1 White Paper Integrated Network Security Architecture: Threat-focused Nextgeneration Firewall By Jon Oltsik, Senior Principal Analyst September 2014 This ESG White Paper was commissioned by Cisco Systems and is distributed under license from ESG.
2 White Paper: Integrated Network Security Architecture 2 Contents Executive Summary... 3 Network Security Challenges... 3 The Network Security Gap... 4 Enterprise Organizations Need an Integrated Threat-focused Network Security Architecture... 5 Central Command and Control... 6 Distributed Enforcement... 6 Integrated Actionable Intelligence... 7 Cisco Network Security Architecture: Threat-focused Next-generation Firewall... 8 The Bigger Truth... 9 All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are subject to change from time to time. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of The Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at
3 White Paper: Integrated Network Security Architecture 3 Executive Summary Most large organizations address network security with an army of tactical point tools like firewalls, VPN gateways, IDSs/IPSs, network proxies, malware sandboxes, web and gateways, etc. This messy array of independent technologies was adequate ten years ago, but now presents a plethora of operational, policy enforcement, and monitoring challenges. Worse yet, network security defenses are becoming less and less effective at blocking targeted and sophisticated threats and advanced malware attacks. How bad have things gotten and what should CISOs do to address these issues? Network security is growing more difficult. Security professionals fight through a myriad of day-to-day network security challenges around overlapping processes and controls, too many point tools, too many manual processes, and not enough security skills. Given all of these new and historical problems, today s network security is a mismatch for enterprise requirements. Modern network security tools aren t enough alone. Many organizations are embracing new network security tools like next-generation firewalls (NGFWs). Yes, NGFWs can improve security but they too often focus on limited application controls rather than providing more holistic protection against cybersecurity threats. Additionally, single tools such as malware analysis sandboxes remain tactical because they can t provide protection or enhance security visibility across the network or out into the cloud. Large organizations need an interoperable network security architecture. Enterprises need an integrated network security architecture that is more threat-centric, offers scalability, automates manual processes, and replaces point tools with interoperable network security services. A network security architecture should include central command and control, distributed enforcement, and integrated actionable intelligence. Network Security Challenges Large organizations are rapidly transforming their legacy IT infrastructures with the addition of new initiatives like cloud computing, big data analytics, mobility, and Internet of things (IoT) applications. All of these changes present a number of network security challenges for enterprise organizations (see Figure 1). 1 CISOs often struggle with network security because of: Too many disparate solutions and technology silos. Nearly one-third (31%) of organizations are challenged by a lack of cohesiveness across network security policies and controls, 28% have issues with too many overlapping policies and controls, and 26% struggle with too many independent tools. This disjointed mess of disparate solutions and technology silos makes it difficult to prevent, detect, or remediate security incidents. An abundance of manual processes. ESG data indicates that the security staff is often putting out fires rather than attending to network security with more proactive policies or procedures. Additionally, 24% of organizations say that are challenged by too many manual processes. The combination of firefighting and manual processes can t possibly scale to meet today s risk management and emergency response requirements for network security. A network security skills shortage. ESG data also indicates that 24% of organizations are challenged by a lack of staff dedicated to network security, while 21% say that they lack the right network security skills. Given the global shortage of cybersecurity skills, this is a recipe for disaster. 1 Source: ESG Research Report, Network Security Trends in the Era of Cloud and Mobile Computing, August 2014.
4 White Paper: Integrated Network Security Architecture 4 Figure 1. Network Security Challenges Which of the following would you consider your organization s biggest network security challenges? (Percent of respondents, N=397, five responses accepted) IT initiatives are being adopted without the proper network security oversight or controls in place 39% Network security policies and controls are not cohesive as they must be implemented across many different security and networking technologies Too many overlapping controls and processes tend to cause problems Security staff is too busy responding to alerts/events and not enough time with training, planning, or network security strategy Security policies that are too complex and can t be enforced with the current network security processes and controls Too many independent tools 31% 28% 27% 26% 26% A lack of adequate network monitoring 25% Issues related to the working relationship between the networking and security teams 25% A lack of IT staff dedicated to network security 24% Too many manual processes 24% Security policies that are too generic and thus introduce more IT risk than they should A lack of the right network security skills within the security/networking staff 21% 24% 0% 10% 20% 30% 40% 50% Source: Enterprise Strategy Group, The Network Security Gap CEOs and corporate directors must understand that network security challenges are part of a much bigger problem around cybersecurity risk management. Legacy network security based upon technology silos and manual processes, and requiring advanced security skills, can t scale to address the volume, variety, and sophistication of today s cyber-threats. Disconnected solutions contain blind spots that sophisticated attacks exploit. This is one reason why so many enterprises suffer security breaches: Hackers simply take advantage of these network security weaknesses, fly under the radar to circumvent network security controls, and compromise IT assets. Once
5 White Paper: Integrated Network Security Architecture 5 hackers establish a successful beachhead, they often remain invisible for months at a time as they navigate across networks, gain access to business-critical systems, and ultimately steal sensitive data. In the past, CISOs tended to address cybersecurity threats with incremental network security technologies, processes, and staff, but this is no longer an appropriate strategy. Simply stated, cyber-threats are growing exponentially as a function of new technologies and advances in exploit techniques. Alternatively, incremental network security investments provide a marginal increase in security protection, especially in light of the operational challenges previously discussed. This situation creates a network security gap where IT risk grows on a daily basis (see Figure 2). Figure 2. Tactical Network Security Creates a Growing IT Risk Gap Source: Enterprise Strategy Group, Enterprise Organizations Need an Integrated Threat-focused Network Security Architecture Large organizations face a growing conundrum: Enterprise networks must be available, scalable, dynamic, and open to anchor today s IT and business processes, but this model has led to an alarming rise in cybersecurity risk. Legacy network security controls are no match for this fluid IT environment and changing threat landscape. So what s needed? ESG believes that network security requirements demand a new approach for network security. Moving forward, CISOs need to think of network security in terms of a new architectural model that spans from edge to core to cloud. ESG defines an integrated network security architecture as: An integrated system of network security hardware and software, where any security service can be applied at any point on an internal or extended network as a physical or virtual form factor. A network security architecture also provides underlying communications so that all security services and components can share and react to information in real time to fine-tune security controls, detect security events, and remediate compromised systems.
6 White Paper: Integrated Network Security Architecture 6 A threat-focused integrated network security architecture is based upon the same types of firewalls (nextgeneration firewalls and standard firewalls), IDSs/IPSs, and other security technologies in use today. The major difference, however, is that individual devices interoperate and cooperate more fluidly across the network, sharing their telemetry intelligence and, by doing so, continually informing one another and better acting in unison. Additionally, network security functions like firewalling or IDS/IPS can be thought of as services and applied consistently across the LAN, corporate data center, or external cloud provider where and when they are needed. To truly provide for integration, comprehensive coverage, and interoperability, a threat-focused integrated network security architecture must be based upon three things: 1. Central command and control. 2. Distributed enforcement. 3. Integrated actionable intelligence. Central Command and Control One of the primary challenges associated with legacy network security technology is related to management and operations. Each network security device has its own policy engine, provisioning, configuration, and reporting, causing a few major problems associated with operational overhead and redundant tasks. What s more, it is difficult if not impossible to piece together the status of enterprise security by looking at an assortment of tactical reports. To alleviate these problems, an integrated network security architecture must start with central command and control for: Service management. Provisioning, configuring, and changing network security services must be managed centrally, supported by an intuitive GUI and workflow engine, and interoperate with other IT operations tools. For example, network security professionals should have the ability to provision and configure firewall rules, VLANs, and router/switch ACLs from a single GUI. This alone should simplify network security controls, enhance protection, and streamline network security operations. Interoperability with server virtualization and cloud orchestration. Higher-level tools for configuring virtual workloads for VMware, Hyper-V, OpenStack, or AWS need to be supported with appropriate network security controls. With central command and control, a network security architecture should offer the appropriate APIs to align cloud benefits like rapid provisioning and self-service with the appropriate layers of network security protection. Monitoring and reporting. Aside from management and operations functions, an integrated network security architecture should also offer central monitoring and reporting aligned with activities like event management. Security analysts should have the ability to pivot from one report to another or correlate multiple reports quickly for a more accurate and timely view of network security status. To alleviate blind spots, central monitoring and reporting should also monitor virtual and cloud-based controls along with physical network security devices. Advanced visibility. Beyond monitoring, security analysts need a depth of visibility into their environments in order to spot multi-vector threats and to see what users, applications, content, and devices are on the network and what each are doing to implement effective security policy to accelerate threat detection and response. Distributed Enforcement With central command and control, CISOs can create global security policies, but these policies will still need to be enforced by various security services residing throughout the network. An integrated network security architecture also provides for this requirement with:
7 White Paper: Integrated Network Security Architecture 7 Support for any form factor in any location. Network security services must be available in any location, in any form factor, and in any combination. This allows the security team to apply granular network security policies to network segments, flows, applications, or specific groups of users. For example, retail companies can use a combination of physical and virtual network security controls to ensure that POS systems can only connect with specific IP addresses through a combination of firewalls, IDSs/IPSs, and advanced malware detection tools. Alternatively, users on the corporate LAN can receive different access policies than those working at home across public networks. A portfolio of network security services. A network security architecture must perform L2-7 tasks, and support all types of packet filtering at any point in LAN, WAN, or cloud. Packet filtering is a broad category here and includes inspecting for threats such as viruses, worms, DDoS attacks, SPAM, phishing, web threats, content leakages, and application-layer attacks. The combination of multiple form factors and multiple services lets enterprises create superior layered security stacks that can be tailored to different network flows, user groups, and mobility requirements or rapidly adjusted to address new types of threats. Network and endpoint security integration. In the past, network and endpoint security were often managed by different security groups using disparate processes and tools, but given the current insidious threat landscape, this no longer makes sense. To bridge this gap, a network security architecture should provide tight integration between network and endpoint prevention controls and detection analytics. For example, application controls should be consistent across NGFWs and endpoints to protect sensitive assets when users connect to the network via the corporate LAN or from remote public networks across the globe. To improve incident detection, analysis sandboxes should interoperate with endpoint agents to correlate anomalous suspicious network traffic with anomalous system activities. Integrated Actionable Intelligence While network security technologies like web threat devices, IDSs/IPSs, and antivirus gateways depend upon signature and intelligence updates from the cloud, many other network security technologies are contingent upon security personnel for configuration changes or writing new rules for blocking network connections. Alternatively, an integrated network security architecture is designed from the start to be intelligence-driven as it is: Based upon a number of diverse data sources. While SIEM systems typically perform security analytics based upon log events, a network security architecture will offer a rich variety of other types of data for analysis. These include network staples like NetFlow and full packet capture, but also detailed data on endpoint forensics and profiling, user/device access patterns, and cloud application auditing. When combined, correlated, and analyzed correctly, this new data can help organizations improve risk management and accelerate incident detection/response. Integrated with cloud-based threat intelligence. A network security architecture should extend to cloudbased threat intelligence, detailing things like software vulnerabilities, bad IP addresses, rogue URLs, known C&C channels, malicious files, indicators of compromise (IoCs), and rapidly changing attack patterns. Built for automation. Ultimately, a network security architecture takes advantage of internal and external security intelligence to help organizations automate their network security defenses. For example, anomalous traffic in the data center can trigger an automated firewall rule that terminates flows based upon a combination of factors like source IP, port, protocol, and DNS activities. Alternatively, when malware is detected, the network can review file downloads and retroactively discover and remediate endpoints that downloaded suspect files from particular URLs. Automated remediation activities like these can lead to continuous improvement in network security controls and help systematize security investigations for more rapid response. In aggregate, a network security architecture can not only address existing challenges, but also provide business, IT, and security benefits (see Table 1).
8 White Paper: Integrated Network Security Architecture 8 Table 1. Network Security Architectures Characteristics Network Security Architecture Property Central command and control Distributed enforcement Integrated actionable intelligence Details Functionality Benefits Service management, cloud/server virtualization orchestration interoperability, central monitoring and reporting Any network security service, any location, any form factor, integration between network and endpoint security Diverse data sources including baked-in cloudbased threat intelligence Centralizes policy management, provisioning, configuration management, change management, event management, etc. Coordination across network services, extension of security policy enforcement to the cloud Streamlined security operations, ease-of-use, central control and visibility across all network security elements independent of location or form factor Tailored layered security for various use cases to protect users, devices, and applications, can be easily enhanced or modified for new types of threats Allows security team to Provides granular details make decisions based about application traffic, upon real-time network traffic, endpoint intelligence, provides for activities, and new threats automation for in the wild remediation processes Source: Enterprise Strategy Group, Cisco Network Security Architecture: Threat-focused Next-generation Firewall While Cisco Systems has always been recognized for its network security products, the company has had to evolve its technology vision in order to keep up with burgeoning enterprise requirements and an increasingly dangerous threat landscape. In pursuit of this goal, Cisco made a bold move in 2013 with its acquisition of network security innovator Sourcefire. While the Cisco/Sourcefire merger brought together two network security giants, there was still a lot of work ahead to integrate the technologies to form the type of enterprise-class network security architecture described previously. This effort is now starting to bear fruit with the announcement of Cisco ASA with Firepower Services. With the combination of Cisco ASA firewall and Sourcefire s next-generation IPS and advanced malware protection in a single device, Cisco now offers a comprehensive set of network security services for: Granular application visibility and control. Like other NGFWs, Cisco can detect and report on application connections and apply granular control policies based upon users, groups, devices, etc. Now with FirePOWER, Cisco will likely extend its application visibility and control throughout the network and integrate these capabilities with other Cisco assets like TrustSec and its Identity Services Engine (ISE). Threat-centric protection across the network and endpoints. Cisco s network security architecture includes comprehensive threat protection and advanced malware detection/prevention functions using FirePOWER for network protection and FireAMP for endpoint security coverage. Threat detection/prevention is further enhanced with FirePOWER NGIPS, reputation- and category-based URL filtering, and its wide-ranging threat intelligence. FireAMP can also track endpoint activity for historical analysis. When a new malware file is discovered, FireAMP can apply retrospective security policies to identify and fix endpoints that encountered the file in the past. Finally, Cisco combines IPS events, threat
9 White Paper: Integrated Network Security Architecture 9 intelligence, and malware events to provide detailed IoCs that can help the security team improve or automate security investigations and remediation processes. Multiple security services with end-to-end visibility. Cisco now offers a full portfolio of physical and virtual security services for firewalling, application control, IDS/IPS, URL filtering, advanced malware detection/prevention, etc. This enables enterprises to customize their layered protection for users, applications, network segments, and network flows using multiple form factors and covering all network locations. Cisco also provides monitoring and visibility across all of these services/locations to eliminate blind spots. Impact assessment. The Cisco network security architecture is designed to correlate intrusion events to the possible impact an attack may have on a particular target. Cisco displays this correlation through a series of five different impact flags. An impact flag rated as number one indicates an event that corresponds to a vulnerability mapped to a particular host that demands immediate attention, while other impact flags have lower priorities. In this way, Cisco can help already overburdened security professionals determine where to apply their scarce resources and thus improve security protection and operational efficiency. Cisco believes that the combination of ASA and FirePOWER can improve security across the attack continuum before, during, and after a security attack. In the before phase, Cisco s network security architecture can be used to discover network assets, enforce security policies, and harden controls for improved protection. In the during timeframe, ASA and FirePOWER can be used to detect malicious/suspicious activities (on networks and endpoints), block network connections, and thus defend the network as a whole. Finally, Cisco s network security architecture can add value in the after period by helping security analysts scope the impact of a breach, modify controls for containment, and leverage forensic data to accelerate remediation processes. Cisco knows that there is still work ahead and has many additional architectural features on its 12 to 18 month roadmap. Cisco also realizes that many CISOs will need help assessing their current network security defenses and creating a plan to build a network security architecture. Cisco has a number of specific services offering to help organizations in these areas. The Bigger Truth There are a number of widely agreed-upon cybersecurity realities: 1. IT is growing more complex, driven by virtualization, mobility, and cloud computing. 2. The threat landscape is increasingly dangerous and targeted attacks are particularly difficult to prevent, detect, and remediate. 3. Legacy network security defenses are less effective than they were in the past. 4. Many organizations are lacking network security skills in one or more area. Overall, this paints a very frightening picture where cybersecurity risk increases on a daily basis. As Albert Einstein once said, The definition of insanity is doing the same thing over and over again and expecting different results. Sage advice, but this is exactly what many CISOs are doing when it comes to network security. It s time that business, IT, and security leaders realize that they are fighting a losing battle. Cybercriminals are using new types of offensive weapons and tactics, so enterprises must counter this offensive with new types of defenses that can help them improve protection, detection, and response. ESG believes that these enhancements won t come from incremental tactical changes to legacy network security defenses. Rather, enterprises need to move forward with a more strategic change: an end-to-end integrated network security architecture. The combination of Cisco and Sourcefire offered intriguing possibilities when the two merged in Now that Cisco has integrated the best of ASA firewall, FirePOWER NGIPS, Advanced Malware Protection, and its collective threat intelligence, Cisco may establish another leadership plateau with its integrated network security architecture.
ESG Brief The Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: ESG data indicates that many enterprise organizations
ESG Brief Webroot Delivers Enterprise-Class Threat Intelligence to Security Technology Providers and Large Organizations Date: September 2014 Author: Jon Oltsik, Senior Principal Analyst; Kyle Prigmore,
White Paper Information-driven Security and RSA Security Analytics and RSA ECAT By Jon Oltsik, Senior Principal Analyst September 2014 This ESG White Paper was commissioned by RSA, The Security Division
ESG Brief Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: Large organizations have spent millions of dollars on security
White Paper Rethinking Endpoint Security By Jon OItsik, Senior Principal Analyst With Kyle Prigmore, Associate Analyst February 2015 This ESG White Paper was commissioned by RSA Security and is distributed
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
ESG Brief Utilizing Security Ratings for Enterprise IT Risk Mitigation Date: June 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: What do large enterprises need in order to address increasingly
ESG Brief Virtual Patch Management Offers Automation, Availability, and Cost Benefits Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: Timely patch management is a security best practice,
White Paper Requirements When Considering a Next- Generation Firewall What You Will Learn The checklist provided in this document details six must-have capabilities to look for when evaluating a nextgeneration
White Paper Addressing the Full Attack Continuum: Before, During, and After an Attack It s Time for a New Security Model Today s threat landscape is nothing like that of just 10 years ago. Simple attacks
ESG Brief IBM: An Early Leader across the Big Data Security Analytics Continuum Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: Many enterprise organizations claim that they already
White Paper Network Encryption and its Impact on Enterprise Security By Jon Oltsik, Senior Principal Analyst February 2015 This ESG White Paper was commissioned by Blue Coat and is distributed under license
White Paper Reducing the Critical Time from Incident Detection to Containment By Jon Oltsik, Senior Principal Analyst May 2014 This ESG White Paper was commissioned by Bradford Networks and is distributed
White Paper Understanding and Addressing APTs By Jon Oltsik, Senior Principal Analyst September 2012 This ESG White Paper was commissioned by Trend Micro and is distributed under license from ESG. 2012,
White Paper VMware and the Need for Cyber Supply Chain Security Assurance By Jon Oltsik, Senior Principal Analyst September 2015 This ESG White Paper was commissioned by VMware and is distributed under
Network as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats Dragan Novaković Consulting Systems Engineer Security November 2015. New Networks Mean New Security Challenges
Research Perspectives Paper Network Security Operations and Cloud Computing By Jon Oltsik, Senior Principal Analyst April 2015 This ESG Research Perspectives Paper was commissioned by Tufin and is distributed
SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.
ESG Solution Showcase Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst Abstract: Information security practices are in the midst
White Paper The Modern Network Monitoring Mandate By Bob Laliberte, Senior Analyst April 2014 This ESG White Paper was commissioned by Emulex and is distributed under license from ESG. White Paper: The
ESG Brief Advanced Cyber Threats Demand a New Privileged Account Security Model Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: In spite of marginal progress, privileged accounts
ESG Lab Review RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst Abstract: This ESG Lab review documents
ESG Solution Showcase An Analytics-based Approach to Cybersecurity Date: May 2015 Author: Jon Oltsik, Senior Principal Analyst Abstract: Since the Google Aurora incident announced in 2010, large organizations
Cisco Cybersecurity Pocket Guide 2015 Why Security Security investment: A top priority Security: A critical boardroom topic Why Security? Security Investment: A Top Priority Figure 1 How Enterprises View
Retail Security: Enabling Retail Business Innovation with Threat-Centric Security. 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco public information. (1110R) 1 In the past
ESG Lab Spotlight ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst Abstract: This ESG Lab Spotlight examines the
ESG Brief The ESG Cybersecurity Maturity Model Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: As part of its research, ESG regularly uses a scoring system to divide survey populations
Solution Brief Check Point Capsule for Mobile Computing Security, Operations Efficiency, and Business Enablement Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst; Kyle Prigmore, Research
ESG Brief Strong Cyber Protection: Keeping Bad Stuff Out and Good Stuff In Date: November 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: Malicious activity and threats are growing in volume,
#TIGcyberSec Cisco Security: Moving to Security Everywhere Stefano Volpi 13-10-2015 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 Cisco is All In with Security I expect security
White Paper Five Steps For Securing The Data Center: Why Traditional Security May Not Work What You Will Learn Data center administrators face a significant challenge: They need to secure the data center
IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle
RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Compliance yes, but security? Analyze & prioritize alerts across various sources
White Paper Good Enough Email Security Is No Longer Good Enough By Jon Oltsik, Senior Principal Analyst January 2013 This ESG White Paper was commissioned by Trend Micro and is distributed under license
White Paper Enterprises Need Hybrid SSO Solutions to Bridge Internal IT and SaaS By Jon Oltsik, Senior Principal Analyst January 2013 This ESG White Paper was commissioned by McAfee. and is distributed
Solution Overview Cisco Advanced Malware Protection Breach Prevention, Detection, Response, and Remediation for the Real World BENEFITS Gain unmatched global threat intelligence to strengthen front-line
White Paper McAfee Security Architectures for the Public Sector End-User Device Security Framework Table of Contents Business Value 3 Agility 3 Assurance 3 Cost reduction 4 Trust 4 Technology Value 4 Speed
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
ESG Brief Security Intelligence: A Key Component of Big Data Security Analytics Date: December 2012 Author: Jon Oltsik, Senior Principal Analyst Abstract: The intersection of big data and security analytics
Staying Secure After Microsoft Windows Server 2003 Reaches End of Life Trevor Richmond, Sales Engineer Trend Micro Windows Server 2003 End of Life- Why Care? The next big vulnerability (Heartbleed/Shellshock)
Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored. It takes an average
INFORMATION SECURITY BRIEF Business Enablement Demands Tight Identity and Security Integration Date: April 2009 Author: Jon Oltsik, Principal Analyst Abstract: Identity management and security were once
White Paper Endpoint Security Demands Defense-indepth and Advanced Analytics By Jon Oltsik, Senior Principal Analyst November 2013 This ESG White Paper was commissioned by Bit9 and is distributed under
D Ů V Ě Ř U J T E S I L N Ý M SourceFireNext-Generation IPS Petr Salač CCNP Security, CCNP, CICSP, CCSI #33835 firstname.lastname@example.org Our Customers Biggest Security Challenges Maintaining security posture
Cisco Security Strategy Update Integrated Threat Defense Oct 28, 2015 Breaches are the New Normal FDA Wards of Security Flaw in Infusion Pump Cisco Confidential Cisco s Covers the Threat-Centric Entire
White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
Services Gateway: Protecting the Hybrid Data Center Extending Juniper Networks award-winning security products to virtualized, cloud-based, and hybrid IT environments Challenge Virtualization and cloud
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
1 Comprehensive Advanced Threat Defense June 2014 PAGE 1 PAGE 1 1 INTRODUCTION The hot topic in the information security industry these days is Advanced Threat Defense (ATD). There are many definitions,
Evolution Of Cyber Threats & Defense Approaches Antony Abraham IT Architect, Information Security, State Farm Kevin McIntyre Tech Lead, Information Security, State Farm Agenda About State Farm Evolution
Threat-Centric Security for Service Providers Enabling Open & Programmable Networks Sam Rastogi, Service Provider Security Product Marketing, Security Business Group Bill Mabon, Network Security Product
Protection Against Advanced Persistent Threats Peter Mesjar Systems Engineer, CCIE 17428 October 2014 Agenda Modern Threats Advanced Malware Protection Solution Why Cisco? Cisco Public 2 The Problem are
Cybersecurity Services Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored.
IBM Global Technology Services Thought Leadership White Paper IBM Security Services Leveraging security from the cloud The who, what, when, why and how of cloud-based security services 2 Leveraging security
Safeguarding the cloud with IBM Dynamic Cloud Security Maintain visibility and control with proven security solutions for public, private and hybrid clouds Highlights Extend enterprise-class security from
Datasheet: Website Security End-to-End Application Security from the Cloud Unmatched web application security experience, enhanced by real-time big data analytics, enables Incapsula to provide best-ofbreed
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
I D C A N A L Y S T C O N N E C T I O N Robert Westervelt Research Manager, Security Products T h e R o l e a nd Value of Continuous Security M o nitoring August 2015 Continuous security monitoring (CSM)
White Paper Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks White Paper Executive Summary Around the world, organizations are investing massive amounts of their budgets
Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats Executive Summary Palo Alto Networks strategic partnership with Splunk brings the power of our next generation
PRODUCT BRIEF: CA HOST-BASED INTRUSION PREVENTION SYSTEM CA Host-Based Intrusion Prevention System r8.1 CA HOST-BASED INTRUSION PREVENTION SYSTEM (CA HIPS) BLENDS ENDPOINT FIREWALL, INTRUSION DETECTION,
Datasheet Website Security End-to-End Application Security from the Cloud Unmatched web application security experience, enhanced by real-time big data analytics, enables Incapsula to provide best-of-breed
INTRODUCING isheriff CLOUD SECURITY isheriff s cloud-based, multi-layered, threat protection service is the simplest and most cost effective way to protect your organization s data and devices from cyber-threats.
Deploying Next Generation Firewall with ASA and Firepower services Dragan Novaković Security Consulting Systems Engineer March 2015. Threat Landscape Demands more than Application Control 60% of data is
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
SOLUTION BRIEF Next Generation APT Defense for Healthcare Overview Next Generation APT Defense for Healthcare Healthcare records with patients personally identifiable information (PII) combined with their
Enterprise Strategy Group Getting to the bigger truth. ESG Brief Cybersecurity Skills Shortage: A State of Emergency Date: February 2016 Author: Jon Oltsik, Principal Analyst, Doug Cahill, Senior Analyst,
WHITEPAPER DATA SHEET Speed Up Incident Response with Actionable Forensic Analytics Close the Gap between Threat Detection and Effective Response with Continuous Monitoring January 15, 2015 Table of Contents
WildFire WildFire automatically protects your networks from new and customized malware across a wide range of applications, including malware hidden within SSL-encrypted traffic. WildFire easily extends
IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.
IBM SECURITY QRADAR INCIDENT FORENSICS DELIVERING CLARITY TO CYBER SECURITY INVESTIGATIONS Gyenese Péter Channel Sales Leader, CEE IBM Security Systems 12014 IBM Corporation Harsh realities for many enterprise
White Paper Advanced Threat Detection: Gain Network Visibility and Stop Malware What You Will Learn The Cisco Cyber Threat Defense (CTD) solution brings visibility to all the points of your extended network,
White Paper The Network Application Security Architecture Requirement By Jon Oltsik March, 2011 This ESG White Paper was commissioned by Juniper Networks and is distributed under license from ESG. 2011,
Applying Internal Traffic Models to Improve Identification of High Fidelity Cyber Security Events Abstract Effective Security Operations throughout both DoD and industry are requiring and consuming unprecedented
SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users
Cisco Advanced Malware Protection Ross Shehov Security Virtual Systems Engineer March 2016 The Reality Organizations Are Under Attack and Malware Is Getting in 95% of large companies targeted by malicious
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection
White Paper Integrated Computing Platforms: Infrastructure Builds for Tomorrow s Data Center By Mark Bowker, Senior Analyst, and Perry Laberis, Senior Research Associate March 2013 This ESG White Paper
White Paper Information Security, Virtualization, and the Journey to the Cloud By Jon Oltsik August, 2010 This ESG White Paper was commissioned by Trend Micro and is distributed under license from ESG.
White Paper The Benefits of a Hybrid Security Architecture By Jon Oltsik, Senior Principal Analyst November, 2011 This ESG White Paper was commissioned by Blue Coat Systems, Inc, and is distributed under