NetWitness
1 de Jul de 2011•0 gostou•2,911 visualizações
Baixar para ler offline
Denunciar
Tecnologia
As soluções da NetWitness capturam todos os dados que circulam na rede e os contextualizam, filtrando o que pode ser crítico ou não. O usuario pode ver quem está indo aonde e vendo o quê.
TechBiz Forense DigitalSeguir
Recomendados
Network Security RiskDedi Dwianto
Cyber Security for Critical InfrastructureMohit Rampal
Combating Advanced Persistent Threats with Flow-based Security MonitoringLancope, Inc.
Cyber Attack Analysis : Part I DDoSKenny Huang Ph.D.
Vulnerability assessment & Penetration testing Basics Mohammed Adam
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...Luigi Delgrosso
Mais conteúdo relacionado
Mais procurados
Info Security - Vulnerability AssessmentMarcelo Silva
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516Yasser Mohammed
How to Detect a Cryptolocker Infection with AlienVault USMAlienVault
Understanding advanced persistent threats (APT)Dan Morrill
Common Techniques To Identify Advanced Persistent Threat (APT)Yuval Sinay, CISSP, C|CISO
RSA Anatomy of an Attackintegritysolutions
Similar a NetWitness
It's Your Move: The Changing Game of Endpoint SecurityLumension
185vivatechijri
Cyber warfare introductionjagadeesh katla
How to protect your corporate from advanced attacksMicrosoft
LIS3353 SP12 Week 9Amanda Case
Digital Immunity -The Myths and Realityamiable_indian
Mais de TechBiz Forense Digital
Casos de sucessoTechBiz Forense Digital
![Cases forense[2]](https://cdn.slidesharecdn.com/ss_thumbnails/casesforense2-130204124017-phpapp02-thumbnail.jpg?width=384&height=256&fit=bounds)
Cases forense[2]TechBiz Forense Digital
Cnasi sp apresentação marcelo souzaTechBiz Forense Digital
10 atributos que o seu firewall precisa terTechBiz Forense Digital
En case cybersecurity automating incident response-bhagtani-5-22-2012 [compat...TechBiz Forense Digital
Insa cyber intelligence_2011-1TechBiz Forense Digital
![Cases forense[2]](https://cdn.slidesharecdn.com/ss_thumbnails/casesforense2-130204124017-phpapp02-thumbnail.jpg?width=1600&height=908&fit=bounds)
![Online fraud report_0611[1]](https://cdn.slidesharecdn.com/ss_thumbnails/onlinefraudreport06111-110629104913-phpapp01-thumbnail.jpg?width=1600&height=908&fit=bounds)
Último
Take Control of Podcasting thanks to Open Source and Podcasting 2.0🎙 Benjamin Bellamy
Data Formats: Reading and writing JSON – XML - YAMLCSUC - Consorci de Serveis Universitaris de Catalunya
Product Listing Presentation-Maidy Veloso.pptxMaidyVeloso
Easy Salesforce CI/CD with Open Source Only - Dreamforce 23NicolasVuillamy1
sap.pptxSAP
Scaling out with WordPressKonstantin Kovshenin
NetWitness
- 1.
- 2.
- 3. Malware/APT continues to grow “ State of the Internet” Report, Akamai Technologies
- 4. Security SUCKS!
- 5.
- 6. Who Really 0wns Your Network?
- 7. Tracking the Opposing I/T Organization Drop Sites Phishing Keyloggers Botnet Owners Spammers Botnet Services Malware Distribution Service Data Acquisition Service Data Mining & Enrichment Data Sales Cashing $$$ Malware Writers Identity Collectors Credit Card Users Master Criminals Validation Service (Card Checkers) Card Forums ICQ eCommerce Site Retailers Banks eCurrency Drop Service Wire Transfer Gambling Payment Gateways
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16. New Security Concept: “OFFENSE IN DEPTH” ATTACKER FREE TIME Attack Begins System Intrusion Attacker Surveillance Cover-up Complete Access Probe Leap Frog Attacks Complete Target Analysis Time Attack Set-up Discovery / Persistence Maintain foothold Cover-up Starts Attack Forecast Physical Security Containment & eradication System Reaction Damage Identification Recovery Defender discovery Monitoring & Controls Impact Analysis Response Threat Analysis Attack Identified Incident Reporting Need to collapse attacker free time Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/HILF.pdf)
- 17. Copyright 2007 NetWitness Corporation John Smith CISO
- 18.
- 19. There ARE specific targets…
- 20.
- 21.
- 22.
- 23. Sample Approach to Resilience
- 24.
- 25.
- 26.
- 27. Changes on the horizon…
- 28.
- 29. Understanding the NetWitness Network Monitoring Platform Automated Malware Analysis and Prioritization Automated Threat Reporting, Alerting and Integration Freeform Analytics for Investigations and Real-time Answers Revolutionary Visualization of Content for Rapid Review
- 30.
- 31.
- 32.
- 33.
- 34.
- 35. Finding bad things on the network: Are all ZeuS variants created equal?
- 36.
- 37.
- 38. Which AV Product Sucks the LEAST!!! ?
- 39.
- 40.
- 41.
- 42.
- 43.
- 44.
- 45. Conclusions
- 46. Combating Advanced Threats Requires More and Better Information… Highest Value Lowest Value Data Source Description Firewalls, Gateways, etc. IDS Software NetFlow Monitoring SEIM Software Real-time Network Forensics (NetWitness) Overwhelming amounts of data with little context, but can be valuable when used within a SEIM and in conjunction with network forensics. For many organizations, the only indicator of a problem, only for known exploits. Can produce false positives and limited by signature libraries. Network performance management and network behavioral anomaly detection (NBAD) tools. Indicators of changes in traffic flows within a given period, for example, DDOS. Limited by lack of context and content. Correlates IDS and other network and security event data and improves signal to noise ratio. Is valuable to the extent that data sources have useful information and are properly integrated, but lacks event context that can be provides by network forensics. Collects the richest network data. Provides a deeper level of advanced threat identification and situational awareness. Provides context and content to all other data sources and acts as a force multiplier.
- 47.
- 48.
Notas do Editor
- Security is hard job You are everyone’s friend, or enemy People want to see you or they dread seeing you in the hallway You know what you need to do, but good luck getting it done. Today: Talk about why security sucks and what’s wrong with security today in most organizations Some brief examples of why security teams are failing Maybe it will suck less when we are done
- Electronic Criminal Groups: Established Underground Industry (continued examples of successful large scale operations) Organization: Low to High Capability: High Intent: High for financial gain “ Kneber” ZeuS BotNet – information sold to anybody Nation-Sponsored Activities: From Intelligence Gathering to Network-Centric Warfare Organization: High Capability: High Intent: Connected to national policy Operation Aurora, Titan Rain, etc.
- OK, back to being the CIO of an organized criminal group…
- Build Slide…. SUCKER!!!
- Unfortunately, our job is usually not as much fun and doesn’t pay as well. So in the face of all this, what’s your job strategy? Maybe you should go work for the government? They have more money and better resources…and you get to wear a tie to work…
- The government has it’s problems too….security sucks there too… Advanced - the adversary can operate in the full spectrum of computer intrusion Persistent - the adversary is driven to accomplish a mission Threat - the adversary is: Organized Funded Motivated Analysts speak of multiple "groups" consisting of dedicated "crews" with various missions
- Who is NetWitness? Ask the Industry! Ultimately, we can say whatever we want about the value we will bring to your organization, but that value is best defined by what others in the industry say about us. The best security teams on the planet are using NetWitness: Our customers include: 5 of the Fortune 10 A large number of the Global 1000, including 3 of the Top 10 banks. Over 70% of U.S. Federal Agencies are enterprise customers of NetWitness, and most are planning larger deployments Over 45,000 security experts use NetWitness Investigator Freeware. The Analysts agree too: Forrester says that in 2011 all enterprises should inspect and analyze all network traffic to obtain better visibility and that NetWitness is a cutting edge vendor in this space. Gartner says that current malware threats will require approaches other than signature, and named NetWitness as a technology offering an important solution using forensics, behavioral, and reputational based techniques 451 Group says that “ If you can handle the truth, NetWitness can show it to you.” and that “NetWitness is the last security appliance you will ever need to buy.” The company has received a number of awards: Inc.500 -- #21 overall and #1 in Software and DC area WBJ #3 in Wash DC area SC Mag numerous awards Customer Testimonials ----- Meeting Notes (1/16/11 13:33) ----- The people that know a lot about the high threat environment use us.
- NetWitness infrastructure builds a pervasive and complete understanding of what is happening across your network Layer 2 to layer 7 – characteristics of network behavior Real-time knowledge Fused with the knowledge of the global security community Threat and fraud intel Business intelligence Community and reputation-based Cloud-based
- Just like every other application, provides completeness and security rigor.
- How many people have worked with Zeus? There are many commercial and non-commercial variants of Trojans such as ZeuS that have been developed by eCrime groups for specific targets of interest: Banks, DIB, specific government agencies in U.S. and Europe Numerous signs of collaboration among malware writers, including “best practices” for improving techniques for detection avoidance and resilience (e.g. ZeuS and Waledac collaboration noted in NetWitness “Kneber” report) New features, such as the inclusion of robust Backconnect reverse proxy capabilities Many of these non-commercial variants are invisible to typical security tools
- This particular directory contains files harvested by the attackers from my bait PC that I set up and infected; each directory (top listing in graphic for “/”) is associated with one victim.