SlideShare una empresa de Scribd logo

SoleraNetworks

Descargar como PPT, PDF
Joe Levy
Joe Levy

Solera Networks Negative Day Threat Detection

1 de 23
Negative Day Threat Detection 2009-02-05 Joe Levy – CTO, Solera Networks
Obligatory fear mongering Intro ,[object Object]
There is no shortage of “anti-threat” countermeasures ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Yet you can only find what you’re looking for ,[object Object],[object Object],[object Object],[object Object]
… probably not – treat the matter as when , not if ,[object Object],[object Object],[object Object],[object Object],http://www.tech-404.com/calculator.html http://attrition.org/dataloss/
Data Breach Investigations Report (June 2008) ,[object Object],* http://www.verizonbusiness.com/resources/security/databreachreport.pdf
Data Breach Investigations Report (June 2008) ,[object Object],* http://www.verizonbusiness.com/resources/security/databreachreport.pdf
Data Breach Investigations Report (June 2008) ,[object Object],[object Object],* http://www.verizonbusiness.com/resources/security/databreachreport.pdf
Incident Response – the basics ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],NIST Special Publication 800-61 “Computer Security Incident Handling Guide” http://csrc.nist.gov/publications/nistpubs/
Digital Forensics ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],1. Scientific Working Group on Digital Evidence - http://www.swgde.org 2. Department of Defense Computer Forensics Lab Data Definition - http://dcfldd.sourceforge.net
Network Forensics ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Speed-Mbps GB/Hour TB/Hour TB/Day 50 21.97 0.02 0.51 100 (FE) 43.95 0.04 1.03 500 219.73 0.21 5.15 1000 (GigE) 439.45 0.43 10.30 5000 2197.27 2.15 51.50 10000 (10GE) 4394.53 4.29 103.00
Storage trends enable total fidelity Sources: http://commons.wikimedia.org/wiki/Image:Hard_drive_capacity_over_time.png http://w ww.alts.net/ns1625/winchest.html
From Ethernet to Perma-net ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Solera Networks Solutions ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Functional Deployment
Secure Virtual Environments virtual to physical (Solera V2P Tap™) Virtual machines Communication passes through virtual switch Traffic is captured by the Solera DS Virtual Appliance and regenerated out of a physical interface to the physical framework. Promiscuous Existing IDS/IPS/FW/DPI Framework ,[object Object],[object Object],[object Object]
10 Gbps Capture ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
DeepSee ,[object Object],[object Object],[object Object],[object Object],[object Object],Stream of packets crossing the network Packets from selected flows are identified and combined
Negative Day Threat Detection Malware Monday Patch Tuesday Wake-up Call Wednesday Events can occur prior to remediation… ,[object Object],[object Object],[object Object],1. http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2. http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_MS08-067?rev=1.8;content-type=text%2Fplain
Evolution Contains confidential, proprietary, and trade secret information of Solera Networks. Any use or exploitation of this work without express written authorization is strictly prohibited. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Thank you Joe Levy jlevy@ soleranetworks.com Solera Networks See everything. Know everything.
Ethernet Ethernet Constants - IEEE 802.3 10Mbps 100Mbps 1Gbps 10Gbps Bit/time .1µs .01µs (10ns) 1ns .01ns Byte/time .8µs .08µs (80ns) 8ns .8ns Inter-Pkt Gap 9.6µs .96µs 96ns 9.6ns IPG = 96 bits / 12 bytes Preamble 6.4µs .64µs 64ns 6.4ns Preamble = 64 bits / 8 bytes Max Pkt per second = #bps / (pkt size + IPG + Preamble) * 8 Max Throughput (bits) = Max pkts/sec * pkt size * 8 10Mbps 100Mbps 1Gbps 10Gbps 10Mbps 100Mbps 1Gbps 10Gbps 64 14,881 148,810 1,488,095 14,880,952 7,619,048 76,190,476 761,904,762 7,619,047,619 128 8,446 84,459 844,595 8,445,946 8,648,649 86,486,486 864,864,865 8,648,648,649 256 4,529 45,290 452,899 4,528,986 9,275,362 92,753,623 927,536,232 9,275,362,319 512 2,350 23,496 234,962 2,349,624 9,624,060 96,240,602 962,406,015 9,624,060,150 768 1,586 15,863 158,629 1,586,294 9,746,193 97,461,929 974,619,289 9,746,192,893 1024 1,197 11,973 119,732 1,197,318 9,808,429 98,084,291 980,842,912 9,808,429,119 1518 813 8,127 81,274 812,744 9,869,961 98,699,610 986,996,099 9,869,960,988
Forensic Lab Certifications ,[object Object],[object Object],[object Object],ASCLD/LAB - American Society of Crime Laboratory Directors Laboratory Accreditation Board http://www.ascld-lab.org/

Recomendados

Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoPrime Infoserv
 
RSA 2010 Kevin Rowney
RSA 2010 Kevin RowneyRSA 2010 Kevin Rowney
RSA 2010 Kevin RowneySymantec
 
Honeypots for Cloud Providers - SDN World Congress
Honeypots for Cloud Providers - SDN World CongressHoneypots for Cloud Providers - SDN World Congress
Honeypots for Cloud Providers - SDN World CongressVallie Joseph
 
Neighborhood Keeper - Introduction
Neighborhood Keeper - Introduction Neighborhood Keeper - Introduction
Neighborhood Keeper - Introduction Dragos, Inc.
 
Data-centric Security: Using Information Protection and Control (IPC) Tools t...
Data-centric Security: Using Information Protection and Control (IPC) Tools t...Data-centric Security: Using Information Protection and Control (IPC) Tools t...
Data-centric Security: Using Information Protection and Control (IPC) Tools t...Chris Ross
 
Security assessment for financial institutions
Security assessment for financial institutionsSecurity assessment for financial institutions
Security assessment for financial institutionsZsolt Nemeth
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defenseZsolt Nemeth
 
SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsZsolt Nemeth
 

Recomendados

Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoPrime Infoserv
 
RSA 2010 Kevin Rowney
RSA 2010 Kevin RowneyRSA 2010 Kevin Rowney
RSA 2010 Kevin RowneySymantec
 
Honeypots for Cloud Providers - SDN World Congress
Honeypots for Cloud Providers - SDN World CongressHoneypots for Cloud Providers - SDN World Congress
Honeypots for Cloud Providers - SDN World CongressVallie Joseph
 
Neighborhood Keeper - Introduction
Neighborhood Keeper - Introduction Neighborhood Keeper - Introduction
Neighborhood Keeper - Introduction Dragos, Inc.
 
Data-centric Security: Using Information Protection and Control (IPC) Tools t...
Data-centric Security: Using Information Protection and Control (IPC) Tools t...Data-centric Security: Using Information Protection and Control (IPC) Tools t...
Data-centric Security: Using Information Protection and Control (IPC) Tools t...Chris Ross
 
Security assessment for financial institutions
Security assessment for financial institutionsSecurity assessment for financial institutions
Security assessment for financial institutionsZsolt Nemeth
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defenseZsolt Nemeth
 
SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsZsolt Nemeth
 
Network intrusi detection system
Network intrusi detection systemNetwork intrusi detection system
Network intrusi detection systemDuwinowo NT
 
Dressing up the ICS Kill Chain
Dressing up the ICS Kill ChainDressing up the ICS Kill Chain
Dressing up the ICS Kill ChainDragos, Inc.
 
Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...Huntsman Security
 
Threat intelligence platform explained
Threat intelligence platform explainedThreat intelligence platform explained
Threat intelligence platform explainedMindy Kam
 
Dragos S4X20: Mapping ICS Incidents to the MITRE Attack Framework
Dragos S4X20: Mapping ICS Incidents to the MITRE Attack FrameworkDragos S4X20: Mapping ICS Incidents to the MITRE Attack Framework
Dragos S4X20: Mapping ICS Incidents to the MITRE Attack FrameworkDragos, Inc.
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPFidelis Cybersecurity
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
 
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINALDefending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINALMichael Bunn
 
Hakin9 interview w Prof Sood
Hakin9 interview w Prof SoodHakin9 interview w Prof Sood
Hakin9 interview w Prof SoodZsolt Nemeth
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Global Business Events
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopMichele Chubirka
 
Big Data & Security Have Collided - What Are You Going to do About It?
Big Data & Security Have Collided - What Are You Going to do About It?Big Data & Security Have Collided - What Are You Going to do About It?
Big Data & Security Have Collided - What Are You Going to do About It?EMC
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSFidelis Cybersecurity
 
DamballaOverview
DamballaOverviewDamballaOverview
DamballaOverviewDavid C. Petty
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Security B-Sides
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019Fidelis Cybersecurity
 
Solving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric IndustrySolving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric IndustryDragos, Inc.
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guideYury Chemerkin
 
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Microfestival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Microfestival ICT 2016
 
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionBlue Coat
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityEryk Budi Pratama
 

Más contenido relacionado

La actualidad más candente

Network intrusi detection system
Network intrusi detection systemNetwork intrusi detection system
Network intrusi detection systemDuwinowo NT
 
Dressing up the ICS Kill Chain
Dressing up the ICS Kill ChainDressing up the ICS Kill Chain
Dressing up the ICS Kill ChainDragos, Inc.
 
Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...Huntsman Security
 
Threat intelligence platform explained
Threat intelligence platform explainedThreat intelligence platform explained
Threat intelligence platform explainedMindy Kam
 
Dragos S4X20: Mapping ICS Incidents to the MITRE Attack Framework
Dragos S4X20: Mapping ICS Incidents to the MITRE Attack FrameworkDragos S4X20: Mapping ICS Incidents to the MITRE Attack Framework
Dragos S4X20: Mapping ICS Incidents to the MITRE Attack FrameworkDragos, Inc.
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPFidelis Cybersecurity
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
 
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINALDefending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINALMichael Bunn
 
Hakin9 interview w Prof Sood
Hakin9 interview w Prof SoodHakin9 interview w Prof Sood
Hakin9 interview w Prof SoodZsolt Nemeth
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Global Business Events
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopMichele Chubirka
 
Big Data & Security Have Collided - What Are You Going to do About It?
Big Data & Security Have Collided - What Are You Going to do About It?Big Data & Security Have Collided - What Are You Going to do About It?
Big Data & Security Have Collided - What Are You Going to do About It?EMC
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSFidelis Cybersecurity
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Security B-Sides
 
Solving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric IndustrySolving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric IndustryDragos, Inc.
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guideYury Chemerkin
 
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Microfestival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Microfestival ICT 2016
 

La actualidad más candente (20)

Network intrusi detection system
Network intrusi detection systemNetwork intrusi detection system
Network intrusi detection system
 
Dressing up the ICS Kill Chain
Dressing up the ICS Kill ChainDressing up the ICS Kill Chain
Dressing up the ICS Kill Chain
 
Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...
 
Threat intelligence platform explained
Threat intelligence platform explainedThreat intelligence platform explained
Threat intelligence platform explained
 
Dragos S4X20: Mapping ICS Incidents to the MITRE Attack Framework
Dragos S4X20: Mapping ICS Incidents to the MITRE Attack FrameworkDragos S4X20: Mapping ICS Incidents to the MITRE Attack Framework
Dragos S4X20: Mapping ICS Incidents to the MITRE Attack Framework
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLP
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINALDefending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
 
Hakin9 interview w Prof Sood
Hakin9 interview w Prof SoodHakin9 interview w Prof Sood
Hakin9 interview w Prof Sood
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
 
Big Data & Security Have Collided - What Are You Going to do About It?
Big Data & Security Have Collided - What Are You Going to do About It?Big Data & Security Have Collided - What Are You Going to do About It?
Big Data & Security Have Collided - What Are You Going to do About It?
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWS
 
DamballaOverview
DamballaOverviewDamballaOverview
DamballaOverview
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019
 
Solving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric IndustrySolving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric Industry
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guide
 
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Microfestival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
 

Similar a SoleraNetworks

Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionBlue Coat
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityEryk Budi Pratama
 
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxkarlhennesey
 
Anti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewskiAnti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewskiStonesoft
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsFrederic Roy-Gobeil, CPA, CGA, M.Tax.
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMIftikhar Ali Iqbal
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XPrime Infoserv
 
First Responders Course - Session 3 - Monitoring and Controlling Incident Costs
First Responders Course - Session 3 - Monitoring and Controlling Incident CostsFirst Responders Course - Session 3 - Monitoring and Controlling Incident Costs
First Responders Course - Session 3 - Monitoring and Controlling Incident CostsPhil Huggins FBCS CITP
 
Preparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity RenaissancePreparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity RenaissanceCloudera, Inc.
 
Passive monitoring to build Situational Awareness
Passive monitoring to build Situational AwarenessPassive monitoring to build Situational Awareness
Passive monitoring to build Situational AwarenessDavid Sweigert
 
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...Collin Miles
 
Mike Miller Resume 2016 - Ver 2
Mike Miller Resume 2016 - Ver 2Mike Miller Resume 2016 - Ver 2
Mike Miller Resume 2016 - Ver 2Mike Miller
 
Esteban Próspero
Esteban PrósperoEsteban Próspero
Esteban PrósperoClusterCba
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4Rodrigo Piovesana
 
Final_year_project_documentation
Final_year_project_documentationFinal_year_project_documentation
Final_year_project_documentationUshnish Chowdhury
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...Savvius, Inc
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk
 
Container Workload Security Solution Ideas by Mandy Sidana.pptx
Container Workload Security Solution Ideas by Mandy Sidana.pptxContainer Workload Security Solution Ideas by Mandy Sidana.pptx
Container Workload Security Solution Ideas by Mandy Sidana.pptxMandy Sidana
 

Similar a SoleraNetworks (20)

Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat Protection
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information Security
 
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docx
 
Big security for big data
Big security for big dataBig security for big data
Big security for big data
 
Anti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewskiAnti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewski
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of Things
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEM
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield X
 
First Responders Course - Session 3 - Monitoring and Controlling Incident Costs
First Responders Course - Session 3 - Monitoring and Controlling Incident CostsFirst Responders Course - Session 3 - Monitoring and Controlling Incident Costs
First Responders Course - Session 3 - Monitoring and Controlling Incident Costs
 
Preparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity RenaissancePreparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity Renaissance
 
Passive monitoring to build Situational Awareness
Passive monitoring to build Situational AwarenessPassive monitoring to build Situational Awareness
Passive monitoring to build Situational Awareness
 
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...
 
Mike Miller Resume 2016 - Ver 2
Mike Miller Resume 2016 - Ver 2Mike Miller Resume 2016 - Ver 2
Mike Miller Resume 2016 - Ver 2
 
Esteban Próspero
Esteban PrósperoEsteban Próspero
Esteban Próspero
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
 
Final_year_project_documentation
Final_year_project_documentationFinal_year_project_documentation
Final_year_project_documentation
 
Security and-visibility
Security and-visibilitySecurity and-visibility
Security and-visibility
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout Session
 
Container Workload Security Solution Ideas by Mandy Sidana.pptx
Container Workload Security Solution Ideas by Mandy Sidana.pptxContainer Workload Security Solution Ideas by Mandy Sidana.pptx
Container Workload Security Solution Ideas by Mandy Sidana.pptx
 

SoleraNetworks

  • 1. Negative Day Threat Detection 2009-02-05 Joe Levy – CTO, Solera Networks
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12. Storage trends enable total fidelity Sources: http://commons.wikimedia.org/wiki/Image:Hard_drive_capacity_over_time.png http://w ww.alts.net/ns1625/winchest.html
  • 13.
  • 14.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21. Thank you Joe Levy jlevy@ soleranetworks.com Solera Networks See everything. Know everything.
  • 22. Ethernet Ethernet Constants - IEEE 802.3 10Mbps 100Mbps 1Gbps 10Gbps Bit/time .1µs .01µs (10ns) 1ns .01ns Byte/time .8µs .08µs (80ns) 8ns .8ns Inter-Pkt Gap 9.6µs .96µs 96ns 9.6ns IPG = 96 bits / 12 bytes Preamble 6.4µs .64µs 64ns 6.4ns Preamble = 64 bits / 8 bytes Max Pkt per second = #bps / (pkt size + IPG + Preamble) * 8 Max Throughput (bits) = Max pkts/sec * pkt size * 8 10Mbps 100Mbps 1Gbps 10Gbps 10Mbps 100Mbps 1Gbps 10Gbps 64 14,881 148,810 1,488,095 14,880,952 7,619,048 76,190,476 761,904,762 7,619,047,619 128 8,446 84,459 844,595 8,445,946 8,648,649 86,486,486 864,864,865 8,648,648,649 256 4,529 45,290 452,899 4,528,986 9,275,362 92,753,623 927,536,232 9,275,362,319 512 2,350 23,496 234,962 2,349,624 9,624,060 96,240,602 962,406,015 9,624,060,150 768 1,586 15,863 158,629 1,586,294 9,746,193 97,461,929 974,619,289 9,746,192,893 1024 1,197 11,973 119,732 1,197,318 9,808,429 98,084,291 980,842,912 9,808,429,119 1518 813 8,127 81,274 812,744 9,869,961 98,699,610 986,996,099 9,869,960,988
  • 23.