The dynamic world of threat detection containment response
This presentation is the property of its rightful owner.
Sponsored Links
1 / 17

The Dynamic World of Threat Detection , Containment & Response PowerPoint PPT Presentation


  • 41 Views
  • Uploaded on
  • Presentation posted in: General

The Dynamic World of Threat Detection , Containment & Response. Opportunities and Challenges. The World of IT continues to evolve. IT owned. Static Management and Security Tools. Mobile. Network. Contained. Virtual. Servers. In house. User owned. Limitless. Data. Devices.

Download Presentation

The Dynamic World of Threat Detection , Containment & Response

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


The dynamic world of threat detection containment response

The Dynamic World of Threat Detection, Containment & Response


Opportunities and challenges

Opportunities and Challenges

The World of IT continues to evolve

IT owned

Static Management and Security Tools

Mobile

Network

Contained

Virtual

Servers

In house

User owned

Limitless

Data

Devices

Physical

Dynamic Infrastructure

Cloud

Applications

Fixed


Opportunities and challenges1

Opportunities and Challenges

The World of IT continues to evolve

IT owned

Static Management and Security Tools

Mobile

Network

Contained

Virtual

Servers

In house

User owned

Limitless

Data

Devices

Physical

Dynamic Infrastructure

Cloud

Applications

Fixed


Visibility the enabler for security

Visibility: The Enabler for Security

Anatomy of an Attack

Cloaking

complete

Cloning &

‘go mobile’

Information

extraction

Attack

commences

Assessing the

infrastructure

Pilot probe

attack

Cloaking

starts

Data extraction or manipulation

Intrusion

commences

Identifying

targets

Window of Exposure

The “Golden Hour”

Damage & scale

assessment

Alert &

notification

Second-wave

detection

Security

established

Anomaly

detected

Elimination

Early stage

containment

Infrastructure

wide response

Attack

identified


Two architectures two approaches

Two Architectures; Two Approaches

“Wall and Watch”

“Wall” – in band

“Watch” – out of band

  • Limit the opportunities

  • Block the known attacks

  • Monitor traffic profiles

  • Alert to anomalies

  • Broad-scale monitoring

  • Signature behavior

  • Leverage multiple measures

  • The front-line against the unknown

  • Limitations

  • Limitations

  • Requirements

  • Requirements

  • Risk of over-subscription

  • Famine or Feast: SPAN or TAP

  • Increasing tooling demand & expanding network scale

  • Highly available architecture

  • Line-rate performance

  • Infrequent configuration changes

  • Powerful filtering capability

  • Multi-point triangulation

  • The more pervasive, the greater the value

  • Single point of failure

  • Potential bottleneck

  • Dependent upon “Maintenance windows”


Two architectures two approaches1

Two Architectures; Two Approaches

“Wall and Watch”

“Wall” – in band

“Watch” – out of band

  • Requirements

  • Requirements

  • Highly available architecture

  • Line-rate performance

  • Infrequent configuration changes

  • Powerful filtering capability

  • Multi-point triangulation

  • The more pervasive the greater the value

  • Limitations

  • Limitations

  • Risk of over-subscription

  • Famine or Feast: SPAN or TAP

  • Increasing tooling demand & expanding network scale

  • Single point of failure

  • Potential bottleneck

  • Dependent upon “Maintenance windows”


Two architectures two approaches2

Two Architectures; Two Approaches

“Wall and Watch”

“Wall” – in band

“Watch” – out of band

  • Limitations

  • Limitations

  • Risk of over-subscription

  • Famine or Feast: SPAN or TAP

  • Increasing tooling demand & expanding network scale

  • Single point of failure

  • Potential bottleneck

  • Dependent upon “Maintenance windows”


Networks were static and simple

Networks were Static and Simple

Application Performance

Network Management

Security

TOOLS


Networks are dynamic and complex

Networks are Dynamic and Complex

Application Performance

Network Management

Security

TOOLS


Networks demand a new a pproach

Networks demand a New Approach

Application Performance

ApplicationPerformance

Network Management

Network Management

TOOLS

Security

Security

CENTRALIZED

TOOLS


The fabric intelligence

The Fabric Intelligence

Packet Identification, Filtering and Forwarding

Packet Modification, Manipulation and Transformation

Physical

Deduplication

ABACCABACB

ABC

Packet Slicing

A B C

A B C

A B C

A B C

Application

Performance

Virtual

Time Stamp

Network

Management

Flow Mapping

Network

GigaSMART

Tools

Security

Dynamic power to control traffic selection


The benefits of visibility fabric

The Benefits of Visibility Fabric

Legacy Approach

Visibility Fabric

  • Pervasive

  • Simple

  • Cost Effective

  • Centralized

  • Scalable

  • Limited Visibility

  • Static

  • Expensive

  • Distributed

  • Constrained


Enabling best of breed selections

Enabling Best-of-Breed Selections

Security

Application Monitoring

Network Management

Tools

Network

The Middleware with Any Network, and Any Tool


The advantages of gigamon gigabps

The Advantages of Gigamon – GigaBPS

Traffic offload – Application-aware traffic profile


The demand is clear

The Demand is Clear

Organization Size: Employees (000s)

Organization Revenue ($B)

Vertical

Independent Survey Results from December 2011


Visibility fabric

Visibility Fabric

Addressing the Limitations

“Wall” – in band

  • Limitations

  • Heartbeat monitoring

  • Intelligent traffic distribution

  • Establishes a ‘Dynamic DMZ’ enabling rapid response

  • Single point of failure

  • Potential bottleneck

  • Dependent upon “Maintenance windows”

“Watch” – out of band

  • Limitations

  • “Flow Mapping” filtering

  • Selective traffic forwarding

  • Scalability to serve some of the largest networks on the planet

  • Risk of over-subscription

  • Famine or Feast: SPAN or TAP

  • Increasing tooling demand & expanding network scale


Thank you

Thank you

Paul Hooper

Vice President, Gigamon


  • Login