Cisco NetFlow for Cyber Security Big Data Analytics

Cisco NetFlow for Cyber Security Big Data Analytics

by Omar Santos
Released April 2016
Publisher(s): Cisco Press
ISBN: 0134469844

Watch it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Video description

More than 6 hours of video training covering everything you need to know to deploy, configure, and troubleshoot NetFlow in many different Cisco platforms and learn big data analytics technologies for cyber security.

Description

Cisco NetFlow for Cyber Security Big Data Analytics walks you through the steps for deploying, configuring, and troubleshooting NetFlow and learning big data analytics technologies for cyber security. Cisco NetFlow creates an environment where network administrators and security professionals have the tools to understand who, what, when, where, and how network traffic is flowing. Cisco NetFlow LiveLessons is a key resource for understanding the power behind the Cisco NetFlow solution.

Omar Santos, a Cisco Product Security Incident Response Team (PSIRT) technical leader and author of Network Security with NetFlow and IPFIX, the CCNA Security 210-260 Official Cert Guide, and other key security video and book titles by Cisco Press demonstrates how NetFlow can be used by large enterprises and small-to-medium-sized businesses to meet critical network challenges. This video courseexplores everything you need to understand and implement the Cisco Cyber Threat Defense Solution, while also providing configuration and troubleshooting walk-throughs.

Skill Level

  • Intermediate

What You Will Learn

  • NetFlow and IPFIX basics
  • NetFlow Deployment Scenarios
  • Cisco Flexible NetFlow
  • NetFlow Commercial and Open Source Monitoring and Analysis Software Packages
  • Big Data Analytics Tools
  • The Cisco Cyber Threat Defense Solution
  • Troubleshooting NetFlow
  • NetFlow for Anomaly Detection and Identifying DoS Attacks
  • NetFlow for Incident Response and Forensics

Who Should Take This Course

  • Network and security professionals interested in learning about the Cisco NetFlow solution; anyone wishing to build Cisco security

About LiveLessons Video Training

LiveLessons Video Training series publishes hundreds of hands-on, expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. This professional and personal technology video series features world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, IBM Press, Pearson IT Certification, Prentice Hall, Sams, and Que. Topics include: IT Certification, Programming, Web Development, Mobile Development, Home and Office Technologies, Business and Management, and more. View all LiveLessons on InformIT at http://www.informit.com/livelessons.

Table of contents

  1. Introduction
    1. Cisco NetFlow: Introduction
  2. Lesson 1: Introduction to NetFlow and IPFIX
    1. Learning objectives
    2. 1.1 Introduction to NetFlow
    3. 1.2 The Attack Continuum
    4. 1.3 The Network as a Sensor and as an Enforcer
    5. 1.4 What Is a Flow?
    6. 1.5 NetFlow Versus IP Accounting and Billing
    7. 1.6 NetFlow for Network Security
    8. 1.7 Traffic Engineering and Network Planning
    9. 1.8 Introduction to IP Flow Information Export (IPFIX)
    10. 1.9 Cisco Supported Platforms for NetFlow
    11. 1.10 NetFlow Versions and History
  3. Lesson 2: NetFlow Deployment Scenarios
    1. Learning objectives
    2. 2.1 Introduction to Cisco Cyber Threat Defense
    3. 2.2 Deployment Scenario: User Access Layer
    4. 2.3 Deployment Scenario: Wireless LAN
    5. 2.4 Deployment Scenario: Internet Edge
    6. 2.5 Deployment Scenario: Data Center
    7. 2.6 Deployment Scenario: NetFlow in Site-to-Site and Remote VPNs
    8. 2.7 NetFlow Collection Considerations and Best Practices
    9. 2.8 Determining the Flows per Second and Scalability
  4. Lesson 3: Cisco Flexible NetFlow
    1. Learning objectives
    2. 3.1 Introduction to Cisco Flexible NetFlow
    3. 3.2 Flexible NetFlow Records
    4. 3.3 Flow Monitors, Exporters, and Samplers
    5. 3.4 Flexible NetFlow Configuration
    6. 3.5 Flexible NetFlow IPFIX Export Format
  5. Lesson 4: NetFlow Commercial and Open Source Monitoring and Analysis Software Packages
    1. Learning objectives
    2. 4.1 Commercial NetFlow Monitoring and Analysis Software Packages
    3. 4.2 NFdump
    4. 4.3 NfSen
    5. 4.4 SiLK
    6. 4.5 Elasticsearch, Logstash, and Kibana Stack (ELK): Overview and Architecture
    7. 4.6 ELK: Installation and Configuration Files
  6. Lesson 5: Big Data Analytics and NetFlow
    1. Learning objectives
    2. 5.1 Introduction to Big Data Analytics for Cyber Security
    3. 5.2 NetFlow and Other Telemetry Sources for Big Data Analytics for Cyber Security
    4. 5.3 OpenSOC: Overview, Architecture, and Capabilities
    5. 5.4 OpenSOC: Operation and Enrichments
    6. 5.5 Hadoop
    7. 5.6 Flume, Kafka, Storm, and Hive
    8. 5.7 HBase
    9. 5.8 Third-Party Analytic Tools and Other Big Data Software
    10. 5.9 Understanding Big Data Scalability: Big Data Analytics in the Internet of Everything
  7. Lesson 6: Cisco Cyber Threat Defense and NetFlow
    1. Learning objectives
    2. 6.1 Cisco Cyber Threat Defense Solution: Overview
    3. 6.2 Cisco Cyber Threat Defense Solution: AMP
    4. 6.3 Cisco Cyber Threat Defense Solution: Threat Grid, Email Security, and Web Security
    5. 6.4 Cisco Cyber Threat Defense Solution: ISE
    6. 6.5 Deploying the Lancope StealthWatch System
    7. 6.6 Deploying NetFlow Secure Event Logging in the Cisco ASA
    8. 6.7 Deploying NSEL in Cisco ASA Configured for Clustering
    9. 6.8 Configuring NSEL in the Cisco ASA
    10. 6.9 Configuring NetFlow in the Cisco Nexus 1000V
    11. 6.10 Configuring NetFlow in the Cisco Nexus 7000 Series
  8. Lesson 7: Troubleshooting NetFlow
    1. Learning objectives
    2. 7.1 Troubleshooting NetFlow in Cisco IOS and Cisco IOS XE Devices
    3. 7.2 Troubleshooting NetFlow in Cisco NX-OS Software
    4. 7.3 Troubleshooting NetFlow in Cisco IOS-XR Software
    5. 7.4 Troubleshooting NetFlow in the Cisco ASA
  9. Lesson 8: Using NetFlow for Anomaly Detection and Identifying DoS Attacks
    1. Learning objectives
    2. 8.1 The Different Types of DDoS Attacks
    3. 8.2 Using NetFlow in Enterprise Networks to Detect DDoS Attacks
    4. 8.3 Using NetFlow in Service Provider Networks to Detect DDoS Attacks
  10. Lesson 9: Using NetFlow for Incident Response and Forensics
    1. Learning objectives
    2. 9.1 Using NetFlow for the Identification of Credit Card Theft
    3. 9.2 Using NetFlow for the Identification of Theft of Intellectual Property
    4. 9.3 Using NetFlow for Monitoring Guest Users and Contractors
    5. 9.4 Using NetFlow for Capacity Planning
    6. 9.5 Using NetFlow to Monitor Cloud Usage
  11. Summary
    1. Cisco NetFlow: Summary

Product information

  • Title: Cisco NetFlow for Cyber Security Big Data Analytics
  • Author(s): Omar Santos
  • Release date: April 2016
  • Publisher(s): Cisco Press
  • ISBN: 0134469844