Wassim

This post contains my notes on the Cisco Webcast title “The Network as Security Enforcer”. The webcast was broadcast on June 30th 2015. The network can be leveraged as an attack detector, or a security enforcer. It can be configured to watch out for threats and, if an attack occurs, it can protect itself from future threats. To be able to prevent attacks, we must see network traffic by device and by user. We must see what type of traffic is crossing our network. What can the network do for us? detect anomalous traffic flows detect application usage and access policy violations detect rogue devices, APs and other What tools can we use to detect that? Netflow : can be leveraged as a forensics tool. Netflow collects raw data that can contain attack signatures. Use Netflow to establish the normal behaviour of the network can be coupled with ISE to answer questions such as “who?, what?, when?,…” Lancope StealthWatch : provides alarming and notifications TrustSec What can th...