flowmon solution secure it - seguridad informática · flowmon solution & secure it ... paul e....
TRANSCRIPT
International vendor devoted to innovative networktraffic & performance & security monitoring
Who We are
600+ customers in 30+ countries
Strong R&D background
First 100G probes
in the world
100 % channel oriented
The only vendor recognized in both NetFlow related Gartner reports – network visibility & security
Achievements
Alliance partner of the premium technology vendors
Agenda
Network Visibility
IT Operations
Network Performance Monitoring and Diagnostics
Application PerformanceMontoring
Security
Network BehavioralAnalysis
DDoS Detection & Mitigation
NPMD APM NBA DDoS
Why? What to use it for?
How you can effectively protect and managesomething, if you have no visibility into it?
Network Visibility & Security
Next Generation Network Traffic &Performance Monitoring (NetFlow/IPFIX)
▪ Provides visibility – “eyes” into the network traffic
▪ Reduces mean-time to resolve, builds up efficiency
▪ Enables to reduce operational costs
▪ Reduces downtimes, ensures company productivity
Value Proposition – Network
Gartner states that flow analysis should be one 80% of operational issues. Recommendation:
Implement NetFlow/IPFIX to allow better easurement of user experience.
Network utilization
The administrator has the list of end-points which caused the unexpected traffic in few steps.
How Flowmon helped?
Fast Root Cause Analysis
MTTR reduction and cost optimization when troubleshooting
Compelling evidence
• Application downtime and slowness mean financial loses▪ Customers leave
▪ Employees are not efficient
• Measure user experience for all user –measure application responsiveness
• Distinguish between network delay and application/database delay▪ Measure and correlate transactions
• Find the problems and fix it before users experience them
Challenges
Gartner’s industry surveys estimate the cost of downtime to $5,600/min.
Initial situation
Director of IT
Application admin
Infrastructure admin
There is some issue with the application Vitakarta that we need to address.
Our monitoring shows normal operation. We are not aware of any errors.
Our infrastructure is running fine. Users have
slow Internet connection.
Application Performance Monitoring
▪ Agentless measurement of user experience
▪ Fast application delays and error troubleshooting
▪ Ensures customers and employee satisfaction
▪ Minimizes SLA breach
Value Proposition – APM
Network-based APM is a cost-effective alternative for customers requiring an easy-to-deploy solution to distinguish between network, application and
database delay when monitoring user experience.
Perimeter Security
DMZ VPN
LAN
Firewall
IDS/IPS
UTM
Application firewall
Web filter
E-mail security
SSH Access
Network Security Monitoring
90 % of security budget is focusedon the network perimeter,although only 25 % of the attacksare focused on that point in thenetwork.“– Gary Newe, F5’s director ofsystems engineering
…the malware reallyworks?
from user perspective is everythingOK
malware have access to wholetraffic
malware have access to login infoand passwords
…IT is not monitoring the traffic?
problem would take several hours, days or week of solving instead of
15 mins
if the malware works, they wouldnot even know…
What if…
NBA Recommendation
Neil MacDonaldVP Distinguished AnalystGartner Security & Risk Management Summit
• Detection and response are more important than blocking and prevention.
• Monitoring and analysis should be at the core of all next-generation security platforms.
Next Generation Network Security -Behavior Analysis & Anomaly Detection
▪ Detects and alerts on abnormal behaviors
▪ Reports anomalies and advanced persistent threats
▪ Detect intrusions and attacks not visible by standard signature based tools
Value Proposition – Security
Paul E. Proctor, VP at Gartner: “Network behavior analysis is about higher visibility in
the behavior of your network to cover gaps left by signature based mechanism.”
Ransonware Locky
1. Copying file from shared filesystem onto a compromised device2. The original file deleted from the shared filesystem3. Upload of encrypted file back to the shared filesystem
DDoS from BotNet
Real case from Financial Institution
Stations from local network under control of an attackerDetected as an outgoing DDoS attack
Data Transfer from Employee
Real case from Sales organization
Saving internal files to shared disc of YahooDetected as transfer data from LAN to the Internet
Serious incident after investigation
Customer Feedback
“We improved the opportunity to face today's and future cyber threats efficiently”, Martin Gonda, head of telecommunications at Thomayer Hospital
“We increase the safety of our environment and to react faster to unexpected operational incidents”, Peter Skorvanek, Network Administrator at Kia Motors Slovakia
“We chose Flowmon among a dozen different solutions, due to its performance, anomaly detection capabilities”, Wayne Routly, Head of Infrastructure Security at GÉANT UK
“ADS is used to quickly detect sources of security incidents and to increase protection of our customers”, Robert Grabowski, Security Expert at Orange Polska
Customer Landscape
Retail, utilities, cities, online, healthcare, universities and manufacturers all rely on Flowmon
“Ensuring of IT security is now easier and more affordable for our
customers. ” Jiri Sedlak, MSc, Director of SEC at
O2 IT ServicesISP/
Telc
oEn
terp
rise
SMB
"We can identify the causes of network issues easier than ever
before."Masahiro Sato, Operations Network
Engineer at SEGA
...because Network Behavior Analysismatters
• Francisco Valencia
+34 911 196 995
• Javier Nieto León
+420 530 510 600
www.flowmon.com