Network Security Monitoring: Five Use Cases to Push the Limit
iSpeech
There’s nothing like having visibility into the internal activity of endpoints for detecting threats; but you can’t always deploy an agent on every system or get logs from them. The beauty of network monitoring is the wide visibility it provides into the interactions between endpoints, servers and the Internet at large, all with a relatively few points of observation throughout your network, and without touching any endpoints.
In this real training for free session, we will look at five scenarios gleaned from the real world by Ramy Ahmad. Ramy works for LogRhythm and is a trusted security advisor to a number of organizations that take security very seriously. In his work, Ramy has seen some pretty surprising stuff just from having visibility on the network. I hope you’ll find his insights and experience as interesting as I do.
The scenarios we dive into are definitely capabilities you will want to try on the networks you’re monitoring, including:
Tracking OT and IoT – Operational Technology has historically received little attention from IT and IoT is still perceived to be emerging. However, both of these areas deserve vigilance and you might be very surprised - like one of Ramy’s clients - when you start analyzing it on your network
DNS – The bad guys depend on DNS for finding their infrastructure (e.g. command & control) and they exploit it as a communications If you aren’t analyzing DNS queries on your network, you’re missing out.
Database Traffic – At the end of the day, data is the #1 thing we are trying to protect, and that data lives on databases. But how many of us have DB admins that will permit a SIEM agent on their delicately tuned database servers? So, again, the network is a non-intrusive way of getting visibility to that plane of activity.
But as Ramy will show you, you might be very surprised by database traffic flows you didn’t even know were present. Not to mention that the whole Equifax breach could have been detected much sooner if they’d been monitoring DB traffic.
Detecting Ransomware & Clear Text Passwords – stay tuned on this one – it’s interesting!
Detecting Malicious URLs in Emails – detect phishing attacks at the very beginning, which limits the clean up work you have to do if phishing attacks were to progress.
Please join us for this hands-on and technical event where we get down and dirty with packets.
source
Gloss