Network Detection and Response: Cloud Security's Missing Link

 It’s the holy trinity of enterprise security:

Gartner’s SOC Visibility Triad.

If you’re not familiar with the triad, here’s a bit of backstory: It comes from the Cold War-era idea of a “Nuclear Triad”—strategic bombers, intercontinental ballistic missiles, and submarines—that significantly reduced the risk of an enemy destroying all of one nation’s nuclear forces in one strike. In short, the Nuclear Triad was a cohesive mechanism that essentially prevented first strikes altogether. In much the same way, modern enterprises can deploy a triad of security measures to significantly reduce the risk of attackers operating on a network long enough to achieve their goals.

This free .Pdf and info - Graph will discuss : THE SOC VISIBILITY TRIAD WHICH INCLUDES:

his is a super free and no registration .Pdf and Info-Graphic is great reading and introduction into the SOC Visibility Triad. Click here to get and read!

The author - Ryan Davis is the Senior Product Marketing Manager for Cloud Security at ExtraHop and is responsible for driving the New Technology product and solutions marketing strategy.

#TheOldcommguy #Virtualmonitoring #cloudmonitoring #GartnerSOCvisibility

Right Tool For The Right Person

 

Funny how this video of me taken about 10+ years ago is still so relevant.

I cannot tell you how frustrating and surprising it is to run into technicians who are not willing to try new tools.

I find this to be more the case with tools or software that you have to pay for. Some technicians will try free software, but not give it a proper chance and quickly go back to their ‘old trusty tool’. If I did that i would have never tried Ethereal, aka Wireshark.

As networks evolve, your methodology, tools and knowledge need to evolve with it. I personally think every analyst should keep up with tools with the same degree of attention that they spend on routers, switches or server configurations.

A great example for Windows users is good old ping. Many analysts are not aware that with every version of operating system, Microsoft is adding new options as well as new utilities. Pathping is another example of a command that I show technicians that totally floors them. I chuckle when they ask, “where do I download that?”, or “when did Microsoft add that?”.

What technicians soon realize is that the specific tools I show them are for specific situations.

Then they notice that I have a ton of utilities that I reach for. Having more than one tool should be a requirement in any occupation.

In this video I use a mechanic as an example of someone who should have more than one tool.

Metathesiophobes Beware (by Paul W. Smith)

 

I was born and raised in Southern California and by the time my wife and I had settled our young family in Santa Barbara (aka Paradise), I swore we would never leave. Nine years later we moved to Niwot, Colorado (aka God’s Country). The scripted answer to “Why?” centered on a job offer that was too good to pass up, but there was also an element of adventure to a fresh start in another state. We certainly felt some trepidation over such a major change, but I still point to the decision as proof that I am not a Tropophobe.

The Network Cleanup

I tend to get a lot of 'Network Cleanup' projects. I think it goes back to the satisfaction I get when things are all neat and tidy - thanks mom. Tim O'Neill even referred to me as the 'Network Janitor' in some of his articles.

Oddly enough, I enjoy figuring out what customers have, how to make it work better, what to replace, what to rip out and delivering the final product; a clean, well documented network. Then again, how many people can identify a Memotec x.25 Pad, 3174 IBM Controller or an IBM 8228 MAU?  Yes, I still run into that stuff. Then there's the whole CSI-type angle where you need to figure out how things ended up in the current state. If I'm lucky I can help consolidate some equipment, or eliminate excessive equipment or cabling. I can't tell you how many times I am referred to as the 'site specialist' with only 2 or 3 weeks at a customer site.

I can really empathize with the network analyst who inherits 20 years of network evolution. But when I ask "Whats this for?", I cringe when the response is "I don't know, but don't touch it".

Once I showed a customer that the 25 pair cable that ran to the terminal server was severed and the Ethernet connection was not connected in an effort to allow me to decommission it. I was floored when they said, "I understand Tony, but leave it alone, someone may need it one day."

I always get asked, "How do you start your cleanups, Tony?". The response is always simple and consistent, "Go for a walk." This is literally where I start. I want to see what can be removed. If I can easily remove obvious equipment and cabling, the remaining equipment seems less daunting. Believe it or not, this is the same methodology I use when troubleshooting

Last week I walked through this site and saw the most simplest things to remove; CAT5 cables with only one end patched, an old modem tie-wrapped to a cabling tray with no serial connection, a CAT5 Cable coiled around a battery backup, a Fibre Optic transceiver with 1 fibre connection hanging,. And lets not forget the CAT5 server cable crimped in the computer room door.

I spent the better part of this week, removing equipment and cabling. I have included some photos for illustrative purposes.

---

Empower your analysis teams with capture profile management!

 Title: Webinar - Empower your analysis teams with capture profile management

Overview -

CloudShark capture profiles are one of the most powerful ways to tailor your analysis view, significantly decreasing the time it takes to solve problems. Your column choices, decode rules, and decryption settings all apply towards making your job easier. In CloudShark 3.7, the new profile manager not only lets you fine-tune your own work, but revolutionizes how your team works with captures - building a curated base of expert profiles that evolves over time and helping all of your analysts and engineers.

Join Tom for a special webinar highlighting profile management in CloudShark.

He’ll show you:

• How profiles work in CloudShark

• Best practices for using them in analysis

• How the profile manager lets you share them with groups

• How create organization-wide profiles unique to your analysis issue

Tom Peterson works at CloudShark helping bring pcap analysis to the web. Getting started with networking at 2005 performing testing at the InterOperability Lab at UNH he began by learning IPv6 and moved from there testing IPsec, firewalls, and other network security devices. Testing a variety of protocols and devices has led to a passion of looking for strange behavior in a pcap file and getting to the bottom of it.