|
BE IN THE KNOW
Join us for a webcast
to
get the answers!
Many successful attacks today fly way under the radar of intrusion detection and security countermeasures that you have in place. Targeted spear phishing techniques combined with "designer" application exploits can gain a foothold inside of your network without any alerts from your IDS, or SIEM products. Once these exploits occur, attackers maintain access to victim networks by installing simple, but effective code that "beacons" to one or more hosts outside of the organization under the control of the adversary.
Well, there are ways to effectively detect this designer malware and keep it from spreading, and to monitor your network for unwanted exploit traffic that may be invisible or misunderstood by your current security countermeasures. This session provides all the information you need to be able to build a monitoring and alerting function to cope with designer malware, beacon Trojans, and advanced data exfiltration techniques.
In less than an hour, you will learn:
- The definition and technology profile of designer malware, beacon Trojans, and advanced exfiltration techniques
- How to use network forensics techniques to investigate designer malware and beacon Trojan activity to understand impact and damage in the case of a breach
- How to build a technology architecture to detect and monitor your network more effectively
- How to improve the overall performance and response time of security operations
Topic: Dramatically Improving Incident Reponse & Network Visibility
Date: Wednesday, March 12, 2008
Time: 1 PM EDT
Duration: 1 hour
|
NetWitness Bridges Security Gap with NextGen
Despite innovations in security technologies, breaches are still occurring regularly. These breaches often exploit the gaps between the
monitoring technologies currently adopted in most layered security models, complicating the investigative and incident response processes,
causing losses to organizations in terms of substantial risk exposure as well as downtime and inefficiency. Even more serious: without
proper network visibility, these incidents may go totally unnoticed for an extended period of time. Attackers recognize that security
countermeasures exist in victim organizations. This recognition has spurred innovation in malicious activity that now includes evasion and
stealth techniques that often hide the attack or the presence of an attacker within an infrastructure. As a result, organizations need higher
levels of network visibility to ensure security as well as to provide the insight necessary to incident investigation.
In response to these new demands, NetWitness has released its flagship product NextGen. NextGen is not a content monitoring and filtering
(CMF), security information and event management (SIEM), intrusion detection, or other standalone security technology. NextGen is a full
packet capture solution that manages captured data in a way that helps solve multiple data-centric information security challenges, which
include data leakage, insider threats, malware detection, compliance, and e-discovery, as well as deep analysis of network performance
issue based on comprehensive network content awareness. This increase in network visibility provides a technology platform for higher levels
of assurance in content filtering, network control, and network management. This maps directly to governance, risk, and compliance efforts by
offering deep visibility into typical network activities at the application layer. This gives organizations the ability to manage risk through
more accurate determination of activity indicative of a potential or actual breach, and network visibility essential to more effective security
and risk management.
Organizations that previously spent large amounts of time investigating events with system level forensics or through log analysis of
multiple systems can dive deeper into analysis of network traffic. Thus, the time spent investigating events not captured by IDS or
firewall logs or incomplete information captured by anomaly detection systems (ADS) can be saved through deeper analysis of network traffic
with NextGen. While NextGen is by no means a replacement for these technologies, it does make them more efficient. NextGen delivers this
efficiency by reducing the amount of time and number of people required to review data through a central network visibility solution, while
reducing the number of technologies used to correlate data in an incident. In terms of an investigation, NextGen can be used as a network-level
solution to reduce the number of systems that must be investigated separately.
EMA believes that a full packet capture utility with forensic capabilities is a necessity in today’s medium-to-large enterprise. Innovations
in attack capabilities have allowed attackers to circumvent several current security countermeasures. New vectors for malware, insider threats,
data leakage and traditional external hacker threats are being discovered every day. It is therefore a necessity for network security to
increase its visibility into the risks and threats borne by the network.
The current threat environment as well as regulatory mandates—particularly those requiring consumer notification in the event of a security
breach—are forcing security teams to be better prepared to answer the demands of an incident investigation. There are distinct gaps between
what security teams can determine based on basic firewall, IPS, and anomaly detection. NetWitness helps to bridge these gaps by giving security
teams tools that provide high network visibility through capturing and logically managing network data directly relevant to an incident
investigation.
[The preceding is an excerpt from an Impact Brief by Enterprise Management Associates. Read the full report
here.]
|
I would like to welcome you to the very first issue of our newsletter, NetWitness Visibility. This medium will bring you the latest analytical perspectives on various cyber threats, related current events within the security field, NetWitness news, announcements, and unique solutions offered through the NetWitness NextGen product suite. NetWitness has differentiated itself in the industry with the launch of NextGen, a revolutionary network monitoring technology that provides visibility way beyond current solutions.
Truth be told, security is simple: You either know. Or you don't know. When you work with NetWitness NextGen, you see everything. Know everything. The new vantage point is refreshingly simple, and refreshingly accurate. In a world full of "shades of gray,' suddenly a switch is turned on. You're not out of the loop any more. You're not flying blind. You're not chasing ghosts. You're in the know.
Nick Lantuh, President
Be in the Know - Knowledge is Security. |
