In this blog post, I'm going to go through the installation of the Nexus 1000v on my ESXi host. The reason I'm installing the Nexus 1000v in my lab is so that I can tag vNIC traffic with Security Group Tags (SGTs) for later labbing.
ISE 2.1 and WSA pxGrid Integration with CA-Signed Certificates
This blog post is going to be going over integration ISE 2.1 and WSA via pxGrid with CA-signed certificates. I personally like using CA-Signed certificates for my deployment because if I ever need to rebuild an ISE instance or pxGrid client, it's extremely easy to get it up and running again with a CA-signed certificate.
ISE 2.1 - Configuration of AMP & ISE Integration
This post is going to go over the integration of ISE 2.1 and AMP for Endpoints. ISE 2.1 introduces the concept of a "Threat Centric NAC" which allows you to configure vulnerabiltiy and threat adapters to send high fidelity Indicators of Compromise (IoC), Threat Detected events, and CVSS scores to ISE so that threat-centric access policies can be created to change the privilege of the endpoint accordingly.
StealthWatch Host Groups Part 1
ISE 2.1 Just Released
StealthWatch SMC Client Part 1 - Overview
StealthWatch 6.8 and ISE Integration with CA-Signed Certificate
In this blog post, I'll go over StealthWatch and ISE integration with pxGrid. With this integration, ISE will share contextual information such as username and device information with StealthWatch and it adds the ability to do rapid threat containment to quarantine misbehaving endpoints. I'm going to use a CA-signed certificate in this post and later I'll add a post with self-signed certificates.
StealthWatch ProxyWatch with WSA
In this blog post, I'm going to go over ProxyWatch with StealthWatch. Many enterprises utilize proxies to protect their networks. They provide protection at the cost of visibility to other security solutions. ProxyWatch is a licensed feature that allows StealthWatch to see the translated address and associate it with the other side of the proxy conversation which provides more accurate troubleshooting and forensics. It's a bit like NAT stitching for proxies.
StealthWatch - External Lookups
In this post, I'm going to go through configuring custom Eternal Lookups. What External Lookups allow a user to do is to investigate external IP addresses and ranges utilizing external applications and lookups. StealthWatch already comes pre-configured with a few and allows an administrator to add their own.
StealthWatch 6.8 Appliance Administration
StealthWatch 6.8 Management Web Dashboard
StealthWatch Installation and Setup
StealthWatch Introduction
Lancope was founded back in 2000 and is a leading provider of network visibility and security intelligence to protect enterprises against today's top threats. The StealthWatch System uses NetFlow, IPFIX and other types of network telemetry to detect a wide range of attacks from a variety of threats including APTs, DDoS, zero-day malware and insider threats. Lancope was just recently acquired by Cisco late last year but the company itself had a very close relationship with Cisco prior to that and thanks to that relationship, it integrates quite well with a variety of existing Cisco solutions. In this first post, I'm going to dig into some of the components of the StealthWatch System.
Configuring and Troubleshooting NetFlow Part 2
Configuring and Troubleshooting NetFlow Part 1
Career/Job Advice and Observations
I get a lot of PMs on forums I'm on asking for job/career advice and I know there's always a ton of threads on IT forums on that vein as well. While there are multiple ways to get to the same destination and different ways to be successful, I'd like to share things that really worked for me or that I've observed
NetFlow CheatSheet
Chasing the CCIE Security Next
I've decided I'm going to be going after the CCIE Security next. There's a high likelihood that this track could change in the middle of my studying for it so I'm going to prepare using the latest technology. In this blog post, I'm going to chart out some of the different resources I'm going to use.