© 2006 Property of Lancope. Proprietary and Confidential. Lancope and Emory University:...
-
Upload
osborne-stewart -
Category
Documents
-
view
221 -
download
0
Transcript of © 2006 Property of Lancope. Proprietary and Confidential. Lancope and Emory University:...
© 2006 Property of Lancope. Proprietary and Confidential.
Lancope and Emory University: Illuminating (and Securing) the Network
Andy Wilson
Senior Systems Engineer
© 2007 Property of Lancope. Proprietary and Confidential.
• Copyright Lancope Inc. 2007.• This work is the intellectual property of the author.
Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.
© 2007 Property of Lancope. Proprietary and Confidential.
6 years focused research in flow-based(proprietary, NetFlow, sFlow) network security technologies
Based in Atlanta, GA. Holder of 8 Patents.
Founded in 2000 by Dr. John Copeland-Georgia Tech
$24M Venture funding by Canaan Partners, GMG Capital, HIG Ventures and Council Ventures
Experienced Management and Research teams
Flagship product, StealthWatch™, leading enterprise Network Behavior Analysis (NBA) solution
Mature product line (v5.6 – March 2007)
300 customers, protecting 35+ million hosts
About Lancope
IMSP Member
© 2007 Property of Lancope. Proprietary and Confidential.
Benefits of Flow-based Network Behavior Analysis
• Leverage existing flow data: the “Who, What, When,
Where and How” of network traffic– NetFlow – Cisco / Juniper
– sFlow - Foundry / Extreme / ProCurve
– cFlow - Juniper
• By turning all routers and switches into a virtual
surveillance system
• Provides valuable intelligence about:– Network Users and Applications
– Peak Usage Times
– Traffic Routing
– Security and Network Health
© 2007 Property of Lancope. Proprietary and Confidential.
The Solution: StealthWatch
StealthWatch is the flow-based, real-time, single data set for actionable intelligence for Security, Network and IT Operations.
Optimizing Security and Network Operations™
© 2007 Property of Lancope. Proprietary and Confidential.
Behavior Rather than Signatures
Analyze Flows… Establish baseline…
Alarm on changes in behavior…
Number of concurrent flows
Packets per sec
Bits per second
New flows created
Number of SYNs sent
Time of day
Number of SYNs received
Rate of connection resets
Duration of the flow
<Many others>
© 2007 Property of Lancope. Proprietary and Confidential.
StealthWatch: Functional Overview
Collect and Process 130 Unique Flow
Statistics
ApplyOver 130
StealthWatchAlgorithms
GenerateAlarms, Alerts,and Reports
Build Profile of 90+ Host Attributes Send SYSLOG,
SNMP, and Emails
Perform Mitigation Action
Display in UI
Mirror Port, SPAN, or Tap
Cisco (NetFlow)
Foundry (sFlow)
GenerateProfile-Enhanced
Alarms, Alerts,and Reports
Store Detailed Log of All Flows
© 2007 Property of Lancope. Proprietary and Confidential.
Gaining Visibility + Scalable Deployment
© 2007 Property of Lancope. Proprietary and Confidential.
StealthWatch: Optimizing Security & Network Operations
Flows
© 2007 Property of Lancope. Proprietary and Confidential.
StealthWatch Functional Benefits: Security Operations
© 2007 Property of Lancope. Proprietary and Confidential.
StealthWatch Functional Benefits: Network Operations
© 2007 Property of Lancope. Proprietary and Confidential.
Links
• http://www.lancope.com
• http://www.foundrynet.com/pdf/wp-lancope-sflow.pdf
• http://www.gartner.com/
• http://www.educause.edu/LancopeProductsandServices/12827
© 2007 Property of Lancope. Proprietary and Confidential.
Questions??