Managed Security Services from Symantec
-
Upload
arrow-ecs-uk -
Category
Technology
-
view
10.632 -
download
3
description
Transcript of Managed Security Services from Symantec
Managed Security Services from Symantec
Chris Collier
Presales Specialist – Security
Arrow ECS
Agenda• MSS high-level overview• Industry Examples• Things to think about• Summary• Q&A
Symantec Managed Services
Managed Security Services Mission Statement
Symantec Managed Security Services (MSS) helps organizations anticipate and counteract the constantly changing threat environment by providing:
• Unparalleled global threat visibility.
• Comprehensive edge-to-endpoint incident detection and analysis.
• 24/7 direct access to Symantec’s industry-leading security specialists.
Symantec Managed Security Services
Symantec Managed Security ServicesSecurity Monitoring – 24x7x365 global operation
– >300 staff dedicated to delivering MSS
– >50 GIAC-certified Intrusion Analysts
– 10min Severe Event Escalation Warranty
– High Accuracy, Low False-positive
– Collect , retain and analyse >400B logs per month
– Escalate >400 validated severe incidents per day
across 1,200 Global customers
– Strong Service Governance (ITIL, ISO27001, SSAE 16)
Infrastructure Management– Network IDS/IPS Management Services
– Firewall Management Services
– Symantec Endpoint Protection Management Services
Symantec Managed Security Services
Symantec Managed Security ServicesThe only Gartner recognised leader in ALL regions
Unparalleled Global Intelligence Network
Edge-to-Endpoint Security Monitoring
Enterprise-wide Pricing Model
NIDS
Firewall
WebAppFirewall
HIDS WebProxy
Endpoint OS & Apps
Network Infra. VA
Symantec Managed Security Services
Evolving Threat Landscape
• Targeted attacks• Social networking• Zero-day vulnerabilities and
rootkits• Attack kits• Mobile threats
Critical Protection ChallengesHow MSS Can Help
Stay ahead of threats
Visibility
Focus on top
priorities
Build a sustainable
program
Connect to Business
Symantec Managed Security Services
Where are the gaps?
• Complete coverage of surface area, Edge-to-Endpoint
• Standardise security monitoring across all sites, all geographies, all systems
• Where am I at risk of attack?
Critical Protection Challenges How MSS Can Help
Stay ahead of threats
Visibility
Focus on top
priorities
Build a sustainable
program
Connect to Business
NIDS
Firewall
WebAppFirewall
HIDS WebProxy
Endpoint OS & Apps
Network Infra. VA
Symantec Managed Security Services
Actionable Incidents• Focus on the most critical
problems first• Eliminate the risk of chasing
irrelevant events• Avoid over and under-reacting• Report everything
Critical Protection Challenges How MSS Can Help
Stay ahead of threats
Visibility
Focus on top
priorities
Build a sustainable
program
Connect to Business
Symantec Managed Security Services
Security Operation Demands
• 24x7, Global, Certified• Scalable, Available • Performing• Future ‘proof’ architecture• Recruitment
Critical Protection Challenges How MSS Can Help
Stay ahead of threats
Visibility
Focus on top
priorities
Build a sustainable
program
Connect to Business
Symantec Managed Security Services
How to Demonstrate Value?
• Protect revenue• Process improvement • Predictable cost-base• Measure and report on
effectiveness and improvement• Time-to-Benefit
Critical Protection Challenges How MSS Can Help
Stay ahead of threats
Visibility
Focus on top
priorities
Build a sustainable
program
Connect with
Business
Symantec Managed Security Services
Symantec MSS Portfolio
Log Collection, Retention and Access• 2FA Portal Access, tamper proof, searchable, exportable• PCI and ISO27001 reporting features
Real-time Security Monitoring and Analysis• 24x7 security event monitoring and log analysis• Global Intelligence Network correlation
Security Incident Notification and Reporting• Incident Prioritisation, 10min Severe Event Notification• Real-time security dashboard
Deepsight Global Threat Intelligence• Unified threat Intelligence portal and XML Data Feeds• Vulnerability, Threat and Risk content
Infrastructure Management• Managed Network IDS/IPS, Managed Firewall, Managed SEP
Firewalls
IDS / IPS
Web Proxy
Endpoint
OS & Apps
Switches & Routers
GIN
• Correlate Against GIN
• Anomalous Activity
monitoring• Protect against
Emerging Threats
Essential
Applicable to all Systems with Security
Data
Applicable to Egress Points, such as FW’s
Service Transition
Advanced
Applicable to ALL Systems
Applicable to ALL Systems
Analysis
• Enterprise Wide Security Analysis
• Expert Human Analysis
• Protect Information
Assets
Correlation
• Internal Vulnerabilities
• Rate against Assets
• Analyze against log/alert data
Log Collection
• Collect Logs from Man Systems
• Store Logs Online
• Available for Download and
Reporting
Monitoring Service Tiers
Symantec Managed Security Services
Global Intelligence NetworkIdentifies more threats, takes action faster & prevents impact
Information ProtectionPreemptive Security Alerts Threat Triggered Actions
Global Scope and ScaleWorldwide Coverage 24x7 Event Logging
Rapid Detection
Attack Activity• 240,000+ sensors• 64M total internet sensors• 200+ countries
Malware Intelligence• 180M+ systems monitored• 13 security response
centers
Vulnerabilities• 50,000+ vulnerabilities• 15,000+ vendors• 105,000+ technologies
Spam/Phishing• 5M+ decoy accounts• 8B+ email messages/day• 1B+ web requests/day
Austin, TXMountain View, CACulver City, CA
San Francisco, CA
Taipei, Taiwan
Tokyo, Japan
Dublin, IrelandCalgary, Alberta
Chengdu, China
Chennai, India
Pune, India
Symantec Managed Security Services
Process - Symantec Security Monitoring
Industrial IT Security 2012
Identified .threats
Known vulnerabilities
Business-critical IT assets
Risk-based Prioritization Threat Determined
Firewalls/VPN
IntrusionDetectionSystems
VulnerabilityAssessment
NetworkEquipment
Server and Desktop OS Anti-Virus Applications Databases
User Activity Monitoring
Critical file modifications
Policy
Changes
Malicious IP
Traffic
WebTraffic
Tens of Millions:Raw Events
Millions:Security Relevant Events
Hundreds:Correlated Events
http://paypay.co/vv/config.bin
http://121.242.39.105/www.paypal.us/
account.limited.us/cgi.bin/webscr.htm
http://yeeshiedot.ru/bin/xingaepa.bin
http://zsbiz.in/php/cfg002.bin
http://ww3.irs.gov.binnet11.net/refund/form
http://johgheejae.ru/bin/laangiet.bin
http://push.bbc.co.uk/http-bind/
http://scores.espn.go.com/ncf/caster/snapshot?
sessionId=CFBGamecast9
http://money.cnn.com/.element/ssi/main/2.0/
content_ssi.exclude.html
http://www.sunshine-live.de/typo3temp/
JS_playlistfeed_hash.txt?
9140000/newsid_9141700/
http://cdnedge.bbc.co.uk/sport/hi/english/static/football/statistics
http://js-kit.com/api/echo/subscribe?existingRenderers=
%5B0%2C1%5D&
http://www.youtube.com/set_awesome?
l=425.365&w=0.423165986858345173
http://scores.espn.go.com/ncf/caster/snapshot
http://streamer.money.cnn.com/Streamserver/streamserver.dll?
http://lt.andomedia.com/lt?
http://media.msnbc.com/i/NBCSports/SiteManagement/
Scoreboards/scores/scores_nba.xml?num=4281933
http://www.sunshine-live.de/typo3temp/
JS_playlistfeed_hash.txt?dummy=1288537201691
http://www.pandora.com/radio/xmlrpc/v28?
rid=6989026P&lid=115551214&method=getFragment
http://www.zerohedge.com/rss.xml
http://feeds.feedburner.com/zerohedge/feed?q=rss.xml
http://feeds.feedburner.com/clusterstock?format=xml
http://feeds.feedburner.com/CalculatedRisk
http://www.economist.com/rss/daily_news_and_views_rss.xml
http://feeds.wsjonline.com/wsj/xml/rss/3_7011.xml
http://sports-ak.espn.go.com/espn/rss/news
http://sports-ak.espn.go.com/espn/rss/nfl/news
http://scores.espn.go.com/ncf/caster/snapshot?
sessionId=CFBGamecast9
http://www.crossfit.com/index1.xml
http://moodle.bath.ac.uk/
http://moodle.bath.ac.uk/file.php/52121
http://www.bkme.com/cgi.bin/AUTH-net/netbanking/
login_pers.html
http://kaithuushi.ru/bin/aiphaipi.bin
http://83.70.178.207/www.paypal.com/
account.cgi.bin.limited/cgi.bin/webscr.htm
http://joysmovie.org/sda/66/cfig.bin
http://www.yahoo.com/
http://www.google.com/
http://list.smartfilter.com/cgi-bin/updatelist
http://im.tcs.com:1533/CommunityCBR/
CC.39.31be99b5%200ac11093d/
https://us.otasl.blackberry.com/
http://iddspws.globalinsight.com/service.asmx
http://feeds.feedburner.com/zerohedge/feed?q=rss.xml
http://feeds.feedburner.com/clusterstock?format=xml
http://scores.espn.go.com/ncf/caster/snapshot?
http://cdnedge.bbc.co.uk/sol/shared/json/newsid_
http://feeds.feedburner.com/clusterstock?format=xml
http://feeds.feedburner.com/CalculatedRisk
http://www.economist.com/rss/daily_news_and_views_rss.xml
http://195.5.161.68/~ppherph/zs/cofag56.bin
http://saintsup.com/faq/updates/bins/inf.bin
10.1.25.1 --> 98.77.1.11 - Overnet Client Scan
10.2.1.58 --> 44.75.26.88 - POLICY Yahoo Webmail client chat
10.1.22.7 --> 16.1.82.9 - SHELLCODE base64 x86 NOOP
10.1.11.4 --> 64.99.57.12 - SHELLCODE x86 NOOP
10.2.64.27 --> 18.197.26.177 - SNMP trap udp
19.11.157.22 --> 45.4.55.1 - SQL Query in HTTP Request
48.45.66.99 --> 48.77.88.11 - UDP eDonkey Activity
10.2.1.58 --> 44.75.26.88 - WEB-MISC cat%20 access
10.1.11.4 --> 64.99.57.12 - WEB-PHP test.php access
10.2.64.27 --> 18.197.26.177 - SNMP request udp
10.2.64.27 --> 18.197.26.177 - SNMP public access udp
10.2.1.58 --> 27.192.26.88 - IRC_Rogue_Session
10.1.25.1 --> 98.77.1.11 - Overnet Client Scan
10.2.1.58 --> 44.75.26.88 - POLICY Yahoo Webmail client chat
10.1.22.7 --> 16.1.82.9 - SHELLCODE base64 x86 NOOP
10.1.11.4 --> 64.99.57.12 - SHELLCODE x86 NOOP
10.2.64.27 --> 18.197.26.177 - SNMP trap udp
19.11.157.22 --> 45.4.55.1 - SQL Query in HTTP Request
48.45.66.99 --> 48.77.88.11 - UDP eDonkey Activity
10.2.1.58 --> 44.75.26.88 - WEB-MISC cat%20 access
10.1.11.4 --> 64.99.57.12 - WEB-PHP test.php access
10.2.64.27 --> 18.197.26.177 - SNMP request udp
10.2.64.27 --> 18.197.26.177 - SNMP public access udp
10.2.1.58 --> 27.192.26.88 - IRC_Rogue_Session
192.168.69.97 --> 10.27.200.2 - HTTP_POST_dotdot_data
192.168.64.100 --> 10.35.1.39 - LDAP_Auth_Failed
10.27.153.32 --> 10.11.169.11 - SQL_Injection
65.12.240.98 --> 10.56.30.23 - Email_Calendar_Code_Exec
192.168.69.97 --> 10.56.30.23 - TCP_Port_Scan
10.11.25.10 --> 10.64.24.111 - Image_JPEG_Malformed
10.11.25.10 --> 10.18.14.40 - Image_JPEG_IE_Size_Overflow
200.11.93.162 --> 10.35.1.33 - Ping_Sweep
10.11.25.10 --> 10.27.200.2 - HTTP_GET_DotDot_Data
10.69.0.251 --> 192.168.64.98 - Ping_Flood
10.69.250.8 --> 10.27.200.3 - ICMP_Flood
10.164.250.7 --> 10.12.73.6 - Ping_Sweep
10.68.250.6 --> 10.27.200.3 - HTTP_Executable_Transfer
10.27.200.2 --> 10.11.169.11 - ICMP_Unreachable_Storm
10.56.30.23 --> 10.11.0.12 - HTTP_Auth_TooLong
10.27.200.3 --> 192.168.69.97 - DNS_Truncated_Response
192.168.64.98 --> 192.168.64.100 - HTTP_IIS_Double_Eval_Evasion
68.54.88.88 --> 10.27.153.32 - HTTP_GET_DotDot_Data
10.27.200.3 --> 65.12.240.98 - ICMP_Unreachable_Storm
192.168.64.98 --> 192.168.69.97 - HTTP_GET_DotDot_Data
10.12.73.7 --> 10.11.25.10 - HTTP_Auth_TooLong
202.43.19.162 --> 10.11.25.10 - UDP_Port_Scan
10.51.8.16 --> 200.11.93.162 - SQL_Injection
10.27.142.91 --> 10.11.25.10 - TFTP_Get
10.27.142.91 --> 10.69.0.251 - Audit_TFTP_Get_Filename
10.27.200.3 --> 10.69.250.8 - SQL_Injection
192.168.64.98 --> 10.164.250.7 - TCP_Port_Scan
10.27.200.3 --> 10.68.250.6 - Image_JPEG_Malformed
192.168.64.98 --> 10.27.200.2 - SensorStatistics_Cumulative
10.11.25.10 --> 10.56.30.23 - ICMP_Unreachable_Storm
10.69.0.251 --> 10.27.200.3 - HTTP_GET_DotDot_Data
10.69.250.8 --> 192.168.64.98 - HTTP_Auth_TooLong
10.164.250.7 --> 68.54.88.88 - UDP_Port_Scan
10.68.250.6 --> 10.27.200.3 - SQL_Injection
10.27.200.2 --> 192.168.64.98 - HTTP_POST_dotdot_data
10.56.30.23 --> 10.12.73.7 - LDAP_Auth_Failed
10.27.200.3 --> 202.43.19.162 - SQL_Injection
192.168.64.98 --> 10.51.8.16 - Email_Calendar_Code_Exec
68.54.88.88 --> 10.27.142.91 - TCP_Port_Scan
10.27.200.3 --> 10.27.142.91 - Image_JPEG_Malformed
192.168.64.98 --> 10.27.200.3 - HTTP_GET_DotDot_Data
10.12.73.7 --> 192.168.64.98 - ICMP_Unreachable_Storm
202.43.19.162 --> 10.27.200.3 - SQL_Injection
10.51.8.16 --> 192.168.64.98 - Email_Calendar_Code_Exec
10.27.142.91 --> 10.11.25.10 - TCP_Port_Scan
10.27.142.91 --> 10.69.0.251 - Image_JPEG_Malformed
10.27.200.3 --> 10.69.250.8 - HTTP_Executable_Transfer
10.1.11.4 --> 64.99.57.12 - WEB-PHP test.php access
10.2.64.27 --> 18.197.26.177 - SNMP request udp
10.2.64.27 --> 18.197.26.177 - SNMP public access udp
10.2.1.58 --> 27.192.26.88 - IRC_Rogue_Session
192.168.69.97 --> 10.27.200.2 - HTTP_POST_dotdot_data
192.168.64.100 --> 10.35.1.39 - LDAP_Auth_Failed
10.27.153.32 --> 10.11.169.11 - SQL_Injection
65.12.240.98 --> 10.56.30.23 - Email_Calendar_Code_Exec
192.168.69.97 --> 10.56.30.23 - TCP_Port_Scan
10.11.25.10 --> 10.64.24.111 - Image_JPEG_Malformed
10.11.25.10 --> 10.18.14.40 - Image_JPEG_IE_Size_Overflow
200.11.93.162 --> 10.35.1.33 - Ping_Sweep
10.11.25.10 --> 10.27.200.2 - HTTP_GET_DotDot_Data
10.69.0.251 --> 192.168.64.98 - Ping_Flood
10.69.250.8 --> 10.27.200.3 - ICMP_Flood
10.164.250.7 --> 10.12.73.6 - Ping_Sweep
10.68.250.6 --> 10.27.200.3 - HTTP_Executable_Transfer
10.27.200.2 --> 10.11.169.11 - ICMP_Unreachable_Storm
10.56.30.23 --> 10.11.0.12 - HTTP_Auth_TooLong
10.27.200.3 --> 192.168.69.97 - DNS_Truncated_Response
192.168.64.98 --> 192.168.64.100 - HTTP_IIS_Double_Eval_Evasion
68.54.88.88 --> 10.27.153.32 - HTTP_GET_DotDot_Data
10.27.200.3 --> 65.12.240.98 - ICMP_Unreachable_Storm
192.168.64.98 --> 192.168.69.97 - HTTP_GET_DotDot_Data
10.12.73.7 --> 10.11.25.10 - HTTP_Auth_TooLong
202.43.19.162 --> 10.11.25.10 - UDP_Port_Scan
10.51.8.16 --> 200.11.93.162 - SQL_Injection
10.27.142.91 --> 10.11.25.10 - TFTP_Get
10.27.142.91 --> 10.69.0.251 - Image_JPEG_Malformed
10.27.200.3 --> 10.69.250.8 - HTTP_Executable_Transfer
10.1.11.4 --> 64.99.57.12 - WEB-PHP test.php access
10.2.64.27 --> 18.197.26.177 - SNMP request udp
10.2.64.27 --> 18.197.26.177 - SNMP public access udp
10.2.1.58 --> 27.192.26.88 - IRC_Rogue_Session
200.11.93.162 --> 10.35.1.33 - Ping_Sweep
10.11.25.10 --> 10.27.200.2 - HTTP_GET_DotDot_Data
10.69.0.251 --> 192.168.64.98 - Ping_Flood
10.69.250.8 --> 10.27.200.3 - ICMP_Flood
10.164.250.7 --> 10.12.73.6 - Ping_Sweep
65.12.240.98 --> 10.56.30.23 - Email_Calendar_Code_Exec
192.168.69.97 --> 10.56.30.23 - TCP_Port_Scan
10.11.25.10 --> 10.64.24.111 - Image_JPEG_Malformed
10.11.25.10 --> 10.18.14.40 - Image_JPEG_IE_Size_Overflow
200.11.93.162 --> 10.35.1.33 - Ping_Sweep
10.11.25.10 --> 10.27.200.2 - HTTP_GET_DotDot_Data
10.69.0.251 --> 192.168.64.98 - Ping_Flood
10.69.250.8 --> 10.27.200.3 - ICMP_Flood
10.164.250.7 --> 10.12.73.6 - Ping_Sweep
192.168.69.97 --> 10.27.200.2 - HTTP_POST_dotdot_data
192.168.64.100 --> 10.35.1.39 - LDAP_Auth_Failed
10.27.153.32 --> 10.11.169.11 - SQL_Injection
65.12.240.98 --> 10.56.30.23 - Email_Calendar_Code_Exec
192.168.69.97 --> 10.56.30.23 - TCP_Port_Scan
10.11.25.10 --> 10.64.24.111 - Image_JPEG_Malformed
10.11.25.10 --> 10.18.14.40 - Image_JPEG_IE_Size_Overflow
200.11.93.162 --> 10.35.1.33 - Ping_Sweep
10.11.25.10 --> 10.27.200.2 - HTTP_GET_DotDot_Data
10.69.0.251 --> 192.168.64.98 - Ping_Flood
10.69.250.8 --> 10.27.200.3 - ICMP_Flood
10.164.250.7 --> 10.12.73.6 - Ping_Sweep
10.68.250.6 --> 10.27.200.3 - HTTP_Executable_Transfer
10.27.200.2 --> 10.11.169.11 - ICMP_Unreachable_Storm
10.56.30.23 --> 10.11.0.12 - HTTP_Auth_TooLong
10.27.200.3 --> 192.168.69.97 - DNS_Truncated_Response
192.168.64.98 --> 192.168.64.100 - HTTP_IIS_Double_Eval_Evasion
68.54.88.88 --> 10.27.153.32 - HTTP_GET_DotDot_Data
10.2.1.58 --> 27.192.26.88 - IRC_Rogue_Session
200.11.93.162 --> 10.35.1.33 - Ping_Sweep
10.11.25.10 --> 10.27.200.2 - HTTP_GET_DotDot_Data
10.69.0.251 --> 192.168.64.98 - Ping_Flood
10.69.250.8 --> 10.27.200.3 - ICMP_Flood
10.164.250.7 --> 10.12.73.6 - Ping_Sweep
65.12.240.98 --> 10.56.30.23 - Email_Calendar_Code_Exec
68.54.88.88 --> 10.27.153.32 - HTTP_GET_DotDot_Data
10.27.200.3 --> 65.12.240.98 - ICMP_Unreachable_Storm
192.168.64.98 --> 192.168.69.97 - HTTP_GET_DotDot_Data
10.12.73.7 --> 10.11.25.10 - HTTP_Auth_TooLong
202.43.19.162 --> 10.11.25.10 - UDP_Port_Scan
10.51.8.16 --> 200.11.93.162 - SQL_Injection
10.27.142.91 --> 10.11.25.10 - TFTP_Get
10.27.142.91 --> 10.69.0.251 - Image_JPEG_Malformed
10.27.200.3 --> 10.69.250.8 - HTTP_Executable_Transfer
10.1.11.4 --> 64.99.57.12 - WEB-PHP test.php access
10.2.64.27 --> 18.197.26.177 - SNMP request udp
10.2.64.27 --> 18.197.26.177 - SNMP public access udp
10.2.1.58 --> 27.192.26.88 - IRC_Rogue_Session
200.11.93.162 --> 10.35.1.33 - Ping_Sweep
10.11.25.10 --> 10.27.200.2 - HTTP_GET_DotDot_Data
10.69.0.251 --> 192.168.64.98 - Ping_Flood
10.69.250.8 --> 10.27.200.3 - ICMP_Flood
10.164.250.7 --> 10.12.73.6 - Ping_Sweep
65.12.240.98 --> 10.56.30.23 - Email_Calendar_Code_Exec
192.168.69.97 --> 10.56.30.23 - TCP_Port_Scan
10.11.25.10 --> 10.64.24.111 - Image_JPEG_Malformed
10.11.25.10 --> 10.18.14.40 - Image_JPEG_IE_Size_Overflow
200.11.93.162 --> 10.35.1.33 - Ping_Sweep
10.11.25.10 --> 10.27.200.2 - HTTP_GET_DotDot_Data
10.69.0.251 --> 192.168.64.98 - Ping_Flood
10.69.250.8 --> 10.27.200.3 - ICMP_Flood
10.164.250.7 --> 10.12.73.6 - Ping_Sweep
192.168.69.97 --> 10.27.200.2 - HTTP_POST_dotdot_data
192.168.64.100 --> 10.35.1.39 - LDAP_Auth_Failed
10.27.153.32 --> 10.11.169.11 - SQL_Injection
65.12.240.98 --> 10.56.30.23 - Email_Calendar_Code_Exec
Outbound TCP connection acc from 10.1.25.1 to 10.2.55.17/445
Inbound TCP connection acc from 10.2.75.64 to 10.1.26.85/445
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound TCP connection acc from 10.2.14.1 to 10.1.14.1/445
Outbound TCP connection drop from 10.1.25.1 to 98.77.1.11/25
Outbound UDP connection acc from 10.2.32.11 to 10.1.19.11/137
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Outbound ICMP ping acc from 10.1.25.1 to 10.2.1.11/ 00-08
Outbound TCP connection drop from 10.1.25.1 to 14.231.5.16/25
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 10.2.55.17/445
Inbound TCP connection acc from 10.2.75.64 to 10.1.26.85/445
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound TCP connection acc from 10.2.14.1 to 10.1.14.1/445
Outbound TCP connection drop from 10.1.25.1 to 98.77.1.11/25
Outbound UDP connection acc from 10.2.32.11 to 10.1.19.11/137
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Outbound ICMP ping acc from 10.1.25.1 to 10.2.1.11/ 00-08
Outbound TCP connection drop from 10.1.25.1 to 14.231.5.16/25
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound TCP connection acc from 10.2.14.1 to 10.1.14.1/445
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound TCP connection acc from 10.2.14.1 to 10.1.14.1/445
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 10.2.55.17/445
Inbound TCP connection acc from 10.2.75.64 to 10.1.26.85/445
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound TCP connection acc from 10.2.14.1 to 10.1.14.1/445
Outbound TCP connection acc from 10.1.25.1 to 10.2.55.17/445
Inbound TCP connection acc from 10.2.75.64 to 10.1.26.85/445
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound TCP connection acc from 10.2.14.1 to 10.1.14.1/445
Outbound TCP connection drop from 10.1.25.1 to 98.77.1.11/25
Outbound UDP connection acc from 10.2.32.11 to 10.1.19.11/137
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Outbound ICMP ping acc from 10.1.25.1 to 10.2.1.11/ 00-08
Outbound TCP connection drop from 10.1.25.1 to 14.231.5.16/25
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 10.2.55.17/445
Inbound TCP connection acc from 10.2.75.64 to 10.1.26.85/445
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound TCP connection acc from 10.2.14.1 to 10.1.14.1/445
Outbound TCP connection drop from 10.1.25.1 to 98.77.1.11/25
Outbound UDP connection acc from 10.2.32.11 to 10.1.19.11/137
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Outbound ICMP ping acc from 10.1.25.1 to 10.2.1.11/ 00-08
Outbound TCP connection drop from 10.1.25.1 to 14.231.5.16/25
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound TCP connection acc from 10.2.14.1 to 10.1.14.1/445
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound TCP connection acc from 10.2.14.1 to 10.1.14.1/445
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 10.2.55.17/445
Inbound TCP connection acc from 10.2.75.64 to 10.1.26.85/445
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound TCP connection acc from 10.2.14.1 to 10.1.14.1/445
Outbound TCP connection acc from 10.1.25.1 to 10.2.55.17/445
Inbound TCP connection acc from 10.2.75.64 to 10.1.26.85/445
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound TCP connection acc from 10.2.14.1 to 10.1.14.1/445
Outbound TCP connection drop from 10.1.25.1 to 98.77.1.11/25
Outbound UDP connection acc from 10.2.32.11 to 10.1.19.11/137
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Outbound ICMP ping acc from 10.1.25.1 to 10.2.1.11/ 00-08
Outbound TCP connection drop from 10.1.25.1 to 14.231.5.16/25
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 10.2.55.17/445
Inbound TCP connection acc from 10.2.75.64 to 10.1.26.85/445
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound TCP connection acc from 10.2.14.1 to 10.1.14.1/445
Outbound TCP connection drop from 10.1.25.1 to 98.77.1.11/25
Outbound UDP connection acc from 10.2.32.11 to 10.1.19.11/137
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Outbound ICMP ping acc from 10.1.25.1 to 10.2.1.11/ 00-08
Outbound TCP connection drop from 10.1.25.1 to 14.231.5.16/25
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound TCP connection acc from 10.2.14.1 to 10.1.14.1/445
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound TCP connection acc from 10.2.14.1 to 10.1.14.1/445
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 10.2.55.17/445
Inbound TCP connection acc from 10.2.75.64 to 10.1.26.85/445
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound TCP connection acc from 10.2.14.1 to 10.1.14.1/445
Outbound TCP connection acc from 10.1.25.1 to 10.2.55.17/445
Inbound TCP connection acc from 10.2.75.64 to 10.1.26.85/445
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound TCP connection acc from 10.2.14.1 to 10.1.14.1/445
Outbound TCP connection drop from 10.1.25.1 to 98.77.1.11/25
Outbound UDP connection acc from 10.2.32.11 to 10.1.19.11/137
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Outbound ICMP ping acc from 10.1.25.1 to 10.2.1.11/ 00-08
Outbound TCP connection drop from 10.1.25.1 to 14.231.5.16/25
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 10.2.55.17/445
Inbound TCP connection acc from 10.2.75.64 to 10.1.26.85/445
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound TCP connection acc from 10.2.14.1 to 10.1.14.1/445
Outbound TCP connection drop from 10.1.25.1 to 98.77.1.11/25
Outbound UDP connection acc from 10.2.32.11 to 10.1.19.11/137
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Outbound ICMP ping acc from 10.1.25.1 to 10.2.1.11/ 00-08
Outbound TCP connection drop from 10.1.25.1 to 14.231.5.16/25
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound TCP connection acc from 10.2.14.1 to 10.1.14.1/445
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound TCP connection acc from 10.2.14.1 to 10.1.14.1/445
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 10.2.55.17/445
Inbound TCP connection acc from 10.2.75.64 to 10.1.26.85/445
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound TCP connection acc from 10.2.14.1 to 10.1.14.1/445
Outbound TCP connection acc from 10.1.25.1 to 10.2.55.17/445
Inbound TCP connection acc from 10.2.75.64 to 10.1.26.85/445
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound TCP connection acc from 10.2.14.1 to 10.1.14.1/445
Outbound TCP connection drop from 10.1.25.1 to 98.77.1.11/25
Outbound UDP connection acc from 10.2.32.11 to 10.1.19.11/137
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Outbound ICMP ping acc from 10.1.25.1 to 10.2.1.11/ 00-08
Outbound TCP connection drop from 10.1.25.1 to 14.231.5.16/25
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 10.2.55.17/445
Inbound TCP connection acc from 10.2.75.64 to 10.1.26.85/445
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound TCP connection acc from 10.2.14.1 to 10.1.14.1/445
Outbound TCP connection drop from 10.1.25.1 to 98.77.1.11/25
Outbound UDP connection acc from 10.2.32.11 to 10.1.19.11/137
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Outbound ICMP ping acc from 10.1.25.1 to 10.2.1.11/ 00-08
Outbound TCP connection drop from 10.1.25.1 to 14.231.5.16/25
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound TCP connection acc from 10.2.14.1 to 10.1.14.1/445
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound TCP connection acc from 10.2.14.1 to 10.1.14.1/445
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 10.2.55.17/445
Inbound TCP connection acc from 10.2.75.64 to 10.1.26.85/445
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound TCP connection acc from 10.2.14.1 to 10.1.14.1/445
Outbound TCP connection acc from 10.1.25.1 to 10.2.55.17/445
Inbound TCP connection acc from 10.2.75.64 to 10.1.26.85/445
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound TCP connection acc from 10.2.14.1 to 10.1.14.1/445
Outbound TCP connection drop from 10.1.25.1 to 98.77.1.11/25
Outbound UDP connection acc from 10.2.32.11 to 10.1.19.11/137
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Outbound ICMP ping acc from 10.1.25.1 to 10.2.1.11/ 00-08
Outbound TCP connection drop from 10.1.25.1 to 14.231.5.16/25
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 10.2.55.17/445
Inbound TCP connection acc from 10.2.75.64 to 10.1.26.85/445
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound TCP connection acc from 10.2.14.1 to 10.1.14.1/445
Outbound TCP connection drop from 10.1.25.1 to 98.77.1.11/25
Outbound UDP connection acc from 10.2.32.11 to 10.1.19.11/137
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Outbound ICMP ping acc from 10.1.25.1 to 10.2.1.11/ 00-08
Outbound TCP connection drop from 10.1.25.1 to 14.231.5.16/25
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound TCP connection acc from 10.2.14.1 to 10.1.14.1/445
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound TCP connection acc from 10.2.14.1 to 10.1.14.1/445
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 10.2.55.17/445
Inbound TCP connection acc from 10.2.75.64 to 10.1.26.85/445
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound TCP connection acc from 10.2.14.1 to 10.1.14.1/445
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound UDP connection acc from 10.235.22.11 to
198.28.22.5/53
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Inbound UDP connection acc from 198.28.22.5 to 10.235.22.11/10256
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound UDP connection acc from 10.235.22.11 to
198.28.22.5/53
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Inbound UDP connection acc from 198.28.22.5 to 10.235.22.11/35877
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Inbound UDP connection acc from 18.234.32.11 to 22.28.19.11/137
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound UDP connection acc from 10.235.22.11 to
198.28.22.5/53
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Inbound UDP connection acc from 198.28.22.5 to 10.235.22.11/20463
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Outbound UDP connection acc from 10.235.22.11 to
198.28.22.5/53
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Inbound UDP connection acc from 18.234.32.11 to 22.28.19.11/137
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Inbound UDP connection acc from 198.28.22.5 to 10.235.22.11/38587
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Inbound UDP connection acc from 18.234.32.11 to 22.28.19.11/137
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Inbound UDP connection acc from 198.28.22.5 to 10.235.22.11/38678
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Inbound UDP connection acc from 198.28.22.5 to 10.235.22.11/10256
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound UDP connection acc from 10.235.22.11 to
198.28.22.5/53
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Inbound UDP connection acc from 198.28.22.5 to 10.235.22.11/35877
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Inbound UDP connection acc from 18.234.32.11 to 22.28.19.11/137
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound UDP connection acc from 10.235.22.11 to
198.28.22.5/53
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Inbound UDP connection acc from 198.28.22.5 to 10.235.22.11/20463
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound UDP connection acc from 10.235.22.11 to
198.28.22.5/53
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Inbound UDP connection acc from 198.28.22.5 to 10.235.22.11/10256
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound UDP connection acc from 10.235.22.11 to
198.28.22.5/53
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Inbound UDP connection acc from 198.28.22.5 to 10.235.22.11/35877
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Inbound UDP connection acc from 18.234.32.11 to 22.28.19.11/137
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound UDP connection acc from 10.235.22.11 to
198.28.22.5/53
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Inbound UDP connection acc from 198.28.22.5 to 10.235.22.11/20463
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Outbound UDP connection acc from 10.235.22.11 to
198.28.22.5/53
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Inbound UDP connection acc from 18.234.32.11 to 22.28.19.11/137
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Inbound UDP connection acc from 198.28.22.5 to 10.235.22.11/38587
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Inbound UDP connection acc from 18.234.32.11 to 22.28.19.11/137
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Inbound UDP connection acc from 198.28.22.5 to 10.235.22.11/38678
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Inbound UDP connection acc from 198.28.22.5 to 10.235.22.11/10256
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound UDP connection acc from 10.235.22.11 to
198.28.22.5/53
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Inbound UDP connection acc from 198.28.22.5 to 10.235.22.11/35877
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Inbound UDP connection acc from 18.234.32.11 to 22.28.19.11/137
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound UDP connection acc from 10.235.22.11 to
198.28.22.5/53
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Inbound UDP connection acc from 198.28.22.5 to 10.235.22.11/20463
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound UDP connection acc from 10.235.22.11 to
198.28.22.5/53
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Inbound UDP connection acc from 198.28.22.5 to 10.235.22.11/35877
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Inbound UDP connection acc from 18.234.32.11 to 22.28.19.11/137
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound UDP connection acc from 10.235.22.11 to
198.28.22.5/53
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Inbound UDP connection acc from 198.28.22.5 to 10.235.22.11/20463
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound UDP connection acc from 10.235.22.11 to
198.28.22.5/53
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Inbound UDP connection acc from 198.28.22.5 to 10.235.22.11/35877
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Inbound UDP connection acc from 18.234.32.11 to 22.28.19.11/137
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound UDP connection acc from 10.235.22.11 to
198.28.22.5/53
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Inbound UDP connection acc from 198.28.22.5 to 10.235.22.11/20463
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound UDP connection acc from 10.235.22.11 to
198.28.22.5/53
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Inbound UDP connection acc from 198.28.22.5 to 10.235.22.11/35877
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Inbound UDP connection acc from 18.234.32.11 to 22.28.19.11/137
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound UDP connection acc from 10.235.22.11 to
198.28.22.5/53
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Inbound UDP connection acc from 198.28.22.5 to 10.235.22.11/20463
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound UDP connection acc from 10.235.22.11 to
198.28.22.5/53
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Inbound UDP connection acc from 198.28.22.5 to 10.235.22.11/35877
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Inbound UDP connection acc from 18.234.32.11 to 22.28.19.11/137
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound UDP connection acc from 10.235.22.11 to
198.28.22.5/53
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Inbound UDP connection acc from 198.28.22.5 to 10.235.22.11/20463
Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80
Outbound UDP connection acc from 10.235.22.11 to
198.28.22.5/53
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Inbound UDP connection acc from 198.28.22.5 to 10.235.22.11/35877
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Inbound UDP connection acc from 18.234.32.11 to 22.28.19.11/137
Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80
Outbound UDP connection acc from 10.235.22.11 to
198.28.22.5/53
Device Logs:
15
Without MSSService
LAN 1
LAN 2
Internet
Perimeter FW LAN FW IDS Web Proxy
Web traffic
Windows SMB traffic
Email traffic
Example Stats, one Wednesday afternoon...• Log lines analysed - 15,279,389,291• Number of Incidents Created including Summaries - 7966• Number of Real Time Incidents presented to analysts for
validation – 3124• Number of Real Time Published Incidents – 964 • Number of Summary Published Incidents - 1007• Number of Real Time Critical Incidents – 244
Symantec Managed Services
Symantec MSS Portal
• Customizable modules for organizing data in different ways
• Trend graphs for visibility of incident trends
• New Incidents arrive in real time to the Home Page
• Modular elements customizable to each user
Symantec Managed Security Services
Symantec Managed Security Services
Reliability and Trust - Symantec Managed Security Services has been a Gartner Quadrant Leader for 11 consecutive years
Scalable - Symantec MSS analyzes >12 Billion logs from 727,000 devices every day
Detection - Symantec MSS identifies an average of 15,000 security events and escalates 200 critical incidents every day
Flexible – Symantec has flexible pricing and service levels to deliver the right protection and compliance at the right price.
Personal – Symantec provides Named personnel for transition , service management and security analysis duties to drive personal relationships and customer care
Proven – Symantec Managed Service s clients include 6 of Fortune 10, 44 of Fortune 100 and 117 of Fortune 500
Symantec Managed Security Services
Questions?
Symantec Managed Services