolution & detailed Forensic data Detection of DoS/DDoS attacks, Worms, Viruses and Botnets Track and Audit network behavior and access by Individual Hosts

Quick Recap: PCI Compliance and Auditing NetFlow Solutions supply organizations with the means to: Continuously but passively monitoring host behaviors looking for deviations from normal processes Tie individual users to internal network performance problems Tie individual users to the introduction of security risks inside the internal network Implement appropriate Network Controls and Policies Provide for Internal Audit and Risk Assessment

Questions? apowers@lancope.com sales@lancope.com

Thank You Adam Powers Chief Technology Officer apowers@lancope.com www.lancope.com com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information