Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Sec Ltrsec-2200 PDF

    Hochgeladen von

    SayaOtanashi
    71 Ansichten11 Seiten

    Originaltitel

    SEC_LTRSEC-2200.pdf

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    71 Ansichten11 Seiten

    Sec Ltrsec-2200 PDF

    Hochgeladen von

    SayaOtanashi

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 11

    Practicing Breach Detection and

    Mitigation with Cisco Advanced


    Security Portfolio

    Karel Simek, Technical Marketing Engineer


    LTRSEC-2200
    Lab Agenda

    Using analytics for breach detection (CTA, OpenDNS)


    Finding local and global file behavior context (ThreatGrid, AMP)
    Establishing priority for unknown threats (all)
    Preliminary block on the endpoint and network level (AMP, ISE)
    Quarantine and root cause analysis (AMP, ISE)
    It is when responding to an active infection
    that a well-thought and operationalized
    security architecture becomes critical
    Karel Simek, TME

    LTRSEC-2200 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
    Lab Focus
    Learn to use Ciscos advanced threat
    portfolio (AMP, CTA, ThreatGrid, ISE) in
    a day-to-day operations
    Show a generic workflow applicable for
    breach detection and mitigation
    Understand limitations of current
    technology and how to overcome them

    Lab Specifics:
    Lots of explanations (and text!)
    Minimum of mindless clicking exercises
    Realistic malware infection

    LTRSEC-2200 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
    CTA Cloud
    Lab Design AMP Cloud UI UI
    TAXII
    Logs upload
    service

    AMP & CTA (clouds)


    WSA (virtual instance) HTTPS:443 HTTPS:443 HTTPS:443
    SCP:22,
    HTTP/HTTPs:80/443

    Splunk (local instance)


    Splunk
    Run locally on
    ISE Student 1 PC

    HTTP:8000

    AMP
    Conn.
    HTTP:8080,
    Student 1 PC SSH:22 vWSA
    192.168.22.30 192.168.22.25

    RDP:3389

    HTTPS:443
    Student Laptop

    LTRSEC-2200 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
    Complete Your Online Session Evaluation
    Please complete your Online
    Session Evaluations after each
    session
    Complete 4 Session Evaluations &
    the Overall Conference Evaluation
    (available from Thursday) to receive
    your Cisco Live T-shirt
    All surveys can be completed via
    the Cisco Live Mobile App or the
    Dont forget: Cisco Live sessions will be available
    Communication Stations for viewing on-demand after the event at
    CiscoLive.com/Online

    LTRSEC-2200 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
    Continue Your Education
    Demos in the Cisco campus
    Walk-in Self-Paced Labs
    Lunch & Learn
    Meet the Engineer 1:1 meetings
    Related sessions

    LTRSEC-2200 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
    Q&A
    Thank You

    Das könnte Ihnen auch gefallen