apm for security forensics enhancing it security with post-event intrusion resolution lakshya labs
TRANSCRIPT
APM for Security Forensics
ENHANCING IT SECURITY WITH POST-EVENT INTRUSION RESOLUTION
Laksh
ya La
bs
Application Performance Management Monitoring and management of performance and availability
of applications.
Detect and diagnose complex application performance problems to maintain an expected LOS.
APM Dimensions
End User Experience
Runtime Application Architecture
Business Transaction
Deep Dive Component Monitoring
Analytics. Laksh
ya La
bs
Whether your corporate network will be compromised?
What to do when the breach is detected ?
Insider attack ? Deep packet Inspection
The best APM solutions : Track and eliminate intrusions as well as fortify existing defenses to prevent future attacks.
Aids in the case of compliance violations, where regulatory agencies often demand a full report .
Laksh
ya La
bs
APM security Features
High-speed (10 Gb and 40 Gb) data center traffic capture.
Expert analytics of network activity.
Filtering using Snort or custom user defined rules .
Event replay and session reconstruction .
Capacity to store petabytes of traffic data for post-event analysis . La
kshya La
bs
Case Study
Situation: Slow network and application response.
Used GigaStor (by Viavi) to perform deep-packet forensic analysis.
Discovery : A device sending a packet to every other device on the network.
Laksh
ya La
bs
Laksh
ya La
bs
Thank You
Laksh
ya La
bs