Professional Documents
Culture Documents
Agenda
Part 1 ' Network
Visualiza3on
Why connected data?
Going beyond network charts
Protect, detect, invesCgate
VisualizaCon and analysis
techniques
Part 2 CyberFlow Analy3cs
Using KeyLines to build a GUI
Cyber security and the IoT
Network visualizaCon for
IntroducCon to
KeyLines
AnCRfraud
Sales / MarkeCng /
CRM
Cyber security
IT
management
Business
Intelligence
+ others
Complian
ce AML /
KYC
PharmaceuC
cals Data
discovery
Process
Why network
visualizaCon?
Understanding
connected data
Protect
Detect
InvesCgate
InvesCgate
Techniques: Dynamic
networks
Techniques: Mapping
Smart Buildings
Smart
Smart Cities
Factories
Segmentation
Policy Violations
Operational
Security (OpSec)
Operational Anomalies
Advanced
Security Threats
Advanced Threats
Identify, alert and build case management
tools on advanced security threats,
including port scanning, protocol tunneling
or suspicious protocols, new connections to
SCADA sensors, data exfiltration
Analytics Positioning
CyberFlow
Streaming Analytics
Whats happening?
Why is it happening?
How is it happening?
Where is it happening?
Whos making it happen?
Traditional
Big Data Analytics
What happened?
Why did it happen?
What might happen?
How can we make it
happen?
by looking at old, historic
data
Descriptive,
Diagnostic, Predictive,
Prescriptive Analytics
Solution outline
Monitor
Machine Learn
Anomalytics
Anomalytics
Solution: Continuous machine learning analytics that provides real-time infrastructure anomaly
detection and contextual awareness of all IP connected devices, thus providing for better
business intelligence, operational intelligence and active situational awareness.
Targeted
Fazio Mechanical
Our system and security measures are in Full
Compliance
Firewalls
SIEM
Anti-Virus
IPS
Industry Compliance
PCI-DSS Compliance
Targeted
FlowScape
Lateral Movement
Data
Center
WAN
Wireless
LAN
Network Core
LAN
ge
Network Ed
Internet
Wireless
LAN
Network Core
LAN
ge
Network Ed
Network Sensor
Net
Sensor
Net
Sensor
Net
Sensor
WAN
Net
Sensor
Wireless
LAN
Network Core
LAN
ge
Network Ed
Network Sensor
Smart Packet Inspection
Device on Demand Deep Packet Inspection
10 Gigabit Ethernet Connection
Tap or Span Port -
Passive Connection
Appliance or VM Image
M2
M3
M4
M5
M6
M7
M8
M9
M10
M111
Device
Device
Session in
IP X
Server
Port
IP X
IP X IP
Client
Server
Protocol
Packets
Payloads
Progress
IP Pairs
by Port
Activity
Port
X Port
Port
IP X Port
Anomalies
Policy Frameworks
M..
Other
Stereoscopic Fusion
Server by Port
IP X IP X Port
Client Port
Protocol Anomalies
Payload
Binocular Fusion
Automation of Clustering
Breach Behaviors
Data Center
FlowScape was installed in data
center at the Environmental Services
Department, where most domains
pass through to go external
SPAN ports were configured to collect
raw packets from Cisco switches
FlowScape providers Real Time
analytics and dashboards
Infrastructure
1200+ network devices
12,000+ workstations
1000+ servers
500+ printers
Customer Benefits
Customer spends $600/infected
device @100/month =
$720K/year
Machine Learning
Day 1
Events
Steady State
Fireworks
Anomalytics
Machine Learn
Command & Control Events
Good vs Bad events
(Security Scan vs
DDoS)
Real-time continuous
Anomaly detection
Backup Servers
NetBIOS traffic
SNMP agents
DNS Servers
19
19
http://www.pcworld.com/article/2139460/sality-malware-growing-old-takes-on-a-new-trick.html
20
20
Any
QuesCons?
corey@cambridgeRintelligen
ce.com louie@cyberowan
alyCcs.com
@Cambridgei
CambridgeRIntelligenc