![Page 1: Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c775503460f9492be5b/html5/thumbnails/1.jpg)
Decreasing Incident Response Time______________________________
Benefits of Packet Capture & Real-time NetFlow Generation
Boni Bruno, CISSP, CISM, CGEITTechnical Director
![Page 2: Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c775503460f9492be5b/html5/thumbnails/2.jpg)
2 Copyright © 2014
You Just Suffered a Major Security Breach!
What Happened?!
Who Was Affected?!
When Will It Be Fixed?!
3 Questions Your IT Staff Better Answer in the First 8 Hours!!
Could Your Current SEM/SIEM Tools Cover You for this Security Breach?
![Page 3: Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c775503460f9492be5b/html5/thumbnails/3.jpg)
3 Copyright © 2014
Suspect
Identify
Mitigate
Impact
Tools Fixed
Permanent Protection
Security Incident Lifecycle
![Page 4: Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c775503460f9492be5b/html5/thumbnails/4.jpg)
4 Copyright © 2014
Security Incident Lifecycle
Unique EventCan lead to repetitive events if not correctly identified…
![Page 5: Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c775503460f9492be5b/html5/thumbnails/5.jpg)
5 Copyright © 2014
Security Incident Lifecycle
![Page 6: Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c775503460f9492be5b/html5/thumbnails/6.jpg)
6 Copyright © 2014
Security Incident Lifecycle
Reduced Frequency
Minimize Scope of Impact
FasterRemediation
ID Root Cause
![Page 7: Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c775503460f9492be5b/html5/thumbnails/7.jpg)
7 Copyright © 2014
Security Architecture
Full ContentRepository
Current SecurityInfrastructure:
• Firewall
• IDS/IPS
• DLP
End Point Security
Events
pcaps
Event-driven “snippets”and/or
ALL traffic recorded into a rolling buffer
Alarm
Search &Analysis
Event / LogRepository
Packet Storage
SIEM (Security Info & Event Mgmt)
Packet Capture
![Page 8: Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c775503460f9492be5b/html5/thumbnails/8.jpg)
8 Copyright © 2014
SIEM Integration via RESTful API
![Page 9: Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c775503460f9492be5b/html5/thumbnails/9.jpg)
Visibility & recording infrastructure for high-speed networks
Endace provides 100% accurate network recording at 1Gbps to 100Gbps!!!
![Page 10: Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c775503460f9492be5b/html5/thumbnails/10.jpg)
10 Copyright © 2014
Next-Generation EndaceDAG Overview
Multiple Network Monitoring Interfaces-TDM/PDH T1/E1-DS3/E3- 10/100/1000/10G Ethernet- SONET/SDH OC-3 to OC-768c- Infiniband x4 SDR and DDR
Premium-Telco, high-end gov’t users and appliance OEMs
Standard-HFT, market, appliance OEMs
Basic- Low-end gov’t users, analytics
Dual-Port 10GbE-Basic and standard
Dual and quad port 10GbE-Standard and premium
Single-Port 40GbE-Future/upgrade to quad port
Designed for data capture applications
requiring 100% network data capture
Three “Feature Bundles”
Three ProductConfigurations
Low Overhead
Zero Loss Capture
Hardware Time Stamps
Global Clock Synch
In-Band Metadata
Classification/filtering
Load Balancing
![Page 11: Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c775503460f9492be5b/html5/thumbnails/11.jpg)
11 Copyright © 2014
Endace Network Visibility Infrastructure
Network Visibility Headend
Allows EndaceProbe INRs/ODE to scale to 40 and
100GbE
EndaceAccess™Network Visibility
Headend
Endace OpenHosting Platform
(ODE)
High Performance Intelligent Network Recording
Up to 64 TB storageMix of 1 and 10GbE ports
EndaceProbe™ Intelligent Network
Recorder
EndaceFlow™ NetFlow Generator
Appliance (NGA)
Hosting Platform for Monitoring Applications
8x1GbE or 4x10GbE PortsUp to 16 TB internal storage;
Fibre Channel support for SAN
High-Speed NetFlow Generation for 10GbE
Networks
4x10GbE Ports
EndaceProbe: Provides 100% packet
capture on 10Gb Ethernet links
NetFlow Generator: Generate unsampled
netflows from 1GbE/10GbE links
EndaceAccess: Load-balances
40Gb/100Gb links across multiple INRs
Endace ODE: Provide packets for
hosted 3rd party applications
![Page 12: Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c775503460f9492be5b/html5/thumbnails/12.jpg)
12 Copyright © 2014
The Endace Probe Solution
![Page 13: Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c775503460f9492be5b/html5/thumbnails/13.jpg)
13 Copyright © 2014
Monitoring and Recording Fabrics
![Page 14: Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c775503460f9492be5b/html5/thumbnails/14.jpg)
14 Copyright © 2014
100% Packet Capture means 100% Network Visibility
![Page 15: Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c775503460f9492be5b/html5/thumbnails/15.jpg)
15 Copyright © 2014
Can you Pinpoint Microbursts Occurring on your Network?
![Page 16: Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c775503460f9492be5b/html5/thumbnails/16.jpg)
16 Copyright © 2014
Can you Identify Applications Running on your Network?
![Page 17: Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c775503460f9492be5b/html5/thumbnails/17.jpg)
17 Copyright © 2014
Can you Identify Traffic Changes Over Time?
![Page 18: Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c775503460f9492be5b/html5/thumbnails/18.jpg)
18 Copyright © 2014
Can you see Conversations on the Network?
![Page 19: Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c775503460f9492be5b/html5/thumbnails/19.jpg)
19 Copyright © 2014
Search through Packets in a Browser!
![Page 20: Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c775503460f9492be5b/html5/thumbnails/20.jpg)
20 Copyright © 2014
100Gbps Packet Capture…
![Page 21: Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c775503460f9492be5b/html5/thumbnails/21.jpg)
21 Copyright © 2014
Time Synchronization
![Page 22: Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c775503460f9492be5b/html5/thumbnails/22.jpg)
![Page 23: Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c775503460f9492be5b/html5/thumbnails/23.jpg)
23 Copyright © 2013
NetFlow – The New Way!!!
![Page 24: Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c775503460f9492be5b/html5/thumbnails/24.jpg)
24 Copyright © 2013
NetFlow – The New Way!!!
![Page 25: Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c775503460f9492be5b/html5/thumbnails/25.jpg)
25 Copyright © 2013
![Page 26: Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c775503460f9492be5b/html5/thumbnails/26.jpg)
26 Copyright © 2013