![Page 1: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/1.jpg)
이재미부장 ([email protected])
Systems Engineer, Solution SE
시스코 DNA와 함께하는
인프라 기반의 똑똑한 네트워크 보안
김종만부장 ([email protected])
Consulting Engineer, Security Specialist
![Page 2: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/2.jpg)
밤 10시, 지하철 풀어헤친 넥타이
비틀비틀붉은 얼굴 맥주 + 고기냄새
지하철에서 만난
이 아저씨는
오늘 저녁 무엇을 하셨을까요?
![Page 3: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/3.jpg)
어떻게 우리는 해답을찾아낼까요?
추리알고 있는 것을 바탕으로
알지 못하는 것을 미루어 생각함
![Page 4: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/4.jpg)
네트워크 트래픽 트렌드 - HTTPS 트래픽 증가
SSL/TLS encrypted traffic grew 90% year
over year from July 2015 to July 2016.*
* Source: NSS Labs
2015
40%
2016
75%
2019
21%
1년사이 21%에서 40%로증가가트너연구결과 2019년에는 80%로추정구글서버와연결되는트래픽의 77% (2016년)
You tube의 97%의트래픽
![Page 5: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/5.jpg)
시스코의 새로워진 DNA (Digital Network Architecture)
Intent-based Network Infrastructure
DNA Center
AnalyticsPolicy Automation
I N T E N T (의도 ) C O N T E X T (상황 )
S E C U R I T Y (보안 )
L E A R N I N G (학습 )
DC BranchCampus
![Page 6: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/6.jpg)
시스코의 새로워진 DNA (Digital Network Architecture)
Enhanced Network as a Sensor
시스코
Encrypted
Traffic
Analytics
![Page 7: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/7.jpg)
보안 솔루션
스페셜리스트
김 종 만 부장
![Page 8: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/8.jpg)
네트워크 트래픽 트렌드 - 암호화된 공격
감지회피를 위해암호화를사용한 공격
41%
사이버공격을경험한조직
81%
암호화된공격의미감지율
64%
![Page 9: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/9.jpg)
전통적 암호화 공격 방어 방법 - Decrypt
▪ WEB Proxy
▪ NGFW
![Page 10: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/10.jpg)
프록시를 이용한 Decrypt - MiTM
Client Server
ClientHello
ServerHello
ServerCertChain
ClientHello
(own or modified)
Spoofed cert.
인증서 유효성 체크
TLS
프록시
Spoof 된인증서생성Proxy의 Private 키로사인
![Page 11: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/11.jpg)
Decrypt의 제약 사항
Strict Pinning
▪ HSTS(HTTP Strict Transport Security) http://tools.ietf.org/html/rfc6797
▪ Certificate Pinning (RFC 7469)
![Page 12: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/12.jpg)
암호화 공격 방어 방법 (Non-Decrypt)
▪ 행위 기반 분석
(머신러닝기반)
![Page 13: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/13.jpg)
가용한 모든 행위 정보 사용
Exporter Collection Analysis StorageObservation
Observation
Observation
srcIP, dstIP, srcPort, dstPort, prot, startTime, stopTime, numBytes, numPackets
암호화데이터정보
▪ 기존플로우 모니터링
SPLT
IDP
위협
인텔리젼스
정보
Contex 정보DNS/HTTP
![Page 14: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/14.jpg)
높은 정확도를 위한 ETA 알고리즘- 데이터샘플, 시스코 보안 연구팀
위협트래픽
정상트래픽
TCP/IP TLS (IDP)SPLT
(Sequence of Packets Length & Time)
위협 의심리스트 주소
정상적인서비스 주소
비정상적인 패턴확인되지 않은인증서
정상적인 패턴안전한 인증서
Self-Signed Certificate
Data Exfiltration
C2 Message
Google search
Bestafera
DNS
cisco.com
c15c0.comafb32d75.com
![Page 15: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/15.jpg)
어떤 추가 정보를 활용 하는가?
TLS ClientHello Possible Clients True Client
(v: 1.0.1r)
첫번째 데이터 패킷(IDP)
암호화되지 않은 정보를최대한 추출하여 활용
![Page 16: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/16.jpg)
어떤 추가 정보를 활용 하는가?세션내 데이터 패킷의
시간 간격 및 길이(SPLT)
세션내의 패킷의 간격, 길이패턴 등을 기반으로 컨텐츠
타입을 분석
Self-Signed Certificate
Data Exfiltration
C2 Message
Bestafera
Self-Signed Certificate
Data Exfiltration
C2 Message
Google Search
Initial Page Load
Autocomplete
Page Refresh
![Page 17: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/17.jpg)
어떤 추가 정보를 활용 하는가?
위협 인텔리젼스 맵
다년간의정보로 구성된 위협지도를 기반으로 분석
인터넷 상의 서버에 대한행위 기반 정보
Headers
HTTP Request
…
Method: *Value*
URI: *Value*
Version: *Value*
Accept: *Value*
User-Agent: *Value*
Connection: *Value*
Host: *Value*
cookie: *Value*
Query
DNS Response
…
Name
Type
Class
Time to Live
Data Length
Data
Answer
Name
Type
Class
Time to Live
Data Length
Data
![Page 18: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/18.jpg)
행위기반 분석 – 정확도
Training / Storage Classifier / Rules
정상트래픽정보
멀웨어트래픽 정보
멀웨어 482,188 TLS flows
정상 1,955,598 TLS flows(sampled)
FNFv9
SPLT
IDP
멀웨어 ThreatGrid pcaps(~5,000 per day)
정상 Two Networks(~500 users each)
2015년 8월 → 2017년 2월
![Page 19: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/19.jpg)
행위기반 분석 – 결과
Malware Family FNFv9 + SPLT FNFv9 + SPLT + TLS
Bergat* 100.0% 100.0%
Sality* 95.0% 97.7%
Dridex 16.5% 78.5%
Skeeyah 95.9% 98.6%
Virlock 100.0% 100.0%
0.0%
20.0%
40.0%
60.0%
80.0%
100.0%
0.5
0.7
5
0.9
0.9
5
0.9
9
ACCU
RACY
CLASSIFIER THRESHOLD
Malware Samples
FNFv9
+ SPLT 60.0%
70.0%
80.0%
90.0%
100.0%
0.5
0.7
5
0.9
0.9
5
0.9
9
ACCU
RACY
CLASSIFIER THRESHOLD
Malware Samples
FNFv9
+ SPLT
+ TLS60.0%
70.0%
80.0%
90.0%
100.0%
0.5
0.7
5
0.9
0.9
5
0.9
9
ACCU
RACY
CLASSIFIER THRESHOLD
Malware Samples
FNFv9
+ SPLT
+ TLS
+
DNS/HTTP
![Page 20: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/20.jpg)
ETA 테스트 결과 요약
알려진 악성 코드
정상적인 HTTPS
트래픽
특징적인 데이터를추출, 수집
Detector 구현을위한
머신러닝 적용
99%의 정확도로알려진 악성 코드의
감지 성공
“Identifying Encrypted Malware Traffic with Contextual Flow Data”
AISec ’16 | Blake Anderson, David McGrew (Cisco Fellow)
![Page 21: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/21.jpg)
암호학의 대가
David McGrew (Cisco Fellow)
![Page 22: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/22.jpg)
시스코 ETA 솔루션
Cisco® Cloud
Analytics
암호화트래픽정보전달
ETA 컬렉트
멀웨어 탐지및차단
높은 정확도빠른 탐지네트워크 기반 수집
![Page 23: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/23.jpg)
시스코 ETA 솔루션
Stealthwatch
가시화 정보를 한눈에
Cognitive Analytics
암호화 된 Traffic 분석
Cat 9K
Netflow 데이타 + ETA 정보 전달
네트워크센서
cognitive.cisco.com
Netflow
Enhanced
Netflow
Crypto audit
telemetry
수집기
Netflow
+
Proxy
telemetry
Cognitive
Analytics
HTTPS
![Page 24: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/24.jpg)
ETA 분석을 위한 데이터 수집 (Catalyst 9000)
암호화된트래픽정보전달자
ETA
네트워크를센서로활용
Catalyst 9K 시리즈
▪ Full NetFlow based Behavior
Analytics
▪ Encrypted Traffic Analytics
▪ Policy Enforcement Analytics
![Page 25: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/25.jpg)
암호화된 트래픽을 분석 (Cognitive Analytics)
Near real-time processing
1K-50K incidents per day10B requests per day +/- 1% is anomalous 10M events per day
HTTP(S)
Request
Classifier
XClassifier
A
Classifier
HClassifier
Z
Classifier
KClassifier
M
Cluster 1
Cluster 2
Cluster 3
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
Cluster 1
Cluster 2
Cluster 3
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
RequestHTTP(S)
Request
HTTP(S)
Request
HTTP(S)
RequestHTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
RequestHTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
Anomaly 탐지 Trust 모델링 분류 Entity 모델링 Relationship 모델링
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
RequestHTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
CONFIRMED threats
(spanning multiple users)
DETECTED threats (unique)
Cognitive
Analytics
클라우드기반위협분석
모델기반고성능분석
![Page 26: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/26.jpg)
분석된 정보를 가시화 (Stealthwatch)
Cognitive Analytics
Expanded CTA dashboard view
Cognitive Analytics
Stealthwatch
![Page 27: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/27.jpg)
ETA 상세 분석 예AFFECTING winnt://emea\user1
Amazon.com, Inc
LeaseWeb B.V.
intergenia AG
Qwest communication..
95.211.239.228
85.25.116.167
54.240.147.123
54.239.166.104
63.234.248.204
54.239.166.69
63.235.36.156
54.240.148.64
6 Http traffic to ip addr…
6 Http traffic to ip addr…
6 Http traffic to ip addr…
6 Http traffic to ip addr…
Activities (8) Domain (8) IPs (8) Autonomous systems (5)
9 Url string as comm…
9 Url string as comm…
6 Http traffic to ip addr…
6 Http traffic to ip addr…
95.211.239.228
85.25.116.167
54.239.166.69
63.235.36.156
54.240.148.64
54.240.147.123
54.239.166.104
Amazon.com Tech Tel…
63.234.248.204
http://95.211.239.228/MG/6XYZCn5dkOpx7yzQbqbmefOBUM9H97ymDGPZ+X8inI56FK/0XHGs6uRF5zaWKXZxmdVbs
91AgesgFarBDRYRCqEi+a8roqlRl77ZucRB4sLOlkpoG5d44OZ95VO6pVjtKVAj0SIOXHGFTr7+w5jqe46Kz4//NDHGJw6
C2L2hCLEExuNJaeA9wtSRmOgxVg9NhpJXK7oD8dTDoGOD46zWaWDDpQ9zNdmhNtmOfeWA3xxgZ9KzDpd7SVUnz
ATdD3E1USpWmkpsYsGkTE8fVQ692WQd8h2cRp+KHDg8F2ECZlcDXGOPQPU9TrWFw…
Encrypted Command & Control
9 THREAT 100% confidence
![Page 28: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/28.jpg)
See the Unseen Demo
![Page 29: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/29.jpg)
Summary
![Page 30: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/30.jpg)
시스코 새로운 DNA – ETA 삼총사
CognitiveAnalytics
똑똑한
네트워크
보안의 달인
명품 분석 엔진
보석을 만드는
든든한 브릿지
![Page 31: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/31.jpg)
똑똑한 네트워크가똑똑한 보안을 만듭니다.
![Page 32: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/32.jpg)
보이는 것으로보이지 않는 것을
보다!
Cisco ETA 스스로 판단하고진화하는 네트워크
![Page 33: 시스코 DNA와함께하는 인프라기반의똑똑한네트워크보안eventinfo.co.kr/2017/cisco_0919/presentation_total/... · 2017. 10. 10. · - 데이터샘플, 시스코보안연구팀](https://reader034.vdocuments.site/reader034/viewer/2022051920/600dac3b1f461b1dac6cba68/html5/thumbnails/33.jpg)