SlideShare una empresa de Scribd logo

Hands-On Encrypted Traffic Analytics

Robb Boyd
Robb Boyd

The document discusses Cisco's Encrypted Traffic Analytics (ETA) solution. ETA uses machine learning techniques to analyze metadata from encrypted network traffic and detect malware without decrypting traffic. It can identify malware signatures and anomalous behavior in encrypted web, cloud, and internal traffic. ETA extracts features from packet lengths, times, and byte distributions to build detectors that can find known malware in encrypted traffic with high accuracy. The solution provides visibility, compliance monitoring, and threat detection across an organization's entire network, including campus, branch offices, and the cloud.

Tecnología
1 de 22
Descargar para leer sin conexión
Hands on Encrypted Traffic Analytics January 17,2018
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Networks are becoming more and more opaque
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential New threat landscape 38% 62% Organizations are at risk Decrypt Do not decrypt New attack vectors • Employees browsing over HTTPS: Malware infection, covert channel with command and control server, data exfiltration • Employees on internal network connecting to DMZ servers: Lateral propagation of encrypted threats cannot detect malicious content in encrypted traffic of attackers used encryption to evade detection of organizations have been victims of a cyber attack 41%81% 64% Source: Ponemon Report, 2016
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Web Traffic A growing problem: malware in encrypted traffic 2019 >80% encrypted >55% encrypted May 2017
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Network Users HQ Data Center Admin Branch RECORD every conversation Understand what is NORMAL Be alerted to CHANGE KNOW every host Respond to THREATS quickly Effective security depends on total visibility Roaming Users Cloud
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Privacy AND Security Now Available: Cisco Encrypted Traffic Analytics Industry’s first network with the ability to find threats in encrypted traffic without decryption Avoid, stop, or mitigate threats faster then ever before | Real-time flow analysis for better visibility Encrypted traffic Non-encrypted traffic
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Malware Detection Known Malware Traffic Known Benign Traffic Extract Observable Features in the Data Employ Machine Learning techniques to build detectors Known Malware sessions detected in encrypted traffic with high accuracy “Identifying Encrypted Malware Traffic with Contextual Flow Data” AISec ’16 | Blake Anderson, David McGrew (Cisco Fellow ) Cisco Research
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Finding malicious activity in encrypted traffic Cisco Stealthwatch® Machine Learning M alware de tection and cryptographi c compliance Telemetry Exporter* Ne tFlow Enhanced Ne tFlow Te lemetry for e ncrypted malware detection and cryptographic compliance * Catalyst, ISR, ASR, CSR are supported Enhanced analytics and machine learning Global-to-local knowledge correlation Enhanced NetFlow from Cisco’s newest switches and routers Continuous Enterprise-wide compliance Leveraged network Faster investigation Higher precision Stronger protection M etadata
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Make the most of the unencrypted fields Identify the content type through the size and timing of packets Initial data packet Sequence of packet lengths and times How can we inspect encrypted traffic? Self-Signed certificate Data exfiltration C2 message Who’s who of the Internet’s dark side Global Risk Map Broad behavioral information about the servers on the Internet.
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Threat discrimination thru correlation Global Risk MapInitial Data Packet Sequence of Packet Lengths and Times Multi-layer Machine Learning
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Campu s Branch Cloud Extended Enterprise Network Visibility News: ETA expands into the cloud and branch office ISR & ASR NEW CSR 1000V NEW Catalyst 9000
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Encrypted Traffic Analytics Telemetry
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 Encrypted Traffic Analytics Overview ETA Data Features Outcomes Routers/Switches Packet Capture Devices Other Exporters Exporters of Netflow SPLT BD*IDP ETA Enhanced Analytics Cryptographic Compliance Malware Detection Analytics srcIP, dstIP, srcPort, dstPort, prot, startTime, stopTime, numBytes, numPackets, IDP, SPLT, BD Sequence of Packet Lengths and Times The SPLT field gives us visibility beyond the first packet of the encrypted flows. Byte Distribution The BD keeps a count for each byte value encountered in the payloads of the packets of the flow being analyzed Initial Data Packet The first packets of any connection contain valuable data about the content. *BD in fast follow release
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • HTTPS header contains several information-rich fields • Server name provides domain information • Crypto information educates us on client and server behavior and application identity • Certificate information is similar to whois information for a domain • And much more can be understood when we combine the information with global data Initial Data Packet
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential SPLT shows TLS Metadata differences Client Server Sent Packets Received Packets Google search Page Download Exfiltration & Keylogging Initiate Command & Control Model Packet lengths, arrival times and durations tend to be inherently different for malware than benign traffic.
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Behavioral Patterns w.r.t. SPLT (Packet Lengths/Times) BestaferaFirefoxSelf-RepairGoogle Search Self-Signed Certificate Data Exfiltration Red = Unencrypted Handshake Messages C2 Message Initial Page Load FirefoxReal- Time Feedback Page Refresh Autocomplete
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Anomaly detection Trust modeling Event classification Entity modeling Relationship modeling Global risk map Threat correlation Internet scrapers Encrypted Traffic Analytics Threat Grid Anomalous Requests Processed NetFlow + Proxy (weblog) Threat Incidents (aggregated events) Malicious Events (telemetry sequences) Power of multi-layer machine learning Threat Analytics at Scale 50,000 incidents per day 10B requests per day Incidents Threat context Telemetry Features Layer 1 Layer 2 Layer 3
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cryptographic Compliance 1000111010011101 110000 0100001100001 1100 0111010011101 0001110 1001 1101 1110011 011 Encryption TLS/SSL Version TLS 1.2 Encryption Key Exchange RSA Encryption Algorithm and Key Length RSA_128 1000111010011101 110000 0100001100001 1100 0111010011101 0001110 1001 1101 1110011 011 89cZ 274eb60f9547 c22c302ae 2ae85 89c22ae 858922c302ae C9996 fbb9 e2d291fcc 22ae85e 89cZ 274eb60f9547 c22c302ae 2ae85 89c22ae 858922c302ae C9996 fbb9 e2d291fcc 22ae85e Encryption TLS/SSL Version NONE Encryption Key Exchange RSA Encryption Algorithm and Key Length RSA_128
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Demonstration
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What do you buy? Licensing, packaging… Solution element Software version License Enterprise switches (Cisco® Catalyst® 9000 Series)* Cisco IOS® XE 16.6.1+ Included in Cisco DNA™ Advantage license/ Cisco ONE™ Advanced Branch routers (ASR 1000 Series, 4000 Series ISR, CSR, ISRv, 1100 Series ISR)** Cisco IOS XE 16.6.2+ Included in SEC/k9 license Cisco ONE foundation Stealthwatch Enterprise v6.9.2+ Management Console, Flow Collector, Flow Rate License *C9300 series with 16.6.1, C9400 series available with 16.6.2 **Available for Proof of Concept (PoC) with 16.6.1, General availability in 16.6.2
C97-739122-01 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Next Steps Learn more about ETA http://www.cisco.com/go/eta
Thank you for watching!

Recomendados

Vectra Concept Overview
Vectra Concept OverviewVectra Concept Overview
Vectra Concept OverviewIlya O
 
Red + Blue, How Purple Are You
Red + Blue, How Purple Are YouRed + Blue, How Purple Are You
Red + Blue, How Purple Are YouJared Atkinson
 
Pentesting RESTful webservices
Pentesting RESTful webservicesPentesting RESTful webservices
Pentesting RESTful webservicesMohammed A. Imran
 
Burp suite
Burp suiteBurp suite
Burp suiteSOURABH DESHMUKH
 
Password Cracking
Password CrackingPassword Cracking
Password CrackingHajer alriyami
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Application of Machine Learning in Cybersecurity
Application of Machine Learning in CybersecurityApplication of Machine Learning in Cybersecurity
Application of Machine Learning in CybersecurityPratap Dangeti
 
Threat Hunting for Command and Control Activity
Threat Hunting for Command and Control ActivityThreat Hunting for Command and Control Activity
Threat Hunting for Command and Control ActivitySqrrl
 

Recomendados

Vectra Concept Overview
Vectra Concept OverviewVectra Concept Overview
Vectra Concept OverviewIlya O
 
Red + Blue, How Purple Are You
Red + Blue, How Purple Are YouRed + Blue, How Purple Are You
Red + Blue, How Purple Are YouJared Atkinson
 
Pentesting RESTful webservices
Pentesting RESTful webservicesPentesting RESTful webservices
Pentesting RESTful webservicesMohammed A. Imran
 
Burp suite
Burp suiteBurp suite
Burp suiteSOURABH DESHMUKH
 
Password Cracking
Password CrackingPassword Cracking
Password CrackingHajer alriyami
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Application of Machine Learning in Cybersecurity
Application of Machine Learning in CybersecurityApplication of Machine Learning in Cybersecurity
Application of Machine Learning in CybersecurityPratap Dangeti
 
Threat Hunting for Command and Control Activity
Threat Hunting for Command and Control ActivityThreat Hunting for Command and Control Activity
Threat Hunting for Command and Control ActivitySqrrl
 
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...Splunk
 
Client-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationClient-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationChris Gates
 
Observability
ObservabilityObservability
ObservabilityMaganathin Veeraragaloo
 
Analytics Driven SIEM Workshop
Analytics Driven SIEM WorkshopAnalytics Driven SIEM Workshop
Analytics Driven SIEM WorkshopSplunk
 
The Elastic Stack as a SIEM
The Elastic Stack as a SIEMThe Elastic Stack as a SIEM
The Elastic Stack as a SIEMJohn Hubbard
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Dive in burpsuite
Dive in burpsuiteDive in burpsuite
Dive in burpsuiteNadim Kadiwala
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?Cigital
 
RT and RT for Incident Response
RT and RT for Incident ResponseRT and RT for Incident Response
RT and RT for Incident ResponseBest Practical Solutions
 
Microservices Architecture & Testing Strategies
Microservices Architecture & Testing StrategiesMicroservices Architecture & Testing Strategies
Microservices Architecture & Testing StrategiesAraf Karsh Hamid
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chainSymantec Brasil
 
Introduction to Kibana
Introduction to KibanaIntroduction to Kibana
Introduction to KibanaVineet .
 
Password Security and Use of John the Ripper Tool
Password Security and Use of John the Ripper ToolPassword Security and Use of John the Ripper Tool
Password Security and Use of John the Ripper ToolNeranjan Viduranga
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
MicroServices at Netflix - challenges of scale
MicroServices at Netflix - challenges of scaleMicroServices at Netflix - challenges of scale
MicroServices at Netflix - challenges of scaleSudhir Tonse
 
Windowsforensics
WindowsforensicsWindowsforensics
WindowsforensicsSantosh Khadsare
 
Nikto
NiktoNikto
NiktoSorina Chirilă
 
第一次使用Shodan.io就上手
第一次使用Shodan.io就上手第一次使用Shodan.io就上手
第一次使用Shodan.io就上手Ting-En Lin
 
Key Elements of a Security Delivery Platform
Key Elements of a Security Delivery PlatformKey Elements of a Security Delivery Platform
Key Elements of a Security Delivery PlatformJohn Pollack
 
Security and-visibility
Security and-visibilitySecurity and-visibility
Security and-visibilityedwardstudyemai
 

Más contenido relacionado

La actualidad más candente

How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...Splunk
 
Client-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationClient-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationChris Gates
 
Analytics Driven SIEM Workshop
Analytics Driven SIEM WorkshopAnalytics Driven SIEM Workshop
Analytics Driven SIEM WorkshopSplunk
 
The Elastic Stack as a SIEM
The Elastic Stack as a SIEMThe Elastic Stack as a SIEM
The Elastic Stack as a SIEMJohn Hubbard
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?Cigital
 
Microservices Architecture & Testing Strategies
Microservices Architecture & Testing StrategiesMicroservices Architecture & Testing Strategies
Microservices Architecture & Testing StrategiesAraf Karsh Hamid
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chainSymantec Brasil
 
Introduction to Kibana
Introduction to KibanaIntroduction to Kibana
Introduction to KibanaVineet .
 
Password Security and Use of John the Ripper Tool
Password Security and Use of John the Ripper ToolPassword Security and Use of John the Ripper Tool
Password Security and Use of John the Ripper ToolNeranjan Viduranga
 
MicroServices at Netflix - challenges of scale
MicroServices at Netflix - challenges of scaleMicroServices at Netflix - challenges of scale
MicroServices at Netflix - challenges of scaleSudhir Tonse
 
第一次使用Shodan.io就上手
第一次使用Shodan.io就上手第一次使用Shodan.io就上手
第一次使用Shodan.io就上手Ting-En Lin
 

La actualidad más candente (20)

How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
 
Client-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationClient-Side Penetration Testing Presentation
Client-Side Penetration Testing Presentation
 
Observability
ObservabilityObservability
Observability
 
Analytics Driven SIEM Workshop
Analytics Driven SIEM WorkshopAnalytics Driven SIEM Workshop
Analytics Driven SIEM Workshop
 
The Elastic Stack as a SIEM
The Elastic Stack as a SIEMThe Elastic Stack as a SIEM
The Elastic Stack as a SIEM
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Dive in burpsuite
Dive in burpsuiteDive in burpsuite
Dive in burpsuite
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?
 
RT and RT for Incident Response
RT and RT for Incident ResponseRT and RT for Incident Response
RT and RT for Incident Response
 
Microservices Architecture & Testing Strategies
Microservices Architecture & Testing StrategiesMicroservices Architecture & Testing Strategies
Microservices Architecture & Testing Strategies
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
 
Introduction to Kibana
Introduction to KibanaIntroduction to Kibana
Introduction to Kibana
 
Password Security and Use of John the Ripper Tool
Password Security and Use of John the Ripper ToolPassword Security and Use of John the Ripper Tool
Password Security and Use of John the Ripper Tool
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
 
MicroServices at Netflix - challenges of scale
MicroServices at Netflix - challenges of scaleMicroServices at Netflix - challenges of scale
MicroServices at Netflix - challenges of scale
 
Windowsforensics
WindowsforensicsWindowsforensics
Windowsforensics
 
Nikto
NiktoNikto
Nikto
 
第一次使用Shodan.io就上手
第一次使用Shodan.io就上手第一次使用Shodan.io就上手
第一次使用Shodan.io就上手
 

Similar a Hands-On Encrypted Traffic Analytics

Key Elements of a Security Delivery Platform
Key Elements of a Security Delivery PlatformKey Elements of a Security Delivery Platform
Key Elements of a Security Delivery PlatformJohn Pollack
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practicesMihajlo Prerad
 
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...NetworkCollaborators
 
Secrity project keyvan
Secrity project keyvanSecrity project keyvan
Secrity project keyvanitrraincity
 
Cisco Connect 2018 Thailand - Secure data center building a secure zero trust...
Cisco Connect 2018 Thailand - Secure data center building a secure zero trust...Cisco Connect 2018 Thailand - Secure data center building a secure zero trust...
Cisco Connect 2018 Thailand - Secure data center building a secure zero trust...NetworkCollaborators
 
How to Gain Visibility into Encrypted Threats
How to Gain Visibility into Encrypted ThreatsHow to Gain Visibility into Encrypted Threats
How to Gain Visibility into Encrypted ThreatsShain Singh
 
Next Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension Inc.
 
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...BGA Cyber Security
 
Cloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksCloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksHarry Gunns
 
Detect Threats Faster
Detect Threats FasterDetect Threats Faster
Detect Threats FasterForce 3
 
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...AWS Summits
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)irjes
 
Comodo my dlp_techpresentation_060615_v3
Comodo my dlp_techpresentation_060615_v3Comodo my dlp_techpresentation_060615_v3
Comodo my dlp_techpresentation_060615_v3Truong Minh Yen
 
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...Amazon Web Services
 
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) MITRE ATT&CK
 
SplunkLive! Munich 2018: Siemens Security Use Case
SplunkLive! Munich 2018: Siemens Security Use CaseSplunkLive! Munich 2018: Siemens Security Use Case
SplunkLive! Munich 2018: Siemens Security Use CaseSplunk
 
A rede como um sensor de segurança
A rede como um sensor de segurança A rede como um sensor de segurança
A rede como um sensor de segurança Cisco do Brasil
 
Communications Technologies
Communications TechnologiesCommunications Technologies
Communications TechnologiesSarah Jimenez
 
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...Amazon Web Services
 

Similar a Hands-On Encrypted Traffic Analytics (20)

Key Elements of a Security Delivery Platform
Key Elements of a Security Delivery PlatformKey Elements of a Security Delivery Platform
Key Elements of a Security Delivery Platform
 
Security and-visibility
Security and-visibilitySecurity and-visibility
Security and-visibility
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practices
 
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
 
Secrity project keyvan
Secrity project keyvanSecrity project keyvan
Secrity project keyvan
 
Cisco Connect 2018 Thailand - Secure data center building a secure zero trust...
Cisco Connect 2018 Thailand - Secure data center building a secure zero trust...Cisco Connect 2018 Thailand - Secure data center building a secure zero trust...
Cisco Connect 2018 Thailand - Secure data center building a secure zero trust...
 
How to Gain Visibility into Encrypted Threats
How to Gain Visibility into Encrypted ThreatsHow to Gain Visibility into Encrypted Threats
How to Gain Visibility into Encrypted Threats
 
Next Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA Compliance
 
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
 
Cloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksCloud Security Primer - F5 Networks
Cloud Security Primer - F5 Networks
 
Detect Threats Faster
Detect Threats FasterDetect Threats Faster
Detect Threats Faster
 
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)
 
Comodo my dlp_techpresentation_060615_v3
Comodo my dlp_techpresentation_060615_v3Comodo my dlp_techpresentation_060615_v3
Comodo my dlp_techpresentation_060615_v3
 
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
 
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?)
 
SplunkLive! Munich 2018: Siemens Security Use Case
SplunkLive! Munich 2018: Siemens Security Use CaseSplunkLive! Munich 2018: Siemens Security Use Case
SplunkLive! Munich 2018: Siemens Security Use Case
 
A rede como um sensor de segurança
A rede como um sensor de segurança A rede como um sensor de segurança
A rede como um sensor de segurança
 
Communications Technologies
Communications TechnologiesCommunications Technologies
Communications Technologies
 
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
 

Más de Robb Boyd

Enterprise-Grade Trust: Collaboration Without Compromise
Enterprise-Grade Trust: Collaboration Without CompromiseEnterprise-Grade Trust: Collaboration Without Compromise
Enterprise-Grade Trust: Collaboration Without CompromiseRobb Boyd
 
TechWiseTV Workshop - Q&A - Cisco Catalyst 9600: Deep Dive and Design Conside...
TechWiseTV Workshop - Q&A - Cisco Catalyst 9600: Deep Dive and Design Conside...TechWiseTV Workshop - Q&A - Cisco Catalyst 9600: Deep Dive and Design Conside...
TechWiseTV Workshop - Q&A - Cisco Catalyst 9600: Deep Dive and Design Conside...Robb Boyd
 
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design ConsiderationsTechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design ConsiderationsRobb Boyd
 
TechWiseTV Workshop - Q&A - Cisco Catalyst 9100 Access Points for Wi-Fi 6
TechWiseTV Workshop - Q&A - Cisco Catalyst 9100 Access Points for Wi-Fi 6TechWiseTV Workshop - Q&A - Cisco Catalyst 9100 Access Points for Wi-Fi 6
TechWiseTV Workshop - Q&A - Cisco Catalyst 9100 Access Points for Wi-Fi 6Robb Boyd
 
TechWiseTV Workshop - Q&A - Application Hosting on the Cisco Catalyst 9000 Sw...
TechWiseTV Workshop - Q&A - Application Hosting on the Cisco Catalyst 9000 Sw...TechWiseTV Workshop - Q&A - Application Hosting on the Cisco Catalyst 9000 Sw...
TechWiseTV Workshop - Q&A - Application Hosting on the Cisco Catalyst 9000 Sw...Robb Boyd
 
TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6
TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6
TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6Robb Boyd
 
TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series Switches
TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series SwitchesTechWiseTV Workshop: Application Hosting on Catalyst 9000 Series Switches
TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series SwitchesRobb Boyd
 
TechWiseTV Workshop 314 - Q&A Cisco SD-WAN Security
TechWiseTV Workshop 314 - Q&A Cisco SD-WAN Security TechWiseTV Workshop 314 - Q&A Cisco SD-WAN Security
TechWiseTV Workshop 314 - Q&A Cisco SD-WAN Security Robb Boyd
 
Technical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series SwitchesTechnical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series SwitchesRobb Boyd
 
The Enhanced Cisco Container Platform
The Enhanced Cisco Container PlatformThe Enhanced Cisco Container Platform
The Enhanced Cisco Container PlatformRobb Boyd
 
TechWiseTV Workshop: Improving Performance and Agility with Cisco HyperFlex
TechWiseTV Workshop: Improving Performance and Agility with Cisco HyperFlexTechWiseTV Workshop: Improving Performance and Agility with Cisco HyperFlex
TechWiseTV Workshop: Improving Performance and Agility with Cisco HyperFlexRobb Boyd
 
TechWiseTV Workshop: SD-WAN Security
TechWiseTV Workshop: SD-WAN SecurityTechWiseTV Workshop: SD-WAN Security
TechWiseTV Workshop: SD-WAN SecurityRobb Boyd
 
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless ControllerTechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless ControllerRobb Boyd
 
Protect Kubernetes Environments with Cisco Stealthwatch Cloud
Protect Kubernetes Environments with Cisco Stealthwatch CloudProtect Kubernetes Environments with Cisco Stealthwatch Cloud
Protect Kubernetes Environments with Cisco Stealthwatch CloudRobb Boyd
 
Incredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIs
Incredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIsIncredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIs
Incredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIsRobb Boyd
 
Infrastructure Solutions for Deploying AI/ML/DL Workloads at Scale
Infrastructure Solutions for Deploying AI/ML/DL Workloads at ScaleInfrastructure Solutions for Deploying AI/ML/DL Workloads at Scale
Infrastructure Solutions for Deploying AI/ML/DL Workloads at ScaleRobb Boyd
 
TechWiseTV Workshop Q&A: Cisco UCS C4200
TechWiseTV Workshop Q&A: Cisco UCS C4200TechWiseTV Workshop Q&A: Cisco UCS C4200
TechWiseTV Workshop Q&A: Cisco UCS C4200Robb Boyd
 
TechWiseTV Workshop: Cisco UCS C4200
TechWiseTV Workshop: Cisco UCS C4200TechWiseTV Workshop: Cisco UCS C4200
TechWiseTV Workshop: Cisco UCS C4200Robb Boyd
 
TechWiseTV Workshop: ASR 9000
TechWiseTV Workshop: ASR 9000 TechWiseTV Workshop: ASR 9000
TechWiseTV Workshop: ASR 9000 Robb Boyd
 
TechWiseTV Workshop: Q&A Cisco Hybrid Cloud Platform for Google Cloud
TechWiseTV Workshop: Q&A Cisco Hybrid Cloud Platform for Google CloudTechWiseTV Workshop: Q&A Cisco Hybrid Cloud Platform for Google Cloud
TechWiseTV Workshop: Q&A Cisco Hybrid Cloud Platform for Google CloudRobb Boyd
 

Más de Robb Boyd (20)

Enterprise-Grade Trust: Collaboration Without Compromise
Enterprise-Grade Trust: Collaboration Without CompromiseEnterprise-Grade Trust: Collaboration Without Compromise
Enterprise-Grade Trust: Collaboration Without Compromise
 
TechWiseTV Workshop - Q&A - Cisco Catalyst 9600: Deep Dive and Design Conside...
TechWiseTV Workshop - Q&A - Cisco Catalyst 9600: Deep Dive and Design Conside...TechWiseTV Workshop - Q&A - Cisco Catalyst 9600: Deep Dive and Design Conside...
TechWiseTV Workshop - Q&A - Cisco Catalyst 9600: Deep Dive and Design Conside...
 
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design ConsiderationsTechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
 
TechWiseTV Workshop - Q&A - Cisco Catalyst 9100 Access Points for Wi-Fi 6
TechWiseTV Workshop - Q&A - Cisco Catalyst 9100 Access Points for Wi-Fi 6TechWiseTV Workshop - Q&A - Cisco Catalyst 9100 Access Points for Wi-Fi 6
TechWiseTV Workshop - Q&A - Cisco Catalyst 9100 Access Points for Wi-Fi 6
 
TechWiseTV Workshop - Q&A - Application Hosting on the Cisco Catalyst 9000 Sw...
TechWiseTV Workshop - Q&A - Application Hosting on the Cisco Catalyst 9000 Sw...TechWiseTV Workshop - Q&A - Application Hosting on the Cisco Catalyst 9000 Sw...
TechWiseTV Workshop - Q&A - Application Hosting on the Cisco Catalyst 9000 Sw...
 
TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6
TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6
TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6
 
TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series Switches
TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series SwitchesTechWiseTV Workshop: Application Hosting on Catalyst 9000 Series Switches
TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series Switches
 
TechWiseTV Workshop 314 - Q&A Cisco SD-WAN Security
TechWiseTV Workshop 314 - Q&A Cisco SD-WAN Security TechWiseTV Workshop 314 - Q&A Cisco SD-WAN Security
TechWiseTV Workshop 314 - Q&A Cisco SD-WAN Security
 
Technical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series SwitchesTechnical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series Switches
 
The Enhanced Cisco Container Platform
The Enhanced Cisco Container PlatformThe Enhanced Cisco Container Platform
The Enhanced Cisco Container Platform
 
TechWiseTV Workshop: Improving Performance and Agility with Cisco HyperFlex
TechWiseTV Workshop: Improving Performance and Agility with Cisco HyperFlexTechWiseTV Workshop: Improving Performance and Agility with Cisco HyperFlex
TechWiseTV Workshop: Improving Performance and Agility with Cisco HyperFlex
 
TechWiseTV Workshop: SD-WAN Security
TechWiseTV Workshop: SD-WAN SecurityTechWiseTV Workshop: SD-WAN Security
TechWiseTV Workshop: SD-WAN Security
 
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless ControllerTechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
 
Protect Kubernetes Environments with Cisco Stealthwatch Cloud
Protect Kubernetes Environments with Cisco Stealthwatch CloudProtect Kubernetes Environments with Cisco Stealthwatch Cloud
Protect Kubernetes Environments with Cisco Stealthwatch Cloud
 
Incredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIs
Incredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIsIncredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIs
Incredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIs
 
Infrastructure Solutions for Deploying AI/ML/DL Workloads at Scale
Infrastructure Solutions for Deploying AI/ML/DL Workloads at ScaleInfrastructure Solutions for Deploying AI/ML/DL Workloads at Scale
Infrastructure Solutions for Deploying AI/ML/DL Workloads at Scale
 
TechWiseTV Workshop Q&A: Cisco UCS C4200
TechWiseTV Workshop Q&A: Cisco UCS C4200TechWiseTV Workshop Q&A: Cisco UCS C4200
TechWiseTV Workshop Q&A: Cisco UCS C4200
 
TechWiseTV Workshop: Cisco UCS C4200
TechWiseTV Workshop: Cisco UCS C4200TechWiseTV Workshop: Cisco UCS C4200
TechWiseTV Workshop: Cisco UCS C4200
 
TechWiseTV Workshop: ASR 9000
TechWiseTV Workshop: ASR 9000 TechWiseTV Workshop: ASR 9000
TechWiseTV Workshop: ASR 9000
 
TechWiseTV Workshop: Q&A Cisco Hybrid Cloud Platform for Google Cloud
TechWiseTV Workshop: Q&A Cisco Hybrid Cloud Platform for Google CloudTechWiseTV Workshop: Q&A Cisco Hybrid Cloud Platform for Google Cloud
TechWiseTV Workshop: Q&A Cisco Hybrid Cloud Platform for Google Cloud
 

Último

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Último (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Hands-On Encrypted Traffic Analytics

  • 1. Hands on Encrypted Traffic Analytics January 17,2018
  • 2. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Networks are becoming more and more opaque
  • 3. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential New threat landscape 38% 62% Organizations are at risk Decrypt Do not decrypt New attack vectors • Employees browsing over HTTPS: Malware infection, covert channel with command and control server, data exfiltration • Employees on internal network connecting to DMZ servers: Lateral propagation of encrypted threats cannot detect malicious content in encrypted traffic of attackers used encryption to evade detection of organizations have been victims of a cyber attack 41%81% 64% Source: Ponemon Report, 2016
  • 4. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Web Traffic A growing problem: malware in encrypted traffic 2019 >80% encrypted >55% encrypted May 2017
  • 5. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Network Users HQ Data Center Admin Branch RECORD every conversation Understand what is NORMAL Be alerted to CHANGE KNOW every host Respond to THREATS quickly Effective security depends on total visibility Roaming Users Cloud
  • 6. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Privacy AND Security Now Available: Cisco Encrypted Traffic Analytics Industry’s first network with the ability to find threats in encrypted traffic without decryption Avoid, stop, or mitigate threats faster then ever before | Real-time flow analysis for better visibility Encrypted traffic Non-encrypted traffic
  • 7. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Malware Detection Known Malware Traffic Known Benign Traffic Extract Observable Features in the Data Employ Machine Learning techniques to build detectors Known Malware sessions detected in encrypted traffic with high accuracy “Identifying Encrypted Malware Traffic with Contextual Flow Data” AISec ’16 | Blake Anderson, David McGrew (Cisco Fellow ) Cisco Research
  • 8. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Finding malicious activity in encrypted traffic Cisco Stealthwatch® Machine Learning M alware de tection and cryptographi c compliance Telemetry Exporter* Ne tFlow Enhanced Ne tFlow Te lemetry for e ncrypted malware detection and cryptographic compliance * Catalyst, ISR, ASR, CSR are supported Enhanced analytics and machine learning Global-to-local knowledge correlation Enhanced NetFlow from Cisco’s newest switches and routers Continuous Enterprise-wide compliance Leveraged network Faster investigation Higher precision Stronger protection M etadata
  • 9. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Make the most of the unencrypted fields Identify the content type through the size and timing of packets Initial data packet Sequence of packet lengths and times How can we inspect encrypted traffic? Self-Signed certificate Data exfiltration C2 message Who’s who of the Internet’s dark side Global Risk Map Broad behavioral information about the servers on the Internet.
  • 10. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Threat discrimination thru correlation Global Risk MapInitial Data Packet Sequence of Packet Lengths and Times Multi-layer Machine Learning
  • 11. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Campu s Branch Cloud Extended Enterprise Network Visibility News: ETA expands into the cloud and branch office ISR & ASR NEW CSR 1000V NEW Catalyst 9000
  • 12. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Encrypted Traffic Analytics Telemetry
  • 13. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 Encrypted Traffic Analytics Overview ETA Data Features Outcomes Routers/Switches Packet Capture Devices Other Exporters Exporters of Netflow SPLT BD*IDP ETA Enhanced Analytics Cryptographic Compliance Malware Detection Analytics srcIP, dstIP, srcPort, dstPort, prot, startTime, stopTime, numBytes, numPackets, IDP, SPLT, BD Sequence of Packet Lengths and Times The SPLT field gives us visibility beyond the first packet of the encrypted flows. Byte Distribution The BD keeps a count for each byte value encountered in the payloads of the packets of the flow being analyzed Initial Data Packet The first packets of any connection contain valuable data about the content. *BD in fast follow release
  • 14. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • HTTPS header contains several information-rich fields • Server name provides domain information • Crypto information educates us on client and server behavior and application identity • Certificate information is similar to whois information for a domain • And much more can be understood when we combine the information with global data Initial Data Packet
  • 15. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential SPLT shows TLS Metadata differences Client Server Sent Packets Received Packets Google search Page Download Exfiltration & Keylogging Initiate Command & Control Model Packet lengths, arrival times and durations tend to be inherently different for malware than benign traffic.
  • 16. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Behavioral Patterns w.r.t. SPLT (Packet Lengths/Times) BestaferaFirefoxSelf-RepairGoogle Search Self-Signed Certificate Data Exfiltration Red = Unencrypted Handshake Messages C2 Message Initial Page Load FirefoxReal- Time Feedback Page Refresh Autocomplete
  • 17. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Anomaly detection Trust modeling Event classification Entity modeling Relationship modeling Global risk map Threat correlation Internet scrapers Encrypted Traffic Analytics Threat Grid Anomalous Requests Processed NetFlow + Proxy (weblog) Threat Incidents (aggregated events) Malicious Events (telemetry sequences) Power of multi-layer machine learning Threat Analytics at Scale 50,000 incidents per day 10B requests per day Incidents Threat context Telemetry Features Layer 1 Layer 2 Layer 3
  • 18. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cryptographic Compliance 1000111010011101 110000 0100001100001 1100 0111010011101 0001110 1001 1101 1110011 011 Encryption TLS/SSL Version TLS 1.2 Encryption Key Exchange RSA Encryption Algorithm and Key Length RSA_128 1000111010011101 110000 0100001100001 1100 0111010011101 0001110 1001 1101 1110011 011 89cZ 274eb60f9547 c22c302ae 2ae85 89c22ae 858922c302ae C9996 fbb9 e2d291fcc 22ae85e 89cZ 274eb60f9547 c22c302ae 2ae85 89c22ae 858922c302ae C9996 fbb9 e2d291fcc 22ae85e Encryption TLS/SSL Version NONE Encryption Key Exchange RSA Encryption Algorithm and Key Length RSA_128
  • 19. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Demonstration
  • 20. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What do you buy? Licensing, packaging… Solution element Software version License Enterprise switches (Cisco® Catalyst® 9000 Series)* Cisco IOS® XE 16.6.1+ Included in Cisco DNA™ Advantage license/ Cisco ONE™ Advanced Branch routers (ASR 1000 Series, 4000 Series ISR, CSR, ISRv, 1100 Series ISR)** Cisco IOS XE 16.6.2+ Included in SEC/k9 license Cisco ONE foundation Stealthwatch Enterprise v6.9.2+ Management Console, Flow Collector, Flow Rate License *C9300 series with 16.6.1, C9400 series available with 16.6.2 **Available for Proof of Concept (PoC) with 16.6.1, General availability in 16.6.2
  • 21. C97-739122-01 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Next Steps Learn more about ETA http://www.cisco.com/go/eta
  • 22. Thank you for watching!