Threat Defence using NetFlow and ISE
Recent trends have lead to the erosion of the security perimeter and increasingly attackers are gaining operational footprints on the network interior. This session takes an in depth look at NetFlow with the goal of leveraging the technology to provide heightened visibility and context into network traffic in order to identify attackers and accelerate incident response. Design, deployment and operational best practices in establishing a NetFlow security monitoring program using the Lancope StealthWatch System as a collection and analysis technology will be presented. Use cases in how to best organise and query NetFlow and how to leverage the Cisco ISE as an additional telemetry source using StealthWatch will be discussed. Further use cases of how to drive an investigation in order to identify an attacker's presence on the network based on the statistical analysis of NetFlow telemetry will be covered. The target audience for this session are network and security administrators and analysts interested in learning how to add NetFlow as a component of their security operations centre.