Unknown threat DNS query Suspicious DNS Query generic

  • Slides: 28
Download presentation

Unknown threat – 有問題的DNS query Suspicious DNS Query (generic: 1 ktjaeh 2 q 5

Unknown threat – 有問題的DNS query Suspicious DNS Query (generic: 1 ktjaeh 2 q 5 d 9 m 1 ri 9 oub. org) Suspicious DNS Query (generic: auzlpnyhbeqj. net) Suspicious DNS Query (generic: bas-info. net) Suspicious DNS Query (generic: bigspeedpro. com) Suspicious DNS Query (generic: cket. maxrevinstaller. com) Suspicious DNS Query (generic: cn-hangzhou. aliyuncs. com) Suspicious DNS Query (generic: conf 1. ppweb. com. cn) Suspicious DNS Query (generic: data. vod. itc. cn) Suspicious DNS Query (generic: dlc. onlinenikan. ru) Suspicious DNS Query (generic: dmjcreloxg. net) Suspicious DNS Query (generic: ebinke. com) Suspicious DNS Query (generic: frkmee. com) Suspicious DNS Query (generic: fuewrwg. info) Suspicious DNS Query (generic: gthmwxxv. info) Suspicious DNS Query (generic: hyxmfqpuotq. org) Suspicious DNS Query (generic: isputkshu. info) Suspicious DNS Query (generic: ixeicxrjts. net) Suspicious DNS Query (generic: jmqoqcmzrst. info) Suspicious DNS Query (generic: kwflvcdn. 000 dn. com) Suspicious DNS Query (generic: m. shouji. 360 tpcdn. com) Suspicious DNS Query (generic: oss. aliyuncs. com) Suspicious DNS Query (generic: otbkphxj. net) Suspicious DNS Query (generic: p 4. zbjimg. com) Suspicious DNS Query (generic: pic. fastapi. net) Suspicious DNS Query (generic: pvabcx. com) Suspicious DNS Query (generic: qwndxgyir. info) 6

各類資訊關聯性分析 � 應用程式 / 資安事件 / 使用者 / IP的關連性分析 15 Filter on Skype and

各類資訊關聯性分析 � 應用程式 / 資安事件 / 使用者 / IP的關連性分析 15 Filter on Skype and User hzielinski Remove Skype to expand view of hzielinski

透過共用資訊進行協同管理 VM Management Network Management Workloads Networks VM-ID • 實體與虛擬可集中化控管 Policies • 可即時監控與統一調整 •

透過共用資訊進行協同管理 VM Management Network Management Workloads Networks VM-ID • 實體與虛擬可集中化控管 Policies • 可即時監控與統一調整 • 自動化的流程整合API Security Management 16

動態群組監控VMware的主機變化 VMware v. Center or ESXi Name IP Guest OS Container web-sjc-01 10. 1.

動態群組監控VMware的主機變化 VMware v. Center or ESXi Name IP Guest OS Container web-sjc-01 10. 1. 1. 2 Ubuntu 12. 04 Web sp-sjc-04 10. 1. 5. 4 Win 2008 R 2 Share. Point 10. 1. 1. 3 10. 4. 2. 2 Ubuntu 12. 04 Web exch-mia-03 10. 4. 2. 2 10. 4. 2. 3 Win 2008 R 2 Exchange exch-dfw-03 10. 1. 5. 8 10. 4. 2. 3 Win 2008 R 2 Exchange sp-mia-07 10. 5. 1. 5 10. 1. 5. 8 10. 5. 1. 2 Win 2008 R 2 Share. Point db-mia-01 db-mia-05 10. 5. 1. 9 db-dfw-02 10. 5. 1. 2 10. 1. 1. 3 web-sjc-02 17 PAN-OS Dynamic Address Groups Ubuntu 12. 04 Name Tags Addresses Share. Point Servers Share. Point Win 2008 R 2 “sp” 10. 1. 5. 4 10. 1. 5. 8 My. SQL Servers My. SQL Ubuntu 12. 04 “db” 10. 5. 1. 5 10. 5. 1. 2 10. 5. 1. 9 Miami DC “mia” 10. 4. 2. 2 10. 1. 5. 8 10. 5. 1. 5 San Jose Linux Web Servers “sjc” “web” Ubuntu 12. 04 10. 1. 1. 2 10. 1. 1. 3 My. SQL PAN-OS Security Policy Source Destination Action San Jose Linux Web Servers Share. Point Servers ✔ My. SQL Servers Miami DC

週期性的報表—圖形化的呈現 § Top N traffic § Top N threat § Top N Unknown client

週期性的報表—圖形化的呈現 § Top N traffic § Top N threat § Top N Unknown client § Top N C&C client 22

週期性的報表—流量地圖的呈現 § Top N traffic § Top N threat § Top N Unknown client

週期性的報表—流量地圖的呈現 § Top N traffic § Top N threat § Top N Unknown client § Top N C&C client 23

Palo Alto Networks 公司簡介 Corporate highlights 成立於 2005 年; 第一個客戶端出貨在 2007 年 REVENUES $MM

Palo Alto Networks 公司簡介 Corporate highlights 成立於 2005 年; 第一個客戶端出貨在 2007 年 REVENUES $MM $598 $600 $396 $400 $255 $200 Safely enabling applications--安全地使用應用程式 $119 $13 $49 $0 FY 09 FY 10 FY 11 FY 12 FY 13 FY 14 能夠精確地定義所有的網路安全需求 卓越的全球客戶技術支援能力 ENTERPRISE CUSTOMERS 19, 000 20, 000 經驗豐富的團隊與全球超過1, 722名的員 16, 000 13, 500 12, 000 FY 14: 超過$598. 2 M的營收與19, 000以上的客戶 8, 000 9, 000 4, 700 4, 000 0 25 Jul-11 Jul-12 Jul-13 Jul-14

Garner Report企業級防火牆的魔術象限 A leader for 3 years in a row in the magic quadrant

Garner Report企業級防火牆的魔術象限 A leader for 3 years in a row in the magic quadrant for enterprise network firewalls “Palo Alto Networks 持續引領 其他友商真實地反應防火牆市 場的需求,同時也引領著企業 級防火牆系統的市場與技術繼 續向前邁進” “Palo Alto Networks continues to both drive competitors to react in the firewall market and to move the overall firewall market forward. ” Gartner, April 2014 26

THANK YOU 討論時間 28

THANK YOU 討論時間 28

DNS frank https url fitdns DNS DNS DNSDNS frank https url fitdns DNS DNS DNS
DNS Setup DNS CONFIGURATION DNS Setup DNS ConfigurationDNS Setup DNS CONFIGURATION DNS Setup DNS Configuration
DNS DNS LDNS DNS DNS Cache NXDOMAIN UDPDNS DNS LDNS DNS DNS Cache NXDOMAIN UDP
DNS Petrus SP DNS DNS DNS adalah DomainDNS Petrus SP DNS DNS DNS adalah Domain
Mail Handling Screening Suspicious Mail SUSPICIOUS MAIL TheMail Handling Screening Suspicious Mail SUSPICIOUS MAIL The
GUIDANCE NOTE ON SUSPICIOUS TRANSACTION AND SUSPICIOUS ACTIVITYGUIDANCE NOTE ON SUSPICIOUS TRANSACTION AND SUSPICIOUS ACTIVITY
DNS recursive query iterative query 2 DNS 1wwwDNS recursive query iterative query 2 DNS 1www
CYBER THREAT INTELLIGENCE What is Threat Intelligence ThreatCYBER THREAT INTELLIGENCE What is Threat Intelligence Threat
Current threat levels Threat Level The threat levelCurrent threat levels Threat Level The threat level
13 Generic abstraction Genericity Generic classes Generic procedures13 Generic abstraction Genericity Generic classes Generic procedures
Generic Servlet Generic Servlet 1 3 Generic ServletGeneric Servlet Generic Servlet 1 3 Generic Servlet
Unknown Substances and Suspicious Packages Kansas City StreetcarUnknown Substances and Suspicious Packages Kansas City Streetcar
SECURITY TRAINING AND THREAT AWARENESS Topics 1 SuspiciousSECURITY TRAINING AND THREAT AWARENESS Topics 1 Suspicious
DNS DNS introduction DNS les domaines ulysse cnamDNS DNS introduction DNS les domaines ulysse cnam
DNS Server EP DNS Sever Paul Albitz DNSDNS Server EP DNS Sever Paul Albitz DNS
DNS Server EP DNS Sever Paul Albitz DNSDNS Server EP DNS Sever Paul Albitz DNS
DNS replikci A DNS szerkezete A DNS kmiaiDNS replikci A DNS szerkezete A DNS kmiai
Ataque ao DNS Eatrutura Hierrquica DNS DNS PorAtaque ao DNS Eatrutura Hierrquica DNS DNS Por
DNS Session 2 DNS cache operation and DNSDNS Session 2 DNS cache operation and DNS
DNS n n n DNS overview DNS operationDNS n n n DNS overview DNS operation
DNS Session 2 DNS cache operation and DNSDNS Session 2 DNS cache operation and DNS
DNS Server Bind 9 DNS DNS Domain NameDNS Server Bind 9 DNS DNS Domain Name
DNS Session 2 DNS cache operation and DNSDNS Session 2 DNS cache operation and DNS
DNS DNS Domain Name System DNS services HostnameDNS DNS Domain Name System DNS services Hostname