SlideShare uma empresa Scribd logo

Leverage the Network

Cisco Canada
Cisco Canada

This document discusses how network monitoring can be used to detect and manage threats. It describes Cisco's Stealthwatch solution, which leverages NetFlow data to provide network visibility. Stealthwatch collects and analyzes NetFlow records to generate conversational flow records that provide context about network communications. This enriched flow data can be used to identify anomalies, track indicators of compromise, and monitor for potential insider threats or data exfiltration. The document also outlines how Stealthwatch features like host groups, reports, behavioral analysis and policy monitoring can aid in network security investigations.

Tecnologia
1 de 62
Baixar para ler offline
Cisco Confidential© 2015 Cisco and/or its affiliates. All rights reserved. 1 Leverage the Network to Detect and Manage Threats Matthew Robertson Technical Marketing Engineer May 19, 2016
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 “The world is full of obvious things which nobody by any chance observes.” Sherlock Holmes, The Hound of the Baskervilles
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 5 About this Session: Finding the Insider Threat Monitoring the network interior to find the threats within
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 Insider Threat
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 Stealthwatch About this Session: Finding the Insider Threat Monitoring the network interior to find the threats within
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 NetFlow 10.2.2.2 port 1024 10.1.1.1 port 80 eth0/1 eth0/2 Start Time Interfac e Src IP Src Port Dest IP Dest Port Proto Pkts Sent Bytes Sent SGT DGT TCP Flags 10:20:12.22 1 eth0/1 10.2.2. 2 1024 10.1.1. 1 80 TCP 5 1025 100 1010 SYN,ACK,PSH 10:20:12.87 1 eth0/2 10.1.1. 1 80 10.2.2. 2 1024 TCP 17 28712 1010 100 SYN,ACK,FIN Start Time Interfac e Src IP Src Port Dest IP Dest Port Proto Pkts Sent Bytes Sent SGT DGT TCP Flags 10:20:12.22 1 eth0/1 10.2.2. 2 1024 10.1.1. 1 80 TCP 5 1025 100 1010 SYN,ACK,PSH
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 NetFlow = Visibility Router# show flow monitor CYBER-MONITOR cache … IPV4 SOURCE ADDRESS: 192.168.100.100 IPV4 DESTINATION ADDRESS: 192.168.20.6 TRNS SOURCE PORT: 47321 TRNS DESTINATION PORT: 443 INTERFACE INPUT: Gi0/0/0 FLOW CTS SOURCE GROUP TAG: 100 FLOW CTS DESTINATION GROUP TAG: 1010 IP TOS: 0x00 IP PROTOCOL: 6 ipv4 next hop address: 192.168.20.6 tcp flags: 0x1A interface output: Gi0/1.20 counter bytes: 1482 counter packets: 23 timestamp first: 12:33:53.358 timestamp last: 12:33:53.370 ip dscp: 0x00 ip ttl min: 127 ip ttl max: 127 application name: nbar secure-http … A single NetFlow Record provides a wealth of information
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 NetFlow Deployment Catalyst® 6500 Distribution & Core Catalyst® 4500 ASA ISR Edge ASR Each network layer offers unique NetFlow capabilities Access Catalyst® 3560/3750-X Catalyst® 4500 Catalyst® 3650/3850 Endpoint Anyconnect Network Visibility Module
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 Stealthwatch System Components Cisco Network UDP Director • UDP Packet copier • Forward to multiple collection systems NetFlow Stealthwatch Flow Sensor (VE) • Generate NetFlow data • Additional contextual fields (ex. App, URL, SRT, RTT) Stealthwatch Flow Collector • Collect and analyze • Up to 2000 sources • Up to sustained 240,000 fps Stealthwatch Management Console • Management and reporting • Up to 25 Flow Collectors • Up 6 million fps globally Best Practice: Centralize collection globally
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 NetFlow Collection: Flow Stitching 10.2.2.2 port 1024 10.1.1.1 port 80 eth0/1 eth0/2 Start Time Client IP Client Port Server IP Server Port Proto Client Bytes Client Pkts Server Bytes Server Pkts Client SGT Server SGT Interfaces 10:20:12.221 10.2.2.2 1024 10.1.1.1 80 TCP 1025 5 28712 17 100 1010 eth0/1 eth0/2 Uni-directional flow records Bi-directional: • Conversation flow record • Allows easy visualization and analysis Start Time Interface Src IP Src Port Dest IP Dest Port Proto Pkts Sent Bytes Sent SGT DGT 10:20:12.221 eth0/1 10.2.2.2 1024 10.1.1.1 80 TCP 5 1025 100 1010 10:20:12.871 eth0/2 10.1.1.1 80 10.2.2.2 1024 TCP 17 28712 1010 100
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 NetFlow Collection: De-duplication Start Time Client IP Client Port Server IP Server Port Proto Client Bytes Client Pkts Server Bytes Server Pkts App Client SGT Server SGT Exporter, Interface, Direction, Action 10:20:12.221 10.2.2.2 1024 10.1.1.1 80 TCP 1025 5 28712 17 HTTP 100 1010 Sw1, eth0, in Sw1, eth1, out Sw2, eth0, in Sw2, eth1, out ASA, eth1, in ASA, eth0, out, Permitted ASA eth0, in, Permitted ASA, eth1, out Sw3, eth1, in Sw3, eth0, out Sw1, eth1, in Sw1, eth0, out 10.2.2.2 port 1024 10.1.1.1 port 80 Sw1 Sw2 Sw3 ASA
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 Host Groups • Virtual Container of IP Addresses • User defined • Similar attributes • Model any Process/Application
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 ISE as a Telemetry Source Monitor Mode • Open Mode, Multi-Auth • Unobstructed Access • No impact on productivity • Profiling, posture assessment • Gain Visibility Authenticated Session Table Cisco ISE • Maintain historical session table • Correlate NetFlow to username • Build User-centric reports Stealthwatch Management Console syslog
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 Global Intelligence Stealthwatch Threat Intelligence License • Known C&C Servers • Tor Entrance and Exits
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 Conversational Flow Record Who WhoWhat When How Where • Stitched and de-duplicated • Conversational representation • Highly scalable data collection and compression • Months of data retention More context
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 Conversational Flow Record ISE Telemetry NBAR Applied situational awareness Flow Sensor Geo-IP mapping Threat Intelligence
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 Conversational Flow Record: Exporters Path the flow is taking through the network
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20 NetFlow Analysis with Stealthwatch: Identify additional Indicators of Compromise (IOCs) • Policy & Segmentation • Network Behaviour & Anomaly Detection (NBAD) Better understand / respond to an IOC: • Audit trail of all host-to-host communication Discovery • Identify business critical applications and services across the network
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21 “There is nothing like first hand evidence” Sherlock Holmes, A Study in Scarlett
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 Flow Query Basics – The Flow Table Filter Filter conditions Details More details
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23 Flow Query Basics - Filtering Select host to investigate All flows in which this host was a client or server
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24 Hunting
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 Host groups and reports make it easier to hunt
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26 Types of Host Groups • Inside Hosts: • All Hosts specifically defined as part of the network • By Default – “Catch All” • Outside Hosts • All Hosts not specifically defined as part of the network • Countries – GEO-IP • SLIC Created • Bogon • Command & Control Servers • Tor
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 Inside Host Groups Default Host Groups • Catch All • RFC 1918 Space • By Function • By Location Include public IP space
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28 Host Groups: Parent-Child Relationship Configuration trickles downInformation reports up
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29 Host Groups – Targeted Reporting Geo-IP-based Host Group Summary chart of traffic inbound and outbound from this Host Group
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30 Host Groups – Targeted Reporting Traffic inbound Traffic outbound
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31 Host Groups – Application Report Applications outbound Applications inbound
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32 Concept: Indicator of Compromise IDS/IPS Alert Log analysis (SIEM) Raw flow analysis Outside notification Behavioural analysis Activity monitoring an artifact observed on a network or in operating system that with high confidence indicates a computer intrusion • http://en.wikipedia.org/wiki/Indicator_of_compromise Anomaly detection File hashes IP Addresses
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33 IoC’s from Traffic Analysis Behavioural Analysis: • Leverages knowledge of known bad behaviour • Policy and segmentation Anomaly Detection: • Identify a change from “normal”
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34 Stealthwatch NBAD Model Algorithm Security Event Alarm Track and/or measure behaviour/activity Suspicious behaviour observed or anomaly detected Notification of security event generated
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35 Alarm Categories Each category accrues points.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36 Stealthwatch: Alarms Alarms • Indicate significant behaviour changes and policy violations • Known and unknown attacks generate alarms • Activity that falls outside the baseline, acceptable behaviour or established policies
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37 Behavioural Analysis Leverages knowledge of known bad behaviour Mouse
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38 Segmentation Monitoring Host Groups Relationship Forbidden relationship
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39 Policy Violation: Host Locking Client group Server group Client traffic conditions Server traffic conditions Successful or unsucessful
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40 Policy Violation: Host Locking Communication in violation of policy • Active alarm monitoring adherence to policy
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41 Policy Violation: Custom Security Events Custom event triggers on traffic condition Source Tag Destination Tag Rule name and description Object conditions Peer conditions Connection conditions
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42 Policy Violation: Custom Security Events Alarm dashboard showing all Policy alarms Details of “Employee to Productions Servers” alarm occurrences
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43 Anomaly Detection Identify a change from “normal” Suit?
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44 Example Alarm Category: Concern Index Concern Index: Track hosts that appear to compromising network integrity 66 different algorithms as of v6.7.1.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45 High Concern Index Baseline deviated by 2,432%!
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46 Identifying Internal Reconnaissance from CI Scanning on TCP-445 across multiple subnets Concern Index Events
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47 Example Event: Suspect Quiet Long Flow An IP communication between an Inside and Outside host (with traffic in both directions) that exceeds the “Seconds required to qualify a flow as long” duration and is suspiciously small Default Policy
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48 Watching for Data Theft Data Exfiltration • Identify suspect movement from Inside Network to Outside • Single or multiple destinations from a single source • Policy and behavioral
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49 Data Hoarding Suspect Data Hoarding: • Unusually large amount of data inbound from other hosts Target Data Hoarding: • Unusually large amount of data outbound from a host to multiple hosts
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50 Suspect Data Hoarding Data Hoarding • Unusually large amount of data inbound to a host from other hosts • Policy and behavioral
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51 “The Science of Deduction.” Chapter 1: The Sign of the Four
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52 The Science of Deduction Gathering Evidence Data Element What did they get? When did they get it? Where did they go? Are they still here? Who is they? IOC
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53 Investigating a Host Host report for 10.201.3.59 Behavior alarms Quick view of host group communication Summary information
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54 Investigating: Host Drilldown User information Applications
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 55 Investigating: Applications A lot of applications. Some suspicious!
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 56 Investigating: Audit Trails Network behavior retroactively analyzed
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57 It Could Start with a User … Alarms Devices and Sessions Active Directory Details Username View Flows
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58 Adaptive Network Control Quarantine/Unquarantine via pxGrid Identity Services Engine Stealthwatch Management Console
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 59 Key Takeaways Insider threats are operating on the network interior Threat detection and response requires visibility and context into network traffic NetFlow and the Cisco Stealthwatch System provide actionable security intelligence
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 60
Thank you.
Leverage the Network

Recomendados

Cisco Connect Vancouver 2017 - Gain insight and programmability with Cisco DC...
Cisco Connect Vancouver 2017 - Gain insight and programmability with Cisco DC...Cisco Connect Vancouver 2017 - Gain insight and programmability with Cisco DC...
Cisco Connect Vancouver 2017 - Gain insight and programmability with Cisco DC...Cisco Canada
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data CenterCisco Canada
 
Cisco connect winnipeg 2018 putting firepower into the next generation fire...
Cisco connect winnipeg 2018 putting firepower into the next generation fire...Cisco connect winnipeg 2018 putting firepower into the next generation fire...
Cisco connect winnipeg 2018 putting firepower into the next generation fire...Cisco Canada
 
Network Function Virtualization (NFV) using IOS-XR
Network Function Virtualization (NFV) using IOS-XRNetwork Function Virtualization (NFV) using IOS-XR
Network Function Virtualization (NFV) using IOS-XRCisco Canada
 
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...Cisco Canada
 
Cisco Connect Toronto 2017 - UCS and Hyperflex update
Cisco Connect Toronto 2017 - UCS and Hyperflex updateCisco Connect Toronto 2017 - UCS and Hyperflex update
Cisco Connect Toronto 2017 - UCS and Hyperflex updateCisco Canada
 
Cisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WAN
Cisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WANCisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WAN
Cisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WANCisco Canada
 
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:Cisco Canada
 

Recomendados

Cisco Connect Vancouver 2017 - Gain insight and programmability with Cisco DC...
Cisco Connect Vancouver 2017 - Gain insight and programmability with Cisco DC...Cisco Connect Vancouver 2017 - Gain insight and programmability with Cisco DC...
Cisco Connect Vancouver 2017 - Gain insight and programmability with Cisco DC...Cisco Canada
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data CenterCisco Canada
 
Cisco connect winnipeg 2018 putting firepower into the next generation fire...
Cisco connect winnipeg 2018 putting firepower into the next generation fire...Cisco connect winnipeg 2018 putting firepower into the next generation fire...
Cisco connect winnipeg 2018 putting firepower into the next generation fire...Cisco Canada
 
Network Function Virtualization (NFV) using IOS-XR
Network Function Virtualization (NFV) using IOS-XRNetwork Function Virtualization (NFV) using IOS-XR
Network Function Virtualization (NFV) using IOS-XRCisco Canada
 
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...Cisco Canada
 
Cisco Connect Toronto 2017 - UCS and Hyperflex update
Cisco Connect Toronto 2017 - UCS and Hyperflex updateCisco Connect Toronto 2017 - UCS and Hyperflex update
Cisco Connect Toronto 2017 - UCS and Hyperflex updateCisco Canada
 
Cisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WAN
Cisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WANCisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WAN
Cisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WANCisco Canada
 
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:Cisco Canada
 
Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with ViptelaUnderstanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with ViptelaCisco Canada
 
Cisco Connect Toronto 2017 - Your time is now
Cisco Connect Toronto 2017 - Your time is nowCisco Connect Toronto 2017 - Your time is now
Cisco Connect Toronto 2017 - Your time is nowCisco Canada
 
Gain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC NetworkingGain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC NetworkingCisco Canada
 
Hosted Security as a Service - Solution Architecture Design
Hosted Security as a Service - Solution Architecture DesignHosted Security as a Service - Solution Architecture Design
Hosted Security as a Service - Solution Architecture DesignCisco Canada
 
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi ExperienceCisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi ExperienceCisco Canada
 
TechWiseTV Workshop: Software-Defined Access
TechWiseTV Workshop: Software-Defined AccessTechWiseTV Workshop: Software-Defined Access
TechWiseTV Workshop: Software-Defined AccessRobb Boyd
 
Putting Firepower into the Next Generation Firewall
Putting Firepower into the Next Generation FirewallPutting Firepower into the Next Generation Firewall
Putting Firepower into the Next Generation FirewallCisco Canada
 
Putting firepower into the next generation firewall
Putting firepower into the next generation firewallPutting firepower into the next generation firewall
Putting firepower into the next generation firewallCisco Canada
 
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation FirewallCisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation FirewallCisco Canada
 
Model driven telemetry
Model driven telemetryModel driven telemetry
Model driven telemetryCisco Canada
 
Innovations in the Enterprise Routing & Switching Space
Innovations in the Enterprise Routing & Switching SpaceInnovations in the Enterprise Routing & Switching Space
Innovations in the Enterprise Routing & Switching SpaceCisco Canada
 
Cisco Connect Toronto 2017 - Introducing the Network Intuitive
Cisco Connect Toronto 2017 - Introducing the Network IntuitiveCisco Connect Toronto 2017 - Introducing the Network Intuitive
Cisco Connect Toronto 2017 - Introducing the Network IntuitiveCisco Canada
 
Cisco Connect Halifax 2018 Putting firepower into the next generation firewall
Cisco Connect Halifax 2018 Putting firepower into the next generation firewallCisco Connect Halifax 2018 Putting firepower into the next generation firewall
Cisco Connect Halifax 2018 Putting firepower into the next generation firewallCisco Canada
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallCisco Canada
 
Cisco Intelligent Branch - Enabling the Next Generation Branch
Cisco Intelligent Branch - Enabling the Next Generation BranchCisco Intelligent Branch - Enabling the Next Generation Branch
Cisco Intelligent Branch - Enabling the Next Generation BranchCisco Canada
 
Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsCisco Canada
 
Optimizing your client's wi fi experience
Optimizing your client's wi fi experience Optimizing your client's wi fi experience
Optimizing your client's wi fi experience Cisco Canada
 
Cisco Connect Toronto 2018 dc-aci-anywhere
Cisco Connect Toronto 2018 dc-aci-anywhereCisco Connect Toronto 2018 dc-aci-anywhere
Cisco Connect Toronto 2018 dc-aci-anywhereCisco Canada
 
Meraki Cloud Networking Workshop
Meraki Cloud Networking WorkshopMeraki Cloud Networking Workshop
Meraki Cloud Networking WorkshopCisco Canada
 
Cisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUI
Cisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUICisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUI
Cisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUICisco Canada
 
Directorate of indian army veterans
Directorate of indian army veteransDirectorate of indian army veterans
Directorate of indian army veteransCol Mukteshwar Prasad
 
Soal praktek
Soal praktekSoal praktek
Soal praktekredohsoniman
 

Mais conteúdo relacionado

Mais procurados

Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with ViptelaUnderstanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with ViptelaCisco Canada
 
Cisco Connect Toronto 2017 - Your time is now
Cisco Connect Toronto 2017 - Your time is nowCisco Connect Toronto 2017 - Your time is now
Cisco Connect Toronto 2017 - Your time is nowCisco Canada
 
Gain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC NetworkingGain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC NetworkingCisco Canada
 
Hosted Security as a Service - Solution Architecture Design
Hosted Security as a Service - Solution Architecture DesignHosted Security as a Service - Solution Architecture Design
Hosted Security as a Service - Solution Architecture DesignCisco Canada
 
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi ExperienceCisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi ExperienceCisco Canada
 
TechWiseTV Workshop: Software-Defined Access
TechWiseTV Workshop: Software-Defined AccessTechWiseTV Workshop: Software-Defined Access
TechWiseTV Workshop: Software-Defined AccessRobb Boyd
 
Putting Firepower into the Next Generation Firewall
Putting Firepower into the Next Generation FirewallPutting Firepower into the Next Generation Firewall
Putting Firepower into the Next Generation FirewallCisco Canada
 
Putting firepower into the next generation firewall
Putting firepower into the next generation firewallPutting firepower into the next generation firewall
Putting firepower into the next generation firewallCisco Canada
 
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation FirewallCisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation FirewallCisco Canada
 
Model driven telemetry
Model driven telemetryModel driven telemetry
Model driven telemetryCisco Canada
 
Innovations in the Enterprise Routing & Switching Space
Innovations in the Enterprise Routing & Switching SpaceInnovations in the Enterprise Routing & Switching Space
Innovations in the Enterprise Routing & Switching SpaceCisco Canada
 
Cisco Connect Toronto 2017 - Introducing the Network Intuitive
Cisco Connect Toronto 2017 - Introducing the Network IntuitiveCisco Connect Toronto 2017 - Introducing the Network Intuitive
Cisco Connect Toronto 2017 - Introducing the Network IntuitiveCisco Canada
 
Cisco Connect Halifax 2018 Putting firepower into the next generation firewall
Cisco Connect Halifax 2018 Putting firepower into the next generation firewallCisco Connect Halifax 2018 Putting firepower into the next generation firewall
Cisco Connect Halifax 2018 Putting firepower into the next generation firewallCisco Canada
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallCisco Canada
 
Cisco Intelligent Branch - Enabling the Next Generation Branch
Cisco Intelligent Branch - Enabling the Next Generation BranchCisco Intelligent Branch - Enabling the Next Generation Branch
Cisco Intelligent Branch - Enabling the Next Generation BranchCisco Canada
 
Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsCisco Canada
 
Optimizing your client's wi fi experience
Optimizing your client's wi fi experience Optimizing your client's wi fi experience
Optimizing your client's wi fi experience Cisco Canada
 
Cisco Connect Toronto 2018 dc-aci-anywhere
Cisco Connect Toronto 2018 dc-aci-anywhereCisco Connect Toronto 2018 dc-aci-anywhere
Cisco Connect Toronto 2018 dc-aci-anywhereCisco Canada
 
Meraki Cloud Networking Workshop
Meraki Cloud Networking WorkshopMeraki Cloud Networking Workshop
Meraki Cloud Networking WorkshopCisco Canada
 
Cisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUI
Cisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUICisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUI
Cisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUICisco Canada
 

Mais procurados (20)

Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with ViptelaUnderstanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
 
Cisco Connect Toronto 2017 - Your time is now
Cisco Connect Toronto 2017 - Your time is nowCisco Connect Toronto 2017 - Your time is now
Cisco Connect Toronto 2017 - Your time is now
 
Gain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC NetworkingGain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC Networking
 
Hosted Security as a Service - Solution Architecture Design
Hosted Security as a Service - Solution Architecture DesignHosted Security as a Service - Solution Architecture Design
Hosted Security as a Service - Solution Architecture Design
 
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi ExperienceCisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience
 
TechWiseTV Workshop: Software-Defined Access
TechWiseTV Workshop: Software-Defined AccessTechWiseTV Workshop: Software-Defined Access
TechWiseTV Workshop: Software-Defined Access
 
Putting Firepower into the Next Generation Firewall
Putting Firepower into the Next Generation FirewallPutting Firepower into the Next Generation Firewall
Putting Firepower into the Next Generation Firewall
 
Putting firepower into the next generation firewall
Putting firepower into the next generation firewallPutting firepower into the next generation firewall
Putting firepower into the next generation firewall
 
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation FirewallCisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
 
Model driven telemetry
Model driven telemetryModel driven telemetry
Model driven telemetry
 
Innovations in the Enterprise Routing & Switching Space
Innovations in the Enterprise Routing & Switching SpaceInnovations in the Enterprise Routing & Switching Space
Innovations in the Enterprise Routing & Switching Space
 
Cisco Connect Toronto 2017 - Introducing the Network Intuitive
Cisco Connect Toronto 2017 - Introducing the Network IntuitiveCisco Connect Toronto 2017 - Introducing the Network Intuitive
Cisco Connect Toronto 2017 - Introducing the Network Intuitive
 
Cisco Connect Halifax 2018 Putting firepower into the next generation firewall
Cisco Connect Halifax 2018 Putting firepower into the next generation firewallCisco Connect Halifax 2018 Putting firepower into the next generation firewall
Cisco Connect Halifax 2018 Putting firepower into the next generation firewall
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation Firewall
 
Cisco Intelligent Branch - Enabling the Next Generation Branch
Cisco Intelligent Branch - Enabling the Next Generation BranchCisco Intelligent Branch - Enabling the Next Generation Branch
Cisco Intelligent Branch - Enabling the Next Generation Branch
 
Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced Threats
 
Optimizing your client's wi fi experience
Optimizing your client's wi fi experience Optimizing your client's wi fi experience
Optimizing your client's wi fi experience
 
Cisco Connect Toronto 2018 dc-aci-anywhere
Cisco Connect Toronto 2018 dc-aci-anywhereCisco Connect Toronto 2018 dc-aci-anywhere
Cisco Connect Toronto 2018 dc-aci-anywhere
 
Meraki Cloud Networking Workshop
Meraki Cloud Networking WorkshopMeraki Cloud Networking Workshop
Meraki Cloud Networking Workshop
 
Cisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUI
Cisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUICisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUI
Cisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUI
 

Destaque

Notiplastic Octubre 2015
Notiplastic Octubre 2015Notiplastic Octubre 2015
Notiplastic Octubre 2015avipla
 
Does the national curriculum influence teaching ESERA 2015
Does the national curriculum influence teaching ESERA 2015Does the national curriculum influence teaching ESERA 2015
Does the national curriculum influence teaching ESERA 2015Svava Pétursdóttir
 
Dr Petros Lameras - Stipulating innovation in stem learning and teaching with...
Dr Petros Lameras - Stipulating innovation in stem learning and teaching with...Dr Petros Lameras - Stipulating innovation in stem learning and teaching with...
Dr Petros Lameras - Stipulating innovation in stem learning and teaching with...Inspiring Science Education
 

Destaque (9)

Directorate of indian army veterans
Directorate of indian army veteransDirectorate of indian army veterans
Directorate of indian army veterans
 
Soal praktek
Soal praktekSoal praktek
Soal praktek
 
Hernandez isaac persona
Hernandez isaac personaHernandez isaac persona
Hernandez isaac persona
 
Notiplastic Octubre 2015
Notiplastic Octubre 2015Notiplastic Octubre 2015
Notiplastic Octubre 2015
 
Does the national curriculum influence teaching ESERA 2015
Does the national curriculum influence teaching ESERA 2015Does the national curriculum influence teaching ESERA 2015
Does the national curriculum influence teaching ESERA 2015
 
integrales definidas
integrales definidasintegrales definidas
integrales definidas
 
Dr Petros Lameras - Stipulating innovation in stem learning and teaching with...
Dr Petros Lameras - Stipulating innovation in stem learning and teaching with...Dr Petros Lameras - Stipulating innovation in stem learning and teaching with...
Dr Petros Lameras - Stipulating innovation in stem learning and teaching with...
 
2-_RESUME
2-_RESUME2-_RESUME
2-_RESUME
 
Unitec campus marina
Unitec campus marinaUnitec campus marina
Unitec campus marina
 

Semelhante a Leverage the Network

[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect
[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect
[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connectNur Shiqim Chok
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecRobb Boyd
 
CCNA_RSE_Chp10.pptx
CCNA_RSE_Chp10.pptxCCNA_RSE_Chp10.pptx
CCNA_RSE_Chp10.pptxHugoGamez7
 
Cisco Digital Network Architecture Deeper Dive From The Gates To The Gui
Cisco Digital Network Architecture Deeper Dive From The Gates To The GuiCisco Digital Network Architecture Deeper Dive From The Gates To The Gui
Cisco Digital Network Architecture Deeper Dive From The Gates To The GuiCisco Canada
 
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...PROIDEA
 
Cisco Connect Vancouver 2017 - Cisco's Digital Network Architecture - deeper ...
Cisco Connect Vancouver 2017 - Cisco's Digital Network Architecture - deeper ...Cisco Connect Vancouver 2017 - Cisco's Digital Network Architecture - deeper ...
Cisco Connect Vancouver 2017 - Cisco's Digital Network Architecture - deeper ...Cisco Canada
 
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation SecurityBGA Cyber Security
 
04 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch504 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch5Babaa Naya
 
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...Positive Hack Days
 
Cisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper diveCisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper diveCisco Canada
 
DEVNET-1190 Targeted Threat (APT) Defense for Hosted Applications
DEVNET-1190 Targeted Threat (APT) Defense for Hosted ApplicationsDEVNET-1190 Targeted Threat (APT) Defense for Hosted Applications
DEVNET-1190 Targeted Threat (APT) Defense for Hosted ApplicationsCisco DevNet
 
Secure collab on prem hikmat
Secure collab on prem hikmatSecure collab on prem hikmat
Secure collab on prem hikmatCisco Canada
 
Secure collab on premise
Secure collab on premiseSecure collab on premise
Secure collab on premiseCisco Canada
 
Поиск и устранение неисправностей в вычислительной системе Cisco UCS
Поиск и устранение неисправностей в вычислительной системе Cisco UCSПоиск и устранение неисправностей в вычислительной системе Cisco UCS
Поиск и устранение неисправностей в вычислительной системе Cisco UCSCisco Russia
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
 
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...Cisco Canada
 
Leverage the Network to Detect and Manage Threats
Leverage the Network to Detect and Manage ThreatsLeverage the Network to Detect and Manage Threats
Leverage the Network to Detect and Manage ThreatsCisco Canada
 
Firepower ngfw internet
Firepower ngfw internetFirepower ngfw internet
Firepower ngfw internetRony Melo
 

Semelhante a Leverage the Network (20)

[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect
[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect
[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSec
 
CCNA_RSE_Chp10.pptx
CCNA_RSE_Chp10.pptxCCNA_RSE_Chp10.pptx
CCNA_RSE_Chp10.pptx
 
ACI Hands-on Lab
ACI Hands-on LabACI Hands-on Lab
ACI Hands-on Lab
 
Cisco Digital Network Architecture Deeper Dive From The Gates To The Gui
Cisco Digital Network Architecture Deeper Dive From The Gates To The GuiCisco Digital Network Architecture Deeper Dive From The Gates To The Gui
Cisco Digital Network Architecture Deeper Dive From The Gates To The Gui
 
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
 
Cisco Connect Vancouver 2017 - Cisco's Digital Network Architecture - deeper ...
Cisco Connect Vancouver 2017 - Cisco's Digital Network Architecture - deeper ...Cisco Connect Vancouver 2017 - Cisco's Digital Network Architecture - deeper ...
Cisco Connect Vancouver 2017 - Cisco's Digital Network Architecture - deeper ...
 
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
 
04 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch504 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch5
 
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...
 
Cisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper diveCisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper dive
 
DEVNET-1190 Targeted Threat (APT) Defense for Hosted Applications
DEVNET-1190 Targeted Threat (APT) Defense for Hosted ApplicationsDEVNET-1190 Targeted Threat (APT) Defense for Hosted Applications
DEVNET-1190 Targeted Threat (APT) Defense for Hosted Applications
 
Basic Network Security_Primer
Basic Network Security_PrimerBasic Network Security_Primer
Basic Network Security_Primer
 
Secure collab on prem hikmat
Secure collab on prem hikmatSecure collab on prem hikmat
Secure collab on prem hikmat
 
Secure collab on premise
Secure collab on premiseSecure collab on premise
Secure collab on premise
 
Поиск и устранение неисправностей в вычислительной системе Cisco UCS
Поиск и устранение неисправностей в вычислительной системе Cisco UCSПоиск и устранение неисправностей в вычислительной системе Cisco UCS
Поиск и устранение неисправностей в вычислительной системе Cisco UCS
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin Nystrom
 
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
 
Leverage the Network to Detect and Manage Threats
Leverage the Network to Detect and Manage ThreatsLeverage the Network to Detect and Manage Threats
Leverage the Network to Detect and Manage Threats
 
Firepower ngfw internet
Firepower ngfw internetFirepower ngfw internet
Firepower ngfw internet
 

Mais de Cisco Canada

Cisco connect montreal 2018 net devops
Cisco connect montreal 2018 net devopsCisco connect montreal 2018 net devops
Cisco connect montreal 2018 net devopsCisco Canada
 
Cisco connect montreal 2018 iot demo kinetic fr
Cisco connect montreal 2018 iot demo kinetic frCisco connect montreal 2018 iot demo kinetic fr
Cisco connect montreal 2018 iot demo kinetic frCisco Canada
 
Cisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal VirtualizationCisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal VirtualizationCisco Canada
 
Cisco connect montreal 2018 secure dc
Cisco connect montreal 2018 secure dcCisco connect montreal 2018 secure dc
Cisco connect montreal 2018 secure dcCisco Canada
 
Cisco connect montreal 2018 enterprise networks - say goodbye to vla ns
Cisco connect montreal 2018 enterprise networks - say goodbye to vla nsCisco connect montreal 2018 enterprise networks - say goodbye to vla ns
Cisco connect montreal 2018 enterprise networks - say goodbye to vla nsCisco Canada
 
Cisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse localeCisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse localeCisco Canada
 
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec CiscoCisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec CiscoCisco Canada
 
Cisco connect montreal 2018 collaboration les services webex hybrides
Cisco connect montreal 2018 collaboration les services webex hybridesCisco connect montreal 2018 collaboration les services webex hybrides
Cisco connect montreal 2018 collaboration les services webex hybridesCisco Canada
 
Integration cisco et microsoft connect montreal 2018
Integration cisco et microsoft connect montreal 2018Integration cisco et microsoft connect montreal 2018
Integration cisco et microsoft connect montreal 2018Cisco Canada
 
Cisco connect montreal 2018 compute v final
Cisco connect montreal 2018 compute v finalCisco connect montreal 2018 compute v final
Cisco connect montreal 2018 compute v finalCisco Canada
 
Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco connect montreal 2018 saalvare md-program-xr-v2Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco connect montreal 2018 saalvare md-program-xr-v2Cisco Canada
 
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco Canada
 
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...Cisco Canada
 
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kineticCisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kineticCisco Canada
 
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...Cisco Canada
 
Cisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018 DevNet OverviewCisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018 DevNet OverviewCisco Canada
 
Cisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assuranceCisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assuranceCisco Canada
 
Cisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018 network-slicingCisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018 network-slicingCisco Canada
 
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Canada
 
Cisco Connect Toronto 2018 sixty to zero
Cisco Connect Toronto 2018 sixty to zeroCisco Connect Toronto 2018 sixty to zero
Cisco Connect Toronto 2018 sixty to zeroCisco Canada
 

Mais de Cisco Canada (20)

Cisco connect montreal 2018 net devops
Cisco connect montreal 2018 net devopsCisco connect montreal 2018 net devops
Cisco connect montreal 2018 net devops
 
Cisco connect montreal 2018 iot demo kinetic fr
Cisco connect montreal 2018 iot demo kinetic frCisco connect montreal 2018 iot demo kinetic fr
Cisco connect montreal 2018 iot demo kinetic fr
 
Cisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal VirtualizationCisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
 
Cisco connect montreal 2018 secure dc
Cisco connect montreal 2018 secure dcCisco connect montreal 2018 secure dc
Cisco connect montreal 2018 secure dc
 
Cisco connect montreal 2018 enterprise networks - say goodbye to vla ns
Cisco connect montreal 2018 enterprise networks - say goodbye to vla nsCisco connect montreal 2018 enterprise networks - say goodbye to vla ns
Cisco connect montreal 2018 enterprise networks - say goodbye to vla ns
 
Cisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse localeCisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse locale
 
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec CiscoCisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
 
Cisco connect montreal 2018 collaboration les services webex hybrides
Cisco connect montreal 2018 collaboration les services webex hybridesCisco connect montreal 2018 collaboration les services webex hybrides
Cisco connect montreal 2018 collaboration les services webex hybrides
 
Integration cisco et microsoft connect montreal 2018
Integration cisco et microsoft connect montreal 2018Integration cisco et microsoft connect montreal 2018
Integration cisco et microsoft connect montreal 2018
 
Cisco connect montreal 2018 compute v final
Cisco connect montreal 2018 compute v finalCisco connect montreal 2018 compute v final
Cisco connect montreal 2018 compute v final
 
Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco connect montreal 2018 saalvare md-program-xr-v2Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco connect montreal 2018 saalvare md-program-xr-v2
 
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
 
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
 
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kineticCisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
 
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
 
Cisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018 DevNet OverviewCisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018 DevNet Overview
 
Cisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assuranceCisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assurance
 
Cisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018 network-slicingCisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018 network-slicing
 
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
 
Cisco Connect Toronto 2018 sixty to zero
Cisco Connect Toronto 2018 sixty to zeroCisco Connect Toronto 2018 sixty to zero
Cisco Connect Toronto 2018 sixty to zero
 

Último

Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 

Último (20)

Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

Leverage the Network

  • 1. Cisco Confidential© 2015 Cisco and/or its affiliates. All rights reserved. 1 Leverage the Network to Detect and Manage Threats Matthew Robertson Technical Marketing Engineer May 19, 2016
  • 2. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
  • 3. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
  • 4. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 “The world is full of obvious things which nobody by any chance observes.” Sherlock Holmes, The Hound of the Baskervilles
  • 5. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 5 About this Session: Finding the Insider Threat Monitoring the network interior to find the threats within
  • 6. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 Insider Threat
  • 7. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 Stealthwatch About this Session: Finding the Insider Threat Monitoring the network interior to find the threats within
  • 8. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 NetFlow 10.2.2.2 port 1024 10.1.1.1 port 80 eth0/1 eth0/2 Start Time Interfac e Src IP Src Port Dest IP Dest Port Proto Pkts Sent Bytes Sent SGT DGT TCP Flags 10:20:12.22 1 eth0/1 10.2.2. 2 1024 10.1.1. 1 80 TCP 5 1025 100 1010 SYN,ACK,PSH 10:20:12.87 1 eth0/2 10.1.1. 1 80 10.2.2. 2 1024 TCP 17 28712 1010 100 SYN,ACK,FIN Start Time Interfac e Src IP Src Port Dest IP Dest Port Proto Pkts Sent Bytes Sent SGT DGT TCP Flags 10:20:12.22 1 eth0/1 10.2.2. 2 1024 10.1.1. 1 80 TCP 5 1025 100 1010 SYN,ACK,PSH
  • 9. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 NetFlow = Visibility Router# show flow monitor CYBER-MONITOR cache … IPV4 SOURCE ADDRESS: 192.168.100.100 IPV4 DESTINATION ADDRESS: 192.168.20.6 TRNS SOURCE PORT: 47321 TRNS DESTINATION PORT: 443 INTERFACE INPUT: Gi0/0/0 FLOW CTS SOURCE GROUP TAG: 100 FLOW CTS DESTINATION GROUP TAG: 1010 IP TOS: 0x00 IP PROTOCOL: 6 ipv4 next hop address: 192.168.20.6 tcp flags: 0x1A interface output: Gi0/1.20 counter bytes: 1482 counter packets: 23 timestamp first: 12:33:53.358 timestamp last: 12:33:53.370 ip dscp: 0x00 ip ttl min: 127 ip ttl max: 127 application name: nbar secure-http … A single NetFlow Record provides a wealth of information
  • 10. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 NetFlow Deployment Catalyst® 6500 Distribution & Core Catalyst® 4500 ASA ISR Edge ASR Each network layer offers unique NetFlow capabilities Access Catalyst® 3560/3750-X Catalyst® 4500 Catalyst® 3650/3850 Endpoint Anyconnect Network Visibility Module
  • 11. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 Stealthwatch System Components Cisco Network UDP Director • UDP Packet copier • Forward to multiple collection systems NetFlow Stealthwatch Flow Sensor (VE) • Generate NetFlow data • Additional contextual fields (ex. App, URL, SRT, RTT) Stealthwatch Flow Collector • Collect and analyze • Up to 2000 sources • Up to sustained 240,000 fps Stealthwatch Management Console • Management and reporting • Up to 25 Flow Collectors • Up 6 million fps globally Best Practice: Centralize collection globally
  • 12. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 NetFlow Collection: Flow Stitching 10.2.2.2 port 1024 10.1.1.1 port 80 eth0/1 eth0/2 Start Time Client IP Client Port Server IP Server Port Proto Client Bytes Client Pkts Server Bytes Server Pkts Client SGT Server SGT Interfaces 10:20:12.221 10.2.2.2 1024 10.1.1.1 80 TCP 1025 5 28712 17 100 1010 eth0/1 eth0/2 Uni-directional flow records Bi-directional: • Conversation flow record • Allows easy visualization and analysis Start Time Interface Src IP Src Port Dest IP Dest Port Proto Pkts Sent Bytes Sent SGT DGT 10:20:12.221 eth0/1 10.2.2.2 1024 10.1.1.1 80 TCP 5 1025 100 1010 10:20:12.871 eth0/2 10.1.1.1 80 10.2.2.2 1024 TCP 17 28712 1010 100
  • 13. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 NetFlow Collection: De-duplication Start Time Client IP Client Port Server IP Server Port Proto Client Bytes Client Pkts Server Bytes Server Pkts App Client SGT Server SGT Exporter, Interface, Direction, Action 10:20:12.221 10.2.2.2 1024 10.1.1.1 80 TCP 1025 5 28712 17 HTTP 100 1010 Sw1, eth0, in Sw1, eth1, out Sw2, eth0, in Sw2, eth1, out ASA, eth1, in ASA, eth0, out, Permitted ASA eth0, in, Permitted ASA, eth1, out Sw3, eth1, in Sw3, eth0, out Sw1, eth1, in Sw1, eth0, out 10.2.2.2 port 1024 10.1.1.1 port 80 Sw1 Sw2 Sw3 ASA
  • 14. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 Host Groups • Virtual Container of IP Addresses • User defined • Similar attributes • Model any Process/Application
  • 15. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 ISE as a Telemetry Source Monitor Mode • Open Mode, Multi-Auth • Unobstructed Access • No impact on productivity • Profiling, posture assessment • Gain Visibility Authenticated Session Table Cisco ISE • Maintain historical session table • Correlate NetFlow to username • Build User-centric reports Stealthwatch Management Console syslog
  • 16. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 Global Intelligence Stealthwatch Threat Intelligence License • Known C&C Servers • Tor Entrance and Exits
  • 17. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 Conversational Flow Record Who WhoWhat When How Where • Stitched and de-duplicated • Conversational representation • Highly scalable data collection and compression • Months of data retention More context
  • 18. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 Conversational Flow Record ISE Telemetry NBAR Applied situational awareness Flow Sensor Geo-IP mapping Threat Intelligence
  • 19. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 Conversational Flow Record: Exporters Path the flow is taking through the network
  • 20. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20 NetFlow Analysis with Stealthwatch: Identify additional Indicators of Compromise (IOCs) • Policy & Segmentation • Network Behaviour & Anomaly Detection (NBAD) Better understand / respond to an IOC: • Audit trail of all host-to-host communication Discovery • Identify business critical applications and services across the network
  • 21. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21 “There is nothing like first hand evidence” Sherlock Holmes, A Study in Scarlett
  • 22. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 Flow Query Basics – The Flow Table Filter Filter conditions Details More details
  • 23. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23 Flow Query Basics - Filtering Select host to investigate All flows in which this host was a client or server
  • 24. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24 Hunting
  • 25. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 Host groups and reports make it easier to hunt
  • 26. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26 Types of Host Groups • Inside Hosts: • All Hosts specifically defined as part of the network • By Default – “Catch All” • Outside Hosts • All Hosts not specifically defined as part of the network • Countries – GEO-IP • SLIC Created • Bogon • Command & Control Servers • Tor
  • 27. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 Inside Host Groups Default Host Groups • Catch All • RFC 1918 Space • By Function • By Location Include public IP space
  • 28. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28 Host Groups: Parent-Child Relationship Configuration trickles downInformation reports up
  • 29. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29 Host Groups – Targeted Reporting Geo-IP-based Host Group Summary chart of traffic inbound and outbound from this Host Group
  • 30. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30 Host Groups – Targeted Reporting Traffic inbound Traffic outbound
  • 31. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31 Host Groups – Application Report Applications outbound Applications inbound
  • 32. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32 Concept: Indicator of Compromise IDS/IPS Alert Log analysis (SIEM) Raw flow analysis Outside notification Behavioural analysis Activity monitoring an artifact observed on a network or in operating system that with high confidence indicates a computer intrusion • http://en.wikipedia.org/wiki/Indicator_of_compromise Anomaly detection File hashes IP Addresses
  • 33. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33 IoC’s from Traffic Analysis Behavioural Analysis: • Leverages knowledge of known bad behaviour • Policy and segmentation Anomaly Detection: • Identify a change from “normal”
  • 34. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34 Stealthwatch NBAD Model Algorithm Security Event Alarm Track and/or measure behaviour/activity Suspicious behaviour observed or anomaly detected Notification of security event generated
  • 35. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35 Alarm Categories Each category accrues points.
  • 36. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36 Stealthwatch: Alarms Alarms • Indicate significant behaviour changes and policy violations • Known and unknown attacks generate alarms • Activity that falls outside the baseline, acceptable behaviour or established policies
  • 37. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37 Behavioural Analysis Leverages knowledge of known bad behaviour Mouse
  • 38. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38 Segmentation Monitoring Host Groups Relationship Forbidden relationship
  • 39. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39 Policy Violation: Host Locking Client group Server group Client traffic conditions Server traffic conditions Successful or unsucessful
  • 40. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40 Policy Violation: Host Locking Communication in violation of policy • Active alarm monitoring adherence to policy
  • 41. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41 Policy Violation: Custom Security Events Custom event triggers on traffic condition Source Tag Destination Tag Rule name and description Object conditions Peer conditions Connection conditions
  • 42. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42 Policy Violation: Custom Security Events Alarm dashboard showing all Policy alarms Details of “Employee to Productions Servers” alarm occurrences
  • 43. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43 Anomaly Detection Identify a change from “normal” Suit?
  • 44. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44 Example Alarm Category: Concern Index Concern Index: Track hosts that appear to compromising network integrity 66 different algorithms as of v6.7.1.
  • 45. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45 High Concern Index Baseline deviated by 2,432%!
  • 46. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46 Identifying Internal Reconnaissance from CI Scanning on TCP-445 across multiple subnets Concern Index Events
  • 47. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47 Example Event: Suspect Quiet Long Flow An IP communication between an Inside and Outside host (with traffic in both directions) that exceeds the “Seconds required to qualify a flow as long” duration and is suspiciously small Default Policy
  • 48. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48 Watching for Data Theft Data Exfiltration • Identify suspect movement from Inside Network to Outside • Single or multiple destinations from a single source • Policy and behavioral
  • 49. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49 Data Hoarding Suspect Data Hoarding: • Unusually large amount of data inbound from other hosts Target Data Hoarding: • Unusually large amount of data outbound from a host to multiple hosts
  • 50. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50 Suspect Data Hoarding Data Hoarding • Unusually large amount of data inbound to a host from other hosts • Policy and behavioral
  • 51. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51 “The Science of Deduction.” Chapter 1: The Sign of the Four
  • 52. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52 The Science of Deduction Gathering Evidence Data Element What did they get? When did they get it? Where did they go? Are they still here? Who is they? IOC
  • 53. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53 Investigating a Host Host report for 10.201.3.59 Behavior alarms Quick view of host group communication Summary information
  • 54. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54 Investigating: Host Drilldown User information Applications
  • 55. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 55 Investigating: Applications A lot of applications. Some suspicious!
  • 56. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 56 Investigating: Audit Trails Network behavior retroactively analyzed
  • 57. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57 It Could Start with a User … Alarms Devices and Sessions Active Directory Details Username View Flows
  • 58. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58 Adaptive Network Control Quarantine/Unquarantine via pxGrid Identity Services Engine Stealthwatch Management Console
  • 59. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 59 Key Takeaways Insider threats are operating on the network interior Threat detection and response requires visibility and context into network traffic NetFlow and the Cisco Stealthwatch System provide actionable security intelligence
  • 60. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 60