Javier Nieto León

Flowmon Solution & Secure IT

Area Manager Iberia

Your Network Under Control

International vendor devoted to innovative networktraffic & performance & security monitoring

Who We are

600+ customers in 30+ countries

Strong R&D background

First 100G probes

in the world

100 % channel oriented

The only vendor recognized in both NetFlow related Gartner reports – network visibility & security

Achievements

Alliance partner of the premium technology vendors

Agenda

Network Visibility

IT Operations

Network Performance Monitoring and Diagnostics

Application PerformanceMontoring

Security

Network BehavioralAnalysis

DDoS Detection & Mitigation

NPMD APM NBA DDoS

Why? What to use it for?

How you can effectively protect and managesomething, if you have no visibility into it?

Network Visibility & Security

Next Generation Network Traffic &Performance Monitoring (NetFlow/IPFIX)

▪ Provides visibility – “eyes” into the network traffic

▪ Reduces mean-time to resolve, builds up efficiency

▪ Enables to reduce operational costs

▪ Reduces downtimes, ensures company productivity

Value Proposition – Network

Gartner states that flow analysis should be one 80% of operational issues. Recommendation:

Implement NetFlow/IPFIX to allow better easurement of user experience.

Network utilization

The administrator has the list of end-points which caused the unexpected traffic in few steps.

How Flowmon helped?

Fast Root Cause Analysis

MTTR reduction and cost optimization when troubleshooting

Compelling evidence

• Application downtime and slowness mean financial loses▪ Customers leave

▪ Employees are not efficient

• Measure user experience for all user –measure application responsiveness

• Distinguish between network delay and application/database delay▪ Measure and correlate transactions

• Find the problems and fix it before users experience them

Challenges

Gartner’s industry surveys estimate the cost of downtime to $5,600/min.

Flowmon APM Customer Use Case

Customer Portal

Initial situation

Director of IT

Application admin

Infrastructure admin

There is some issue with the application Vitakarta that we need to address.

Our monitoring shows normal operation. We are not aware of any errors.

Our infrastructure is running fine. Users have

slow Internet connection.

Application Performance Monitoring

▪ Agentless measurement of user experience

▪ Fast application delays and error troubleshooting

▪ Ensures customers and employee satisfaction

▪ Minimizes SLA breach

Value Proposition – APM

Network-based APM is a cost-effective alternative for customers requiring an easy-to-deploy solution to distinguish between network, application and

database delay when monitoring user experience.

So how do we secure our networks?

Perimeter Security

DMZ VPN

LAN

Firewall

IDS/IPS

UTM

Application firewall

Web filter

E-mail security

SSH Access

End – Point Security

DMZ VPN

LANAntivirus

Personal Firewall

Antimalware

Endpoint DLP

Antirootkit

That is not enough anymore!

LAN Visibility and Security

DMZ VPN

LAN

Network Security Monitoring

90 % of security budget is focusedon the network perimeter,although only 25 % of the attacksare focused on that point in thenetwork.“– Gary Newe, F5’s director ofsystems engineering

…the malware reallyworks?

from user perspective is everythingOK

malware have access to wholetraffic

malware have access to login infoand passwords

…IT is not monitoring the traffic?

problem would take several hours, days or week of solving instead of

15 mins

if the malware works, they wouldnot even know…

What if…

NBA Recommendation

Neil MacDonaldVP Distinguished AnalystGartner Security & Risk Management Summit

• Detection and response are more important than blocking and prevention.

• Monitoring and analysis should be at the core of all next-generation security platforms.

Flowmon ADSAnomaly Detection & Network Behavior Analysis (NBA)

Next Generation Network Security -Behavior Analysis & Anomaly Detection

▪ Detects and alerts on abnormal behaviors

▪ Reports anomalies and advanced persistent threats

▪ Detect intrusions and attacks not visible by standard signature based tools

Value Proposition – Security

Paul E. Proctor, VP at Gartner: “Network behavior analysis is about higher visibility in

the behavior of your network to cover gaps left by signature based mechanism.”

Examples from the real life

Security Incident

Ransonware Locky

1. Copying file from shared filesystem onto a compromised device2. The original file deleted from the shared filesystem3. Upload of encrypted file back to the shared filesystem

DDoS from BotNet

Real case from Financial Institution

Stations from local network under control of an attackerDetected as an outgoing DDoS attack

Data Transfer from Employee

Real case from Sales organization

Saving internal files to shared disc of YahooDetected as transfer data from LAN to the Internet

Serious incident after investigation

Customer Feedback

“We improved the opportunity to face today's and future cyber threats efficiently”, Martin Gonda, head of telecommunications at Thomayer Hospital

“We increase the safety of our environment and to react faster to unexpected operational incidents”, Peter Skorvanek, Network Administrator at Kia Motors Slovakia

“We chose Flowmon among a dozen different solutions, due to its performance, anomaly detection capabilities”, Wayne Routly, Head of Infrastructure Security at GÉANT UK

“ADS is used to quickly detect sources of security incidents and to increase protection of our customers”, Robert Grabowski, Security Expert at Orange Polska

Technology Landscape

Customer Landscape

Retail, utilities, cities, online, healthcare, universities and manufacturers all rely on Flowmon

“Ensuring of IT security is now easier and more affordable for our

customers. ” Jiri Sedlak, MSc, Director of SEC at

O2 IT ServicesISP/

Telc

oEn

terp

rise

SMB

"We can identify the causes of network issues easier than ever

before."Masahiro Sato, Operations Network

Engineer at SEGA

Live DEMO?...on our booth

...because Network Behavior Analysismatters

• Francisco Valencia

francisco.valencia@secureit.es

+34 911 196 995

• Javier Nieto León

Javier.Nieto@flowmon.com

+420 530 510 600

www.flowmon.com