SlideShare a Scribd company logo

Harnessing the Power of Metadata for Security

Download as PPTX, PDF
J
John Pollack

Discover the power of network metadata to disrupt the attack chain.

Technology
1 of 20
1© 2016 Gigamon. All rights reserved. A Story about Metadata…......
2© 2016 Gigamon. All rights reserved. Harnessing the Power of Metadata for Security John Pollack Senior Sales Engineer, Gigamon
3© 2016 Gigamon. All rights reserved. First Some Context
4© 2016 Gigamon. All rights reserved. Consider First: There’s Too Much Data 4 Network Speed % of Data Consumable by Tools Signature- and Policy-Based  Advanced AnalyticsSecurity Tools 1Gb  10Gb  40Gb  100Gb Network & Applications Infrastructure This is the BIG DATA problem: Volume of data accelerating faster than the ability of the tools to consume it
5© 2016 Gigamon. All rights reserved. Growth in the “Speed” of Data Time to process a single Ethernet frame on a 100Gbs link with minimum size packets 5©2016 Gigamon. All rights reserved.
6© 2016 Gigamon. All rights reserved. Real-time Threat Prevention Is Getting Harder PARTICULARLY FOR UNKNOWN THREATS Democratization of cyber threats! • 67.2 ns between packets at 10G • For unknown threats, just not enough time, knowledge, or context to make determination Too Little Time • Large established ecosystem of distributors for malware • Sophisticated kits &tools for rent • Front end, back end, and support infrastructure Too Many Bad Guys
7© 2016 Gigamon. All rights reserved. What Can Be Done?
8© 2016 Gigamon. All rights reserved. Remember The Attacker Lifecycle? GOAL IS TO BREAK THE CHAIN – NOT JUST TRY TO PREVENT IT 65432 Phishing & zero day attack Back door Lateral movement Data gathering Exfiltrate 1 Reconnaissance
9© 2016 Gigamon. All rights reserved. What Does It Take? TRIANGULATION THROUGH BIG DATA AND PREDICTIVE ANALYTICS • Specific to each organization • Requires data from across the entire organization Normal-ish Bad-ish Need to establish “Context” Need to understand “Intent” • Built from previous bad behavior, sandboxing, threat information feeds • Build out predictive models Triangulation against both Constant feedback loop
10© 2016 Gigamon. All rights reserved. BUT Context Is Hard To Derive A LABORIOUS AND INEFFICIENT EFFORT IN TODAY’S ENVIRONMENTS Slows Down Analysis, Slows Down Response, Slows Down The Feedback Cycle Consequences • Massive inefficiencies • Too much data • Less control • Performance impact • Different departments • Different access rights • Different formats • Agent requirements • Endpoints and servers • Applications • Switches, routers • Network appliances
11© 2016 Gigamon. All rights reserved. Leverage Network “Metadata”! CONTEXT AND ULTIMATELY FASTER TRIANGULATION User Device ApplicationCloud Virtual Physical The Network Is The Single Most Content Rich Source of Truth!
12© 2016 Gigamon. All rights reserved. Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and subject to change. The Case for Metadata Better Security Efficacy • Reduce massive volumes of data • Extract essential information for security tools to consume Faster Time to Detect • Analyze metadata versus raw packet streams over time • Discover suspicious threats and anomalous behavior Overcome Limited Reach • Security tools do not have access to valuable information in network • E.g.: access to AD server, authoritative DNS requests & responses Separate Signal from Noise • Security tools unable to decipher signal to noise in Big Data • Detect threats more efficiently
13© 2016 Gigamon. All rights reserved. How Can It Be Accomplished?
14© 2016 Gigamon. All rights reserved. The World of Network MetaData DNS query and response information User flow records and session information Kerberos and user login information Server, application connectivity information SSL certificate information HTTP request, response information DHCP query and response information URL access information
15© 2016 Gigamon. All rights reserved. Necessary and Sufficient? Metadata For Fast Approximation
16© 2016 Gigamon. All rights reserved. Necessary And Sufficient? Full Packet Stream For Homing In On Threats
17© 2016 Gigamon. All rights reserved. Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and subject to change. GigaSECURE’s Metadata Engine SPEEDING UP TRIANGULATION -> FASTER ANALYTICS Intrusion Detection System Data Loss Prevention Email Threat Detection IPS (Inline) Anti-Malware (Inline) Forensics GigaVUE-VM and GIgaVUE® Nodes Application Session Filtering SSL Decryption Inline Bypass Context and Intent-based Big Data Analytics NetFlow / IPFIX Generation Metadata Engine DNS query and response information DHCP query and response information URL access Information HTTP request, response information SSL certificate information Kerberos and user login information Server, application connectivity information User flow records and session information
18© 2016 Gigamon. All rights reserved. Consumers of Metadata NetFlow / IPFIX Generation Currently Available Currently Available In progress In progress In progress In progress
19© 2016 Gigamon. All rights reserved. Key Takeaways • Security will increasingly rely on building Context and Intent • Network based metadata followed by programmable packet data streams will become the simplest and most comprehensive approach to security analytics • Gigamon with its GigaSECURE® SDP is uniquely positioned to be the single, best source of both content rich metadata and programmable streams of packet data
20© 2016 Gigamon. All rights reserved. For More Information • GigaSECURE Security Delivery Platform - https://www.gigamon.com/products/technology/gigasecure • Metadata whitepaper – https://www.gigamon.com/sites/default/files/resources/whitepaper/wp- harnessing-the-power-of-metadata-for-security-4068.pdf

Recommended

Visibility and Automation for Enhanced Security
Visibility and Automation for Enhanced SecurityVisibility and Automation for Enhanced Security
Visibility and Automation for Enhanced Securitypatmisasi
 
Zenith Live - Security Lab - Phantom
Zenith Live - Security Lab - PhantomZenith Live - Security Lab - Phantom
Zenith Live - Security Lab - PhantomZscaler
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsRahul Neel Mani
 
Palo Alto Networks - Magnifier
Palo Alto Networks - MagnifierPalo Alto Networks - Magnifier
Palo Alto Networks - MagnifierJisc
 
Gigamon Systems Case Studies
Gigamon Systems Case StudiesGigamon Systems Case Studies
Gigamon Systems Case Studiesgigamon
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...centralohioissa
 
Top 5 predictions webinar
Top 5 predictions webinarTop 5 predictions webinar
Top 5 predictions webinarZscaler
 
Netpluz corp presentation 2020
Netpluz corp presentation 2020Netpluz corp presentation 2020
Netpluz corp presentation 2020Netpluz Asia Pte Ltd
 

Recommended

Visibility and Automation for Enhanced Security
Visibility and Automation for Enhanced SecurityVisibility and Automation for Enhanced Security
Visibility and Automation for Enhanced Securitypatmisasi
 
Zenith Live - Security Lab - Phantom
Zenith Live - Security Lab - PhantomZenith Live - Security Lab - Phantom
Zenith Live - Security Lab - PhantomZscaler
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsRahul Neel Mani
 
Palo Alto Networks - Magnifier
Palo Alto Networks - MagnifierPalo Alto Networks - Magnifier
Palo Alto Networks - MagnifierJisc
 
Gigamon Systems Case Studies
Gigamon Systems Case StudiesGigamon Systems Case Studies
Gigamon Systems Case Studiesgigamon
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...centralohioissa
 
Top 5 predictions webinar
Top 5 predictions webinarTop 5 predictions webinar
Top 5 predictions webinarZscaler
 
Netpluz corp presentation 2020
Netpluz corp presentation 2020Netpluz corp presentation 2020
Netpluz corp presentation 2020Netpluz Asia Pte Ltd
 
Accelerate your digital transformation
Accelerate your digital transformationAccelerate your digital transformation
Accelerate your digital transformationCloudflare
 
Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?Zscaler
 
Intent Based Networking: turning intentions into reality with network securit...
Intent Based Networking: turning intentions into reality with network securit...Intent Based Networking: turning intentions into reality with network securit...
Intent Based Networking: turning intentions into reality with network securit...shira koper
 
Overcoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudOvercoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudZscaler
 
Rethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraRethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraZscaler
 
Faster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsFaster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsZscaler
 
Zero Trust Run-time Kubernetes Security made easy with AccuKnox
Zero Trust Run-time Kubernetes Security made easy with AccuKnoxZero Trust Run-time Kubernetes Security made easy with AccuKnox
Zero Trust Run-time Kubernetes Security made easy with AccuKnoxAccuKnox
 
Virtualized Firewall: Is it the panacea to secure distributed enterprises?
Virtualized Firewall: Is it the panacea to secure distributed enterprises?Virtualized Firewall: Is it the panacea to secure distributed enterprises?
Virtualized Firewall: Is it the panacea to secure distributed enterprises?Zscaler
 
Key Elements of a Security Delivery Platform
Key Elements of a Security Delivery PlatformKey Elements of a Security Delivery Platform
Key Elements of a Security Delivery PlatformJohn Pollack
 
Migration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscalerMigration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscalerZscaler
 
The evolution of IT in a cloud world
The evolution of IT in a cloud worldThe evolution of IT in a cloud world
The evolution of IT in a cloud worldZscaler
 
Dissecting ssl threats
Dissecting ssl threatsDissecting ssl threats
Dissecting ssl threatsZscaler
 
Security as an Accelerator for Cloud Adoption
Security as an Accelerator for Cloud AdoptionSecurity as an Accelerator for Cloud Adoption
Security as an Accelerator for Cloud AdoptionMarketingArrowECS_CZ
 
Be the Hunter
Be the Hunter Be the Hunter
Be the Hunter Rahul Neel Mani
 
DDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & InformationDDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & Informationjenkoon
 
Three Key Steps for Moving Your Branches to the Cloud
Three Key Steps for Moving Your Branches to the CloudThree Key Steps for Moving Your Branches to the Cloud
Three Key Steps for Moving Your Branches to the CloudZscaler
 
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...Erin Sweeney
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Zscaler
 
Rethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraRethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraZscaler
 
Cyber security fundamentals (Cantonese)
Cyber security fundamentals (Cantonese)Cyber security fundamentals (Cantonese)
Cyber security fundamentals (Cantonese)Cloudflare
 
Optimizing your google local listing for search
Optimizing your google local listing for searchOptimizing your google local listing for search
Optimizing your google local listing for searchWebFX
 
Wireless Investigations using Xplico
Wireless Investigations using XplicoWireless Investigations using Xplico
Wireless Investigations using XplicoChris Harrington
 

More Related Content

What's hot

Accelerate your digital transformation
Accelerate your digital transformationAccelerate your digital transformation
Accelerate your digital transformationCloudflare
 
Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?Zscaler
 
Intent Based Networking: turning intentions into reality with network securit...
Intent Based Networking: turning intentions into reality with network securit...Intent Based Networking: turning intentions into reality with network securit...
Intent Based Networking: turning intentions into reality with network securit...shira koper
 
Overcoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudOvercoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudZscaler
 
Rethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraRethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraZscaler
 
Faster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsFaster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsZscaler
 
Zero Trust Run-time Kubernetes Security made easy with AccuKnox
Zero Trust Run-time Kubernetes Security made easy with AccuKnoxZero Trust Run-time Kubernetes Security made easy with AccuKnox
Zero Trust Run-time Kubernetes Security made easy with AccuKnoxAccuKnox
 
Virtualized Firewall: Is it the panacea to secure distributed enterprises?
Virtualized Firewall: Is it the panacea to secure distributed enterprises?Virtualized Firewall: Is it the panacea to secure distributed enterprises?
Virtualized Firewall: Is it the panacea to secure distributed enterprises?Zscaler
 
Key Elements of a Security Delivery Platform
Key Elements of a Security Delivery PlatformKey Elements of a Security Delivery Platform
Key Elements of a Security Delivery PlatformJohn Pollack
 
Migration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscalerMigration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscalerZscaler
 
The evolution of IT in a cloud world
The evolution of IT in a cloud worldThe evolution of IT in a cloud world
The evolution of IT in a cloud worldZscaler
 
Dissecting ssl threats
Dissecting ssl threatsDissecting ssl threats
Dissecting ssl threatsZscaler
 
Security as an Accelerator for Cloud Adoption
Security as an Accelerator for Cloud AdoptionSecurity as an Accelerator for Cloud Adoption
Security as an Accelerator for Cloud AdoptionMarketingArrowECS_CZ
 
DDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & InformationDDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & Informationjenkoon
 
Three Key Steps for Moving Your Branches to the Cloud
Three Key Steps for Moving Your Branches to the CloudThree Key Steps for Moving Your Branches to the Cloud
Three Key Steps for Moving Your Branches to the CloudZscaler
 
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...Erin Sweeney
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Zscaler
 
Rethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraRethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraZscaler
 
Cyber security fundamentals (Cantonese)
Cyber security fundamentals (Cantonese)Cyber security fundamentals (Cantonese)
Cyber security fundamentals (Cantonese)Cloudflare
 

What's hot (20)

Accelerate your digital transformation
Accelerate your digital transformationAccelerate your digital transformation
Accelerate your digital transformation
 
Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?
 
Intent Based Networking: turning intentions into reality with network securit...
Intent Based Networking: turning intentions into reality with network securit...Intent Based Networking: turning intentions into reality with network securit...
Intent Based Networking: turning intentions into reality with network securit...
 
Overcoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudOvercoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the Cloud
 
Rethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraRethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation Era
 
Faster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsFaster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in aws
 
Zero Trust Run-time Kubernetes Security made easy with AccuKnox
Zero Trust Run-time Kubernetes Security made easy with AccuKnoxZero Trust Run-time Kubernetes Security made easy with AccuKnox
Zero Trust Run-time Kubernetes Security made easy with AccuKnox
 
Virtualized Firewall: Is it the panacea to secure distributed enterprises?
Virtualized Firewall: Is it the panacea to secure distributed enterprises?Virtualized Firewall: Is it the panacea to secure distributed enterprises?
Virtualized Firewall: Is it the panacea to secure distributed enterprises?
 
Key Elements of a Security Delivery Platform
Key Elements of a Security Delivery PlatformKey Elements of a Security Delivery Platform
Key Elements of a Security Delivery Platform
 
Migration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscalerMigration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscaler
 
The evolution of IT in a cloud world
The evolution of IT in a cloud worldThe evolution of IT in a cloud world
The evolution of IT in a cloud world
 
Dissecting ssl threats
Dissecting ssl threatsDissecting ssl threats
Dissecting ssl threats
 
Security as an Accelerator for Cloud Adoption
Security as an Accelerator for Cloud AdoptionSecurity as an Accelerator for Cloud Adoption
Security as an Accelerator for Cloud Adoption
 
Be the Hunter
Be the Hunter Be the Hunter
Be the Hunter
 
DDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & InformationDDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & Information
 
Three Key Steps for Moving Your Branches to the Cloud
Three Key Steps for Moving Your Branches to the CloudThree Key Steps for Moving Your Branches to the Cloud
Three Key Steps for Moving Your Branches to the Cloud
 
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
 
Rethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraRethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation Era
 
Cyber security fundamentals (Cantonese)
Cyber security fundamentals (Cantonese)Cyber security fundamentals (Cantonese)
Cyber security fundamentals (Cantonese)
 

Viewers also liked

Optimizing your google local listing for search
Optimizing your google local listing for searchOptimizing your google local listing for search
Optimizing your google local listing for searchWebFX
 
Wireless Investigations using Xplico
Wireless Investigations using XplicoWireless Investigations using Xplico
Wireless Investigations using XplicoChris Harrington
 
AFDC_Cyber2016_SponsorInfo
AFDC_Cyber2016_SponsorInfoAFDC_Cyber2016_SponsorInfo
AFDC_Cyber2016_SponsorInfoDavid Simpson
 
Giga vue hb1 event rolling presentation-final-1
Giga vue hb1 event rolling presentation-final-1Giga vue hb1 event rolling presentation-final-1
Giga vue hb1 event rolling presentation-final-1Christopher Lee
 
Security Onion: peeling back the layers of your network in minutes
Security Onion: peeling back the layers of your network in minutesSecurity Onion: peeling back the layers of your network in minutes
Security Onion: peeling back the layers of your network in minutesbsidesaugusta
 
The Executive’s Guide to a Cohesive Internet Marketing Strategy
The Executive’s Guide to a Cohesive Internet Marketing StrategyThe Executive’s Guide to a Cohesive Internet Marketing Strategy
The Executive’s Guide to a Cohesive Internet Marketing StrategyWebFX
 
Gigamon 1Q15 Investor Relations Presentation
Gigamon 1Q15 Investor Relations PresentationGigamon 1Q15 Investor Relations Presentation
Gigamon 1Q15 Investor Relations PresentationInvestorRelations
 
Inside the circle of trust: Data management for modern enterprises
Inside the circle of trust: Data management for modern enterprisesInside the circle of trust: Data management for modern enterprises
Inside the circle of trust: Data management for modern enterprisesExperian Data Quality
 
Detecting Malicious SSL Certificates Using Bro
Detecting Malicious SSL Certificates Using BroDetecting Malicious SSL Certificates Using Bro
Detecting Malicious SSL Certificates Using BroAndrew Beard
 
Presentationfor lnl
Presentationfor lnlPresentationfor lnl
Presentationfor lnlWebFX
 
The banking & Fintech app market in the United States
The banking & Fintech app market in the United StatesThe banking & Fintech app market in the United States
The banking & Fintech app market in the United StatesAT Internet
 
Maximizing Your Online Presence
Maximizing Your Online PresenceMaximizing Your Online Presence
Maximizing Your Online PresenceWebFX
 
On-Page SEO Checklist
On-Page SEO ChecklistOn-Page SEO Checklist
On-Page SEO ChecklistWebFX
 
WebEx Avago Presentation for Eccolo Media 2010
WebEx Avago Presentation for Eccolo Media 2010WebEx Avago Presentation for Eccolo Media 2010
WebEx Avago Presentation for Eccolo Media 2010Matthew McHale
 
Everything you wanted to know about cabling but were afraid to ask
Everything you wanted to know about cabling but were afraid to askEverything you wanted to know about cabling but were afraid to ask
Everything you wanted to know about cabling but were afraid to askEmulex Corporation
 
Gigamon U - Real Time Real Clear, Real Time Solutions for Today’s Application...
Gigamon U - Real Time Real Clear, Real Time Solutions for Today’s Application...Gigamon U - Real Time Real Clear, Real Time Solutions for Today’s Application...
Gigamon U - Real Time Real Clear, Real Time Solutions for Today’s Application...Grant Swanson
 
Gigamon GigaVue 2404 Hardware Tour
Gigamon GigaVue 2404 Hardware TourGigamon GigaVue 2404 Hardware Tour
Gigamon GigaVue 2404 Hardware TourBill Sipovic
 
Fujitsu Iccad Presentation--Enable 100G
Fujitsu Iccad Presentation--Enable 100GFujitsu Iccad Presentation--Enable 100G
Fujitsu Iccad Presentation--Enable 100Gkennliu
 
Q1 fy15 earnings call slides draft 9-3-2014
Q1 fy15 earnings call slides draft 9-3-2014Q1 fy15 earnings call slides draft 9-3-2014
Q1 fy15 earnings call slides draft 9-3-2014Jo Thorgen
 

Viewers also liked (20)

Optimizing your google local listing for search
Optimizing your google local listing for searchOptimizing your google local listing for search
Optimizing your google local listing for search
 
Wireless Investigations using Xplico
Wireless Investigations using XplicoWireless Investigations using Xplico
Wireless Investigations using Xplico
 
AFDC_Cyber2016_SponsorInfo
AFDC_Cyber2016_SponsorInfoAFDC_Cyber2016_SponsorInfo
AFDC_Cyber2016_SponsorInfo
 
Giga vue hb1 event rolling presentation-final-1
Giga vue hb1 event rolling presentation-final-1Giga vue hb1 event rolling presentation-final-1
Giga vue hb1 event rolling presentation-final-1
 
Eyeing the Onion
Eyeing the OnionEyeing the Onion
Eyeing the Onion
 
Security Onion: peeling back the layers of your network in minutes
Security Onion: peeling back the layers of your network in minutesSecurity Onion: peeling back the layers of your network in minutes
Security Onion: peeling back the layers of your network in minutes
 
The Executive’s Guide to a Cohesive Internet Marketing Strategy
The Executive’s Guide to a Cohesive Internet Marketing StrategyThe Executive’s Guide to a Cohesive Internet Marketing Strategy
The Executive’s Guide to a Cohesive Internet Marketing Strategy
 
Gigamon 1Q15 Investor Relations Presentation
Gigamon 1Q15 Investor Relations PresentationGigamon 1Q15 Investor Relations Presentation
Gigamon 1Q15 Investor Relations Presentation
 
Inside the circle of trust: Data management for modern enterprises
Inside the circle of trust: Data management for modern enterprisesInside the circle of trust: Data management for modern enterprises
Inside the circle of trust: Data management for modern enterprises
 
Detecting Malicious SSL Certificates Using Bro
Detecting Malicious SSL Certificates Using BroDetecting Malicious SSL Certificates Using Bro
Detecting Malicious SSL Certificates Using Bro
 
Presentationfor lnl
Presentationfor lnlPresentationfor lnl
Presentationfor lnl
 
The banking & Fintech app market in the United States
The banking & Fintech app market in the United StatesThe banking & Fintech app market in the United States
The banking & Fintech app market in the United States
 
Maximizing Your Online Presence
Maximizing Your Online PresenceMaximizing Your Online Presence
Maximizing Your Online Presence
 
On-Page SEO Checklist
On-Page SEO ChecklistOn-Page SEO Checklist
On-Page SEO Checklist
 
WebEx Avago Presentation for Eccolo Media 2010
WebEx Avago Presentation for Eccolo Media 2010WebEx Avago Presentation for Eccolo Media 2010
WebEx Avago Presentation for Eccolo Media 2010
 
Everything you wanted to know about cabling but were afraid to ask
Everything you wanted to know about cabling but were afraid to askEverything you wanted to know about cabling but were afraid to ask
Everything you wanted to know about cabling but were afraid to ask
 
Gigamon U - Real Time Real Clear, Real Time Solutions for Today’s Application...
Gigamon U - Real Time Real Clear, Real Time Solutions for Today’s Application...Gigamon U - Real Time Real Clear, Real Time Solutions for Today’s Application...
Gigamon U - Real Time Real Clear, Real Time Solutions for Today’s Application...
 
Gigamon GigaVue 2404 Hardware Tour
Gigamon GigaVue 2404 Hardware TourGigamon GigaVue 2404 Hardware Tour
Gigamon GigaVue 2404 Hardware Tour
 
Fujitsu Iccad Presentation--Enable 100G
Fujitsu Iccad Presentation--Enable 100GFujitsu Iccad Presentation--Enable 100G
Fujitsu Iccad Presentation--Enable 100G
 
Q1 fy15 earnings call slides draft 9-3-2014
Q1 fy15 earnings call slides draft 9-3-2014Q1 fy15 earnings call slides draft 9-3-2014
Q1 fy15 earnings call slides draft 9-3-2014
 

Similar to Harnessing the Power of Metadata for Security

THE ESSENTIAL ELEMENT OF YOUR SECURITY
THE ESSENTIAL ELEMENT OF YOUR SECURITYTHE ESSENTIAL ELEMENT OF YOUR SECURITY
THE ESSENTIAL ELEMENT OF YOUR SECURITYETDAofficialRegist
 
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificadaProteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificadaCristian Garcia G.
 
Where in the world is your Corporate data?
Where in the world is your Corporate data?Where in the world is your Corporate data?
Where in the world is your Corporate data?Ashish Patel
 
In memory computing principles by Mac Moore of GridGain
In memory computing principles by Mac Moore of GridGainIn memory computing principles by Mac Moore of GridGain
In memory computing principles by Mac Moore of GridGainData Con LA
 
TechWiseTV Workshop: Cisco DNA Center Assurance
TechWiseTV Workshop: Cisco DNA Center AssuranceTechWiseTV Workshop: Cisco DNA Center Assurance
TechWiseTV Workshop: Cisco DNA Center AssuranceRobb Boyd
 
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Cloudera, Inc.
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practicesMihajlo Prerad
 
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Keith Kraus
 
Big Data Analytics to Enhance Security
Big Data Analytics to Enhance SecurityBig Data Analytics to Enhance Security
Big Data Analytics to Enhance SecurityData Science Thailand
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec
 
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence WebinarEnhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence WebinarAdelaide Hill
 
2016 Cybersecurity Analytics State of the Union
2016 Cybersecurity Analytics State of the Union2016 Cybersecurity Analytics State of the Union
2016 Cybersecurity Analytics State of the UnionCloudera, Inc.
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session Splunk
 
Cyber Security 101
Cyber Security 101Cyber Security 101
Cyber Security 101Cloudflare
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec
 
Protecting What Matters Most – Data
Protecting What Matters Most – DataProtecting What Matters Most – Data
Protecting What Matters Most – DataFujitsu Middle East
 
Graph Gurus Episode 22: Guarding Against Cyber Security Threats with a Graph ...
Graph Gurus Episode 22: Guarding Against Cyber Security Threats with a Graph ...Graph Gurus Episode 22: Guarding Against Cyber Security Threats with a Graph ...
Graph Gurus Episode 22: Guarding Against Cyber Security Threats with a Graph ...Amanda Morris
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointLancope, Inc.
 
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) MITRE ATT&CK
 

Similar to Harnessing the Power of Metadata for Security (20)

THE ESSENTIAL ELEMENT OF YOUR SECURITY
THE ESSENTIAL ELEMENT OF YOUR SECURITYTHE ESSENTIAL ELEMENT OF YOUR SECURITY
THE ESSENTIAL ELEMENT OF YOUR SECURITY
 
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificadaProteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
 
Where in the world is your Corporate data?
Where in the world is your Corporate data?Where in the world is your Corporate data?
Where in the world is your Corporate data?
 
In memory computing principles by Mac Moore of GridGain
In memory computing principles by Mac Moore of GridGainIn memory computing principles by Mac Moore of GridGain
In memory computing principles by Mac Moore of GridGain
 
TechWiseTV Workshop: Cisco DNA Center Assurance
TechWiseTV Workshop: Cisco DNA Center AssuranceTechWiseTV Workshop: Cisco DNA Center Assurance
TechWiseTV Workshop: Cisco DNA Center Assurance
 
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practices
 
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
 
Big Data Analytics to Enhance Security
Big Data Analytics to Enhance SecurityBig Data Analytics to Enhance Security
Big Data Analytics to Enhance Security
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
 
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence WebinarEnhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
 
2016 Cybersecurity Analytics State of the Union
2016 Cybersecurity Analytics State of the Union2016 Cybersecurity Analytics State of the Union
2016 Cybersecurity Analytics State of the Union
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session
 
Cyber Security 101
Cyber Security 101Cyber Security 101
Cyber Security 101
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
 
Protecting What Matters Most – Data
Protecting What Matters Most – DataProtecting What Matters Most – Data
Protecting What Matters Most – Data
 
Zero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOpsZero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOps
 
Graph Gurus Episode 22: Guarding Against Cyber Security Threats with a Graph ...
Graph Gurus Episode 22: Guarding Against Cyber Security Threats with a Graph ...Graph Gurus Episode 22: Guarding Against Cyber Security Threats with a Graph ...
Graph Gurus Episode 22: Guarding Against Cyber Security Threats with a Graph ...
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the Endpoint
 
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?)
 

Recently uploaded

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 

Recently uploaded (20)

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 

Harnessing the Power of Metadata for Security

  • 1. 1© 2016 Gigamon. All rights reserved. A Story about Metadata…......
  • 2. 2© 2016 Gigamon. All rights reserved. Harnessing the Power of Metadata for Security John Pollack Senior Sales Engineer, Gigamon
  • 3. 3© 2016 Gigamon. All rights reserved. First Some Context
  • 4. 4© 2016 Gigamon. All rights reserved. Consider First: There’s Too Much Data 4 Network Speed % of Data Consumable by Tools Signature- and Policy-Based  Advanced AnalyticsSecurity Tools 1Gb  10Gb  40Gb  100Gb Network & Applications Infrastructure This is the BIG DATA problem: Volume of data accelerating faster than the ability of the tools to consume it
  • 5. 5© 2016 Gigamon. All rights reserved. Growth in the “Speed” of Data Time to process a single Ethernet frame on a 100Gbs link with minimum size packets 5©2016 Gigamon. All rights reserved.
  • 6. 6© 2016 Gigamon. All rights reserved. Real-time Threat Prevention Is Getting Harder PARTICULARLY FOR UNKNOWN THREATS Democratization of cyber threats! • 67.2 ns between packets at 10G • For unknown threats, just not enough time, knowledge, or context to make determination Too Little Time • Large established ecosystem of distributors for malware • Sophisticated kits &tools for rent • Front end, back end, and support infrastructure Too Many Bad Guys
  • 7. 7© 2016 Gigamon. All rights reserved. What Can Be Done?
  • 8. 8© 2016 Gigamon. All rights reserved. Remember The Attacker Lifecycle? GOAL IS TO BREAK THE CHAIN – NOT JUST TRY TO PREVENT IT 65432 Phishing & zero day attack Back door Lateral movement Data gathering Exfiltrate 1 Reconnaissance
  • 9. 9© 2016 Gigamon. All rights reserved. What Does It Take? TRIANGULATION THROUGH BIG DATA AND PREDICTIVE ANALYTICS • Specific to each organization • Requires data from across the entire organization Normal-ish Bad-ish Need to establish “Context” Need to understand “Intent” • Built from previous bad behavior, sandboxing, threat information feeds • Build out predictive models Triangulation against both Constant feedback loop
  • 10. 10© 2016 Gigamon. All rights reserved. BUT Context Is Hard To Derive A LABORIOUS AND INEFFICIENT EFFORT IN TODAY’S ENVIRONMENTS Slows Down Analysis, Slows Down Response, Slows Down The Feedback Cycle Consequences • Massive inefficiencies • Too much data • Less control • Performance impact • Different departments • Different access rights • Different formats • Agent requirements • Endpoints and servers • Applications • Switches, routers • Network appliances
  • 11. 11© 2016 Gigamon. All rights reserved. Leverage Network “Metadata”! CONTEXT AND ULTIMATELY FASTER TRIANGULATION User Device ApplicationCloud Virtual Physical The Network Is The Single Most Content Rich Source of Truth!
  • 12. 12© 2016 Gigamon. All rights reserved. Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and subject to change. The Case for Metadata Better Security Efficacy • Reduce massive volumes of data • Extract essential information for security tools to consume Faster Time to Detect • Analyze metadata versus raw packet streams over time • Discover suspicious threats and anomalous behavior Overcome Limited Reach • Security tools do not have access to valuable information in network • E.g.: access to AD server, authoritative DNS requests & responses Separate Signal from Noise • Security tools unable to decipher signal to noise in Big Data • Detect threats more efficiently
  • 13. 13© 2016 Gigamon. All rights reserved. How Can It Be Accomplished?
  • 14. 14© 2016 Gigamon. All rights reserved. The World of Network MetaData DNS query and response information User flow records and session information Kerberos and user login information Server, application connectivity information SSL certificate information HTTP request, response information DHCP query and response information URL access information
  • 15. 15© 2016 Gigamon. All rights reserved. Necessary and Sufficient? Metadata For Fast Approximation
  • 16. 16© 2016 Gigamon. All rights reserved. Necessary And Sufficient? Full Packet Stream For Homing In On Threats
  • 17. 17© 2016 Gigamon. All rights reserved. Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and subject to change. GigaSECURE’s Metadata Engine SPEEDING UP TRIANGULATION -> FASTER ANALYTICS Intrusion Detection System Data Loss Prevention Email Threat Detection IPS (Inline) Anti-Malware (Inline) Forensics GigaVUE-VM and GIgaVUE® Nodes Application Session Filtering SSL Decryption Inline Bypass Context and Intent-based Big Data Analytics NetFlow / IPFIX Generation Metadata Engine DNS query and response information DHCP query and response information URL access Information HTTP request, response information SSL certificate information Kerberos and user login information Server, application connectivity information User flow records and session information
  • 18. 18© 2016 Gigamon. All rights reserved. Consumers of Metadata NetFlow / IPFIX Generation Currently Available Currently Available In progress In progress In progress In progress
  • 19. 19© 2016 Gigamon. All rights reserved. Key Takeaways • Security will increasingly rely on building Context and Intent • Network based metadata followed by programmable packet data streams will become the simplest and most comprehensive approach to security analytics • Gigamon with its GigaSECURE® SDP is uniquely positioned to be the single, best source of both content rich metadata and programmable streams of packet data
  • 20. 20© 2016 Gigamon. All rights reserved. For More Information • GigaSECURE Security Delivery Platform - https://www.gigamon.com/products/technology/gigasecure • Metadata whitepaper – https://www.gigamon.com/sites/default/files/resources/whitepaper/wp- harnessing-the-power-of-metadata-for-security-4068.pdf