DATA CENTER IPS COMPARATIVE ANALYSIS

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "DATA CENTER IPS COMPARATIVE ANALYSIS"

Transcription

1 DATA CENTER IPS COMPARATIVE ANALYSIS Security 2014 Thomas Skybakmoen, Jason Pappalexis Tested Products Fortinet FortiGate 5140B, Juniper SRX 5800, McAfee NS- 9300, Sourcefire

2 Data Center Overview Implementation of an intrusion prevention system (IPS) can be a complex process with multiple factors affecting the overall security effectiveness of the solution. These should be considered over the course of the useful life of the solution, and include: 1. Exploit block rate 2. Anti- evasion capabilities (resistance to common evasion techniques) 3. Device stability and reliability 4. Overall manageability (see Management Comparative Analysis Report (CAR) ) In order to determine the relative security effectiveness of devices on the market and facilitate accurate product comparisons, NSS Labs has developed a unique metric: Security Effectiveness = Exploit Block Rate 1 x Anti- Evasion Rating x Stability & Reliability Figure 1 Security Effectiveness Formula By focusing on overall security effectiveness instead of the exploit block rate alone, NSS is able to factor in the ease with which defenses can be bypassed, as well as the reliability of the device. Product Exploit Block Rate Anti- Evasion Rating Stability & Reliability Security Effectiveness Fortinet FortiGate 5140B 98.2% 100% 100% 98.2% Juniper SRX % 100% 100% 86.3% McAfee NS % 100% 100% 99.6% Sourcefire % 100% 100% 99.4% Figure 2 Security Effectiveness Because enterprise users consider effective management to be a critical component of any enterprise security deployment, this also should be factored into total cost of ownership (TCO) and overall product selection. This is outside the scope of this report, however. For more information, refer to the TCO and Management CARs. For a complete view of Security Effectiveness mapped against Value, refer to the Security Value Map (SVM) CAR. NSS research indicates that all enterprises tune their IPS devices when deployed in the data center. Therefore, for NSS testing of IPS products, the devices are deployed with a tuned policy. Every effort is made to deploy policies that ensure the optimal combination of security effectiveness and performance, as would be the aim of a typical customer deploying the device in a live network environment. This provides readers with the most useful information on key IPS security effectiveness and performance capabilities based upon their expected usage. Evasion techniques are a means of disguising and modifying attacks in order to avoid detection and blocking by security products. Resistance to evasion is a critical component in an IPS. If a single evasion is missed, an attacker can utilize an entire class of exploits to circumvent the IPS, rendering it virtually useless. Many of the techniques used in this test have been widely known for years and should be considered minimum requirements for the IPS 1 Exploit Block Rate is defined as the number of exploits blocked under test 2013 NSS Labs, Inc. All rights reserved. 2

3 ) NSS Labs Data Center product category, while others are more recent. This particular category of tests is critical in the final weighting with regard to product guidance. This chart depicts the relationship between protection and performance when tuned policies are used. Farther up indicates better security effectiveness, and farther to the right indicates higher throughput. 100%( 98%( 96%( McAfee(NS=9300( For$net(For$Gate(5140B( Sourcefire(8290=2( Security)Effec,veness) 94%( 92%( 90%( 88%( 86%( 84%( 82%( Juniper(SRX(5800( 80%( 0( 20,000( 40,000( 60,000( 80,000( 100,000( 120,000( 140,000( 160,000( NSS1Tested)Throughput)(Mbps)) Figure 3 Security Effectiveness and Performance When selecting products, those along the top line of the chart (closer to 100% security effectiveness) should be prioritized. The throughput is a secondary consideration and will be dependent on enterprise- specific deployment requirements NSS Labs, Inc. All rights reserved. 3

4 Data Center Table of Contents Table of Contents... 4 Analysis... 5 Tuning... 5 Exploit Block Rate... 5 Exploit Block Rate by Year... 6 Exploit Block Rate by Attack Vector... 6 Exploit Block Rate by Impact Type... 7 Exploit Block Rate by Target Vendor... 8 Evasions... 8 Stability & Reliability Security Effectiveness Managed Security Effectiveness Test Methodology Contact Information Table of Figures Figure 1 Security Effectiveness Formula... 2 Figure 2 Security Effectiveness... 2 Figure 3 Security Effectiveness and Performance... 3 Figure 4 Exploit Block Rate by Year Default Policies... 6 Figure 5 Attacker- Initiated Exploit Block Rate... 7 Figure 6 Exploit Block Rate by Impact Type... 7 Figure 7 Exploit Block Rate by Target Vendor... 8 Figure 8 Exploits and Evasions (Attacker- Initiated)... 9 Figure 9 Evasion Resistance (I)... 9 Figure 10 Evasion Resistance (II) and Overall Evasion Results... 9 Figure 11 Stability and Reliability (I) Figure 12 Stability and Reliability (II) Figure 13 Security Effectiveness NSS Labs, Inc. All rights reserved. 4

5 Analysis The threat landscape is evolving constantly; attackers are refining their strategies and increasing both the volume and intelligence of their attacks. Enterprises now must defend against targeted persistent attacks (TPA). Although attacks against desktop client applications are mainstream in typical enterprise perimeter deployments, servers will always be the primary target in a data center deployment, and therefore tuning is critical. Tuning Security products are often complex, and vendors are responding by simplifying the user interface and security policy selection to meet the usability needs of a broadening user base. Indeed, many organizations accept and deploy the default settings, understanding these to be the best recommendations from the vendor. In this, IPS are the exception to the rule. NSS research indicates that all enterprises tune their IPS devices when deployed in the data center. In general, accepting a vendor s defaults is likely to result in the omission of a significant number of deployment- specific signatures, which could leave an organization at risk. With the shortage of skilled and experienced practitioners, it is important to consider the time and resources required to properly install, maintain, and tune the solution. Failure to do so could result in products not achieving their full security potential. Therefore, all IPS products are tuned prior to testing to eliminate false positives and provide the most appropriate coverage for the systems to be protected. Typically, tuning is carried out by experienced system engineers from the vendor company, but where this is not possible, NSS engineers will perform the necessary tuning. NSS engineers may also amend the configuration of a device under test (DUT), where specific characteristics of the DUT or its configuration interfere with the normal operation of any of the tests, or where the results obtained from those tests would, in the opinion of those engineers, misrepresent the true capabilities of the DUT. Every effort is made to ensure the optimal combination of security effectiveness and performance, as would be the aim of a typical customer deploying the DUT in a live network environment. Tuning an IPS is a potentially complicated endeavor that must be performed uniquely for each environment. Many factors affect which signatures or rules should be enabled on an IPS, for example, network architecture, target assets, patch levels, allowed protocols, etc. Exploit Block Rate NSS security effectiveness testing leverages the deep expertise of our engineers to generate the same types of attacks used by modern cyber criminals, utilizing multiple commercial, open source, and proprietary tools as appropriate. With over 800 live exploits specifically targeted at data center servers and applications, this is the industry s most comprehensive test to date. Most notable, all of the live exploits and payloads in these tests have been validated such that a: A reverse shell is returned A bind shell is opened on the target allowing the attacker to execute arbitrary commands A malicious payload is installed The system is rendered unresponsive 2014 NSS Labs, Inc. All rights reserved. 5

6 Exploit Block Rate by Year Contrary to popular belief, the biggest risks are not always driven by the latest Patch Tuesday disclosures. NSS threat research reveals that many older attacks are still in circulation, and therefore remain relevant. Different vendors take different approaches to adding coverage once a vulnerability is disclosed. An attempt to provide rapid coverage for vulnerabilities that are not fully understood can result in multiple exploit- specific signatures that may be inaccurate, ineffective, or prone to false positives. Vendors that have the resources available to fully research a vulnerability will hopefully produce vulnerability- oriented signatures that provide coverage for all exploits written to take advantage of that flaw. This approach provides more effective coverage with fewer false positives. Where a product has performance limitations, vendors may retire older signatures in an attempt to alleviate those limitations, resulting in inconsistent coverage for older vulnerabilities. This results in varying levels of protection across products. The following table classifies coverage by disclosure date, as tracked by CVE numbers. The table is sorted by total protection, and the green sections of the heat map indicate vendors with higher coverage for the given year (columns). Product <= Total Fortinet FortiGate 5140B 100.0% 99.0% 100.0% 99.2% 98.6% 93.8% 98.4% 100.0% 96.6% 95.7% 98.2% Juniper SRX % 87.0% 92.5% 90.0% 83.1% 84.6% 84.9% 85.7% 87.4% 69.6% 86.3% McAfee NS % 100.0% 98.8% 100.0% 100.0% 96.9% 100.0% 100.0% 100.0% 100.0% 99.6% Sourcefire % 100.0% 98.8% 100.0% 98.6% 100.0% 100.0% 97.7% 98.9% 100.0% 99.4% Exploit Block Rate by Attack Vector Figure 4 Exploit Block Rate by Year Default Policies Since 2007, NSS researchers have observed a dramatic rise in the number of client- side exploits, because these can be easily launched by an unsuspecting user who visits an infected website. Despite the difficulty of providing extensive coverage for client- side attacks, the IPS industry has attempted to provide more complete client- side coverage. NSS utilizes the following definitions: Attacker- Initiated: The threat/exploit is executed by the attacker remotely against a vulnerable application and/or operating system. These attacks traditionally target servers (which is why they are often referred to as server- side attacks). Target- Initiated: The threat/exploit is initiated by the vulnerable target (which is why they are often referred to as client- side attacks). The attacker has little or no control as to when the target user or application will execute the threat. These attacks traditionally target desktop client applications. Target examples include Internet Explorer, Adobe, Firefox, QuickTime, Office applications, etc. While client- side attacks are on the rise in the enterprise, the typical data center will only be vulnerable to server- side (attacker initiated) attacks NSS Labs, Inc. All rights reserved. 6

7 100%& 98.2%& 99.6%& 99.4%& 90%& 86.3%& 80%& 70%& 60%& 50%& 40%& 30%& 20%& 10%& 0%& For1net&For1Gate&5140B& Juniper&SRX&5800& McAfee&NSD9300& Sourcefire&8290D2& Figure 5 Attacker- Initiated Exploit Block Rate Exploit Block Rate by Impact Type The most serious exploits are those that result in a remote system compromise, providing the attacker with the ability to execute arbitrary system- level commands. Most exploits in this class are weaponized and offer the attacker a fully interactive remote shell on the target client or server. Slightly less serious are attacks that result in an individual service compromise, but not arbitrary system- level command execution. Typical attacks in this category include service- specific attacks, such as SQL injection, that enable an attacker to execute arbitrary SQL commands within the database service. These attacks are somewhat isolated to the service and do not immediately result in full system- level access to the operating system and all services. However, by using additional localized system attacks, it may be possible for the attacker to escalate from the service level to the system level. Finally, there are the attacks (often target initiated) which result in a system or service- level fault that crashes the targeted service or application and requires administrative action to restart the service or reboot the system. These attacks do not enable the attacker to execute arbitrary commands. Still, the resulting impact to the business could be severe, as the attacker could crash a protected system or service. Product System Exposure Service Exposure System or Service Fault Fortinet FortiGate 5140B 98.7% 98.2% 96.3% Juniper SRX % 89.1% 89.7% McAfee NS % 100.0% 99.3% Sourcefire % 99.1% 99.3% Figure 6 Exploit Block Rate by Impact Type See individual Product Analysis Reports (PAR) for more information NSS Labs, Inc. All rights reserved. 7

8 Exploit Block Rate by Target Vendor The NSS exploit library covers a wide range of protocols and applications representing a wide range of software vendors. This chart shows coverage for 5 of the top vendor targets (out of more than 70), as determined by the number of vendor- specific data center exploits in the NSS exploit library for this round of testing. Description Microsoft Oracle Novell CA IBM Fortinet FortiGate 5140B 94.4% 97.1% 100.0% 97.8% 100.0% Juniper SRX % 77.1% 87.0% 87.0% 92.1% McAfee NS % 100.0% 100.0% 100.0% 100.0% Sourcefire % 98.6% 100.0% 97.8% 100.0% Figure 7 Exploit Block Rate by Target Vendor See individual Product Analysis Reports (PAR) for more information. Evasions Evasion techniques are a means of disguising and modifying attacks at the point of delivery in order to avoid detection and blocking by security products. Failure of a security device to handle correctly a particular type of evasion potentially will allow an attacker to use an entire class of exploits for which the device is assumed to have protection. This renders the device virtually useless. Many of the techniques used in this test have been widely known for years and should be considered minimum requirements for the IPS product category. Providing exploit protection results without fully factoring in evasion can be misleading. The more classes of evasion that are missed IP fragmentation, TCP segmentation, RPC fragmentation and FTP evasion the less effective the device. For example, it is better to miss all techniques in one evasion category (say, FTP evasion) than one technique in each category, which would result in a broader attack surface. Furthermore, evasions operating at the lower layers of the network stack (IP fragmentation or TCP segmentation) will have a greater impact on security effectiveness than those operating at the upper layers (HTTP obfuscation or FTP evasion.) This is because lower- level evasions will impact potentially a wider number of exploits; therefore, missing TCP segmentation is a much more serious issue than missing FTP evasions. A product s effectiveness is significantly handicapped if it fails to detect exploits that employ obfuscation or evasion techniques, and the NSS product guidance is adjusted to reflect this. As with exploits, evasions can be employed specifically to obfuscate attacks that are initiated either locally by the target (client- side), or remotely by the attacker against a server (server- side). The following chart depicts attacker- initiated exploits and evasions combined NSS Labs, Inc. All rights reserved. 8

9 100%& 98.2%& 99.6%& 99.4%& 90%& 86.3%& 80%& 70%& 60%& 50%& 40%& 30%& 20%& 10%& 0%& For1net&For1Gate&5140B& Juniper&SRX&5800& McAfee&NSD9300& Sourcefire&8290D2& Figure 8 Exploits and Evasions (Attacker- Initiated) The following figures provide details on evasion resistance for the tested products. Product IP Packet Fragmentation TCP Stream Segmentation RPC Fragmentation FTP Evasion Fortinet FortiGate 5140B PASS PASS PASS PASS Juniper SRX 5800 PASS PASS PASS PASS McAfee NS PASS PASS PASS PASS Sourcefire PASS PASS PASS PASS Product Figure 9 Evasion Resistance (I) IP Fragmentation + TCP Segmentation IP Fragmentation + MSRPC Fragmentation Overall Evasion Results Fortinet FortiGate 5140B PASS PASS PASS Juniper SRX 5800 PASS PASS PASS McAfee NS PASS PASS PASS Sourcefire PASS PASS PASS Figure 10 Evasion Resistance (II) and Overall Evasion Results All devices proved effective against all evasion techniques tested NSS Labs, Inc. All rights reserved. 9

10 Stability & Reliability Long- term stability is particularly important for an in- line device, where failure can produce network outages. These tests verify the stability of the DUT along with its ability to maintain security effectiveness while under normal load and while passing malicious traffic. Products that are not able to sustain legitimate traffic (or that crash) while under hostile attack will not pass. The DUT is required to remain operational and stable throughout these tests, and to block 100% of previously blocked traffic, raising an alert for each attack. If any prohibited traffic passes successfully, caused by either the volume of traffic or the device under test failing open for any reason, this will result in a FAIL. Product Blocking Under Extended Attack Passing Legitimate Traffic Under Extended Attack Behavior Of The State Engine Under Load Attack Detection/Blocking Normal Load State Preservation Normal Load Pass Legitimate Traffic Normal Load Fortinet FortiGate 5140B PASS PASS PASS PASS PASS PASS Juniper SRX 5800 PASS PASS PASS PASS PASS PASS McAfee NS PASS PASS PASS PASS PASS PASS Sourcefire PASS PASS PASS PASS PASS PASS Product State Preservation - Maximum Exceeded Figure 11 Stability and Reliability (I) Drop Traffic Maximum Exceeded Protocol Fuzzing & Mutation Power Fail Redundancy Persistence of Data Stability And Reliability Score Fortinet FortiGate 5140B PASS PASS PASS PASS YES PASS PASS Juniper SRX 5800 PASS PASS PASS PASS YES PASS PASS McAfee NS PASS PASS PASS PASS YES PASS PASS Sourcefire PASS PASS PASS PASS YES PASS PASS Figure 12 Stability and Reliability (II) Security Effectiveness The security effectiveness of a device is determined by factoring the results of evasions testing and stability & reliability testing into the exploit block rate. Figure 13 depicts the security effectiveness of each device. Product Exploit Block Rate Anti- Evasion Rating Stability & Reliability Security Effectiveness Fortinet FortiGate 5140B 98.2% 100% 100% 98.2% Juniper SRX % 100% 100% 86.3% McAfee NS % 100% 100% 99.6% Sourcefire % 100% 100% 99.4% Figure 13 Security Effectiveness 2014 NSS Labs, Inc. All rights reserved. 10

11 Managed Security Effectiveness Security devices are complicated to deploy; essential systems such as centralized management console options, log aggregation, and event correlation/management systems further complicate the purchasing decision. It is vital that enterprise security professionals are able to deploy and manage multiple firewalls throughout the organization in a secure and effective manner. If a device cannot be managed effectively, the security effectiveness of that device is compromised. As part of this test, NSS performed in- depth technical evaluations of the main features and capabilities of the enterprise management systems offered by each vendor, covering the following key areas: General Management and Configuration how easy is it to install and configure devices, and deploy multiple devices throughout a large enterprise network? Policy Handling how easy is it to create, edit, and deploy complicated security policies across an enterprise? Alert Handling how accurate and timely is the alerting, and how easy is it to drill down to locate critical information needed to remediate a security problem? Reporting how effective is the reporting capability, and how readily can it be customized? The results of these tests are reported, along with detailed cost models, in the Management CAR and Total Cost of Ownership (TCO) CAR NSS Labs, Inc. All rights reserved. 11

12 Test Methodology Methodology Version: Data Center IPS Test Methodology v1.1.1 A copy of the test methodology is available on the NSS Labs website at Contact Information NSS Labs, Inc. 206 Wild Basin Rd Buliding A, Suite 200 Austin, TX (512) This and other related documents available at: To receive a licensed copy or report misuse, please contact NSS Labs at +1 (512) or 2014 NSS Labs, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the authors. Please note that access to or use of this report is conditioned on the following: 1. The information in this report is subject to change by NSS Labs without notice. 2. The information in this report is believed by NSS Labs to be accurate and reliable at the time of publication, but is not guaranteed. All use of and reliance on this report are at the reader s sole risk. NSS Labs is not liable or responsible for any damages, losses, or expenses arising from any error or omission in this report. 3. NO WARRANTIES, EXPRESS OR IMPLIED ARE GIVEN BY NSS LABS. ALL IMPLIED WARRANTIES, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON- INFRINGEMENT ARE DISCLAIMED AND EXCLUDED BY NSS LABS. IN NO EVENT SHALL NSS LABS BE LIABLE FOR ANY CONSEQUENTIAL, INCIDENTAL OR INDIRECT DAMAGES, OR FOR ANY LOSS OF PROFIT, REVENUE, DATA, COMPUTER PROGRAMS, OR OTHER ASSETS, EVEN IF ADVISED OF THE POSSIBILITY THEREOF. 4. This report does not constitute an endorsement, recommendation, or guarantee of any of the products (hardware or software) tested or the hardware and software used in testing the products. The testing does not guarantee that there are no errors or defects in the products or that the products will meet the reader s expectations, requirements, needs, or specifications, or that they will operate without interruption. 5. This report does not imply any endorsement, sponsorship, affiliation, or verification by or with any organizations mentioned in this report. 6. All trademarks, service marks, and trade names used in this report are the trademarks, service marks, and trade names of their respective owners NSS Labs, Inc. All rights reserved. 12

NEXT GENERATION FIREWALL COMPARATIVE ANALYSIS

NEXT GENERATION FIREWALL COMPARATIVE ANALYSIS NEXT GENERATION FIREWALL COMPARATIVE ANALYSIS Security Author Thomas Skybakmoen Tested Products Barracuda F800b Check Point 13500 Cisco ASA 5525-X Cisco ASA 5585-X SSP60 Cisco FirePOWER 8350 Cyberoam CR2500iNG-XP

More information

DATA CENTER IPS COMPARATIVE ANALYSIS

DATA CENTER IPS COMPARATIVE ANALYSIS DATA CENTER IPS COMPARATIVE ANALYSIS Security Value Map (SVM) 2014 Thomas Skybakmoen, Jason Pappalexis Tested Products Fortinet FortiGate 5140B, Juniper SRX 5800, McAfee NS- 9300, Sourcefire 8290-2 Overview

More information

DATA CENTER IPS COMPARATIVE ANALYSIS

DATA CENTER IPS COMPARATIVE ANALYSIS DATA CENTER IPS COMPARATIVE ANALYSIS Total Cost of Ownership () 2014 Thomas Skybakmoen, Jason Pappalexis Tested s Fortinet FortiGate 5140B, Juniper SRX 5800, McAfee NS- 9300, Sourcefire 8290-2 Overview

More information

NEXT GENERATION FIREWALL COMPARATIVE ANALYSIS

NEXT GENERATION FIREWALL COMPARATIVE ANALYSIS NEXT GENERATION FIREWALL COMPARATIVE ANALYSIS Security Value Map (SVM) Author Thomas Skybakmoen Tested Products Barracuda F800b Check Point 13500 Cisco ASA 5525-X Cisco ASA 5585-X SSP60 Cisco FirePOWER

More information

Can Consumer AV Products Protect Against Critical Microsoft Vulnerabilities?

Can Consumer AV Products Protect Against Critical Microsoft Vulnerabilities? ANALYST BRIEF Can Consumer AV Products Protect Against Critical Microsoft Vulnerabilities? Author Randy Abrams Tested Products Avast Internet Security 7 AVG Internet Security 2012 Avira Internet Security

More information

2013 Thomas Skybakmoen, Francisco Artes, Bob Walder, Ryan Liles

2013 Thomas Skybakmoen, Francisco Artes, Bob Walder, Ryan Liles FIREWALL COMPARATIVE ANALYSIS Total Cost of Ownership (TCO) 2013 Thomas Skybakmoen, Francisco Artes, Bob Walder, Ryan Liles Tested s Barracuda F800, Check Point 12600, Cyberoam CR2500iNG, Dell SonicWALL

More information

WEB APPLICATION FIREWALL COMPARATIVE ANALYSIS

WEB APPLICATION FIREWALL COMPARATIVE ANALYSIS WEB APPLICATION FIREWALL COMPARATIVE ANALYSIS Security Value Map (SVM) Author Thomas Skybakmoen Tested Products Barracuda Networks Web Application Firewall 960 Citrix NetScaler AppFirewall MPX 11520 Fortinet

More information

WEB APPLICATION FIREWALL PRODUCT ANALYSIS

WEB APPLICATION FIREWALL PRODUCT ANALYSIS WEB APPLICATION FIREWALL PRODUCT ANALYSIS F5 Big-IP ASM 10200 v11.4.0 Authors Ryan Liles, Orlando Barrera Overview NSS Labs performed an independent test of the F5 Big-IP ASM 10200. The product was subjected

More information

ENTERPRISE EPP COMPARATIVE ANALYSIS

ENTERPRISE EPP COMPARATIVE ANALYSIS ENTERPRISE EPP COMPARATIVE ANALYSIS Socially Engineered Malware Randy Abrams, Jayendra Pathak, Ahmed Garhy Tested Products Fortinet Fortigate 100D Management station Forticlient- 5.0.7.333 McAfee VirusScan

More information

2013 Thomas Skybakmoen, Francisco Artes, Bob Walder, Ryan Liles

2013 Thomas Skybakmoen, Francisco Artes, Bob Walder, Ryan Liles FIREWALL COMPARATIVE ANALYSIS Performance 2013 Thomas Skybakmoen, Francisco Artes, Bob Walder, Ryan Liles Tested Products Barracuda F800, Check Point 12600, Cyberoam CR2500iNG, Dell SonicWALL NSA 4500,

More information

SSL Performance Problems

SSL Performance Problems ANALYST BRIEF SSL Performance Problems SIGNIFICANT SSL PERFORMANCE LOSS LEAVES MUCH ROOM FOR IMPROVEMENT Author John W. Pirc Overview In early 2013, NSS Labs released the results of its Next Generation

More information

Breach Found. Did It Hurt?

Breach Found. Did It Hurt? ANALYST BRIEF Breach Found. Did It Hurt? INCIDENT RESPONSE PART 2: A PROCESS FOR ASSESSING LOSS Authors Christopher Morales, Jason Pappalexis Overview Malware infections impact every organization. Many

More information

CORPORATE AV / EPP COMPARATIVE ANALYSIS

CORPORATE AV / EPP COMPARATIVE ANALYSIS CORPORATE AV / EPP COMPARATIVE ANALYSIS Exploit Evasion Defenses 2013 Randy Abrams, Dipti Ghimire, Joshua Smith Tested Vendors AVG, ESET, F- Secure, Kaspersky, McAfee, Microsoft, Norman, Panda, Sophos,

More information

ENTERPRISE EPP COMPARATIVE REPORT

ENTERPRISE EPP COMPARATIVE REPORT ENTERPRISE EPP COMPARATIVE REPORT Security Stack: Socially Engineered Malware Authors Bhaarath Venkateswaran, Randy Abrams, Thomas Skybakmoen Tested Products Bitdefender Endpoint Security v5.3.15.539 ESET

More information

TEST METHODOLOGY. Endpoint Protection Evasion and Exploit. v4.0

TEST METHODOLOGY. Endpoint Protection Evasion and Exploit. v4.0 TEST METHODOLOGY Endpoint Protection Evasion and Exploit v4.0 Table of Contents 1 Introduction... 3 1.1 Inclusion Criteria... 3 2 Product Guidance... 5 2.1 Recommended... 5 2.2 Neutral... 5 2.3 Caution...

More information

NETWORK INTRUSION PREVENTION SYSTEM PRODUCT ANALYSIS

NETWORK INTRUSION PREVENTION SYSTEM PRODUCT ANALYSIS NETWORK INTRUSION PREVENTION SYSTEM PRODUCT ANALYSIS McAfee Network Security Platform NS9200 v7.1.5 2013 Ryan Liles, Joseph Pearce Overview NSS Labs performed an independent test of the McAfee NS9200 v7.1.5.

More information

TEST METHODOLOGY. Web Application Firewall. v6.2

TEST METHODOLOGY. Web Application Firewall. v6.2 TEST METHODOLOGY Web Application Firewall v6.2 Table of Contents 1 Introduction... 4 1.1 The Need for Web Application Firewalls... 4 1.2 About This Test Methodology and Report... 4 1.3 Inclusion Criteria...

More information

Internet Explorer Exploit Protection ENTERPRISE BRIEFING REPORT

Internet Explorer Exploit Protection ENTERPRISE BRIEFING REPORT Internet Explorer Exploit Protection ENTERPRISE BRIEFING REPORT TESTED PRODUCTS: AVG Internet Security Network Edition v8.0 Kaspersky Total Space Security v6.0 McAfee Total Protection for Endpoint Sophos

More information

Evolutions in Browser Security

Evolutions in Browser Security ANALYST BRIEF Evolutions in Browser Security TRENDS IN BROWSER SECURITY PERFORMANCE Author Randy Abrams Overview This analyst brief aggregates results from NSS Labs tests conducted between 2009 and 2013

More information

An Old Dog Had Better Learn Some New Tricks

An Old Dog Had Better Learn Some New Tricks ANALYST BRIEF An Old Dog Had Better Learn Some New Tricks PART 2: ANTIVIRUS EVOLUTION AND TECHNOLOGY ADOPTION Author Randy Abrams Overview Endpoint protection (EPP) products are ineffective against many

More information

The CISO s Guide to the Importance of Testing Security Devices

The CISO s Guide to the Importance of Testing Security Devices ANALYST BRIEF The CISO s Guide to the Importance of Testing Security Devices Author Bob Walder Overview Selecting security products is a complex process that carries significant risks if not executed correctly;

More information

TEST METHODOLOGY. SSL/TLS Performance. v1.0

TEST METHODOLOGY. SSL/TLS Performance. v1.0 TEST METHODOLOGY SSL/TLS Performance v1.0 Table of Contents 1 Introduction... 3 1.1 The Need for SSL/TLS Performance Testing... 3 1.2 About This Test Methodology... 3 1.3 Inclusion Criteria... 3 2 SSL/TLS

More information

TEST METHODOLOGY. Distributed Denial-of-Service (DDoS) Prevention. v2.0

TEST METHODOLOGY. Distributed Denial-of-Service (DDoS) Prevention. v2.0 TEST METHODOLOGY Distributed Denial-of-Service (DDoS) Prevention v2.0 Table of Contents 1 Introduction... 4 1.1 The Need for Distributed Denial-of-Service Prevention... 4 1.2 About This Test Methodology

More information

TEST METHODOLOGY. Hypervisors For x86 Virtualization. v1.0

TEST METHODOLOGY. Hypervisors For x86 Virtualization. v1.0 TEST METHODOLOGY Hypervisors For x86 Virtualization v1.0 Table of Contents 1 Introduction... 4 1.1 The Need For Virtualization... 4 1.2 About This Test Methodology And Report... 4 1.3 Inclusion Criteria...

More information

Why Is DDoS Prevention a Challenge?

Why Is DDoS Prevention a Challenge? ANALYST BRIEF Why Is DDoS Prevention a Challenge? PROTECTING AGAINST DISTRIBUTED DENIAL-OF-SERVICE ATTACKS Authors Andrew Braunberg, Mike Spanbauer Overview Over the past decade, the threat landscape has

More information

TEST METHODOLOGY. Network Firewall Data Center. v1.0

TEST METHODOLOGY. Network Firewall Data Center. v1.0 TEST METHODOLOGY Network Firewall Data Center v1.0 Table of Contents 1 Introduction... 4 1.1 The Need for Firewalls In The Data Center... 4 1.2 About This Test Methodology and Report... 4 1.3 Inclusion

More information

FIREWALL COMPARATIVE ANALYSIS. Tested Products. Overview. Security Value Map (SVM)

FIREWALL COMPARATIVE ANALYSIS. Tested Products. Overview. Security Value Map (SVM) FIREWALL COMPARATIVE ANALYSIS Security Value Map (SVM) 2013 Frank Artes, Thomas Skybakmoen, Bob Walder, Vikram Phatak, Ryan Liles Tested Products Barracuda F800, Check Point 12600, Cyberoam CR2500iNG,

More information

Is Your Browser Putting You at Risk?

Is Your Browser Putting You at Risk? ANALYST BRIEF Is Your Browser Putting You at Risk? PART 2: CLICK FRAUD Authors Francisco Artes, Stefan Frei, Ken Baylor, Jayendra Pathak, Bob Walder Overview The US online advertising market in 2011 was

More information

Multiple Drivers For Cyber Security Insurance

Multiple Drivers For Cyber Security Insurance ANALYST BRIEF Multiple Drivers For Cyber Security Insurance EXPECTATIONS PLACED ON INSURANCE CARRIERS RISE WITH MARKET GROWTH Author Andrew Braunberg Overview There has been considerable good news for

More information

NEXT GENERATION INTRUSION PREVENTION SYSTEM (NGIPS) TEST REPORT

NEXT GENERATION INTRUSION PREVENTION SYSTEM (NGIPS) TEST REPORT NEXT GENERATION INTRUSION PREVENTION SYSTEM (NGIPS) TEST REPORT Fortinet FortiGate-1500D FortiOS v5.2.2 build 642 Author Ty Smith Overview NSS Labs performed an independent test of the Fortinet FortiGate-1500D

More information

TEST METHODOLOGY. Distributed Denial- of- Service (DDoS) Prevention. v1.0

TEST METHODOLOGY. Distributed Denial- of- Service (DDoS) Prevention. v1.0 TEST METHODOLOGY Distributed Denial- of- Service (DDoS) Prevention v1.0 Table of Contents 1 Introduction... 5 1.1 The Need for Distributed Denial- of- Service Prevention... 5 1.2 About This Test Methodology

More information

NEXT GENERATION FIREWALL PRODUCT ANALYSIS

NEXT GENERATION FIREWALL PRODUCT ANALYSIS NEXT GENERATION FIREWALL PRODUCT ANALYSIS Cisco ASA 5585- X SSP60 v5.3.1 Authors Joseph Pearce, Christopher Conrad Overview NSS Labs performed an independent test of the Cisco ASA 5585- X SSP60 v5.3.1.

More information

NEXT GENERATION FIREWALL PRODUCT ANALYSIS

NEXT GENERATION FIREWALL PRODUCT ANALYSIS NEXT GENERATION FIREWALL PRODUCT ANALYSIS Palo Alto Networks PA- 3020 v6.0.5- h3 Authors Christopher Conrad, Joseph Pearce Overview NSS Labs performed an independent test of the Palo Alto Networks PA-

More information

Achieve Deeper Network Security

Achieve Deeper Network Security Achieve Deeper Network Security Dell Next-Generation Firewalls Abstract Next-generation firewalls (NGFWs) have taken the world by storm, revolutionizing network security as we once knew it. Yet in order

More information

NEXT GENERATION FIREWALL TEST REPORT

NEXT GENERATION FIREWALL TEST REPORT NEXT GENERATION FIREWALL TEST REPORT Check Point Software Technologies, Ltd. 13800 Next Generation Firewall Appliance vr77.20 Author Timothy Otto Overview NSS Labs performed an independent test of the

More information

Mobile App Containers: Product Or Feature?

Mobile App Containers: Product Or Feature? ANALYST BRIEF Mobile App Containers: Product Or Feature? APPLE AND SAMSUNG HAVE TAKEN BIG STEPS WITH CONTAINERIZATION Author Andrew Braunberg Overview Secure workspaces, or containers, used for isolating

More information

BROWSER SECURITY COMPARATIVE ANALYSIS

BROWSER SECURITY COMPARATIVE ANALYSIS BROWSER SECURITY COMPARATIVE ANALYSIS Privacy Settings 2013 Randy Abrams, Jayendra Pathak Tested Vendors Apple, Google, Microsoft, Mozilla Overview Privacy is an issue on the front lines of the browser

More information

Achieve Deeper Network Security and Application Control

Achieve Deeper Network Security and Application Control Achieve Deeper Network Security and Application Control Dell Next-Generation Firewalls Abstract Next-generation firewalls (NGFWs) have emerged to revolutionize network security as we once knew it. Yet

More information

TEST METHODOLOGY. Data Center Firewall. v2.0

TEST METHODOLOGY. Data Center Firewall. v2.0 TEST METHODOLOGY Data Center Firewall v2.0 Table of Contents 1 Introduction... 4 1.1 The Need for Firewalls in the Data Center... 4 1.2 About This Test Methodology and Report... 4 1.3 Inclusion Criteria...

More information

2010 White Paper Series. Layer 7 Application Firewalls

2010 White Paper Series. Layer 7 Application Firewalls 2010 White Paper Series Layer 7 Application Firewalls Introduction The firewall, the first line of defense in many network security plans, has existed for decades. The purpose of the firewall is straightforward;

More information

Best Practices in Deploying Anti-Malware for Best Performance

Best Practices in Deploying Anti-Malware for Best Performance The Essentials Series: Increasing Performance in Enterprise Anti-Malware Software Best Practices in Deploying Anti-Malware for Best Performance sponsored by by Eric Schmidt Be st Practices in Deploying

More information

The Business Case for Security Information Management

The Business Case for Security Information Management The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un

More information

Market Segment Definitions

Market Segment Definitions Market Segment Definitions Author Joshua Mittler Overview In addition to product testing, NSS Labs quantitatively evaluates market size for each of the product categories tested. NSS provides metrics that

More information

Wie Cyber-Kriminelle IT-Security Systeme umgehen. Andreas Maar Senior Security Engineer

Wie Cyber-Kriminelle IT-Security Systeme umgehen. Andreas Maar Senior Security Engineer Wie Cyber-Kriminelle IT-Security Systeme umgehen Andreas Maar Senior Security Engineer Stonesoft in brief Global Solution provider World-class Customer Support Track record of technology innovation Average

More information

Mingyu Web Application Firewall (DAS- WAF) - - - All transparent deployment for Web application gateway

Mingyu Web Application Firewall (DAS- WAF) - - - All transparent deployment for Web application gateway Mingyu Web Application Firewall (DAS- WAF) - - - All transparent deployment for Web application gateway All transparent deployment Full HTTPS site defense Prevention of OWASP top 10 Website Acceleration

More information

NETWORK FIREWALL PRODUCT ANALYSIS

NETWORK FIREWALL PRODUCT ANALYSIS NETWORK FIREWALL PRODUCT ANALYSIS Fortinet 800c FortiOS v4.3.8 build632 2012 1 Introduction Firewall technology is one of the largest and most mature security markets. Firewalls have undergone several

More information

NETWORK INTRUSION PREVENTION SYSTEM

NETWORK INTRUSION PREVENTION SYSTEM NETWORK INTRUSION PREVENTION SYSTEM PRODUCT ANALYSIS Fortinet FortiGate 3240C METHODOLOGY VERSION: 6.2 Independent & unsponsored test report. This and other related documents available at: http://www.nsslabs.com/ips

More information

OLLI-PEKKA NIEMI & ANTTI LEVOMÄKI Bypassing Intrusion Prevention Systems

OLLI-PEKKA NIEMI & ANTTI LEVOMÄKI Bypassing Intrusion Prevention Systems OLLI-PEKKA NIEMI & ANTTI LEVOMÄKI Bypassing Intrusion Prevention Systems Who?! ANTTI LEVOMÄKI! Stonesoft R&D! Evasion Research & TCP/IP Black Arts! Postgraduate student at Aalto University! OLLI-PEKKA

More information

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture

More information

THIRD BRIGADE DEEP SECURITY HOST INTRUSION PREVENTION SYSTEM (WINDOWS SERVER 2003) PRODUCT REPORT ON PCI SUITABILITY

THIRD BRIGADE DEEP SECURITY HOST INTRUSION PREVENTION SYSTEM (WINDOWS SERVER 2003) PRODUCT REPORT ON PCI SUITABILITY THIRD BRIGADE DEEP SECURITY HOST INTRUSION PREVENTION SYSTEM (WINDOWS SERVER 2003) PRODUCT REPORT ON PCI SUITABILITY HOST INTRUSION PREVENTION (HIPS) NSS LABS CRITERIA VERSION: 1.2 PCI DSS 1.1 APRIL 6,

More information

REV: 0.1.1 (July 2011) McAfee Security: Intrusion Prevention System

REV: 0.1.1 (July 2011) McAfee Security: Intrusion Prevention System McAfee Security: Intrusion Prevention System REV: 0.1.1 (July 2011) 1 Contents 1. McAfee Network Security Platform...3 2. McAfee Host Intrusion Prevention for Server...4 2.1 Network IPS...4 2.2 Workload

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

Securing Endpoints without a Security Expert

Securing Endpoints without a Security Expert How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Securing Endpoints without a Security Expert sponsored by Introduction to Realtime Publishers by Don Jones, Series

More information

Deep Security Vulnerability Protection Summary

Deep Security Vulnerability Protection Summary Deep Security Vulnerability Protection Summary Trend Micro, Incorporated This documents outlines the process behind rules creation and answers common questions about vulnerability coverage for Deep Security

More information

NETWORK INTRUSION PREVENTION SYSTEM

NETWORK INTRUSION PREVENTION SYSTEM NETWORK INTRUSION PREVENTION SYSTEM PRODUCT ANALYSIS McAfee Network Security Platform (NSP) M-8000 Version 6.1 METHODOLOGY VERSION: 6.2 Independent & unsponsored test report. This and other related documents

More information

Beyond the Hype: Advanced Persistent Threats

Beyond the Hype: Advanced Persistent Threats Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,

More information

Barracuda Intrusion Detection and Prevention System

Barracuda Intrusion Detection and Prevention System Providing complete and comprehensive real-time network protection Today s networks are constantly under attack by an ever growing number of emerging exploits and attackers using advanced evasion techniques

More information

FIREWALLS VIEWPOINT 02/2006

FIREWALLS VIEWPOINT 02/2006 FIREWALLS VIEWPOINT 02/2006 31 MARCH 2006 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) a predecessor organisation to the Centre for the Protection

More information

Streamlining Web and Email Security

Streamlining Web and Email Security How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Streamlining Web and Email Security sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor

More information

Effectiveness of blocking evasions in Intrusion Prevention Systems. White Paper. April, 2013. Konstantinos Xynos, Iain Sutherland, Andrew Blyth

Effectiveness of blocking evasions in Intrusion Prevention Systems. White Paper. April, 2013. Konstantinos Xynos, Iain Sutherland, Andrew Blyth Effectiveness of blocking evasions in Intrusion Prevention Systems White Paper April, 2013 Konstantinos Xynos, Iain Sutherland, Andrew Blyth University of South Wales, Pontypridd, Wales. 2013 Copyright

More information

Cloud Based Secure Web Gateway

Cloud Based Secure Web Gateway Cloud Based Secure Web Gateway DR160203 March 2016 Miercom www.miercom.com Contents Executive Summary... 3 Introduction... 4 Product Tested... 4 Test Focus... 4 How We Did It... 5 Test Bed Setup... 5 Test

More information

Architecture Overview

Architecture Overview Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and

More information

BluVector Cyber Threat Detection and Hunting Platform

BluVector Cyber Threat Detection and Hunting Platform BluVector Cyber Threat Detection and Hunting Platform DR160205D June 2016 Miercom www.miercom.com Contents Executive Summary... 3 Overview... 4 Product Tested... 4 Test Focus... 4 How We Did It... 5 Detection...

More information

Symantec Endpoint Protection 11.0 Architecture, Sizing, and Performance Recommendations

Symantec Endpoint Protection 11.0 Architecture, Sizing, and Performance Recommendations Symantec Endpoint Protection 11.0 Architecture, Sizing, and Performance Recommendations Technical Product Management Team Endpoint Security Copyright 2007 All Rights Reserved Revision 6 Introduction This

More information

Host Anti-Malware Performance COMPARATIVE TEST REPORT

Host Anti-Malware Performance COMPARATIVE TEST REPORT Host Anti-Malware Performance COMPARATIVE TEST REPORT HOST MALWARE PROTECTION METHODOLOGY VERSION: 2 JANUARY 16, 2009 Published by NSS Labs. 2009 NSS Labs CONTACT: 5115 Avenida Encinas Suite H Carlsbad,

More information

NETWORK FIREWALL TEST METHODOLOGY 3.0. To receive a licensed copy or report misuse, Please contact NSS Labs at: +1 512-961-5300 or advisor@nsslabs.

NETWORK FIREWALL TEST METHODOLOGY 3.0. To receive a licensed copy or report misuse, Please contact NSS Labs at: +1 512-961-5300 or advisor@nsslabs. NETWORK FIREWALL TEST METHODOLOGY 3.0 To receive a licensed copy or report misuse, Please contact NSS Labs at: +1 512-961-5300 or advisor@nsslabs.com 2011 NSS Labs, Inc. All rights reserved. No part of

More information

Symantec AntiVirus Corporate Edition Patch Update

Symantec AntiVirus Corporate Edition Patch Update Symantec AntiVirus Corporate Edition Patch Update Symantec AntiVirus Corporate Edition Update Documentation version 10.0.1.1007 Copyright 2005 Symantec Corporation. All rights reserved. Symantec, the Symantec

More information

VULNERABILITY MANAGEMENT

VULNERABILITY MANAGEMENT Vulnerability Management (VM) software differ in the richness of reporting, and the capabilities for application and security configuration assessment. Companies must consider how a VM technology will

More information

How to Protect against the Threat of Spearphishing Attacks

How to Protect against the Threat of Spearphishing Attacks ANALYST BRIEF How to Protect against the Threat of Spearphishing Attacks Author Randy Abrams Overview NSS Labs researchers have identified spearphishing as the most common targeted method sophisticated

More information

PATCH MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region

PATCH MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region PATCH MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001 001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110

More information

Best Practices for Log File Management (Compliance, Security, Troubleshooting)

Best Practices for Log File Management (Compliance, Security, Troubleshooting) Log Management: Best Practices for Security and Compliance The Essentials Series Best Practices for Log File Management (Compliance, Security, Troubleshooting) sponsored by Introduction to Realtime Publishers

More information

Dell One Identity Cloud Access Manager 8.0.1- How to Configure for High Availability

Dell One Identity Cloud Access Manager 8.0.1- How to Configure for High Availability Dell One Identity Cloud Access Manager 8.0.1- How to Configure for High Availability May 2015 Cloning the database Cloning the STS host Cloning the proxy host This guide describes how to extend a typical

More information

Best Practices for Running Symantec Endpoint Protection 12.1 on the Microsoft Azure Platform

Best Practices for Running Symantec Endpoint Protection 12.1 on the Microsoft Azure Platform TECHNICAL BRIEF: BEST PRACTICES GUIDE FOR RUNNING SEP ON.... AZURE.................................... Best Practices for Running Symantec Endpoint Protection 12.1 on the Microsoft Azure Platform Who should

More information

Guideline on Vulnerability and Patch Management

Guideline on Vulnerability and Patch Management CMSGu2014-03 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Vulnerability and Patch Management National Computer Board

More information

Symantec Advanced Threat Protection: Network

Symantec Advanced Threat Protection: Network Symantec Advanced Threat Protection: Network DR150218C April 2015 Miercom www.miercom.com Contents 1.0 Executive Summary... 3 2.0 Overview... 4 2.1 Products Tested... 4 2.2. Malware Samples... 5 3.0 How

More information

DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION

DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION Stephen Gates Chief Security Evangelist Corero Network Security Session ID: SEC-W04 Session Classification: Intermediate Recent Headlines Are Denial of

More information

TEST METHODOLOGY. Secure Web Gateway (SWG) v1.5.1

TEST METHODOLOGY. Secure Web Gateway (SWG) v1.5.1 TEST METHODOLOGY Secure Web Gateway (SWG) v1.5.1 Table of Contents 1 Introduction... 4 1.1 The Need for Secure Web Gateways... 4 1.2 About This Test Methodology... 4 1.3 Inclusion Criteria... 5 1.4 Deployment...

More information

10 easy steps to secure your retail network

10 easy steps to secure your retail network 10 easy steps to secure your retail network Simple step-by-step IT solutions for small business in retail to leverage advanced protection technology in ways that are affordable, fast and easy October 2015

More information

IBM Advanced Threat Protection Solution

IBM Advanced Threat Protection Solution IBM Advanced Threat Protection Solution Fabio Panada IBM Security Tech Sales Leader 1 Advanced Threats is one of today s key mega-trends Advanced Threats Sophisticated, targeted attacks designed to gain

More information

Types of cyber-attacks. And how to prevent them

Types of cyber-attacks. And how to prevent them Types of cyber-attacks And how to prevent them Introduction Today s cybercriminals employ several complex techniques to avoid detection as they sneak quietly into corporate networks to steal intellectual

More information

INSIDE. Management Process. Symantec Corporation TM. Best Practices Roles & Responsibilities. Vulnerabilities versus Exposures.

INSIDE. Management Process. Symantec Corporation TM. Best Practices Roles & Responsibilities. Vulnerabilities versus Exposures. Symantec Corporation TM Symantec Product Vulnerability Management Process Best Practices Roles & Responsibilities INSIDE Vulnerabilities versus Exposures Roles Contact and Process Information Threat Evaluation

More information

Cloud- Based Security Is Here to Stay

Cloud- Based Security Is Here to Stay ANALYST BRIEF Cloud- Based Security Is Here to Stay HOSTED SECURITY IS BECOMING A PART OF THE SECURITY INFRASTRUCTURE Author Rob Ayoub Overview As the popularity of cloud- based services has grown, so

More information

SourceFireNext-Generation IPS

SourceFireNext-Generation IPS D Ů V Ě Ř U J T E S I L N Ý M SourceFireNext-Generation IPS Petr Salač CCNP Security, CCNP, CICSP, CCSI #33835 petr.salac@alefnula.com Our Customers Biggest Security Challenges Maintaining security posture

More information

The Evolving Threat Landscape and New Best Practices for SSL

The Evolving Threat Landscape and New Best Practices for SSL The Evolving Threat Landscape and New Best Practices for SSL sponsored by Dan Sullivan Chapter 2: Deploying SSL in the Enterprise... 16 Infrastructure in Need of SSL Protection... 16 Public Servers...

More information

Intrusion Detection Systems

Intrusion Detection Systems Intrusion Detection Systems Assessment of the operation and usefulness of informatics tools for the detection of on-going computer attacks André Matos Luís Machado Work Topics 1. Definition 2. Characteristics

More information

Total Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security

Total Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security Total Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security White Paper September 2003 Abstract The network security landscape has changed dramatically over the past several years. Until

More information

SPEAR PHISHING UNDERSTANDING THE THREAT

SPEAR PHISHING UNDERSTANDING THE THREAT SPEAR PHISHING UNDERSTANDING THE THREAT SEPTEMBER 2013 Due to an organisation s reliance on email and internet connectivity, there is no guaranteed way to stop a determined intruder from accessing a business

More information

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness CISP BULLETIN Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness November 21, 2006 To support compliance with the Cardholder Information Security Program (CISP), Visa USA

More information

On-Premises DDoS Mitigation for the Enterprise

On-Premises DDoS Mitigation for the Enterprise On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has

More information

Module 1: Introduction to Designing Security

Module 1: Introduction to Designing Security Module 1: Introduction to Designing Security Table of Contents Module Overview 1-1 Lesson 1: Overview of Designing Security for Microsoft Networks 1-2 Lesson 2: Introducing Contoso Pharmaceuticals: A Case

More information

HP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide

HP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide HP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide Product overview... 3 Vulnerability scanning components... 3 Vulnerability fix and patch components... 3 Checklist... 4 Pre-installation

More information

Software- Defined Networking: Beyond The Hype, And A Dose Of Reality

Software- Defined Networking: Beyond The Hype, And A Dose Of Reality ANALYST BRIEF Software- Defined Networking: Beyond The Hype, And A Dose Of Reality Author Mike Spanbauer Overview Server virtualization has brought the network to its knees. Legacy architectures are unable

More information

The Importance of Cybersecurity Monitoring for Utilities

The Importance of Cybersecurity Monitoring for Utilities The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive

More information

Protecting the Infrastructure: Symantec Web Gateway

Protecting the Infrastructure: Symantec Web Gateway Protecting the Infrastructure: Symantec Web Gateway 1 Why Symantec for Web Security? Flexibility and Choice Best in class hosted service, appliance, and virtual appliance (upcoming) deployment options

More information

Network Security Equipment The Ever Changing Curveball

Network Security Equipment The Ever Changing Curveball Network Security Equipment The Ever Changing Curveball breakingpointsystems.com This document contains information that is the property of BreakingPoint Systems, Inc. This information may not be copied,

More information

Reference Architecture: Enterprise Security For The Cloud

Reference Architecture: Enterprise Security For The Cloud Reference Architecture: Enterprise Security For The Cloud A Rackspace Whitepaper Reference Architecture: Enterprise Security for the Cloud Cover Table of Contents 1. Introduction 2 2. Network and application

More information

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION THE NEXT (FRONT) TIER IN SECURITY When conventional security falls short, breach detection systems and other tier 2 technologies can bolster your network s defenses. By John Pirc THREAT HAS moved beyond

More information

Towards End-to-End Security

Towards End-to-End Security Towards End-to-End Security Thomas M. Chen Dept. of Electrical Engineering Southern Methodist University PO Box 750338 Dallas, TX 75275-0338 USA Tel: 214-768-8541 Fax: 214-768-3573 Email: tchen@engr.smu.edu

More information

The Hillstone and Trend Micro Joint Solution

The Hillstone and Trend Micro Joint Solution The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry

More information