APD-T01 Telephone Auto-Dialer - Data Center Environment Monitoring
Monitoring the Data Center
-
Upload
lancope-inc -
Category
Technology
-
view
3.496 -
download
2
description
Transcript of Monitoring the Data Center
![Page 1: Monitoring the Data Center](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c2a71af795967298b4f29/html5/thumbnails/1.jpg)
Monitoring the Data Center
Matthew McKinley
Technical Product Marketing Manager
August 22, 2013
![Page 2: Monitoring the Data Center](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c2a71af795967298b4f29/html5/thumbnails/2.jpg)
• The Datacenter as a blind spot
• The major threats:– Malware
– DDoS
• Example of a Datacenter attack– “itsoknoproblembro” attack toolkit
• Bridging the visibility gap with StealthWatch
What we’ll cover today
![Page 3: Monitoring the Data Center](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c2a71af795967298b4f29/html5/thumbnails/3.jpg)
• IPS, NGFW, and AV leave dangerous
blind spots in security
• Placement of these devices has been:– At the edge
– At major intersections in the network
– In front of critical assets
• Yet so much more in happening in the Data Center– VM to VM communication
• A really big blind spot for virtual Data Centers
– Device to device communication within the Data Center
– Non-network access adds a vector for infection
The Data Center as a blind spot
![Page 4: Monitoring the Data Center](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c2a71af795967298b4f29/html5/thumbnails/4.jpg)
And the survey shows…
In your opinion, what are the biggest challenges your organization faces with regard to protecting the IT assets residing in its data centers?
Source: ESG Research Brief, Source: Enterprise Strategy Group (ESG) Top Security Challenges of IT Assets Residing in Data Centers, May 2013
![Page 5: Monitoring the Data Center](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c2a71af795967298b4f29/html5/thumbnails/5.jpg)
• Malware– Non-network access could introduce malware
directly into the Data Center, circumventing perimeter defenses
– The zero day problem
– Evasion of signature-based technologies
• DDoS– Data Centers usually are high-bandwidth
– Commercial servers are attractive targets
– Liability for Data Centers if the attack originates from within
The Big Threats to the Data Center
![Page 6: Monitoring the Data Center](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c2a71af795967298b4f29/html5/thumbnails/6.jpg)
• “itsoknoproblembro”– Terrible name, effective attack
– Toolkit
• Used for compromising things like commercial CMS– Often located in data centers
• Does not make use of botnets– Botnets require many, many hosts
– “itsoknoproblembro” does not have to infect as many machines to get the same result
• The bandwidth of data centers is a powerful tool
Data Center attack example
![Page 7: Monitoring the Data Center](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c2a71af795967298b4f29/html5/thumbnails/7.jpg)
• The perimeter is only part of the story
• Signature-based technologies are critical, but…– They are not the entire solution
• The infrastructure can be used for security using NetFlow– Routers, switches, firewalls, proxies, etc. can be used to
get security telemetry about what’s happening inside
• Behavioral Analysis can discover problems in the “grey area” of security– Spikes in traffic, unusual behavior from a server or a
client, scanning
– StealthWatch!!
The Visibility Gap
![Page 8: Monitoring the Data Center](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c2a71af795967298b4f29/html5/thumbnails/8.jpg)
• StealthWatch is a behavioral analysis solution that:– Looks for changes in network behavior based on a rolling
baseline
• StealthWatch adds other security context such as:– User names
– Application layer information
– Information from edge devices such as firewalls
• StealthWatch monitors for:– Behavioral anomalies
• e.g. spikes in network traffic, inbound, outbound, and within
– Activity with botnets using data from SLIC
• StealthWatch Labs Intelligence Center
– Internal spread of malware
Bridging the Gap
![Page 9: Monitoring the Data Center](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c2a71af795967298b4f29/html5/thumbnails/9.jpg)
DDoS Detection
Bridging the Gap
Malware Infection
Botnet Monitoring
Changes in behavior are crystal clear
![Page 10: Monitoring the Data Center](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c2a71af795967298b4f29/html5/thumbnails/10.jpg)
• Visual queues to make any problem obvious
Visualize the problem
![Page 11: Monitoring the Data Center](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c2a71af795967298b4f29/html5/thumbnails/11.jpg)
THANK
YOU
11© 2013 Lancope, Inc. All rights reserved.
Matthew McKinley
Technical Product Marketing Manager
+1(770)225-6500
![Page 12: Monitoring the Data Center](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c2a71af795967298b4f29/html5/thumbnails/12.jpg)
Get Engaged with Lancope
@Lancope@NetFlowNinjas
SubscribeJoin DiscussionDownload
@stealth_labs
Access StealthWatch
Labs Intelligence Center
Security Research