SlideShare a Scribd company logo

Finding the source of Ransomware - Wire data analytics

Download as PPTX, PDF
NetFort
NetFort

This document discusses how wire data analytics can be used to detect ransomware infections on a network. It explains that wire data contains information within network packet headers and payloads that can reveal the source of ransomware infections in real-time. Specific wire data sources like IDS events, user complaints of blocked files or strange desktop messages can indicate an infection. The document also describes how ransomware most commonly enters networks through phishing emails and recommends Langaurdian as a wire data analytics tool that can log and report on activity by IP address and user to investigate ransomware infections.

Technology
1 of 12
www.netfort.com Ransomware. How wire data can be used to detect the source of the problem Darragh Delaney
www.netfort.comSlide 2 How will you know there is Ransomware on your network? • IDS (Intrusion Detection System) events • Users complaining they cannot access files • User reports strange message on desktop
www.netfort.comSlide 3 Typical message you would see
www.netfort.comSlide 4 • This question was posted on an IT forum – Main points from it are below: • End user creates a file with a certain name in the file server. • Issue currently is by default, windows logs or FIM does not capture the IP address of the client who is creating this file on the file server. • Infection starts to encrypt files and every time it moves from a directory to another. • Leaves an instruction note that leads to a website/tor network site or something. • Immediate block on this IP from further causing damage.
www.netfort.comSlide 5 Wire Data Analytics • Wire data is data contained within the headers and payloads of network packets as traffic moves from one node to another. • Wire data analytics is the process by which raw packet data is transformed into real-time and historical business and IT insight. This data in motion is what you’re learning in “continuously updated” mode, a constant mind-boggling flow of information that might include usernames, filenames, or website names.
www.netfort.comSlide 6 Wire Data Sources
www.netfort.comSlide 7 How does Ransomware get in? • The most common way that ransomware can get in to your network is through phishing campaigns • These types of attacks have become much more sophisticated over the last number of years • Some common examples of what the phishing campaigns might look like can be seen in the next few slides
www.netfort.comSlide 8
www.netfort.comSlide 9
www.netfort.comSlide 10
www.netfort.comSlide 11
www.netfort.comSlide 12 Why LANGuardian should be your only choice for Wire Data Analytics • Logs and reports on activity by IP address and actual user name. • Unique levels of detail using NetFort metadata for critical protocols including SMB, HTTP and SQL. • All wire data retained in a built in database. • Go back on data days, weeks or months without the need for expensive hardware and storage. • Built in application recognition engine tracks usage by application and user name. • Connect to a SPAN or mirror port and instantly monitor anywhere across your network. • Download and deploy on standard server hardware, VMware or HyperV.

Recommended

Enterprise security: ransomware in enterprise and corporate entities
Enterprise security: ransomware in enterprise and corporate entitiesEnterprise security: ransomware in enterprise and corporate entities
Enterprise security: ransomware in enterprise and corporate entitiesQuick Heal Technologies Ltd.
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomwareSophos Benelux
 
Ransomware
RansomwareRansomware
RansomwareNick Miller
 
Ransomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataRansomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataInderjeet Singh
 
Understanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case StudyUnderstanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case Studysecurityxploded
 
Ransomware
Ransomware Ransomware
Ransomware Armor
 
WHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareWHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareSymantec
 
Next-Gen Security Solution: Gateway Protection
Next-Gen Security Solution: Gateway ProtectionNext-Gen Security Solution: Gateway Protection
Next-Gen Security Solution: Gateway ProtectionQuick Heal Technologies Ltd.
 

Recommended

Enterprise security: ransomware in enterprise and corporate entities
Enterprise security: ransomware in enterprise and corporate entitiesEnterprise security: ransomware in enterprise and corporate entities
Enterprise security: ransomware in enterprise and corporate entitiesQuick Heal Technologies Ltd.
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomwareSophos Benelux
 
Ransomware
RansomwareRansomware
RansomwareNick Miller
 
Ransomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataRansomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataInderjeet Singh
 
Understanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case StudyUnderstanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case Studysecurityxploded
 
Ransomware
Ransomware Ransomware
Ransomware Armor
 
WHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareWHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareSymantec
 
Next-Gen Security Solution: Gateway Protection
Next-Gen Security Solution: Gateway ProtectionNext-Gen Security Solution: Gateway Protection
Next-Gen Security Solution: Gateway ProtectionQuick Heal Technologies Ltd.
 
Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing ThreatNick Miller
 
Wannacry & Petya ransomware
Wannacry & Petya ransomwareWannacry & Petya ransomware
Wannacry & Petya ransomwareRaghavendra P.V
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
WEB APPLICATION SECURITY
WEB APPLICATION SECURITYWEB APPLICATION SECURITY
WEB APPLICATION SECURITYyashwanthlavu
 
How to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksHow to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksSolarwinds N-able
 
Ransomware - Impact, Evolution, Prevention
Ransomware - Impact, Evolution, PreventionRansomware - Impact, Evolution, Prevention
Ransomware - Impact, Evolution, PreventionMohammad Yahya
 
Ransomware and tips to prevent ransomware attacks
Ransomware and tips to prevent ransomware attacksRansomware and tips to prevent ransomware attacks
Ransomware and tips to prevent ransomware attacksdinCloud Inc.
 
Basics of Network Security
Basics of Network SecurityBasics of Network Security
Basics of Network SecurityDushyant Singh
 
Web Security
Web SecurityWeb Security
Web SecurityBharath Manoharan
 
Ransomware Attack
Ransomware AttackRansomware Attack
Ransomware Attackdoiss delhi
 
Tutorial 9 - Security on the Internet
Tutorial 9 - Security on the InternetTutorial 9 - Security on the Internet
Tutorial 9 - Security on the Internetdpd
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?Faith Zeller
 
Footprinting
FootprintingFootprinting
Footprintingprashant3535
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
Class 11 ca chapter 17 computer ethics and cyber crime
Class 11 ca chapter 17 computer ethics and cyber crimeClass 11 ca chapter 17 computer ethics and cyber crime
Class 11 ca chapter 17 computer ethics and cyber crimeNithilan1
 
Ch03 Network and Computer Attacks
Ch03 Network and Computer AttacksCh03 Network and Computer Attacks
Ch03 Network and Computer Attacksphanleson
 
Seminar (network security)
Seminar (network security)Seminar (network security)
Seminar (network security)Gaurav Dalvi
 
Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...Quick Heal Technologies Ltd.
 
Website Hacking and Preventive Measures
Website Hacking and Preventive MeasuresWebsite Hacking and Preventive Measures
Website Hacking and Preventive MeasuresShubham Takode
 
CNIT 50: 1. Network Security Monitoring Rationale
CNIT 50: 1. Network Security Monitoring RationaleCNIT 50: 1. Network Security Monitoring Rationale
CNIT 50: 1. Network Security Monitoring RationaleSam Bowne
 
Implementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceImplementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceBrian Pichman
 

More Related Content

What's hot

Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing ThreatNick Miller
 
Wannacry & Petya ransomware
Wannacry & Petya ransomwareWannacry & Petya ransomware
Wannacry & Petya ransomwareRaghavendra P.V
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
WEB APPLICATION SECURITY
WEB APPLICATION SECURITYWEB APPLICATION SECURITY
WEB APPLICATION SECURITYyashwanthlavu
 
How to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksHow to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksSolarwinds N-able
 
Ransomware - Impact, Evolution, Prevention
Ransomware - Impact, Evolution, PreventionRansomware - Impact, Evolution, Prevention
Ransomware - Impact, Evolution, PreventionMohammad Yahya
 
Ransomware and tips to prevent ransomware attacks
Ransomware and tips to prevent ransomware attacksRansomware and tips to prevent ransomware attacks
Ransomware and tips to prevent ransomware attacksdinCloud Inc.
 
Basics of Network Security
Basics of Network SecurityBasics of Network Security
Basics of Network SecurityDushyant Singh
 
Ransomware Attack
Ransomware AttackRansomware Attack
Ransomware Attackdoiss delhi
 
Tutorial 9 - Security on the Internet
Tutorial 9 - Security on the InternetTutorial 9 - Security on the Internet
Tutorial 9 - Security on the Internetdpd
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?Faith Zeller
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
Class 11 ca chapter 17 computer ethics and cyber crime
Class 11 ca chapter 17 computer ethics and cyber crimeClass 11 ca chapter 17 computer ethics and cyber crime
Class 11 ca chapter 17 computer ethics and cyber crimeNithilan1
 
Ch03 Network and Computer Attacks
Ch03 Network and Computer AttacksCh03 Network and Computer Attacks
Ch03 Network and Computer Attacksphanleson
 
Seminar (network security)
Seminar (network security)Seminar (network security)
Seminar (network security)Gaurav Dalvi
 
Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...Quick Heal Technologies Ltd.
 
Website Hacking and Preventive Measures
Website Hacking and Preventive MeasuresWebsite Hacking and Preventive Measures
Website Hacking and Preventive MeasuresShubham Takode
 

What's hot (20)

Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing Threat
 
Wannacry & Petya ransomware
Wannacry & Petya ransomwareWannacry & Petya ransomware
Wannacry & Petya ransomware
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 
WEB APPLICATION SECURITY
WEB APPLICATION SECURITYWEB APPLICATION SECURITY
WEB APPLICATION SECURITY
 
How to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksHow to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware Attacks
 
Ransomware - Impact, Evolution, Prevention
Ransomware - Impact, Evolution, PreventionRansomware - Impact, Evolution, Prevention
Ransomware - Impact, Evolution, Prevention
 
Ransomware and tips to prevent ransomware attacks
Ransomware and tips to prevent ransomware attacksRansomware and tips to prevent ransomware attacks
Ransomware and tips to prevent ransomware attacks
 
Basics of Network Security
Basics of Network SecurityBasics of Network Security
Basics of Network Security
 
Web Security
Web SecurityWeb Security
Web Security
 
Ransomware Attack
Ransomware AttackRansomware Attack
Ransomware Attack
 
Tutorial 9 - Security on the Internet
Tutorial 9 - Security on the InternetTutorial 9 - Security on the Internet
Tutorial 9 - Security on the Internet
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?
 
Footprinting
FootprintingFootprinting
Footprinting
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
Class 11 ca chapter 17 computer ethics and cyber crime
Class 11 ca chapter 17 computer ethics and cyber crimeClass 11 ca chapter 17 computer ethics and cyber crime
Class 11 ca chapter 17 computer ethics and cyber crime
 
Ch03 Network and Computer Attacks
Ch03 Network and Computer AttacksCh03 Network and Computer Attacks
Ch03 Network and Computer Attacks
 
Seminar (network security)
Seminar (network security)Seminar (network security)
Seminar (network security)
 
Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...
 
Website Hacking and Preventive Measures
Website Hacking and Preventive MeasuresWebsite Hacking and Preventive Measures
Website Hacking and Preventive Measures
 

Similar to Finding the source of Ransomware - Wire data analytics

CNIT 50: 1. Network Security Monitoring Rationale
CNIT 50: 1. Network Security Monitoring RationaleCNIT 50: 1. Network Security Monitoring Rationale
CNIT 50: 1. Network Security Monitoring RationaleSam Bowne
 
Implementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceImplementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceBrian Pichman
 
Get Mainframe Visibility to Enhance SIEM Efforts in Splunk
Get Mainframe Visibility to Enhance SIEM Efforts in SplunkGet Mainframe Visibility to Enhance SIEM Efforts in Splunk
Get Mainframe Visibility to Enhance SIEM Efforts in SplunkPrecisely
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersRishabh Gupta
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDebra Baker, CISSP CSSP
 
Enterprise Security in Mainframe-Connected Environments
Enterprise Security in Mainframe-Connected EnvironmentsEnterprise Security in Mainframe-Connected Environments
Enterprise Security in Mainframe-Connected EnvironmentsPrecisely
 
InfoSec Deep Learning in Action
InfoSec Deep Learning in ActionInfoSec Deep Learning in Action
InfoSec Deep Learning in ActionSatnam Singh
 
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageAnant Shrivastava
 
Cyberscout Corporate Security
Cyberscout Corporate SecurityCyberscout Corporate Security
Cyberscout Corporate SecurityFiroze Hussain
 
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersITExamAnswers.net
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself Alert Logic
 
Novetta Cyber Analytics
Novetta Cyber AnalyticsNovetta Cyber Analytics
Novetta Cyber AnalyticsNovetta
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version Brian Pichman
 
Anatomy of an Advanced Retail Breach
Anatomy of an Advanced Retail BreachAnatomy of an Advanced Retail Breach
Anatomy of an Advanced Retail BreachIBM Security
 
5 Tips For Preventing Ransomware On Your Network
5 Tips For Preventing Ransomware On Your Network5 Tips For Preventing Ransomware On Your Network
5 Tips For Preventing Ransomware On Your NetworkNetFort
 
Network concepts and wi fi
Network concepts and wi fiNetwork concepts and wi fi
Network concepts and wi fiDeepak John
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practicesMihajlo Prerad
 
Spikes Security Isla Isolation
Spikes Security Isla IsolationSpikes Security Isla Isolation
Spikes Security Isla IsolationCybryx
 
Comodo my dlp_techpresentation_060615_v3
Comodo my dlp_techpresentation_060615_v3Comodo my dlp_techpresentation_060615_v3
Comodo my dlp_techpresentation_060615_v3Truong Minh Yen
 

Similar to Finding the source of Ransomware - Wire data analytics (20)

CNIT 50: 1. Network Security Monitoring Rationale
CNIT 50: 1. Network Security Monitoring RationaleCNIT 50: 1. Network Security Monitoring Rationale
CNIT 50: 1. Network Security Monitoring Rationale
 
Implementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceImplementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day Conference
 
Forensic tools
Forensic toolsForensic tools
Forensic tools
 
Get Mainframe Visibility to Enhance SIEM Efforts in Splunk
Get Mainframe Visibility to Enhance SIEM Efforts in SplunkGet Mainframe Visibility to Enhance SIEM Efforts in Splunk
Get Mainframe Visibility to Enhance SIEM Efforts in Splunk
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptx
 
Enterprise Security in Mainframe-Connected Environments
Enterprise Security in Mainframe-Connected EnvironmentsEnterprise Security in Mainframe-Connected Environments
Enterprise Security in Mainframe-Connected Environments
 
InfoSec Deep Learning in Action
InfoSec Deep Learning in ActionInfoSec Deep Learning in Action
InfoSec Deep Learning in Action
 
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
 
Cyberscout Corporate Security
Cyberscout Corporate SecurityCyberscout Corporate Security
Cyberscout Corporate Security
 
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
 
Novetta Cyber Analytics
Novetta Cyber AnalyticsNovetta Cyber Analytics
Novetta Cyber Analytics
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version
 
Anatomy of an Advanced Retail Breach
Anatomy of an Advanced Retail BreachAnatomy of an Advanced Retail Breach
Anatomy of an Advanced Retail Breach
 
5 Tips For Preventing Ransomware On Your Network
5 Tips For Preventing Ransomware On Your Network5 Tips For Preventing Ransomware On Your Network
5 Tips For Preventing Ransomware On Your Network
 
Network concepts and wi fi
Network concepts and wi fiNetwork concepts and wi fi
Network concepts and wi fi
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practices
 
Spikes Security Isla Isolation
Spikes Security Isla IsolationSpikes Security Isla Isolation
Spikes Security Isla Isolation
 
Comodo my dlp_techpresentation_060615_v3
Comodo my dlp_techpresentation_060615_v3Comodo my dlp_techpresentation_060615_v3
Comodo my dlp_techpresentation_060615_v3
 

Recently uploaded

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 

Recently uploaded (20)

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 

Finding the source of Ransomware - Wire data analytics

  • 1. www.netfort.com Ransomware. How wire data can be used to detect the source of the problem Darragh Delaney
  • 2. www.netfort.comSlide 2 How will you know there is Ransomware on your network? • IDS (Intrusion Detection System) events • Users complaining they cannot access files • User reports strange message on desktop
  • 4. www.netfort.comSlide 4 • This question was posted on an IT forum – Main points from it are below: • End user creates a file with a certain name in the file server. • Issue currently is by default, windows logs or FIM does not capture the IP address of the client who is creating this file on the file server. • Infection starts to encrypt files and every time it moves from a directory to another. • Leaves an instruction note that leads to a website/tor network site or something. • Immediate block on this IP from further causing damage.
  • 5. www.netfort.comSlide 5 Wire Data Analytics • Wire data is data contained within the headers and payloads of network packets as traffic moves from one node to another. • Wire data analytics is the process by which raw packet data is transformed into real-time and historical business and IT insight. This data in motion is what you’re learning in “continuously updated” mode, a constant mind-boggling flow of information that might include usernames, filenames, or website names.
  • 7. www.netfort.comSlide 7 How does Ransomware get in? • The most common way that ransomware can get in to your network is through phishing campaigns • These types of attacks have become much more sophisticated over the last number of years • Some common examples of what the phishing campaigns might look like can be seen in the next few slides
  • 12. www.netfort.comSlide 12 Why LANGuardian should be your only choice for Wire Data Analytics • Logs and reports on activity by IP address and actual user name. • Unique levels of detail using NetFort metadata for critical protocols including SMB, HTTP and SQL. • All wire data retained in a built in database. • Go back on data days, weeks or months without the need for expensive hardware and storage. • Built in application recognition engine tracks usage by application and user name. • Connect to a SPAN or mirror port and instantly monitor anywhere across your network. • Download and deploy on standard server hardware, VMware or HyperV.

Editor's Notes

  1. Can Download and get it on your network in 30 minutes!!! Virtual or physical!! Free fully functional trial, 30 days