PACKETVIPER NEXT GENERATION GEO-IP FILTER
PACKETVIPER PRESENTATION
GOALS
▸ Healthcare State of the Union
▸ PacketViper Internal LAN Use
▸ Challenges facing internal networks ▸ The importance ▸ Cause and Effect
▸ Volume effect on SIEM’s
AHN “STATE OF THE UNION”
UNDERSTANDING HEALTHCARE NEEDS
▸ Current and future challenges (threats, remediation, human resources)
▸ New technologies acquisitions
▸ Problems to solve
PACKETVIPER INTERNAL USE
INTERNAL CHALLENGES
▸ Traffic Volume
▸ Logging and Alerting
▸ Timely Management of Alerts
▸ Investigation and Remediation
▸ Human Network Resources
▸ Consistency and Vigilance
▸ Breakout risk and control
0102030405060708090
100
WEEK 1 WK1 WK2 WK3 WKK4 WK5 WK6 WK7 WK8 WK9 WK10 WK11 WK12
Excitement Alerting Fatigue Oversight
ALERTING, TIME. RISKS OVERSIGHT
Damballa’s State of Infections Report.Average enterprise network generate an aggregate average of 10,000 security events per day
The scope of work required to identify a genuine infection, or questionable connections from the deluge of security events hitting businesses every day. Security Fatigue is a very real thing and as time passes a convergence of the product (SIEM, Event Manager) excitement, alerting, and fatigue leads to a higher risk of oversight, .
"The sheer volume of alerts received and the limited timeframe available to investigate indicates that manual efforts are not enough"
InfoSecurty Magazine:
IDENTIFYING THREATS AND POTENTIAL BOTTLE NECKS
NETWORK PEAKS, VALLEYS, AND CONGESTION
▸ Identifying the peak traffic by setting baselines periodically
▸ Understanding the business flow and time frames of the peaks
▸ Understanding what is generating the traffic
▸ Who is receiving the traffic
▸ Limiting or Preventing connection
UNITED STATES - MEXICO BORDER
MANAGE INFORMATION OVERLOAD
‣ Reduce garbage in…garbage out.
‣Manage only essential network information within SIEM
‣ Provide traffic control on top of centralized management
‣ Faster operational decisions
PACKETVIPER SOLUTION
▸ Fast Implementation
▸ Controls threats and risky connections at the source network
▸ Limits breakouts, control floods
▸ Reduces information overload
▸ NOT costly to operate
▸ Improves Network and Security teams efficiency
▸ Does not generate additional network load
▸ Does not require agents
▸ Centralized security management
SIMPLIFY, LESSEN, AND CONTROL
STEP 1 STEP 2
PacketViper EM/SIEM
Take control of the connection
Lower logging
Lower false positives
Lower load
Improves Accuracy
Less Alerts
Lower usage
Less Rules
API
Improves
PACKETVIPER SIEM SYNERGY
W I L L PA C K E T V I P E R R E A L LY H E L P Y O U ?
Try our FREE 5*10*25 ProgramGoal: Prove complimentary internal use case
‣ Hardware evolution form ‣ Identify host network segment ‣ Determine inline or mirror
deployment ‣ Deploy PacketViper ‣ Baseline performance ‣ Review traffic and recommend
configuration ‣ Determine network scope